scripter-x 1.0.29 → 1.0.31

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scripter-x",
-  "version": "1.0.29",
+  "version": "1.0.31",
   "description": "ScripterX — local Flipkart session extractor (runs on your residential IP, syncs to marthunt)",
   "type": "module",
   "bin": {

package/src/commands.js

@@ -8,10 +8,11 @@ import * as tp from './providers/tempotp.js';
 import * as oc from './providers/otpcart.js';
 import * as kuku from './providers/kuku.js';
 import * as zepto from './providers/zepto.js';
+import * as bigbasket from './providers/bigbasket.js';
 import { checkCouponTier } from './providers/zeptoCoupon.js';
 import { homedir } from 'node:os';
 import { join, dirname } from 'node:path';
-import { mkdirSync, writeFileSync, readFileSync, existsSync } from 'node:fs';
+import { mkdirSync, writeFileSync, appendFileSync, readFileSync, existsSync } from 'node:fs';
 import { Worker } from './worker.js';
 import { RunController } from './controller.js';
 import { STATUS } from './theme.js';
@@ -129,11 +130,13 @@ async function buildProvider(io, name) {
 }
 
 export async function run(io, api, args = {}) {
-  // TARGET: Flipkart (the backend campaign flow) or Zepto (local OTP → ZAUTH1 envelope).
-  const target = args.target || (args.number ? 'zepto' : (await io.select('what to extract?', [
+  // TARGET: Flipkart (backend campaign), Zepto, or BigBasket (local OTP → session JSON).
+  const target = args.target || (await io.select('what to extract?', [
     { label: 'Flipkart', value: 'flipkart', description: 'session JSON via OTP provider (campaign)' },
-    { label: 'Zepto', value: 'zepto', description: 'headless extraction (auto) OR local OTP login (manual)' }])).value);
+    { label: 'Zepto', value: 'zepto', description: 'headless extraction (auto) OR local OTP login (manual)' },
+    { label: 'BigBasket', value: 'bigbasket', description: 'local OTP login → session JSON (manual; auto soon)' }])).value;
   if (target === 'zepto') return zeptoCmd(io, api, args);
+  if (target === 'bigbasket') return bigbasketCmd(io, api, args);
 
   api = api || await getApi(io);
 
@@ -289,29 +292,32 @@ export async function recheck(io, _api, args = {}) {
 // code → we verify, build the ZAUTH1 envelope, and write {phone}-{timestamp}.txt.
 // LOOPS: after each one it asks for the next number — keep going until the user
 // presses Esc (or double Ctrl+C). Runs entirely on your IP.
-// Resolve the dir + tier-file path for a Zepto envelope. tier ∈ rs50|rs75|rs100|normal|unchecked|''.
-function zeptoOutPath(args, number, tier) {
-  const stamp = new Date().toISOString().replace(/[:.]/g, '-');
-  const suffix = tier ? `-${tier}` : '';
-  let baseDir;
+// Resolve the base dir for Zepto envelope output.
+function zeptoBaseDir(args) {
   if (args.out) {
     const expanded = args.out.startsWith('~') ? join(homedir(), args.out.slice(1)) : args.out;
-    // if --out is an explicit file, honor it (no tier split); else treat as dir
-    if (/\.(txt|json)$/i.test(expanded) && !tier) return expanded;
-    baseDir = /\.(txt|json)$/i.test(expanded) ? dirname(expanded) : expanded;
-  } else {
-    const downloads = join(homedir(), 'Downloads');
-    baseDir = join(existsSync(downloads) ? downloads : homedir(), 'scripterx', 'zepto');
+    return /\.(txt|json)$/i.test(expanded) ? dirname(expanded) : expanded;
   }
-  // tier accounts go into per-tier subfolders so the 4 types are cleanly separated
-  const dir = tier ? join(baseDir, tier) : baseDir;
-  mkdirSync(dir, { recursive: true });
-  return join(dir, `${number}-${stamp}.txt`);
+  const downloads = join(homedir(), 'Downloads');
+  return join(existsSync(downloads) ? downloads : homedir(), 'scripterx', 'zepto');
 }
 
