opensoma 0.1.2 → 0.2.0

package/src/client.test.ts

@@ -1,8 +1,9 @@
 import { afterEach, describe, expect, mock, test } from 'bun:test'
 
-import { SomaClient } from '@/client'
-import { MENU_NO } from '@/constants'
-import { SomaHttp } from '@/http'
+import { SomaClient } from './client'
+import { MENU_NO } from './constants'
+import { AuthenticationError } from './errors'
+import { SomaHttp } from './http'
 
 afterEach(() => {
   mock.restore()
@@ -21,6 +22,7 @@ describe('SomaClient', () => {
     const client = new SomaClient()
     const calls: Array<{ method: string; path: string; data: Record<string, string> | undefined }> = []
     Reflect.set(client, 'http', {
+      checkLogin: async () => ({ userId: 'user@example.com', userNm: 'Test' }),
       get: async (path: string, data?: Record<string, string>) => {
         calls.push({ method: 'get', path, data })
         return '<table><tbody><tr><td>1</td><td><a href="/sw/mypage/mentoLec/view.do?qustnrSn=123">[자유 멘토링] 제목 [접수중]</a></td><td>2026-04-01 ~ 2026-04-02</td><td>2026-04-03(목) 10:00 ~ 11:00</td><td>1 /4</td><td>OK</td><td>[접수중]</td><td>작성자</td><td>2026-04-01</td></tr></tbody></table><ul class="bbs-total"><li>Total : 1</li><li>1/1 Page</li></ul>'
@@ -33,7 +35,12 @@ describe('SomaClient', () => {
       {
         method: 'get',
         path: '/mypage/mentoLec/list.do',
-        data: { menuNo: MENU_NO.MENTORING, searchStatMentolec: 'A', searchGubunMentolec: 'MRC010', pageIndex: '2' },
+        data: {
+          menuNo: MENU_NO.MENTORING,
+          searchStatMentolec: 'A',
+          searchGubunMentolec: 'MRC010',
+          pageIndex: '2',
+        },
       },
     ])
     expect(result.items[0]?.title).toBe('제목')
@@ -44,6 +51,7 @@ describe('SomaClient', () => {
     const client = new SomaClient()
     let captured: { path: string; data: Record<string, string> | undefined } | undefined
     Reflect.set(client, 'http', {
+      checkLogin: async () => ({ userId: 'user@example.com', userNm: 'Test' }),
       get: async (path: string, data?: Record<string, string>) => {
         captured = { path, data }
         return '<input type="hidden" name="qustnrSn" value="99"><table><tr><th>모집 명</th><td>상세</td><th>상태</th><td>접수중</td></tr><tr><th>접수 기간</th><td>2026-04-01 ~ 2026-04-02</td><th>강의날짜</th><td>2026-04-03(목) 10:00 ~ 11:00</td></tr><tr><th>장소</th><td>온라인(Webex)</td><th>모집인원</th><td>4명</td></tr><tr><th>작성자</th><td>작성자</td><th>등록일</th><td>2026-04-01</td></tr></table><div data-content><p>본문</p></div>'
@@ -52,7 +60,10 @@ describe('SomaClient', () => {
 
     const result = await client.mentoring.get(99)
 
-    expect(captured).toEqual({ path: '/mypage/mentoLec/view.do', data: { menuNo: MENU_NO.MENTORING, qustnrSn: '99' } })
+    expect(captured).toEqual({
+      path: '/mypage/mentoLec/view.do',
+      data: { menuNo: MENU_NO.MENTORING, qustnrSn: '99' },
+    })
     expect(result).toMatchObject({ id: 99, title: '상세', venue: '온라인(Webex)' })
   })
 
