pi-oracle 0.3.4 → 0.4.0

package/extensions/oracle/shared/state-coordination-helpers.mjs

@@ -0,0 +1,381 @@
+// Purpose: Provide shared atomic lock/lease state helpers for oracle coordination across extension and worker processes.
+// Responsibilities: Create lock/lease directories atomically, publish metadata safely, reclaim stale incomplete state, and enumerate lease metadata.
+// Scope: Filesystem-backed concurrency primitives only; higher-level admission and queue behavior stays in wrapper modules.
+// Usage: Imported by lib/locks.ts and worker/state-locks.mjs so both layers share identical crash-recovery semantics.
+// Invariants/Assumptions: State lives under a private per-machine directory, and final published state dirs must never appear without complete metadata.
+
+import { createHash } from "node:crypto";
+import { existsSync, readdirSync, readFileSync, statSync } from "node:fs";
+import { chmod, mkdir, readFile, rename, rm, writeFile } from "node:fs/promises";
+import { basename, join } from "node:path";
+import { isProcessAlive } from "./process-helpers.mjs";
+
+const DEFAULT_WAIT_MS = 30_000;
+const POLL_MS = 200;
+export const ORACLE_METADATA_WRITE_GRACE_MS = 1_000;
+/** Incomplete `.tmp-*` dirs are in-flight atomic creates; a 1s grace is too short under multi-process sweep + slow FS. */
+export const ORACLE_TMP_STATE_DIR_GRACE_MS = 60_000;
+
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+/**
+ * @param {string} path
+ * @returns {Promise<void>}
+ */
+async function ensurePrivateDir(path) {
+  await mkdir(path, { recursive: true, mode: 0o700 });
+  await chmod(path, 0o700).catch(() => undefined);
+}
+
+/**
+ * @param {string} kind
+ * @param {string} key
+ * @returns {string}
+ */
+export function hashOracleStateKey(kind, key) {
+  return `${kind}-${createHash("sha256").update(key).digest("hex").slice(0, 24)}`;
+}
+
+/**
+ * @param {string} stateDir
+ * @returns {string}
+ */
+export function getStateLocksDir(stateDir) {
+  return join(stateDir, "locks");
+}
+
+/**
+ * @param {string} stateDir
+ * @returns {string}
+ */
+export function getStateLeasesDir(stateDir) {
+  return join(stateDir, "leases");
+}
+
+/**
+ * @param {string} stateDir
+ * @param {string} kind
+ * @param {string} key
+ * @returns {string}
+ */
+function lockPath(stateDir, kind, key) {
+  return join(getStateLocksDir(stateDir), hashOracleStateKey(kind, key));
+}
+
+/**
+ * @param {string} stateDir
+ * @param {string} kind
+ * @param {string} key
+ * @returns {string}
+ */
+function leasePath(stateDir, kind, key) {
+  return join(getStateLeasesDir(stateDir), hashOracleStateKey(kind, key));
+}
+
+/**
+ * @param {string} path
+ * @returns {string}
+ */
+function getMetadataPath(path) {
+  return join(path, "metadata.json");
+}
+
+/**
+ * @param {string} path
+ * @param {unknown} metadata
+ * @returns {Promise<void>}
+ */
+async function writeMetadata(path, metadata) {
+  const targetPath = getMetadataPath(path);
+  const tempPath = join(path, `metadata.${process.pid}.${Date.now()}.${Math.random().toString(36).slice(2)}.tmp`);
+  await writeFile(tempPath, `${JSON.stringify(metadata, null, 2)}\n`, { encoding: "utf8", mode: 0o600 });
+  await chmod(tempPath, 0o600).catch(() => undefined);
+  await rename(tempPath, targetPath);
+  await chmod(targetPath, 0o600).catch(() => undefined);
+}
+
+/**
+ * @param {string} parentDir
+ * @param {string} finalPath
+ * @param {unknown} metadata
+ * @returns {Promise<void>}
+ */
+async function createStateDirAtomically(parentDir, finalPath, metadata) {
+  const tempPath = join(parentDir, `.tmp-${basename(finalPath)}.${process.pid}.${Date.now()}.${Math.random().toString(36).slice(2)}`);
+  await mkdir(tempPath, { recursive: false, mode: 0o700 });
+  try {
+    await writeMetadata(tempPath, metadata);
+    await rename(tempPath, finalPath);
+  } catch (error) {
