imperium-crawl 1.5.3 → 2.0.0

package/README.md

@@ -4,7 +4,7 @@
 
 **The most powerful open-source MCP server for web scraping, crawling, and data extraction.**
 
-22 tools. Zero API keys required. One `npx` command.
+23 tools. Zero API keys required. One `npx` command.
 
 [![npm version](https://img.shields.io/npm/v/imperium-crawl.svg)](https://www.npmjs.com/package/imperium-crawl)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](./LICENSE)
@@ -44,7 +44,7 @@ npx -y imperium-crawl scrape --url https://example.com
 npm install -g imperium-crawl
 ```
 
-> That's it. 16 of 22 tools work with zero API keys. Add optional keys later to unlock search, AI extraction, and CAPTCHA solving.
+> That's it. 17 of 23 tools work with zero API keys. Add optional keys later to unlock search, AI extraction, and CAPTCHA solving.
 
 ---
 
@@ -120,7 +120,7 @@ Scraping 4 URLs (concurrency: 3)...
 ## Why imperium-crawl?
 
 🔓 **Zero API Keys Required**
-16 of 22 tools work out of the box. No accounts, no tokens, no credit cards. Just `npx` and go.
+17 of 23 tools work out of the box. No accounts, no tokens, no credit cards. Just `npx` and go.
 
 🛡️ **3-Level Auto-Escalating Stealth**
 Headers → TLS fingerprinting → headless browser + CAPTCHA solving. Automatically escalates until it gets through.
@@ -128,7 +128,7 @@ Headers → TLS fingerprinting → headless browser + CAPTCHA solving. Automatic
 🧠 **Self-Improving**
 Adaptive learning engine remembers what works per domain. Second visit is 3x faster. The more you use it, the smarter it gets.
 
-🧰 **22 Tools, 3 Modes**
+🧰 **23 Tools, 3 Modes**
 MCP server, CLI tool, or interactive TUI. Scraping, crawling, search, extraction, API discovery, WebSocket monitoring, browser automation, batch processing.
 
 📜 **10 Built-in Recipes**
@@ -144,7 +144,7 @@ Teach it once, run forever. Auto-detect patterns on any page, save as reusable s
 | Feature | **imperium-crawl** | Firecrawl MCP | fetch MCP | Crawl4AI MCP | Browserbase MCP |
 |---------|:------------------:|:-------------:|:---------:|:------------:|:---------------:|
 | Price | **Free forever** | $19+/month | Free | Free | $0.01/min |
-| Total tools | **22** | 5 | 2 | 2 | 4 |
+| Total tools | **23** | 5 | 2 | 2 | 4 |
 | Stealth levels | **3 (auto-escalate)** | Cloud-based | None | 1 | Cloud-based |
 | Anti-bot detection | **7 systems** | Partial | None | Partial | Partial |
 | TLS fingerprinting | **JA3/JA4** | No | No | No | No |
@@ -154,6 +154,10 @@ Teach it once, run forever. Auto-detect patterns on any page, save as reusable s
 | AI-powered extraction | **Yes** | No | No | No | No |
 | Adaptive learning | **Yes** | No | No | No | No |
 | Batch processing | **Yes** | No | No | No | No |
+| ARIA Snapshots | **Yes** | No | No | No | No |
+| Session Encryption | **Yes** | No | No | No | No |
+| Action Policy | **Yes** | No | No | No | No |
+| Domain Sandboxing | **Yes** | No | No | No | No |
 | Self-hosted | **Yes** | No | N/A | Yes | No |
 | Requires external service | **No** | Yes | No | No | Yes |
 
@@ -235,7 +239,7 @@ Second visit to cloudflare.com:
 
 ---
 
-## All 22 Tools
+## All 23 Tools
 
 ### 📄 Scraping (no API key needed)
 
@@ -283,7 +287,8 @@ Second visit to cloudflare.com:
 
 | Tool | What It Does |
 |------|-------------|
-| **interact** | Browser automation with 10 action types (click, type, scroll, wait, screenshot, evaluate, select, hover, press, navigate). Session persistence saves/restores cookies. |
+| **interact** | Browser automation with 18 action types (click, type, scroll, wait, screenshot, evaluate, select, hover, press, navigate, drag, upload, storage, cookies, pdf, auth_login). Ref targeting via ARIA snapshot, session encryption, action policy, domain filter, network interception, device emulation. |
+| **snapshot** | ARIA-based page snapshot with interactive element refs. Use refs in interact for precise targeting. Annotated screenshots. |
 
 ### 📦 Batch Processing (no API key needed)
 
@@ -311,6 +316,7 @@ Full configuration with all optional environment variables:
         "TWOCAPTCHA_API_KEY": "your-2captcha-api-key",
         "LLM_API_KEY": "your-api-key",
         "LLM_PROVIDER": "anthropic",
+        "SESSION_ENCRYPTION_KEY": "your-64-char-hex-key",
         "PROXY_URL": "http://user:pass@proxy:8080",
         "PROXY_URLS": "http://proxy1:8080,socks5://proxy2:1080"
       }
@@ -455,7 +461,7 @@ Turn any website into an API. No documentation needed.
 
 ## AI Agent Guide
 
-imperium-crawl ships with [`SKILL/`](./SKILL/) — a structured guide that teaches AI agents how to use all 22 tools effectively. Includes proven workflows, decision trees, error recovery, and advanced patterns.
