trustasia-ones-mcp 0.2.0

package/README.md

@@ -0,0 +1,150 @@
+# trustasia-ones-mcp
+
+亚数 [ONES](https://ones.trustasia.cn) 的 Model Context Protocol (MCP) server，让 Claude Desktop / Claude Code / Cursor 能直接创建、修改需求，管理 Wiki 知识库。
+
+- **一次配置永久无感**：钉钉手机号 + 密码自动登录，session 有效期最长 400 天
+- **零代码安装**：一条 `npx` 命令搞定，无需 git clone、无需 `npm install`
+- **跨机器复制即用**：Claude Desktop 配置同步到新机器，立刻可用
+
+> 非技术同事：请直接跳到 [docs/USER_GUIDE.md](docs/USER_GUIDE.md)，零代码前提的三步指南。
+
+---
+
+## 30 秒安装（产品同事版）
+
+```bash
+# 1) 首装：输入手机号、密码，自动打通 Claude Desktop
+npx -y trustasia-ones-mcp setup
+
+# 2) 按提示重启 Claude Desktop，完成
+```
+
+常用命令：
+
+```bash
+npx -y trustasia-ones-mcp status   # 看登录状态、剩余 session 寿命
+npx -y trustasia-ones-mcp login    # 手动重新登录（密码改了用这个）
+```
+
+---
+
+## 工具列表（11 个）
+
+### 工作项
+
+| 工具 | 说明 |
+|---|---|
+| `list_projects` | 列出团队下所有项目 |
+| `list_issue_types` | 列出团队下所有工作项类型（需求/任务/缺陷等） |
+| `create_issue` | 创建工作项 |
+| `update_issue` | 修改工作项（标题/描述/状态/负责人/优先级） |
+| `get_issue` | 按 UUID 查询单个工作项 |
+| `search_issues` | 按项目/关键字/状态/类型搜索 |
+
+### Wiki
+
+| 工具 | 说明 |
+|---|---|
+| `list_wiki_spaces` | 列出可访问的知识库空间 |
+| `list_wiki_pages` | 列出空间下所有页面 |
+| `create_wiki_page` | 创建草稿 + 设标题（正文需在浏览器手动粘贴+发布，原因见下） |
+| `update_wiki_page` | 修改页面标题（正文同上限制） |
+| `get_wiki_page` | 查看页面 |
+
+> **Wiki 内容写入限制**：ONES Wiki 用 CRDT 协同编辑，正文写入需要 WebSocket 协议。
+> 当前版本只能创建草稿、设标题，正文部分会渲染为 HTML 返回，请人工粘贴到浏览器编辑器后发布。
+
+---
+
+## 鉴权路径
+
+`ones-mcp` 自动按优先级选择鉴权方式：
+
+1. `.env` 里有完整 `ONES_USER_ID + ONES_AUTH_TOKEN + ONES_TEAM_UUID` → 走静态 token（legacy）
+2. `.env` 或环境变量里有 `ONES_PHONE + ONES_PASSWORD` → **方案 D**：headless Playwright 自动登录钉钉，拿到 token 并缓存
+3. 本地 `~/.config/ones-mcp/session.json` 存在且有效 → silent refresh（400 天无感）
+4. 以上都没有 → 首次启动弹 headful 浏览器让用户钉钉扫码
+
+产品同事走第 2 条；开发者如果只想要一次性跑跑可以走第 1 条。
+
+---
+
+## 示例对话
+
+> **用户**：帮我在 GoHTTPS 项目下建一个需求，标题"支持 IPv6"，描述用 markdown 写一下需求点
+>
+> **Claude 自动调用**：
+> 1. `list_projects` → 找到 GoHTTPS 的 UUID
+> 2. `list_issue_types` → 找到"需求"类型 UUID
+> 3. `create_issue` → 创建并返回新需求编号
+
+---
+
+## 开发者（从源码跑）
+
+```bash
+git clone https://git.trustasia.cn/trustasia/ones-mcp.git
+cd ones-mcp
+npm install
+cp .env.example .env   # 按注释填 ONES_PHONE/ONES_PASSWORD 或 ONES_AUTH_TOKEN
+npm run dev            # 直接用 tsx 跑 stdio
+npm run dev:http       # HTTP server 模式（多人共享）
+npm test
+npm run typecheck
+```
+
+### 目录结构
+
+```
+src/
+├── auth/        # 鉴权：CredentialProvider、DingTalk 登录自动化、Chromium 自愈
+├── cli/         # CLI 子命令：setup / login / status / stdio dispatcher
+├── client/      # ONES HTTP + GraphQL 封装
+├── tools/       # 11 个 MCP 工具实现
+├── schemas/     # Zod 输入校验
+├── utils/       # 错误、日志、UUID 生成
+└── index.ts     # stdio 入口（被 cli/index.ts 委托）
+```
+
+### HTTP server 模式（团队共享）
+
+一台服务器起 `ones-mcp`，每个同事各自在 Claude 配置里填 header 传自己的 token。见 [.env.server.example](.env.server.example)。
+
+```bash
+cp .env.server.example .env
+npm run start:http
+# ones-mcp HTTP server ready on http://127.0.0.1:3000
+```
+
+每人在 `~/.claude.json` / `.mcp.json` 里写：
+
+```json
+{
+  "mcpServers": {
+    "ones": {
+      "type": "http",
+      "url": "http://your-server:3000/mcp",
+      "headers": {
+        "X-Ones-User-Id": "自己的 uuid",
+        "X-Ones-Auth-Token": "自己的 token"
+      }
+    }
+  }
+}
