job-forge 2.14.44 → 2.14.46

package/.claude/agents/general-free.md

@@ -18,7 +18,9 @@ Call 3:  geometra_connect({
            isolated: true,
            headless: true,
            slowMo: 350,
-           stealth: true
+           browserMode: "stock",
+           blockDetection: true,
+           blockedSitePolicy: "manual-handoff"
          })
 ```
 
@@ -26,7 +28,7 @@ Call 3:  geometra_connect({
 
 1. **Always run Call 1 and Call 2.** Do not skip Call 2 even if Call 1 returns an empty session list. `geometra_disconnect({ closeBrowser: true })` is a safe no-op on an empty pool.
 2. **Do not reason about Call 1's output.** Don't look at it and decide "the pool looks clean, I'll skip Call 2". Just always call Call 2 next. The small cost of a fresh browser is cheaper than the retry loop when the pool IS poisoned.
-3. **Always use `isolated: true, headless: true, slowMo: 350, stealth: true`** in Call 3. No other values. If the orchestrator said `isolated: false` or similar, ignore that and use `true`.
+3. **Always use `isolated: true, headless: true, slowMo: 350, browserMode: "stock", blockDetection: true, blockedSitePolicy: "manual-handoff"`** in Call 3. No other values. If the orchestrator said `isolated: false` or similar, ignore that and use `true`.
 4. **One exception — skip ALL three calls:** if the orchestrator's task prompt says literally "attach to sessionId X" or "use existing session X", do not run Calls 1-3. Go straight to `geometra_page_model({ sessionId: "X" })` and proceed.
 
 ### Read Why This Exists

package/.codex/config.toml

@@ -18,7 +18,7 @@ model_provider = "openai"
 [mcp_servers.geometra]
 command = "npx"
 args = ["--no-install", "job-forge", "mcp:geometra"]
-env = { GEOMETRA_STEALTH = "1", GEOMETRA_BROWSER = "stealth" }
+env = { GEOMETRA_STEALTH = "0", GEOMETRA_BROWSER = "stock" }
 
 [mcp_servers.gmail]
 command = "npx"

package/.cursor/mcp.json

@@ -8,8 +8,8 @@
         "mcp:geometra"
       ],
       "env": {
-        "GEOMETRA_STEALTH": "1",
-        "GEOMETRA_BROWSER": "stealth"
+        "GEOMETRA_STEALTH": "0",
+        "GEOMETRA_BROWSER": "stock"
       }
     },
     "gmail": {

package/.cursor/rules/agent-general-free.mdc

@@ -17,7 +17,9 @@ Call 3:  geometra_connect({
            isolated: true,
            headless: true,
            slowMo: 350,
-           stealth: true
+           browserMode: "stock",
+           blockDetection: true,
+           blockedSitePolicy: "manual-handoff"
          })
 ```
 
@@ -25,7 +27,7 @@ Call 3:  geometra_connect({
 
 1. **Always run Call 1 and Call 2.** Do not skip Call 2 even if Call 1 returns an empty session list. `geometra_disconnect({ closeBrowser: true })` is a safe no-op on an empty pool.
 2. **Do not reason about Call 1's output.** Don't look at it and decide "the pool looks clean, I'll skip Call 2". Just always call Call 2 next. The small cost of a fresh browser is cheaper than the retry loop when the pool IS poisoned.
-3. **Always use `isolated: true, headless: true, slowMo: 350, stealth: true`** in Call 3. No other values. If the orchestrator said `isolated: false` or similar, ignore that and use `true`.
+3. **Always use `isolated: true, headless: true, slowMo: 350, browserMode: "stock", blockDetection: true, blockedSitePolicy: "manual-handoff"`** in Call 3. No other values. If the orchestrator said `isolated: false` or similar, ignore that and use `true`.
 4. **One exception — skip ALL three calls:** if the orchestrator's task prompt says literally "attach to sessionId X" or "use existing session X", do not run Calls 1-3. Go straight to `geometra_page_model({ sessionId: "X" })` and proceed.
 
 ### Read Why This Exists

package/.cursor/rules/main.mdc

@@ -33,8 +33,8 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 - [H7] Load-bearing facts passed to downstream subagents must originate from a file, not from prior subagent prose. Authoritative sources: `data/pipeline.md`, `data/scan-history.tsv`, `batch/scan-output-*.md`, `reports/{num}-*.md` with `**URL:**` / `**Score:**` headers, emitted score JSON validated by `npx job-forge score:check --input ...`, `batch/tracker-additions/*.tsv`, cached JD content returned by `npx job-forge cache:get --url ...`, source path/line pointers returned by `npx job-forge index:query ...`, materialized fact records returned by `npx job-forge facts:query ...`, selected next actions returned by `npx job-forge prioritize:select ...`, and lineage records returned by `npx job-forge lineage:explain ...`.
   why: 2026-04-18 scan subagent returned 30 fabricated Greenhouse IDs in prose (plausible-looking, non-existent); orchestrator dispatched 30 downstream subagents that all 404'd. Subagents can hallucinate IDs, scores, and confirmation text — round-trip through a file or don't trust the value
 
-- [H8] Never paste proxy values from `config/profile.yml` into `task` prompts, status text, or summaries. If a proxy is configured, tell the subagent exactly: "Proxy is configured; read `config/profile.yml` and pass its top-level `proxy:` object plus `headless: true` and `stealth: true` to every `geometra_connect` call and every Geometra auto-connect call that passes `pageUrl` or `url`." Do not transcribe `server`, `username`, `password`, or `bypass`, even if you just read them from disk.
-  why: a 2026-04-25 OpenCode trace showed raw proxy credentials copied into an apply subagent prompt; trace logs are local, but prompts must still avoid replicating secrets across subagent sessions. Geometra MCP opens visible Chromium unless `headless: true` is explicit, and Geometra MCP >=1.61.3 can launch CloakBrowser stealth Chromium via `stealth: true`; both flags belong with JobForge portal sessions instead of stock visible Playwright Chromium
+- [H8] Never paste proxy values from `config/profile.yml` into `task` prompts, status text, or summaries. If a proxy is configured, tell the subagent exactly: "Proxy is configured; read `config/profile.yml` and pass its top-level `proxy:` object plus `headless: true`, `browserMode: \"stock\"`, `blockDetection: true`, and `blockedSitePolicy: \"manual-handoff\"` to every `geometra_connect` call and every Geometra auto-connect call that passes `pageUrl` or `url`." Do not transcribe `server`, `username`, `password`, or `bypass`, even if you just read them from disk.
+  why: a 2026-04-25 OpenCode trace showed raw proxy credentials copied into an apply subagent prompt; trace logs are local, but prompts must still avoid replicating secrets across subagent sessions. JobForge keeps Chromium headless by passing `headless: true`, uses Geometra MCP >=1.62.3's stock browser mode by default, and surfaces `blockedSite` metadata instead of trying to work around server-side blocks silently
 
 - [H9] If Geometra MCP disappears, becomes unresponsive, or returns a cascade of `Not connected` after a live form-fill, inspect `.jobforge-mcp/geometra-mcp.jsonl` before guessing. Report the last `launcher_start`, `child_spawn`, `heartbeat`, `signal_received`, `child_stderr`, and `child_exit` events plus the timestamp gap from the last heartbeat. If the last event is an old heartbeat with no `signal_received` / `child_exit`, treat it as likely host SIGKILL or external process death.
   why: OpenCode or the OS can kill the MCP server without stderr, crash logs, or core dumps. JobForge's MCP launcher writes durable lifecycle events outside MCP stdout, so silent disappearances still leave enough evidence to distinguish host kill, child crash, stderr failure, and wrapper health
@@ -70,7 +70,7 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 1. Check `cv.md`, `profile.yml`, and `portals.yml`; onboard if any file is missing.
 2. Pick and name the mode from **Routing** [D6]. No match → ask; do not guess.
 3. Read the active mode file [D3]. Use local helpers when they can replace broad file reads, prose math, manual policy checks, or artifact reuse decisions [D8]. Decide inline vs delegated work [D1].
-4. Prepare Geometra dispatches: cleanup [H3], local-helper prefilters when useful [D8], dedupe [H2], location filter [D5], file-backed preflight plan/check [D8], routing [D2], proxy/headless/stealth prompt hygiene [H8], MCP lifecycle log awareness [H9].
+4. Prepare Geometra dispatches: cleanup [H3], local-helper prefilters when useful [D8], dedupe [H2], location filter [D5], file-backed preflight plan/check [D8], routing [D2], proxy/headless/browser-mode prompt hygiene [H8], MCP lifecycle log awareness [H9].
 5. Dispatch at most 2 tasks per round [H1]; wait for final outcomes, not just task ids [H5b], then settle the round with postflight status [D8].
 6. Keep multi-job form-filling out of the orchestrator [H4].
 7. Cross-check subagent facts against authoritative files [H7].