+imperium-crawl ships with [`SKILL/`](./SKILL/) — a structured guide that teaches AI agents how to use all 23 tools effectively. Includes proven workflows, decision trees, error recovery, and advanced patterns.
 
 ### Three Ways to Connect
 
@@ -494,30 +500,31 @@ Every tool tested against production websites with real anti-bot defenses:
 
 | Tool | Target | Result |
 |------|--------|--------|
-| **scrape** | BBC News | Full markdown, stealth level 3 auto-escalation |
-| **crawl** | Cloudflare Blog | 213K characters crawled with depth control |
-| **map** | BBC | Full URL discovery via sitemap + link extraction |
-| **extract** | Amazon (AirPods Pro 2) | Product title, 45,297 reviews, brand extracted |
-| **readability** | Medium article | Clean — title, author, content, publish date |
-| **screenshot** | ProductHunt | Captured Cloudflare Turnstile challenge page |
-| **search** | Brave Web | Web results with snippets and URLs |
-| **news_search** | Brave News | News results with freshness ranking |
-| **image_search** | Brave Image | Images with thumbnails and source URLs |
-| **video_search** | Brave Video | Video results across platforms |
-| **create_skill** | Hacker News | Auto-detected 30 stories with CSS selectors |
-| **run_skill** | Saved skill | Fresh structured data from saved config |
-| **list_skills** | — | Lists all skills with configurations |
-| **discover_apis** | Airbnb Paris | **34 hidden APIs** — DataDome, Google Maps key, internal APIs |
-| **query_api** | jsonplaceholder | Direct JSON API call with stealth headers |
-| **monitor_websocket** | Binance BTC/USDT | 3 WebSocket connections, 23 live messages — BTC price live |
-| **ai_extract** | Amazon product | AI extracted name, price, rating, review count |
-| **interact** | Login flow | Click → type → submit — session cookies persisted |
-| **batch_scrape** | 10 news sites | Parallel, concurrency 3, soft failure, 9/10 succeeded |
-| **list_jobs** | — | Batch jobs with status and progress |
-| **job_status** | Batch job | Full per-URL results with timing |
-| **delete_job** | Completed job | Cleaned up job data from disk |
-
-> **22/22 tools. 34 hidden APIs on Airbnb. Live BTC feed. Zero API keys for scraping.**
+| 📄 **scrape** | BBC News | Full markdown, stealth level 3 auto-escalation |
+| 🕸️ **crawl** | Cloudflare Blog | 213K characters crawled with depth control |
+| 🗺️ **map** | BBC | Full URL discovery via sitemap + link extraction |
+| 🕷️ **extract** | Amazon (AirPods Pro 2) | Product title, 45,297 reviews, brand extracted |
+| 📖 **readability** | Medium article | Clean — title, author, content, publish date |
+| 📸 **screenshot** | ProductHunt | Captured Cloudflare Turnstile challenge page |
+| 🔍 **search** | Brave Web | Web results with snippets and URLs |
+| 📰 **news_search** | Brave News | News results with freshness ranking |
+| 🖼️ **image_search** | Brave Image | Images with thumbnails and source URLs |
+| 🎬 **video_search** | Brave Video | Video results across platforms |
+| 🛠️ **create_skill** | Hacker News | Auto-detected 30 stories with CSS selectors |
+| ▶️ **run_skill** | Saved skill | Fresh structured data from saved config |
+| 📋 **list_skills** | — | Lists all skills with configurations |
+| 🔓 **discover_apis** | Airbnb Paris | **34 hidden APIs** — DataDome, Google Maps key, internal APIs |
+| ⚡ **query_api** | jsonplaceholder | Direct JSON API call with stealth headers |
+| 📡 **monitor_websocket** | Binance BTC/USDT | 3 WebSocket connections, 23 live messages — BTC price live |
+| 🧠 **ai_extract** | Amazon product | AI extracted name, price, rating, review count |
+| 🎯 **snapshot** | GitHub, Wikipedia | ARIA tree with 107/113 refs, annotated screenshots |
+| 🖱️ **interact** | Login flow | Click → type → submit — ref targeting, session encryption, 18 action types |
+| 📦 **batch_scrape** | 10 news sites | Parallel, concurrency 3, soft failure, 9/10 succeeded |
+| 📋 **list_jobs** | — | Batch jobs with status and progress |
+| 📊 **job_status** | Batch job | Full per-URL results with timing |
+| 🗑️ **delete_job** | Completed job | Cleaned up job data from disk |
+
+> **23/23 tools. 34 hidden APIs on Airbnb. Live BTC feed. Zero API keys for scraping.**
 
 ---
 