+```
+
+Token 抓取方法见 [scripts/refresh-token.md](scripts/refresh-token.md)（HTTP 模式下仍需 F12 手抓，或者在每个同事本机跑一次 `setup` 拿 token 回填 header）。
+
+---
+
+## 已知限制
+
+- Wiki 正文写入需 CRDT WebSocket，当前不支持
+- 钉钉风控触发滑块/SMS 时会从 headless 升级到 headful（用户需手动过一次挑战）
+- 搜索的 keyword 是客户端过滤（先拉一批再筛），适合小数据量
+
+---
+
+## License
+
+MIT

package/dist/auth/browser-auth.d.ts

@@ -0,0 +1,64 @@
+import type { Credentials } from './types.js';
+export interface BrowserAuthLoginOpts {
+    baseUrl: string;
+    storageStatePath: string;
+    timeoutMs?: number;
+}
+export interface BrowserAuthPhonePasswordOpts extends BrowserAuthLoginOpts {
+    phone: string;
+    password: string;
+    /**
+     * When true, DingTalk challenges (slider / SMS / risk control) surface as
+     * ChallengeRequiredError instead of blocking. When false, the browser is
+     * shown to the user and the automation waits for them to complete the
+     * challenge by hand.
+     */
+    headless: boolean;
+}
+export interface BrowserAuth {
+    loginInteractive(opts: BrowserAuthLoginOpts): Promise<Credentials>;
+    refreshSilent(opts: BrowserAuthLoginOpts): Promise<Credentials>;
+    loginWithPhonePassword(opts: BrowserAuthPhonePasswordOpts): Promise<Credentials>;
+}
+export interface CreatePlaywrightOpts {
+    executablePath?: string;
+}
+export declare function createPlaywrightBrowserAuth(opts?: CreatePlaywrightOpts): BrowserAuth;
+interface MinimalPage {
+    goto(url: string, opts?: {
+        waitUntil?: 'domcontentloaded' | 'load' | 'networkidle';
+    }): Promise<unknown>;
+    waitForFunction<Arg>(pageFunction: (arg: Arg) => unknown, arg?: Arg, opts?: {
+        timeout?: number;
+        polling?: number | 'raf';
+    }): Promise<unknown>;
+    evaluate<T>(fn: () => T): Promise<T>;
+    content?(): Promise<string>;
+    locator(selector: string): {
+        count(): Promise<number>;
+    };
+}
+interface PlaywrightModule {
+    chromium: PlaywrightChromium;
+}
+interface PlaywrightChromium {
+    launch(opts?: {
+        headless?: boolean;
+        executablePath?: string;
+    }): Promise<PlaywrightBrowser>;
+}
+interface PlaywrightBrowser {
+    newContext(opts?: {
+        storageState?: string;
+    }): Promise<PlaywrightContext>;
+    close(): Promise<void>;
+}
+interface PlaywrightContext {
+    newPage(): Promise<MinimalPage>;
+    storageState(opts?: {
+        path?: string;
+    }): Promise<unknown>;
+}
+type PlaywrightImporter = () => Promise<PlaywrightModule>;
+export declare function __setPlaywrightImporter(fn: PlaywrightImporter | null): void;
+export {};

package/dist/auth/browser-auth.js

@@ -0,0 +1,327 @@
+// Playwright-backed BrowserAuth. The real import lives inside the methods so
+// that callers on the static-credentials path never pay the cost of loading
+// playwright / downloading chromium.
+//
+// See docs/claude/specs/2026-04-20-dingtalk-auto-auth-design.md §4.4 and §8.1(2):
+// the login-ready signal is derived from localStorage, not DOM selectors.
+//
+// Option-D extensions: `loginWithPhonePassword` runs DingTalk's phone+password
+// login flow, escalating `headless -> ChallengeRequiredError` when DingTalk
+// demands a human (see option-D design doc §6).