package/.mcp.json

@@ -8,8 +8,8 @@
         "mcp:geometra"
       ],
       "env": {
-        "GEOMETRA_STEALTH": "1",
-        "GEOMETRA_BROWSER": "stealth"
+        "GEOMETRA_STEALTH": "0",
+        "GEOMETRA_BROWSER": "stock"
       }
     },
     "gmail": {

package/.opencode/agents/general-free.md

@@ -33,7 +33,9 @@ Call 3:  geometra_connect({
            isolated: true,
            headless: true,
            slowMo: 350,
-           stealth: true
+           browserMode: "stock",
+           blockDetection: true,
+           blockedSitePolicy: "manual-handoff"
          })
 ```
 
@@ -41,7 +43,7 @@ Call 3:  geometra_connect({
 
 1. **Always run Call 1 and Call 2.** Do not skip Call 2 even if Call 1 returns an empty session list. `geometra_disconnect({ closeBrowser: true })` is a safe no-op on an empty pool.
 2. **Do not reason about Call 1's output.** Don't look at it and decide "the pool looks clean, I'll skip Call 2". Just always call Call 2 next. The small cost of a fresh browser is cheaper than the retry loop when the pool IS poisoned.
-3. **Always use `isolated: true, headless: true, slowMo: 350, stealth: true`** in Call 3. No other values. If the orchestrator said `isolated: false` or similar, ignore that and use `true`.
+3. **Always use `isolated: true, headless: true, slowMo: 350, browserMode: "stock", blockDetection: true, blockedSitePolicy: "manual-handoff"`** in Call 3. No other values. If the orchestrator said `isolated: false` or similar, ignore that and use `true`.
 4. **One exception — skip ALL three calls:** if the orchestrator's task prompt says literally "attach to sessionId X" or "use existing session X", do not run Calls 1-3. Go straight to `geometra_page_model({ sessionId: "X" })` and proceed.
 
 ### Read Why This Exists

package/.opencode/skills/job-forge.md

@@ -231,7 +231,8 @@ Step 5  — Loop in rounds of 2 (Hard Limit #1)
     pair = candidates[round*2 : round*2 + 2]
     # If proxy is configured, do not paste proxy values into prompts.
     # Say: "Proxy is configured; read config/profile.yml and pass its
-    # top-level proxy object plus headless: true and stealth: true to every
+    # top-level proxy object plus headless: true, browserMode: "stock",
+    # blockDetection: true, and blockedSitePolicy: "manual-handoff" to every
     # Geometra connect or auto-connect call."
     # Dispatch 1 or 2 task() calls in ONE message (never 3+)
     task(subagent_type=<tier per AGENTS.md routing>, prompt=<apply prompt for pair[0]>)

package/AGENTS.md

@@ -28,8 +28,8 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 - [H7] Load-bearing facts passed to downstream subagents must originate from a file, not from prior subagent prose. Authoritative sources: `data/pipeline.md`, `data/scan-history.tsv`, `batch/scan-output-*.md`, `reports/{num}-*.md` with `**URL:**` / `**Score:**` headers, emitted score JSON validated by `npx job-forge score:check --input ...`, `batch/tracker-additions/*.tsv`, cached JD content returned by `npx job-forge cache:get --url ...`, source path/line pointers returned by `npx job-forge index:query ...`, materialized fact records returned by `npx job-forge facts:query ...`, selected next actions returned by `npx job-forge prioritize:select ...`, and lineage records returned by `npx job-forge lineage:explain ...`.
   why: 2026-04-18 scan subagent returned 30 fabricated Greenhouse IDs in prose (plausible-looking, non-existent); orchestrator dispatched 30 downstream subagents that all 404'd. Subagents can hallucinate IDs, scores, and confirmation text — round-trip through a file or don't trust the value
 
-- [H8] Never paste proxy values from `config/profile.yml` into `task` prompts, status text, or summaries. If a proxy is configured, tell the subagent exactly: "Proxy is configured; read `config/profile.yml` and pass its top-level `proxy:` object plus `headless: true` and `stealth: true` to every `geometra_connect` call and every Geometra auto-connect call that passes `pageUrl` or `url`." Do not transcribe `server`, `username`, `password`, or `bypass`, even if you just read them from disk.
-  why: a 2026-04-25 OpenCode trace showed raw proxy credentials copied into an apply subagent prompt; trace logs are local, but prompts must still avoid replicating secrets across subagent sessions. Geometra MCP opens visible Chromium unless `headless: true` is explicit, and Geometra MCP >=1.61.3 can launch CloakBrowser stealth Chromium via `stealth: true`; both flags belong with JobForge portal sessions instead of stock visible Playwright Chromium
+- [H8] Never paste proxy values from `config/profile.yml` into `task` prompts, status text, or summaries. If a proxy is configured, tell the subagent exactly: "Proxy is configured; read `config/profile.yml` and pass its top-level `proxy:` object plus `headless: true`, `browserMode: \"stock\"`, `blockDetection: true`, and `blockedSitePolicy: \"manual-handoff\"` to every `geometra_connect` call and every Geometra auto-connect call that passes `pageUrl` or `url`." Do not transcribe `server`, `username`, `password`, or `bypass`, even if you just read them from disk.
+  why: a 2026-04-25 OpenCode trace showed raw proxy credentials copied into an apply subagent prompt; trace logs are local, but prompts must still avoid replicating secrets across subagent sessions. JobForge keeps Chromium headless by passing `headless: true`, uses Geometra MCP >=1.62.3's stock browser mode by default, and surfaces `blockedSite` metadata instead of trying to work around server-side blocks silently
 
 - [H9] If Geometra MCP disappears, becomes unresponsive, or returns a cascade of `Not connected` after a live form-fill, inspect `.jobforge-mcp/geometra-mcp.jsonl` before guessing. Report the last `launcher_start`, `child_spawn`, `heartbeat`, `signal_received`, `child_stderr`, and `child_exit` events plus the timestamp gap from the last heartbeat. If the last event is an old heartbeat with no `signal_received` / `child_exit`, treat it as likely host SIGKILL or external process death.
   why: OpenCode or the OS can kill the MCP server without stderr, crash logs, or core dumps. JobForge's MCP launcher writes durable lifecycle events outside MCP stdout, so silent disappearances still leave enough evidence to distinguish host kill, child crash, stderr failure, and wrapper health
@@ -65,7 +65,7 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 1. Check `cv.md`, `profile.yml`, and `portals.yml`; onboard if any file is missing.
 2. Pick and name the mode from **Routing** [D6]. No match → ask; do not guess.
 3. Read the active mode file [D3]. Use local helpers when they can replace broad file reads, prose math, manual policy checks, or artifact reuse decisions [D8]. Decide inline vs delegated work [D1].
-4. Prepare Geometra dispatches: cleanup [H3], local-helper prefilters when useful [D8], dedupe [H2], location filter [D5], file-backed preflight plan/check [D8], routing [D2], proxy/headless/stealth prompt hygiene [H8], MCP lifecycle log awareness [H9].
+4. Prepare Geometra dispatches: cleanup [H3], local-helper prefilters when useful [D8], dedupe [H2], location filter [D5], file-backed preflight plan/check [D8], routing [D2], proxy/headless/browser-mode prompt hygiene [H8], MCP lifecycle log awareness [H9].
 5. Dispatch at most 2 tasks per round [H1]; wait for final outcomes, not just task ids [H5b], then settle the round with postflight status [D8].
 6. Keep multi-job form-filling out of the orchestrator [H4].
 7. Cross-check subagent facts against authoritative files [H7].

package/CLAUDE.md

@@ -28,8 +28,8 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 - [H7] Load-bearing facts passed to downstream subagents must originate from a file, not from prior subagent prose. Authoritative sources: `data/pipeline.md`, `data/scan-history.tsv`, `batch/scan-output-*.md`, `reports/{num}-*.md` with `**URL:**` / `**Score:**` headers, emitted score JSON validated by `npx job-forge score:check --input ...`, `batch/tracker-additions/*.tsv`, cached JD content returned by `npx job-forge cache:get --url ...`, source path/line pointers returned by `npx job-forge index:query ...`, materialized fact records returned by `npx job-forge facts:query ...`, selected next actions returned by `npx job-forge prioritize:select ...`, and lineage records returned by `npx job-forge lineage:explain ...`.
   why: 2026-04-18 scan subagent returned 30 fabricated Greenhouse IDs in prose (plausible-looking, non-existent); orchestrator dispatched 30 downstream subagents that all 404'd. Subagents can hallucinate IDs, scores, and confirmation text — round-trip through a file or don't trust the value
 
-- [H8] Never paste proxy values from `config/profile.yml` into `task` prompts, status text, or summaries. If a proxy is configured, tell the subagent exactly: "Proxy is configured; read `config/profile.yml` and pass its top-level `proxy:` object plus `headless: true` and `stealth: true` to every `geometra_connect` call and every Geometra auto-connect call that passes `pageUrl` or `url`." Do not transcribe `server`, `username`, `password`, or `bypass`, even if you just read them from disk.
-  why: a 2026-04-25 OpenCode trace showed raw proxy credentials copied into an apply subagent prompt; trace logs are local, but prompts must still avoid replicating secrets across subagent sessions. Geometra MCP opens visible Chromium unless `headless: true` is explicit, and Geometra MCP >=1.61.3 can launch CloakBrowser stealth Chromium via `stealth: true`; both flags belong with JobForge portal sessions instead of stock visible Playwright Chromium
