opensteer 0.6.2 → 0.6.4

package/bin/opensteer.mjs

@@ -27,6 +27,13 @@ const SKILLS_INSTALLER_SCRIPT = join(
     'skills-installer.js'
 )
 const PROFILE_CLI_SCRIPT = join(__dirname, '..', 'dist', 'cli', 'profile.js')
+const LOCAL_PROFILE_CLI_SCRIPT = join(
+    __dirname,
+    '..',
+    'dist',
+    'cli',
+    'local-profile.js'
+)
 const AUTH_CLI_SCRIPT = join(__dirname, '..', 'dist', 'cli', 'auth.js')
 const SKILLS_HELP_TEXT = `Usage: opensteer skills <install|add> [options]
 
@@ -60,6 +67,15 @@ Commands:
 
 Run "opensteer profile --help" after building for full command details.
 `
+const LOCAL_PROFILE_HELP_TEXT = `Usage: opensteer local-profile <command> [options]
+
+Inspect local Chrome profiles for real-browser mode.
+
+Commands:
+  list
+
+Run "opensteer local-profile --help" after building for full command details.
+`
 const AUTH_HELP_TEXT = `Usage: opensteer auth <command> [options]
 
 Authenticate Opensteer CLI with Opensteer Cloud.
@@ -87,6 +103,7 @@ const CLOSE_ALL_REQUEST = { id: 1, command: 'close', args: {} }
 const PING_REQUEST = { id: 1, command: 'ping', args: {} }
 const SESSION_ID_PATTERN = /^[a-zA-Z0-9_-]+$/
 const RUNTIME_SESSION_PREFIX = 'sc-'
+const BOOLEAN_FLAGS = new Set(['all', 'headless', 'headed', 'json'])
 
 function getVersion() {
     try {
@@ -118,7 +135,14 @@ function parseArgs(argv) {
         if (arg.startsWith('--')) {
             const key = arg.slice(2)
             const next = args[i + 1]
-            if (next !== undefined && !next.startsWith('--')) {
+            if (
+                BOOLEAN_FLAGS.has(key) &&
+                next !== undefined &&
+                next !== 'true' &&
+                next !== 'false'
+            ) {
+                flags[key] = true
+            } else if (next !== undefined && !next.startsWith('--')) {
                 flags[key] = parseValue(next)
                 i++
             } else {
@@ -334,9 +358,11 @@ function buildRequest(command, flags, positional) {
     for (const key of [
         'headless',
         'json',
-        'connect-url',
-        'channel',
-        'profile-dir',
+        'browser',
+        'profile',
+        'cdp-url',
+        'user-data-dir',
+        'browser-path',
         'cloud-profile-id',
         'cloud-profile-reuse-if-active',
         'cursor',
@@ -348,6 +374,11 @@ function buildRequest(command, flags, positional) {
     }
 
     const args = { ...globalFlags, ...flags }
+    if ('headed' in flags) {
+        const headed = flags.headed === false ? false : Boolean(flags.headed)
+        args.headless = args.headless ?? !headed
+        delete args.headed
+    }
 
     switch (command) {
         case 'open':
@@ -975,6 +1006,30 @@ async function runProfileSubcommand(args) {
     }
 }
 