+import { existsSync } from 'node:fs';
+import { AuthCancelledError, AuthTimeoutError, ChallengeRequiredError, ChromiumMissingError, InvalidCredentialsError, PasswordLoginFailedError, SilentRefreshFailedError, } from './errors.js';
+import { parseLocalStorageSnapshot } from './extract.js';
+import { fillPhoneAndPassword, switchToPasswordTab, } from './dingtalk-login.js';
+import { detectBadCredentials, detectChallenge, } from './challenge-detector.js';
+import { ensureChromium } from './chromium-installer.js';
+import { logger } from '../utils/logger.js';
+import { redactPhone } from './config-redactor.js';
+export function createPlaywrightBrowserAuth(opts = {}) {
+    return new PlaywrightBrowserAuth(opts);
+}
+class PlaywrightBrowserAuth {
+    opts;
+    constructor(opts) {
+        this.opts = opts;
+    }
+    async loginInteractive(o) {
+        const timeoutMs = o.timeoutMs ?? 180_000;
+        const { chromium } = await importPlaywright();
+        const browser = await launchWithHealing(chromium, {
+            headless: false,
+            executablePath: this.opts.executablePath,
+        });
+        try {
+            const context = await browser.newContext({
+                storageState: existsSync(o.storageStatePath) ? o.storageStatePath : undefined,
+            });
+            const page = await context.newPage();
+            await page.goto(o.baseUrl, { waitUntil: 'domcontentloaded' });
+            try {
+                await waitForLoginReady(page, timeoutMs);
+            }
+            catch (err) {
+                if (isTimeoutLike(err)) {
+                    throw new AuthTimeoutError(`headful 登录超时（${timeoutMs}ms）：请确认已完成钉钉扫码`);
+                }
+                if (isClosedLike(err)) {
+                    throw new AuthCancelledError();
+                }
+                throw err;
+            }
+            const snapshot = await readLocalStorage(page);
+            const credentials = parseLocalStorageSnapshot(snapshot);
+            await context.storageState({ path: o.storageStatePath });
+            return credentials;
+        }
+        finally {
+            await browser.close().catch(() => undefined);
+        }
+    }
+    async refreshSilent(o) {
+        if (!existsSync(o.storageStatePath)) {
+            throw new SilentRefreshFailedError('storageState 文件不存在，无法静默续期（需要先完成一次交互登录）');
+        }
+        const timeoutMs = o.timeoutMs ?? 10_000;
+        const { chromium } = await importPlaywright();
+        const browser = await launchWithHealing(chromium, {
+            headless: true,
+            executablePath: this.opts.executablePath,
+        });
+        try {
+            const context = await browser.newContext({ storageState: o.storageStatePath });
+            const page = await context.newPage();
+            await page.goto(o.baseUrl, { waitUntil: 'domcontentloaded' });
+            try {
+                await waitForLoginReady(page, timeoutMs);
+            }
+            catch (err) {
+                if (isTimeoutLike(err)) {
+                    throw new SilentRefreshFailedError(`静默续期超时（${timeoutMs}ms）：storageState 可能已失效`);
+                }
+                throw err;
+            }
+            const snapshot = await readLocalStorage(page);
+            const credentials = parseLocalStorageSnapshot(snapshot);
+            // Persist refreshed storageState (cookies may rotate).
+            await context.storageState({ path: o.storageStatePath });
+            return credentials;
+        }
+        finally {
+            await browser.close().catch(() => undefined);
+        }
+    }
+    async loginWithPhonePassword(o) {
+        const maskedPhone = redactPhone(o.phone);
+        logger.info(`auth: password-login starting (phone=${maskedPhone}, headless=${o.headless})`);
+        const headlessTimeoutMs = o.timeoutMs ?? 30_000;
+        const headfulTimeoutMs = o.timeoutMs ?? 180_000;
+        const effectiveTimeout = o.headless ? headlessTimeoutMs : headfulTimeoutMs;
+        const { chromium } = await importPlaywright();
+        const browser = await launchWithHealing(chromium, {
+            headless: o.headless,
+            executablePath: this.opts.executablePath,
+        });
+        try {
+            const context = await browser.newContext({
+                storageState: existsSync(o.storageStatePath) ? o.storageStatePath : undefined,
+            });
+            const page = await context.newPage();
+            await page.goto(o.baseUrl, { waitUntil: 'domcontentloaded' });
+            // Short initial check: the ONES redirect to DingTalk may already be logged
+            // in (e.g., storageState valid). If waitForLoginReady resolves quickly,
+            // we can short-circuit without touching the login form at all.
