pi-oracle 0.7.4 → 0.7.5

package/extensions/oracle/shared/browser-profile-helpers.mjs

@@ -0,0 +1,395 @@
+// Purpose: Centralize platform-specific browser profile paths, executable discovery, and profile-safety checks for oracle auth/runtime code.
+// Responsibilities: Resolve Chromium-family user-data roots, choose platform defaults, find executable files safely, and block oracle profile paths that point into real browser data.
+// Scope: Local filesystem/path policy only; cookie import, browser automation, and config loading stay in higher-level modules.
+// Usage: Imported by config.ts, runtime.ts, auth-bootstrap.mjs, run-job.mjs, and sanity tests.
+// Invariants/Assumptions: Real browser profile roots must never be used as oracle seed/runtime profile destinations, even through symlinked ancestors.
+
+import { accessSync, constants as fsConstants, existsSync, realpathSync, readFileSync, statSync } from "node:fs";
+import { homedir } from "node:os";
+import { basename, delimiter, dirname, isAbsolute, join, normalize, resolve } from "node:path";
+
+/** @typedef {import("./browser-profile-helpers.d.mts").OraclePlatform} OraclePlatform */
+/** @typedef {import("./browser-profile-helpers.d.mts").BrowserPathOptions} BrowserPathOptions */
+/** @typedef {import("./browser-profile-helpers.d.mts").ExecutableSearchOptions} ExecutableSearchOptions */
+
+export const SWEET_COOKIE_SAFE_STORAGE_PASSWORD_ENV_NAMES = Object.freeze([
+  "SWEET_COOKIE_CHROME_SAFE_STORAGE_PASSWORD",
+  "SWEET_COOKIE_BRAVE_SAFE_STORAGE_PASSWORD",
+  "SWEET_COOKIE_EDGE_SAFE_STORAGE_PASSWORD",
+]);
+
+const LINUX_COOKIE_IMPORT_USER_DATA_RELATIVE_DIRS = Object.freeze([
+  ["google-chrome"],
+  ["chromium"],
+  ["chromium-browser"],
+  ["BraveSoftware", "Brave-Browser"],
+]);
+
+const LINUX_SAFETY_EXTRA_USER_DATA_RELATIVE_DIRS = Object.freeze([
+  ["google-chrome-beta"],
+  ["google-chrome-unstable"],
+  ["microsoft-edge"],
+  ["microsoft-edge-beta"],
+  ["microsoft-edge-dev"],
+  ["vivaldi"],
+  ["opera"],
+]);
+
+const MAC_CHROMIUM_USER_DATA_RELATIVE_DIRS = Object.freeze([
+  ["Library", "Application Support", "Google", "Chrome"],
+  ["Library", "Application Support", "Chromium"],
+  ["Library", "Application Support", "BraveSoftware", "Brave-Browser"],
+  ["Library", "Application Support", "Microsoft Edge"],
+  ["Library", "Application Support", "Arc", "User Data"],
+  ["Library", "Application Support", "Vivaldi"],
+  ["Library", "Application Support", "com.operasoftware.Opera"],
+  ["Library", "Application Support", "Google", "Chrome for Testing"],
+]);
+
+const WINDOWS_CHROMIUM_USER_DATA_RELATIVE_DIRS = Object.freeze([
+  ["AppData", "Local", "Google", "Chrome", "User Data"],
+  ["AppData", "Local", "Chromium", "User Data"],
+  ["AppData", "Local", "BraveSoftware", "Brave-Browser", "User Data"],
+  ["AppData", "Local", "Microsoft", "Edge", "User Data"],
+  ["AppData", "Local", "Vivaldi", "User Data"],
+  ["AppData", "Roaming", "Opera Software", "Opera Stable"],
+]);
+
+const LINUX_CHROME_EXECUTABLE_NAMES = Object.freeze(["google-chrome", "google-chrome-stable", "chromium", "chromium-browser", "brave-browser", "brave"]);
+
+/**
+ * @param {string} value
+ * @param {string} [homeDir]
+ * @returns {string}
+ */
+export function expandHomePath(value, homeDir = homedir()) {
+  if (value === "~") return homeDir;
+  if (value.startsWith("~/")) return join(homeDir, value.slice(2));
+  return value;
+}
+
+/**
+ * @param {string} value
+ * @param {BrowserPathOptions} [options]
+ * @returns {string}
+ */
+export function normalizedAbsolutePath(value, options = {}) {
+  const expanded = expandHomePath(value, options.homeDir ?? homedir());
+  return normalize(isAbsolute(expanded) ? expanded : resolve(expanded));
+}
+
+/**