+    await rm(tempPath, { recursive: true, force: true }).catch(() => undefined);
+    throw error;
+  }
+}
+
+/**
+ * @param {string} path
+ * @returns {"present" | "missing" | "invalid"}
+ */
+function getMetadataState(path) {
+  const metadataPath = getMetadataPath(path);
+  if (!existsSync(metadataPath)) return "missing";
+  try {
+    JSON.parse(readFileSync(metadataPath, "utf8"));
+    return "present";
+  } catch {
+    return "invalid";
+  }
+}
+
+/**
+ * @param {string} path
+ * @param {number} [now]
+ * @returns {boolean}
+ */
+function isIncompleteStateDirStale(path, now = Date.now()) {
+  try {
+    const stats = statSync(path);
+    const baselineMs = Math.max(stats.mtimeMs, stats.ctimeMs);
+    const graceMs = basename(path).startsWith(".tmp-") ? ORACLE_TMP_STATE_DIR_GRACE_MS : ORACLE_METADATA_WRITE_GRACE_MS;
+    return now - baselineMs >= graceMs;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * @param {string} path
+ * @returns {number | undefined}
+ */
+function readLockProcessPid(path) {
+  const metadataPath = getMetadataPath(path);
+  if (!existsSync(metadataPath)) return undefined;
+  try {
+    const metadata = JSON.parse(readFileSync(metadataPath, "utf8"));
+    return typeof metadata?.processPid === "number" && Number.isInteger(metadata.processPid) && metadata.processPid > 0
+      ? metadata.processPid
+      : undefined;
+  } catch {
+    return undefined;
+  }
+}
+
+/**
+ * @param {unknown} error
+ * @returns {boolean}
+ */
+function isStateDirExistsError(error) {
+  return Boolean(error && typeof error === "object" && "code" in error && (error.code === "EEXIST" || error.code === "ENOTEMPTY"));
+}
+
+/**
+ * @param {string} path
+ * @param {number} [now]
+ * @returns {Promise<boolean>}
+ */
+async function maybeReclaimIncompleteStateDir(path, now = Date.now()) {
+  if (getMetadataState(path) === "present") return false;
+  if (!isIncompleteStateDirStale(path, now)) return false;
+  await rm(path, { recursive: true, force: true }).catch(() => undefined);
+  return true;
+}
+
+/**
+ * @param {string} path
+ * @param {number} [now]
+ * @returns {Promise<boolean>}
+ */
+async function maybeReclaimStaleLock(path, now = Date.now()) {
+  if (await maybeReclaimIncompleteStateDir(path, now)) return true;
+  const processPid = readLockProcessPid(path);
+  if (!processPid || isProcessAlive(processPid)) return false;
+  await rm(path, { recursive: true, force: true }).catch(() => undefined);
+  return true;
+}
+
+/**
+ * @param {string} stateDir
+ * @param {number} [now]
+ * @returns {Promise<string[]>}
+ */
+export async function sweepStaleStateLocks(stateDir, now = Date.now()) {
+  const dir = getStateLocksDir(stateDir);
+  if (!existsSync(dir)) return [];
+  const removed = [];
+  for (const name of readdirSync(dir)) {
+    const path = join(dir, name);
+    if (await maybeReclaimStaleLock(path, now)) {
+      removed.push(path);
+    }
+  }
+  return removed;
+}
+
+/**
+ * @param {string} stateDir
+ * @param {string} kind
+ * @param {string} key
+ * @param {unknown} metadata
+ * @param {number} [timeoutMs]
+ * @returns {Promise<string>}
+ */
+export async function acquireStateLock(stateDir, kind, key, metadata, timeoutMs = DEFAULT_WAIT_MS) {
+  const parentDir = getStateLocksDir(stateDir);
+  const path = join(parentDir, hashOracleStateKey(kind, key));
+  const deadline = Date.now() + timeoutMs;
+  await ensurePrivateDir(stateDir);
+  await ensurePrivateDir(parentDir);
+
+  while (Date.now() < deadline) {
+    try {
+      await createStateDirAtomically(parentDir, path, metadata);
+      return path;
+    } catch (error) {
+      if (!isStateDirExistsError(error)) throw error;
+      if (await maybeReclaimStaleLock(path)) continue;
+    }
+    await sleep(POLL_MS);
+  }
+
+  throw new Error(`Timed out waiting for oracle ${kind} lock: ${key}`);
+}
+
+/**
+ * @param {string | undefined} path
+ * @returns {Promise<void>}