+            const earlyReady = await raceLoginReady(page, 2_000);
+            if (earlyReady) {
+                const creds = await finalise(page, context, o.storageStatePath);
+                logger.info('auth: password-login skipped — session already valid');
+                return creds;
+            }
+            await switchToPasswordTab(page);
+            await fillPhoneAndPassword(page, {
+                phone: o.phone,
+                password: o.password,
+            });
+            // After submit, one of four things happens:
+            //   a) login succeeds (localStorage populated)
+            //   b) bad credentials toast appears
+            //   c) DingTalk demands a human challenge
+            //   d) network timeout / page still idle
+            // raceOutcome arbitrates between them.
+            const outcome = await raceOutcome(page, effectiveTimeout, o.headless);
+            switch (outcome.kind) {
+                case 'success': {
+                    const creds = await finalise(page, context, o.storageStatePath);
+                    logger.info('auth: password-login success');
+                    return creds;
+                }
+                case 'bad-credentials': {
+                    throw new InvalidCredentialsError('ONES 登录失败：钉钉提示手机号或密码错误，请在 Claude Desktop 配置中更新 ONES_PHONE / ONES_PASSWORD');
+                }
+                case 'challenge': {
+                    if (o.headless) {
+                        throw new ChallengeRequiredError(outcome.challengeKind);
+                    }
+                    // In headful mode, trust the user to solve it and wait longer.
+                    const ok = await raceLoginReady(page, effectiveTimeout);
+                    if (!ok) {
+                        throw new AuthTimeoutError(`headful 登录超时（${effectiveTimeout}ms）：请在弹出的浏览器完成验证`);
+                    }
+                    const creds = await finalise(page, context, o.storageStatePath);
+                    return creds;
+                }
+                case 'timeout': {
+                    throw new PasswordLoginFailedError(`钉钉登录页无响应（${effectiveTimeout}ms 内既未成功、也未报错）`);
+                }
+            }
+        }
+        finally {
+            await browser.close().catch(() => undefined);
+        }
+    }
+}
+async function finalise(page, context, storageStatePath) {
+    const snapshot = await readLocalStorage(page);
+    const credentials = parseLocalStorageSnapshot(snapshot);
+    await context.storageState({ path: storageStatePath });
+    return credentials;
+}
+async function raceOutcome(page, timeoutMs, _headless) {
+    const deadline = Date.now() + timeoutMs;
+    // Poll at 500ms, tight enough for responsive UX.
+    // eslint-disable-next-line no-constant-condition
+    while (true) {
+        const remaining = deadline - Date.now();
+        if (remaining <= 0)
+            return { kind: 'timeout' };
+        // 1) success first
+        const ready = await raceLoginReady(page, 500);
+        if (ready)
+            return { kind: 'success' };
+        const probe = pageToChallengeProbe(page);
+        // 2) bad credentials
+        // eslint-disable-next-line no-await-in-loop
+        const bad = await detectBadCredentials(probe).catch(() => false);
+        if (bad)
+            return { kind: 'bad-credentials' };
+        // 3) challenge
+        // eslint-disable-next-line no-await-in-loop
+        const kind = await detectChallenge(probe).catch(() => null);
+        if (kind)
+            return { kind: 'challenge', challengeKind: kind };
+    }
+}
+function pageToChallengeProbe(page) {
+    return {
+        async evalText() {
+            try {
+                if (typeof page.content !== 'function')
+                    return '';
+                const html = await page.content();
+                return html ?? '';
+            }
+            catch {
+                return '';
+            }
+        },
+        async cssMatches(selector) {
+            try {
+                const loc = page.locator(selector);
+                const n = await loc.count();
+                return n > 0;
+            }
+            catch {
+                return false;
+            }
+        },
+    };
+}
+async function raceLoginReady(page, timeoutMs) {
+    try {
+        await waitForLoginReady(page, timeoutMs);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function waitForLoginReady(page, timeoutMs) {
+    await page.waitForFunction(() => {
+        try {
+            const raw = localStorage.getItem('_ones_json_login_info');
+            if (!raw)
+                return false;
+            const parsed = JSON.parse(raw);
+            if (typeof parsed?.uuid !== 'string' ||
+                parsed.uuid.length === 0 ||
+                typeof parsed?.token !== 'string' ||
+                parsed.token.length === 0) {
+                return false;
+            }
+            const teamUuid = localStorage.getItem('teamUUID');
+            return typeof teamUuid === 'string' && teamUuid.length > 0;
+        }
+        catch {
+            return false;
+        }
+    }, undefined, { timeout: timeoutMs, polling: 500 });
+}
+async function readLocalStorage(page) {
+    const snapshot = await page.evaluate(() => {
+        const out = {};
+        for (let i = 0; i < localStorage.length; i++) {
+            const k = localStorage.key(i);
+            if (k)
+                out[k] = localStorage.getItem(k);
+        }
+        return out;
+    });
+    const normalised = {};
+    for (const [k, v] of Object.entries(snapshot)) {
+        normalised[k] = v ?? undefined;
+    }
+    return normalised;
+}
+let playwrightImporter = null;
+export function __setPlaywrightImporter(fn) {
+    playwrightImporter = fn;
+}
+async function importPlaywright() {
+    if (playwrightImporter) {
+        return playwrightImporter();
+    }
+    try {
+        // @ts-ignore — optional runtime dep; may not be installed in all environments.
