pi-oracle 0.6.16 → 0.7.0

package/extensions/oracle/worker/auth-cookie-policy.mjs

@@ -1,4 +1,4 @@
-// Purpose: Define the allowlist/drop policy for importing ChatGPT/OpenAI auth cookies into the isolated oracle browser profile.
+// Purpose: Define the allowlist/drop policy for importing provider auth cookies into the isolated oracle browser profile.
 // Responsibilities: Recognize required auth cookies, drop noisy/irrelevant cookies, and normalize cookie import decisions.
 // Scope: Pure cookie-policy logic only; reading cookies from Chrome and writing them into the isolated profile happen elsewhere.
 // Usage: Imported by auth-bootstrap and sanity tests to keep cookie import behavior deterministic and reviewable.
@@ -14,6 +14,17 @@ const AUTH_COOKIE_NAME_PATTERNS = [
   /^auth-session-minimized(?:-client-checksum)?$/,
   /^(?:login_session|auth_provider|hydra_redirect|iss_context|rg_context)$/,
   /^cf_clearance$/,
+  /^__(?:cf_bm|cflb)$/,
+  /^_cfuvid$/,
+];
+
+const GROK_AUTH_COOKIE_NAME_PATTERNS = [
+  /^sso(?:-rw)?$/,
+  /^auth_token$/,
+  /^ct0$/,
+  /^cf_clearance$/,
+  /^__(?:cf_bm|cflb)$/,
+  /^_cfuvid$/,
 ];
 
 const DROPPED_COOKIE_NAME_PATTERNS = [
@@ -21,9 +32,6 @@ const DROPPED_COOKIE_NAME_PATTERNS = [
   /^_uet/,
   /^_rdt_uuid$/,
   /^(?:marketing|analytics)_consent$/,
-  /^__cf_bm$/,
-  /^__cflb$/,
-  /^_cfuvid$/,
   /^_dd_s$/,
   /^g_state$/,
   /^country$/,
@@ -41,6 +49,9 @@ const BASE_ALLOWED_COOKIE_HOSTS = new Set([
   'sentinel.openai.com',
   'atlas.openai.com',
   'ws.chatgpt.com',
+  'grok.com',
+  'x.ai',
+  'x.com',
 ]);
 
 function normalizeSameSite(value) {
@@ -101,6 +112,9 @@ export function normalizeImportedCookie(cookie, fallbackHost) {
 export function classifyImportedCookie(cookie, chatUrl) {
   if (matchesAny(DROPPED_COOKIE_NAME_PATTERNS, cookie.name)) return 'noise';
   if (!isAllowedCookieDomain(cookie.domain, chatUrl)) return 'foreign-domain';
+  if (['grok.com', 'x.ai', 'x.com'].includes(cookie.domain)) {
+    return matchesAny(GROK_AUTH_COOKIE_NAME_PATTERNS, cookie.name) ? 'keep' : 'non-auth';
+  }
   if (!matchesAny(AUTH_COOKIE_NAME_PATTERNS, cookie.name)) return 'non-auth';
   return 'keep';
 }

package/extensions/oracle/worker/auth-flow-helpers.mjs

@@ -82,6 +82,9 @@ export function classifyChatAuthPage(args) {
     /we detect suspicious activity/i,
   ];
   if (challengePatterns.some((pattern) => pattern.test(text))) {
+    if (/verification successful|waiting for chatgpt\.com to respond/i.test(text)) {
+      return { state: "unknown", message: "ChatGPT verification is still settling." };
+    }
     return {
       state: "challenge_blocking",
       message:
@@ -109,7 +112,9 @@ export function classifyChatAuthPage(args) {
     return { state: "transient_outage_error", message: `ChatGPT is showing a transient outage/error page. Logs: ${args.logPath}` };
   }
 
-  if (args.probe?.status === 401 || (args.probe?.status === 403 && (!onAllowedOrigin || !hasUsableComposer || args.probe?.domLoginCta))) {
+  const probeHasAccountIdentity = args.probe?.bodyHasId === true || args.probe?.bodyHasEmail === true;
+
+  if (args.probe?.status === 401 || (args.probe?.status === 403 && (!onAllowedOrigin || !hasUsableComposer))) {
     return {
       state: "login_required",
       message:
@@ -120,7 +125,7 @@ export function classifyChatAuthPage(args) {
   }
 
   if (args.probe?.onAuthPage) {
-    if (args.probe?.bodyHasId || args.probe?.bodyHasEmail) {
+    if (probeHasAccountIdentity) {
       return {
         state: "auth_transitioning",
         message:
@@ -137,6 +142,16 @@ export function classifyChatAuthPage(args) {
     };
   }
 
+  if (onAllowedOrigin && hasUsableComposer && args.probe?.domLoginCta && !probeHasAccountIdentity) {
+    return {
+      state: "login_required",
+      message:
+        `ChatGPT still shows public login controls after syncing cookies from ${args.cookieSourceLabel}. ` +
+        `The cookie DB may be stale, from the wrong browser profile, or for an account that is logged out. ` +
+        `Check auth.chromeProfile/auth.chromeCookiePath/auth.chromiumKeychain and inspect ${args.logPath}.`,
+    };
+  }
+
   if (onAllowedOrigin && (args.probe?.status === 200 || args.probe?.status === 403) && hasUsableComposer) {
     if (!args.probe?.domLoginCta) {
       return {
@@ -145,12 +160,12 @@ export function classifyChatAuthPage(args) {
       };
     }
 