+ * @param {BrowserPathOptions} [options]
+ * @returns {string}
+ */
+export function linuxConfigHome(options = {}) {
+  const env = options.env ?? process.env;
+  const configured = env.XDG_CONFIG_HOME?.trim();
+  return configured ? normalizedAbsolutePath(configured, options) : join(options.homeDir ?? homedir(), ".config");
+}
+
+/**
+ * @param {BrowserPathOptions} [options]
+ * @returns {string[]}
+ */
+export function linuxChromiumCookieImportUserDataDirs(options = {}) {
+  const configHome = linuxConfigHome(options);
+  return LINUX_COOKIE_IMPORT_USER_DATA_RELATIVE_DIRS.map((segments) => join(configHome, ...segments));
+}
+
+/**
+ * @param {BrowserPathOptions} [options]
+ * @returns {string[]}
+ */
+export function linuxBrowserSafetyUserDataDirs(options = {}) {
+  const configHome = linuxConfigHome(options);
+  return [
+    ...LINUX_COOKIE_IMPORT_USER_DATA_RELATIVE_DIRS,
+    ...LINUX_SAFETY_EXTRA_USER_DATA_RELATIVE_DIRS,
+  ].map((segments) => join(configHome, ...segments));
+}
+
+/**
+ * @param {OraclePlatform} [platform]
+ * @param {BrowserPathOptions & { includeUnsupported?: boolean }} [options]
+ * @returns {string[]}
+ */
+export function browserUserDataDirsForPlatform(platform = process.platform, options = {}) {
+  const homeDir = options.homeDir ?? homedir();
+  if (platform === "darwin") return MAC_CHROMIUM_USER_DATA_RELATIVE_DIRS.map((segments) => join(homeDir, ...segments));
+  if (platform === "linux") return options.includeUnsupported === false ? linuxChromiumCookieImportUserDataDirs({ ...options, homeDir }) : linuxBrowserSafetyUserDataDirs({ ...options, homeDir });
+  if (platform === "win32") return WINDOWS_CHROMIUM_USER_DATA_RELATIVE_DIRS.map((segments) => join(homeDir, ...segments));
+  return [];
+}
+
+/**
+ * @param {OraclePlatform} [platform]
+ * @returns {"apfs-clone" | "copy"}
+ */
+export function defaultCloneStrategyForPlatform(platform = process.platform) {
+  return platform === "darwin" ? "apfs-clone" : "copy";
+}
+
+/**
+ * @param {OraclePlatform} [platform]
+ * @returns {boolean}
+ */
+export function chromiumKeychainSupportedOnPlatform(platform = process.platform) {
+  return platform === "darwin";
+}
+
+/**
+ * @param {OraclePlatform} [platform]
+ * @returns {string | undefined}
+ */
+export function chromeUserAgentPlatformToken(platform = process.platform) {
+  if (platform === "darwin") return "Macintosh; Intel Mac OS X 10_15_7";
+  if (platform === "linux") return "X11; Linux x86_64";
+  return undefined;
+}
+
+/**
+ * @param {string} childPath
+ * @param {string} parentPath
+ * @returns {boolean}
+ */
+export function pathInsideOrEqual(childPath, parentPath) {
+  const child = normalize(childPath);
+  const parent = normalize(parentPath);
+  if (child === parent) return true;
+  if (!parent) return false;
+  const parentWithSeparator = /[/\\]$/.test(parent) ? parent : `${parent}/`;
+  const alternateParentWithSeparator = parentWithSeparator.includes("/")
+    ? parentWithSeparator.replaceAll("/", "\\")
+    : parentWithSeparator.replaceAll("\\", "/");
+  return child.startsWith(parentWithSeparator) || child.startsWith(alternateParentWithSeparator);
+}
+
+/**
+ * Resolve a path as far as its existing ancestors allow. If the final path does
+ * not exist yet, any non-existing suffix is appended to the nearest existing
+ * ancestor's realpath so symlinked ancestors are still accounted for.
+ *
+ * @param {string} pathValue
+ * @returns {string | undefined}
+ */
+export function resolvePathThroughExistingAncestorsSync(pathValue) {
+  const absolute = normalizedAbsolutePath(pathValue);
+  const suffix = [];
+  let current = absolute;
+  while (true) {
+    if (existsSync(current)) {
+      try {
+        return normalize(join(realpathSync(current), ...suffix.reverse()));