-// Append one envelope to the right tier file/dir and return the path written.
+// Save one envelope. With a tier → APPEND to {tier}.txt (one envelope per block,
+// blank-line separated, so the file is readable + paste-friendly). Without a tier →
+// a single per-number timestamped file (legacy behaviour). Returns the path written.
 function saveZeptoEnvelope(args, number, envelope, tier) {
-  const dest = zeptoOutPath(args, number, tier);
+  const baseDir = zeptoBaseDir(args);
+  if (tier) {
+    mkdirSync(baseDir, { recursive: true });
+    const dest = join(baseDir, `${tier}.txt`);
+    // append with a blank-line separator if the file already has content
+    const block = (existsSync(dest) ? '\n' : '') + envelope + '\n';
+    appendFileSync(dest, block);
+    return dest;
+  }
+  const stamp = new Date().toISOString().replace(/[:.]/g, '-');
+  const dest = join(baseDir, `${number}-${stamp}.txt`);
+  mkdirSync(baseDir, { recursive: true });
   writeFileSync(dest, envelope + '\n');
   return dest;
 }
@@ -438,12 +444,29 @@ export async function zeptoCmd(io, api, args = {}) {
   const { ZeptoWorker } = await import('./worker.js');
   const { RunController } = await import('./controller.js');
   const controller = new RunController({ name, provider: 'otpcart-zepto', requested: count });
+
+  // INCREMENTAL SAVE: append every extracted envelope to its tier file the instant it
+  // succeeds — so a mid-campaign stop / double-Ctrl+C / crash never loses an account.
+  const tierDir = checkCoupon ? zeptoTierDir(args, name) : null;
+  const savedTiers = {}; // tier -> count, for the final summary
+  const onResult = (res) => {
+    if (res.status !== 'success' || !res.envelope) return;
+    if (checkCoupon) {
+      const tier = res.coupon_tier || 'unchecked';
+      mkdirSync(tierDir, { recursive: true });
+      const dest = join(tierDir, `${tier}.txt`);
+      appendFileSync(dest, (existsSync(dest) ? '\n' : '') + res.envelope + '\n');
+      savedTiers[tier] = (savedTiers[tier] || 0) + 1;
+    }
+  };
+
   const worker = new ZeptoWorker(provider, {
     requested: count,
     concurrency,
     certSha: cert,
     checkCoupon,
     onEvent: controller.handleEvent,
+    onResult,
   });
   controller.stop = () => worker.stop();
 
@@ -475,41 +498,125 @@ export async function zeptoCmd(io, api, args = {}) {
 
   io.print(`  ✓ done — ${worker.stats.succeeded} succeeded · ${worker.stats.failed} failed · ${worker.stats.cancelled} cancelled · ₹${worker.stats.charges} spent`);
 
