site-agent-pro 1.0.0

package/dist/auth/credentialStore.js

@@ -0,0 +1,62 @@
+import fs from "node:fs";
+import path from "node:path";
+const CREDENTIALS_FILE = path.resolve(process.cwd(), ".auth", "credentials.json");
+function getOriginKey(urlString) {
+    try {
+        const url = new URL(urlString);
+        return /^https?:$/i.test(url.protocol) ? url.origin.toLowerCase() : null;
+    }
+    catch {
+        return null;
+    }
+}
+function getLegacyHostnameKey(urlString) {
+    try {
+        return new URL(urlString).hostname.toLowerCase();
+    }
+    catch {
+        return null;
+    }
+}
+function loadCredentials() {
+    try {
+        if (fs.existsSync(CREDENTIALS_FILE)) {
+            const content = fs.readFileSync(CREDENTIALS_FILE, "utf-8");
+            const parsed = JSON.parse(content);
+            return parsed && typeof parsed === "object" ? parsed : {};
+        }
+    }
+    catch (error) {
+        console.error(`Failed to read credentials from ${CREDENTIALS_FILE}`, error);
+    }
+    return {};
+}
+export function saveStoredIdentity(url, identity) {
+    const credentialKey = getOriginKey(url);
+    if (!credentialKey)
+        return;
+    const credentials = loadCredentials();
+    credentials[credentialKey] = identity;
+    try {
+        const dir = path.dirname(CREDENTIALS_FILE);
+        if (!fs.existsSync(dir)) {
+            fs.mkdirSync(dir, { recursive: true });
+        }
+        fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(credentials, null, 2), "utf-8");
+    }
+    catch (error) {
+        console.error(`Failed to save credentials to ${CREDENTIALS_FILE}`, error);
+    }
+}
+export function getStoredIdentity(url) {
+    const credentials = loadCredentials();
+    const originKey = getOriginKey(url);
+    if (originKey && credentials[originKey]) {
+        return credentials[originKey] || null;
+    }
+    const legacyHostnameKey = getLegacyHostnameKey(url);
+    return legacyHostnameKey ? credentials[legacyHostnameKey] || null : null;
+}
+export function hasStoredIdentity(url) {
+    return getStoredIdentity(url) !== null;
+}

package/dist/auth/inbox.js

@@ -0,0 +1,193 @@
+import { ImapFlow } from "imapflow";
+import { simpleParser } from "mailparser";
+import { authSettings } from "./profile.js";
+function normalizeText(value) {
+    return value.replace(/\s+/g, " ").trim();
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function createClient(mailbox) {
+    return new ImapFlow({
+        host: mailbox.host,
+        port: mailbox.port,
+        secure: mailbox.secure,
+        auth: {
+            user: mailbox.user,
+            pass: mailbox.password
+        },
+        logger: false,
+        disableAutoIdle: true
+    });
+}
+function sanitizeUrlCandidate(value) {
+    const trimmed = value.trim().replace(/[)>.,;]+$/g, "");
+    if (!/^https?:\/\//i.test(trimmed)) {
+        return null;
+    }
+    try {
+        return new URL(trimmed).toString();
+    }
+    catch {
+        return null;
+    }
+}
+function extractUrls(source) {
+    const matches = source.match(/https?:\/\/[^\s"'<>]+/gi) ?? [];
+    const unique = new Set();
+    for (const match of matches) {
+        const sanitized = sanitizeUrlCandidate(match);
+        if (sanitized) {
+            unique.add(sanitized);
+        }
+    }
+    return Array.from(unique);
+}
+function hostMatches(candidateUrl, siteHost) {
+    try {
+        const candidateHost = new URL(candidateUrl).hostname.replace(/^www\./, "").toLowerCase();
+        const normalizedSiteHost = siteHost.replace(/^www\./, "").toLowerCase();
+        return candidateHost === normalizedSiteHost || candidateHost.endsWith(`.${normalizedSiteHost}`);
+    }
+    catch {
+        return false;
+    }
+}
+function extractVerificationLink(source, siteHost) {