+async function runLocalProfileSubcommand(args) {
+    if (
+        args.length === 0 ||
+        args.includes('--help') ||
+        args.includes('-h')
+    ) {
+        process.stdout.write(LOCAL_PROFILE_HELP_TEXT)
+        return
+    }
+
+    if (!existsSync(LOCAL_PROFILE_CLI_SCRIPT)) {
+        throw new Error(
+            `Local profile CLI module was not found at "${LOCAL_PROFILE_CLI_SCRIPT}". Run "npm run build" to generate dist artifacts.`
+        )
+    }
+
+    const moduleUrl = pathToFileURL(LOCAL_PROFILE_CLI_SCRIPT).href
+    const { runOpensteerLocalProfileCli } = await import(moduleUrl)
+    const exitCode = await runOpensteerLocalProfileCli(args)
+    if (exitCode !== 0) {
+        process.exit(exitCode)
+    }
+}
+
 async function runAuthSubcommand(args) {
     if (isAuthHelpRequest(args)) {
         process.stdout.write(AUTH_HELP_TEXT)
@@ -1119,6 +1174,7 @@ Skills:
   skills add [options]      Alias for "skills install"
   skills --help             Show skills installer help
   profile <command>         Manage cloud browser profiles and cookie sync
+  local-profile <command>   Inspect local Chrome profiles for real-browser mode
   auth <command>            Manage cloud login credentials (login/status/logout)
   login                     Alias for "auth login"
   logout                    Alias for "auth logout"
@@ -1126,10 +1182,13 @@ Skills:
 Global Flags:
   --session <id>            Logical session id (scoped by canonical cwd)
   --name <namespace>        Selector namespace for cache storage on 'open'
-  --headless                Launch browser in headless mode
-  --connect-url <url>       Connect to a running browser (e.g. http://localhost:9222)
-  --channel <browser>       Use installed browser (chrome, chrome-beta, msedge)
-  --profile-dir <path>      Browser profile directory for logged-in sessions
+  --headless                Launch chromium mode in headless mode
+  --browser <mode>          Browser mode: chromium or real
+  --profile <name>          Browser profile directory name for real-browser mode
+  --headed                  Launch real-browser mode with a visible window
+  --cdp-url <url>           Connect to a running browser (e.g. http://localhost:9222)
+  --user-data-dir <path>    Browser user-data root for real-browser mode
+  --browser-path <path>     Override Chrome executable path for real-browser mode
   --cloud-profile-id <id>   Launch cloud session with a specific browser profile
   --cloud-profile-reuse-if-active <true|false>
                             Reuse active cloud session for that browser profile
@@ -1151,6 +1210,10 @@ Environment:
   OPENSTEER_BASE_URL        Override cloud control-plane base URL
   OPENSTEER_AUTH_SCHEME     Cloud auth scheme: api-key (default) or bearer
   OPENSTEER_REMOTE_ANNOUNCE Cloud session announcement policy: always (default), off, tty
+  OPENSTEER_BROWSER         Local browser mode: chromium or real
+  OPENSTEER_CDP_URL         Connect to a running browser (e.g. http://localhost:9222)
+  OPENSTEER_USER_DATA_DIR   Browser user-data root for real-browser mode
+  OPENSTEER_PROFILE_DIRECTORY Browser profile directory for real-browser mode
 `)
 }
 
@@ -1211,11 +1274,34 @@ async function main() {
         }
         return
     }
+    if (rawArgs[0] === 'local-profile') {
+        try {
+            await runLocalProfileSubcommand(rawArgs.slice(1))
+        } catch (err) {
+            const message =
+                err instanceof Error
+                    ? err.message
+                    : 'Failed to run local-profile command'
+            process.stderr.write(`${message}\n`)
+            process.exit(1)
+        }
+        return
+    }
 
     const scopeDir = resolveScopeDir()
 
     const { command, flags, positional } = parseArgs(process.argv)
 
+    if (
+        flags['connect-url'] !== undefined ||
+        flags.channel !== undefined ||
+        flags['profile-dir'] !== undefined
+    ) {
+        error(
+            '--connect-url, --channel, and --profile-dir are no longer supported. Use --cdp-url, --browser real, --profile, --user-data-dir, and --browser-path instead.'
+        )
+    }
+
     if (command === 'sessions') {
         output({ ok: true, sessions: listSessions() })
         return

package/dist/{browser-profile-client-DK9qa_Dj.d.cts → browser-profile-client-D6PuRefA.d.cts}

@@ -1,4 +1,4 @@
-import { O as OpensteerAuthScheme } from './types-BxiRblC7.cjs';
+import { O as OpensteerAuthScheme } from './types-BWItZPl_.cjs';
 
 type ActionFailureCode = 'TARGET_NOT_FOUND' | 'TARGET_UNAVAILABLE' | 'TARGET_STALE' | 'TARGET_AMBIGUOUS' | 'BLOCKED_BY_INTERCEPTOR' | 'NOT_VISIBLE' | 'NOT_ENABLED' | 'NOT_EDITABLE' | 'INVALID_TARGET' | 'INVALID_OPTIONS' | 'ACTION_TIMEOUT' | 'UNKNOWN';
 type ActionFailureClassificationSource = 'typed_error' | 'playwright_call_log' | 'dom_probe' | 'message_heuristic' | 'unknown';

package/dist/{browser-profile-client-CaL-mwqs.d.ts → browser-profile-client-OUHaODro.d.ts}

