unbrowse 1.2.0 → 2.0.1

package/README.md

@@ -15,7 +15,7 @@ One agent learns a site once. Every later agent gets the fast path.
 npx unbrowse setup
 ```
 
-`npx unbrowse setup` downloads the CLI on demand, installs browser assets, lets you register with an email-shaped display identity, registers the Open Code `/unbrowse` command when Open Code is detected, and starts the local server.
+`npx unbrowse setup` downloads the CLI on demand, verifies the bundled Kuri runtime, lets you register with an email-shaped display identity, registers the Open Code `/unbrowse` command when Open Code is detected, and starts the local server.
 
 For daily use:
 
@@ -30,6 +30,25 @@ If your agent host uses skills:
 npx skills add unbrowse-ai/unbrowse
 ```
 
+## Upgrading
+
+Unbrowse no longer self-updates at runtime. If you already have Unbrowse installed, upgrade to the latest version after each release or the new flow may not work on your machine.
+
+If you installed the CLI globally:
+
+```bash
+npm install -g unbrowse@latest
+unbrowse setup
+```
+
+If your agent host uses skills, rerun its skill install/update command too:
+
+```bash
+npx skills add unbrowse-ai/unbrowse
+```
+
+Need help or want release updates? Join the Discord: [discord.gg/VWugEeFNsG](https://discord.gg/VWugEeFNsG)
+
 Every CLI command auto-starts the local server on `http://localhost:6969` by default. Override with `UNBROWSE_URL`, `PORT`, or `HOST`. On first startup it auto-registers as an agent with the marketplace and caches credentials in `~/.unbrowse/config.json`. `unbrowse setup` now prompts for an email-shaped identity first; headless setups can provide `UNBROWSE_AGENT_EMAIL`.
 
 Works with Claude Code, Open Code, Cursor, Codex, Windsurf, and any agent host that can call a local CLI or skill.
@@ -37,7 +56,7 @@ Works with Claude Code, Open Code, Cursor, Codex, Windsurf, and any agent host t
 ## What setup does
 
 - Checks local prerequisites for the npm/npx flow.
-- Installs browser assets needed for live capture.
+- Verifies the bundled Kuri binary, or builds it from the vendored Kuri source when working from repo source with Zig installed.
 - Registers the Open Code `/unbrowse` command when Open Code is present.
 - Starts the local Unbrowse server unless `--no-start` is passed.
 

package/dist/cli.js

@@ -1,23 +1,5 @@
 #!/usr/bin/env node
 // @bun
-import { createRequire } from "node:module";
-var __create = Object.create;
-var __getProtoOf = Object.getPrototypeOf;
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __toESM = (mod, isNodeMode, target) => {
-  target = mod != null ? __create(__getProtoOf(mod)) : {};
-  const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
-  for (let key of __getOwnPropNames(mod))
-    if (!__hasOwnProp.call(to, key))
-      __defProp(to, key, {
-        get: () => mod[key],
-        enumerable: true
-      });
-  return to;
-};
-var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // ../../src/cli.ts
 import { config as loadEnv } from "dotenv";
@@ -322,7 +304,7 @@ import { spawn } from "node:child_process";
 import { existsSync as existsSync2, mkdirSync as mkdirSync2, realpathSync } from "node:fs";
 import os from "node:os";
 import path from "node:path";
-import { createRequire as createRequire2 } from "node:module";
+import { createRequire } from "node:module";
 import { fileURLToPath } from "node:url";
 function getModuleDir(metaUrl) {
   return path.dirname(fileURLToPath(metaUrl));
@@ -344,7 +326,7 @@ function runtimeArgsForEntrypoint(metaUrl, entrypoint) {
   if (process.versions.bun)
     return [entrypoint];
   try {
-    const req = createRequire2(metaUrl);
+    const req = createRequire(metaUrl);
     const tsxPkg = req.resolve("tsx/package.json");
     const tsxLoader = path.join(path.dirname(tsxPkg), "dist", "loader.mjs");
     if (existsSync2(tsxLoader))
@@ -483,16 +465,88 @@ function isMainModule(metaUrl) {
 }
 