+      } catch {
+        return undefined;
+      }
+    }
+    const parent = dirname(current);
+    if (parent === current) return undefined;
+    suffix.push(basename(current));
+    current = parent;
+  }
+}
+
+/**
+ * @param {string} pathValue
+ * @returns {boolean}
+ */
+function looksLikeFilesystemPath(pathValue) {
+  return pathValue.startsWith("/") || pathValue.startsWith("~/") || pathValue === "~" || pathValue.startsWith(".");
+}
+
+/**
+ * @param {string} pathValue
+ * @returns {boolean}
+ */
+function isCookiesDbPath(pathValue) {
+  return basename(pathValue) === "Cookies";
+}
+
+/**
+ * @param {string} cookiePath
+ * @returns {string[]}
+ */
+function protectedPathsForCookieDb(cookiePath) {
+  const normalized = normalizedAbsolutePath(cookiePath);
+  const cookieParent = dirname(normalized);
+  const profileDir = basename(cookieParent) === "Network" ? dirname(cookieParent) : cookieParent;
+  return [profileDir, dirname(profileDir)];
+}
+
+/**
+ * @param {{ chromeProfile?: string; chromeCookiePath?: string } | undefined} cookieSources
+ * @returns {string[]}
+ */
+export function protectedCookieSourcePaths(cookieSources) {
+  if (!cookieSources) return [];
+  const roots = [];
+  const cookiePath = typeof cookieSources.chromeCookiePath === "string" && cookieSources.chromeCookiePath.trim()
+    ? cookieSources.chromeCookiePath.trim()
+    : undefined;
+  if (cookiePath) roots.push(...protectedPathsForCookieDb(cookiePath));
+
+  const profile = typeof cookieSources.chromeProfile === "string" && cookieSources.chromeProfile.trim()
+    ? cookieSources.chromeProfile.trim()
+    : undefined;
+  if (profile && looksLikeFilesystemPath(profile)) {
+    const normalizedProfile = normalizedAbsolutePath(profile);
+    if (isCookiesDbPath(normalizedProfile)) roots.push(...protectedPathsForCookieDb(normalizedProfile));
+    else roots.push(normalizedProfile, dirname(normalizedProfile));
+  }
+
+  return [...new Set(roots.map((root) => normalize(root)))];
+}
+
+/**
+ * @param {string} pathValue
+ * @param {BrowserPathOptions & { platform?: OraclePlatform; includeUnsupported?: boolean; extraProtectedPaths?: string[]; cookieSources?: { chromeProfile?: string; chromeCookiePath?: string } }} [options]
+ * @returns {string | undefined}
+ */
+export function knownBrowserUserDataPathMatch(pathValue, options = {}) {
+  const platform = options.platform ?? process.platform;
+  const normalizedPath = normalizedAbsolutePath(pathValue, options);
+  const resolvedPath = resolvePathThroughExistingAncestorsSync(normalizedPath);
+  const roots = [
+    ...browserUserDataDirsForPlatform(platform, { ...options, includeUnsupported: options.includeUnsupported ?? true }),
+    ...protectedCookieSourcePaths(options.cookieSources),
+    ...((options.extraProtectedPaths ?? [])),
+  ];
+  for (const root of roots) {
+    const normalizedRoot = normalizedAbsolutePath(root, options);
+    if (pathInsideOrEqual(normalizedPath, normalizedRoot)) return normalizedRoot;
+    const resolvedRoot = resolvePathThroughExistingAncestorsSync(normalizedRoot) ?? normalizedRoot;
+    if (resolvedPath && pathInsideOrEqual(resolvedPath, resolvedRoot)) return resolvedRoot;
+  }
+  return undefined;
+}
+
+/**
+ * @param {string} pathValue
+ * @param {string} label
+ * @param {BrowserPathOptions & { platform?: OraclePlatform; includeUnsupported?: boolean; extraProtectedPaths?: string[]; cookieSources?: { chromeProfile?: string; chromeCookiePath?: string } }} [options]
+ * @returns {void}
+ */
+export function assertNotKnownBrowserUserDataPath(pathValue, label, options = {}) {
+  const match = knownBrowserUserDataPathMatch(pathValue, options);
+  if (match) {
+    throw new Error(`${label} must not point into a real browser user-data directory (${match}): ${pathValue}`);
