octocode-cli 1.3.1 → 1.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +193 -34
- package/out/chunks/chunk-7476PETK.js +309 -0
- package/out/chunks/chunk-CVNNNSMQ.js +26 -0
- package/out/chunks/chunk-OQBJTZWK.js +60 -0
- package/out/chunks/chunk-UCZCF3BQ.js +9 -0
- package/out/chunks/command-help-specs-JZXVSLZ5.js +8 -0
- package/out/chunks/commands-XBFPLHSQ.js +8 -0
- package/out/chunks/help-P7TCOYAJ.js +10 -0
- package/out/chunks/main-help-ULF5PAQY.js +10 -0
- package/out/chunks/prompts-5E6VKRX5.js +8 -0
- package/out/chunks/spinner-URV2OX6O.js +8 -0
- package/out/chunks/tool-command-M6VA7P2F.js +8 -0
- package/out/octocode-cli.js +1 -1
- package/package.json +5 -3
- package/skills/README.md +13 -1
- package/skills/agentic-flow-best-practices/SKILL.md +280 -0
- package/skills/agentic-flow-best-practices/references/agent-collaboration-patterns.md +75 -0
- package/skills/agentic-flow-best-practices/references/pr-review-agent-example.md +47 -0
- package/skills/agentic-flow-best-practices/references/resources.md +112 -0
- package/skills/octocode-chrome-devtools/README.md +541 -0
- package/skills/octocode-chrome-devtools/SKILL.md +197 -0
- package/skills/octocode-chrome-devtools/agents/openai.yaml +7 -0
- package/skills/octocode-chrome-devtools/references/CDP_AGENT_REFERENCE.md +401 -0
- package/skills/octocode-chrome-devtools/references/CHROME_FLAGS.md +234 -0
- package/skills/octocode-chrome-devtools/references/INTENTS.md +108 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_AUTH.md +179 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_AUTOMATION.md +214 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_DEBUG.md +329 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_ENVIRONMENT.md +237 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_INSPECT.md +263 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_STORAGE_CONSENT.md +214 -0
- package/skills/octocode-chrome-devtools/references/RECOVERY.md +39 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS.md +43 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_ASYNC_WORKERS.md +345 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_BROWSER.md +403 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_OBSERVE.md +275 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_SPECIAL.md +18 -0
- package/skills/octocode-chrome-devtools/scripts/cdp-runner.mjs +503 -0
- package/skills/octocode-chrome-devtools/scripts/cdp-sandbox.mjs +123 -0
- package/skills/octocode-chrome-devtools/scripts/cdp-template.mjs +81 -0
- package/skills/octocode-chrome-devtools/scripts/octocode-chrome-devtools.vpn.example.json +8 -0
- package/skills/octocode-chrome-devtools/scripts/open-browser.mjs +362 -0
- package/skills/octocode-chrome-devtools/scripts/sourcemap-resolver.mjs +193 -0
- package/skills/octocode-chrome-devtools/scripts/undercover.mjs +226 -0
- package/skills/octocode-design/README.md +2 -2
- package/skills/octocode-documentation-writer/README.md +1 -1
- package/skills/octocode-engineer/README.md +1 -1
- package/skills/octocode-engineer/SKILL.md +4 -2
- package/skills/octocode-engineer/references/output-files.md +3 -3
- package/skills/octocode-engineer/scripts/run.js +136 -136
- package/skills/octocode-engineer/src/reporting/summary-md.test.ts +48 -0
- package/skills/octocode-engineer/src/reporting/summary-md.ts +43 -2
- package/skills/octocode-install/SKILL.md +1 -1
- package/skills/octocode-pull-request-reviewer/README.md +5 -5
- package/skills/octocode-pull-request-reviewer/SKILL.md +1 -1
- package/skills/octocode-research/AGENTS.md +1 -1
- package/skills/octocode-research/README.md +2 -2
- package/skills/octocode-research/docs/ARCHITECTURE.md +1 -1
- package/skills/octocode-research/scripts/server.js +191 -246
- package/skills/octocode-research/src/routes/github.ts +4 -21
- package/skills/octocode-research/src/routes/local.ts +4 -21
- package/skills/octocode-research/src/utils/fileContentTransform.ts +44 -0
- package/skills/octocode-search-skill/SKILL.md +245 -229
- package/skills/octocode-search-skill/references/agent-skills-guide.md +177 -0
- package/skills/octocode-search-skill/references/discovery-surfaces.md +162 -0
- package/skills/octocode-search-skill/references/fetch-and-create-locally.md +57 -0
- package/skills/octocode-search-skill/references/install-reference.md +130 -0
- package/skills/octocode-search-skill/references/references-template.md +27 -0
- package/skills/octocode-search-skill/references/references.md +62 -0
- package/skills/octocode-slides/README.md +307 -0
- package/skills/octocode-slides/SKILL.md +410 -0
- package/skills/octocode-slides/references/01-brief.md +156 -0
- package/skills/octocode-slides/references/02-research.md +149 -0
- package/skills/octocode-slides/references/03-outline.md +172 -0
- package/skills/octocode-slides/references/04-design.md +301 -0
- package/skills/octocode-slides/references/05-implementation.md +213 -0
- package/skills/octocode-slides/references/06-review.md +258 -0
- package/skills/octocode-slides/references/animation.md +281 -0
- package/skills/octocode-slides/references/design-system.md +316 -0
- package/skills/octocode-slides/references/html-templates.md +673 -0
- package/skills/octocode-slides/references/image-generation.md +448 -0
- package/skills/octocode-slides/references/resources.md +840 -0
- package/skills/octocode-slides/references/slide-rules.md +541 -0
- package/skills/octocode-slides/references/wireframes.md +727 -0
- package/skills/octocode-slides/scripts/animation.js +182 -0
- package/skills/octocode-slides/scripts/base.css +353 -0
- package/skills/octocode-slides/scripts/base.html +655 -0
- package/skills/octocode-slides/scripts/generate_image.py +221 -0
- package/skills/octocode-slides/scripts/navbridge.js +79 -0
- package/skills/octocode-slides/scripts/presenter.js +316 -0
- package/skills/octocode-slides/scripts/slide.html +248 -0
- package/skills/octocode-stats/SKILL.md +73 -0
- package/skills/octocode-stats/assets/template.html +1332 -0
- package/skills/octocode-stats/scripts/build_dashboard.mjs +407 -0
- package/assets/example.png +0 -0
- package/out/chunks/chunk-QCY7Q7YW.js +0 -389
- package/out/chunks/command-help-specs-CQ3RBLP6.js +0 -8
- package/out/chunks/commands-OCTZP2TO.js +0 -51
- package/out/chunks/help-XPXP46ZT.js +0 -10
- package/out/chunks/main-help-35HX2UDQ.js +0 -10
- package/out/chunks/tool-command-HOSMVLNK.js +0 -8
- package/skills/octocode-search-skill/INSTALL_REFERENCE.md +0 -112
|
@@ -0,0 +1,234 @@
|
|
|
1
|
+
# Chrome Flags Reference
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
## User-Agent override
|
|
5
|
+
|
|
6
|
+
`open-browser.mjs` does not override Chrome's user-agent by default. Add `--userAgent` only when the task needs a specific browser/device signature:
|
|
7
|
+
|
|
8
|
+
```
|
|
9
|
+
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/<current-version>.0.0.0 Safari/537.36
|
|
10
|
+
```
|
|
11
|
+
|
|
12
|
+
```bash
|
|
13
|
+
node <skill-dir>/scripts/open-browser.mjs --headless \
|
|
14
|
+
--userAgent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/<current-version>.0.0.0 Safari/537.36"
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
Use a current version string that matches the installed browser when possible. A stale or cross-platform UA can be more fingerprintable than Chrome's default.