@@ -60,6 +71,7 @@ describe('SomaClient', () => {
     const client = new SomaClient()
     const calls: Array<{ path: string; data: Record<string, string> }> = []
     Reflect.set(client, 'http', {
+      checkLogin: async () => ({ userId: 'user@example.com', userNm: 'Test' }),
       post: async (path: string, data: Record<string, string>) => {
         calls.push({ path, data })
         return ''
@@ -78,7 +90,12 @@ describe('SomaClient', () => {
     await client.mentoring.delete(7)
     await client.mentoring.apply(8)
     await client.mentoring.cancel({ applySn: 9, qustnrSn: 10 })
-    await client.room.reserve({ roomId: 17, date: '2026-04-01', slots: ['10:00', '10:30'], title: '회의' })
+    await client.room.reserve({
+      roomId: 17,
+      date: '2026-04-01',
+      slots: ['10:00', '10:30'],
+      title: '회의',
+    })
     await client.event.apply(11)
 
     expect(calls.map((call) => call.path)).toEqual([
@@ -89,10 +106,27 @@ describe('SomaClient', () => {
       '/mypage/itemRent/insert.do',
       '/application/application/application.do',
     ])
-    expect(calls[0]?.data).toMatchObject({ menuNo: MENU_NO.MENTORING, reportCd: 'MRC020', qustnrSj: '새 멘토링' })
-    expect(calls[1]?.data).toEqual({ menuNo: MENU_NO.MENTORING, qustnrSn: '7', pageQueryString: '' })
-    expect(calls[2]?.data).toEqual({ menuNo: MENU_NO.EVENT, qustnrSn: '8', applyGb: 'C', stepHeader: '0' })
-    expect(calls[3]?.data).toEqual({ menuNo: MENU_NO.APPLICATION_HISTORY, applySn: '9', qustnrSn: '10' })
+    expect(calls[0]?.data).toMatchObject({
+      menuNo: MENU_NO.MENTORING,
+      reportCd: 'MRC020',
+      qustnrSj: '새 멘토링',
+    })
+    expect(calls[1]?.data).toEqual({
+      menuNo: MENU_NO.MENTORING,
+      qustnrSn: '7',
+      pageQueryString: '',
+    })
+    expect(calls[2]?.data).toEqual({
+      menuNo: MENU_NO.EVENT,
+      qustnrSn: '8',
+      applyGb: 'C',
+      stepHeader: '0',
+    })
+    expect(calls[3]?.data).toEqual({
+      menuNo: MENU_NO.APPLICATION_HISTORY,
+      applySn: '9',
+      qustnrSn: '10',
+    })
     expect(calls[4]?.data).toMatchObject({
       menuNo: MENU_NO.ROOM,
       itemId: '17',
@@ -100,7 +134,12 @@ describe('SomaClient', () => {
       'time[0]': '10:00',
       'time[1]': '10:30',
     })
-    expect(calls[5]?.data).toEqual({ menuNo: MENU_NO.EVENT, qustnrSn: '11', applyGb: 'C', stepHeader: '0' })
+    expect(calls[5]?.data).toEqual({
+      menuNo: MENU_NO.EVENT,
+      qustnrSn: '11',
+      applyGb: 'C',
+      stepHeader: '0',
+    })
   })
 