@@ -530,6 +537,7 @@ Every tool tested against production websites with real anti-bot defenses:
 | `LLM_API_KEY` | No | Anthropic or OpenAI API key (enables `ai_extract`) |
 | `LLM_PROVIDER` | No | `anthropic`, `openai`, or `minimax` (default: `anthropic`) |
 | `LLM_MODEL` | No | Override default LLM model |
+| `SESSION_ENCRYPTION_KEY` | No | 32-byte hex key for encrypting session files at rest |
 | `TRANSPORT` | No | `stdio` (default) or `http` |
 | `PORT` | No | HTTP port (default: 3000) |
 | `PROXY_URL` | No | Single proxy URL (http/https/socks4/socks5) |

package/dist/constants.d.ts

@@ -1,5 +1,5 @@
 export declare const PACKAGE_NAME = "imperium-crawl";
-export declare const PACKAGE_VERSION = "1.5.1";
+export declare const PACKAGE_VERSION = "2.0.0";
 export declare const DEFAULT_TIMEOUT_MS = 30000;
 export declare const DEFAULT_MAX_PAGES = 10;
 export declare const DEFAULT_MAX_DEPTH = 2;
@@ -36,4 +36,5 @@ export declare const MAX_DURATION_SECONDS = 300;
 export declare const MAX_TIMEOUT_MS = 300000;
 export declare const MAX_SELECTOR_KEYS = 50;
 export declare const MAX_CRAWL_CONTENT_PER_PAGE = 102400;
+export declare const MAX_STORED_SNAPSHOTS = 100;
 //# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY,mBAAmB,CAAC;AAC7C,eAAO,MAAM,eAAe,UAAU,CAAC;AAEvC,eAAO,MAAM,kBAAkB,QAAS,CAAC;AACzC,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC,eAAO,MAAM,iBAAiB,IAAI,CAAC;AACnC,eAAO,MAAM,mBAAmB,IAAI,CAAC;AACrC,eAAO,MAAM,2BAA2B,QAAiB,CAAC;AAE1D,eAAO,MAAM,eAAe,oBAAoB,CAAC;AACjD,eAAO,MAAM,aAAa,WAAW,CAAC;AACtC,eAAO,MAAM,eAAe,aAAa,CAAC;AAC1C,eAAO,MAAM,WAAW,SAAS,CAAC;AAElC,eAAO,MAAM,cAAc,wCAAwC,CAAC;AAEpE,eAAO,MAAM,yBAAyB,IAAI,CAAC;AAC3C,eAAO,MAAM,+BAA+B,SAAU,CAAC;AAEvD,eAAO,MAAM,cAAc,mBAAmB,CAAC;AAI/C,eAAO,MAAM,YAAY,EAAE,MAAM,EAgBhC,CAAC;AAEF,eAAO,MAAM,gBAAgB;;;CAAgC,CAAC;AAE9D,eAAO,MAAM,kBAAkB,MAAM,CAAC;AACtC,eAAO,MAAM,kBAAkB,OAAO,CAAC;AAEvC,eAAO,MAAM,sBAAsB,IAAI,CAAC;AAIxC,eAAO,MAAM,iBAAiB,QAAS,CAAC;AACxC,eAAO,MAAM,eAAe,UAAY,CAAC;AACzC,eAAO,MAAM,gBAAgB,OAAQ,CAAC;AACtC,eAAO,MAAM,mBAAmB,OAAQ,CAAC;AACzC,eAAO,MAAM,cAAc,OAAQ,CAAC;AACpC,eAAO,MAAM,SAAS,MAAM,CAAC;AAC7B,eAAO,MAAM,QAAQ,QAAS,CAAC;AAC/B,eAAO,MAAM,SAAS,OAAQ,CAAC;AAC/B,eAAO,MAAM,YAAY,OAAQ,CAAC;AAClC,eAAO,MAAM,eAAe,KAAK,CAAC;AAClC,eAAO,MAAM,gBAAgB,MAAM,CAAC;AACpC,eAAO,MAAM,oBAAoB,MAAM,CAAC;AACxC,eAAO,MAAM,cAAc,SAAU,CAAC;AACtC,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC,eAAO,MAAM,0BAA0B,SAAU,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY,mBAAmB,CAAC;AAC7C,eAAO,MAAM,eAAe,UAAU,CAAC;AAEvC,eAAO,MAAM,kBAAkB,QAAS,CAAC;AACzC,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC,eAAO,MAAM,iBAAiB,IAAI,CAAC;AACnC,eAAO,MAAM,mBAAmB,IAAI,CAAC;AACrC,eAAO,MAAM,2BAA2B,QAAiB,CAAC;AAE1D,eAAO,MAAM,eAAe,oBAAoB,CAAC;AACjD,eAAO,MAAM,aAAa,WAAW,CAAC;AACtC,eAAO,MAAM,eAAe,aAAa,CAAC;AAC1C,eAAO,MAAM,WAAW,SAAS,CAAC;AAElC,eAAO,MAAM,cAAc,wCAAwC,CAAC;AAEpE,eAAO,MAAM,yBAAyB,IAAI,CAAC;AAC3C,eAAO,MAAM,+BAA+B,SAAU,CAAC;AAEvD,eAAO,MAAM,cAAc,mBAAmB,CAAC;AAI/C,eAAO,MAAM,YAAY,EAAE,MAAM,EAgBhC,CAAC;AAEF,eAAO,MAAM,gBAAgB;;;CAAgC,CAAC;AAE9D,eAAO,MAAM,kBAAkB,MAAM,CAAC;AACtC,eAAO,MAAM,kBAAkB,OAAO,CAAC;AAEvC,eAAO,MAAM,sBAAsB,IAAI,CAAC;AAIxC,eAAO,MAAM,iBAAiB,QAAS,CAAC;AACxC,eAAO,MAAM,eAAe,UAAY,CAAC;AACzC,eAAO,MAAM,gBAAgB,OAAQ,CAAC;AACtC,eAAO,MAAM,mBAAmB,OAAQ,CAAC;AACzC,eAAO,MAAM,cAAc,OAAQ,CAAC;AACpC,eAAO,MAAM,SAAS,MAAM,CAAC;AAC7B,eAAO,MAAM,QAAQ,QAAS,CAAC;AAC/B,eAAO,MAAM,SAAS,OAAQ,CAAC;AAC/B,eAAO,MAAM,YAAY,OAAQ,CAAC;AAClC,eAAO,MAAM,eAAe,KAAK,CAAC;AAClC,eAAO,MAAM,gBAAgB,MAAM,CAAC;AACpC,eAAO,MAAM,oBAAoB,MAAM,CAAC;AACxC,eAAO,MAAM,cAAc,SAAU,CAAC;AACtC,eAAO,MAAM,iBAAiB,KAAK,CAAC;AACpC,eAAO,MAAM,0BAA0B,SAAU,CAAC;AAIlD,eAAO,MAAM,oBAAoB,MAAM,CAAC"}

package/dist/constants.js

@@ -1,5 +1,5 @@
 export const PACKAGE_NAME = "imperium-crawl";
-export const PACKAGE_VERSION = "1.5.1";
+export const PACKAGE_VERSION = "2.0.0";
 export const DEFAULT_TIMEOUT_MS = 30_000;
 export const DEFAULT_MAX_PAGES = 10;
 export const DEFAULT_MAX_DEPTH = 2;
@@ -51,4 +51,6 @@ export const MAX_DURATION_SECONDS = 300;
 export const MAX_TIMEOUT_MS = 300_000;
 export const MAX_SELECTOR_KEYS = 50;
 export const MAX_CRAWL_CONTENT_PER_PAGE = 102_400; // 100KB
+// ── Snapshot system ──
+export const MAX_STORED_SNAPSHOTS = 100;