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
## Headless mode flags (inspection default)
|
|
21
|
+
Applied by `open-browser.mjs --headless`:
|
|
22
|
+
|
|
23
|
+
| Flag | Purpose |
|
|
24
|
+
|------|---------|
|
|
25
|
+
| `--remote-debugging-port=9222` | Enable CDP WebSocket on this port |
|
|
26
|
+
| `--headless=new` | Modern headless mode (Chrome 112+) — no visible window |
|
|
27
|
+
| `--user-data-dir=<tmpdir>/cdp-chrome-profile-9222` | Isolated temp profile — no user data read/written |
|
|
28
|
+
| `--disable-gpu` | Required for headless on many systems |
|
|
29
|
+
| `--disable-dev-shm-usage` | Prevents /dev/shm exhaustion in containers |
|
|
30
|
+
| `--no-sandbox` | Required for headless in some Linux/CI environments |
|
|
31
|
+
| `--no-first-run` | Skip Chrome's first-run setup dialog |
|
|
32
|
+
| `--no-default-browser-check` | Skip "make Chrome default" prompt |
|
|
33
|
+
| `--disable-background-mode` | Prevent Chrome from staying alive as a background app |
|
|
34
|
+
| `--user-agent=<ua>` | Optional UA override for specific compatibility or emulation tasks |
|
|
35
|
+
|
|
36
|
+
## Visible mode flags (user-requested only)
|
|
37
|
+
Applied when NOT headless (user says "show me", "open in my browser", "I want to see the page", "keep it open", "interactive"):
|
|
38
|
+
|
|
39
|
+
| Flag | Purpose |
|
|
40
|
+
|------|---------|
|
|
41
|
+
| `--remote-debugging-port=9222` | Enable CDP WebSocket |
|
|
42
|
+
| `--user-data-dir=<real-profile>` | Uses the user's real Chrome profile only when Chrome is not already running without CDP |
|
|
43
|
+
| `--profile-directory=Default` | Which profile to open when real-profile reuse is possible |
|
|
44
|
+
| `--restore-last-session` | Restore previous tabs when real-profile reuse is possible |
|
|
45
|
+
|
|
46
|
+
If Chrome is already running without CDP, `open-browser.mjs` launches an isolated visible CDP profile and returns `"isolated": true`. Existing cookies/extensions will not be available; complete auth in that visible CDP window, or close Chrome first if real-profile reuse is required.
|
|
47
|
+
|
|
48
|
+
## Mobile / viewport emulation
|
|
49
|
+
|
|
50
|
+
Mobile emulation works at **two levels** — always prefer the script level for full accuracy:
|
|
51
|
+
|
|
52
|
+
| Level | Flag / Method | Controls | Accuracy |
|
|
53
|
+
|---|---|---|---|
|
|
54
|
+
| **Launch-level** | `open-browser.mjs --windowSize 390x844` | Initial OS window size only — does **not** set `window.innerWidth` in `headless=new` (Chrome 112+) | Unreliable for viewport — no DPR, no touch |
|
|
55
|
+
| **Script-level** | `Emulation.setDeviceMetricsOverride` + `setTouchEmulationEnabled` + `setUserAgentOverride` | Viewport, DPR, mobile mode, touch events, UA + Sec-CH-UA hints | Full |
|
|
56
|
+
|
|
57
|
+
**Launch-level usage** (sets window before CDP attaches — optional, good for screenshots):
|
|
58
|
+
```bash
|
|
59
|
+
# Mobile window size
|
|
60
|
+
node <skill-dir>/scripts/open-browser.mjs --headless --windowSize 390x844
|
|
61
|
+
|
|
62
|
+
# Custom desktop size
|
|
63
|
+
node <skill-dir>/scripts/open-browser.mjs --headless --windowSize 1440x900
|
|
64
|
+
|
|
65
|
+
# Mobile window + mobile UA at launch
|
|
66
|
+
node <skill-dir>/scripts/open-browser.mjs --headless --windowSize 390x844 \
|
|
67
|
+
--userAgent "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Mobile/15E148 Safari/604.1"
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
**`--windowSize` does not set `window.innerWidth` in `headless=new`** (Chrome 112+). The OS window size and the page viewport are decoupled in modern headless mode. For any test that reads `window.innerWidth`, `window.innerHeight`, or uses CSS media queries, you must use the script-level approach.
|
|
71
|
+
|
|
72
|
+
For real mobile emulation (media queries, touch, DPR, Sec-CH-UA), always use the script-level CDP calls from `INTENTS_ENVIRONMENT.md` -> `## emulate`. Launch flags alone are **not enough**.
