libretto 0.6.13 → 0.6.15

package/src/cli/commands/auth.ts

@@ -1,15 +1,16 @@
 /**
- * Experimental auth commands for the libretto hosted platform.
+ * Hosted-platform auth commands.
  *
- *   libretto experimental auth signup
- *   libretto experimental auth login
- *   libretto experimental auth logout
- *   libretto experimental auth invite <email> [--role member|admin|owner]
- *   libretto experimental auth accept-invite <tenantSlug> <invitationId>
- *   libretto experimental auth api-key issue [--label <label>]
- *   libretto experimental auth api-key list
- *   libretto experimental auth api-key revoke <id>
- *   libretto experimental auth whoami
+ *   libretto cloud auth signup
+ *   libretto cloud auth login
+ *   libretto cloud auth forgot-password
+ *   libretto cloud auth logout
+ *   libretto cloud auth invite <email> [--role member|admin|owner]
+ *   libretto cloud auth accept-invite <tenantSlug> <invitationId>
+ *   libretto cloud auth api-key issue [--label <label>]
+ *   libretto cloud auth api-key list
+ *   libretto cloud auth api-key revoke <id>
+ *   libretto cloud auth whoami
  *
  * Credentials live at ~/.libretto/auth.json (mode 0600). The CLI sends either
  * the stored API key or the stored session cookie depending on what's
@@ -17,15 +18,15 @@
  */
 
 import { z } from "zod";
-import { SimpleCLI } from "../framework/simple-cli.js";
+import { SimpleCLI } from "affordance";
 import {
   ApiCallError,
   betterAuthCall,
-  HOSTED_API_URL,
   NOT_AUTHENTICATED_MESSAGE,
   orpcCall,
   pickCredential,
   resolveApiUrl,
+  resolveHostedApiUrl,
 } from "../core/auth-fetch.js";
 import {
   authStatePath,
@@ -198,11 +199,10 @@ async function issueApiKey(
 
 export const signupCommand = SimpleCLI.command({
   description: "Create a new hosted-platform account and organization",
-  experimental: true,
 })
   .input(SimpleCLI.input({ positionals: [], named: {} }))
   .handle(async () => {
-    const apiUrl = HOSTED_API_URL;
+    const apiUrl = resolveHostedApiUrl();
     console.log("Sign up for libretto cloud");
     console.log();
     console.log("Heads up: a libretto user can only belong to one organization.");
@@ -215,7 +215,7 @@ export const signupCommand = SimpleCLI.command({
     const name = await prompt("Your name:");
     if (name.toLowerCase() === "q" || name.length === 0) {
       console.log(
-        "OK — ask an existing teammate to run `libretto experimental auth invite <your-email>` and then run `libretto experimental auth accept-invite <slug> <invitation-id>` from this machine.",
+        "OK — ask an existing teammate to run `libretto cloud auth invite <your-email>` and then run `libretto cloud auth accept-invite <slug> <invitation-id>` from this machine.",
       );
       return;
     }
@@ -294,7 +294,7 @@ export const signupCommand = SimpleCLI.command({
     console.log(`Session saved to ${authStatePath()}`);
     console.log();
     console.log("To generate an API key, run:");
-    console.log("  libretto experimental auth api-key issue --label <label>");
+    console.log("  libretto cloud auth api-key issue --label <label>");
     console.log("Then add LIBRETTO_API_KEY=<key> to your project's .env file.");
   });
 
@@ -304,11 +304,10 @@ export const signupCommand = SimpleCLI.command({
 
 export const loginCommand = SimpleCLI.command({
   description: "Sign in to an existing hosted-platform account",
-  experimental: true,
 })
   .input(SimpleCLI.input({ positionals: [], named: {} }))
   .handle(async () => {
-    const apiUrl = HOSTED_API_URL;
+    const apiUrl = resolveHostedApiUrl();
 
     const email = await prompt("Email:");
     const password = await promptPassword("Password:");
@@ -369,13 +368,32 @@ export const loginCommand = SimpleCLI.command({
     }
   });
 