+    const urls = extractUrls(source);
+    const scored = urls
+        .map((url) => {
+        const lower = url.toLowerCase();
+        let score = 0;
+        if (hostMatches(url, siteHost)) {
+            score += 50;
+        }
+        if (/verify|verification|confirm|activate|magic|signin|sign-in|login|auth|token/.test(lower)) {
+            score += 25;
+        }
+        if (/unsubscribe|privacy|preferences|support/.test(lower)) {
+            score -= 25;
+        }
+        return { url, score };
+    })
+        .sort((left, right) => right.score - left.score);
+    return scored[0]?.score && scored[0].score > 0 ? scored[0].url : undefined;
+}
+function extractOtpCode(source, otpLength) {
+    const contextualPatterns = [
+        new RegExp(`(?:otp|one[ -]?time|verification|security|auth|passcode|code)[^\\d]{0,40}(\\d{${otpLength}})`, "i"),
+        new RegExp(`(\\d{${otpLength}})[^\\d]{0,40}(?:otp|one[ -]?time|verification|security|auth|passcode|code)`, "i")
+    ];
+    for (const pattern of contextualPatterns) {
+        const match = source.match(pattern);
+        if (match?.[1]) {
+            return match[1];
+        }
+    }
+    const exactLengthMatch = source.match(new RegExp(`(?<!\\d)(\\d{${otpLength}})(?!\\d)`));
+    if (exactLengthMatch?.[1]) {
+        return exactLengthMatch[1];
+    }
+    const genericMatch = source.match(/(?<!\d)(\d{4,8})(?!\d)/);
+    return genericMatch?.[1];
+}
+function messageMatchesFilters(args) {
+    const subject = args.subject.toLowerCase();
+    const from = args.from.toLowerCase();
+    const text = args.sourceText.toLowerCase();
+    if (authSettings.emailFromFilter && !from.includes(authSettings.emailFromFilter.toLowerCase())) {
+        return false;
+    }
+    if (authSettings.emailSubjectFilter && !subject.includes(authSettings.emailSubjectFilter.toLowerCase())) {
+        return false;
+    }
+    if (authSettings.emailFromFilter || authSettings.emailSubjectFilter) {
+        return true;
+    }
+    return /verify|verification|confirm|activate|otp|one-time|passcode|code|magic link|login/.test(`${subject} ${from} ${text}`);
+}
+export async function captureInboxCheckpoint(mailbox) {
+    const client = createClient(mailbox);
+    try {
+        await client.connect();
+        const lock = await client.getMailboxLock(mailbox.mailbox, { readOnly: true });
+        try {
+            const mailboxState = client.mailbox === false ? null : client.mailbox;
+            return {
+                uidNext: mailboxState?.uidNext ?? 1,
+                capturedAt: new Date().toISOString()
+            };
+        }
+        finally {
+            lock.release();
+        }
+    }
+    finally {
+        await client.logout().catch(() => undefined);
+    }
+}
+export async function waitForVerificationEmail(args) {
+    const timeoutMs = args.timeoutMs ?? authSettings.emailPollTimeoutMs;
+    const pollIntervalMs = args.pollIntervalMs ?? authSettings.emailPollIntervalMs;
+    const otpLength = args.otpLength ?? authSettings.otpLength;
+    const deadline = Date.now() + timeoutMs;
+    const client = createClient(args.mailbox);
+    try {
+        await client.connect();
+        while (Date.now() < deadline) {
+            const lock = await client.getMailboxLock(args.mailbox.mailbox, { readOnly: true });
+            try {
+                const uidList = (await client.search({ uid: `${args.checkpoint.uidNext}:*` }, { uid: true })) || [];
+                const sortedUids = Array.isArray(uidList) ? [...uidList].sort((left, right) => right - left) : [];
+                if (sortedUids.length > 0) {
+                    const messages = await client.fetchAll(sortedUids.slice(0, 12), {
+                        uid: true,
+                        envelope: true,
+                        source: true
+                    }, { uid: true });