 // ../../src/runtime/setup.ts
-import { execFileSync } from "node:child_process";
-import { createRequire as createRequire3 } from "node:module";
-import { existsSync as existsSync4, mkdirSync as mkdirSync4, writeFileSync as writeFileSync3 } from "node:fs";
-import os2 from "node:os";
+import { execFileSync as execFileSync2 } from "node:child_process";
+import { existsSync as existsSync5, mkdirSync as mkdirSync4, writeFileSync as writeFileSync3 } from "node:fs";
+import os3 from "node:os";
+import path6 from "node:path";
+
+// ../../src/kuri/client.ts
+import { execFileSync, spawn as spawn2 } from "node:child_process";
+import { existsSync as existsSync4 } from "node:fs";
+import path5 from "node:path";
+
+// ../../src/logger.ts
 import path4 from "node:path";
-var req = createRequire3(import.meta.url);
+import os2 from "node:os";
+var LOG_DIR = path4.join(os2.homedir(), ".unbrowse", "logs");
+
+// ../../src/kuri/client.ts
+function kuriBinaryName() {
+  return process.platform === "win32" ? "kuri.exe" : "kuri";
+}
+function currentBundledKuriTarget() {
+  if (process.platform === "darwin" && process.arch === "arm64")
+    return "darwin-arm64";
+  if (process.platform === "darwin" && process.arch === "x64")
+    return "darwin-x64";
+  if (process.platform === "linux" && process.arch === "arm64")
+    return "linux-arm64";
+  if (process.platform === "linux" && process.arch === "x64")
+    return "linux-x64";
+  return null;
+}
+function resolveBinaryOnPath(name) {
+  const checker = process.platform === "win32" ? "where" : "which";
+  try {
+    const output = execFileSync(checker, [name], { encoding: "utf8", stdio: ["ignore", "pipe", "ignore"] });
+    const match = output.split(/\r?\n/).map((line) => line.trim()).find(Boolean);
+    return match || null;
+  } catch {
+    return null;
+  }
+}
+function addCandidate(candidates, candidate) {
+  if (!candidate)
+    return;
+  if (!candidates.includes(candidate))
+    candidates.push(candidate);
+}
+function getKuriSourceCandidates() {
+  const packageRoot = getPackageRoot(import.meta.url);
+  const candidates = [];
+  addCandidate(candidates, path5.join(packageRoot, "vendor", "kuri-src"));
+  addCandidate(candidates, path5.join(packageRoot, "submodules", "kuri"));
+  if (process.env.KURI_PATH)
+    addCandidate(candidates, process.env.KURI_PATH);
+  if (process.env.HOME)
+    addCandidate(candidates, path5.join(process.env.HOME, "kuri"));
+  return candidates;
+}
+function getKuriBinaryCandidates() {
+  const packageRoot = getPackageRoot(import.meta.url);
+  const binaryName = kuriBinaryName();
+  const target = currentBundledKuriTarget();
+  const candidates = [];
+  if (target)
+    addCandidate(candidates, path5.join(packageRoot, "vendor", "kuri", target, binaryName));
+  for (const sourceDir of getKuriSourceCandidates()) {
+    addCandidate(candidates, path5.join(sourceDir, "zig-out", "bin", binaryName));
+  }
+  addCandidate(candidates, resolveBinaryOnPath("kuri"));
+  return candidates;
+}
+function findKuriBinary() {
+  if (process.env.KURI_BIN)
+    return process.env.KURI_BIN;
+  const candidates = getKuriBinaryCandidates();
+  return candidates.find((candidate) => existsSync4(candidate)) ?? candidates[0] ?? kuriBinaryName();
+}
+
+// ../../src/runtime/setup.ts
 function hasBinary(name) {
   const checker = process.platform === "win32" ? "where" : "which";
   try {
-    execFileSync(checker, [name], { stdio: "ignore" });
+    execFileSync2(checker, [name], { stdio: "ignore" });