+export const forgotPasswordCommand = SimpleCLI.command({
+  description: "Send a password reset email",
+})
+  .input(SimpleCLI.input({ positionals: [], named: {} }))
+  .handle(async () => {
+    const apiUrl = resolveHostedApiUrl();
+    const email = await prompt("Email:");
+    const result = await orpcCall<{ status: "sent" | "not_found" }>({
+      apiUrl,
+      path: "/v1/auth/requestPasswordReset",
+      input: { email },
+      unauthenticated: true,
+    });
+    if (result.status === "not_found") {
+      console.log(`No Libretto account exists for ${email}.`);
+      return;
+    }
+    console.log(`Password reset link sent to ${email}.`);
+  });
+
 // ---------------------------------------------------------------------------
 // logout
 // ---------------------------------------------------------------------------
 
 export const logoutCommand = SimpleCLI.command({
   description: "Clear local libretto credentials",
-  experimental: true,
 })
   .handle(async () => {
     const state = await readAuthState();
@@ -400,7 +418,6 @@ export const logoutCommand = SimpleCLI.command({
 
 export const inviteCommand = SimpleCLI.command({
   description: "Invite a teammate to your active organization",
-  experimental: true,
 })
   .input(
     SimpleCLI.input({
@@ -475,7 +492,7 @@ export const inviteCommand = SimpleCLI.command({
     console.log();
     console.log("Tell them to run:");
     console.log(
-      `  libretto experimental auth accept-invite ${orgSlug} ${data.id}`,
+      `  libretto cloud auth accept-invite ${orgSlug} ${data.id}`,
     );
   });
 
@@ -485,7 +502,6 @@ export const inviteCommand = SimpleCLI.command({
 
 export const acceptInviteCommand = SimpleCLI.command({
   description: "Accept an organization invitation",
-  experimental: true,
 })
   .input(
     SimpleCLI.input({
@@ -514,7 +530,7 @@ export const acceptInviteCommand = SimpleCLI.command({
   )
   .handle(async ({ input }) => {
     const stored = await readAuthState();
-    const apiUrl = HOSTED_API_URL;
+    const apiUrl = resolveHostedApiUrl();
     const credential = pickCredential(stored);
     const expectedTenantSlug = input.tenantSlug;
 
@@ -535,7 +551,7 @@ export const acceptInviteCommand = SimpleCLI.command({
           [
             "You're already a member of an organization.",
             "A libretto user can only belong to one organization at a time.",
-            "To accept this invite: log out, delete the existing account, and re-run `auth accept-invite` with a new account (or a fresh email).",
+            "To accept this invite: log out, delete the existing account, and re-run `libretto cloud auth accept-invite` with a new account (or a fresh email).",
           ].join("\n"),
         );
       }
@@ -611,7 +627,7 @@ export const acceptInviteCommand = SimpleCLI.command({
     console.log();
     console.log("Email verified. You're logged in and a member of the organization.");
     console.log("To generate an API key, run:");
-    console.log("  libretto experimental auth api-key issue --label <label>");
+    console.log("  libretto cloud auth api-key issue --label <label>");
     console.log("Then add LIBRETTO_API_KEY=<key> to your project's .env file.");
   });
 
@@ -621,7 +637,6 @@ export const acceptInviteCommand = SimpleCLI.command({
 
 export const apiKeyIssueCommand = SimpleCLI.command({
   description: "Issue a new API key for the active organization",
-  experimental: true,
 })
   .input(
     SimpleCLI.input({
@@ -658,7 +673,6 @@ export const apiKeyIssueCommand = SimpleCLI.command({
 
 export const apiKeyListCommand = SimpleCLI.command({
   description: "List API keys for the active organization",
-  experimental: true,
 })
   .handle(async () => {
     const stored = await readAuthState();
@@ -691,13 +705,12 @@ export const apiKeyListCommand = SimpleCLI.command({
 