 //# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,YAAY,GAAG,gBAAgB,CAAC;AAC7C,MAAM,CAAC,MAAM,eAAe,GAAG,OAAO,CAAC;AAEvC,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAC;AACzC,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AACpC,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC;AACnC,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AACrC,MAAM,CAAC,MAAM,2BAA2B,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;AAEpE,MAAM,CAAC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AACjD,MAAM,CAAC,MAAM,aAAa,GAAG,QAAQ,CAAC;AACtC,MAAM,CAAC,MAAM,eAAe,GAAG,UAAU,CAAC;AAC1C,MAAM,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC;AAElC,MAAM,CAAC,MAAM,cAAc,GAAG,qCAAqC,CAAC;AAEpE,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC;AAC3C,MAAM,CAAC,MAAM,+BAA+B,GAAG,OAAO,CAAC,CAAC,QAAQ;AAEhE,MAAM,CAAC,MAAM,cAAc,GAAG,gBAAgB,CAAC;AAE/C,yBAAyB;AAEzB,MAAM,CAAC,MAAM,YAAY,GAAa;IACpC,+CAA+C;IAC/C,yCAAyC;IACzC,oBAAoB;IACpB,gBAAgB;IAChB,4BAA4B;IAC5B,iCAAiC;IACjC,4BAA4B;IAC5B,wBAAwB;IACxB,wBAAwB;IACxB,0BAA0B;IAC1B,4BAA4B;IAC5B,gBAAgB;IAChB,0BAA0B;IAC1B,sBAAsB;IACtB,wBAAwB;CACzB,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAE9D,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAAG,CAAC;AACtC,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAEvC,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAExC,gCAAgC;AAEhC,MAAM,CAAC,MAAM,iBAAiB,GAAG,MAAM,CAAC;AACxC,MAAM,CAAC,MAAM,eAAe,GAAG,SAAS,CAAC,CAAI,MAAM;AACnD,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AACtC,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,CAAC;AACzC,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,CAAC;AACpC,MAAM,CAAC,MAAM,SAAS,GAAG,GAAG,CAAC;AAC7B,MAAM,CAAC,MAAM,QAAQ,GAAG,MAAM,CAAC;AAC/B,MAAM,CAAC,MAAM,SAAS,GAAG,KAAK,CAAC;AAC/B,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,CAAC;AAClC,MAAM,CAAC,MAAM,eAAe,GAAG,EAAE,CAAC;AAClC,MAAM,CAAC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AACpC,MAAM,CAAC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACxC,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC;AACtC,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AACpC,MAAM,CAAC,MAAM,0BAA0B,GAAG,OAAO,CAAC,CAAC,QAAQ"}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,YAAY,GAAG,gBAAgB,CAAC;AAC7C,MAAM,CAAC,MAAM,eAAe,GAAG,OAAO,CAAC;AAEvC,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAC;AACzC,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AACpC,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC;AACnC,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AACrC,MAAM,CAAC,MAAM,2BAA2B,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;AAEpE,MAAM,CAAC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AACjD,MAAM,CAAC,MAAM,aAAa,GAAG,QAAQ,CAAC;AACtC,MAAM,CAAC,MAAM,eAAe,GAAG,UAAU,CAAC;AAC1C,MAAM,CAAC,MAAM,WAAW,GAAG,MAAM,CAAC;AAElC,MAAM,CAAC,MAAM,cAAc,GAAG,qCAAqC,CAAC;AAEpE,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC;AAC3C,MAAM,CAAC,MAAM,+BAA+B,GAAG,OAAO,CAAC,CAAC,QAAQ;AAEhE,MAAM,CAAC,MAAM,cAAc,GAAG,gBAAgB,CAAC;AAE/C,yBAAyB;AAEzB,MAAM,CAAC,MAAM,YAAY,GAAa;IACpC,+CAA+C;IAC/C,yCAAyC;IACzC,oBAAoB;IACpB,gBAAgB;IAChB,4BAA4B;IAC5B,iCAAiC;IACjC,4BAA4B;IAC5B,wBAAwB;IACxB,wBAAwB;IACxB,0BAA0B;IAC1B,4BAA4B;IAC5B,gBAAgB;IAChB,0BAA0B;IAC1B,sBAAsB;IACtB,wBAAwB;CACzB,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAE9D,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAAG,CAAC;AACtC,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAEvC,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAExC,gCAAgC;AAEhC,MAAM,CAAC,MAAM,iBAAiB,GAAG,MAAM,CAAC;AACxC,MAAM,CAAC,MAAM,eAAe,GAAG,SAAS,CAAC,CAAI,MAAM;AACnD,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AACtC,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,CAAC;AACzC,MAAM,CAAC,MAAM,cAAc,GAAG,KAAK,CAAC;AACpC,MAAM,CAAC,MAAM,SAAS,GAAG,GAAG,CAAC;AAC7B,MAAM,CAAC,MAAM,QAAQ,GAAG,MAAM,CAAC;AAC/B,MAAM,CAAC,MAAM,SAAS,GAAG,KAAK,CAAC;AAC/B,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,CAAC;AAClC,MAAM,CAAC,MAAM,eAAe,GAAG,EAAE,CAAC;AAClC,MAAM,CAAC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AACpC,MAAM,CAAC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACxC,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC;AACtC,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAC;AACpC,MAAM,CAAC,MAAM,0BAA0B,GAAG,OAAO,CAAC,CAAC,QAAQ;AAE3D,wBAAwB;AAExB,MAAM,CAAC,MAAM,oBAAoB,GAAG,GAAG,CAAC"}