     return true;
   } catch {
     return false;
@@ -508,18 +562,18 @@ function detectPackageManagers() {
 }
 function resolveConfigHome() {
   if (process.platform === "win32") {
-    return process.env.APPDATA || path4.join(os2.homedir(), "AppData", "Roaming");
+    return process.env.APPDATA || path6.join(os3.homedir(), "AppData", "Roaming");
   }
-  return process.env.XDG_CONFIG_HOME || path4.join(os2.homedir(), ".config");
+  return process.env.XDG_CONFIG_HOME || path6.join(os3.homedir(), ".config");
 }
 function getOpenCodeGlobalCommandsDir() {
-  return path4.join(resolveConfigHome(), "opencode", "commands");
+  return path6.join(resolveConfigHome(), "opencode", "commands");
 }
 function getOpenCodeProjectCommandsDir(cwd) {
-  return path4.join(cwd, ".opencode", "commands");
+  return path6.join(cwd, ".opencode", "commands");
 }
 function detectOpenCode(cwd) {
-  return hasBinary("opencode") || existsSync4(path4.join(resolveConfigHome(), "opencode")) || existsSync4(path4.join(cwd, ".opencode"));
+  return hasBinary("opencode") || existsSync5(path6.join(resolveConfigHome(), "opencode")) || existsSync5(path6.join(cwd, ".opencode"));
 }
 function renderOpenCodeCommand() {
   return `---
@@ -547,12 +601,12 @@ function writeOpenCodeCommand(scope, cwd) {
   if (scope === "auto" && !detected) {
     return { detected: false, action: "not-detected", scope: "off" };
   }
-  const resolvedScope = scope === "project" ? "project" : scope === "global" ? "global" : existsSync4(path4.join(cwd, ".opencode")) ? "project" : "global";
+  const resolvedScope = scope === "project" ? "project" : scope === "global" ? "global" : existsSync5(path6.join(cwd, ".opencode")) ? "project" : "global";
   const commandsDir = resolvedScope === "project" ? getOpenCodeProjectCommandsDir(cwd) : getOpenCodeGlobalCommandsDir();
-  const commandFile = path4.join(ensureDir(commandsDir), "unbrowse.md");
+  const commandFile = path6.join(ensureDir(commandsDir), "unbrowse.md");
   const content = renderOpenCodeCommand();
-  const action = existsSync4(commandFile) ? "updated" : "installed";
-  mkdirSync4(path4.dirname(commandFile), { recursive: true });
+  const action = existsSync5(commandFile) ? "updated" : "installed";
+  mkdirSync4(path6.dirname(commandFile), { recursive: true });
   writeFileSync3(commandFile, content);
   return {
     detected: detected || scope !== "auto",
@@ -562,17 +616,44 @@ function writeOpenCodeCommand(scope, cwd) {
   };
 }
 async function ensureBrowserEngineInstalled() {
+  const binary = findKuriBinary();
+  if (existsSync5(binary)) {
+    return { installed: true, action: "already-installed" };
+  }
+  const sourceDir = getKuriSourceCandidates().find((candidate) => existsSync5(path6.join(candidate, "build.zig")));
+  if (!sourceDir) {
+    return {
+      installed: false,
+      action: "failed",
+      message: `Kuri binary not found. Checked ${binary}`
+    };
+  }
+  if (!hasBinary("zig")) {
+    return {
+      installed: false,
+      action: "failed",
+      message: `Kuri source found at ${sourceDir}, but Zig is not installed`
+    };
+  }
   try {
-    const { chromium } = await import("playwright-core");
-    if (existsSync4(chromium.executablePath())) {
-      return { installed: true, action: "already-installed" };
-    }
-    const agentBrowserBin = req.resolve("agent-browser/bin/agent-browser.js");
-    execFileSync(process.execPath, [agentBrowserBin, "install"], {
+    execFileSync2("zig", ["build", "-Doptimize=ReleaseFast"], {
