libretto 0.6.24 → 0.6.26

package/src/cli/core/browser.ts

@@ -5,16 +5,31 @@ import {
   type CDPSession,
   type Page,
 } from "playwright";
-import { existsSync, readFileSync, writeFileSync, unlinkSync } from "node:fs";
-import { mkdir, writeFile } from "node:fs/promises";
-import { dirname, join } from "node:path";
+import {
+  existsSync,
+  readFileSync,
+  unlinkSync,
+  writeFileSync,
+} from "node:fs";
 import { createServer } from "node:net";
+import { join } from "node:path";
 import { isWindowsNamedPipePath } from "../../shared/ipc/socket-transport.js";
 import type { LoggerApi } from "../../shared/logger/index.js";
 import type { SessionAccessMode } from "../../shared/state/index.js";
 import type { Experiments } from "./experiments.js";
-import { getSessionProviderClosePath, PROFILES_DIR } from "./context.js";
+import { getSessionProviderClosePath } from "./context.js";
 import { readLibrettoConfig } from "./config.js";
+import {
+  captureAuthProfileStorageState,
+  parseAuthProfileSites,
+} from "../../shared/workflow/auth-profile-state.js";
+import {
+  formatMissingLocalAuthProfileMessage,
+  getProfilePath,
+  hasProfile,
+  normalizeProfileName,
+  writeProfile,
+} from "./profiles.js";
 import {
   getCloudProviderApi,
   getProviderStartupTimeoutMs,
@@ -111,14 +126,6 @@ export function normalizeDomain(url: URL): string {
   return url.hostname.replace(/^www\./, "");
 }
 
-export function getProfilePath(domain: string): string {
-  return join(PROFILES_DIR, `${domain}.json`);
-}
-
-export function hasProfile(domain: string): boolean {
-  return existsSync(getProfilePath(domain));
-}
-
 async function tryConnectToCDP(
   endpoint: string,
   logger: LoggerApi,
@@ -403,7 +410,7 @@ export async function runOpen(
   options: {
     viewport?: { width: number; height: number };
     accessMode?: SessionAccessMode;
-    authProfileDomain?: string;
+    authProfileName?: string;
     experiments: Experiments;
   },
 ): Promise<void> {
@@ -427,40 +434,43 @@ export async function runOpen(
 
   const browserMode = headed ? "headed" : "headless";
 
-  // When --auth-profile is provided, use that domain for profile lookup
-  // instead of deriving it from the URL.
-  const authDomain = options?.authProfileDomain
-    ? normalizeDomain(normalizeUrl(options.authProfileDomain))
+  // When --auth-profile is provided, use that named profile instead of
+  // deriving a legacy domain profile from the URL.
+  const authProfileName = options?.authProfileName
+    ? normalizeProfileName(options.authProfileName)
     : undefined;
-  if (authDomain) {
-    const authProfilePath = getProfilePath(authDomain);
-    if (!existsSync(authProfilePath)) {
+  if (authProfileName) {
+    const authProfilePath = getProfilePath(authProfileName);
+    if (!hasProfile(authProfileName)) {
       throw new Error(
-        `No saved auth profile for "${authDomain}". ` +
-          `Save one first: libretto open https://${authDomain} --headed --session <name>, ` +
-          `log in, then run: libretto save ${authDomain} --session <name>`,
+        formatMissingLocalAuthProfileMessage({
+          profileName: authProfileName,
+          profilePath: authProfilePath,
+          session,
+        }),
       );
     }
   }
 
   const supportsSavedProfile =
     parsedUrl.protocol === "http:" || parsedUrl.protocol === "https:";
-  const domain = authDomain ?? (supportsSavedProfile ? normalizeDomain(parsedUrl) : undefined);
-  const profilePath = domain ? getProfilePath(domain) : undefined;
-  const useProfile = domain ? hasProfile(domain) : false;
+  const profileName =
+    authProfileName ?? (supportsSavedProfile ? normalizeDomain(parsedUrl) : undefined);
+  const profilePath = profileName ? getProfilePath(profileName) : undefined;
+  const useProfile = profileName ? hasProfile(profileName) : false;
 
   logger.info("open-launching", {
     url,
     mode: browserMode,
     session,
     port,
-    domain,
+    profileName,
     useProfile,
     profilePath: useProfile ? profilePath : undefined,
   });
 
   if (useProfile) {
-    console.log(`Loading saved profile for ${domain}`);
+    console.log(`Loading saved profile ${profileName}`);
   }
   console.log(`Launching ${browserMode} browser (session: ${session})...`);
 