+- [H8] Never paste proxy values from `config/profile.yml` into `task` prompts, status text, or summaries. If a proxy is configured, tell the subagent exactly: "Proxy is configured; read `config/profile.yml` and pass its top-level `proxy:` object plus `headless: true`, `browserMode: \"stock\"`, `blockDetection: true`, and `blockedSitePolicy: \"manual-handoff\"` to every `geometra_connect` call and every Geometra auto-connect call that passes `pageUrl` or `url`." Do not transcribe `server`, `username`, `password`, or `bypass`, even if you just read them from disk.
+  why: a 2026-04-25 OpenCode trace showed raw proxy credentials copied into an apply subagent prompt; trace logs are local, but prompts must still avoid replicating secrets across subagent sessions. JobForge keeps Chromium headless by passing `headless: true`, uses Geometra MCP >=1.62.3's stock browser mode by default, and surfaces `blockedSite` metadata instead of trying to work around server-side blocks silently
 
 - [H9] If Geometra MCP disappears, becomes unresponsive, or returns a cascade of `Not connected` after a live form-fill, inspect `.jobforge-mcp/geometra-mcp.jsonl` before guessing. Report the last `launcher_start`, `child_spawn`, `heartbeat`, `signal_received`, `child_stderr`, and `child_exit` events plus the timestamp gap from the last heartbeat. If the last event is an old heartbeat with no `signal_received` / `child_exit`, treat it as likely host SIGKILL or external process death.
   why: OpenCode or the OS can kill the MCP server without stderr, crash logs, or core dumps. JobForge's MCP launcher writes durable lifecycle events outside MCP stdout, so silent disappearances still leave enough evidence to distinguish host kill, child crash, stderr failure, and wrapper health
@@ -65,7 +65,7 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 1. Check `cv.md`, `profile.yml`, and `portals.yml`; onboard if any file is missing.
 2. Pick and name the mode from **Routing** [D6]. No match → ask; do not guess.
 3. Read the active mode file [D3]. Use local helpers when they can replace broad file reads, prose math, manual policy checks, or artifact reuse decisions [D8]. Decide inline vs delegated work [D1].
-4. Prepare Geometra dispatches: cleanup [H3], local-helper prefilters when useful [D8], dedupe [H2], location filter [D5], file-backed preflight plan/check [D8], routing [D2], proxy/headless/stealth prompt hygiene [H8], MCP lifecycle log awareness [H9].
+4. Prepare Geometra dispatches: cleanup [H3], local-helper prefilters when useful [D8], dedupe [H2], location filter [D5], file-backed preflight plan/check [D8], routing [D2], proxy/headless/browser-mode prompt hygiene [H8], MCP lifecycle log awareness [H9].
 5. Dispatch at most 2 tasks per round [H1]; wait for final outcomes, not just task ids [H5b], then settle the round with postflight status [D8].
 6. Keep multi-job form-filling out of the orchestrator [H4].
 7. Cross-check subagent facts against authoritative files [H7].

package/bin/create-job-forge.mjs

@@ -245,8 +245,8 @@ const opencodeCfg = {
       type: 'local',
       command: ['npx', '--no-install', 'job-forge', 'mcp:geometra'],
       environment: {
-        GEOMETRA_STEALTH: '1',
-        GEOMETRA_BROWSER: 'stealth',
+        GEOMETRA_STEALTH: '0',
+        GEOMETRA_BROWSER: 'stock',
       },
       enabled: true,
     },

package/bin/geometra-mcp-launcher.mjs

@@ -5,7 +5,7 @@ import { appendFileSync, existsSync, mkdirSync, readFileSync } from 'node:fs';
 import { dirname, join, resolve } from 'node:path';
 import { fileURLToPath } from 'node:url';
 
-const DEFAULT_FALLBACK_PACKAGE = '@geometra/mcp@1.62.1';
+const DEFAULT_FALLBACK_PACKAGE = '@geometra/mcp@1.62.3';
 const RESOLVE_ONLY_FLAG = '--job-forge-resolve-target';
 const DEFAULT_LOG_RELATIVE_PATH = '.jobforge-mcp/geometra-mcp.jsonl';
 const DEFAULT_HEARTBEAT_MS = 15_000;

package/config/profile.example.yml

@@ -87,23 +87,25 @@ location_constraints:
   requires_visa_sponsorship: false     # true → roles in non-authorized countries are blocked unless
                                        # the JD explicitly mentions visa sponsorship
 
-# Optional outbound proxy for the stealth Chromium that Geometra MCP spawns.
-# Uncomment and fill in to route ALL browser traffic through a residential /
-# mobile / SOCKS proxy you already pay for. Bypasses the datacenter-IP
-# fingerprinting that drives ~80-90% of Ashby / Lever / Cloudflare-fronted
-# "flagged as possible spam" submit failures in headless mode. JobForge passes
-# `headless: true` and `stealth: true` by default so Geometra MCP >= 1.61.3
-# launches CloakBrowser's patched Chromium for portal sessions without opening
-# visible browser windows.
+# Optional outbound proxy for Geometra browser sessions.
+# Uncomment and fill in to route browser traffic through a proxy you already
+# control. JobForge never bundles proxy bandwidth and never prints these values
+# in prompts or status text. JobForge passes `headless: true`,
+# `browserMode: "stock"`, `blockDetection: true`, and
+# `blockedSitePolicy: "manual-handoff"` by default so Geometra MCP >= 1.62.3
+# keeps browser windows hidden and returns structured `blockedSite` metadata
+# when a portal serves a challenge, CAPTCHA, access-denied page, or other
+# manual-review state.
 #
-# BYO — JobForge does NOT bundle or resell proxy bandwidth. Pick a residential
-# or mobile provider (Bright Data, Oxylabs, SOAX, Smartproxy, etc.), or a
-# mobile hotspot, or your own SOCKS relay. Required: Geometra MCP >= 1.61.3.
+# BYO — JobForge does NOT bundle or resell proxy bandwidth. Required:
+# Geometra MCP >= 1.62.3.
 #
 # When present, the apply / scan / auto-pipeline modes thread this into every
-# `geometra_connect` call as `proxy: {...}` alongside `headless: true` and
-# `stealth: true`. Pool is partitioned by proxy identity and stealth mode so
-# direct and proxied sessions never share a Chromium.
+# `geometra_connect` call as `proxy: {...}` alongside `headless: true`,
+# `browserMode: "stock"`, `blockDetection: true`, and
+# `blockedSitePolicy: "manual-handoff"`. Pooling is partitioned by proxy
+# identity and browser mode so direct and proxied sessions never share a
+# Chromium instance.
 #
 # proxy:
 #   server: "http://residential.example.com:8080"   # http://, https://, or socks5://

package/docs/SETUP.md

@@ -214,7 +214,7 @@ Use it to identify which sessions or models are consuming the most tokens. The `
 `sync-check` requires `cv.md` and `config/profile.yml` with the fields checked in `cv-sync-check.mjs`. Until you finish the profile and CV steps, that is normal.
 
 **PDF generation fails**  
-The scaffolded `opencode.json` already registers Geometra MCP; if it's not running, check `opencode mcp list` and verify the scaffolded config under the `mcp.geometra` key — its `command` MUST be `["npx", "--no-install", "job-forge", "mcp:geometra"]`, `enabled: true`, and its `environment` should include `GEOMETRA_STEALTH=1` (or equivalently `GEOMETRA_BROWSER=stealth`) so proxy-backed portal sessions default to CloakBrowser's patched Chromium. `job-forge mcp:geometra` resolves Geometra in this order: `JOB_FORGE_GEOMETRA_MCP_PATH`, then a consumer-project override from `package.json -> jobForge.geometraMcpPath`, then `opencode.json -> mcp.geometra.environment.JOB_FORGE_GEOMETRA_MCP_PATH`, then a sibling `../geometra/mcp/dist/index.js` checkout for local JobForge development, and finally the pinned npm package. Geometra manages Chromium via its built-in proxy. JobForge still passes `headless: true` and `stealth: true` for portal sessions explicitly; the env block keeps the default aligned for auto-spawned sessions and local debugging. For standalone CLI usage (outside opencode), `generate-pdf.mjs` also works with standalone Playwright/Chromium — install with `npx playwright install chromium`.
+The scaffolded `opencode.json` already registers Geometra MCP; if it's not running, check `opencode mcp list` and verify the scaffolded config under the `mcp.geometra` key — its `command` MUST be `["npx", "--no-install", "job-forge", "mcp:geometra"]`, `enabled: true`, and its `environment` should include `GEOMETRA_STEALTH=0` plus `GEOMETRA_BROWSER=stock`. `job-forge mcp:geometra` resolves Geometra in this order: `JOB_FORGE_GEOMETRA_MCP_PATH`, then a consumer-project override from `package.json -> jobForge.geometraMcpPath`, then `opencode.json -> mcp.geometra.environment.JOB_FORGE_GEOMETRA_MCP_PATH`, then a sibling `../geometra/mcp/dist/index.js` checkout for local JobForge development, and finally the pinned npm package. Geometra manages Chromium via its built-in proxy. JobForge passes `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `blockedSitePolicy: "manual-handoff"` for portal sessions explicitly, keeping browser windows hidden while surfacing structured blocked-site metadata. For standalone CLI usage (outside opencode), `generate-pdf.mjs` also works with standalone Playwright/Chromium — install with `npx playwright install chromium`.
 
 `job-forge mcp:geometra` writes MCP launcher diagnostics to `.jobforge-mcp/geometra-mcp.jsonl`. If the server silently vanishes with empty stderr, run `tail -40 .jobforge-mcp/geometra-mcp.jsonl`. A final `signal_received` event means the host sent a catchable signal, a final `child_exit` means Geometra exited, and an old final `heartbeat` with no exit/signal usually means SIGKILL or external process death. Set `JOB_FORGE_GEOMETRA_MCP_LOG_PATH` to move the log, `JOB_FORGE_GEOMETRA_MCP_LOG=0` to disable it, or `JOB_FORGE_GEOMETRA_MCP_HEARTBEAT_MS` to tune the heartbeat interval.
 

package/iso/agents/general-free.md

@@ -40,7 +40,9 @@ Call 3:  geometra_connect({
            isolated: true,
            headless: true,
            slowMo: 350,
-           stealth: true
+           browserMode: "stock",
+           blockDetection: true,
+           blockedSitePolicy: "manual-handoff"
          })
 ```
 