-  if (worker.stats.succeeded > 0) {
+  // Note "stopped" so the summary is honest about a mid-run stop.
+  if (worker.stopped) io.print('  ⚠ campaign stopped — saving everything extracted so far', 'warn');
+
+  const succeeded = results.filter((r) => r.status === 'success' && r.envelope);
+  if (succeeded.length > 0) {
+    // combined full/zauth files (all successes, for convenience)
     const saved = await saveZeptoSessions(results, name, args.out);
     if (saved) {
       io.print(`  ✓ saved ${saved.count} session(s) to 2 files:`);
       io.print(`     full   → ${saved.fullPath}`, 'accent');
       io.print(`     zauth  → ${saved.zauthPath}`, 'accent');
     }
-    // If coupon-tier was checked, ALSO split the envelopes into per-tier files.
     if (checkCoupon) {
-      const tiers = {};
-      for (const r of results) {
-        if (r.status !== 'success') continue;
-        const tier = r.coupon_tier || 'unchecked';
-        (tiers[tier] = tiers[tier] || []).push(r.envelope);
-      }
-      io.print('  ◉ coupon tiers:');
+      // tier files were written INCREMENTALLY during the run (survives any exit).
+      io.print(`  ◉ coupon tiers (saved live in ${tierDir}):`);
       for (const tier of ['rs100', 'rs75', 'rs50', 'normal', 'unchecked']) {
-        if (!tiers[tier]?.length) continue;
-        const dir = zeptoTierDir(args, name);
-        const dest = join(dir, `${tier}.txt`);
-        mkdirSync(dir, { recursive: true });
-        writeFileSync(dest, tiers[tier].join('\n') + '\n');
-        io.print(`     ${TIER_LABEL[tier]} (${tiers[tier].length}) → ${dest}`, 'accent');
+        if (!savedTiers[tier]) continue;
+        io.print(`     ${TIER_LABEL[tier]} (${savedTiers[tier]}) → ${join(tierDir, `${tier}.txt`)}`, 'accent');
       }
     } else {
       io.print('  ◉ ZAUTH1 envelopes:');
-      for (const r of results) {
-        if (r.status === 'success') io.print(`     +91${r.mobile}  →  ${r.envelope}`, 'accent');
-      }
+      for (const r of succeeded) io.print(`     +91${r.mobile}  →  ${r.envelope}`, 'accent');
     }
   } else {
     io.print('  ◉ no sessions extracted — nothing to save.');
   }
 }
 
+// ── BigBasket: local OTP login → session JSON ────────────────────────────────
+// Manual mode (built now): enter a number → SMS an OTP locally → type the code →
+// verify → write {phone}-{timestamp}.json with { phone, bbAuthToken, mId, bbVisitorId }.
+// LOOPS until Esc. Runs entirely on your IP. Auto mode lands once the server is wired.
+
+// Resolve the base dir for BigBasket session output.
+function bigbasketBaseDir(args) {
+  if (args.out) {
+    const expanded = args.out.startsWith('~') ? join(homedir(), args.out.slice(1)) : args.out;
+    return /\.(json|txt)$/i.test(expanded) ? dirname(expanded) : expanded;
+  }
+  const downloads = join(homedir(), 'Downloads');
+  return join(existsSync(downloads) ? downloads : homedir(), 'scripterx', 'bigbasket');
+}
+
+// Save one session as a per-number JSON. Returns the path written.
+function saveBigbasketSession(args, number, sessionKeys) {
+  const baseDir = bigbasketBaseDir(args);
+  mkdirSync(baseDir, { recursive: true });
+  const stamp = new Date().toISOString().replace(/[:.]/g, '-');
+  const dest = join(baseDir, `${number}-${stamp}.json`);
+  writeFileSync(dest, JSON.stringify(sessionKeys, null, 2) + '\n');
+  return dest;
+}
+
+export async function bigbasketCmd(io, api, args = {}) {
+  // Only manual exists today; auto is wired after the server contract is known.
+  const mode = args.auto ? 'auto' : 'manual';
+  if (mode === 'auto') {
+    io.print('  ! BigBasket auto mode is not wired yet — coming once the server is set.', 'danger');
+    io.print('  ◉ use manual for now:  scripterx bigbasket --manual', 'accent');
+    return;
+  }
+
+  io.print('  ◉ BigBasket — local OTP → session JSON (Manual)');
+  io.print('  ◉ press esc to cancel', 'accent');
+
+  let done = 0;
+  let lastSig = 0, stopping = false;
+  const onSigint = () => {
+    const now = Date.now();
+    if (now - lastSig < 2000) { stopping = true; process.exit(0); }
+    lastSig = now;
+    io.print('  ⚠ press Ctrl+C again to exit');
+  };
+  const interactive = !!io.startRun; // ink App owns its own Ctrl+C
+  if (!interactive) process.on('SIGINT', onSigint);
+
+  try {
+    for (;;) {
+      // number entry — Esc stops the whole loop
+      const raw = args.number || await io.ask('bigbasket phone number', { escapable: true });
+      if (raw === CANCEL) break;
+      const number = String(raw).replace(/\D/g, '').slice(-10);
+      if (number.length !== 10) { io.print('  ! enter a 10-digit number', 'danger'); if (args.number) break; continue; }
+
+      try {
+        const session = bigbasket.newSession(number);
+        io.print(`  ◉ sending OTP to ${number} …`);
+        const s = await bigbasket.sendOtp(session);
+        if (!s.ok) { io.print(`  ✗ could not send OTP: ${s.msg || s.status}`, 'danger'); if (args.number) break; continue; }
+        io.print('  ✓ OTP sent');
+
+        // OTP entry — Esc abandons this number and loops back
+        const otpRaw = args.otp || await io.ask('enter the OTP', { escapable: true });
+        if (otpRaw === CANCEL) break;
+        const v = await bigbasket.verifyOtp(session, String(otpRaw).trim());
+        if (!v.ok) { io.print(`  ✗ OTP verify failed: ${v.error || v.status}`, 'danger'); if (args.number) break; continue; }
+        io.print(`  ✓ logged in${v.user?.first_name ? ` as ${v.user.first_name}` : ''}`);
+
+        const keys = bigbasket.toSessionKeys(session);
+        const dest = saveBigbasketSession(args, number, keys);
+        done++;
+        io.print('  ✓ session saved to:');
+        io.print(`     ${dest}`, 'accent');
+        io.print(`     bbAuthToken=${(keys.bbAuthToken || '').slice(0, 24)}…  mId=${keys.mId}  bbVisitorId=${keys.bbVisitorId}`, 'accent');
+      } catch (e) {
+        io.print(`  ✗ ${number}: ${e.message}`, 'danger');
+        if (args.number) break;
+        continue;
+      }
+
+      if (args.number) break;            // one-shot: do exactly one and stop
+      io.print('  ◉ next number (esc to finish)', 'accent');
+    }
+  } finally {
+    if (!interactive && !stopping) process.off('SIGINT', onSigint);
+  }
+  io.print(`  ✓ done — ${done} session(s) saved.`);
+}
+
 const TIER_LABEL = { rs100: '🟢 ₹100', rs75: '🟢 ₹75', rs50: '🟢 ₹50', normal: '⚪ normal', unchecked: '❔ unchecked' };
 