package/dist/network/interceptor.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Network Interceptor — Request interception and logging via page.route().
+ *
+ * Supports block, mock, modify, and log actions.
+ * Captures request log with timing for analysis.
+ */
+import type { InterceptRule, NetworkRequest } from "./types.js";
+type Page = import("rebrowser-playwright").Page;
+/**
+ * Set up network interception rules on a page.
+ * Also starts request logging.
+ */
+export declare function setupInterception(page: Page, rules: InterceptRule[]): Promise<void>;
+/**
+ * Get the captured request log for a page.
+ */
+export declare function getRequestLog(page: Page): NetworkRequest[];
+export {};
+//# sourceMappingURL=interceptor.d.ts.map

package/dist/network/interceptor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interceptor.d.ts","sourceRoot":"","sources":["../../src/network/interceptor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEhE,KAAK,IAAI,GAAG,OAAO,sBAAsB,EAAE,IAAI,CAAC;AAMhD;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,IAAI,EACV,KAAK,EAAE,aAAa,EAAE,GACrB,OAAO,CAAC,IAAI,CAAC,CAoEf;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,cAAc,EAAE,CAE1D"}

package/dist/network/interceptor.js

@@ -0,0 +1,82 @@
+/**
+ * Network Interceptor — Request interception and logging via page.route().
+ *
+ * Supports block, mock, modify, and log actions.
+ * Captures request log with timing for analysis.
+ */
+// Per-page request logs
+const requestLogs = new WeakMap();
+/**
+ * Set up network interception rules on a page.
+ * Also starts request logging.
+ */
+export async function setupInterception(page, rules) {
+    const log = [];
+    requestLogs.set(page, log);
+    // Set up request logging
+    page.on("request", (request) => {
+        log.push({
+            url: request.url(),
+            method: request.method(),
+            resourceType: request.resourceType(),
+            timing: { startTime: Date.now() },
+        });
+    });
+    page.on("response", (response) => {
+        const url = response.url();
+        const entry = log.find((e) => e.url === url && !e.status);
+        if (entry) {
+            entry.status = response.status();
+            entry.timing.duration = Date.now() - entry.timing.startTime;
+        }
+    });
+    // Apply interception rules
+    for (const rule of rules) {
+        await page.route(rule.url_pattern, async (route) => {
+            switch (rule.action) {
+                case "block":
+                    await route.abort("blockedbyclient");
+                    break;
+                case "mock":
+                    await route.fulfill({
+                        status: rule.response?.status ?? 200,
+                        body: rule.response?.body ?? "",
+                        headers: rule.response?.headers,
+                        contentType: rule.response?.contentType ?? "text/plain",
+                    });
+                    break;
+                case "modify":
+                    // Modify response: fetch original, then override parts
+                    try {
+                        const response = await route.fetch();
+                        const body = rule.response?.body ?? await response.text();
+                        await route.fulfill({
+                            status: rule.response?.status ?? response.status(),
+                            body,
+                            headers: {
+                                ...response.headers(),
+                                ...(rule.response?.headers ?? {}),
+                            },
+                        });
+                    }
+                    catch {
+                        await route.continue();
+                    }
+                    break;
+                case "log":
+                    // Just continue — logging is handled by event listeners above
+                    await route.continue();
+                    break;
+                default:
+                    await route.continue();
+            }
+        });
+    }
+}
+/**
+ * Get the captured request log for a page.