   test('room, dashboard, notice, team, member, event, and history routes use expected endpoints', async () => {
@@ -160,7 +199,15 @@ describe('SomaClient', () => {
     expect(roomSlots).toEqual([{ time: '09:00', available: true }])
     expect(dashboard.name).toBe('전수열')
     expect(dashboard.mentoringSessions).toEqual([
-      { title: '내 멘토링', url: '/mypage/mentoLec/view.do?qustnrSn=100', status: '접수중' },
+      {
+        title: '내 멘토링',
+        url: '/mypage/mentoLec/view.do?qustnrSn=100',
+        status: '접수중',
+        date: '2026-04-03',
+        time: '10:00',
+        timeEnd: '11:00',
+        type: '멘토 특강',
+      },
     ])
     expect(noticeList.items[0]?.title).toBe('공지')
     expect(noticeDetail).toMatchObject({ id: 1, title: '공지' })
@@ -207,4 +254,57 @@ describe('SomaClient', () => {
     expect(calls).toEqual(['neo@example.com:secret'])
     await expect(client.isLoggedIn()).resolves.toBe(true)
   })
+
+  test('auth-required operations throw AuthenticationError when not logged in', async () => {
+    const client = new SomaClient()
+    Reflect.set(client, 'http', {
+      checkLogin: async () => null,
+    })
+
+    await expect(client.mentoring.list()).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.mentoring.get(1)).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(
+      client.mentoring.create({
+        title: 'Test',
+        type: 'public',
+        date: '2026-04-01',
+        startTime: '10:00',
+        endTime: '11:00',
+        venue: 'Test',
+      }),
+    ).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.mentoring.delete(1)).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.mentoring.apply(1)).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.mentoring.cancel({ applySn: 1, qustnrSn: 2 })).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.mentoring.history()).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.room.list()).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.room.available(1, '2026-04-01')).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(
+      client.room.reserve({ roomId: 1, date: '2026-04-01', slots: ['10:00'], title: 'Test' }),
+    ).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.dashboard.get()).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.notice.list()).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.notice.get(1)).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.team.show()).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.member.show()).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.event.list()).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.event.get(1)).rejects.toBeInstanceOf(AuthenticationError)
+    await expect(client.event.apply(1)).rejects.toBeInstanceOf(AuthenticationError)
+  })
+
+  test('AuthenticationError has helpful message', async () => {
+    const client = new SomaClient()
+    Reflect.set(client, 'http', {
+      checkLogin: async () => null,
+    })
+
+    try {
+      await client.mentoring.list()
+      expect.fail('Should have thrown')
+    } catch (error) {
+      expect(error).toBeInstanceOf(AuthenticationError)
+      expect((error as Error).message).toContain('opensoma auth login')
+      expect((error as Error).message).toContain('opensoma auth extract')
+    }
+  })
 })

package/src/client.ts

@@ -1,8 +1,9 @@
-import { MENU_NO } from '@/constants'
-import { CredentialManager } from '@/credential-manager'
-import * as formatters from '@/formatters'
-import { type UserIdentity, SomaHttp } from '@/http'
-import { type MentoringSearchQuery, buildMentoringListParams } from '@/shared/utils/mentoring-params'
+import { MENU_NO } from './constants'
+import { CredentialManager } from './credential-manager'
+import { AuthenticationError } from './errors'
+import * as formatters from './formatters'
+import { type UserIdentity, SomaHttp } from './http'
+import { type MentoringSearchQuery, buildMentoringListParams } from './shared/utils/mentoring-params'
 import {
   buildApplicationPayload,
   buildCancelApplicationPayload,
@@ -11,7 +12,7 @@ import {
   buildRoomReservationPayload,
   parseEventDetail,
   resolveRoomId,
-} from '@/shared/utils/swmaestro'
+} from './shared/utils/swmaestro'
 import type {
   ApplicationHistoryItem,
   Dashboard,
@@ -24,13 +25,14 @@ import type {
   Pagination,
   RoomCard,
   TeamInfo,
-} from '@/types'
+} from './types'
 
 export interface SomaClientOptions {
   sessionCookie?: string
   csrfToken?: string
   username?: string
   password?: string
+  verbose?: boolean
 }
 
 export class SomaClient {
@@ -101,10 +103,15 @@ export class SomaClient {
 
   constructor(options: SomaClientOptions = {}) {
     this.options = options
-    this.http = new SomaHttp({ sessionCookie: options.sessionCookie, csrfToken: options.csrfToken })
+    this.http = new SomaHttp({
+      sessionCookie: options.sessionCookie,
+      csrfToken: options.csrfToken,
+      verbose: options.verbose,
+    })
 