|
|
73
|
+
|
|
74
|
+
|
|
75
|
+
## Optional flags for special scenarios
|
|
76
|
+
Pass these via a custom launch call when needed:
|
|
77
|
+
|
|
78
|
+
| Flag | When to use |
|
|
79
|
+
|------|------------|
|
|
80
|
+
| `--disable-web-security` | Cross-origin testing (use only on isolated profiles) |
|
|
81
|
+
| `--allow-running-insecure-content` | Test mixed HTTP/HTTPS scenarios |
|
|
82
|
+
| `--ignore-certificate-errors` | Test self-signed cert environments |
|
|
83
|
+
| `--proxy-server=<host:port>` | Route traffic through a proxy |
|
|
84
|
+
| `--window-size=W,H` | Initial window dimensions (use via `--windowSize` in open-browser.mjs) |
|
|
85
|
+
| `--force-dark-mode` | Test dark-mode rendering |
|
|
86
|
+
| `--lang=<locale>` | Test localisation (e.g. `--lang=fr`) |
|
|
87
|
+
| `--disable-extensions` | Clean run without user extensions |
|
|
88
|
+
| `--incognito` | No persistent state — good for auth flow testing |
|
|
89
|
+
|
|
90
|
+
## Proxy Routing
|
|
91
|
+
|
|
92
|
+
Chrome can route traffic only through an already-configured proxy endpoint (HTTP/SOCKS/PAC), not directly into a VPN account. Use this only when the user provides or already runs a proxy.
|
|
93
|
+
|
|
94
|
+
```bash
|
|
95
|
+
node <skill-dir>/scripts/open-browser.mjs --headless \
|
|
96
|
+
--proxyServer "socks5://127.0.0.1:1080" \
|
|
97
|
+
--proxyBypassList "<-loopback>"
|
|
98
|
+
|
|
99
|
+
node <skill-dir>/scripts/open-browser.mjs --headless \
|
|
100
|
+
--proxyPacUrl "http://127.0.0.1:3128/proxy.pac"
|
|
101
|
+
```
|
|
102
|
+
|
|
103
|
+
Proxy settings only apply when Chrome is launched fresh. If output has `"reused": true` and `"proxyRequested": true`, cleanup the tracked session first or use a different `--port`; Chrome cannot apply new proxy flags to an already-running CDP session.
|
|
104
|
+
|
|
105
|
+
Config shape for `<repo>/.octocode/chrome-devtools.json` or global `chromeDevtools.proxy`:
|
|
106
|
+
|
|
107
|
+
```json
|
|
108
|
+
{
|
|
109
|
+
"proxy": {
|
|
110
|
+
"enabled": true,
|
|
111
|
+
"server": "socks5://127.0.0.1:1080",
|
|
112
|
+
"bypassList": "<-loopback>"
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
## Chrome binary paths per platform
|
|
118
|
+
|
|
119
|
+
`open-browser.mjs` auto-detects Chrome. If detection fails, pass `--chromePath`:
|
|
120
|
+
|
|
121
|
+
| Platform | Default paths checked |
|
|
122
|
+
|----------|-----------------------|
|
|
123
|
+
| macOS | `/Applications/Google Chrome.app/Contents/MacOS/Google Chrome`, `/Applications/Chromium.app/Contents/MacOS/Chromium` |
|
|
124
|
+
| Linux | `google-chrome`, `google-chrome-stable`, `chromium-browser`, `chromium` (searched in `$PATH`) |
|
|
125
|
+
| Windows | `C:\Program Files\Google\Chrome\Application\chrome.exe`, `C:\Program Files (x86)\Google\Chrome\Application\chrome.exe` |
|
|
126
|
+
|
|
127
|
+
```bash
|
|
128
|
+
# macOS/Linux — override path
|
|
129
|
+
node <skill-dir>/scripts/open-browser.mjs --headless --chromePath "/usr/bin/chromium-browser"
|
|
130
|
+
|
|
131
|
+
# Windows PowerShell — override path
|
|
132
|
+
node <skill-dir>/scripts/open-browser.mjs --headless --chromePath "C:\Program Files\Google\Chrome\Application\chrome.exe"
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
**Linux/CI notes:**
|
|
136
|
+
- `--no-sandbox` is required when running as root or inside Docker
|
|
137
|
+
- `--disable-dev-shm-usage` prevents crashes in low-memory containers
|
|
138
|
+
- For Chromium in CI: install with `apt-get install -y chromium-browser` (Ubuntu/Debian)