+                    for (const message of messages.sort((left, right) => right.uid - left.uid)) {
+                        if (!message.source) {
+                            continue;
+                        }
+                        const parsed = await simpleParser(message.source);
+                        const subject = normalizeText(parsed.subject || message.envelope?.subject || "");
+                        const from = normalizeText(parsed.from?.text ||
+                            message.envelope?.from?.map((entry) => entry.address || entry.name || "").join(", ") ||
+                            "");
+                        const sourceText = normalizeText([parsed.text || "", typeof parsed.html === "string" ? parsed.html : ""].join("\n"));
+                        if (args.recipientEmail) {
+                            const toAddresses = (message.envelope?.to?.map((entry) => entry.address?.toLowerCase()).filter(Boolean) ?? []);
+                            if (!toAddresses.includes(args.recipientEmail.toLowerCase())) {
+                                continue;
+                            }
+                        }
+                        if (!messageMatchesFilters({ subject, from, sourceText })) {
+                            continue;
+                        }
+                        const verificationLink = extractVerificationLink(sourceText, args.siteHost);
+                        const otpCode = extractOtpCode(sourceText, otpLength);
+                        if (!verificationLink && !otpCode) {
+                            continue;
+                        }
+                        return {
+                            uid: message.uid,
+                            receivedAt: (parsed.date || message.envelope?.date || new Date()).toISOString(),
+                            subject,
+                            from,
+                            ...(otpCode ? { otpCode } : {}),
+                            ...(verificationLink ? { verificationLink } : {})
+                        };
+                    }
+                }
+            }
+            finally {
+                lock.release();
+            }
+            await sleep(pollIntervalMs);
+        }
+    }
+    finally {
+        await client.logout().catch(() => undefined);
+    }
+    throw new Error(`Timed out after ${Math.round(timeoutMs / 1000)} seconds waiting for a verification email in ${args.mailbox.mailbox}.`);
+}

package/dist/auth/profile.js

@@ -0,0 +1,379 @@
+import crypto from "node:crypto";
+import { AsyncLocalStorage } from "node:async_hooks";
+import dotenv from "dotenv";
+import path from "node:path";
+import { z } from "zod";
+import { config } from "../config.js";
+import { getStoredIdentity, hasStoredIdentity } from "./credentialStore.js";
+dotenv.config();
+function normalizeOptionalString(value) {
+    const trimmed = value?.trim();
+    return trimmed ? trimmed : undefined;
+}
+const AuthEnvSchema = z.object({
+    AUTH_TEST_EMAIL: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_USERNAME: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_PASSWORD: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_FIRST_NAME: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_LAST_NAME: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_PHONE: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_ADDRESS_LINE1: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_ADDRESS_LINE2: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_CITY: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_STATE: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_POSTAL_CODE: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_COUNTRY: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_TEST_COMPANY: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_IMAP_HOST: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_IMAP_PORT: z.coerce.number().int().positive().default(993),