+ */
+export async function releaseStatePath(path) {
+  if (!path) return;
+  await rm(path, { recursive: true, force: true }).catch(() => undefined);
+}
+
+/**
+ * @template T
+ * @param {string} stateDir
+ * @param {string} kind
+ * @param {string} key
+ * @param {unknown} metadata
+ * @param {() => Promise<T>} fn
+ * @param {number} [timeoutMs]
+ * @returns {Promise<T>}
+ */
+export async function withStateLock(stateDir, kind, key, metadata, fn, timeoutMs = DEFAULT_WAIT_MS) {
+  const handle = await acquireStateLock(stateDir, kind, key, metadata, timeoutMs);
+  try {
+    return await fn();
+  } finally {
+    await releaseStatePath(handle);
+  }
+}
+
+/**
+ * @param {string} stateDir
+ * @param {string} kind
+ * @param {string} key
+ * @param {unknown} metadata
+ * @param {number} [timeoutMs]
+ * @returns {Promise<string>}
+ */
+export async function createStateLease(stateDir, kind, key, metadata, timeoutMs = DEFAULT_WAIT_MS) {
+  const parentDir = getStateLeasesDir(stateDir);
+  const path = join(parentDir, hashOracleStateKey(kind, key));
+  const deadline = Date.now() + timeoutMs;
+  await ensurePrivateDir(stateDir);
+  await ensurePrivateDir(parentDir);
+
+  while (Date.now() < deadline) {
+    try {
+      await createStateDirAtomically(parentDir, path, metadata);
+      return path;
+    } catch (error) {
+      if (!isStateDirExistsError(error)) throw error;
+      if (await maybeReclaimIncompleteStateDir(path)) continue;
+      if (getMetadataState(path) === "present") throw error;
+    }
+    await sleep(POLL_MS);
+  }
+
+  throw new Error(`Timed out waiting for oracle ${kind} lease: ${key}`);
+}
+
+/**
+ * @param {string} stateDir
+ * @param {string} kind
+ * @param {string} key
+ * @param {unknown} metadata
+ * @returns {Promise<string>}
+ */
+export async function writeStateLeaseMetadata(stateDir, kind, key, metadata) {
+  const parentDir = getStateLeasesDir(stateDir);
+  const path = join(parentDir, hashOracleStateKey(kind, key));
+  await ensurePrivateDir(stateDir);
+  await ensurePrivateDir(parentDir);
+  if (existsSync(path)) {
+    await chmod(path, 0o700).catch(() => undefined);
+    await writeMetadata(path, metadata);
+    return path;
+  }
+  try {
+    await createStateDirAtomically(parentDir, path, metadata);
+  } catch (error) {
+    if (!isStateDirExistsError(error)) throw error;
+    if (await maybeReclaimIncompleteStateDir(path)) {
+      await createStateDirAtomically(parentDir, path, metadata);
+    } else {
+      await writeMetadata(path, metadata);
+    }
+  }
+  return path;
+}
+
+/**
+ * @template T
+ * @param {string} stateDir
+ * @param {string} kind
+ * @param {string} key
+ * @returns {Promise<T | undefined>}
+ */
+export async function readStateLeaseMetadata(stateDir, kind, key) {
+  const path = getMetadataPath(leasePath(stateDir, kind, key));
+  if (!existsSync(path)) return undefined;
+  try {
+    return JSON.parse(await readFile(path, "utf8"));
+  } catch {
+    return undefined;
+  }
+}
+
+/**
+ * @template T
+ * @param {string} stateDir
+ * @param {string} kind
+ * @returns {T[]}
+ */
+export function listStateLeaseMetadata(stateDir, kind) {
+  const dir = getStateLeasesDir(stateDir);
+  if (!existsSync(dir)) return [];
+  return readdirSync(dir)
+    .filter((name) => name.startsWith(`${kind}-`))
+    .map((name) => join(dir, name, "metadata.json"))
+    .filter((path) => existsSync(path))
+    .flatMap((path) => {
+      try {
+        return [JSON.parse(readFileSync(path, "utf8"))];
+      } catch {
+        return [];
+      }
+    });
+}
+
+/**
+ * @param {string} stateDir
+ * @param {string} kind
+ * @param {string | undefined} key
+ * @returns {Promise<void>}
+ */
+export async function releaseStateLease(stateDir, kind, key) {
+  if (!key) return;
+  await rm(leasePath(stateDir, kind, key), { recursive: true, force: true }).catch(() => undefined);
+}