 export const apiKeyRevokeCommand = SimpleCLI.command({
   description: "Revoke an API key by id",
-  experimental: true,
 })
   .input(
     SimpleCLI.input({
       positionals: [
         SimpleCLI.positional("id", z.string().min(1), {
-          help: "API key id (from `auth api-key list`).",
+          help: "API key id (from `libretto cloud auth api-key list`).",
         }),
       ],
       named: {},
@@ -720,7 +733,7 @@ export const apiKeyRevokeCommand = SimpleCLI.command({
 
     console.log(`API key ${input.id} revoked.`);
     console.log(
-      "If this key was in your .env, remove the LIBRETTO_API_KEY value and issue a new one with `auth api-key issue --label <label>`.",
+      "If this key was in your .env, remove the LIBRETTO_API_KEY value and issue a new one with `libretto cloud auth api-key issue --label <label>`.",
     );
   });
 
@@ -730,7 +743,6 @@ export const apiKeyRevokeCommand = SimpleCLI.command({
 
 export const whoamiCommand = SimpleCLI.command({
   description: "Print the active session and credential source",
-  experimental: true,
 })
   .handle(async () => {
     const stored = await readAuthState();
@@ -740,13 +752,13 @@ export const whoamiCommand = SimpleCLI.command({
 
     if (credential.source === "none") {
       console.log(
-        "Not authenticated. Run `libretto experimental auth signup`, `login`, or set LIBRETTO_API_KEY in your env.",
+        "Not authenticated. Run `libretto cloud auth signup`, `libretto cloud auth login`, or set LIBRETTO_API_KEY in your env.",
       );
       return;
     }
 
     console.log(`Auth source:      ${credential.source}`);
-    console.log(`API URL:          ${HOSTED_API_URL}`);
+    console.log(`API URL:          ${resolveHostedApiUrl()}`);
     console.log(
       `LIBRETTO_API_KEY: ${envKey ? `set in env (${envKey.slice(0, 6)}…)` : "not set in env"}`,
     );
@@ -771,6 +783,7 @@ export const authCommands = SimpleCLI.group({
   routes: {
     signup: signupCommand,
     login: loginCommand,
+    "forgot-password": forgotPasswordCommand,
     logout: logoutCommand,
     invite: inviteCommand,
     "accept-invite": acceptInviteCommand,

package/src/cli/commands/billing.ts

@@ -6,8 +6,8 @@
  * them switch between any of the configured Subscription Update
  * products (Free / Pro / Team).
  *
- *   libretto experimental billing portal   → Stripe Customer Portal
- *   libretto experimental billing status   → plan + usage + period end
+ *   libretto cloud billing portal   → Stripe Customer Portal
+ *   libretto cloud billing status   → plan + usage + period end
  *
  * `libretto init` is unchanged. New tenants start on Free automatically
  * (with a real Stripe Customer + Free Subscription created at signup).
@@ -15,7 +15,7 @@
  * Auth: requires a session cookie (or LIBRETTO_API_KEY).
  */
 
-import { SimpleCLI } from "../framework/simple-cli.js";
+import { SimpleCLI } from "affordance";
 import {
   NOT_AUTHENTICATED_MESSAGE,
   orpcCall,
@@ -71,7 +71,6 @@ function formatLimit(limit: number | null): string {
 
 export const billingPortalCommand = SimpleCLI.command({
   description: "Open the libretto plans page (current plan + switch options)",
-  experimental: true,
 })
   .handle(async () => {
     const { apiUrl, credential } = await requireAuth();
@@ -97,7 +96,6 @@ export const billingPortalCommand = SimpleCLI.command({
 
 export const billingStatusCommand = SimpleCLI.command({
   description: "Print the current plan, status, and browser-hour usage",
-  experimental: true,
 })
   .handle(async () => {
     const { apiUrl, credential } = await requireAuth();