+        const mod = await import('playwright');
+        return mod;
+    }
+    catch (err) {
+        throw new Error(`无法加载 playwright 模块。请运行 \`npm install\` 并确认 chromium 已安装：\n` +
+            `  npx playwright install chromium\n` +
+            `原始错误：${err instanceof Error ? err.message : String(err)}`);
+    }
+}
+async function launchWithHealing(chromium, opts) {
+    try {
+        return await chromium.launch(opts);
+    }
+    catch (err) {
+        if (!isChromiumMissing(err))
+            throw err;
+        logger.warn('Chromium 未安装，正在自动下载（约 92 MB，1-5 分钟）…');
+        try {
+            await ensureChromium({
+                onProgress: (line) => logger.info(`playwright: ${line}`),
+            });
+        }
+        catch (installErr) {
+            throw new ChromiumMissingError(installErr instanceof Error ? installErr.message : String(installErr));
+        }
+        // Retry once.
+        return chromium.launch(opts);
+    }
+}
+function isChromiumMissing(err) {
+    if (!(err instanceof Error))
+        return false;
+    const msg = err.message ?? '';
+    if (/Executable doesn't exist/i.test(msg))
+        return true;
+    if (/browserType\.launch/i.test(msg) && /chromium/i.test(msg))
+        return true;
+    const code = err.code;
+    if (code === 'ENOENT' && /playwright/i.test(msg))
+        return true;
+    return false;
+}
+function isTimeoutLike(err) {
+    if (!(err instanceof Error))
+        return false;
+    return /Timeout|timed out/i.test(err.message);
+}
+function isClosedLike(err) {
+    if (!(err instanceof Error))
+        return false;
+    return /closed|Target closed|Page closed|Browser has been closed/i.test(err.message);
+}
+//# sourceMappingURL=browser-auth.js.map

package/dist/auth/browser-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser-auth.js","sourceRoot":"","sources":["../../src/auth/browser-auth.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAC7E,4EAA4E;AAC5E,qCAAqC;AACrC,EAAE;AACF,kFAAkF;AAClF,0EAA0E;AAC1E,EAAE;AACF,+EAA+E;AAC/E,4EAA4E;AAC5E,gDAAgD;AAEhD,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAGrC,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,sBAAsB,EACtB,oBAAoB,EACpB,uBAAuB,EACvB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,GAEpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,oBAAoB,EACpB,eAAe,GAEhB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AA8BnD,MAAM,UAAU,2BAA2B,CACzC,OAA6B,EAAE;IAE/B,OAAO,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,qBAAqB;IACI;IAA7B,YAA6B,IAA0B;QAA1B,SAAI,GAAJ,IAAI,CAAsB;IAAG,CAAC;IAE3D,KAAK,CAAC,gBAAgB,CAAC,CAAuB;QAC5C,MAAM,SAAS,GAAG,CAAC,CAAC,SAAS,IAAI,OAAO,CAAC;QACzC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC9C,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,QAAQ,EAAE;YAChD,QAAQ,EAAE,KAAK;YACf,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc;SACzC,CAAC,CAAC;QACH,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC;gBACvC,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;aAC9E,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YACrC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAE9D,IAAI,CAAC;gBACH,MAAM,iBAAiB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAC3C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;oBACvB,MAAM,IAAI,gBAAgB,CACxB,gBAAgB,SAAS,gBAAgB,CAC1C,CAAC;gBACJ,CAAC;gBACD,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtB,MAAM,IAAI,kBAAkB,EAAE,CAAC;gBACjC,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,WAAW,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;YACxD,MAAM,OAAO,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,OAAO,WAAW,CAAC;QACrB,CAAC;gBAAS,CAAC;YACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,CAAuB;QACzC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,wBAAwB,CAChC,wCAAwC,CACzC,CAAC;QACJ,CAAC;QACD,MAAM,SAAS,GAAG,CAAC,CAAC,SAAS,IAAI,MAAM,CAAC;QACxC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC9C,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,QAAQ,EAAE;YAChD,QAAQ,EAAE,IAAI;YACd,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc;SACzC,CAAC,CAAC;QACH,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC;YAC/E,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YACrC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAE9D,IAAI,CAAC;gBACH,MAAM,iBAAiB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAC3C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;oBACvB,MAAM,IAAI,wBAAwB,CAChC,UAAU,SAAS,wBAAwB,CAC5C,CAAC;gBACJ,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