package/extensions/oracle/worker/artifact-heuristics.mjs

@@ -1,3 +1,8 @@
+// Purpose: Parse agent-browser snapshots and infer likely downloadable artifact labels from response UI structure.
+// Responsibilities: Extract snapshot entries, detect candidate filenames, and partition strong versus suspicious artifact signals.
+// Scope: Pure heuristic parsing only; browser interaction and artifact download orchestration stay in the worker.
+// Usage: Imported by worker runtime code, UI helper modules, and sanity tests to keep artifact detection behavior deterministic.
+// Invariants/Assumptions: Snapshot text comes from agent-browser `snapshot -i`, and heuristics should prefer false negatives over noisy false positives.
 export const FILE_LABEL_PATTERN_SOURCE = String.raw`(?:^|[^A-Za-z0-9._~/-])((?:(?:[A-Za-z]:)?[\\/]|[.~][\\/])?(?:[^\\/\s"'<>|]+[\\/])*[^\\/\s"'<>|]+\.[A-Za-z0-9]{1,12})(?=$|[^A-Za-z0-9._~/-])`;
 const FILE_LABEL_PATTERN = new RegExp(FILE_LABEL_PATTERN_SOURCE, "g");
 export const GENERIC_ARTIFACT_LABELS = ["ATTACHED", "DONE"];

package/extensions/oracle/worker/auth-bootstrap.mjs

@@ -1,3 +1,8 @@
+// Purpose: Bootstrap isolated oracle browser auth by importing real Chrome cookies and validating ChatGPT session readiness.
+// Responsibilities: Copy/import cookies, classify auth pages, drive lightweight account-selection flows, and persist diagnostics for auth failures.
+// Scope: Auth bootstrap worker only; long-running oracle job execution stays in run-job.mjs and shared lifecycle/state helpers stay elsewhere.
+// Usage: Spawned by /oracle-auth to prepare the shared auth seed profile used by future oracle jobs.
+// Invariants/Assumptions: Runs against a local macOS Chrome profile, preserves private diagnostics, and must fail clearly when auth state cannot be verified.
 import { withLock } from "./state-locks.mjs";
 import { spawn } from "node:child_process";
 import { existsSync } from "node:fs";
@@ -7,6 +12,7 @@ import { basename, dirname, join, resolve } from "node:path";
 import { getCookies } from "@steipete/sweet-cookie";
 import { ensureAccountCookie, filterImportableAuthCookies } from "./auth-cookie-policy.mjs";
 import { buildAllowedChatGptOrigins } from "./chatgpt-ui-helpers.mjs";
+import { buildAccountChooserCandidateLabels, classifyChatAuthPage, normalizeLoginProbeResult } from "./auth-flow-helpers.mjs";
 