 // The directory the per-tier files go in for an auto run.
@@ -691,7 +798,7 @@ export async function configCmd(io, _api, args = {}) {
 }
 
 export function help(io) {
-  io.print('  commands: run · zepto · recheck · campaigns · export · balance · creds · stop · delete · whoami · config · update · logout · exit');
+  io.print('  commands: run · zepto · bigbasket · recheck · campaigns · export · balance · creds · stop · delete · whoami · config · update · logout · exit');
 }
 
 export async function update(io) {
@@ -717,6 +824,6 @@ export async function update(io) {
 
 // dispatch table used by the interactive shell
 export const REGISTRY = {
-  run, zepto: zeptoCmd, recheck, campaigns, export: exportCmd, balance, creds, stop, delete: del,
+  run, zepto: zeptoCmd, bigbasket: bigbasketCmd, recheck, campaigns, export: exportCmd, balance, creds, stop, delete: del,
   whoami, login, logout, config: configCmd, update, help,
 };

package/src/index.js

@@ -54,6 +54,9 @@ const HELP = `${paint.bold('scripterx')} — local Flipkart session extractor
        --auto | --manual    --count N  --concurrency N  --out <file|dir>  --cert <64hex>
        --number <10-digit>  --otp <code>
        (envelope keyed to ZeptoAuthManager cert; override with --cert or $ZAUTH_CERT_SHA)
+  scripterx bigbasket [flags]  local BigBasket OTP login → session JSON (alias: bb)
+       --manual             --number <10-digit>  --otp <code>  --out <file|dir>
+       → writes {phone, bbAuthToken, mId, bbVisitorId} per number (auto mode soon)
   scripterx recheck <file>  re-validate Minutes status of a session JSON, locally (your IP)
        → re-splits into corrected -minutes-free / -minutes-used files + stats
   scripterx campaigns | export [name] | balance | creds | stop | delete | whoami | config
@@ -106,7 +109,7 @@ async function main() {
   }
 