@@ -607,83 +617,84 @@ export async function runOpenWithProvider(
 }
 
 export async function runSave(
-  urlOrDomain: string,
+  profileName: string,
   session: string,
   logger: LoggerApi,
+  options: { sites: string } = { sites: "" },
 ): Promise<void> {
-  logger.info("save-start", { urlOrDomain, session });
-  const { browser, context, page } = await connect(session, logger);
-
-  try {
-    await new Promise((r) => setTimeout(r, 500));
-
-    const domain = normalizeDomain(normalizeUrl(urlOrDomain));
-    const profilePath = getProfilePath(domain);
+  const normalizedProfileName = normalizeProfileName(profileName);
+  const sites = parseAuthProfileSites(options.sites);
+  if (sites.length === 0) {
+    throw new Error("Pass at least one site with --sites <site[,site]>.");
+  }
 
-    const cdpSession = await context.newCDPSession(page);
-    const { cookies: rawCookies } = await cdpSession.send(
-      "Network.getAllCookies",
+  logger.info("save-start", { profileName: normalizedProfileName, session, sites });
+  const state = readSessionStateOrThrow(session);
+  if (!state.daemonSocketPath) {
+    throw new Error(
+      `Session "${session}" has no daemon socket. Close and reopen the session, then run libretto save again.`,
     );
+  }
+  const client = await DaemonClient.connect(state.daemonSocketPath);
 
-    const cookies = rawCookies.map((c: any) => {
-      const cookie = { ...c };
-      if (cookie.partitionKey && typeof cookie.partitionKey === "object") {
-        delete cookie.partitionKey;
-      }
-      return cookie;
-    });
-
-    await cdpSession.detach();
-
-    const origins: Array<{
-      origin: string;
-      localStorage: Array<{ name: string; value: string }>;
-    }> = [];
-
-    for (const ctx of browser.contexts()) {
-      for (const pg of ctx.pages()) {
-        try {
-          const origin = new URL(pg.url()).origin;
-          const localStorage = await pg.evaluate(() => {
-            const items: Array<{ name: string; value: string }> = [];
-            for (let i = 0; i < window.localStorage.length; i++) {
-              const key = window.localStorage.key(i);
-              if (key) {
-                items.push({
-                  name: key,
-                  value: window.localStorage.getItem(key) || "",
-                });
-              }
-            }
-            return items;
-          });
-          if (localStorage.length > 0) {
-            origins.push({ origin, localStorage });
-          }
-        } catch {
-          // Skip pages that can't be accessed.
-        }
-      }
-    }
-
-    const state = { cookies, origins };
-    await mkdir(dirname(profilePath), { recursive: true });
-    await writeFile(profilePath, JSON.stringify(state, null, 2));
+  try {
+    const storageState = await client.captureAuthProfileStorageState({ sites });
+    const profilePath = await writeProfile(normalizedProfileName, storageState);
 