 const rawConfig = process.argv[2];
 if (!rawConfig) {
@@ -42,6 +48,17 @@ const AGENT_BROWSER_BIN = [process.env.AGENT_BROWSER_PATH, "/opt/homebrew/bin/ag
   (candidate) => typeof candidate === "string" && candidate && existsSync(candidate),
 ) || "agent-browser";
 
+function readPositiveIntEnv(name, fallback) {
+  const value = process.env[name]?.trim();
+  if (!value) return fallback;
+  const parsed = Number.parseInt(value, 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+
+const AGENT_BROWSER_COMMAND_TIMEOUT_MS = readPositiveIntEnv("PI_ORACLE_AUTH_AGENT_BROWSER_TIMEOUT_MS", 30_000);
+const AGENT_BROWSER_CLOSE_TIMEOUT_MS = readPositiveIntEnv("PI_ORACLE_AUTH_CLOSE_TIMEOUT_MS", 10_000);
+const AGENT_BROWSER_KILL_GRACE_MS = readPositiveIntEnv("PI_ORACLE_AUTH_KILL_GRACE_MS", 2_000);
+
 let runtimeProfileDir = config.browser.authSeedProfileDir;
 
 function authSessionName() {
@@ -78,12 +95,25 @@ async function log(message) {
 
 function spawnCommand(command, args, options = {}) {
   return new Promise((resolve, reject) => {
+    const { timeoutMs = AGENT_BROWSER_COMMAND_TIMEOUT_MS, ...spawnOptions } = options;
     const child = spawn(command, args, {
       stdio: ["pipe", "pipe", "pipe"],
-      ...options,
+      ...spawnOptions,
     });
     let stdout = "";
     let stderr = "";
+    let timedOut = false;
+    let killTimer;
+    let killGraceTimer;
+    if (typeof timeoutMs === "number" && timeoutMs > 0) {
+      killTimer = setTimeout(() => {
+        timedOut = true;
+        child.kill("SIGTERM");
+        killGraceTimer = setTimeout(() => child.kill("SIGKILL"), AGENT_BROWSER_KILL_GRACE_MS);
+        killGraceTimer.unref?.();
+      }, timeoutMs);
+      killTimer.unref?.();
+    }
     if (options.input) child.stdin.end(options.input);
     else child.stdin.end();
     child.stdout.on("data", (data) => {
@@ -92,8 +122,20 @@ function spawnCommand(command, args, options = {}) {
     child.stderr.on("data", (data) => {
       stderr += String(data);
     });
-    child.on("error", reject);
+    child.on("error", (error) => {
+      if (killTimer) clearTimeout(killTimer);
+      if (killGraceTimer) clearTimeout(killGraceTimer);
+      reject(error);
+    });
     child.on("close", (code) => {
+      if (killTimer) clearTimeout(killTimer);
+      if (killGraceTimer) clearTimeout(killGraceTimer);
+      if (timedOut) {
+        const error = new Error(stderr || stdout || `${command} timed out after ${timeoutMs}ms`);
+        if (options.allowFailure) resolve({ code, stdout: stdout.trim(), stderr: error.message });
+        else reject(error);
+        return;
+      }
       if (code === 0 || options.allowFailure) resolve({ code, stdout: stdout.trim(), stderr: stderr.trim() });
       else reject(new Error(stderr || stdout || `${command} exited with code ${code}`));
     });
@@ -114,7 +156,10 @@ function targetBrowserBaseArgs(options = {}) {
 