|
|
139
|
+
|
|
140
|
+
**Mode decision** → see `SKILL.md` → Open Browser.
|
|
141
|
+
|
|
142
|
+
---
|
|
143
|
+
|
|
144
|
+
## Shell Examples
|
|
145
|
+
|
|
146
|
+
Set these once in bash/zsh examples:
|
|
147
|
+
|
|
148
|
+
```bash
|
|
149
|
+
SKILL_DIR=<skill-dir>
|
|
150
|
+
TMPDIR=$(node -e "process.stdout.write(require('os').tmpdir())")
|
|
151
|
+
PORT=9222
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
Cleanup when a headless or isolated CDP session is no longer needed:
|
|
155
|
+
|
|
156
|
+
```bash
|
|
157
|
+
node "$SKILL_DIR/scripts/open-browser.mjs" --port "$PORT" --cleanup
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
Windows equivalents for the common command shape:
|
|
161
|
+
|
|
162
|
+
```powershell
|
|
163
|
+
# PowerShell
|
|
164
|
+
$SKILL_DIR = "<skill-dir>"
|
|
165
|
+
$TMPDIR = node -e "process.stdout.write(require('os').tmpdir())"
|
|
166
|
+
node "$SKILL_DIR\scripts\open-browser.mjs" --headless --port 9222
|
|
167
|
+
node "$SKILL_DIR\scripts\cdp-sandbox.mjs" "$TMPDIR\cdp-task.mjs" --new-tab "about:blank" `
|
|
168
|
+
> "$TMPDIR\cdp-output-task.txt" 2>&1
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
```cmd
|
|
172
|
+
SET SKILL_DIR=<skill-dir>
|
|
173
|
+
FOR /F "delims=" %%i IN ('node -e "process.stdout.write(require('os').tmpdir())"') DO SET TMPDIR=%%i
|
|
174
|
+
node "%SKILL_DIR%\scripts\open-browser.mjs" --headless --port 9222
|
|
175
|
+
node "%SKILL_DIR%\scripts\cdp-sandbox.mjs" "%TMPDIR%\cdp-task.mjs" --new-tab "about:blank" ^
|
|
176
|
+
> "%TMPDIR%\cdp-output-task.txt" 2>&1
|
|
177
|
+
```
|
|
178
|
+
|
|
179
|
+
### One-pass inspection — headless
|
|
180
|
+
|
|
181
|
+
```bash
|
|
182
|
+
node "$SKILL_DIR/scripts/open-browser.mjs" --headless --port "$PORT"
|
|
183
|
+
# save the selected intent/pattern script to "$TMPDIR/cdp-task.mjs"
|
|
184
|
+
node "$SKILL_DIR/scripts/cdp-sandbox.mjs" "$TMPDIR/cdp-task.mjs" \
|
|
185
|
+
--port "$PORT" --new-tab "about:blank" \
|
|
186
|
+
> "$TMPDIR/cdp-output-task.txt" 2>&1
|
|
187
|
+
```
|
|
188
|
+
|
|
189
|
+
Use this for network, console, performance, memory, security, screenshot, and most audit scripts. Analyze the prefixes requested by that intent, for example `[NETWORK_ERROR]`, `[CONSOLE:ERROR]`, `[EXCEPTION]`, `[PERFORMANCE]`, `[FINDING]`.
|
|
190
|
+
|
|
191
|
+
### Visible browser / live page
|
|
192
|
+
|
|
193
|
+
```bash
|
|
194
|
+
node "$SKILL_DIR/scripts/open-browser.mjs" --url "https://site.com" --port "$PORT"
|
|
195
|
+
# after the user interacts, save an on-demand script to "$TMPDIR/cdp-live-check.mjs"
|
|
196
|
+
node "$SKILL_DIR/scripts/cdp-sandbox.mjs" "$TMPDIR/cdp-live-check.mjs" \
|
|
197
|
+
--port "$PORT" --target-url "site.com" --keep-tab \
|
|
198
|
+
> "$TMPDIR/cdp-output-live-check.txt" 2>&1
|
|
199
|
+
```
|
|
200
|
+
|
|
201
|
+
### User login -> authenticated follow-up
|
|
202
|
+
|
|
203
|
+
Browser must be visible. Ask before using the real profile.
|
|
204
|
+
|
|
205
|
+
```bash
|
|
206
|
+
node "$SKILL_DIR/scripts/open-browser.mjs" --profile Default --port "$PORT"
|
|
207
|
+
# save the user-auth script from INTENTS_AUTH.md to "$TMPDIR/cdp-user-auth.mjs"
|
|
208
|
+
node "$SKILL_DIR/scripts/cdp-sandbox.mjs" "$TMPDIR/cdp-user-auth.mjs" \
|
|
209
|
+
--port "$PORT" --new-tab "about:blank" --keep-tab \
|
|
210
|
+
> "$TMPDIR/cdp-auth-output.txt" 2>&1
|
|
211
|
+
# after [AUTH_COMPLETE], run debug/scrape/security scripts on the same port
|
|
212
|
+
```
|
|
213
|
+
|
|
214
|
+
### Inspect iframes and service workers
|
|
215
|
+
|
|
216
|
+
```bash
|
|
217
|
+
node "$SKILL_DIR/scripts/cdp-sandbox.mjs" --list-targets --port "$PORT"
|
|
218
|
+
node "$SKILL_DIR/scripts/cdp-sandbox.mjs" "$TMPDIR/cdp-task.mjs" \
|
|
219
|
+
--port "$PORT" --target-url "iframe-url-pattern"
|
|
220
|
+
node "$SKILL_DIR/scripts/cdp-sandbox.mjs" "$TMPDIR/cdp-task.mjs" \
|
|
221
|
+
--port "$PORT" --target-type service_worker
|
|
222
|
+
```
|
|
223
|
+
|
|
224
|
+
### Mobile / responsive layout
|
|
225
|
+
|
|
226
|
+
```bash
|
|
227
|
+
node "$SKILL_DIR/scripts/open-browser.mjs" --headless --port "$PORT" \
|
|
228
|
+
--windowSize 390x844 \
|
|
229
|
+
--userAgent "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Mobile/15E148 Safari/604.1"
|
|
230
|
+
# still set script-level emulation in the CDP script for viewport/DPR/touch accuracy
|
|
231
|
+
node "$SKILL_DIR/scripts/cdp-sandbox.mjs" "$TMPDIR/cdp-emulate.mjs" \
|
|
232
|
+
--port "$PORT" --new-tab "about:blank" \
|
|
233
|
+
> "$TMPDIR/cdp-output-emulate.txt" 2>&1
|
|
234
|
+
```
|
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
# CDP Intent Router
|
|
2
|
+
|
|
3
|
+
Use this file to choose intent(s) and load only the matching detail file. Do not load every intent detail file by default.
|
|
4
|
+
|
|
5
|
+
## Loading Rule
|
|
6
|
+
|
|
7
|
+
1. Pick one to three intents from the index below.
|
|
8
|
+
2. Load only the detail file(s) listed for those intents.
|
|
9
|
+
3. If a detail section points to `SCRIPT_PATTERNS.md`, load only the named pattern.
|
|
10
|
+
4. Enable the union of required domains, attach listeners before navigation/action, then run the focused script.
|
|
11
|
+
5. For exact CDP params/events, verify `CDP_AGENT_REFERENCE.md` or the official per-domain protocol page.
|
|
12
|
+
6. Treat code snippets as adaptable examples. Verify current Web APIs and feature-detect inside the page before using optional browser APIs.
|
|
13
|
+
|
|
14
|
+
## Combining Intents
|
|
15
|
+
|
|
16
|
+
Intents are composable. Most real tasks need 2-3 combined. Enable the **union of domains** for all selected intents and merge their event listeners.