     logger.info("save-success", {
-      domain,
+      profileName: normalizedProfileName,
+      sites,
       profilePath,
-      cookieCount: cookies.length,
-      originCount: origins.length,
+      cookieCount: storageState.cookies?.length ?? 0,
+      originCount: storageState.origins?.length ?? 0,
     });
-    console.log(`Profile saved for ${domain}`);
+    console.log(`Profile saved: ${normalizedProfileName}`);
     console.log(`   Location: ${profilePath}`);
-    console.log(`   Cookies: ${cookies.length}, Origins: ${origins.length}`);
+    console.log(`   Sites: ${sites.join(", ")}`);
+    console.log(
+      `   Cookies: ${storageState.cookies?.length ?? 0}, Origins: ${storageState.origins?.length ?? 0}`,
+    );
   } catch (err) {
-    logger.error("save-error", { error: err, urlOrDomain, session });
+    logger.error("save-error", { error: err, profileName, session, sites });
     throw err;
   } finally {
-    disconnectBrowser(browser, logger, session);
+    client.destroy();
+  }
+}
+
+export async function runFetchChromeProfile(
+  profileName: string,
+  cdpUrl: string,
+  logger: LoggerApi,
+  options: { sites: string },
+): Promise<void> {
+  const normalizedProfileName = normalizeProfileName(profileName);
+  const sites = parseAuthProfileSites(options.sites);
+  if (sites.length === 0) {
+    throw new Error("Pass at least one site with --sites <site[,site]>.");
+  }
+
+  logger.info("fetch-chrome-profile-start", {
+    profileName: normalizedProfileName,
+    cdpUrl,
+    sites,
+  });
+  const browser = await chromium.connectOverCDP(cdpUrl);
+  try {
+    const context = browser.contexts()[0];
+    if (!context) {
+      throw new Error("Connected Chrome instance has no browser context.");
+    }
+    const state = await captureAuthProfileStorageState(context, sites);
+    const profilePath = await writeProfile(normalizedProfileName, state);
+    console.log(`Profile fetched: ${normalizedProfileName}`);
+    console.log(`   Location: ${profilePath}`);
+    console.log(`   Sites: ${sites.join(", ")}`);
+    console.log(
+      `   Cookies: ${state.cookies?.length ?? 0}, Origins: ${state.origins?.length ?? 0}`,
+    );
+  } finally {
+    disconnectBrowser(browser, logger);
   }
 }
 

package/src/cli/core/daemon/config.ts

@@ -40,6 +40,8 @@ export type DaemonBrowserProviderConfig = {
   kind: "provider";
   providerName: string;
   initialUrl?: string;
+  authProfileName?: string;
+  authProfilePersist?: boolean;
 };
 
 export type DaemonWorkflowConfig = {
@@ -48,7 +50,8 @@ export type DaemonWorkflowConfig = {
   visualize?: boolean;
   stayOpenOnSuccess?: boolean;
   tsconfigPath?: string;
-  authProfileDomain?: string;
+  authProfileName?: string;
+  authProfilePersist?: boolean;
 };
 
 export type DaemonConfig = {

package/src/cli/core/daemon/daemon.ts

@@ -55,13 +55,13 @@ import {
   type DaemonExecResult,
   type DaemonToCliApi,
 } from "./ipc.js";
-import { wrapPageForActionLogging } from "../telemetry.js";
+import { wrapPageForActionLogging } from "../session-logs.js";
 import {
+  formatMissingLocalAuthProfileMessage,
   getProfilePath,
   hasProfile,
-  normalizeDomain,
-  normalizeUrl,
-} from "../browser.js";
+  normalizeProfileName,
+} from "../profiles.js";
 import { handlePages } from "./pages.js";
 import { handleExec, handleReadonlyExec } from "./exec.js";
 import { DaemonExecRepl } from "./exec-repl.js";
@@ -90,6 +90,7 @@ import {
 } from "../workflow-runtime.js";
 import { WorkflowController } from "../workflow-runner/runner.js";
 import { validateWorkflowInput } from "../../../shared/workflow/workflow.js";
+import { captureAuthProfileStorageState } from "../../../shared/workflow/auth-profile-state.js";
 
 function isOperationalPage(page: Page): boolean {
   const url = page.url();
@@ -119,34 +120,17 @@ class UserFacingStartupError extends Error {
   }
 }
 