   // ── one-shot mode ──
-  const map = { run: 'run', zepto: 'zepto', recheck: 'recheck', campaigns: 'campaigns', export: 'export', balance: 'balance',
+  const map = { run: 'run', zepto: 'zepto', bigbasket: 'bigbasket', bb: 'bigbasket', recheck: 'recheck', campaigns: 'campaigns', export: 'export', balance: 'balance',
     creds: 'creds', stop: 'stop', delete: 'delete', whoami: 'whoami', login: 'login',
     logout: 'logout', config: 'config', update: 'update', help: 'help' };
   const fnName = map[cmd];

package/src/providers/bigbasket.js

@@ -0,0 +1,184 @@
+// BigBasket local login provider — send an OTP to a phone number and verify it,
+// straight against BigBasket's native API (runs on YOUR IP, no emulator, no backend).
+//
+// Flow (reverse-engineered from the native app; the login screen is Flutter, so its
+// OTP calls don't show in a proxy — but they're plain native endpoints we can call):
+//   1. sendOtp(session)        -> register device + harvest csrf/csurf, then SMS an OTP.
+//   2. verifyOtp(session, otp) -> unified-login returns { bb_token, m_id, visitor_id }.
+//
+// IMPORTANT: the native /member-tdl/v3/member/otp/ endpoint needs **no reCAPTCHA**.
+// Bootstrap (register/device + ui-svc/header) is what mints the csrftoken + csurftoken
+// the OTP/verify POSTs require. Verify body uses mobile_no + mobile_no_otp + refId +
+// source:"BIGBASKET" (NOT identifier/referrer — that 400s with HU4000).
+//
+// Same shape as providers/zepto.js so the CLI command can mirror zeptoCmd exactly.
+import https from 'node:https';
+import crypto from 'node:crypto';
+import { hostname } from 'node:os';
+import * as throttle from '../throttle.js';
+
+const HOST = 'www.bigbasket.com';
+const APP_VERSION = '8.13.0';
+const BUILD_CODE = '24105210';
+const OS_RELEASE = '13';
+
+const uuid = () => crypto.randomUUID();
+// stable per-machine device id (the app keeps one forever in SharedPreferences)
+function deviceId() {
+  const seed = hostname() + '|scripterx-bb-android';
+  return crypto.createHash('sha1').update(seed).digest('hex').slice(0, 16);
+}
+
+// ── cookie jar (the app quotes some identity cookies) ─────────────────────────
+const QUOTED = new Set(['_bb_source', '_bb_vid', 'BBAUTHTOKEN', '_bb_mid']);
+function cookieHeader(jar) {
+  jar._bb_source = 'app'; // marks the session as the Android app
+  return Object.entries(jar)
+    .filter(([, v]) => v != null && v !== '')
+    .map(([k, v]) => (QUOTED.has(k) ? `${k}="${v}"` : `${k}=${v}`))
+    .join('; ');
+}
+function absorb(jar, setCookie) {
+  (setCookie || []).forEach((c) => {
+    const kv = c.split(';')[0];
+    const i = kv.indexOf('=');
+    if (i > 0) {
+      const name = kv.slice(0, i).trim();
+      const val = kv.slice(i + 1).trim().replace(/^"(.*)"$/, '$1');
+      if (val && val.toLowerCase() !== 'deleted') jar[name] = val;
+    }
+  });
+}
+
+// ── native header builder (mirrors the two OkHttp interceptors) ───────────────
+function headers(session, method, extra = {}) {
+  const h = {
+    Accept: 'application/json, text/plain, */*',
+    'Content-Type': 'application/json',
+    'User-Agent': `BB Android/v${APP_VERSION}/os ${OS_RELEASE}`,
+    'X-Channel': 'BB-Android',
+    'X-Caller': 'Monster-SVC',
+    'X-Tracker': uuid(),
+    'X-Tcp-Platform': 'native',
+    'X-Tcp-Device-Version': `android_${APP_VERSION}_${BUILD_CODE}`,
+    'common-client-static-version': '101',
+    'X-Entry-Context': 'bbnow',
+    'X-Entry-Context-Id': '10',
+    'x-device-id': session.deviceId,
+    'x-device-model': 'Google sdk_gphone64_arm64',
+    'x-is-debug': 'false',
+    'X-Pharma': 'true',
+    Cookie: cookieHeader(session.jar),
+  };
+  // csurftoken/csrftoken only on mutating requests (ApiCallInterceptor.addCsrfToken)
+  const m = method.toUpperCase();
+  if (m === 'POST' || m === 'PUT' || m === 'DELETE' || m === 'PATCH') {
+    if (session.jar.csurftoken) h['x-csurftoken'] = session.jar.csurftoken;
+    if (session.jar.csrftoken) h['x-csrftoken'] = session.jar.csrftoken;
+  }
+  return { ...h, ...extra };
+}
+
+function req(session, method, path, body, extra = {}) {
+  return new Promise((resolve) => {
+    const payload = body == null ? '' : typeof body === 'string' ? body : JSON.stringify(body);
+    const h = { ...headers(session, method, extra), host: HOST };