+  }
+}
+
+/**
+ * @param {string} pathValue
+ * @returns {boolean}
+ */
+export function isExecutableFileSync(pathValue) {
+  try {
+    const stats = statSync(pathValue);
+    if (!stats.isFile()) return false;
+    accessSync(pathValue, fsConstants.X_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * @param {readonly string[]} names
+ * @param {ExecutableSearchOptions} [options]
+ * @returns {string | undefined}
+ */
+export function findExecutableOnPathSync(names, options = {}) {
+  const pathValue = options.pathValue ?? process.env.PATH ?? "";
+  const pathDelimiter = options.pathDelimiter ?? delimiter;
+  for (const name of names) {
+    for (const dir of pathValue.split(pathDelimiter).filter(Boolean)) {
+      const candidate = join(dir, name);
+      if (isExecutableFileSync(candidate)) return candidate;
+    }
+  }
+  return undefined;
+}
+
+/**
+ * @param {ExecutableSearchOptions} [options]
+ * @returns {string | undefined}
+ */
+export function detectDefaultLinuxChromeExecutablePath(options = {}) {
+  return findExecutableOnPathSync(LINUX_CHROME_EXECUTABLE_NAMES, options);
+}
+
+/**
+ * @param {string} userDataDir
+ * @returns {string | undefined}
+ */
+function readLastUsedProfileName(userDataDir) {
+  const localStatePath = join(userDataDir, "Local State");
+  if (!existsSync(localStatePath)) return undefined;
+  try {
+    const localState = JSON.parse(readFileSync(localStatePath, "utf8"));
+    const lastUsed = localState?.profile?.last_used;
+    if (typeof lastUsed !== "string") return undefined;
+    const trimmed = lastUsed.trim();
+    if (!trimmed || trimmed === "." || trimmed === ".." || trimmed.includes("/") || trimmed.includes("\\")) return undefined;
+    return trimmed;
+  } catch {
+    return undefined;
+  }
+}
+
+/**
+ * Return an absolute Linux Chrome/Chromium-family profile directory for the
+ * default cookie importer. Sweet Cookie's Linux `chrome` backend only resolves
+ * non-path profile names under google-chrome, so non-Google roots must be
+ * passed as absolute paths.
+ *
+ * @param {BrowserPathOptions} [options]
+ * @returns {string | undefined}
+ */
+export function detectDefaultLinuxCookieProfileSource(options = {}) {
+  for (const userDataDir of linuxChromiumCookieImportUserDataDirs(options)) {
+    const lastUsed = readLastUsedProfileName(userDataDir);
+    if (lastUsed) {
+      const profilePath = join(userDataDir, lastUsed);
+      if (pathInsideOrEqual(profilePath, userDataDir) && existsSync(profilePath)) return profilePath;
+    }
+    const defaultProfile = join(userDataDir, "Default");
+    if (existsSync(defaultProfile)) return defaultProfile;
+  }
+  return undefined;
+}
+
+/**
+ * @param {OraclePlatform} [platform]
+ * @param {BrowserPathOptions} [options]
+ * @returns {string}
+ */
+export function detectDefaultBrowserProfileSource(platform = process.platform, options = {}) {
+  if (platform === "linux") return detectDefaultLinuxCookieProfileSource(options) ?? "Default";
+  if (platform === "darwin") {
+    const userDataDir = browserUserDataDirsForPlatform("darwin", options)[0];
+    return readLastUsedProfileName(userDataDir) ?? "Default";
+  }
+  return "Default";
+}
+
+/**
+ * @param {NodeJS.ProcessEnv} [env]
+ * @returns {void}
+ */
+export function scrubSweetCookieSafeStoragePasswordEnv(env = process.env) {
+  for (const name of SWEET_COOKIE_SAFE_STORAGE_PASSWORD_ENV_NAMES) {
+    delete env[name];
+  }
+}
+
+/**
+ * @param {NodeJS.ProcessEnv} [env]
+ * @returns {NodeJS.ProcessEnv}
+ */
+export function sweetCookieSafeStoragePasswordScrubbedEnv(env = process.env) {
+  const childEnv = { ...env };
+  scrubSweetCookieSafeStoragePasswordEnv(childEnv);
+  return childEnv;
+}