package/src/cli/commands/browser.ts

@@ -20,7 +20,7 @@ import {
   validateSessionName,
 } from "../core/session.js";
 import { warnIfInstalledSkillOutOfDate } from "../core/skill-version.js";
-import { SimpleCLI } from "../framework/simple-cli.js";
+import { SimpleCLI } from "affordance";
 import {
   sessionOption,
   withAutoSession,
@@ -63,8 +63,8 @@ function resolveRequestedSessionMode(
 
 export const openInput = SimpleCLI.input({
   positionals: [
-    SimpleCLI.positional("url", z.string().optional(), {
-      help: "URL to open",
+    SimpleCLI.positional("url", z.string().default("about:blank"), {
+      help: "URL to open (defaults to about:blank)",
     }),
   ],
   named: {
@@ -92,10 +92,6 @@ export const openInput = SimpleCLI.input({
     }),
   },
 })
-  .refine(
-    (input) => Boolean(input.url),
-    `Usage: ${librettoCommand("open <url> [--headless] [--read-only|--write-access] [--auth-profile <domain>] [--viewport WxH] [--session <name>]")}`,
-  )
   .refine(
     (input) => !(input.headed && input.headless),
     "Cannot pass both --headed and --headless.",
@@ -119,7 +115,7 @@ export const openCommand = SimpleCLI.command({
     if (providerName === "local") {
       const headed = input.headed || !input.headless;
       const viewport = parseViewportArg(input.viewport);
-      await runOpen(input.url!, headed, ctx.session, ctx.logger, {
+      await runOpen(input.url, headed, ctx.session, ctx.logger, {
         viewport,
         accessMode: resolveRequestedSessionMode(
           input.readOnly,
@@ -130,7 +126,7 @@ export const openCommand = SimpleCLI.command({
       });
     } else {
       await runOpenWithProvider(
-        input.url!,
+        input.url,
         providerName,
         ctx.session,
         ctx.logger,

package/src/cli/commands/deploy.ts

@@ -1,8 +1,12 @@
 import { randomBytes } from "node:crypto";
 import { z } from "zod";
-import { HOSTED_API_URL } from "../core/auth-fetch.js";
+import {
+  orpcCall,
+  resolveApiUrl,
+} from "../core/auth-fetch.js";
 import { buildHostedDeployTarball } from "../core/deploy-artifact.js";
-import { SimpleCLI } from "../framework/simple-cli.js";
+import { readAuthState } from "../core/auth-storage.js";
+import { SimpleCLI } from "affordance";
 
 type DeploymentStatus = "building" | "ready" | "failed";
 
@@ -19,37 +23,50 @@ function generateDeploymentName(): string {
   return `deploy-${Date.now().toString(36)}-${randomBytes(4).toString("hex")}`;
 }
 
-function getConfig() {
-  const apiKey = process.env.LIBRETTO_API_KEY;
+function deployApiKeyRequiredMessage(hasStoredSession: boolean): string {
+  if (hasStoredSession) {
+    return [
+      "LIBRETTO_API_KEY is required to deploy to Libretto Cloud.",
+      "You are logged in locally, but deploy endpoints require API-key auth.",
+      "  • Generate a key: run `libretto cloud auth api-key issue --label <label>`.",
+      "  • Add it to your project .env file: `LIBRETTO_API_KEY=<issued-key>`.",
+    ].join("\n");
+  }
+
+  return [
+    "LIBRETTO_API_KEY is required to deploy to Libretto Cloud.",
+    "No local cloud session was found.",
+    "  • New account: run `libretto cloud auth signup`, then verify your email.",
+    "  • Existing account: run `libretto cloud auth login`.",
+    "  • Generate a key: run `libretto cloud auth api-key issue --label <label>`.",
+    "  • Add it to your project .env file: `LIBRETTO_API_KEY=<issued-key>`.",
+  ].join("\n");
+}
+
+async function requireDeployApiKey() {
+  const apiKey = process.env.LIBRETTO_API_KEY?.trim();
 
   if (!apiKey) {
-    throw new Error(
-      "LIBRETTO_API_KEY environment variable is required.",
-    );
+    throw new Error(deployApiKeyRequiredMessage(await hasStoredCloudSession()));
   }
 