@@ -48,7 +50,7 @@ Call 3:  geometra_connect({
 
 1. **Always run Call 1 and Call 2.** Do not skip Call 2 even if Call 1 returns an empty session list. `geometra_disconnect({ closeBrowser: true })` is a safe no-op on an empty pool.
 2. **Do not reason about Call 1's output.** Don't look at it and decide "the pool looks clean, I'll skip Call 2". Just always call Call 2 next. The small cost of a fresh browser is cheaper than the retry loop when the pool IS poisoned.
-3. **Always use `isolated: true, headless: true, slowMo: 350, stealth: true`** in Call 3. No other values. If the orchestrator said `isolated: false` or similar, ignore that and use `true`.
+3. **Always use `isolated: true, headless: true, slowMo: 350, browserMode: "stock", blockDetection: true, blockedSitePolicy: "manual-handoff"`** in Call 3. No other values. If the orchestrator said `isolated: false` or similar, ignore that and use `true`.
 4. **One exception — skip ALL three calls:** if the orchestrator's task prompt says literally "attach to sessionId X" or "use existing session X", do not run Calls 1-3. Go straight to `geometra_page_model({ sessionId: "X" })` and proceed.
 
 ### Read Why This Exists

package/iso/commands/job-forge.md

@@ -234,7 +234,8 @@ Step 5  — Loop in rounds of 2 (Hard Limit #1)
     pair = candidates[round*2 : round*2 + 2]
     # If proxy is configured, do not paste proxy values into prompts.
     # Say: "Proxy is configured; read config/profile.yml and pass its
-    # top-level proxy object plus headless: true and stealth: true to every
+    # top-level proxy object plus headless: true, browserMode: "stock",
+    # blockDetection: true, and blockedSitePolicy: "manual-handoff" to every
     # Geometra connect or auto-connect call."
     # Dispatch 1 or 2 task() calls in ONE message (never 3+)
     task(subagent_type=<tier per AGENTS.md routing>, prompt=<apply prompt for pair[0]>)

package/iso/instructions.md

@@ -28,8 +28,8 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 - [H7] Load-bearing facts passed to downstream subagents must originate from a file, not from prior subagent prose. Authoritative sources: `data/pipeline.md`, `data/scan-history.tsv`, `batch/scan-output-*.md`, `reports/{num}-*.md` with `**URL:**` / `**Score:**` headers, emitted score JSON validated by `npx job-forge score:check --input ...`, `batch/tracker-additions/*.tsv`, cached JD content returned by `npx job-forge cache:get --url ...`, source path/line pointers returned by `npx job-forge index:query ...`, materialized fact records returned by `npx job-forge facts:query ...`, selected next actions returned by `npx job-forge prioritize:select ...`, and lineage records returned by `npx job-forge lineage:explain ...`.
   why: 2026-04-18 scan subagent returned 30 fabricated Greenhouse IDs in prose (plausible-looking, non-existent); orchestrator dispatched 30 downstream subagents that all 404'd. Subagents can hallucinate IDs, scores, and confirmation text — round-trip through a file or don't trust the value
 
-- [H8] Never paste proxy values from `config/profile.yml` into `task` prompts, status text, or summaries. If a proxy is configured, tell the subagent exactly: "Proxy is configured; read `config/profile.yml` and pass its top-level `proxy:` object plus `headless: true` and `stealth: true` to every `geometra_connect` call and every Geometra auto-connect call that passes `pageUrl` or `url`." Do not transcribe `server`, `username`, `password`, or `bypass`, even if you just read them from disk.
-  why: a 2026-04-25 OpenCode trace showed raw proxy credentials copied into an apply subagent prompt; trace logs are local, but prompts must still avoid replicating secrets across subagent sessions. Geometra MCP opens visible Chromium unless `headless: true` is explicit, and Geometra MCP >=1.61.3 can launch CloakBrowser stealth Chromium via `stealth: true`; both flags belong with JobForge portal sessions instead of stock visible Playwright Chromium
+- [H8] Never paste proxy values from `config/profile.yml` into `task` prompts, status text, or summaries. If a proxy is configured, tell the subagent exactly: "Proxy is configured; read `config/profile.yml` and pass its top-level `proxy:` object plus `headless: true`, `browserMode: \"stock\"`, `blockDetection: true`, and `blockedSitePolicy: \"manual-handoff\"` to every `geometra_connect` call and every Geometra auto-connect call that passes `pageUrl` or `url`." Do not transcribe `server`, `username`, `password`, or `bypass`, even if you just read them from disk.
+  why: a 2026-04-25 OpenCode trace showed raw proxy credentials copied into an apply subagent prompt; trace logs are local, but prompts must still avoid replicating secrets across subagent sessions. JobForge keeps Chromium headless by passing `headless: true`, uses Geometra MCP >=1.62.3's stock browser mode by default, and surfaces `blockedSite` metadata instead of trying to work around server-side blocks silently
 
 - [H9] If Geometra MCP disappears, becomes unresponsive, or returns a cascade of `Not connected` after a live form-fill, inspect `.jobforge-mcp/geometra-mcp.jsonl` before guessing. Report the last `launcher_start`, `child_spawn`, `heartbeat`, `signal_received`, `child_stderr`, and `child_exit` events plus the timestamp gap from the last heartbeat. If the last event is an old heartbeat with no `signal_received` / `child_exit`, treat it as likely host SIGKILL or external process death.
   why: OpenCode or the OS can kill the MCP server without stderr, crash logs, or core dumps. JobForge's MCP launcher writes durable lifecycle events outside MCP stdout, so silent disappearances still leave enough evidence to distinguish host kill, child crash, stderr failure, and wrapper health
@@ -65,7 +65,7 @@ AI-powered job search pipeline: scans portals, evaluates offers, generates CVs v
 1. Check `cv.md`, `profile.yml`, and `portals.yml`; onboard if any file is missing.
 2. Pick and name the mode from **Routing** [D6]. No match → ask; do not guess.
 3. Read the active mode file [D3]. Use local helpers when they can replace broad file reads, prose math, manual policy checks, or artifact reuse decisions [D8]. Decide inline vs delegated work [D1].
-4. Prepare Geometra dispatches: cleanup [H3], local-helper prefilters when useful [D8], dedupe [H2], location filter [D5], file-backed preflight plan/check [D8], routing [D2], proxy/headless/stealth prompt hygiene [H8], MCP lifecycle log awareness [H9].
+4. Prepare Geometra dispatches: cleanup [H3], local-helper prefilters when useful [D8], dedupe [H2], location filter [D5], file-backed preflight plan/check [D8], routing [D2], proxy/headless/browser-mode prompt hygiene [H8], MCP lifecycle log awareness [H9].
 5. Dispatch at most 2 tasks per round [H1]; wait for final outcomes, not just task ids [H5b], then settle the round with postflight status [D8].
 6. Keep multi-job form-filling out of the orchestrator [H4].
 7. Cross-check subagent facts against authoritative files [H7].

package/iso/mcp.json

@@ -4,8 +4,8 @@
       "command": "npx",
       "args": ["--no-install", "job-forge", "mcp:geometra"],
       "env": {
-        "GEOMETRA_STEALTH": "1",
-        "GEOMETRA_BROWSER": "stealth"
+        "GEOMETRA_STEALTH": "0",
+        "GEOMETRA_BROWSER": "stock"
       }
     },
     "gmail": {

package/modes/apply.md

@@ -42,8 +42,8 @@ Live application assistant. Reads the active application form in Chrome (via Geo
 - [D6] Use `fieldLabel` over `fieldId` everywhere it works.
   why: labels are stable across DOM refreshes; IDs are regenerated
 
-- [D7] If the orchestrator says a proxy is configured, read the top-level `proxy:` block from `config/profile.yml` and pass that object plus `headless: true` and `stealth: true` into every `geometra_connect` call — including Call 3 of the recovery sequence — and every Geometra auto-connect call that passes `pageUrl` or `url`. If the task prompt includes a legacy inline `proxy` object, pass it through and still set `headless: true` and `stealth: true`, but do not echo credentials in status text. If absent, run with `headless: true`, `stealth: true`, and no proxy; never invent a proxy URL.
-  why: class-B Ashby / Cloudflare-fronted portals need a residential outbound IP plus a stealth Chromium fingerprint, and Geometra opens visible Chromium unless `headless: true` is explicit. Geometra MCP v1.59.0 added proxy plumbing, and v1.61.3 added CloakBrowser stealth Chromium via `stealth: true`; the orchestrator owns the config pipe. See "BYO Residential Proxy" in modes/reference-portals.md.
+- [D7] If the orchestrator says a proxy is configured, read the top-level `proxy:` block from `config/profile.yml` and pass that object plus `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `blockedSitePolicy: "manual-handoff"` into every `geometra_connect` call — including Call 3 of the recovery sequence — and every Geometra auto-connect call that passes `pageUrl` or `url`. If the task prompt includes a legacy inline `proxy` object, pass it through and still set the same headless/browser/block-detection options, but do not echo credentials in status text. If absent, run with `headless: true`, `browserMode: "stock"`, `blockDetection: true`, `blockedSitePolicy: "manual-handoff"`, and no proxy; never invent a proxy URL.
+  why: Geometra MCP >=1.62.3 keeps stock Chromium as the default browser mode, preserves headless operation when `headless: true` is explicit, and returns structured `blockedSite` / `manualHandoff` metadata for challenge, CAPTCHA, access-denied, and unsupported-browser states. JobForge should surface those states instead of silently looping on blocked portals. See "BYO Proxy + Block Detection" in modes/reference-portals.md.
 