+    AUTH_IMAP_SECURE: z
+        .string()
+        .optional()
+        .transform((value) => value !== "false"),
+    AUTH_IMAP_USER: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_IMAP_PASSWORD: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_IMAP_MAILBOX: z.string().default("INBOX").transform((value) => value.trim() || "INBOX"),
+    AUTH_EMAIL_POLL_TIMEOUT_MS: z.coerce.number().int().positive().default(180000),
+    AUTH_EMAIL_POLL_INTERVAL_MS: z.coerce.number().int().positive().default(5000),
+    AUTH_OTP_LENGTH: z.coerce.number().int().min(4).max(8).default(6),
+    AUTH_EMAIL_FROM_FILTER: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_EMAIL_SUBJECT_FILTER: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_GENERATED_IDENTITY_MAX_ATTEMPTS: z.coerce.number().int().min(1).max(10).default(5),
+    AUTH_SIGNUP_URL: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_LOGIN_URL: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_ACCESS_URL: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_SESSION_STATE_PATH: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value)),
+    AUTH_EMAIL_DOMAIN: z
+        .string()
+        .optional()
+        .transform((value) => normalizeOptionalString(value))
+});
+const authOverrides = {};
+function getAuthEnv() {
+    const base = AuthEnvSchema.parse(process.env);
+    return {
+        ...base,
+        ...authOverrides
+    };
+}
+const ACCESS_IDENTITY_CONTEXT = new AsyncLocalStorage();
+const HARD_CODED_AGENT_IDENTITIES = [
+    {
+        firstName: "Atlas",
+        lastName: "Sentinel",
+        emailLocalPart: "site-agent-pro-atlas",
+        phone: "+12025550111",
+        company: "Site Agent Pro Atlas QA"
+    },
+    {
+        firstName: "Beacon",
+        lastName: "Sentinel",
+        emailLocalPart: "site-agent-pro-beacon",
+        phone: "+12025550122",
+        company: "Site Agent Pro Beacon QA"
+    },
+    {
+        firstName: "Cipher",
+        lastName: "Sentinel",
+        emailLocalPart: "site-agent-pro-cipher",
+        phone: "+12025550133",
+        company: "Site Agent Pro Cipher QA"
+    },
+    {
+        firstName: "Drift",
+        lastName: "Sentinel",
+        emailLocalPart: "site-agent-pro-drift",
+        phone: "+12025550144",
+        company: "Site Agent Pro Drift QA"
+    },
+    {
+        firstName: "Echo",
+        lastName: "Sentinel",
+        emailLocalPart: "site-agent-pro-echo",
+        phone: "+12025550155",
+        company: "Site Agent Pro Echo QA"
+    }
+];
+const generatedAccessIdentities = new Map();
+export const authSettings = {
+    get signupUrl() { return getAuthEnv().AUTH_SIGNUP_URL; },
+    get loginUrl() { return getAuthEnv().AUTH_LOGIN_URL; },
+    get accessUrl() { return getAuthEnv().AUTH_ACCESS_URL; },
+    get emailPollTimeoutMs() { return getAuthEnv().AUTH_EMAIL_POLL_TIMEOUT_MS; },
+    get emailPollIntervalMs() { return getAuthEnv().AUTH_EMAIL_POLL_INTERVAL_MS; },
+    get otpLength() { return getAuthEnv().AUTH_OTP_LENGTH; },
+    get emailFromFilter() { return getAuthEnv().AUTH_EMAIL_FROM_FILTER; },
+    get emailSubjectFilter() { return getAuthEnv().AUTH_EMAIL_SUBJECT_FILTER; },
+    get generatedIdentityMaxAttempts() { return getAuthEnv().AUTH_GENERATED_IDENTITY_MAX_ATTEMPTS; }
+};
+export function updateAuthSettings(updates) {
+    Object.assign(authOverrides, updates);
+}
+function resolveAgentSlot(args) {
+    const rawIndex = args?.agentIndex;
+    const normalized = typeof rawIndex === "number" && Number.isFinite(rawIndex) ? Math.round(rawIndex) : 1;
+    return Math.min(HARD_CODED_AGENT_IDENTITIES.length, Math.max(1, normalized));
+}
+function getActiveAccessIdentityContext() {