-  return { apiUrl: HOSTED_API_URL, apiKey };
+  return {
+    apiUrl: resolveApiUrl(null),
+    credential: { source: "env-api-key" as const, apiKey },
+  };
 }
 
-async function postJson(
-  apiUrl: string,
-  apiKey: string,
-  path: string,
-  input: Record<string, unknown> = {},
-): Promise<Response> {
-  return fetch(`${apiUrl}${path}`, {
-    method: "POST",
-    headers: {
-      "x-api-key": apiKey,
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({ json: input }),
-  });
+async function hasStoredCloudSession(): Promise<boolean> {
+  try {
+    return Boolean((await readAuthState())?.session);
+  } catch {
+    return false;
+  }
 }
 
 async function pollDeployment(
   apiUrl: string,
-  apiKey: string,
+  credential: { source: "env-api-key"; apiKey: string },
   deploymentId: string,
   pollIntervalMs: number,
   maxWaitMs: number,
@@ -68,18 +85,14 @@ async function pollDeployment(
 
     await new Promise((r) => setTimeout(r, pollIntervalMs));
 
-    const res = await postJson(apiUrl, apiKey, "/v1/deployments/sync", {
-      id: deploymentId,
+    deployment = await orpcCall<DeploymentResponse["json"]>({
+      apiUrl,
+      path: "/v1/deployments/sync",
+      input: { id: deploymentId },
+      credential,
     });
-    const body = (await res.json()) as DeploymentResponse;
-    if (res.status !== 200) {
-      throw new Error(
-        `Failed to sync deployment status (${res.status}): ${JSON.stringify(body)}`,
-      );
-    }
-    status = body.json.status;
-    workflows = body.json.workflows;
-    deployment = body.json;
+    status = deployment.status;
+    workflows = deployment.workflows;
     if (status === "ready" && readyAt === null) readyAt = Date.now();
     process.stdout.write(".");
   }
@@ -132,11 +145,10 @@ export const deployInput = SimpleCLI.input({
 
 export const deployCommand = SimpleCLI.command({
   description: "Deploy workflows to the hosted platform",
-  experimental: true,
 })
   .input(deployInput)
   .handle(async ({ input }) => {
-    const { apiUrl, apiKey } = getConfig();
+    const { apiUrl, credential } = await requireDeployApiKey();
     const deploymentName = generateDeploymentName();
 
     // Hosted deploy uploads a generated artifact with a deploy entrypoint and
@@ -157,20 +169,14 @@ export const deployCommand = SimpleCLI.command({
     if (input.description) createPayload.description = input.description;
 
     console.log("Uploading deployment...");
-    const res = await postJson(
+    const body = await orpcCall<DeploymentResponse["json"]>({
       apiUrl,
-      apiKey,
-      "/v1/deployments/create",
-      createPayload,
-    );
-    const body = (await res.json()) as DeploymentResponse;
-    if (res.status !== 200) {
-      throw new Error(
-        `Failed to create deployment (${res.status}): ${JSON.stringify(body)}`,
-      );
-    }
+      path: "/v1/deployments/create",
+      input: createPayload,
+      credential,
+    });
 
-    const { deployment_id, status } = body.json;
+    const { deployment_id, status } = body;
     console.log(`Deployment created: ${deployment_id}`);
     console.log(`Status: ${status}`);
 