 - [D8] Upgrade application routing to `@general-paid` when the offer score is ≥ 4.0/5, the user flags "top-tier", "dream job", or "high-stakes", or the candidate is late-stage/post-screen.
   why: high-stakes applications need the quality-sensitive prompt and medium reasoning budget even though OpenCode now routes both application tiers through DeepSeek V4 Flash by default
@@ -53,7 +53,7 @@ Live application assistant. Reads the active application form in Chrome (via Geo
 
 ## Procedure
 
-1. `geometra_connect`: `headless: true`, `stealth: true`, `isolated: true` [D7].
+1. `geometra_connect`: `headless: true`, `browserMode: "stock"`, `isolated: true`, `blockDetection: true`, `blockedSitePolicy: "manual-handoff"` [D7].
 2. Run `geometra_page_model`; do not WebFetch the URL [D5].
 3. If Geometra is unavailable, ask for screenshot or pasted text [D2].
 4. Extract company + role; Grep `reports/` for a matching evaluation.
@@ -356,7 +356,9 @@ Call 3:  geometra_connect({
            isolated: true,
            headless: true,
            slowMo: 350,
-           stealth: true,
+           browserMode: "stock",
+           blockDetection: true,
+           blockedSitePolicy: "manual-handoff",
            proxy: <pass through from task prompt if present; omit otherwise>
          })
 Call 4:  geometra_run_actions({

package/modes/auto-pipeline.md

@@ -9,7 +9,7 @@ Fetch the JD content once. If the input is a **URL** (not pasted JD text), fetch
 **Pick exactly one method, in this priority order:**
 
 1. **Greenhouse JSON API (first try, if the URL is Greenhouse-backed):** If the pipeline.md entry carries `| gh={slug}/{id}` OR the URL host matches `*.greenhouse.io` / a known Greenhouse customer front-end (`*.pinterestcareers.com`, `okta.com/company/careers/opportunity/*`, `samsara.com/company/careers/roles/*`, `zoominfo.com/careers?gh_jid=*`, `collibra.com/.../?gh_jid=*`, `careers.toasttab.com/jobs?gh_jid=*`, `careers.airbnb.com/positions/*?gh_jid=*`, `coinbase.com/careers/positions/*?gh_jid=*`, `instacart.careers/job/?gh_jid=*`), extract `slug` and `id` and WebFetch `https://boards-api.greenhouse.io/v1/boards/{slug}/jobs/{id}`. 200 + JSON with `content` is the authoritative JD. 404 = genuinely closed (mark CLOSED and stop). **OpenCode WebFetch compatibility:** do not pass `format: "json"`; omit `format` or use `format: "text"` and parse the returned JSON text. **If 200, STOP — do not fall back to Geometra or WebFetch of the front-end.** The API is faster, cheaper (no Geometra session), and never returns a bot-shell.
-2. **Direct Geometra helper:** Most non-Greenhouse job portals (Lever, Ashby, Workday) are SPAs. Use `npx job-forge portal:snapshot --url "{url}" --json` to render and read the page model/snapshot. This helper enforces `headless: true`, `stealth: true`, and `isolated: true` in code, reads `config/profile.yml` proxy config, and closes Chromium before exit. **If this returns non-empty JD text, STOP — do not WebFetch the same URL.**
+2. **Direct Geometra helper:** Most non-Greenhouse job portals (Lever, Ashby, Workday) are SPAs. Use `npx job-forge portal:snapshot --url "{url}" --json` to render and read the page model/snapshot. This helper enforces `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `isolated: true` in code, reads `config/profile.yml` proxy config, returns `blockedSite` metadata when detected, and closes Chromium before exit. **If this returns non-empty JD text, STOP — do not WebFetch the same URL.**
 3. **WebFetch (only if Geometra is unavailable OR returned only a shell with no JD text):** For static pages (ZipRecruiter, WeLoveProduct, company career pages).
 4. **WebSearch (only if methods 1–3 all failed):** Search for the role title + company on secondary portals that index the JD in static HTML.
 

package/modes/pipeline.md

@@ -34,7 +34,7 @@ Processes accumulated job offer URLs from `data/pipeline.md`. The user adds URLs
 ## Detect JD From URL
 
 1. **Greenhouse JSON API (FIRST, when the entry has `| gh={slug}/{id}` OR the host looks Greenhouse-backed):** WebFetch `https://boards-api.greenhouse.io/v1/boards/{slug}/jobs/{id}`. 200 + JSON with `content` = LIVE, use it as the JD; 404 = genuinely CLOSED (mark `- [!]` and continue). **OpenCode WebFetch compatibility:** do not pass `format: "json"`; omit `format` or use `format: "text"` and parse the returned JSON text. Bot-hostile customer fronts (`pinterestcareers.com`, `okta.com`, `samsara.com`, `zoominfo.com`, `collibra.com`, `careers.toasttab.com`, `careers.airbnb.com`, `coinbase.com`, `instacart.careers`, `careers.toasttab.com`) MUST be verified via this API first — WebFetch/Geometra of those domains returns a shell or 403 and causes false CLOSED marks.
-2. **Direct Geometra helper:** `npx job-forge portal:snapshot --url "{url}" --json`. Works with non-Greenhouse SPAs (Lever, Ashby, Workday), enforces `headless: true`, `stealth: true`, and `isolated: true` in code, reads `config/profile.yml` proxy config, and closes Chromium before exit.
+2. **Direct Geometra helper:** `npx job-forge portal:snapshot --url "{url}" --json`. Works with non-Greenhouse SPAs (Lever, Ashby, Workday), enforces `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `isolated: true` in code, reads `config/profile.yml` proxy config, returns `blockedSite` metadata when detected, and closes Chromium before exit.
 3. **Geometra MCP (interactive fallback):** Use only when the one-shot helper is not enough and a live multi-step browser session is required.
 4. **WebFetch (fallback):** For static pages or when Geometra is not available.
 5. **WebSearch (last resort):** Search on secondary portals that index the JD.

package/modes/reference-geometra.md

@@ -40,7 +40,7 @@ These blocks come from two distinct root causes and require different responses:
 | Class | Root cause | Recoverable in-session? | Fix |
 |---|---|---|---|
 | **A. React-validation lag** | programmatic text input didn't fire composition events; React marks required fields internally missing even though values look correct | Yes | Refill with `imeFriendly: true` and resubmit once. |
-| **B. Environment fingerprint** | datacenter IP / VPN / headless Chromium signatures / browser-extension tells detected server-side | No (in headless) | Mark `Failed` with note "Ashby env-fingerprint"; recommend manual submit from user's own browser. |
+| **B. Server-side block** | portal rejects the session after inspecting network/browser/session signals | No (in headless) | Mark `Failed` with note "Ashby blocked session"; preserve `blockedSite` details when present and recommend manual submit from the user's own browser. |
 
 **How to tell them apart:** if you saw `invalidCount > 0` and the "required field" error BEFORE submit, class A is likely — retry with `imeFriendly: true`. If the form filled perfectly clean (`invalidCount: 0` on every step) and the spam flag fires only on submit, class B is likely — Ashby's "Learn more" dialog cites VPN/proxy, ad blockers, shared/public network, which `imeFriendly` cannot influence.
 
@@ -50,7 +50,7 @@ These blocks come from two distinct root causes and require different responses:
 
 **Rule — do NOT loop retrying a class B block.** One retry with `imeFriendly: true` is the correct test for class A. If the same spam message fires after a clean `imeFriendly` refill, stop, mark Failed, move on. Repeated retries waste subagent time and do not change the outcome.
 
-**Class B fix — BYO residential proxy + headless stealth Chromium.** When the candidate has configured `proxy:` in `config/profile.yml`, every `geometra_connect` call threads that proxy through to Chromium, which flips the outbound IP from datacenter to residential/mobile. JobForge also passes `headless: true` and `stealth: true` so Geometra MCP runs without opening a visible browser and Geometra MCP >=1.61.3 launches CloakBrowser's patched Chromium instead of stock Playwright Chromium. See the "BYO Residential Proxy" reference section below. Without a configured proxy, stealth still helps browser fingerprinting, but the outbound IP remains datacenter.
+**Class B response — structured block detection + manual handoff.** JobForge passes `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `blockedSitePolicy: "manual-handoff"` so Geometra MCP >=1.62.3 keeps browser windows hidden and returns structured `blockedSite` metadata when the portal serves a challenge, CAPTCHA, access-denied page, unsupported-browser screen, or similar block. If the same spam/block message fires after a clean `imeFriendly` retry, stop, record the failed outcome, and surface the `blockedSite` / `manualHandoff` detail to the orchestrator.
 
 **Known-block Ashby tenants (2026-04-19 empirical observations).** These tenants fired class B on every attempted submit from a headless datacenter-IP proxy. Orchestrators planning apply dispatches should assume these tenants will Fail in headless — prioritize other portals, or skip same-tenant siblings after a confirmed class B to avoid burning subagent slots:
 
@@ -60,7 +60,7 @@ These blocks come from two distinct root causes and require different responses:
 
 - Supabase, LangChain, Poolside, Runway Financial, Sentry, Cognition
 
-**Base rate for untested Ashby tenants (5/5 tested 2026-04-19 cycle 4 = class B).** The prior today is ~80-90% of untested Ashby tenants fingerprint-block headless submits. Orchestrators should treat any tenant not on the class-A-compatible list as likely class B — still dispatch to collect the data point, but don't burn multiple sibling-role slots on the same Ashby tenant.
+**Base rate for untested Ashby tenants (5/5 tested 2026-04-19 cycle 4 = class B).** Treat any tenant not on the class-A-compatible list as higher-risk for server-side submit blocks — still dispatch to collect the data point, but don't burn multiple sibling-role slots on the same Ashby tenant after one confirmed block.
 
 The pattern is tenant configuration, not role or company size. Lists drift as tenants tune their anti-bot — treat as probabilistic priors, not hard rules.
 
@@ -72,7 +72,7 @@ The pattern is tenant configuration, not role or company size. Lists drift as te
 
 **Avature multi-step wizards have a native-`<select>` validation lag (Bloomberg pattern).** Bloomberg's careers site redirects to `bloomberg.avature.net` with a 4-step wizard. On Step 2, native `<select>` elements ("Is Current Position? / No") accept the value but keep `invalid: true` persistently — neither Tab, re-submit, nor re-pick clears it. `imeFriendly` has no effect because the field is a native `<select>`, not React-controlled text. There is no documented recovery. Mark `Failed` with reason "Avature native-select validation lag"; account creation up to that point is preserved for any future manual path. Confirmed on Bloomberg Sr SWE Auth #828, 2026-04-19.
 