|
|
17
|
+
|
|
18
|
+
| Common combination | Intents | When to use |
|
|
19
|
+
|---|---|---|
|
|
20
|
+
| Automate + debug | `automate` + `debug` | "do X and tell me what breaks" |
|
|
21
|
+
| Login + network | `login` + `network` | "log in and capture what API calls are made" |
|
|
22
|
+
| Login + security | `login` + `security` | "log in and audit cookies/tokens after auth" |
|
|
23
|
+
| User-auth + scrape | `user-auth` + `scrape` | "let me sign in, then extract data from the authenticated page" |
|
|
24
|
+
| User-auth + debug | `user-auth` + `debug` | "let me sign in, then investigate what is breaking after auth" |
|
|
25
|
+
| User-auth + security | `user-auth` + `security` | "let me sign in, then audit the session tokens and cookies" |
|
|
26
|
+
| Automate + screenshot | `automate` + `screenshot` | "fill the form and take a screenshot of the result" |
|
|
27
|
+
| Automate + performance | `automate` + `performance` | "click through the flow and measure render time" |
|
|
28
|
+
| Scrape + emulate | `scrape` + `emulate` | "extract data as mobile viewport" |
|
|
29
|
+
| Debug + security | `debug` + `security` | "investigate the crash and check what tokens are exposed" |
|
|
30
|
+
| Inject + debug | `inject` + `debug` | "patch the function before load, then observe behavior" |
|
|
31
|
+
| Full audit | all of the above | "audit everything" |
|
|
32
|
+
|
|
33
|
+
When combining: enable all required domains first, attach all event listeners, then navigate/interact, then run inspection checks.
|
|
34
|
+
|
|
35
|
+
## Detail Files
|
|
36
|
+
|
|
37
|
+
| File | Intents | Load when |
|
|
38
|
+
|---|---|---|
|
|
39
|
+
| `INTENTS_DEBUG.md` | `debug`, `network`, `console`, `performance`, `memory`, `dom`, `css-coverage`, `js-coverage` | Load this file when the selected intent is about errors, diagnostics, performance, DOM/CSS inspection, or code coverage. |
|
|
40
|
+
| `INTENTS_INSPECT.md` | `security`, `websocket`, `service-worker`, `workers`, `intercept`, `screenshot`, `accessibility`, `supply-chain`, `full-audit` | Load this file when the selected intent targets browser subsystems, capture surfaces, security, workers, request interception, or full audits. |
|
|
41
|
+
| `INTENTS_AUTOMATION.md` | `automate`, `scrape`, `live-page` | Load this file when the selected intent needs browser interaction, scraping, or a live user-driven page. |
|
|
42
|
+
| `INTENTS_AUTH.md` | `login`, `user-auth` | Load this file when the selected intent needs login automation, manual user authentication, or an authenticated browser session. |
|
|
43
|
+
| `INTENTS_ENVIRONMENT.md` | `emulate`, `inject`, `monitor` | Load this file when the selected intent changes browser environment, injects instrumentation, or monitors a page over time. |
|
|
44
|
+
| `INTENTS_STORAGE_CONSENT.md` | `storage`, `consent` | Load this file when the selected intent audits browser storage, cookies, tokens, quotas, service-worker state, or consent/tracker behavior. |
|
|
45
|
+
|
|
46
|
+
## Intent Index
|
|
47
|
+
|
|
48
|
+
| User says... | Intent | Details |
|
|
49
|
+
|---|---|---|
|
|
50
|
+
| debug, what's wrong, broken, fix this, investigate, agent loop, observe, why is X not working | `debug` | [INTENTS_DEBUG.md#debug](INTENTS_DEBUG.md#debug) |
|
|
51
|
+
| automate, do X, click, type, fill, submit, flow, interact, perform steps | `automate` | [INTENTS_AUTOMATION.md#automate](INTENTS_AUTOMATION.md#automate) |
|
|
52
|
+
| login, sign in, authenticate, enter credentials, log me in | `login` | [INTENTS_AUTH.md#login](INTENTS_AUTH.md#login) |
|
|
53
|
+
| let me log in myself, I'll auth, manual login, open browser so I can sign in, auth flow, open visible browser, I need to authenticate first | `user-auth` | [INTENTS_AUTH.md#user-auth](INTENTS_AUTH.md#user-auth) |
|
|
54
|
+
| scrape, extract, collect data, pull content, harvest | `scrape` | [INTENTS_AUTOMATION.md#scrape](INTENTS_AUTOMATION.md#scrape) |
|
|
55
|
+
| emulate, mobile, device, throttle, offline, slow network, geolocation | `emulate` | [INTENTS_ENVIRONMENT.md#emulate](INTENTS_ENVIRONMENT.md#emulate) |
|
|
56
|
+
| inject, patch, override, hook, intercept before load, monkey-patch | `inject` | [INTENTS_ENVIRONMENT.md#inject](INTENTS_ENVIRONMENT.md#inject) |
|
|
57
|
+
| monitor, watch, poll, check every N seconds, keep watching | `monitor` | [INTENTS_ENVIRONMENT.md#monitor](INTENTS_ENVIRONMENT.md#monitor) |
|
|
58
|
+
| network, requests, 4xx, API calls, traffic | `network` | [INTENTS_DEBUG.md#network](INTENTS_DEBUG.md#network) |
|
|
59
|
+
| console, errors, exceptions, crashes, JS error | `console` | [INTENTS_DEBUG.md#console](INTENTS_DEBUG.md#console) |
|
|
60
|
+
| slow, performance, metrics, long task, fps, render | `performance` | [INTENTS_DEBUG.md#performance](INTENTS_DEBUG.md#performance) |
|
|
61
|
+
| memory, leak, heap, detached nodes, retained | `memory` | [INTENTS_DEBUG.md#memory](INTENTS_DEBUG.md#memory) |