     this.mentoring = {
       list: async (options) => {
+        await this.requireAuth()
         const user = options?.search?.me ? await this.resolveUser() : undefined
         const html = await this.http.get(
           '/mypage/mentoLec/list.do',
@@ -116,58 +123,83 @@ export class SomaClient {
             user,
           }),
         )
-        return { items: formatters.parseMentoringList(html), pagination: formatters.parsePagination(html) }
+        return {
+          items: formatters.parseMentoringList(html),
+          pagination: formatters.parsePagination(html),
+        }
       },
-      get: async (id) =>
-        formatters.parseMentoringDetail(
-          await this.http.get('/mypage/mentoLec/view.do', { menuNo: MENU_NO.MENTORING, qustnrSn: String(id) }),
+      get: async (id) => {
+        await this.requireAuth()
+        return formatters.parseMentoringDetail(
+          await this.http.get('/mypage/mentoLec/view.do', {
+            menuNo: MENU_NO.MENTORING,
+            qustnrSn: String(id),
+          }),
           id,
-        ),
+        )
+      },
       create: async (params) => {
-        await this.http.post('/mypage/mentoLec/insert.do', buildMentoringPayload(params))
+        await this.requireAuth()
+        const html = await this.http.post('/mypage/mentoLec/insert.do', buildMentoringPayload(params))
+        if (this.containsErrorIndicator(html)) {
+          throw new Error(this.extractErrorMessage(html) || '멘토링 등록에 실패했습니다.')
+        }
       },
       delete: async (id) => {
+        await this.requireAuth()
         await this.http.post('/mypage/mentoLec/delete.do', buildDeleteMentoringPayload(id))
       },
       apply: async (id) => {
+        await this.requireAuth()
         await this.http.post('/application/application/application.do', buildApplicationPayload(id))
       },
       cancel: async (params) => {
+        await this.requireAuth()
         await this.http.post('/mypage/userAnswer/cancel.do', buildCancelApplicationPayload(params))
       },
       history: async (options) => {
+        await this.requireAuth()
         const html = await this.http.get('/mypage/userAnswer/history.do', {
           menuNo: MENU_NO.APPLICATION_HISTORY,
           ...(options?.page ? { pageIndex: String(options.page) } : {}),
         })
-        return { items: formatters.parseApplicationHistory(html), pagination: formatters.parsePagination(html) }
+        return {
+          items: formatters.parseApplicationHistory(html),
+          pagination: formatters.parsePagination(html),
+        }
       },
     }
 
     this.room = {
-      list: async (options) =>
-        formatters.parseRoomList(
+      list: async (options) => {
+        await this.requireAuth()
+        return formatters.parseRoomList(
           await this.http.post('/mypage/officeMng/list.do', {
             menuNo: MENU_NO.ROOM,
             sdate: options?.date ?? new Date().toISOString().slice(0, 10),
             searchItemId: options?.room ? String(resolveRoomId(options.room)) : '',
           }),
-        ),
-      available: async (roomId, date) =>
-        formatters.parseRoomSlots(
+        )
+      },
+      available: async (roomId, date) => {
+        await this.requireAuth()
+        return formatters.parseRoomSlots(
           await this.http.post('/mypage/officeMng/rentTime.do', {
             viewType: 'CONTBODY',
             itemId: String(roomId),
             rentDt: date,
           }),
-        ),
+        )
+      },
       reserve: async (params) => {
+        await this.requireAuth()
         await this.http.post('/mypage/itemRent/insert.do', buildRoomReservationPayload(params))
       },
     }
 
     this.dashboard = {
       get: async () => {
+        await this.requireAuth()
         const [dashboard, { items: myMentoring }] = await Promise.all([
           formatters.parseDashboard(await this.http.get('/mypage/myMain/dashboard.do', { menuNo: MENU_NO.DASHBOARD })),
           this.mentoring.list({ search: { field: 'author', value: '@me', me: true } }),
@@ -176,6 +208,10 @@ export class SomaClient {
           title: item.title,
           url: `/mypage/mentoLec/view.do?qustnrSn=${item.id}`,
           status: item.status,
+          date: item.sessionDate,
+          time: item.sessionTime.start,
+          timeEnd: item.sessionTime.end,
+          type: item.type,
         }))
         return dashboard
       },
@@ -183,49 +219,86 @@ export class SomaClient {
 