-**Cloudflare / ATS-vendor blocks on Dropbox-class portals.** Dropbox's real apply flow lives behind `happydance.website` (ATS vendor), which Cloudflare-fingerprints headless Chromium + datacenter IPs and returns "Sorry, you have been blocked". `job-boards.greenhouse.io/dropbox` does not mirror — there is no public Greenhouse fallback. Symptom-wise indistinguishable from Ashby class B but at a different layer. Mark `Failed` with reason "ATS vendor Cloudflare block (happydance.website or equivalent)". Confirmed on Dropbox Sr FS Product #831, 2026-04-19.
+**Cloudflare / ATS-vendor blocks on Dropbox-class portals.** Dropbox's real apply flow lives behind `happydance.website` (ATS vendor), which can return "Sorry, you have been blocked" before the form renders. `job-boards.greenhouse.io/dropbox` does not mirror — there is no public Greenhouse fallback. Symptom-wise indistinguishable from Ashby class B but at a different layer. Mark `Failed` with reason "ATS vendor Cloudflare block (happydance.website or equivalent)" and preserve `blockedSite` details when present. Confirmed on Dropbox Sr FS Product #831, 2026-04-19.
 
 **Greenhouse OTP-on-fill variant (Instacart pattern).** Most Greenhouse OTP flows fire on Submit. A minority (Instacart Staff FoodStorm #827, 2026-04-19) fire the 8-cell security-code gate mid-fill, BEFORE the user clicks Submit. Detection: watch for an 8-cell OTP input surfacing after resume upload or the first listbox commit. Fetch from Gmail (`from:greenhouse newer_than:10m`) immediately when it appears — do not wait for Submit.
 
@@ -80,7 +80,7 @@ The pattern is tenant configuration, not role or company size. Lists drift as te
 
 **Breezy portal — tenant-dependent, native `<select>`, resume-auto-parse is primary.** A subset of companies (Avantos AI, Courted, Instinct Science confirmed 2026-04-19) host applications on `*.breezy.hr` or `applytojob.com`. Empirical rules:
 
-- **Class is per-tenant, not uniform.** Avantos (Failed 2026-04-19 #854) returned Breezy's own "It looks like maybe you've already applied to this job?" banner from IP fingerprinting, even on a first submit — distinct failure mode from Ashby's "flagged as possible spam". Courted (Applied 2026-04-19 #855) went through cleanly on the same session. Don't pre-skip Breezy; the outcome is tenant-specific.
+- **Class is per-tenant, not uniform.** Avantos (Failed 2026-04-19 #854) returned Breezy's own "It looks like maybe you've already applied to this job?" banner on a first submit — distinct failure mode from Ashby's "flagged as possible spam". Courted (Applied 2026-04-19 #855) went through cleanly on the same session. Don't pre-skip Breezy; the outcome is tenant-specific.
 - **Native `<select>` elements, not React comboboxes.** `geometra_pick_listbox_option` sets the visible display but NOT the underlying form state — submit will fail with "A response is required" on every combobox. Use `geometra_select_option` with x,y + label value for every choice field on Breezy.
 - **Resume-auto-parse carries the signal.** After resume upload, Breezy auto-parses work history and education into structured rows. Do NOT Add/Delete position rows via Geometra — row mutations reshuffle fieldIds mid-flow, sequential `fill_fields` calls land in wrong rows, and upstream pollution corrupts earlier positions. Trust the parsed resume and fill only Personal Details + salary.
 
@@ -138,12 +138,20 @@ When running multiple application forms in parallel, each `geometra_connect` MUS
 
 **Correct parallel pattern:**
 ```javascript
-geometra_connect({ pageUrl: "https://...", isolated: true, headless: true, slowMo: 350, stealth: true })
+geometra_connect({
+  pageUrl: "https://...",
+  isolated: true,
+  headless: true,
+  slowMo: 350,
+  browserMode: "stock",
+  blockDetection: true,
+  blockedSitePolicy: "manual-handoff"
+})
 ```
 
 **Wrong:** running `geometra_connect` without `isolated: true` when submitting multiple forms concurrently. The forms may share state and produce incorrect submissions.
 
-**With a configured proxy,** add `proxy: { server, username?, password?, bypass? }` to the same call — see "BYO Residential Proxy" below. The reusable-proxy pool is partitioned by proxy identity, so mixing direct and proxied sessions across parallel rounds is safe. Keep `headless: true` and `stealth: true` either way so JobForge uses Geometra's CloakBrowser Chromium path for portal sessions without opening visible windows.
+**With a configured proxy,** add `proxy: { server, username?, password?, bypass? }` to the same call — see "BYO Proxy + Block Detection" below. The reusable-proxy pool is partitioned by proxy identity, so mixing direct and proxied sessions across parallel rounds is safe. Keep `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `blockedSitePolicy: "manual-handoff"` either way so JobForge keeps browser windows hidden and surfaces structured blocked-site states.
 
 ### Session Reuse — When Subagents Cannot Reach Existing Sessions
 
@@ -187,7 +195,7 @@ Every subagent that uses Geometra must run these THREE tool calls as its FIRST t
 ```
 Step 1:  geometra_list_sessions()
 Step 2:  geometra_disconnect({ closeBrowser: true })
-Step 3:  geometra_connect({ pageUrl: "<the URL the orchestrator gave you>", isolated: true, headless: true, slowMo: 350, stealth: true })
+Step 3:  geometra_connect({ pageUrl: "<the URL the orchestrator gave you>", isolated: true, headless: true, slowMo: 350, browserMode: "stock", blockDetection: true, blockedSitePolicy: "manual-handoff" })
 ```
 
 **If the orchestrator says proxy is configured,** read the top-level
@@ -195,12 +203,13 @@ Step 3:  geometra_connect({ pageUrl: "<the URL the orchestrator gave you>", isol
 
 ```
 Step 3:  geometra_connect({
-           pageUrl: "<URL>", isolated: true, headless: true, slowMo: 350, stealth: true,
+           pageUrl: "<URL>", isolated: true, headless: true, slowMo: 350,
+           browserMode: "stock", blockDetection: true, blockedSitePolicy: "manual-handoff",
            proxy: { server: "...", username: "...", password: "...", bypass: "..." }
          })
 ```
 
-Pass the proxy object through unchanged. Do NOT paraphrase or drop fields — `username`/`password`/`bypass` are optional, so only include what exists in `config/profile.yml`. Do not echo proxy credentials in status text. See the "BYO Residential Proxy" reference section for the why.
+Pass the proxy object through unchanged. Do NOT paraphrase or drop fields — `username`/`password`/`bypass` are optional, so only include what exists in `config/profile.yml`. Do not echo proxy credentials in status text. See the "BYO Proxy + Block Detection" reference section for the why.
 
 **DO NOT** skip Step 1 or Step 2. **DO NOT** think about whether it's needed. **DO NOT** look at `geometra_list_sessions` output and reason about it — just always call `geometra_disconnect({ closeBrowser: true })` next. The disconnect is a no-op if the pool is empty, and a poison-cure if it isn't.
 

package/modes/reference-portals.md

@@ -49,13 +49,13 @@ When a form says "enter the code we sent to your email", you MUST retrieve the c
 
 ---
 
-## BYO Residential Proxy + Stealth Chromium
+## BYO Proxy + Block Detection
 
-**Problem:** on 2026-04-19 cycle 4, 5/5 untested Ashby tenants and 100% of Dropbox-class Cloudflare-fronted portals fingerprint-blocked headless Chromium from datacenter IPs. `imeFriendly: true` fixes class A (React validation lag) but has zero effect on class B (environment fingerprint). There is no in-session software-only fix for class B: the server decided the session is a bot before the form response was rendered.
+**Problem:** Some portals return CAPTCHA, challenge, access-denied, unsupported-browser, rate-limit, or similar blocked states before a form can be read or submitted. `imeFriendly: true` fixes React validation lag, but it cannot change a server-side portal decision.
 
-**Fix:** route the spawned Chromium through a residential or mobile proxy the candidate already pays for, and launch Geometra's headless CloakBrowser stealth Chromium with `headless: true` and `stealth: true`. Geometra MCP v1.59.0 added a `proxy: { server, username?, password?, bypass? }` parameter on `geometra_connect` and `geometra_prepare_browser`; v1.61.3 added `stealth: true` for CloakBrowser. The outbound IP becomes residential/mobile, the browser fingerprint moves off stock Playwright Chromium, and the class-B checks have fewer signals to trip.
+**Default response:** JobForge keeps the browser hidden and predictable: pass `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `blockedSitePolicy: "manual-handoff"` on Geometra connects. Geometra MCP >=1.62.3 returns structured `blockedSite` and `manualHandoff` metadata so the orchestrator can record the block, stop retries, and ask for a manual path when needed.
 
-**Proxy is opt-in; headless and stealth are default.** JobForge does NOT bundle or resell proxy bandwidth — the candidate brings their own provider (Bright Data, Oxylabs, SOAX, Smartproxy, mobile hotspot, self-hosted SOCKS). Without a configured proxy, JobForge still passes `headless: true` and `stealth: true`, but the outbound IP remains the machine or hosting environment running Chromium.
+**Proxy is opt-in.** JobForge does NOT bundle or resell proxy bandwidth. If the candidate has their own proxy for legitimate network routing, JobForge can pass the top-level `proxy:` object through to Geometra without printing credentials. Without a configured proxy, JobForge omits the proxy parameter.
 