@@ -1,4 +1,4 @@
-import { O as OpensteerAuthScheme } from './types-BxiRblC7.js';
+import { O as OpensteerAuthScheme } from './types-BWItZPl_.js';
 
 type ActionFailureCode = 'TARGET_NOT_FOUND' | 'TARGET_UNAVAILABLE' | 'TARGET_STALE' | 'TARGET_AMBIGUOUS' | 'BLOCKED_BY_INTERCEPTOR' | 'NOT_VISIBLE' | 'NOT_ENABLED' | 'NOT_EDITABLE' | 'INVALID_TARGET' | 'INVALID_OPTIONS' | 'ACTION_TIMEOUT' | 'UNKNOWN';
 type ActionFailureClassificationSource = 'typed_error' | 'playwright_call_log' | 'dom_probe' | 'message_heuristic' | 'unknown';

package/dist/{chunk-7RMY26CM.js → chunk-54KNQTOL.js}

@@ -1,70 +1,32 @@
 import {
   DEFAULT_CLOUD_BASE_URL,
-  createKeychainStore,
   normalizeCloudBaseUrl,
   resolveCloudSelection,
   resolveConfigWithEnv,
+  selectCloudCredential,
   stripTrailingSlashes
-} from "./chunk-WDRMHPWL.js";
+} from "./chunk-KPPOTU3D.js";
 
 // src/cli/auth.ts
 import open from "open";
 
 // src/auth/credential-resolver.ts
 function resolveCloudCredential(options) {
-  const flagApiKey = normalizeToken(options.apiKeyFlag);
-  const flagAccessToken = normalizeToken(options.accessTokenFlag);
-  if (flagApiKey && flagAccessToken) {
-    throw new Error("--api-key and --access-token are mutually exclusive.");
-  }
-  if (flagAccessToken) {
-    return {
-      kind: "access-token",
-      source: "flag",
-      token: flagAccessToken,
-      authScheme: "bearer"
-    };
-  }
-  if (flagApiKey) {
-    return {
-      kind: "api-key",
-      source: "flag",
-      token: flagApiKey,
-      authScheme: "api-key"
-    };
+  const flagCredential = selectCloudCredential({
+    apiKey: options.apiKeyFlag,
+    accessToken: options.accessTokenFlag
+  });
+  if (flagCredential) {
+    return toResolvedCloudCredential("flag", flagCredential);
   }
   const envAuthScheme = parseEnvAuthScheme(options.env.OPENSTEER_AUTH_SCHEME);
-  const envApiKey = normalizeToken(options.env.OPENSTEER_API_KEY);
-  const envAccessToken = normalizeToken(options.env.OPENSTEER_ACCESS_TOKEN);
-  if (envApiKey && envAccessToken) {
-    throw new Error(
-      "OPENSTEER_API_KEY and OPENSTEER_ACCESS_TOKEN are mutually exclusive. Set only one."
-    );
-  }
-  if (envAccessToken) {
-    return {
-      kind: "access-token",
-      source: "env",
-      token: envAccessToken,
-      authScheme: "bearer"
-    };
-  }
-  if (envApiKey) {
-    if (envAuthScheme === "bearer") {
-      return {
-        kind: "access-token",
-        source: "env",
-        token: envApiKey,
-        authScheme: "bearer",
-        compatibilityBearerApiKey: true
-      };
-    }
-    return {
-      kind: "api-key",
-      source: "env",
-      token: envApiKey,
-      authScheme: envAuthScheme ?? "api-key"
-    };
+  const envCredential = selectCloudCredential({
+    apiKey: options.env.OPENSTEER_API_KEY,
+    accessToken: options.env.OPENSTEER_ACCESS_TOKEN,
+    authScheme: envAuthScheme
+  });
+  if (envCredential) {
+    return toResolvedCloudCredential("env", envCredential);
   }
   return null;
 }
@@ -94,12 +56,168 @@ function normalizeToken(value) {
   const normalized = value.trim();
   return normalized.length ? normalized : void 0;
 }
+function toResolvedCloudCredential(source, credential) {
+  if (credential.compatibilityBearerApiKey) {
+    return {
+      kind: credential.kind,
+      source,
+      token: credential.token,
+      authScheme: credential.authScheme,
+      compatibilityBearerApiKey: true
+    };
+  }
+  return {
+    kind: credential.kind,
+    source,
+    token: credential.token,
+    authScheme: credential.authScheme
+  };
+}
 