+ */
+export function getRequestLog(page) {
+    return requestLogs.get(page) ?? [];
+}
+//# sourceMappingURL=interceptor.js.map

package/dist/network/interceptor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interceptor.js","sourceRoot":"","sources":["../../src/network/interceptor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,wBAAwB;AACxB,MAAM,WAAW,GAAG,IAAI,OAAO,EAA4B,CAAC;AAE5D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAU,EACV,KAAsB;IAEtB,MAAM,GAAG,GAAqB,EAAE,CAAC;IACjC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAE3B,yBAAyB;IACzB,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,EAAE;QAC7B,GAAG,CAAC,IAAI,CAAC;YACP,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE;YACxB,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE;YACpC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE;SAClC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,EAAE;QAC/B,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC1D,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;YACjC,KAAK,CAAC,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,2BAA2B;IAC3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,KAAY,EAAE,EAAE;YACxD,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;gBACpB,KAAK,OAAO;oBACV,MAAM,KAAK,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;oBACrC,MAAM;gBAER,KAAK,MAAM;oBACT,MAAM,KAAK,CAAC,OAAO,CAAC;wBAClB,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG;wBACpC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,IAAI,EAAE;wBAC/B,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO;wBAC/B,WAAW,EAAE,IAAI,CAAC,QAAQ,EAAE,WAAW,IAAI,YAAY;qBACxD,CAAC,CAAC;oBACH,MAAM;gBAER,KAAK,QAAQ;oBACX,uDAAuD;oBACvD,IAAI,CAAC;wBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;wBACrC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,IAAI,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;wBAC1D,MAAM,KAAK,CAAC,OAAO,CAAC;4BAClB,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,QAAQ,CAAC,MAAM,EAAE;4BAClD,IAAI;4BACJ,OAAO,EAAE;gCACP,GAAG,QAAQ,CAAC,OAAO,EAAE;gCACrB,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,IAAI,EAAE,CAAC;6BAClC;yBACF,CAAC,CAAC;oBACL,CAAC;oBAAC,MAAM,CAAC;wBACP,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACzB,CAAC;oBACD,MAAM;gBAER,KAAK,KAAK;oBACR,8DAA8D;oBAC9D,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACvB,MAAM;gBAER;oBACE,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC3B,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAU;IACtC,OAAO,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;AACrC,CAAC"}

package/dist/network/types.d.ts

@@ -0,0 +1,27 @@
+/** Rule for network request interception */
+export interface InterceptRule {
+    url_pattern: string;
+    /** Action to take on matching requests */
+    action: "block" | "mock" | "modify" | "log";
+    /** Mock response (required for "mock" action) */
+    response?: {
+        status?: number;
+        body?: string;
+        headers?: Record<string, string>;
+        contentType?: string;
+    };
+}
+/** Captured network request */
+export interface NetworkRequest {
+    url: string;
+    method: string;
+    resourceType: string;
+    status?: number;
+    timing: {
+        startTime: number;
+        duration?: number;
+    };
+    headers?: Record<string, string>;
+    responseSize?: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/network/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/network/types.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,MAAM,WAAW,aAAa;IAE5B,WAAW,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IAC5C,iDAAiD;IACjD,QAAQ,CAAC,EAAE;QACT,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,+BAA+B;AAC/B,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE;QACN,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB"}

package/dist/network/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/network/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/network/types.ts"],"names":[],"mappings":""}

package/dist/security/action-policy.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Action Policy — Granular access control for interact actions.
+ *
+ * Maps action types to categories, then evaluates against a policy config.
+ * Supports hot-reload: checks file mtime every 5s.
+ */
+import type { PolicyDecision } from "./types.js";
+/**
+ * Get the category for an action type.
+ */
+export declare function getActionCategory(actionType: string): string;
+/**
+ * Check policy for a given action type.
+ *
+ * @param actionType - The action type (e.g. "click", "evaluate")
+ * @param policyPath - Path to JSON policy file
+ * @returns Policy decision: allow, deny, or confirm
+ */
+export declare function checkPolicy(actionType: string, policyPath: string): Promise<PolicyDecision>;
+/**
+ * Human-readable description of an action for confirm prompts.
+ */
+export declare function describeAction(actionType: string, details?: Record<string, unknown>): string;
+/** Clear policy cache (for testing) */
+export declare function resetPolicyCache(): void;
+//# sourceMappingURL=action-policy.d.ts.map

package/dist/security/action-policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-policy.d.ts","sourceRoot":"","sources":["../../src/security/action-policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAsB,cAAc,EAAE,MAAM,YAAY,CAAC;AAwCrE;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE5D;AAgDD;;;;;;GAMG;AACH,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,cAAc,CAAC,CAmBzB;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CA2B5F;AAED,uCAAuC;AACvC,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC"}

package/dist/security/action-policy.js

@@ -0,0 +1,136 @@
+/**
+ * Action Policy — Granular access control for interact actions.
+ *
+ * Maps action types to categories, then evaluates against a policy config.
+ * Supports hot-reload: checks file mtime every 5s.