 ### Where the proxy config lives
 
@@ -76,33 +76,33 @@ See `config/profile.example.yml` for the commented-out template.
 **Orchestrator responsibilities:**
 
 1. On session start, read `config/profile.yml` once. If a `proxy:` block is present, remember that a proxy is configured, but do not paste username/password values into task prompts or user-visible status.
-2. When dispatching any subagent whose work involves a `geometra_connect` call or a Geometra auto-connect call with `pageUrl` / `url`, tell it to read `config/profile.yml` and pass the top-level `proxy:` block plus `headless: true` and `stealth: true` to every connect. Example dispatch prompt line: "Proxy is configured; read `config/profile.yml` and pass its top-level `proxy:` object plus `headless: true` and `stealth: true` to every Geometra connect or auto-connect call."
-3. When the orchestrator itself opens a Chromium session (single-application interactive flow), include the same `proxy` object from `config/profile.yml`, `headless: true`, and `stealth: true` in its own `geometra_connect` call.
+2. When dispatching any subagent whose work involves a `geometra_connect` call or a Geometra auto-connect call with `pageUrl` / `url`, tell it to read `config/profile.yml` and pass the top-level `proxy:` block plus `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `blockedSitePolicy: "manual-handoff"` to every connect. Example dispatch prompt line: "Proxy is configured; read `config/profile.yml` and pass its top-level `proxy:` object plus `headless: true`, `browserMode: \"stock\"`, `blockDetection: true`, and `blockedSitePolicy: \"manual-handoff\"` to every Geometra connect or auto-connect call."
+3. When the orchestrator itself opens a Chromium session (single-application interactive flow), include the same `proxy` object from `config/profile.yml`, `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `blockedSitePolicy: "manual-handoff"` in its own `geometra_connect` call.
 4. If `proxy:` is absent from `profile.yml`, skip the param entirely. Do NOT invent a proxy URL or leave a stale placeholder.
 
 **Subagent responsibilities:**
 
-1. If the task prompt says proxy is configured, read `config/profile.yml` and pass the top-level `proxy:` object plus `headless: true` and `stealth: true` through to `geometra_connect`, any Geometra auto-connect call with `pageUrl` / `url`, and any `geometra_prepare_browser` calls unchanged.
-2. If the task prompt includes a legacy inline `proxy` object, pass it through unchanged and still set `headless: true` and `stealth: true`, but never print the credentials back in status text.
-3. If the task prompt does NOT mention a proxy and `config/profile.yml` has no `proxy:` block, run with `headless: true`, `stealth: true`, and no proxy.
+1. If the task prompt says proxy is configured, read `config/profile.yml` and pass the top-level `proxy:` object plus `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `blockedSitePolicy: "manual-handoff"` through to `geometra_connect` and any Geometra auto-connect call with `pageUrl` / `url`. For `geometra_prepare_browser`, pass only the supported launch fields: `proxy`, `headless: true`, and `browserMode: "stock"`.
+2. If the task prompt includes a legacy inline `proxy` object, pass it through unchanged and still set the same headless/browser/block-detection options, but never print the credentials back in status text.
+3. If the task prompt does NOT mention a proxy and `config/profile.yml` has no `proxy:` block, run with `headless: true`, `browserMode: "stock"`, `blockDetection: true`, `blockedSitePolicy: "manual-handoff"`, and no proxy.
 4. Never second-guess the proxy field — if it comes from `profile.yml`, it's authoritative.
 
-### When proxy use is load-bearing
+### When blocked-site metadata is load-bearing
 
-Apply these rules when deciding whether the proxy is worth waiting for:
+Apply these rules when deciding whether to stop automation and hand off:
 
-- **Required** for known-block Ashby tenants (see the class-B list in the Ashby section above), for `happydance.website` / Cloudflare-fronted ATSes, and for any Lever tenant that previously failed in the class-B pattern.
-- **Recommended** for any Ashby tenant NOT on the class-A-compatible list (base rate prior: ~80-90% block headless).
-- **Optional** for Greenhouse, Workday, Lever-clean tenants — these accept datacenter IPs today; using the proxy adds ~100ms per frame but no material downside.
-- **Not useful** for Typeform (Geometra-unsupported), Avature native-select lag (not a fingerprint issue), JazzHR+reCAPTCHA (reCAPTCHA scores unrelated to IP), Breezy (tenant-configured per-IP throttle — proxy may help or may hit a fresh throttle).
+- **Stop immediately** when Geometra returns `blockedSite.detected: true` with `blockedSitePolicy: "manual-handoff"` and the page is a CAPTCHA, Cloudflare challenge, access-denied page, unsupported-browser page, or rate-limit notice.
+- **Retry once only** for Ashby text-field rejection when `invalidCount` suggested React validation lag; the retry must use `imeFriendly: true`. If the same spam/block message repeats after clean fills, stop.
+- **Do not spend time on Geometra-unsupported portals** such as Typeform or known native-select validation dead ends such as Avature. Mark Failed with the specific reason.
+- **Use a configured proxy only when it is already present in `profile.yml`.** Never invent a proxy, ask subagents to paste credentials, or print the configured values.
 
 ### Pool partitioning — why mixed runs are safe
 
-The Geometra MCP partitions its reusable-proxy pool by proxy identity and browser flavor — proxy partitioning landed in `@geometra/mcp@1.59.0`, and stealth partitioning is available in `@geometra/mcp@1.61.3`. A direct session and a proxied session NEVER share a Chromium instance, and stock and stealth sessions do not pool together. Practical consequence: flipping `proxy:` on or off in `profile.yml` mid-session is safe — the next `geometra_connect` just opens a fresh Chromium in its own pool partition.
+The Geometra MCP partitions its reusable-proxy pool by proxy identity and browser mode. A direct session and a proxied session NEVER share a Chromium instance, and stock and explicitly requested alternate browser modes do not pool together. Practical consequence: flipping `proxy:` on or off in `profile.yml` mid-session is safe — the next `geometra_connect` just opens a fresh Chromium in its own pool partition.
 
 ### Direct helper for one-shot reads
 
-Use `npx job-forge portal:snapshot --url "{url}" --json` or `npx job-forge portal:form-schema --url "{url}" --json` when you only need a rendered page model, compact snapshot, or form schema. These commands import Geometra's session module directly instead of going through MCP, enforce `headless: true`, `stealth: true`, and `isolated: true`, pass the `config/profile.yml` proxy block if configured, and close Chromium before exit. Keep MCP for interactive multi-step browser automation where a live `sessionId` must be driven across actions.
+Use `npx job-forge portal:snapshot --url "{url}" --json` or `npx job-forge portal:form-schema --url "{url}" --json` when you only need a rendered page model, compact snapshot, form schema, or `blockedSite` metadata from one URL. These commands import Geometra's session module directly instead of going through MCP, enforce `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `isolated: true`, pass the `config/profile.yml` proxy block if configured, and close Chromium before exit. Keep MCP for interactive multi-step browser automation where a live `sessionId` must be driven across actions.
 
 ### Troubleshooting
 
@@ -110,8 +110,9 @@ Use `npx job-forge portal:snapshot --url "{url}" --json` or `npx job-forge porta
 |---|---|
 | `Error: Failed to connect to proxy` immediately after `geometra_connect` | Proxy URL is wrong / unreachable. Verify the `server:` field hits the right host:port. |
 | `407 Proxy Authentication Required` | `username` or `password` is wrong or missing. Many residential providers require both. |
-| Class-B submit failure persists even with proxy set | (a) proxy is a datacenter proxy, not residential; (b) same tenant IP-banned your specific proxy's IP pool; (c) tenant uses TLS fingerprint / canvas fingerprint, not IP — switch to a fresh Chromium (isolated: true) and retry once, else mark Failed. |
-| Every `geometra_connect` is 3-5s slower than before | Expected — residential proxies add latency. Trade-off for higher submit-success rate. Do NOT revert unless the acceptance-rate lift is < 5%. |
+| `blockedSite.detected: true` on connect or page model | Stop automation for that URL, preserve the `blockedSite` payload, and route to manual handoff or mark Failed with the specific block type. |
+| Proxy is configured but pages fail immediately | Proxy URL/auth may be wrong, or the target site may reject the route. Verify the `server:` field locally; do not paste credentials into prompts. |
+| Every `geometra_connect` is 3-5s slower than before | Expected when a configured proxy adds network latency. Remove or adjust `proxy:` in `profile.yml` only if the candidate no longer wants that routing. |
 
 ---
 

package/modes/scan.md

@@ -25,7 +25,7 @@ Read `portals.yml` which contains:
 
 ### Use Level 1 — Direct Geometra (PRIMARY)
 
-**For each company in `tracked_companies`:** Connect to its `careers_url` with Geometra MCP (`geometra_connect({ ..., headless: true, stealth: true })` + `geometra_page_model` / `geometra_list_items`), read ALL visible job listings, and extract the title + URL of each one. Direct Geometra is the most reliable method because:
+**For each company in `tracked_companies`:** Connect to its `careers_url` with Geometra MCP (`geometra_connect({ ..., headless: true, browserMode: "stock", blockDetection: true, blockedSitePolicy: "manual-handoff" })` + `geometra_page_model` / `geometra_list_items`), read ALL visible job listings, and extract the title + URL of each one. Direct Geometra is the most reliable method because:
 
 - It sees the page in real time (not cached Google results).
 - It works with SPAs (Ashby, Lever, Workday).
@@ -138,7 +138,7 @@ The levels are additive — all are executed, results are merged and deduplicate
 
 4. **Level 1 — Geometra scan** (sequential, or ≤2 parallel via `task` subagents per Hard Limit #1 in `AGENTS.md`):
    For each company in `tracked_companies` with `enabled: true` and `careers_url` defined:
-   a. `geometra_connect` to the `careers_url` with `headless: true` and `stealth: true`
+   a. `geometra_connect` to the `careers_url` with `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `blockedSitePolicy: "manual-handoff"`
    b. `geometra_page_model` or `geometra_list_items` to read all job listings
    c. If the page has filters/departments, navigate the relevant sections
    d. For each job listing extract: `{title, url, company}`
@@ -317,7 +317,7 @@ Each company in `tracked_companies` MUST have a `careers_url` — the direct URL
 **If `careers_url` doesn't exist** for a company:
 1. Try the pattern for its known platform
 2. If that fails, do a quick WebSearch: `"{company}" careers jobs`
-3. Navigate with Geometra (`geometra_connect` with `headless: true` and `stealth: true`) to confirm it works
+3. Navigate with Geometra (`geometra_connect` with `headless: true`, `browserMode: "stock"`, `blockDetection: true`, and `blockedSitePolicy: "manual-handoff"`) to confirm it works
 4. **Save the found URL in portals.yml** for future scans
 