@@ -178,7 +184,7 @@ export const deployCommand = SimpleCLI.command({
       process.stdout.write("Waiting for build");
       const deployment = await pollDeployment(
         apiUrl,
-        apiKey,
+        credential,
         deployment_id,
         10_000,
         5 * 60 * 1000,

package/src/cli/commands/execution.ts

@@ -29,7 +29,10 @@ import { warnIfInstalledSkillOutOfDate } from "../core/skill-version.js";
 import { readLibrettoConfig } from "../core/config.js";
 import { librettoCommand } from "../../shared/package-manager.js";
 import { renderSnapshotDiff } from "../../shared/snapshot/diff-snapshots.js";
-import { resolveProviderName } from "../core/providers/index.js";
+import {
+  getProviderStartupTimeoutMs,
+  resolveProviderName,
+} from "../core/providers/index.js";
 import { getAbsoluteIntegrationPath } from "../core/workflow-runtime.js";
 import {
   compileExecFunction,
@@ -49,7 +52,7 @@ import {
 } from "../core/telemetry.js";
 import type { SessionAccessMode } from "../../shared/state/index.js";
 import type { Experiments } from "../core/experiments.js";
-import { SimpleCLI } from "../framework/simple-cli.js";
+import { SimpleCLI } from "affordance";
 import {
   pageOption,
   sessionOption,
@@ -609,7 +612,7 @@ async function runIntegrationFromFile(
     },
     logger,
     logPath: runLogPath,
-    startupTimeoutMs: 60_000,
+    startupTimeoutMs: getProviderStartupTimeoutMs(args.providerName),
     handlers,
   });
 
@@ -762,7 +765,7 @@ export const readonlyExecCommand = SimpleCLI.command({
     });
   });
 
-const runUsage = `Usage: ${librettoCommand("run <integrationFile> [--params <json> | --params-file <path>] [--tsconfig <path>] [--headed|--headless] [--read-only|--write-access] [--no-visualize] [--stay-open-on-success] [--viewport WxH]")}`;
+const runUsage = `Usage: ${librettoCommand("run <integrationFile> [--params <json> | --params-file <path>] [--tsconfig <path>] [--headed|--headless] [--read-only|--write-access] [--no-visualize] [--stay-open-on-success] [--viewport WxH] [--provider <provider>]")}`;
 
 export const runInput = SimpleCLI.input({
   positionals: [

package/src/cli/commands/experiments.ts

@@ -8,7 +8,7 @@ import {
   type ExperimentName,
   type Experiments,
 } from "../core/experiments.js";
-import { SimpleCLI } from "../framework/simple-cli.js";
+import { SimpleCLI } from "affordance";
 
 const experimentNames = Object.keys(EXPERIMENTS) as ExperimentName[];
 

package/src/cli/commands/setup.ts

@@ -8,7 +8,7 @@ import {
   REPO_ROOT,
 } from "../core/context.js";
 import { librettoCommand } from "../../shared/package-manager.js";
-import { SimpleCLI } from "../framework/simple-cli.js";
+import { SimpleCLI } from "affordance";
 
 function installBrowsers(): void {
   console.log("Installing Playwright Chromium...");

package/src/cli/commands/shared.ts

@@ -14,7 +14,7 @@ import {
   type SimpleCLIMiddlewareArgs,
   type SimpleCLIContext,
   type SimpleCLIMiddleware,
-} from "../framework/simple-cli.js";
+} from "affordance";
 
 export function sessionOption(help = "Session name") {
   return SimpleCLI.option(z.string().optional(), { help });

package/src/cli/commands/snapshot.ts

@@ -1,7 +1,7 @@
 import { z } from "zod";
 import type { LoggerApi } from "../../shared/logger/index.js";
 import { readSessionState } from "../core/session.js";
-import { SimpleCLI } from "../framework/simple-cli.js";
+import { SimpleCLI } from "affordance";
 import {
   pageOption,
   sessionOption,

package/src/cli/commands/status.ts

@@ -1,5 +1,5 @@
 import { listRunningSessions, type SessionState } from "../core/session.js";
-import { SimpleCLI } from "../framework/simple-cli.js";
+import { SimpleCLI } from "affordance";
 
 // ── Session status printing ─────────────────────────────────────────────────
 

package/src/cli/core/auth-fetch.ts

@@ -11,7 +11,11 @@
 
 import { readAuthState, writeAuthState, type AuthState } from "./auth-storage.js";
 