+ */
+import fs from "node:fs/promises";
+// ── Action → Category mapping ──
+const ACTION_CATEGORIES = {
+    // Navigation
+    navigate: "navigate",
+    // Click/interact
+    click: "click",
+    hover: "click",
+    drag: "click",
+    // Form input
+    type: "fill",
+    select: "fill",
+    upload: "fill",
+    // Script execution
+    evaluate: "eval",
+    // Read state
+    screenshot: "snapshot",
+    pdf: "snapshot",
+    cookie_get: "state",
+    storage_get: "state",
+    // Write state
+    cookie_set: "state_write",
+    storage_set: "state_write",
+    // Passive
+    scroll: "scroll",
+    wait: "wait",
+    press: "interact",
+};
+// Internal actions always allowed
+const INTERNAL_CATEGORY = "_internal";
+/**
+ * Get the category for an action type.
+ */
+export function getActionCategory(actionType) {
+    return ACTION_CATEGORIES[actionType] ?? "unknown";
+}
+const policyCache = new Map();
+const POLICY_CHECK_INTERVAL_MS = 5000;
+/**
+ * Load and cache a policy file with hot-reload support.
+ */
+async function loadPolicy(policyPath) {
+    const now = Date.now();
+    const cached = policyCache.get(policyPath);
+    // Check if cached and recent enough
+    if (cached && now - cached.loadedAt < POLICY_CHECK_INTERVAL_MS) {
+        return cached.config;
+    }
+    // Check mtime for hot-reload
+    try {
+        const stat = await fs.stat(policyPath);
+        const mtime = stat.mtimeMs;
+        if (cached && cached.mtime === mtime) {
+            cached.loadedAt = now;
+            return cached.config;
+        }
+        const raw = await fs.readFile(policyPath, "utf-8");
+        const config = JSON.parse(raw);
+        policyCache.set(policyPath, { config, mtime, loadedAt: now });
+        return config;
+    }
+    catch {
+        // If file doesn't exist or is invalid, use permissive default
+        const defaultConfig = { default: "allow" };
+        policyCache.set(policyPath, { config: defaultConfig, mtime: 0, loadedAt: now });
+        return defaultConfig;
+    }
+}
+/**
+ * Check policy for a given action type.
+ *
+ * @param actionType - The action type (e.g. "click", "evaluate")
+ * @param policyPath - Path to JSON policy file
+ * @returns Policy decision: allow, deny, or confirm
+ */
+export async function checkPolicy(actionType, policyPath) {
+    const category = getActionCategory(actionType);
+    // Internal actions always allowed
+    if (category === INTERNAL_CATEGORY)
+        return "allow";
+    const config = await loadPolicy(policyPath);
+    // Deny takes highest priority
+    if (config.deny?.includes(category))
+        return "deny";
+    // Confirm takes second priority
+    if (config.confirm?.includes(category))
+        return "confirm";
+    // Explicit allow
+    if (config.allow?.includes(category))
+        return "allow";
+    // Fall through to default
+    return config.default;
+}
+/**
+ * Human-readable description of an action for confirm prompts.
+ */
+export function describeAction(actionType, details) {
+    const descriptions = {
+        navigate: "Navigate to a URL",
+        click: "Click an element",
+        hover: "Hover over an element",
+        drag: "Drag and drop an element",
+        type: "Type text into a field",
+        select: "Select an option",
+        upload: "Upload files",
+        evaluate: "Execute JavaScript code",
+        screenshot: "Take a screenshot",
+        pdf: "Generate a PDF",
+        cookie_get: "Read cookies",
+        cookie_set: "Set cookies",
+        storage_get: "Read browser storage",
+        storage_set: "Write to browser storage",
+        scroll: "Scroll the page",
+        wait: "Wait for element/timeout",
+        press: "Press a key",
+    };
+    let desc = descriptions[actionType] ?? `Execute ${actionType}`;
+    if (details?.url)
+        desc += ` (${details.url})`;
+    if (details?.selector)
+        desc += ` on ${details.selector}`;
+    if (details?.ref)
+        desc += ` on ref ${details.ref}`;
+    return desc;
+}
+/** Clear policy cache (for testing) */
+export function resetPolicyCache() {
+    policyCache.clear();
+}
+//# sourceMappingURL=action-policy.js.map