+    if (payload) h['Content-Length'] = Buffer.byteLength(payload);
+    const r = https.request({ hostname: HOST, port: 443, method, path, headers: h, timeout: 20000 }, (res) => {
+      const ch = [];
+      res.on('data', (c) => ch.push(c));
+      res.on('end', () => {
+        absorb(session.jar, res.headers['set-cookie']);
+        const text = Buffer.concat(ch).toString('utf8');
+        let json = null;
+        try { json = JSON.parse(text); } catch { /* not json */ }
+        resolve({ status: res.statusCode, text, json });
+      });
+    });
+    r.on('error', (e) => resolve({ status: 0, text: 'err:' + e.message, json: null }));
+    r.on('timeout', () => { r.destroy(); resolve({ status: 0, text: 'timeout', json: null }); });
+    if (payload) r.write(payload);
+    r.end();
+  });
+}
+
+// A fresh session = a new cookie jar + a stable device identity.
+export function newSession(number) {
+  return {
+    jar: {},
+    deviceId: deviceId(),
+    refId: null,
+    mobile: String(number).replace(/\D/g, '').slice(-10),
+    token: null,    // bb_token (BBAUTHTOKEN JWT)
+    mId: null,      // base64 member id (server-provided)
+    visitorId: null, // base64 visitor id (server-provided)
+    user: null,
+  };
+}
+
+// Step 1 — bootstrap (register device + header) then request the OTP SMS.
+// Returns { ok, status, msg }. Stores session.refId on success.
+export async function sendOtp(session) {
+  // (a) register device → csrftoken + _bb_vid
+  const form =
+    'imei=02%3A00%3A00%3A00%3A00%3A00&device_id=' + session.deviceId + '&city_id=1&properties=' +
+    encodeURIComponent(JSON.stringify({
+      platform: 'java', os_name: 'android', os_version: OS_RELEASE, app_version: APP_VERSION,
+      device_make: 'Google', device_model: 'sdk_gphone64_arm64', screen_resolution: '1080X2201', screen_dpi: 420,
+    }));
+  await throttle.wait();
+  await req(session, 'POST', '/mapi/v4.2.0/register/device/', form, { 'Content-Type': 'application/x-www-form-urlencoded' });
+
+  // (b) header → csurftoken
+  await throttle.wait();
+  await req(session, 'GET', '/ui-svc/v2/header/?send_door_info=true');
+
+  if (!session.jar.csurftoken) {
+    return { ok: false, status: 0, msg: 'no csurftoken after bootstrap (blocked?)' };
+  }
+
+  // (c) send OTP
+  await throttle.wait();
+  const r = await req(session, 'POST', '/member-tdl/v3/member/otp/',
+    { identifier: session.mobile, referrer: 'unified_login' },
+    { 'X-Login-Origin': 'unified_login' });
+
+  const refId = r.json && (r.json.refId || r.json.ref_id);
+  const ok = r.status === 200 && !!refId;
+  if (ok) session.refId = refId;
+  return { ok, status: r.status, msg: ok ? (r.json.message || 'OTP sent') : (r.json?.message || r.text.slice(0, 160)) };
+}
+
+// Step 2 — verify the OTP. On success, fills session.token / mId / visitorId / user.
+export async function verifyOtp(session, otp) {
+  if (!session.refId) return { ok: false, status: 0, error: 'no refId — call sendOtp first' };
+  await throttle.wait();
+  const r = await req(session, 'POST', '/member-tdl/v3/member/unified-login/',
+    { mobile_no: session.mobile, mobile_no_otp: String(otp).trim(), refId: session.refId, source: 'BIGBASKET' },
+    { 'X-Login-Origin': 'unified_login', 'X-tcp-client-id': 'BIGBASKET-ANDROID-APP' });
+
+  // Native unified-login returns { bb_token, m_id, visitor_id }.
+  const J = r.json || {};
+  const token = J.bb_token || J.BBAUTHTOKEN || session.jar.BBAUTHTOKEN || J.token;
+  if (r.status === 200 && token) {
+    session.token = token;
+    session.mId = J.m_id || session.jar._bb_mid || null;
+    session.visitorId = J.visitor_id || session.jar._bb_vid || null;
+    session.user = J.member_details || J.user || null;
+    return { ok: true, user: session.user };
+  }
+  // HU4000 / wrong-otp surface here
+  const err = J.errors?.[0]?.msg || J.message || r.text.slice(0, 160);
+  return { ok: false, status: r.status, error: err };
+}
+
+// Build the persisted-session object — the requested {bbAuthToken, mId, bbVisitorId}
+// shape, plus phone for traceability.
+export function toSessionKeys(session) {
+  return {
+    phone: session.mobile,
+    bbAuthToken: session.token || '',
+    mId: session.mId || '',
+    bbVisitorId: session.visitorId || '',
+  };
+}