     this.notice = {
       list: async (options) => {
+        await this.requireAuth()
         const html = await this.http.get('/mypage/myNotice/list.do', {
           menuNo: MENU_NO.NOTICE,
           ...(options?.page ? { pageIndex: String(options.page) } : {}),
         })
-        return { items: formatters.parseNoticeList(html), pagination: formatters.parsePagination(html) }
+        return {
+          items: formatters.parseNoticeList(html),
+          pagination: formatters.parsePagination(html),
+        }
       },
-      get: async (id) =>
-        formatters.parseNoticeDetail(
-          await this.http.get('/mypage/myNotice/view.do', { menuNo: MENU_NO.NOTICE, nttId: String(id) }),
+      get: async (id) => {
+        await this.requireAuth()
+        return formatters.parseNoticeDetail(
+          await this.http.get('/mypage/myNotice/view.do', {
+            menuNo: MENU_NO.NOTICE,
+            nttId: String(id),
+          }),
           id,
-        ),
+        )
+      },
     }
 
     this.team = {
-      show: async () =>
-        formatters.parseTeamInfo(await this.http.get('/mypage/myTeam/team.do', { menuNo: MENU_NO.TEAM })),
+      show: async () => {
+        await this.requireAuth()
+        return formatters.parseTeamInfo(await this.http.get('/mypage/myTeam/team.do', { menuNo: MENU_NO.TEAM }))
+      },
     }
 
     this.member = {
-      show: async () =>
-        formatters.parseMemberInfo(
+      show: async () => {
+        await this.requireAuth()
+        return formatters.parseMemberInfo(
           await this.http.get('/mypage/myInfo/forUpdateMy.do', { menuNo: MENU_NO.MEMBER_INFO }),
-        ),
+        )
+      },
     }
 
     this.event = {
       list: async (options) => {
+        await this.requireAuth()
         const html = await this.http.get('/mypage/applicants/list.do', {
           menuNo: MENU_NO.EVENT,
           ...(options?.page ? { pageIndex: String(options.page) } : {}),
         })
-        return { items: formatters.parseEventList(html), pagination: formatters.parsePagination(html) }
+        return {
+          items: formatters.parseEventList(html),
+          pagination: formatters.parsePagination(html),
+        }
+      },
+      get: async (id) => {
+        await this.requireAuth()
+        return parseEventDetail(
+          await this.http.get('/mypage/applicants/view.do', {
+            menuNo: MENU_NO.EVENT,
+            bbsId: String(id),
+          }),
+        )
       },
-      get: async (id) =>
-        parseEventDetail(
-          await this.http.get('/mypage/applicants/view.do', { menuNo: MENU_NO.EVENT, bbsId: String(id) }),
-        ),
       apply: async (id) => {
+        await this.requireAuth()
         await this.http.post('/application/application/application.do', buildApplicationPayload(id))
       },
     }
   }
 
+  getSessionData(): { sessionCookie: string | undefined; csrfToken: string | null } {
+    return {
+      sessionCookie: this.http.getSessionCookie(),
+      csrfToken: this.http.getCsrfToken(),
+    }
+  }
+
+  private async requireAuth(): Promise<void> {
+    const identity = await this.http.checkLogin()
+    if (!identity) {
+      throw new AuthenticationError()
+    }
+  }
+
   private async resolveUser(): Promise<UserIdentity | undefined> {
     const identity = await this.http.checkLogin()
     return identity ?? undefined
@@ -261,4 +334,31 @@ export class SomaClient {
       loggedInAt: new Date().toISOString(),
     })
   }
+
+  private containsErrorIndicator(html: string): boolean {
+    const errorPatterns = [
+      'class="error"',
+      'class="alert-danger"',
+      'alert-error',
+      '오류가 발생했습니다',
+      '등록에 실패했습니다',
+      '실패하였습니다',
+      '잘못된 접근',
+      '권한이 없습니다',
+      '<script>alert(',
+    ]
+    return errorPatterns.some((pattern) => html.includes(pattern))
+  }
+
+  private extractErrorMessage(html: string): string | null {
+    const alertMatch = html.match(/<script>alert\(['"](.+?)['"]\)/)
+    if (alertMatch) {
+      return alertMatch[1]
+    }
+    const errorDivMatch = html.match(/class="error[^"]*"[^>]*>\s*([^<]+)/)
+    if (errorDivMatch) {
+      return errorDivMatch[1].trim()
+    }
+    return null
+  }
 }