package/dist/security/action-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-policy.js","sourceRoot":"","sources":["../../src/security/action-policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAGlC,kCAAkC;AAElC,MAAM,iBAAiB,GAA2B;IAChD,aAAa;IACb,QAAQ,EAAE,UAAU;IAEpB,iBAAiB;IACjB,KAAK,EAAE,OAAO;IACd,KAAK,EAAE,OAAO;IACd,IAAI,EAAE,OAAO;IAEb,aAAa;IACb,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,MAAM;IACd,MAAM,EAAE,MAAM;IAEd,mBAAmB;IACnB,QAAQ,EAAE,MAAM;IAEhB,aAAa;IACb,UAAU,EAAE,UAAU;IACtB,GAAG,EAAE,UAAU;IACf,UAAU,EAAE,OAAO;IACnB,WAAW,EAAE,OAAO;IAEpB,cAAc;IACd,UAAU,EAAE,aAAa;IACzB,WAAW,EAAE,aAAa;IAE1B,UAAU;IACV,MAAM,EAAE,QAAQ;IAChB,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,UAAU;CAClB,CAAC;AAEF,kCAAkC;AAClC,MAAM,iBAAiB,GAAG,WAAW,CAAC;AAEtC;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAkB;IAClD,OAAO,iBAAiB,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC;AACpD,CAAC;AAUD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;AACpD,MAAM,wBAAwB,GAAG,IAAI,CAAC;AAEtC;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,UAAkB;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE3C,oCAAoC;IACpC,IAAI,MAAM,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,wBAAwB,EAAE,CAAC;QAC/D,OAAO,MAAM,CAAC,MAAM,CAAC;IACvB,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC;QAE3B,IAAI,MAAM,IAAI,MAAM,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;YACrC,MAAM,CAAC,QAAQ,GAAG,GAAG,CAAC;YACtB,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAuB,CAAC;QAErD,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;QAC9D,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,8DAA8D;QAC9D,MAAM,aAAa,GAAuB,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;QAC/D,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;QAChF,OAAO,aAAa,CAAC;IACvB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,UAAkB,EAClB,UAAkB;IAElB,MAAM,QAAQ,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAE/C,kCAAkC;IAClC,IAAI,QAAQ,KAAK,iBAAiB;QAAE,OAAO,OAAO,CAAC;IAEnD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;IAE5C,8BAA8B;IAC9B,IAAI,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,MAAM,CAAC;IAEnD,gCAAgC;IAChC,IAAI,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,SAAS,CAAC;IAEzD,iBAAiB;IACjB,IAAI,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,OAAO,CAAC;IAErD,0BAA0B;IAC1B,OAAO,MAAM,CAAC,OAAO,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,UAAkB,EAAE,OAAiC;IAClF,MAAM,YAAY,GAA2B;QAC3C,QAAQ,EAAE,mBAAmB;QAC7B,KAAK,EAAE,kBAAkB;QACzB,KAAK,EAAE,uBAAuB;QAC9B,IAAI,EAAE,0BAA0B;QAChC,IAAI,EAAE,wBAAwB;QAC9B,MAAM,EAAE,kBAAkB;QAC1B,MAAM,EAAE,cAAc;QACtB,QAAQ,EAAE,yBAAyB;QACnC,UAAU,EAAE,mBAAmB;QAC/B,GAAG,EAAE,gBAAgB;QACrB,UAAU,EAAE,cAAc;QAC1B,UAAU,EAAE,aAAa;QACzB,WAAW,EAAE,sBAAsB;QACnC,WAAW,EAAE,0BAA0B;QACvC,MAAM,EAAE,iBAAiB;QACzB,IAAI,EAAE,0BAA0B;QAChC,KAAK,EAAE,aAAa;KACrB,CAAC;IAEF,IAAI,IAAI,GAAG,YAAY,CAAC,UAAU,CAAC,IAAI,WAAW,UAAU,EAAE,CAAC;IAC/D,IAAI,OAAO,EAAE,GAAG;QAAE,IAAI,IAAI,KAAK,OAAO,CAAC,GAAG,GAAG,CAAC;IAC9C,IAAI,OAAO,EAAE,QAAQ;QAAE,IAAI,IAAI,OAAO,OAAO,CAAC,QAAQ,EAAE,CAAC;IACzD,IAAI,OAAO,EAAE,GAAG;QAAE,IAAI,IAAI,WAAW,OAAO,CAAC,GAAG,EAAE,CAAC;IAEnD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,uCAAuC;AACvC,MAAM,UAAU,gBAAgB;IAC9B,WAAW,CAAC,KAAK,EAAE,CAAC;AACtB,CAAC"}

package/dist/security/auth-vault.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Auth Vault — Encrypted credential storage for login automation.
+ *
+ * Stores login profiles (URL, username, password, form selectors)
+ * encrypted on disk. Profiles are decrypted on-demand for login flows.
+ */
+export interface AuthProfile {
+    name: string;
+    url: string;
+    username: string;
+    password: string;
+    selectors: {
+        username: string;
+        password: string;
+        submit: string;
+    };
+    lastLogin?: string;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface AuthProfileMeta {
+    name: string;
+    url: string;
+    username: string;
+    lastLogin?: string;
+    createdAt: string;
+    updatedAt: string;
+}
+/**
+ * Save an auth profile (encrypted on disk).
+ */
+export declare function saveAuthProfile(profile: Omit<AuthProfile, "createdAt" | "updatedAt">): Promise<void>;
+/**
+ * Get a decrypted auth profile by name.
+ */
+export declare function getAuthProfile(name: string): Promise<AuthProfile | null>;
+/**
+ * List all auth profiles (meta only — no passwords).
+ */
+export declare function listAuthProfiles(): Promise<AuthProfileMeta[]>;
+/**
+ * Delete an auth profile.
+ */
+export declare function deleteAuthProfile(name: string): Promise<boolean>;
+/**
+ * Update the lastLogin timestamp for a profile.
+ */
+export declare function updateLastLogin(name: string): Promise<void>;
+//# sourceMappingURL=auth-vault.d.ts.map

package/dist/security/auth-vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-vault.d.ts","sourceRoot":"","sources":["../../src/security/auth-vault.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAaD;;GAEG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE,WAAW,GAAG,WAAW,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CA8B1G;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAgB9E;AAED;;GAEG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC,CAiCnE;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOtE;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAQjE"}