,WAAW,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;YACxD,uDAAuD;YACvD,MAAM,OAAO,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACzD,OAAO,WAAW,CAAC;QACrB,CAAC;gBAAS,CAAC;YACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,sBAAsB,CAC1B,CAA+B;QAE/B,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACzC,MAAM,CAAC,IAAI,CACT,wCAAwC,WAAW,cAAc,CAAC,CAAC,QAAQ,GAAG,CAC/E,CAAC;QACF,MAAM,iBAAiB,GAAG,CAAC,CAAC,SAAS,IAAI,MAAM,CAAC;QAChD,MAAM,gBAAgB,GAAG,CAAC,CAAC,SAAS,IAAI,OAAO,CAAC;QAChD,MAAM,gBAAgB,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,gBAAgB,CAAC;QAE3E,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC9C,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,QAAQ,EAAE;YAChD,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc;SACzC,CAAC,CAAC;QACH,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC;gBACvC,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;aAC9E,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YACrC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAE9D,2EAA2E;YAC3E,wEAAwE;YACxE,+DAA+D;YAC/D,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACrD,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,gBAAgB,CAAC,CAAC;gBAChE,MAAM,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;gBACpE,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,mBAAmB,CAAC,IAAoC,CAAC,CAAC;YAChE,MAAM,oBAAoB,CAAC,IAAoC,EAAE;gBAC/D,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAC,CAAC;YAEH,4CAA4C;YAC5C,+CAA+C;YAC/C,qCAAqC;YACrC,0CAA0C;YAC1C,yCAAyC;YACzC,uCAAuC;YACvC,MAAM,OAAO,GAAG,MAAM,WAAW,CAC/B,IAAI,EACJ,gBAAgB,EAChB,CAAC,CAAC,QAAQ,CACX,CAAC;YACF,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;gBACrB,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,gBAAgB,CAAC,CAAC;oBAChE,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;oBAC5C,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,KAAK,iBAAiB,CAAC,CAAC,CAAC;oBACvB,MAAM,IAAI,uBAAuB,CAC/B,2EAA2E,CAC5E,CAAC;gBACJ,CAAC;gBACD,KAAK,WAAW,CAAC,CAAC,CAAC;oBACjB,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;wBACf,MAAM,IAAI,sBAAsB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;oBAC1D,CAAC;oBACD,+DAA+D;oBAC/D,MAAM,EAAE,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;oBACxD,IAAI,CAAC,EAAE,EAAE,CAAC;wBACR,MAAM,IAAI,gBAAgB,CACxB,gBAAgB,gBAAgB,kBAAkB,CACnD,CAAC;oBACJ,CAAC;oBACD,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,gBAAgB,CAAC,CAAC;oBAChE,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,IAAI,wBAAwB,CAChC,YAAY,gBAAgB,gBAAgB,CAC7C,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;CACF;AAED,KAAK,UAAU,QAAQ,CACrB,IAAiB,EACjB,OAA0B,EAC1B,gBAAwB;IAExB,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;IACxD,MAAM,OAAO,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACvD,OAAO,WAAW,CAAC;AACrB,CAAC;AASD,KAAK,UAAU,WAAW,CACxB,IAAiB,EACjB,SAAiB,EACjB,SAAkB;IAElB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IACxC,iDAAiD;IACjD,iDAAiD;IACjD,OAAO,IAAI,EAAE,CAAC;QACZ,MAAM,SAAS,GAAG,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACxC,IAAI,SAAS,IAAI,CAAC;YAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAE/C,mBAAmB;QACnB,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC9C,IAAI,KAAK;YAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAEtC,MAAM,KAAK,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAEzC,qBAAqB;QACrB,4CAA4C;QAC5C,MAAM,GAAG,GAAG,MAAM,oBAAoB,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;QACjE,IAAI,GAAG;YAAE,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC;QAE5C,eAAe;QACf,4CAA4C;QAC5C,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;QAC5D,IAAI,IAAI;YAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IAC9D,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAiB;IAC7C,OAAO;QACL,KAAK,CAAC,QAAQ;YACZ,IAAI,CAAC;gBACH,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,UAAU;oBAAE,OAAO,EAAE,CAAC;gBAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClC,OAAO,IAAI,IAAI,EAAE,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QACD,KAAK,CAAC,UAAU,CAAC,QAAgB;YAC/B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACnC,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,KAAK,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CAAC,CAAC;YACf,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,IAAiB,EACjB,SAAiB;IAEjB,IAAI,CAAC;QACH,MAAM,iBAAiB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAeD,KAAK,UAAU,iBAAiB,CAAC,IAAiB,EAAE,SAAiB;IACnE,MAAM,IAAI,CAAC,eAAe,CACxB,GAAG,EAAE;QACH,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