package/src/commands/auth.test.ts

@@ -0,0 +1,55 @@
+import { describe, expect, test } from 'bun:test'
+
+import { resolveExtractedCredentials } from './auth'
+
+describe('resolveExtractedCredentials', () => {
+  test('returns the first candidate that validates successfully', async () => {
+    const calls: string[] = []
+
+    const credentials = await resolveExtractedCredentials(
+      [
+        { browser: 'Chrome', lastAccessUtc: 30, profile: 'Default', sessionCookie: 'stale-session' },
+        { browser: 'Chrome', lastAccessUtc: 20, profile: 'Profile 1', sessionCookie: 'valid-session' },
+      ],
+      (sessionCookie) => ({
+        checkLogin: async () => {
+          calls.push(`check:${sessionCookie}`)
+          return sessionCookie === 'valid-session' ? { userId: 'neo', userNm: 'Neo' } : null
+        },
+        extractCsrfToken: async () => {
+          calls.push(`csrf:${sessionCookie}`)
+          return `${sessionCookie}-csrf`
+        },
+      }),
+    )
+
+    expect(credentials).toEqual({
+      sessionCookie: 'valid-session',
+      csrfToken: 'valid-session-csrf',
+    })
+    expect(calls).toEqual(['check:stale-session', 'check:valid-session', 'csrf:valid-session'])
+  })
+
+  test('returns null when every candidate is invalid or throws', async () => {
+    const credentials = await resolveExtractedCredentials(
+      [
+        { browser: 'Chrome', lastAccessUtc: 30, profile: 'Default', sessionCookie: 'stale-session' },
+        { browser: 'Edge', lastAccessUtc: 20, profile: 'Profile 1', sessionCookie: 'broken-session' },
+      ],
+      (sessionCookie) => ({
+        checkLogin: async () => {
+          if (sessionCookie === 'broken-session') {
+            throw new Error('network error')
+          }
+
+          return null
+        },
+        extractCsrfToken: async () => {
+          throw new Error('should not be called')
+        },
+      }),
+    )
+
+    expect(credentials).toBeNull()
+  })
+})

package/src/commands/auth.ts

@@ -1,14 +1,39 @@
 import { Command } from 'commander'
 
-import { CredentialManager } from '@/credential-manager'
-import { SomaHttp } from '@/http'
-import { handleError } from '@/shared/utils/error-handler'
-import { formatOutput } from '@/shared/utils/output'
-import { warn } from '@/shared/utils/stderr'
+import { CredentialManager } from '../credential-manager'
+import { SomaHttp } from '../http'
+import { handleError } from '../shared/utils/error-handler'
+import { formatOutput } from '../shared/utils/output'
+import type { ExtractedSessionCandidate } from '../token-extractor'
 