package/src/ui/RunView.js

@@ -30,10 +30,28 @@ function SlotRow({ slot, mobile, phase, detail, wait }) {
   );
 }
 
+// Per Zepto coupon tier → a colored note for the live results row.
+function couponNote(tier, label) {
+  const C = COLORS;
+  switch (tier) {
+    case 'rs100': return { note: '₹100 coupon', color: C.success };
+    case 'rs75':  return { note: '₹75 coupon',  color: C.success };
+    case 'rs50':  return { note: '₹50 coupon',  color: C.success };
+    case 'normal': return { note: 'no coupon',  color: C.muted };
+    case 'unchecked': return { note: 'coupon unchecked', color: C.warn };
+    default: return { note: label || 'extracted', color: 'gray' };
+  }
+}
+
 // Map a result to a clean { glyph, label, color, note } for display. Driven by the
 // worker's `category` so every outcome reads consistently (no "successed"/"success" mix).
-function resultDisplay({ status, category, detail }) {
+function resultDisplay({ status, category, detail, couponTier, couponLabel }) {
   const C = COLORS;
+  // Zepto coupon-tier success rows: show the EXACT coupon the account has.
+  if (status === 'success' && couponTier) {
+    const cn = couponNote(couponTier, couponLabel);
+    return { glyph: '✓', label: 'success', color: C.success, note: cn.note, noteColor: cn.color };
+  }
   switch (category) {
     case 'fresh':            return { glyph: '🆕', label: 'fresh account',  color: C.accent,  note: 'new account created' };
     case 'coupon':           return { glyph: '✓',  label: 'success',        color: C.success, note: '₹100 coupon available' };
@@ -52,13 +70,13 @@ function resultDisplay({ status, category, detail }) {
   }
 }
 