 async function closeTargetBrowser() {
   await log(`Closing target browser session ${authSessionName()} if present`);
-  const result = await spawnCommand(AGENT_BROWSER_BIN, [...targetBrowserBaseArgs(), "close"], { allowFailure: true });
+  const result = await spawnCommand(AGENT_BROWSER_BIN, [...targetBrowserBaseArgs(), "close"], {
+    allowFailure: true,
+    timeoutMs: AGENT_BROWSER_CLOSE_TIMEOUT_MS,
+  });
   await log(`close result: code=${result.code} stdout=${JSON.stringify(result.stdout)} stderr=${JSON.stringify(result.stderr)}`);
 }
 
@@ -131,7 +176,10 @@ async function ensureNotSymlink(path, label) {
 }
 
 async function isAuthBrowserConnected() {
-  const result = await spawnCommand(AGENT_BROWSER_BIN, [...targetBrowserBaseArgs(), "--json", "stream", "status"], { allowFailure: true });
+  const result = await spawnCommand(AGENT_BROWSER_BIN, [...targetBrowserBaseArgs(), "--json", "stream", "status"], {
+    allowFailure: true,
+    timeoutMs: AGENT_BROWSER_COMMAND_TIMEOUT_MS,
+  });
   try {
     const parsed = JSON.parse(result.stdout || "{}");
     return parsed?.data?.connected === true;
@@ -223,7 +271,7 @@ async function launchTargetBrowser() {
   await closeTargetBrowser();
   const args = [...targetBrowserBaseArgs({ withLaunchOptions: true, mode: "headed" }), "open", "about:blank"];
   await log(`Launching isolated browser: agent-browser ${JSON.stringify(args)}`);
-  const result = await spawnCommand(AGENT_BROWSER_BIN, args, { allowFailure: true });
+  const result = await spawnCommand(AGENT_BROWSER_BIN, args, { allowFailure: true, timeoutMs: AGENT_BROWSER_COMMAND_TIMEOUT_MS });
   await log(`launch result: code=${result.code} stdout=${JSON.stringify(result.stdout)} stderr=${JSON.stringify(result.stderr)}`);
   if (result.code !== 0) {
     throw new Error(result.stderr || result.stdout || "Failed to launch isolated oracle browser");
@@ -231,7 +279,10 @@ async function launchTargetBrowser() {
 }
 
 async function streamStatus() {
-  const result = await spawnCommand(AGENT_BROWSER_BIN, [...targetBrowserBaseArgs(), "--json", "stream", "status"], { allowFailure: true });
+  const result = await spawnCommand(AGENT_BROWSER_BIN, [...targetBrowserBaseArgs(), "--json", "stream", "status"], {
+    allowFailure: true,
+    timeoutMs: AGENT_BROWSER_COMMAND_TIMEOUT_MS,
+  });
   await log(`stream status: code=${result.code} stdout=${JSON.stringify(result.stdout)} stderr=${JSON.stringify(result.stderr)}`);
   try {
     const parsed = JSON.parse(result.stdout || "{}");
@@ -255,7 +306,11 @@ async function targetCommand(...args) {
     maybeOptions &&
     typeof maybeOptions === "object" &&
     !Array.isArray(maybeOptions) &&
-    (Object.hasOwn(maybeOptions, "allowFailure") || Object.hasOwn(maybeOptions, "input") || Object.hasOwn(maybeOptions, "cwd") || Object.hasOwn(maybeOptions, "logLabel"))
+    (Object.hasOwn(maybeOptions, "allowFailure") ||
+      Object.hasOwn(maybeOptions, "input") ||
+      Object.hasOwn(maybeOptions, "cwd") ||
+      Object.hasOwn(maybeOptions, "logLabel") ||
+      Object.hasOwn(maybeOptions, "timeoutMs"))
   ) {
     options = args.pop();
   }
@@ -545,22 +600,7 @@ function buildLoginProbeScript(timeoutMs) {
 