|
|
62
|
+
| DOM, elements, structure, HTML, rendering | `dom` | [INTENTS_DEBUG.md#dom](INTENTS_DEBUG.md#dom) |
|
|
63
|
+
| CSS, styles, unused rules, coverage | `css-coverage` | [INTENTS_DEBUG.md#css-coverage](INTENTS_DEBUG.md#css-coverage) |
|
|
64
|
+
| JS coverage, dead code, unused functions | `js-coverage` | [INTENTS_DEBUG.md#js-coverage](INTENTS_DEBUG.md#js-coverage) |
|
|
65
|
+
| security, cookies, tokens, headers, CSP, exfil | `security` | [INTENTS_INSPECT.md#security](INTENTS_INSPECT.md#security) |
|
|
66
|
+
| websocket, WS, real-time, socket frames | `websocket` | [INTENTS_INSPECT.md#websocket](INTENTS_INSPECT.md#websocket) |
|
|
67
|
+
| service worker, SW lifecycle, cache, offline, PWA worker | `service-worker` | [INTENTS_INSPECT.md#service-worker](INTENTS_INSPECT.md#service-worker) |
|
|
68
|
+
| web worker, shared worker, worker thread, background thread | `workers` | [INTENTS_INSPECT.md#workers](INTENTS_INSPECT.md#workers) |
|
|
69
|
+
| intercept, mock, block, fake response, modify request | `intercept` | [INTENTS_INSPECT.md#intercept](INTENTS_INSPECT.md#intercept) |
|
|
70
|
+
| screenshot, capture, visual, PDF, print | `screenshot` | [INTENTS_INSPECT.md#screenshot](INTENTS_INSPECT.md#screenshot) |
|
|
71
|
+
| accessibility, a11y, aria, screen reader | `accessibility` | [INTENTS_INSPECT.md#accessibility](INTENTS_INSPECT.md#accessibility) |
|
|
72
|
+
| third-party, external scripts, CDN, supply chain | `supply-chain` | [INTENTS_INSPECT.md#supply-chain](INTENTS_INSPECT.md#supply-chain) |
|
|
73
|
+
| full audit, all checks, everything | `full-audit` | [INTENTS_INSPECT.md#full-audit](INTENTS_INSPECT.md#full-audit) |
|
|
74
|
+
| storage, cookies, localStorage, sessionStorage, IndexedDB, quota, cache state | `storage` | [INTENTS_STORAGE_CONSENT.md#storage](INTENTS_STORAGE_CONSENT.md#storage) |
|
|
75
|
+
| consent, GDPR, privacy banner, tracker pre-firing, pre-consent cookies | `consent` | [INTENTS_STORAGE_CONSENT.md#consent](INTENTS_STORAGE_CONSENT.md#consent) |
|
|
76
|
+
| open page, browse with monitoring, watch this page, live check, open and monitor, open and inspect | `live-page` | [INTENTS_AUTOMATION.md#live-page](INTENTS_AUTOMATION.md#live-page) |
|
|
77
|
+
|
|
78
|
+
## Output Prefix Reference
|
|
79
|
+
|
|
80
|
+
| Prefix | Intent categories | Meaning |
|
|
81
|
+
|---|---|---|
|
|
82
|
+
| `[NETWORK]` | network, security, supply-chain, websocket | HTTP request/response |
|
|
83
|
+
| `[NETWORK_ERROR]` | network, security | 4xx/5xx status |
|
|
84
|
+
| `[NETWORK_FAILED]` | network | Blocked/failed request |
|
|
85
|
+
| `[CONSOLE:ERROR]` | console | `console.error()` call |
|
|
86
|
+
| `[CONSOLE:WARN]` | console | `console.warn()` call |
|
|
87
|
+
| `[EXCEPTION]` | console | Uncaught JS exception |
|
|
88
|
+
| `[EXCEPTION_LOCATION]` | console | Stack frame of exception |
|
|
89
|
+
| `[LOG:ERROR]` | console | Browser Log domain error |
|
|
90
|
+
| `[PERFORMANCE]` | performance, memory | Metric value |
|
|
91
|
+
| `[DOM]` | dom, accessibility | DOM structure info |
|
|
92
|
+
| `[CSS]` | css-coverage | CSS rule info |
|
|
93
|
+
| `[SECURITY]` | security, supply-chain | Security-specific finding |
|
|
94
|
+
| `[METRIC]` | all | Summary count or measurement |
|
|
95
|
+
| `[SCREENSHOT]` | screenshot | Path to saved file |
|
|
96
|
+
| `[FINDING]` | all | Actionable issue — emit for user-relevant findings |
|
|
97
|
+
| `[AUTOMATE]` | automate, login | Step executed in a flow |
|
|
98
|
+
| `[AUTH]` | user-auth | Auth polling status update (progress line) |
|
|
99
|
+
| `[AUTH_COMPLETE]` | user-auth | Authentication detected — agent may proceed |
|
|
100
|
+
| `[AUTH_TIMEOUT]` | user-auth | Timed out waiting for auth — agent must handle |
|
|
101
|
+
| `[SCRAPE]` | scrape | Extracted data item |
|
|
102
|
+
| `[REASON]` | scrape, automate, debug | Why this step/result leads to the next step |
|
|
103
|
+
| `[EMULATE]` | emulate | Environment override active |
|
|
104
|
+
| `[INJECT]` | inject | Script injected into document |
|
|
105
|
+
| `[MONITOR]` | monitor | State snapshot from polling loop |
|
|
106
|
+
| `[SW]` | service-worker | Service Worker lifecycle event or state |
|
|
107
|
+
| `[WORKER]` | workers | Worker target attached or event from worker session |
|
|
108
|
+
| `[ACTION]` | debug, automate | Concrete next step for agent or developer |
|
|
@@ -0,0 +1,179 @@
|
|
|
1
|
+
# CDP Auth Intent Details
|
|
2
|
+
|
|
3
|
+
## login
|
|
4
|
+
|
|
5
|
+
**Trigger phrases:** "login", "sign in", "log me in", "authenticate", "enter credentials", "fill the login form", "auth flow"
|
|
6
|
+
|
|
7
|
+
**Purpose:** Automate an authentication flow — navigate to login page, fill credentials, submit, verify auth success, capture session state. Combine with `security` to audit what tokens/cookies are set post-login.