+      cwd: sourceDir,
       stdio: "inherit",
       timeout: 300000
     });
-    return { installed: true, action: "installed" };
+    const builtBinary = findKuriBinary();
+    if (existsSync5(builtBinary)) {
+      return {
+        installed: true,
+        action: "installed",
+        message: `Built Kuri from ${sourceDir}`
+      };
+    }
+    return {
+      installed: false,
+      action: "failed",
+      message: `Kuri build completed but ${builtBinary} was not created`
+    };
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);
     return { installed: false, action: "failed", message };
@@ -584,7 +665,7 @@ async function runSetup(options) {
   return {
     os: {
       platform: process.platform,
-      release: os2.release(),
+      release: os3.release(),
       arch: process.arch
     },
     package_managers: detectPackageManagers(),
@@ -621,8 +702,8 @@ function parseArgs(argv) {
   }
   return { command, args: positional, flags };
 }
-async function api2(method, path5, body) {
-  const res = await fetch(`${BASE_URL}${path5}`, {
+async function api2(method, path7, body) {
+  const res = await fetch(`${BASE_URL}${path7}`, {
     method,
     headers: {
       ...body ? { "Content-Type": "application/json" } : {},
@@ -708,10 +789,10 @@ function detectEntityIndex(data) {
   }
   return best ? buildEntityIndex(best) : null;
 }
-function resolvePath(obj, path5, entityIndex) {
-  if (!path5 || obj == null)
+function resolvePath(obj, path7, entityIndex) {
+  if (!path7 || obj == null)
     return obj;
-  const segments = path5.split(".");
+  const segments = path7.split(".");
   let cur = obj;
   for (let i = 0;i < segments.length; i++) {
     if (cur == null)
@@ -750,8 +831,8 @@ function extractFields(data, fields, entityIndex) {
     for (const f of fields) {
       const colonIdx = f.indexOf(":");
       const alias = colonIdx >= 0 ? f.slice(0, colonIdx) : f.split(".").pop();
-      const path5 = colonIdx >= 0 ? f.slice(colonIdx + 1) : f;
-      const resolved = resolvePath(item, path5, entityIndex ?? undefined) ?? [];
+      const path7 = colonIdx >= 0 ? f.slice(colonIdx + 1) : f;
+      const resolved = resolvePath(item, path7, entityIndex ?? undefined) ?? [];
       out[alias] = Array.isArray(resolved) ? resolved.length === 0 ? null : resolved.length === 1 ? resolved[0] : resolved : resolved;
     }
     return out;
@@ -1039,11 +1120,11 @@ async function cmdSearch(flags) {
   if (!intent)
     die("--intent is required");
   const domain = flags.domain;
-  const path5 = domain ? "/v1/search/domain" : "/v1/search";
+  const path7 = domain ? "/v1/search/domain" : "/v1/search";
   const body = { intent, k: Number(flags.k) || 5 };
   if (domain)
     body.domain = domain;
-  output(await api2("POST", path5, body), !!flags.pretty);
+  output(await api2("POST", path7, body), !!flags.pretty);
 }
 async function cmdSessions(flags) {
   const domain = flags.domain;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "unbrowse",
-  "version": "1.2.0",
+  "version": "2.0.1",
   "description": "Reverse-engineer any website into reusable API skills. npm CLI + local engine.",
   "type": "module",
   "bin": {
@@ -9,6 +9,7 @@
   "files": [
     "dist",
     "runtime-src",
+    "vendor/kuri",
     "README.md",
     "LICENSE"
   ],
@@ -25,8 +26,6 @@
     "cheerio": "^1.2.0",
     "dotenv": "^17.3.1",
     "nanoid": "^5.1.6",
-    "agent-browser": "^0.13.0",
-    "playwright-core": "^1.58.2",
     "tsx": "^4.20.6",
     "ws": "^8.19.0"
   },