-function getMissingLocalAuthProfileError(args: {
-  normalizedDomain: string;
-  profilePath: string;
-  session: string;
-}): string {
-  return [
-    `Local auth profile not found for domain "${args.normalizedDomain}".`,
-    `Expected profile file: ${args.profilePath}`,
-    "To create it:",
-    `  1. libretto open https://${args.normalizedDomain} --headed --session ${args.session}`,
-    "  2. Log in manually in the browser window.",
-    `  3. libretto save ${args.normalizedDomain} --session ${args.session}`,
-  ].join("\n");
-}
-
 function resolveAuthProfileStorageStatePath(args: {
-  authProfileDomain?: string;
+  authProfileName?: string;
   session: string;
 }): string | undefined {
-  if (!args.authProfileDomain) return undefined;
-  const normalizedDomain = normalizeDomain(
-    normalizeUrl(args.authProfileDomain),
-  );
-  const profilePath = getProfilePath(normalizedDomain);
-  if (!hasProfile(normalizedDomain)) {
+  if (!args.authProfileName) return undefined;
+  const profileName = normalizeProfileName(args.authProfileName);
+  const profilePath = getProfilePath(profileName);
+  if (!hasProfile(profileName)) {
     throw new UserFacingStartupError(
-      getMissingLocalAuthProfileError({
-        normalizedDomain,
+      formatMissingLocalAuthProfileMessage({
+        profileName,
         profilePath,
         session: args.session,
       }),
@@ -379,6 +363,12 @@ class BrowserDaemon {
     workflow?: DaemonWorkflowConfig;
   }): Promise<BrowserDaemon> {
     const { session, browser: config } = args;
+    const storageStatePath =
+      config.storageStatePath ??
+      resolveAuthProfileStorageStatePath({
+        authProfileName: args.workflow?.authProfileName,
+        session,
+      });
     const windowPositionArg = config.windowPosition
       ? `--window-position=${config.windowPosition.x},${config.windowPosition.y}`
       : undefined;
@@ -396,13 +386,6 @@ class BrowserDaemon {
       ],
     });
 
-    const storageStatePath =
-      config.storageStatePath ??
-      resolveAuthProfileStorageStatePath({
-        authProfileDomain: args.workflow?.authProfileDomain,
-        session,
-      });
-
     const context = await browser.newContext({
       ...(storageStatePath ? { storageState: storageStatePath } : {}),
       viewport: {
@@ -491,7 +474,10 @@ class BrowserDaemon {
       getProviderSession: () => providerSession,
     });
     try {
-      providerSession = await provider.createSession();
+      providerSession = await provider.createSession({
+        authProfileName: config.authProfileName,
+        authProfilePersist: config.authProfilePersist,
+      });
       const browser = await chromium.connectOverCDP(
         providerSession.cdpEndpoint,
       );
@@ -665,6 +651,10 @@ class BrowserDaemon {
         this.withRequestTimeout(() => handlePages(this.pageById, this.page)),
       exec: (args) => this.runExec(args),
       readonlyExec: (args) => this.runReadonlyExec(args),
+      captureAuthProfileStorageState: (args) =>
+        this.withRequestTimeout(() =>
+          captureAuthProfileStorageState(this.context, args.sites),
+        ),
       snapshot: (args) => this.runSnapshot(args),
       getWorkflowStatus: () => this.getWorkflowStatus(),
       resumeWorkflow: () => this.resumeWorkflow(),
@@ -810,6 +800,7 @@ class BrowserDaemon {
       page: this.page,
       context: this.context,
       logger: this.logger,
+      refreshLocalAuthProfiles: !this.externallyManaged,
       onLog: (event) => {
         void this.broadcast("workflowOutput", event);
       },
@@ -942,12 +933,29 @@ async function main(): Promise<void> {
     config.browser.kind === "launch" ? config.browser.headed : false;
 