|
|
8
|
+
|
|
9
|
+
**Domains:** `Page.enable`, `Runtime.enable`, `Network.enable`
|
|
10
|
+
|
|
11
|
+
**Key steps:**
|
|
12
|
+
1. Navigate to login URL
|
|
13
|
+
2. Wait for username/password fields
|
|
14
|
+
3. Fill credentials via `Runtime.evaluate` with real `input` + `change` events
|
|
15
|
+
4. Click submit or press Enter
|
|
16
|
+
5. Wait for redirect / dashboard element
|
|
17
|
+
6. Verify logged-in state
|
|
18
|
+
7. Optionally inventory auth cookie names and storage-token presence (combine with `security`)
|
|
19
|
+
|
|
20
|
+
**Selector discovery — when selectors are unknown:**
|
|
21
|
+
```js
|
|
22
|
+
// Find likely username field
|
|
23
|
+
const { result } = await cdp.send('Runtime.evaluate', {
|
|
24
|
+
expression: `document.querySelector('input[type="email"], input[type="text"], input[name*="user"], input[name*="email"], input[id*="user"], input[id*="email"]')?.name`,
|
|
25
|
+
returnByValue: true,
|
|
26
|
+
});
|
|
27
|
+
|
|
28
|
+
// Find likely password field
|
|
29
|
+
// input[type="password"] — usually the most reliable password selector
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
**Credential injection pattern (triggers React/Vue/framework state):**
|
|
33
|
+
```js
|
|
34
|
+
async function fillField(cdp, selector, value) {
|
|
35
|
+
await cdp.send('Runtime.evaluate', {
|
|
36
|
+
expression: `
|
|
37
|
+
const el = document.querySelector(${JSON.stringify(selector)});
|
|
38
|
+
const nativeInputValueSetter = Object.getOwnPropertyDescriptor(window.HTMLInputElement.prototype, 'value').set;
|
|
39
|
+
nativeInputValueSetter.call(el, ${JSON.stringify(value)});
|
|
40
|
+
el.dispatchEvent(new Event('input', { bubbles: true }));
|
|
41
|
+
el.dispatchEvent(new Event('change', { bubbles: true }));
|
|
42
|
+
`
|
|
43
|
+
});
|
|
44
|
+
console.log(\`[AUTOMATE] filled ${selector}\`);
|
|
45
|
+
}
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
**Post-login verification:**
|
|
49
|
+
```js
|
|
50
|
+
// Check URL changed (redirect after login)
|
|
51
|
+
const { result: url } = await cdp.send('Runtime.evaluate', { expression: 'location.href', returnByValue: true });
|
|
52
|
+
console.log(`[AUTOMATE] post-login URL: ${url.value}`);
|
|
53
|
+
|
|
54
|
+
// Check for auth cookie
|
|
55
|
+
const { cookies } = await cdp.send('Network.getAllCookies', {});
|
|
56
|
+
const authCookie = cookies.find(c => /session|token|auth/i.test(c.name));
|
|
57
|
+
if (authCookie) console.log(`[AUTOMATE] auth cookie set: ${authCookie.name}`);
|
|
58
|
+
else console.log('[FINDING] NO_AUTH_COOKIE: no session/token cookie after login');
|
|
59
|
+
|
|
60
|
+
// Check localStorage for token
|
|
61
|
+
const { result: token } = await cdp.send('Runtime.evaluate', {
|
|
62
|
+
expression: `!!(localStorage.getItem('token') || localStorage.getItem('authToken') || localStorage.getItem('jwt'))`,
|
|
63
|
+
returnByValue: true,
|
|
64
|
+
});
|
|
65
|
+
if (token.value) console.log('[AUTOMATE] token present in localStorage (value redacted)');
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
**`[FINDING]` conditions:**
|
|
69
|
+
- Login form not found → `[FINDING] LOGIN_FORM_NOT_FOUND: no username/password fields on ${url}`
|
|
70
|
+
- No redirect after submit → `[FINDING] LOGIN_NO_REDIRECT: URL unchanged after submit`
|
|
71
|
+
- Error message visible → `[FINDING] LOGIN_FAILED: error element present — "${errorText}"`
|
|
72
|
+
- No auth cookie and no token in storage → `[FINDING] NO_SESSION: login appeared to succeed but no session established`
|
|
73
|
+
- Auth request returned non-200 → `[FINDING] AUTH_HTTP_ERROR: ${status} on ${url}`
|
|
74
|
+
|
|
75
|
+
**Combine with:** `security` (audit tokens post-login), `network` (capture auth API calls), `debug` (catch login errors).
|
|
76
|
+
|
|
77
|
+
## user-auth
|
|
78
|
+
|
|
79
|
+
**Trigger phrases:** "let me log in myself", "I'll authenticate", "manual login", "open browser so I can sign in", "auth flow", "open visible browser", "I need to authenticate first", "let me sign in then scrape", "open browser non-headless for auth"
|
|
80
|
+
|
|
81
|
+
**Purpose:** Opens Chrome in **visible** mode (never headless), navigates to the login URL, then polls passively for authentication completion while the user completes any auth flow (password, 2FA, SSO, CAPTCHA, OAuth). Once auth is detected the browser **stays open** so all subsequent CDP scripts reuse the authenticated session.
|
|
82
|
+
|
|
83
|
+
**Key distinction from `login`:**
|
|
84
|
+
- `login` = agent injects credentials programmatically via CDP
|
|
85
|
+
- `user-auth` = user completes auth manually; agent waits and detects completion
|
|
86
|
+
|
|
87
|
+
**Key requirement:** Browser must be visible for the user to interact — do not pass `--headless` to `open-browser.mjs` for this intent.
|
|
88
|
+
|
|
89
|
+
**Domains required:** `Network`, `Page`, `Runtime`
|
|
90
|
+
|
|
91
|
+
**Critical flags:**
|
|
92
|
+
- `open-browser.mjs` → omit `--headless` (default is already non-headless; just don't add it)
|
|
93
|
+
- `cdp-sandbox.mjs` → add `--keep-tab` so the tab and session stay open after the script exits
|
|
94
|
+
- Do NOT call `cleanup()` in `run()` — the browser must stay alive for subsequent tasks
|
|
95
|
+
|
|
96
|
+
|
|
97
|
+
|
|
98
|
+
**Adaptive user-auth recipe:**
|
|
99
|
+
|
|
100
|
+
Use visible Chrome and keep the tab alive. Poll configurable signals and report names/booleans only, never cookie or token values.