 type LoginOptions = { username?: string; password?: string; pretty?: boolean }
 type StatusOptions = { pretty?: boolean }
 type ExtractOptions = { pretty?: boolean }
+type ExtractedSessionValidator = Pick<SomaHttp, 'checkLogin' | 'extractCsrfToken'>
+
+export async function resolveExtractedCredentials(
+  candidates: ExtractedSessionCandidate[],
+  createValidator: (sessionCookie: string) => ExtractedSessionValidator = (sessionCookie) =>
+    new SomaHttp({ sessionCookie }),
+): Promise<{ csrfToken: string; sessionCookie: string } | null> {
+  for (const candidate of candidates) {
+    const http = createValidator(candidate.sessionCookie)
+
+    try {
+      const valid = Boolean(await http.checkLogin())
+      if (!valid) {
+        continue
+      }
+
+      return {
+        sessionCookie: candidate.sessionCookie,
+        csrfToken: await http.extractCsrfToken(),
+      }
+    } catch {}
+  }
+
+  return null
+}
 
 async function loginAction(options: LoginOptions): Promise<void> {
   try {
@@ -21,10 +46,19 @@ async function loginAction(options: LoginOptions): Promise<void> {
     const http = new SomaHttp()
     await http.login(username, password)
 
-    const sessionCookie = http.getSessionCookie()
     const csrfToken = http.getCsrfToken()
-    if (!sessionCookie || !csrfToken) {
-      throw new Error('Login succeeded but session information is missing')
+    if (!csrfToken) {
+      throw new Error('Login succeeded but CSRF token is missing')
+    }
+
+    const valid = Boolean(await http.checkLogin())
+    if (!valid) {
+      throw new Error('Login succeeded but session is not valid')
+    }
+
+    const sessionCookie = http.getSessionCookie()
+    if (!sessionCookie) {
+      throw new Error('Login succeeded but session cookie is missing')
     }
 
     await new CredentialManager().setCredentials({
@@ -85,40 +119,30 @@ async function statusAction(options: StatusOptions): Promise<void> {
 
 async function extractAction(options: ExtractOptions): Promise<void> {
   try {
-    const { TokenExtractor } = (await import(
-      '../token-extractor'
-    )) as {
-      TokenExtractor: new () => { extract: () => Promise<{ sessionCookie: string } | null> }
+    const { TokenExtractor } = (await import('../token-extractor')) as {
+      TokenExtractor: new () => { extractCandidates: () => Promise<ExtractedSessionCandidate[]> }
     }
     const extractor = new TokenExtractor()
-    const result = await extractor.extract()
-    if (!result) {
-      throw new Error('No SWMaestro session found in any browser. Login to swmaestro.ai in a supported Chromium browser (Chrome, Edge, Brave, Arc, Vivaldi) first.')
+    const candidates = await extractor.extractCandidates()
+    if (candidates.length === 0) {
+      throw new Error(
+        'No SWMaestro session found in any browser. Login to swmaestro.ai in a supported Chromium browser (Chrome, Edge, Brave, Arc, Vivaldi) first.',
+      )
     }
 
-    const http = new SomaHttp({ sessionCookie: result.sessionCookie })
-
-    let valid = false
-    let csrfToken: string | undefined
-    try {
-      valid = Boolean(await http.checkLogin())
-      if (valid) {
-        csrfToken = await http.extractCsrfToken()
-      }
-    } catch {
-      valid = false
-    }
-
-    if (!valid) {
-      warn('Warning: Could not validate session. Cookies may be expired.')
+    const credentials = await resolveExtractedCredentials(candidates)
+    if (!credentials) {
+      throw new Error(
+        'Found SWMaestro session cookies in supported browsers, but none are valid. Refresh your swmaestro.ai login in a supported Chromium browser and try again.',
+      )
     }
 
     await new CredentialManager().setCredentials({
-      sessionCookie: result.sessionCookie,
-      csrfToken: csrfToken ?? '',
+      sessionCookie: credentials.sessionCookie,
+      csrfToken: credentials.csrfToken,
       loggedInAt: new Date().toISOString(),
     })
-    console.log(formatOutput({ ok: true, extracted: true, valid }, options.pretty))
+    console.log(formatOutput({ ok: true, extracted: true, valid: true }, options.pretty))
   } catch (error) {
     handleError(error)
   }