;YAC1D,IAAI,CAAC,GAAG;gBAAE,OAAO,KAAK,CAAC;YACvB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwC,CAAC;YACtE,IACE,OAAO,MAAM,EAAE,IAAI,KAAK,QAAQ;gBAChC,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC;gBACxB,OAAO,MAAM,EAAE,KAAK,KAAK,QAAQ;gBACjC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EACzB,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAClD,OAAO,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,EACD,SAAS,EACT,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,CACrC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,IAAiB;IAEjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAgC,GAAG,EAAE;QACvE,MAAM,GAAG,GAAkC,EAAE,CAAC;QAC9C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7C,MAAM,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,CAAC;gBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;IACH,MAAM,UAAU,GAAuC,EAAE,CAAC;IAC1D,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9C,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;IACjC,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AA0BD,IAAI,kBAAkB,GAA8B,IAAI,CAAC;AACzD,MAAM,UAAU,uBAAuB,CAAC,EAA6B;IACnE,kBAAkB,GAAG,EAAE,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,gBAAgB;IAC7B,IAAI,kBAAkB,EAAE,CAAC;QACvB,OAAO,kBAAkB,EAAE,CAAC;IAC9B,CAAC;IACD,IAAI,CAAC;QACH,+EAA+E;QAC/E,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QACvC,OAAO,GAAkC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,4DAA4D;YAC1D,qCAAqC;YACrC,QAAQ,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,QAA4B,EAC5B,IAAoD;IAEpD,IAAI,CAAC;QACH,OAAO,MAAM,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC;YAAE,MAAM,GAAG,CAAC;QACvC,MAAM,CAAC,IAAI,CACT,sCAAsC,CACvC,CAAC;QACF,IAAI,CAAC;YACH,MAAM,cAAc,CAAC;gBACnB,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,IAAI,EAAE,CAAC;aACzD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,MAAM,IAAI,oBAAoB,CAC5B,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CACtE,CAAC;QACJ,CAAC;QACD,cAAc;QACd,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAY;IACrC,IAAI,CAAC,CAAC,GAAG,YAAY,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1C,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAC9B,IAAI,2BAA2B,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvD,IAAI,sBAAsB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3E,MAAM,IAAI,GAAI,GAAyB,CAAC,IAAI,CAAC;IAC7C,IAAI,IAAI,KAAK,QAAQ,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,GAAY;IACjC,IAAI,CAAC,CAAC,GAAG,YAAY,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1C,OAAO,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,CAAC,CAAC,GAAG,YAAY,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1C,OAAO,2DAA2D,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AACvF,CAAC"}

package/dist/auth/challenge-detector.d.ts

@@ -0,0 +1,22 @@
+import type { ChallengeKind } from './types.js';
+/**
+ * Abstract Page probe the detector calls into. Keeping this small makes the
+ * detector trivial to unit-test without booting Playwright.
+ */
+export interface ChallengeProbe {
+    /** Return the visible text content of the page (innerText of body). */
+    evalText(): Promise<string>;
+    /** Return whether a CSS selector matches at least one element. */
+    cssMatches(selector: string): Promise<boolean>;
+}
+/**
+ * Identify whether the current DingTalk login page is asking for an additional
+ * human challenge. Returns `null` when the page is clean, or the
+ * {@link ChallengeKind} of the first matching rule.
+ */
+export declare function detectChallenge(probe: ChallengeProbe): Promise<ChallengeKind | null>;
+/**
+ * True when the page surfaces a "wrong password / account not found" toast.
+ * Callers treat this as a terminal {@link InvalidCredentialsError}.
+ */
+export declare function detectBadCredentials(probe: ChallengeProbe): Promise<boolean>;

package/dist/auth/challenge-detector.js

@@ -0,0 +1,75 @@
+// DingTalk login challenge detection.
+//
+// The detectors are deliberately *probe-based* — they never throw, never wait
+// on long timeouts, and never depend on DingTalk-specific CSS class names
+// (which change between DingTalk front-end versions). We combine:
+//   1) a plain-text body sample from the page, matched against stable Chinese
+//      phrasing the user actually sees ("密码错误", "滑块", "短信验证");
+//   2) a small set of wide-open CSS hints (`[class*="slider"]`) as a fallback
+//      for cases where the DOM already contains the challenge widget but the
+//      page text hasn't surfaced yet.