|
|
101
|
+
|
|
102
|
+
```js
|
|
103
|
+
export async function run(cdp) {
|
|
104
|
+
const LOGIN_URL = 'https://example.com/login';
|
|
105
|
+
const POST_AUTH_PATTERN = '/dashboard';
|
|
106
|
+
const AUTH_COOKIE_NAME = ''; // optional exact cookie name
|
|
107
|
+
const TIMEOUT_MS = 120_000;
|
|
108
|
+
|
|
109
|
+
await cdp.send('Network.enable', {});
|
|
110
|
+
await cdp.send('Runtime.enable', {});
|
|
111
|
+
await cdp.send('Page.enable', {});
|
|
112
|
+
await cdp.send('Page.navigate', { url: LOGIN_URL });
|
|
113
|
+
|
|
114
|
+
async function state() {
|
|
115
|
+
const { result } = await cdp.send('Runtime.evaluate', {
|
|
116
|
+
expression: `JSON.stringify({
|
|
117
|
+
url: location.href,
|
|
118
|
+
storageKeys: [...Object.keys(localStorage), ...Object.keys(sessionStorage)]
|
|
119
|
+
.filter(k => /token|auth|jwt|session/i.test(k))
|
|
120
|
+
})`,
|
|
121
|
+
returnByValue: true,
|
|
122
|
+
});
|
|
123
|
+
const page = JSON.parse(result.value || '{}');
|
|
124
|
+
const { cookies } = await cdp.send('Network.getAllCookies', {});
|
|
125
|
+
const authCookies = cookies.filter(c => AUTH_COOKIE_NAME ? c.name === AUTH_COOKIE_NAME : /session|token|auth|jwt|sid/i.test(c.name));
|
|
126
|
+
return { page, cookieNames: authCookies.map(c => c.name) };
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
const deadline = Date.now() + TIMEOUT_MS;
|
|
130
|
+
while (Date.now() < deadline) {
|
|
131
|
+
const s = await state();
|
|
132
|
+
if ((POST_AUTH_PATTERN && s.page.url?.includes(POST_AUTH_PATTERN)) || s.cookieNames.length || s.page.storageKeys?.length) {
|
|
133
|
+
console.log(`[AUTH_COMPLETE] url=${s.page.url} cookies=${s.cookieNames.join(',') || 'none'} storageKeys=${s.page.storageKeys?.join(',') || 'none'}`);
|
|
134
|
+
return;
|
|
135
|
+
}
|
|
136
|
+
console.log(`[AUTH] waiting url=${s.page.url}`);
|
|
137
|
+
await new Promise(r => setTimeout(r, 2000));
|
|
138
|
+
}
|
|
139
|
+
console.log('[AUTH_TIMEOUT] authentication not detected; tune POST_AUTH_PATTERN or AUTH_COOKIE_NAME');
|
|
140
|
+
}
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
Tune detection to the app. Prefer a post-login URL or exact cookie name over broad token heuristics when false positives are possible.
|
|
144
|
+
|
|
145
|
+
**Agent loop contract:**
|
|
146
|
+
|
|
147
|
+
```
|
|
148
|
+
REASON → need authenticated session before running scrape / debug / security tasks
|
|
149
|
+
OPEN → open-browser.mjs --profile Default --port 9222 ← NO --headless
|
|
150
|
+
WAIT → run user-auth script with --keep-tab
|
|
151
|
+
watch stdout for [AUTH_COMPLETE] or [AUTH_TIMEOUT]
|
|
152
|
+
CONTINUE → once [AUTH_COMPLETE], run subsequent scripts on the same port/session
|
|
153
|
+
REUSE → Chrome stays open; subsequent scripts connect without re-authenticating
|
|
154
|
+
STOP WHEN: [AUTH_COMPLETE] emitted (or [AUTH_TIMEOUT] — handle appropriately)
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
**Shell shape:**
|
|
158
|
+
```bash
|
|
159
|
+
node "$SKILL_DIR/scripts/open-browser.mjs" --profile Default --port 9222
|
|
160
|
+
node "$SKILL_DIR/scripts/cdp-sandbox.mjs" "$TMPDIR/cdp-user-auth.mjs" \
|
|
161
|
+
--new-tab "about:blank" --keep-tab \
|
|
162
|
+
> "$TMPDIR/cdp-auth-output.txt" 2>&1
|
|
163
|
+
# After [AUTH_COMPLETE], run follow-up scripts on the same port.
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
**Combine with:** `scrape` (extract authenticated data), `security` (audit session tokens after login), `debug` (investigate auth-gated behavior), `network` (capture post-auth API calls).
|
|
167
|
+
|
|
168
|
+
**Auth detection signals (in precedence order):**
|
|
169
|
+
1. URL changes to `POST_AUTH_PATTERN` (most reliable — redirect after login)
|
|
170
|
+
2. Auth cookie set (name matches `/session|token|auth|jwt|sid/i` or `AUTH_COOKIE_NAME`)
|
|
171
|
+
3. `localStorage` / `sessionStorage` token key present
|
|
172
|
+
|
|
173
|
+
**Tuning guide:**
|
|
174
|
+
| Situation | Fix |
|
|
175
|
+
|---|---|
|
|
176
|
+
| `[AUTH_TIMEOUT]` — login redirects to subdomain | change `POST_AUTH_PATTERN` to a path fragment, not full URL |
|
|
177
|
+
| `[AUTH_TIMEOUT]` — SSO/SAML takes longer than 2 min | increase `TIMEOUT_MS` to `300_000` |
|
|
178
|
+
| False positive detection | set `AUTH_COOKIE_NAME` to the exact cookie set on your app |
|
|
179
|
+
| Already logged in in the CDP-controlled session | script auto-detects and emits `[AUTH_COMPLETE]` immediately |
|