package/runtime-src/auth/index.ts

@@ -1,5 +1,4 @@
-import { BrowserManager } from "agent-browser/dist/browser.js";
-import { executeCommand } from "agent-browser/dist/actions.js";
+import * as kuri from "../kuri/client.js";
 import { storeCredential, getCredential, deleteCredential } from "../vault/index.js";
 import { nanoid } from "nanoid";
 import { isDomainMatch, getRegistrableDomain } from "../domain.js";
@@ -10,16 +9,16 @@ import fs from "node:fs";
 
 const LOGIN_TIMEOUT_MS = 300_000;
 const POLL_INTERVAL_MS = 2_000;
-const MIN_WAIT_MS = 15_000; // Always wait at least 15s so user has time to log in
+const MIN_WAIT_MS = 15_000;
 
 /**
  * Returns the persistent profile directory for a given domain.
  * Stored under ~/.unbrowse/profiles/<registrableDomain>.
- * Exporting so capture/execute can also launch with the profile if needed.
  */
 export function getProfilePath(domain: string): string {
   return path.join(os.homedir(), ".unbrowse", "profiles", getRegistrableDomain(domain));
 }
+
 export interface LoginResult {
   success: boolean;
   domain: string;
@@ -29,8 +28,10 @@ export interface LoginResult {
 
 /**
  * Open a visible browser for the user to complete login.
- * Waits up to 120s for navigation back to the target domain, then captures cookies.
- * Uses an isolated persistent profile per domain.
+ * Uses Kuri to manage the browser tab, polls for login completion via cookies.
+ *
+ * Note: Kuri manages Chrome — for interactive login, the user's Chrome
+ * needs to be visible. We navigate to the login URL and poll for cookie changes.
  */
 export async function interactiveLogin(
   url: string,
@@ -39,26 +40,23 @@ export async function interactiveLogin(
   const targetDomain = domain ?? new URL(url).hostname;
   const profileDir = getProfilePath(targetDomain);
 
-  const browser = new BrowserManager();
   log("auth", `interactiveLogin — url: ${url}, domain: ${targetDomain}`);
 
   try {
     fs.mkdirSync(profileDir, { recursive: true });
-    await browser.launch({
-      action: "launch",
-      id: nanoid(),
-      headless: false,
-      profile: profileDir,
-      userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
-    });
-    await executeCommand({ action: "navigate", id: nanoid(), url }, browser);
-
-    const page = browser.getPage();
+
+    // Start Kuri and get a tab
+    await kuri.start();
+    const tabId = await kuri.getDefaultTab();
+    await kuri.networkEnable(tabId);
+
+    // Navigate to login URL
+    await kuri.navigate(tabId, url);
+
     const startTime = Date.now();
 
-    // Snapshot initial cookies so we can detect new ones after login
-    const context = browser.getContext();
-    const initialCookies = context ? await context.cookies() : [];
+    // Snapshot initial cookies
+    const initialCookies = await kuri.getCookies(tabId);
     const initialCookieCount = initialCookies.filter((c) => isDomainMatch(c.domain, targetDomain)).length;
     log("auth", `initial cookies for ${targetDomain}: ${initialCookieCount}`);
 
@@ -70,7 +68,7 @@ export async function interactiveLogin(
       const elapsed = Date.now() - startTime;
 
       try {
-        const currentUrl = page.url();
+        const currentUrl = await kuri.getCurrentUrl(tabId);
         const currentDomain = new URL(currentUrl).hostname.toLowerCase();
         const targetNorm = targetDomain.toLowerCase();
 
@@ -79,15 +77,13 @@ export async function interactiveLogin(
           lastLoggedUrl = currentUrl;
         }
 
-        // Don't even check for login completion until MIN_WAIT_MS has passed
         if (elapsed < MIN_WAIT_MS) continue;
 
         const isOnTarget = currentDomain === targetNorm || currentDomain.endsWith("." + targetNorm);
         if (isOnTarget) {
           const isStillLogin = /\/(login|signin|sign-in|sso|auth|oauth|uas\/login|checkpoint)/.test(new URL(currentUrl).pathname);
 
-          // Check if new cookies appeared (the real signal that login happened)
-          const currentCookies = context ? await context.cookies() : [];
+          const currentCookies = await kuri.getCookies(tabId);
           const currentCookieCount = currentCookies.filter((c) => isDomainMatch(c.domain, targetDomain)).length;
           const gotNewCookies = currentCookieCount > initialCookieCount;
 
@@ -97,9 +93,6 @@ export async function interactiveLogin(
             break;
           }
 
-          // Handle "already logged in" — user was redirected away from login
-          // to a non-login page, and cookies already exist (even if count didn't change).
-          // This means the persistent profile already has the session.
           if (!isStillLogin && currentCookieCount > 0) {
             loggedIn = true;
             log("auth", `already logged in — ${currentUrl} (${currentCookieCount} cookies present)`);
@@ -110,14 +103,11 @@ export async function interactiveLogin(
     }
 
     if (!loggedIn) {
-      // Even on timeout, grab whatever cookies we have — the user may have logged in
-      // but the detection missed it
       log("auth", `login wait ended after ${Math.round((Date.now() - startTime) / 1000)}s — capturing cookies anyway`);
     }
 