+    return ACCESS_IDENTITY_CONTEXT.getStore() ?? {};
+}
+function resolveAgentIdentityTemplate(args) {
+    return HARD_CODED_AGENT_IDENTITIES[resolveAgentSlot(args) - 1] ?? HARD_CODED_AGENT_IDENTITIES[0];
+}
+function buildScopedEmail(baseEmail, template) {
+    if (!baseEmail) {
+        if (getAuthEnv().AUTH_EMAIL_DOMAIN) {
+            const seed = crypto.randomBytes(4).toString("hex");
+            return `${template.emailLocalPart}-${seed}@${getAuthEnv().AUTH_EMAIL_DOMAIN}`;
+        }
+        return `${template.emailLocalPart}@example.com`;
+    }
+    const parts = splitEmailAddress(baseEmail);
+    if (!parts) {
+        return baseEmail;
+    }
+    const baseLocal = parts.localPart.split("+", 1)[0] || parts.localPart;
+    return `${baseLocal}+${template.emailLocalPart}@${parts.domain}`;
+}
+export async function runWithAccessIdentityContext(context, fn) {
+    return await ACCESS_IDENTITY_CONTEXT.run(context, fn);
+}
+export function getAccessIdentityLabel(context) {
+    const template = resolveAgentIdentityTemplate(context ?? getActiveAccessIdentityContext());
+    return `${template.firstName} ${template.lastName}`;
+}
+export function isAuthBootstrapConfigured(url) {
+    return Boolean((url && hasStoredIdentity(url)) || (getAuthEnv().AUTH_TEST_EMAIL && getAuthEnv().AUTH_TEST_PASSWORD));
+}
+export function requireAuthIdentity() {
+    const env = getAuthEnv();
+    if (!env.AUTH_TEST_EMAIL) {
+        throw new Error("AUTH_TEST_EMAIL is required when --auth-flow is enabled.");
+    }
+    if (!env.AUTH_TEST_PASSWORD) {
+        throw new Error("AUTH_TEST_PASSWORD is required when --auth-flow is enabled.");
+    }
+    const template = resolveAgentIdentityTemplate(getActiveAccessIdentityContext());
+    return {
+        email: buildScopedEmail(env.AUTH_TEST_EMAIL, template),
+        username: env.AUTH_TEST_USERNAME,
+        password: env.AUTH_TEST_PASSWORD,
+        firstName: template.firstName,
+        lastName: template.lastName,
+        fullName: `${template.firstName} ${template.lastName}`.trim(),
+        phone: env.AUTH_TEST_PHONE ?? template.phone,
+        addressLine1: env.AUTH_TEST_ADDRESS_LINE1 ?? "123 Test Lane",
+        addressLine2: env.AUTH_TEST_ADDRESS_LINE2 ?? "Suite 100",
+        city: env.AUTH_TEST_CITY ?? "Austin",
+        state: env.AUTH_TEST_STATE ?? "Texas",
+        postalCode: env.AUTH_TEST_POSTAL_CODE ?? "78701",
+        country: env.AUTH_TEST_COUNTRY ?? "United States",
+        company: env.AUTH_TEST_COMPANY ?? template.company
+    };
+}
+function splitEmailAddress(email) {
+    const atIndex = email.lastIndexOf("@");
+    if (atIndex <= 0 || atIndex === email.length - 1) {
+        return null;
+    }
+    return {
+        localPart: email.slice(0, atIndex),
+        domain: email.slice(atIndex + 1)
+    };
+}
+function buildRetrySeed() {
+    return crypto.randomBytes(4).toString("hex");
+}
+function buildVariantPhoneNumber(phone, attempt) {
+    if (attempt <= 1) {
+        return phone;
+    }
+    const digits = phone.replace(/\D/g, "");
+    if (digits.length < 7) {
+        return phone;
+    }
+    const attemptDigits = String(attempt).padStart(4, "0").slice(-4);
+    const prefix = digits.slice(0, Math.max(0, digits.length - 4));
+    const normalized = `${prefix}${attemptDigits}`;
+    return phone.trim().startsWith("+") ? `+${normalized}` : normalized;
+}
+function buildVariantEmail(baseEmail, attempt, retrySeed) {
+    if (attempt <= 1) {
+        return baseEmail;
+    }
+    const parts = splitEmailAddress(baseEmail);
+    if (!parts) {
+        return baseEmail;
+    }
+    return `${parts.localPart}+siteagent-${retrySeed}-${attempt}@${parts.domain}`;
+}
+function buildVariantIdentity(baseIdentity, attempt, retrySeed) {
+    if (attempt <= 1) {
+        return baseIdentity;
+    }
+    return {