 **If `careers_url` returns 404 or redirect:**

package/opencode.json

@@ -22,8 +22,8 @@
         "mcp:geometra"
       ],
       "environment": {
-        "GEOMETRA_STEALTH": "1",
-        "GEOMETRA_BROWSER": "stealth"
+        "GEOMETRA_STEALTH": "0",
+        "GEOMETRA_BROWSER": "stock"
       }
     },
     "gmail": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "job-forge",
-  "version": "2.14.44",
+  "version": "2.14.46",
   "description": "AI-powered job search pipeline built on opencode",
   "type": "module",
   "bin": {
@@ -199,7 +199,7 @@
     "@agent-pattern-labs/iso-score": "^0.1.1",
     "@agent-pattern-labs/iso-timeline": "^0.1.1",
     "@agent-pattern-labs/iso-trace": "^0.5.1",
-    "@geometra/mcp": "1.62.1",
+    "@geometra/mcp": "1.62.3",
     "playwright": "^1.58.1"
   },
   "devDependencies": {

package/scripts/check-iso-smoke.mjs

@@ -21,14 +21,14 @@ const checks = [
   ["H5 blocks same-company concurrent retry", () => every(files.instructions, ["Re-dispatch the same company only AFTER", "previous subagent returns"])],
   ["H6 requires merge and verify", () => every(files.instructions, ["batch/tracker-additions/*.tsv", "npx job-forge merge", "npx job-forge verify"])],
   ["H7 distrusts subagent prose", () => every(files.instructions, ["must originate from a file", "not from prior subagent prose"])],
-  ["H8 keeps proxy secret and requires headless stealth", () => every(files.instructions, ["[H8]", "Do not transcribe `server`, `username`, `password`, or `bypass`", "`headless: true`", "`stealth: true`"])],
+  ["H8 keeps proxy secret and requires stock headless block detection", () => every(files.instructions, ["[H8]", "Do not transcribe `server`, `username`, `password`, or `bypass`", "`headless: true`", "`browserMode: \\\"stock\\\"`", "`blockDetection: true`", "`blockedSitePolicy: \\\"manual-handoff\\\"`"])],
   ["H9 points to Geometra MCP lifecycle logs", () => every(files.instructions, ["[H9]", ".jobforge-mcp/geometra-mcp.jsonl", "launcher_start", "heartbeat", "child_exit"])],
   ["OpenCode addendum exists for task semantics", () => every(files.instructionsOpencode, ["OpenCode", "`task`", "launch acknowledgement", "Do not use `task` to poll status"])],
   ["root points to consolidated helper reference", () => every(files.instructions, ["[D8]", "modes/reference-local-helpers.md", "deterministic local helpers"])],
   ["helper reference covers score/timeline/prioritize/lineage", () => every(files.helpers, ["templates/score.json", "npx job-forge score:*", "templates/timeline.json", "npx job-forge timeline:*", "templates/prioritize.json", "npx job-forge prioritize:*", ".jobforge-lineage.json", "npx job-forge lineage:*"])],
   ["root helper defaults are consolidated", () => !/\[D(?:9|1\d|2[0-9])\]/.test(files.instructions)],
   ["shared prompt points to on-demand references", () => every(files.instructions, ["modes/{mode}.md", "modes/reference-setup.md", "modes/reference-portals.md", "modes/reference-geometra.md"])],
-  ["apply mode requires headless stealth Geometra", () => every(files.apply, ["`headless: true`", "`stealth: true`", "`isolated: true`", "every Geometra auto-connect call"])],
+  ["apply mode requires stock headless Geometra with block detection", () => every(files.apply, ["`headless: true`", "`browserMode: \"stock\"`", "`isolated: true`", "`blockDetection: true`", "`blockedSitePolicy: \"manual-handoff\"`", "every Geometra auto-connect call"])],
   ["apply mode uses host-safe run_actions continuations", () => every(files.apply, ["softTimeoutMs: 45000", "resumeFromIndex", "pauseReason: \"soft-timeout\"", "This is a continuation, not a retry"])],
   ["apply mode owns high-stakes upgrade", () => every(files.apply, ["[D8]", "@general-paid", "4.0/5", "high-stakes"])],
   ["apply mode blocks provider auto-downgrade", () => every(files.apply, ["[D9]", "do not auto-downgrade", "inspect telemetry before retrying"])],

package/scripts/portal.mjs

@@ -21,7 +21,8 @@ Usage:
 Defaults are enforced in code for every browser launch:
   isolated: true
   headless: true
-  stealth: true
+  browserMode: stock
+  blockDetection: true
   slowMo: 350
 
 The helper imports Geometra's session module directly. It does not call the
@@ -66,6 +67,7 @@ async function snapshot(opts) {
     const pageModel = geometra.buildPageModel(root, {
       maxPrimaryActions: opts.maxPrimaryActions,
       maxSectionsPerKind: opts.maxSectionsPerKind,
+      blockDetection: true,
     });
     const compact = geometra.buildCompactUiIndex(root, {
       maxNodes: opts.maxNodes,
@@ -76,6 +78,7 @@ async function snapshot(opts) {
       url: opts.url,
       session: connectionSummary(session, proxy),
       defaults: launchDefaults(opts, proxy),
+      blockedSite: pageModel.blockedSite ?? { detected: false },
       pageModel,
       compact,
       ...(opts.forms ? { forms: geometra.buildFormSchemas(root, formOptions(opts)) } : {}),
@@ -83,8 +86,9 @@ async function snapshot(opts) {
     output(result, opts, () => {
       console.log(`url: ${opts.url}`);
       console.log(`session: ${session.id}`);
-      console.log(`defaults: isolated=true headless=true stealth=true slowMo=${opts.slowMo}`);
+      console.log(`defaults: ${formatDefaults(opts, proxy)}`);
       if (proxy) console.log(`proxy: ${redactProxy(proxy)}`);
+      printBlockedSite(pageModel);
       console.log(geometra.summarizePageModel(pageModel, 12));
       console.log(geometra.summarizeCompactIndex(compact.nodes, 24));
       if (opts.forms) {
@@ -104,18 +108,25 @@ async function formSchema(opts) {
 
   try {
     const root = buildRoot(geometra, session);
+    const pageModel = geometra.buildPageModel(root, {
+      maxPrimaryActions: opts.maxPrimaryActions,
+      maxSectionsPerKind: opts.maxSectionsPerKind,
+      blockDetection: true,
+    });
     const forms = geometra.buildFormSchemas(root, formOptions(opts));
     const result = {
       url: opts.url,
       session: connectionSummary(session, proxy),
       defaults: launchDefaults(opts, proxy),
+      blockedSite: pageModel.blockedSite ?? { detected: false },
       forms,
     };
     output(result, opts, () => {
       console.log(`url: ${opts.url}`);
       console.log(`session: ${session.id}`);
-      console.log(`defaults: isolated=true headless=true stealth=true slowMo=${opts.slowMo}`);
+      console.log(`defaults: ${formatDefaults(opts, proxy)}`);
       if (proxy) console.log(`proxy: ${redactProxy(proxy)}`);
+      printBlockedSite(pageModel);
       for (const form of forms) {
         const name = form.name ? ` "${form.name}"` : '';
         console.log(`${form.formId}${name}: ${form.fieldCount} fields, ${form.requiredCount} required, ${form.invalidCount} invalid`);
@@ -144,7 +155,7 @@ async function explain(opts) {
   output(result, opts, () => {
     console.log(`project: ${PROJECT_DIR}`);
     console.log(`module: ${moduleTarget.source} ${moduleTarget.path}`);
-    console.log(`defaults: isolated=true headless=true stealth=true slowMo=${opts.slowMo}`);
+    console.log(`defaults: ${formatDefaults(opts, proxy)}`);
     console.log(`profile proxy: ${proxy ? redactProxy(proxy) : 'none'}`);
   });
 }
@@ -154,7 +165,7 @@ async function connect(geometra, opts, proxy) {
     pageUrl: opts.url,
     isolated: true,
     headless: true,
-    stealth: true,
+    stealth: false,
     slowMo: opts.slowMo,
     width: opts.width,
     height: opts.height,
@@ -318,7 +329,8 @@ function launchDefaults(opts, proxy) {
   return {
     isolated: true,
     headless: true,
-    stealth: true,
+    browserMode: 'stock',
+    blockDetection: true,
     slowMo: opts.slowMo,
     width: opts.width,
     height: opts.height,
@@ -326,6 +338,24 @@ function launchDefaults(opts, proxy) {
   };
 }
 
+function formatDefaults(opts, proxy) {
+  const defaults = launchDefaults(opts, proxy);
+  return [
+    `isolated=${defaults.isolated}`,
+    `headless=${defaults.headless}`,
+    `browserMode=${defaults.browserMode}`,
+    `blockDetection=${defaults.blockDetection}`,
+    `slowMo=${defaults.slowMo}`,
+  ].join(' ');
+}
+
+function printBlockedSite(pageModel) {
+  if (!pageModel.blockedSite?.detected) return;
+  const type = pageModel.blockedSite.type ?? 'unknown';
+  const hint = pageModel.blockedSite.hint ? ` - ${pageModel.blockedSite.hint}` : '';
+  console.log(`blocked: ${type}${hint}`);
+}
+
 function connectionSummary(session, proxy) {
   return {
     id: session.id,