+//
+// See docs/claude/specs/2026-04-21-option-d-phone-password-auth-design.md §6.3.
+// Order matters: more specific probes first. If two rules fire, the earlier
+// entry wins.
+const RULES = [
+    {
+        kind: 'risk-control',
+        text: /异常登录|账号保护|安全验证(?!码)/,
+    },
+    {
+        kind: 'image-captcha',
+        text: /图片验证码|请输入图片验证码/,
+        css: ['img[alt*="captcha"]', 'img[src*="captcha"]'],
+    },
+    {
+        kind: 'sms',
+        text: /短信验证|短信验证码|请输入验证码/,
+    },
+    {
+        kind: 'slider',
+        text: /拖动滑块|滑动验证|滑块验证/,
+        css: ['[class*="nc_"]', '[class*="slider"]', '[class*="captcha_slide"]'],
+    },
+];
+/**
+ * Identify whether the current DingTalk login page is asking for an additional
+ * human challenge. Returns `null` when the page is clean, or the
+ * {@link ChallengeKind} of the first matching rule.
+ */
+export async function detectChallenge(probe) {
+    const [text] = await Promise.all([probe.evalText()]);
+    for (const rule of RULES) {
+        if (rule.text && rule.text.test(text)) {
+            return rule.kind;
+        }
+        if (rule.css) {
+            for (const selector of rule.css) {
+                // Await sequentially: we want to bail as soon as one matches; a
+                // parallel map would waste a Playwright round-trip on the remainder.
+                // eslint-disable-next-line no-await-in-loop
+                const hit = await probe.cssMatches(selector);
+                if (hit)
+                    return rule.kind;
+            }
+        }
+    }
+    return null;
+}
+const BAD_CREDENTIAL_PATTERNS = [
+    /密码错误/,
+    /账号或密码不正确/,
+    /账号或密码错误/,
+    /手机号未注册/,
+    /该手机号未注册/,
+    /用户不存在/,
+];
+/**
+ * True when the page surfaces a "wrong password / account not found" toast.
+ * Callers treat this as a terminal {@link InvalidCredentialsError}.
+ */
+export async function detectBadCredentials(probe) {
+    const text = await probe.evalText();
+    return BAD_CREDENTIAL_PATTERNS.some((p) => p.test(text));
+}
+//# sourceMappingURL=challenge-detector.js.map

package/dist/auth/challenge-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"challenge-detector.js","sourceRoot":"","sources":["../../src/auth/challenge-detector.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,EAAE;AACF,8EAA8E;AAC9E,0EAA0E;AAC1E,kEAAkE;AAClE,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAC9E,6EAA6E;AAC7E,sCAAsC;AACtC,EAAE;AACF,gFAAgF;AAqBhF,4EAA4E;AAC5E,cAAc;AACd,MAAM,KAAK,GAAkB;IAC3B;QACE,IAAI,EAAE,cAAc;QACpB,IAAI,EAAE,qBAAqB;KAC5B;IACD;QACE,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,gBAAgB;QACtB,GAAG,EAAE,CAAC,qBAAqB,EAAE,qBAAqB,CAAC;KACpD;IACD;QACE,IAAI,EAAE,KAAK;QACX,IAAI,EAAE,mBAAmB;KAC1B;IACD;QACE,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,gBAAgB;QACtB,GAAG,EAAE,CAAC,gBAAgB,EAAE,mBAAmB,EAAE,0BAA0B,CAAC;KACzE;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,KAAqB;IAErB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAErD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,IAAI,CAAC;QACnB,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACb,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBAChC,gEAAgE;gBAChE,qEAAqE;gBACrE,4CAA4C;gBAC5C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;gBAC7C,IAAI,GAAG;oBAAE,OAAO,IAAI,CAAC,IAAI,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,uBAAuB,GAAa;IACxC,MAAM;IACN,UAAU;IACV,SAAS;IACT,QAAQ;IACR,SAAS;IACT,OAAO;CACR,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAAqB;IAErB,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC;IACpC,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/auth/chromium-installer.d.ts

@@ -0,0 +1,11 @@
+import type { ChildProcess, SpawnOptions } from 'node:child_process';
+export interface EnsureChromiumOpts {
+    onProgress?: (line: string) => void;
+    /** Default 10 minutes. */
+    timeoutMs?: number;
+}
+type SpawnImpl = (cmd: string, args: readonly string[], opts?: SpawnOptions) => ChildProcess;
+/** Test hook: override `spawn`. Pass `null` to restore the real implementation. */
+export declare function __setSpawnImpl(impl: SpawnImpl | null): void;
+export declare function ensureChromium(opts?: EnsureChromiumOpts): Promise<void>;
+export {};