+        email: buildVariantEmail(baseIdentity.email, attempt, retrySeed),
+        username: baseIdentity.username,
+        password: baseIdentity.password,
+        firstName: baseIdentity.firstName,
+        lastName: baseIdentity.lastName,
+        fullName: baseIdentity.fullName,
+        phone: buildVariantPhoneNumber(baseIdentity.phone, attempt),
+        addressLine1: baseIdentity.addressLine1,
+        addressLine2: baseIdentity.addressLine2,
+        city: baseIdentity.city,
+        state: baseIdentity.state,
+        postalCode: baseIdentity.postalCode,
+        country: baseIdentity.country,
+        company: baseIdentity.company
+    };
+}
+export function createAuthIdentityPlan(url) {
+    if (url) {
+        const storedIdentity = getStoredIdentity(url);
+        if (storedIdentity) {
+            return {
+                maxAttempts: 1,
+                identities: [storedIdentity],
+                source: "stored"
+            };
+        }
+    }
+    const baseIdentity = requireAuthIdentity();
+    const retrySeed = buildRetrySeed();
+    const maxAttempts = authSettings.generatedIdentityMaxAttempts;
+    return {
+        maxAttempts,
+        identities: Array.from({ length: maxAttempts }, (_, index) => buildVariantIdentity(baseIdentity, index + 1, retrySeed)),
+        source: "configured"
+    };
+}
+export function getPreferredAccessIdentity(url) {
+    if (url) {
+        const storedIdentity = getStoredIdentity(url);
+        if (storedIdentity) {
+            return storedIdentity;
+        }
+    }
+    if (isAuthBootstrapConfigured()) {
+        return requireAuthIdentity();
+    }
+    const context = getActiveAccessIdentityContext();
+    const agentSlot = resolveAgentSlot(context);
+    if (!generatedAccessIdentities.has(agentSlot)) {
+        const retrySeed = buildRetrySeed();
+        const template = resolveAgentIdentityTemplate(context);
+        const emailDomain = getAuthEnv().AUTH_EMAIL_DOMAIN;
+        generatedAccessIdentities.set(agentSlot, {
+            email: emailDomain
+                ? `${template.emailLocalPart}-${retrySeed}@${emailDomain}`
+                : `${template.emailLocalPart}+${retrySeed}@example.com`,
+            password: `SiteAgent!${retrySeed.slice(0, 4)}9`,
+            firstName: template.firstName,
+            lastName: template.lastName,
+            fullName: `${template.firstName} ${template.lastName}`,
+            phone: template.phone,
+            addressLine1: "123 Test Lane",
+            addressLine2: "Suite 100",
+            city: "Austin",
+            state: "Texas",
+            postalCode: "78701",
+            country: "United States",
+            company: template.company
+        });
+    }
+    return generatedAccessIdentities.get(agentSlot);
+}
+export function getMailboxConfig() {
+    const env = getAuthEnv();
+    if (!env.AUTH_IMAP_HOST || !env.AUTH_IMAP_USER || !env.AUTH_IMAP_PASSWORD) {
+        return null;
+    }
+    return {
+        host: env.AUTH_IMAP_HOST,
+        port: env.AUTH_IMAP_PORT,
+        secure: env.AUTH_IMAP_SECURE,
+        user: env.AUTH_IMAP_USER,
+        password: env.AUTH_IMAP_PASSWORD,
+        mailbox: env.AUTH_IMAP_MAILBOX
+    };
+}
+export function requireMailboxConfig() {
+    const mailbox = getMailboxConfig();
+    if (!mailbox) {
+        throw new Error("AUTH_IMAP_HOST, AUTH_IMAP_USER, and AUTH_IMAP_PASSWORD are required when the auth flow needs to read OTP or verification emails.");
+    }
+    return mailbox;
+}
+export function resolveAuthSessionStatePath() {
+    const configuredPath = getAuthEnv().AUTH_SESSION_STATE_PATH ??
+        config.playwrightStorageStatePath ??
+        path.join(".auth", "session.json");
+    return path.isAbsolute(configuredPath) ? configuredPath : path.resolve(process.cwd(), configuredPath);
+}