-function ResultRow({ status, category, mobile, detail, cost }) {
-  const d = resultDisplay({ status, category, detail });
+function ResultRow({ status, category, mobile, detail, cost, couponTier, couponLabel }) {
+  const d = resultDisplay({ status, category, detail, couponTier, couponLabel });
   const mob = (mobile || '—').slice(-10) || '—';
   return h(Box, null,
     h(Box, { width: 13 }, h(Text, null, mob)),
     h(Box, { width: 14 }, h(Text, { color: d.color }, `${d.glyph} ${d.label}`)),
-    h(Box, { flexGrow: 1 }, h(Text, { color: 'gray' }, d.note)),
+    h(Box, { flexGrow: 1 }, h(Text, { color: d.noteColor || 'gray' }, d.note)),
     h(Box, { width: 7, justifyContent: 'flex-end' }, h(Text, { color: 'gray' }, cost ? `₹${cost}` : '')),
   );
 }
@@ -97,7 +115,7 @@ export function RunView({ controller }) {
       slotList.length ? slotList.map((sl) => h(SlotRow, { key: sl.slot, ...sl }))
         : h(Text, { color: 'gray' }, 'starting…')),
     h(Panel, { title: 'results' },
-      lastRows.length ? lastRows.map((r, i) => h(ResultRow, { key: i, status: r.status, category: r.category, mobile: r.mobile, detail: r.detail, cost: r.cost }))
+      lastRows.length ? lastRows.map((r, i) => h(ResultRow, { key: i, status: r.status, category: r.category, mobile: r.mobile, detail: r.detail, cost: r.cost, couponTier: r.coupon_tier, couponLabel: r.coupon_label }))
         : h(Text, { color: 'gray' }, 'waiting for first result…')),
     h(Box, { borderStyle: 'round', borderColor: COLORS.accent, paddingX: 1 },
       h(Text, { color: COLORS.success }, `✓ ${stats.succeeded}`),

package/src/ui/Shell.js

@@ -13,6 +13,7 @@ const h = React.createElement;
 
 export const COMMANDS = [
   { name: 'run', desc: 'run an extraction' },
+  { name: 'bigbasket', desc: 'local BigBasket OTP login → session JSON' },
   { name: 'campaigns', desc: 'list your campaigns' },
   { name: 'export', desc: "download a campaign's sessions" },
   { name: 'balance', desc: 'check provider balance' },

package/src/worker.js

@@ -555,13 +555,14 @@ async function releaseNumber(provider, number, rentedAt, { log = () => {}, warn
 export const __releaseNumberForTest = releaseNumber;
 
 export class ZeptoWorker {
-  constructor(provider, { requested, concurrency, certSha, onEvent, checkCoupon }) {
+  constructor(provider, { requested, concurrency, certSha, onEvent, onResult, checkCoupon }) {
     this.provider = provider;
     this.requested = requested;
     this.concurrency = Math.max(1, Math.min(concurrency, requested));
     this.certSha = certSha;
     this.checkCoupon = !!checkCoupon; // also classify the ₹50/₹75/₹100 coupon tier
     this.onEvent = onEvent || (() => {});
+    this.onResult = onResult || null; // called per successful result for incremental save
     // Surface OTPCart re-logins (session taken over by another login) in the UI.
     if (provider && 'onNotice' in provider) provider.onNotice = (msg) => this.onEvent('warn', `⚠ ${msg}`);
     this.stats = { total: requested, succeeded: 0, failed: 0, cancelled: 0, generated: 0, attempts: 0, charges: 0 };
@@ -595,6 +596,11 @@ export class ZeptoWorker {
     else { this.stats.failed++; this.stats.charges += res.cost || 0; }
     this.onEvent('progress', this.stats);
     this.onEvent('row', res);
+    // Persist each successful envelope IMMEDIATELY (incremental save) so a mid-run
+    // stop / double-Ctrl+C / crash never loses an already-extracted account.
+    if (res.status === 'success' && res.envelope && this.onResult) {
+      try { this.onResult(res); } catch { /* best-effort; never break the loop */ }
+    }
   }
 
   async run() {