 async function loginProbe() {
   const result = await evalPage(buildLoginProbeScript(LOGIN_PROBE_TIMEOUT_MS), "login probe eval");
-  if (!result || typeof result !== "object") {
-    return { ok: false, status: 0, error: "invalid-probe-result" };
-  }
-  return {
-    ok: result.ok === true,
-    status: typeof result.status === "number" ? result.status : 0,
-    pageUrl: typeof result.pageUrl === "string" ? result.pageUrl : undefined,
-    domLoginCta: result.domLoginCta === true,
-    onAuthPage: result.onAuthPage === true,
-    error: typeof result.error === "string" ? result.error : undefined,
-    bodyKeys: Array.isArray(result.bodyKeys) ? result.bodyKeys : [],
-    bodyHasId: result.bodyHasId === true,
-    bodyHasEmail: result.bodyHasEmail === true,
-    name: typeof result.name === "string" ? result.name : undefined,
-    responsePreview: typeof result.responsePreview === "string" ? result.responsePreview : undefined,
-  };
+  return normalizeLoginProbeResult(result);
 }
 
 async function captureDiagnostics(reason) {
@@ -580,116 +620,22 @@ async function captureDiagnostics(reason) {
 }
 
 function classifyChatPage({ url, snapshot, body, probe }) {
-  const text = `${snapshot}\n${body}`;
-  const allowedOrigins = buildAllowedChatGptOrigins(config.browser.chatUrl, config.browser.authUrl);
-
-  const challengePatterns = [
-    /just a moment/i,
-    /verify you are human/i,
-    /cloudflare/i,
-    /captcha|turnstile|hcaptcha/i,
-    /unusual activity detected/i,
-    /we detect suspicious activity/i,
-  ];
-  if (challengePatterns.some((pattern) => pattern.test(text))) {
-    return {
-      state: "challenge_blocking",
-      message:
-        `ChatGPT challenge detected after syncing cookies from ${cookieSourceLabel()}. ` +
-        `The isolated oracle browser was left open on profile ${runtimeProfileDir}; complete the challenge there, then rerun /oracle-auth. Logs: ${LOG_PATH}`,
-    };
-  }
-
-  if (/http error 431|request header or cookie too large/i.test(text)) {
-    return {
-      state: "login_required",
-      message:
-        `Imported auth hit HTTP 431 during ChatGPT auth resolution, which usually means the imported cookie set is too large or stale. ` +
-        `Inspect ${LOG_PATH}.`,
-    };
-  }
-
-  const outagePatterns = [
-    /something went wrong/i,
-    /a network error occurred/i,
-    /an error occurred while connecting to the websocket/i,
-    /try again later/i,
-  ];
-  if (outagePatterns.some((pattern) => pattern.test(text))) {
-    return { state: "transient_outage_error", message: `ChatGPT is showing a transient outage/error page. Logs: ${LOG_PATH}` };
-  }
-
-  const onAllowedOrigin = allowedOrigins.some((origin) => url.startsWith(origin));
-  const hasComposer = snapshot.includes(`textbox \"${CHATGPT_LABELS.composer}\"`);
-  const hasAddFiles = snapshot.includes(`button \"${CHATGPT_LABELS.addFiles}\"`);
-  const hasModelControl =
-    snapshot.includes('button "Model selector"') ||
-    /button "(Instant|Thinking|Pro)(?: [^"]*)?"/.test(snapshot);
-
-  if (probe?.status === 401 || probe?.status === 403) {
-    return {
-      state: "login_required",
-      message:
-        `Synced cookies from ${cookieSourceLabel()}, but ChatGPT still rejected the session ` +
-        `(status=${probe?.status ?? 0}). Check auth.chromeProfile/auth.chromeCookiePath and inspect ${LOG_PATH}.`,
-    };
-  }
-
-  if (probe?.onAuthPage) {
-    if (probe?.bodyHasId || probe?.bodyHasEmail) {
-      return {
-        state: "auth_transitioning",
-        message:
-          `ChatGPT is on /auth/login, but /backend-api/me returned a partial authenticated session. ` +
-          `Trying to drive the login resolution flow. Logs: ${LOG_PATH}`,
-      };
-    }
-    return {
-      state: "login_required",
-      message:
-        `Synced cookies from ${cookieSourceLabel()}, but ChatGPT still rejected the session ` +
-        `(status=${probe?.status ?? 0}). Check auth.chromeProfile/auth.chromeCookiePath and inspect ${LOG_PATH}.`,
-    };
-  }
-
-  if (onAllowedOrigin && probe?.status === 200 && hasComposer && hasAddFiles && hasModelControl) {
-    if (!probe?.domLoginCta) {
-      return {
-        state: "authenticated_and_ready",
-        message: `Imported ChatGPT auth from ${cookieSourceLabel()} into the isolated oracle profile. Logs: ${LOG_PATH}`,
-      };
-    }
-
-    return {
-      state: "auth_transitioning",
-      message:
-        probe?.bodyHasId || probe?.bodyHasEmail
-          ? `ChatGPT backend session is authenticated but the shell still shows public CTA chrome. Logs: ${LOG_PATH}`
-          : `ChatGPT accepted cookies but is still hydrating/auth-selecting. Logs: ${LOG_PATH}`,
-    };
-  }
-
-  if (onAllowedOrigin && probe?.ok && hasComposer && hasAddFiles && hasModelControl) {
-    return {
-      state: "authenticated_and_ready",
-      message: `Imported ChatGPT auth from ${cookieSourceLabel()} into the isolated oracle profile. Logs: ${LOG_PATH}`,
-    };
-  }
-
-  if (url && !onAllowedOrigin) {
-    return { state: "login_required", message: `Imported auth redirected away from the expected ChatGPT origin. Logs: ${LOG_PATH}` };
-  }
-
-  return { state: "unknown", message: `ChatGPT page state is not yet ready. Logs: ${LOG_PATH}` };
+  return classifyChatAuthPage({
+    url,
+    snapshot,
+    body,
+    probe,
+    allowedOrigins: buildAllowedChatGptOrigins(config.browser.chatUrl, config.browser.authUrl),
+    cookieSourceLabel: cookieSourceLabel(),
+    runtimeProfileDir,
+    logPath: LOG_PATH,
+    composerLabel: CHATGPT_LABELS.composer,
+    addFilesLabel: CHATGPT_LABELS.addFiles,
+  });
 }
 