 // src/auth/machine-credential-store.ts
 import { createHash } from "crypto";
 import fs from "fs";
 import os from "os";
 import path from "path";
+
+// src/auth/keychain-store.ts
+import { spawnSync } from "child_process";
+function commandExists(command) {
+  const result = spawnSync(command, ["--help"], {
+    encoding: "utf8",
+    stdio: "ignore"
+  });
+  return result.error == null;
+}
+function commandFailed(result) {
+  return typeof result.status === "number" && result.status !== 0;
+}
+function sanitizeCommandArgs(command, args) {
+  if (command !== "security") {
+    return args;
+  }
+  const sanitized = [];
+  for (let index = 0; index < args.length; index += 1) {
+    const value = args[index];
+    sanitized.push(value);
+    if (value === "-w" && index + 1 < args.length) {
+      sanitized.push("[REDACTED]");
+      index += 1;
+    }
+  }
+  return sanitized;
+}
+function buildCommandError(command, args, result) {
+  const stderr = typeof result.stderr === "string" && result.stderr.trim() ? result.stderr.trim() : `Command "${command}" failed with status ${String(result.status)}.`;
+  const sanitizedArgs = sanitizeCommandArgs(command, args);
+  return new Error(
+    [
+      `Unable to persist credential via ${command}.`,
+      `${command} ${sanitizedArgs.join(" ")}`,
+      stderr
+    ].join(" ")
+  );
+}
+function createMacosSecurityStore() {
+  return {
+    backend: "macos-security",
+    get(service, account) {
+      const result = spawnSync(
+        "security",
+        ["find-generic-password", "-s", service, "-a", account, "-w"],
+        { encoding: "utf8" }
+      );
+      if (commandFailed(result)) {
+        return null;
+      }
+      const secret = result.stdout.trim();
+      return secret.length ? secret : null;
+    },
+    set(service, account, secret) {
+      const args = [
+        "add-generic-password",
+        "-U",
+        "-s",
+        service,
+        "-a",
+        account,
+        "-w",
+        secret
+      ];
+      const result = spawnSync("security", args, { encoding: "utf8" });
+      if (commandFailed(result)) {
+        throw buildCommandError("security", args, result);
+      }
+    },
+    delete(service, account) {
+      const args = ["delete-generic-password", "-s", service, "-a", account];
+      const result = spawnSync("security", args, { encoding: "utf8" });
+      if (commandFailed(result)) {
+        return;
+      }
+    }
+  };
+}
+function createLinuxSecretToolStore() {
+  return {
+    backend: "linux-secret-tool",
+    get(service, account) {
+      const result = spawnSync(
+        "secret-tool",
+        ["lookup", "service", service, "account", account],
+        {
+          encoding: "utf8"
+        }
+      );
+      if (commandFailed(result)) {
+        return null;
+      }
+      const secret = result.stdout.trim();
+      return secret.length ? secret : null;
+    },
+    set(service, account, secret) {
+      const args = [
+        "store",
+        "--label",
+        "Opensteer CLI",
+        "service",
+        service,
+        "account",
+        account
+      ];
+      const result = spawnSync("secret-tool", args, {
+        encoding: "utf8",
+        input: secret
+      });
+      if (commandFailed(result)) {
+        throw buildCommandError("secret-tool", args, result);
+      }
+    },
+    delete(service, account) {
+      const args = ["clear", "service", service, "account", account];
+      spawnSync("secret-tool", args, {
+        encoding: "utf8"
+      });
+    }
+  };
+}
+function createKeychainStore() {
+  if (process.platform === "darwin") {
+    if (!commandExists("security")) {
+      return null;
+    }
+    return createMacosSecurityStore();
+  }
+  if (process.platform === "linux") {
+    if (!commandExists("secret-tool")) {
+      return null;
+    }
+    return createLinuxSecretToolStore();
+  }
+  return null;
+}
+
+// src/auth/machine-credential-store.ts
 var METADATA_VERSION = 2;
 var ACTIVE_TARGET_VERSION = 2;
 var KEYCHAIN_SERVICE = "com.opensteer.cli.cloud";
@@ -1025,8 +1143,6 @@ async function runLogin(args, deps) {
     return 0;
   }
   writeHumanLine(deps, "Opensteer CLI login successful.");
-  writeHumanLine(deps, `  API Base URL: ${baseUrl}`);
-  writeHumanLine(deps, `  Expires At: ${new Date(login.expiresAt).toISOString()}`);
   return 0;
 }
 async function runStatus(args, deps) {
@@ -1122,6 +1238,7 @@ async function runOpensteerAuthCli(rawArgs, overrideDeps = {}) {
 }
 
 export {
+  createKeychainStore,
   parseOpensteerAuthArgs,
   isCloudModeEnabledForRootDir,
   ensureCloudCredentialsForOpenCommand,

package/dist/{chunk-WJI7TGBQ.js → chunk-6B6LOYU3.js}

@@ -2,7 +2,7 @@ import {
   cloudAuthHeaders,
   normalizeCloudBaseUrl,
   parseCloudHttpError
-} from "./chunk-WDRMHPWL.js";
+} from "./chunk-KPPOTU3D.js";
 
 // src/cloud/browser-profile-client.ts
 var BrowserProfileClient = class {