+    // The public logged-out composer case returned above, so a remaining visible login CTA here still has account-like probe data.
     return {
       state: "auth_transitioning",
       message:
-        args.probe?.bodyHasId || args.probe?.bodyHasEmail
-          ? `ChatGPT backend session is authenticated but the shell still shows public CTA chrome. Logs: ${args.logPath}`
-          : `ChatGPT accepted cookies but is still hydrating/auth-selecting. Logs: ${args.logPath}`,
+        `ChatGPT backend probe returned account-like fields, but the shell still shows public login controls. ` +
+        `Trying to resolve the account shell. Logs: ${args.logPath}`,
     };
   }
 

package/extensions/oracle/worker/chatgpt-flow-helpers.mjs

@@ -1,4 +1,4 @@
-// Purpose: Provide pure ChatGPT conversation-state helpers used by the oracle worker.
+// Purpose: Provide pure provider conversation-state helpers used by the oracle worker.
 // Responsibilities: Slice assistant snapshot regions, normalize URLs, and track stable conversation URL observations.
 // Scope: Pure worker flow logic only; browser I/O and polling loops stay in run-job.mjs.
 // Usage: Imported by run-job.mjs and sanity tests to validate conversation-state heuristics without driving a browser.
@@ -53,7 +53,7 @@ export function stripUrlQueryAndHash(url) {
  */
 export function isConversationPathUrl(url) {
   try {
-    return /\/c\/[A-Za-z0-9-]+$/i.test(new URL(url).pathname);
+    return /\/(?:c|chat)\/[A-Za-z0-9-]+$/i.test(new URL(url).pathname);
   } catch {
     return false;
   }

package/extensions/oracle/worker/chatgpt-ui-helpers.mjs

@@ -30,6 +30,7 @@ const THINKING_EFFORT_COMBOBOX_LABEL = "Thinking effort";
 const PRO_THINKING_EFFORT_COMBOBOX_LABEL = "Pro thinking effort";
 const EFFORT_LABELS = new Set(["Light", "Standard", "Extended", "Heavy"]);
 const BARE_EFFORT_PATTERN = /^(light|standard|extended|heavy)(?:, click to remove)?$/i;
+const INSTANT_CHIP_PATTERN = /^instant(?:, click to remove)?$/i;
 const THINKING_CHIP_PATTERN = /^(?:(light|standard|extended|heavy)\s+)?thinking(?:, click to remove)?$/i;
 const PRO_CHIP_PATTERN = /^(?:(light|standard|extended|heavy)\s+)?pro(?:, click to remove)?$/i;
 const MODEL_FAMILY_CONTROL_KINDS = new Set(["button", "radio", "menuitemradio"]);
@@ -125,6 +126,12 @@ function parseComposerChipSelection(label) {
     };
   }
 
+  if (INSTANT_CHIP_PATTERN.test(normalized)) {
+    return {
+      modelFamily: /** @type {OracleUiModelFamily} */ ("instant"),
+    };
+  }
+
   const thinkingMatch = normalized.match(THINKING_CHIP_PATTERN);
   if (thinkingMatch) {
     return {
@@ -240,11 +247,20 @@ export function snapshotHasModelConfigurationUi(snapshot) {
           .filter((family) => matchesModelFamilyLabel(entry.label, family)),
       ),
   );
+  const visibleRadioFamilies = new Set(
+    entries
+      .filter((entry) => entry.kind === "radio" && typeof entry.label === "string")
+      .flatMap((entry) =>
+        /** @type {OracleUiModelFamily[]} */ (["instant", "thinking", "pro"])
+          .filter((family) => matchesModelFamilyLabel(entry.label, family)),
+      ),
+  );
   const hasCloseButton = entries.some((entry) => entry.kind === "button" && entry.label === "Close" && !entry.disabled);
+  const hasIntelligenceHeading = entries.some((entry) => entry.kind === "heading" && normalizeText(entry.label) === "Intelligence" && !entry.disabled);
   const hasEffortCombobox = entries.some(
     (entry) => entry.kind === "combobox" && EFFORT_LABELS.has(entry.value || "") && !entry.disabled,
   );
-  return visibleFamilies.size >= 2 || hasCloseButton || hasEffortCombobox;
+  return visibleFamilies.size >= 2 || visibleRadioFamilies.size >= 2 || hasCloseButton || hasIntelligenceHeading || hasEffortCombobox;
 }
 
 /**

package/extensions/oracle/worker/chromium-cookie-source.mjs

@@ -1,4 +1,4 @@
-// Purpose: Read ChatGPT cookies from arbitrary macOS Chromium-family cookie stores when sweet-cookie's built-in browser list is too narrow.
+// Purpose: Read provider cookies from arbitrary macOS Chromium-family cookie stores when sweet-cookie's built-in browser list is too narrow.
 // Responsibilities: Snapshot a Chromium Cookies SQLite DB, decrypt AES-CBC cookie values with a configured Keychain item, and return sweet-cookie-shaped cookie objects.
 // Scope: macOS Chromium cookie extraction only; auth policy filtering and browser seeding stay in auth-bootstrap.mjs.
 // Usage: auth-bootstrap.mjs uses this when auth.chromiumKeychain is configured alongside auth.chromeCookiePath.
@@ -117,7 +117,7 @@ function buildHostWhereClause(origins) {
     try {
       for (const domain of parentCookieDomains(new URL(origin).hostname)) domains.add(domain);
     } catch {
-      // Ignore malformed origins; validated ChatGPT config supplies the real set.
+      // Ignore malformed origins; validated provider config supplies the real set.
     }
   }
   if (domains.size === 0) return "0";