   let loadedWorkflow: ExportedLibrettoWorkflow | undefined;
+  let workflowConfig = config.workflow;
+  let browserConfig = config.browser;
   if (config.workflow) {
     try {
       loadedWorkflow = await loadDefaultWorkflow(
         getAbsoluteIntegrationPath(config.workflow.integrationPath),
       );
       validateWorkflowInput(loadedWorkflow, config.workflow.params ?? {});
+      const authProfileName = loadedWorkflow.authProfileName;
+      const authProfilePersist =
+        loadedWorkflow.authProfileRefresh === true;
+      workflowConfig = {
+        ...config.workflow,
+        authProfileName,
+        authProfilePersist,
+      };
+      if (config.browser.kind === "provider") {
+        browserConfig = {
+          ...config.browser,
+          authProfileName,
+          authProfilePersist,
+        };
+      }
     } catch (error) {
       throw new UserFacingStartupError(
         error instanceof Error ? error.message : String(error),
@@ -956,30 +964,30 @@ async function main(): Promise<void> {
   }
 
   const daemon =
-    config.browser.kind === "provider"
+    browserConfig.kind === "provider"
       ? await BrowserDaemon.connectToProvider({
           session: config.session,
           experiments: config.experiments,
-          browser: config.browser,
+          browser: browserConfig,
         })
-      : config.browser.kind === "connect"
+      : browserConfig.kind === "connect"
         ? await BrowserDaemon.connectToEndpoint({
             session: config.session,
             experiments: config.experiments,
-            browser: config.browser,
+            browser: browserConfig,
           })
         : await BrowserDaemon.launchBrowser({
             session: config.session,
             experiments: config.experiments,
-            browser: config.browser,
-            workflow: config.workflow,
+            browser: browserConfig,
+            workflow: workflowConfig,
           });
 
-  if (config.workflow) {
+  if (workflowConfig) {
     void waitForSessionState(config.session)
       .then(() =>
         daemon.startWorkflow({
-          workflow: config.workflow!,
+          workflow: workflowConfig,
           headed,
           loadedWorkflow,
         }),

package/src/cli/core/daemon/ipc.ts

@@ -10,6 +10,7 @@ import { connectToIpcSocket } from "../../../shared/ipc/socket-transport.js";
 import type { LoggerApi } from "../../../shared/logger/index.js";
 import type { SnapshotDiff } from "../../../shared/snapshot/diff-snapshots.js";
 import type { Snapshot } from "../../../shared/snapshot/types.js";
+import type { AuthProfileStorageState } from "../../../shared/workflow/auth-profile-state.js";
 import { REPO_ROOT } from "../context.js";
 import type { WorkflowStatus } from "../workflow-runner/runner.js";
 import type { DaemonConfig } from "./config.js";
@@ -43,6 +44,10 @@ export type DaemonSnapshotResult = {
   snapshot: Snapshot;
 };
 
+export type DaemonCaptureAuthProfileStorageStateArgs = {
+  sites: string[];
+};
+
 export type DaemonCloseResult = { replayUrl?: string };
 
 export type DaemonCommandResult<T> =
@@ -56,6 +61,9 @@ export type CliToDaemonApi = {
   pages(): DaemonPageSummary[];
   exec(args: DaemonExecArgs): DaemonExecResult;
   readonlyExec(args: DaemonReadonlyExecArgs): DaemonExecResult;
+  captureAuthProfileStorageState(
+    args: DaemonCaptureAuthProfileStorageStateArgs,
+  ): AuthProfileStorageState;
   snapshot(args: DaemonSnapshotArgs): DaemonSnapshotResult;
   getWorkflowStatus(): WorkflowStatus;
   resumeWorkflow(): void;
@@ -207,6 +215,7 @@ export type DaemonResultMap = {
   pages: DaemonPageSummary[];
   exec: DaemonExecSuccess;
   "readonly-exec": DaemonExecSuccess;
+  captureAuthProfileStorageState: AuthProfileStorageState;
   snapshot: DaemonSnapshotResult;
 };
 
@@ -445,6 +454,12 @@ export class DaemonClient {
     return this.ipc.call.readonlyExec(args);
   }
 
+  async captureAuthProfileStorageState(
+    args: DaemonCaptureAuthProfileStorageStateArgs,
+  ): Promise<AuthProfileStorageState> {
+    return this.ipc.call.captureAuthProfileStorageState(args);
+  }
+
   async snapshot(
     args: DaemonSnapshotArgs = {},
   ): Promise<DaemonResultMap["snapshot"]> {