package/extensions/oracle/shared/process-helpers.mjs

@@ -5,6 +5,7 @@
 // Invariants/Assumptions: Process identity is validated with `ps -o lstart=` to defend against PID reuse on macOS.
 
 import { spawn, execFileSync } from "node:child_process";
+import { sweetCookieSafeStoragePasswordScrubbedEnv } from "./browser-profile-helpers.mjs";
 
 /** @typedef {import("./process-helpers.d.mts").OracleTrackedProcessOptions} OracleTrackedProcessOptions */
 /** @typedef {import("./process-helpers.d.mts").OracleDetachedProcessHandle} OracleDetachedProcessHandle */
@@ -20,7 +21,16 @@ function sleep(ms) {
 export function readProcessStartedAt(pid) {
   if (!pid || pid <= 0) return undefined;
   try {
-    const startedAt = execFileSync("ps", ["-o", "lstart=", "-p", String(pid)], { encoding: "utf8" }).trim();
+    if (process.platform === "win32") {
+      const startedAt = execFileSync("powershell.exe", [
+        "-NoLogo",
+        "-NoProfile",
+        "-Command",
+        `$p = Get-Process -Id ${Number(pid)} -ErrorAction SilentlyContinue; if ($p) { $p.StartTime.ToUniversalTime().ToString('o') }`,
+      ], { encoding: "utf8", env: sweetCookieSafeStoragePasswordScrubbedEnv() }).trim();
+      return startedAt || undefined;
+    }
+    const startedAt = execFileSync("ps", ["-o", "lstart=", "-p", String(pid)], { encoding: "utf8", env: sweetCookieSafeStoragePasswordScrubbedEnv() }).trim();
     return startedAt || undefined;
   } catch {
     return undefined;
@@ -118,6 +128,7 @@ export async function terminateTrackedProcess(pid, startedAt, options = {}) {
 export async function spawnDetachedNodeProcess(scriptPath, args = []) {
   const child = spawn(process.execPath, [scriptPath, ...args], {
     detached: true,
+    env: sweetCookieSafeStoragePasswordScrubbedEnv(),
     stdio: "ignore",
   });
   child.unref();

package/extensions/oracle/shared/state-coordination-helpers.mjs

@@ -167,7 +167,7 @@ function readLockProcessPid(path) {
  * @returns {boolean}
  */
 function isStateDirExistsError(error) {
-  return Boolean(error && typeof error === "object" && "code" in error && (error.code === "EEXIST" || error.code === "ENOTEMPTY"));
+  return Boolean(error && typeof error === "object" && "code" in error && (error.code === "EEXIST" || error.code === "ENOTEMPTY" || (process.platform === "win32" && error.code === "EPERM")));
 }
 
 /**
@@ -248,7 +248,13 @@ export async function acquireStateLock(stateDir, kind, key, metadata, timeoutMs
  */
 export async function releaseStatePath(path) {
   if (!path) return;
-  await rm(path, { recursive: true, force: true }).catch(() => undefined);
+  const deadline = Date.now() + (process.platform === "win32" ? 5_000 : 1_000);
+  while (true) {
+    await rm(path, { recursive: true, force: true }).catch(() => undefined);
+    if (!existsSync(path)) return;
+    if (Date.now() >= deadline) return;
+    await sleep(POLL_MS);
+  }
 }
 