-export const HOSTED_API_URL = "https://api.libretto.sh";
+export const DEFAULT_HOSTED_API_URL = "https://api.libretto.sh";
+
+export function resolveHostedApiUrl(): string {
+  return process.env.LIBRETTO_API_URL?.trim() || DEFAULT_HOSTED_API_URL;
+}
 
 /**
  * Shared "you have no usable credential" message. Pointed at the two
@@ -19,8 +23,9 @@ export const HOSTED_API_URL = "https://api.libretto.sh";
  */
 export const NOT_AUTHENTICATED_MESSAGE = [
   "Not authenticated.",
-  "  • Cookie expired or never set: run `libretto experimental auth login` to refresh it.",
-  "  • Or set LIBRETTO_API_KEY in your .env (issue one with `libretto experimental auth api-key issue --label <label>` after logging in).",
+  "  • New account: run `libretto cloud auth signup`.",
+  "  • Existing account: run `libretto cloud auth login`.",
+  "  • Automation: set LIBRETTO_API_KEY in your env (issue one with `libretto cloud auth api-key issue --label <label>` after signing in).",
 ].join("\n");
 
 export type CredentialSource = "env-api-key" | "cookie" | "none";
@@ -41,7 +46,7 @@ export function pickCredential(state: AuthState | null): CredentialChoice {
 }
 
 export function resolveApiUrl(_state: AuthState | null): string {
-  return HOSTED_API_URL;
+  return resolveHostedApiUrl();
 }
 
 type FetchOptions = {

package/src/cli/core/browser.ts

@@ -9,13 +9,17 @@ import { existsSync, readFileSync, writeFileSync, unlinkSync } from "node:fs";
 import { mkdir, writeFile } from "node:fs/promises";
 import { dirname, join } from "node:path";
 import { createServer } from "node:net";
+import { isWindowsNamedPipePath } from "../../shared/ipc/socket-transport.js";
 import type { LoggerApi } from "../../shared/logger/index.js";
 import type { SessionAccessMode } from "../../shared/state/index.js";
 import type { Experiments } from "./experiments.js";
 import { getSessionProviderClosePath, PROFILES_DIR } from "./context.js";
 import { readLibrettoConfig } from "./config.js";
 import { librettoCommand } from "../../shared/package-manager.js";
-import { getCloudProviderApi } from "./providers/index.js";
+import {
+  getCloudProviderApi,
+  getProviderStartupTimeoutMs,
+} from "./providers/index.js";
 import {
   assertSessionAvailableForStart,
   clearSessionState,
@@ -89,7 +93,8 @@ export function normalizeUrl(url: string): URL {
   if (
     parsedUrl.protocol === "http:" ||
     parsedUrl.protocol === "https:" ||
-    parsedUrl.protocol === "file:"
+    parsedUrl.protocol === "file:" ||
+    parsedUrl.href === "about:blank"
   ) {
     return parsedUrl;
   }
@@ -99,7 +104,7 @@ export function normalizeUrl(url: string): URL {
   }
 
   throw new Error(
-    `Unsupported URL protocol: ${parsedUrl.protocol}. Use http://, https://, or file://.`,
+    `Unsupported URL protocol: ${parsedUrl.protocol}. Use http://, https://, file://, or about:blank.`,
   );
 }
 
@@ -548,8 +553,8 @@ export async function runOpenWithProvider(
     },
     logger,
     logPath: runLogPath,
-    // Remote CDP connection + navigation; must cover both.
-    startupTimeoutMs: 60_000,
+    // Remote provider creation can wait for cloud capacity before CDP exists.
+    startupTimeoutMs: getProviderStartupTimeoutMs(providerName),
   });
   client.destroy();
 
@@ -974,6 +979,8 @@ function unlinkDaemonSocket(
   session: string,
 ): void {
   if (!socketPath) return;
+  if (isWindowsNamedPipePath(socketPath)) return;
+
   try {
     unlinkSync(socketPath);
   } catch (err) {