 async function maybeSelectAccountIdentity(snapshot, probe) {
-  const candidates = [];
-  if (typeof probe?.name === "string" && probe.name.trim()) {
-    candidates.push(probe.name.trim());
-    const firstToken = probe.name.trim().split(/\s+/)[0];
-    if (firstToken && firstToken !== probe.name.trim()) candidates.push(firstToken);
-  }
+  const candidates = buildAccountChooserCandidateLabels(probe?.name);
 
   for (const label of candidates) {
     const entry = findEntry(

package/extensions/oracle/worker/auth-cookie-policy.mjs

@@ -1,3 +1,8 @@
+// Purpose: Define the allowlist/drop policy for importing ChatGPT/OpenAI auth cookies into the isolated oracle browser profile.
+// Responsibilities: Recognize required auth cookies, drop noisy/irrelevant cookies, and normalize cookie import decisions.
+// Scope: Pure cookie-policy logic only; reading cookies from Chrome and writing them into the isolated profile happen elsewhere.
+// Usage: Imported by auth-bootstrap and sanity tests to keep cookie import behavior deterministic and reviewable.
+// Invariants/Assumptions: Security-sensitive auth cookies are allowlisted intentionally, and analytics/ambient cookies should be excluded by default.
 const AUTH_COOKIE_NAME_PATTERNS = [
   /^__Secure-next-auth\.session-token(?:\.|$)/,
   /^__Secure-next-auth\.callback-url$/,