 /**

package/extensions/oracle/worker/auth-bootstrap.mjs

@@ -2,14 +2,18 @@
 // Responsibilities: Copy/import cookies, classify auth pages, drive lightweight account-selection flows, and persist diagnostics for auth failures.
 // Scope: Auth bootstrap worker only; long-running oracle job execution stays in run-job.mjs and shared lifecycle/state helpers stay elsewhere.
 // Usage: Spawned by /oracle-auth to prepare the shared auth seed profile used by future oracle jobs.
-// Invariants/Assumptions: Runs against a local macOS Chromium-family profile, preserves private diagnostics, and must fail clearly when auth state cannot be verified.
+// Invariants/Assumptions: Runs against a local Chromium-family profile, preserves private diagnostics, and must fail clearly when auth state cannot be verified.
 import { withLock } from "./state-locks.mjs";
 import { spawn } from "node:child_process";
 import { existsSync } from "node:fs";
 import { appendFile, chmod, lstat, mkdir, mkdtemp, readdir, readFile, rename, rm, stat, writeFile } from "node:fs/promises";
 import { homedir, tmpdir } from "node:os";
-import { basename, dirname, join, resolve } from "node:path";
+import { basename, dirname, isAbsolute, join, resolve } from "node:path";
 import { getCookies } from "@steipete/sweet-cookie";
+import {
+  assertNotKnownBrowserUserDataPath,
+  sweetCookieSafeStoragePasswordScrubbedEnv,
+} from "../shared/browser-profile-helpers.mjs";
 import { ensureAccountCookie, filterImportableAuthCookies } from "./auth-cookie-policy.mjs";
 import { getCookiesFromConfiguredChromiumSource } from "./chromium-cookie-source.mjs";
 import { buildAllowedChatGptOrigins } from "./chatgpt-ui-helpers.mjs";
@@ -58,7 +62,6 @@ let URL_PATH = "(oracle-auth url path unavailable)";
 let SNAPSHOT_PATH = "(oracle-auth snapshot path unavailable)";
 let BODY_PATH = "(oracle-auth body path unavailable)";
 let SCREENSHOT_PATH = "(oracle-auth screenshot path unavailable)";
-const REAL_CHROME_USER_DATA_DIR = resolve(homedir(), "Library", "Application Support", "Google", "Chrome");
 const DEFAULT_ORACLE_STATE_DIR = "/tmp/pi-oracle-state";
 const ORACLE_STATE_DIR = process.env.PI_ORACLE_STATE_DIR?.trim() || DEFAULT_ORACLE_STATE_DIR;
 const STALE_STAGING_PROFILE_MAX_AGE_MS = 24 * 60 * 60 * 1000;
@@ -140,12 +143,30 @@ async function log(message) {
   await chmod(LOG_PATH, 0o600).catch(() => undefined);
 }
 
+function killProcessTree(child) {
+  if (process.platform === "win32" && child.pid) {
+    spawn("taskkill", ["/pid", String(child.pid), "/t", "/f"], { stdio: "ignore", windowsHide: true }).on("error", () => undefined);
+    return;
+  }
+  child.kill("SIGTERM");
+}
+
+function killProcess(child) {
+  if (process.platform === "win32" && child.pid) {
+    spawn("taskkill", ["/pid", String(child.pid), "/f"], { stdio: "ignore", windowsHide: true }).on("error", () => undefined);
+    return;
+  }
+  child.kill("SIGKILL");
+}
+
 function spawnCommand(command, args, options = {}) {
   return new Promise((resolve, reject) => {
     const { timeoutMs = AGENT_BROWSER_COMMAND_TIMEOUT_MS, ...spawnOptions } = options;
     const child = spawn(command, args, {
       stdio: ["pipe", "pipe", "pipe"],
       ...spawnOptions,
+      env: sweetCookieSafeStoragePasswordScrubbedEnv(spawnOptions.env),
+      shell: spawnOptions.shell ?? process.platform === "win32",
     });
     let stdout = "";
     let stderr = "";
@@ -155,8 +176,8 @@ function spawnCommand(command, args, options = {}) {
     if (typeof timeoutMs === "number" && timeoutMs > 0) {
       killTimer = setTimeout(() => {
         timedOut = true;
-        child.kill("SIGTERM");
-        killGraceTimer = setTimeout(() => child.kill("SIGKILL"), AGENT_BROWSER_KILL_GRACE_MS);
+        killProcessTree(child);
+        killGraceTimer = setTimeout(() => killProcess(child), AGENT_BROWSER_KILL_GRACE_MS);
         killGraceTimer.unref?.();
       }, timeoutMs);
       killTimer.unref?.();
@@ -263,16 +284,15 @@ async function sweepStaleStagingProfiles(targetDir) {
 
 async function createProfilePlan(profileDir) {
   const targetDir = resolve(profileDir);
-  if (!targetDir.startsWith("/")) {
+  if (!isAbsolute(targetDir)) {
     throw new Error(`Oracle profileDir must be an absolute path: ${profileDir}`);
   }
   if (targetDir === "/" || targetDir === homedir()) {
     throw new Error(`Oracle profileDir is unsafe: ${targetDir}`);
   }
-  if (targetDir === REAL_CHROME_USER_DATA_DIR || targetDir.startsWith(`${REAL_CHROME_USER_DATA_DIR}/`)) {
-    throw new Error(`Oracle profileDir must not point into the real Chrome user-data directory: ${targetDir}`);
-  }
-
+  assertNotKnownBrowserUserDataPath(targetDir, "Oracle profileDir", {
+    cookieSources: { chromeProfile: config.auth.chromeProfile, chromeCookiePath: config.auth.chromeCookiePath },
+  });
   const stagingDir = `${targetDir}.staging-${Date.now()}`;
   const backupDir = `${targetDir}.prev`;
   await mkdir(dirname(targetDir), { recursive: true, mode: 0o700 });
@@ -552,6 +572,11 @@ function formatAuthFailureGuidance(error) {
       "3. Quit the browser fully.",
       "4. Re-run /oracle-auth.",
     );
+    if (process.platform === "linux") {
+      lines.push(
+        "5. If Chromium encrypted-cookie warnings mention the Linux keyring, install/configure secret-tool or kwallet-query, or set SWEET_COOKIE_LINUX_KEYRING / SWEET_COOKIE_CHROME_SAFE_STORAGE_PASSWORD / SWEET_COOKIE_BRAVE_SAFE_STORAGE_PASSWORD for this run before rerunning.",
+      );
+    }
   }
 
   lines.push(
@@ -592,6 +617,10 @@ async function readRawSourceCookies() {
 
 async function readSourceCookies() {
   await log(`Reading ${providerName()} cookies from ${cookieSourceLabel()}`);
+  // Sweet Cookie reads Linux safe-storage overrides directly from process.env.
+  // Keep the worker's environment stable for the rest of this short-lived
+  // bootstrap process, but scrub every helper/browser subprocess via
+  // spawnCommand's sweetCookieSafeStoragePasswordScrubbedEnv().
   const { cookies, warnings } = await readRawSourceCookies();
 
   if (warnings.length) {

package/extensions/oracle/worker/chatgpt-ui-helpers.d.mts

@@ -11,6 +11,8 @@ export declare const CHATGPT_CANONICAL_APP_ORIGINS: readonly string[];
 
 export declare function buildAllowedChatGptOrigins(chatUrl: string, authUrl?: string): string[];
 export declare function matchesModelFamilyLabel(label: string | undefined, family: OracleUiModelFamily): boolean;
+export declare function matchesRequestedModelControlLabel(label: string | undefined, selection: OracleUiSelection): boolean;
+export declare function matchesCompactIntelligenceOpenerLabel(label: string | undefined): boolean;
 export declare function requestedEffortLabel(selection: OracleUiSelection): string | undefined;
 export declare function effortSelectionVisible(snapshot: string, effortLabel: string | undefined): boolean;
 export declare function thinkingChipVisible(snapshot: string): boolean;