     // Extract and store cookies
-    const finalContext = browser.getContext();
-    const cookies = finalContext ? await finalContext.cookies() : [];
+    const cookies = await kuri.getCookies(tabId);
     const domainCookies = cookies.filter((c) => isDomainMatch(c.domain, targetDomain));
 
     if (domainCookies.length === 0) {
@@ -135,33 +125,17 @@ export async function interactiveLogin(
 
     return { success: true, domain: targetDomain, cookies_stored: storableCookies.length };
   } finally {
-    try {
-      const context = browser.getContext();
-      if (context) await Promise.race([context.close(), new Promise<void>((r) => setTimeout(r, 4000))]);
-    } catch { /* ignore */ }
+    // Cleanup handled by Kuri's tab management
   }
 }
 
 /**
  * Extract cookies directly from Chrome/Firefox SQLite databases.
  * No browser launch needed, Chrome can stay open.
- * Stores extracted cookies in the vault for subsequent use.
- * Always stores under the registrable domain key for consistency.
  */
 export async function extractBrowserAuth(
   domain: string,
-  opts?: {
-    browser?: "auto" | "firefox" | "chrome" | "chromium";
-    chromeProfile?: string;
-    firefoxProfile?: string;
-    chromium?: {
-      profile?: string;
-      userDataDir?: string;
-      cookieDbPath?: string;
-      safeStorageService?: string;
-      browserName?: string;
-    };
-  }
+  opts?: { chromeProfile?: string; firefoxProfile?: string }
 ): Promise<LoginResult> {
   const { extractBrowserCookies } = await import("./browser-cookies.js");
 
@@ -176,7 +150,6 @@ export async function extractBrowserAuth(
     };
   }
 
-  // Store in vault under same format as interactiveLogin
   const storableCookies = result.cookies.map((c) => ({
     name: c.name,
     value: c.value,
@@ -188,7 +161,6 @@ export async function extractBrowserAuth(
     expires: c.expires,
   }));
 
-  // Normalize: always store under registrable domain for consistent lookups
   const vaultKey = `auth:${getRegistrableDomain(domain)}`;
   await storeCredential(
     vaultKey,
@@ -214,7 +186,7 @@ type AuthCookie = {
 function filterExpired(cookies: AuthCookie[]): AuthCookie[] {
   const now = Math.floor(Date.now() / 1000);
   return cookies.filter((c) => {
-    if (c.expires == null || c.expires <= 0) return true; // session cookie
+    if (c.expires == null || c.expires <= 0) return true;
     return c.expires > now;
   });
 }
@@ -222,12 +194,10 @@ function filterExpired(cookies: AuthCookie[]): AuthCookie[] {
 /**
  * Retrieve stored auth cookies for a domain from the vault.
  * Filters out expired cookies automatically.
- * Checks both registrable domain key and exact domain key for backward compat.
  */
 export async function getStoredAuth(
   domain: string
 ): Promise<AuthCookie[] | null> {
-  // Try registrable domain key first (new normalized format), then exact domain
   const regDomain = getRegistrableDomain(domain);
   const keysToTry = [`auth:${regDomain}`];
   if (domain !== regDomain) keysToTry.push(`auth:${domain}`);
@@ -263,22 +233,13 @@ export async function getStoredAuth(
  * Fallback chain:
  *   1. Vault cookies (fast path)
  *   2. Auto-extract from Chrome/Firefox SQLite (bird pattern — always fresh)
- *
- * This ensures cookies are available without requiring the user to manually
- * call /v1/auth/steal first.
  */
 export async function getAuthCookies(
-  domain: string,
-  opts?: {
-    autoExtract?: boolean;
-  },
+  domain: string
 ): Promise<AuthCookie[] | null> {
-  // 1. Try vault (fast)
   const vaultCookies = await getStoredAuth(domain);
   if (vaultCookies && vaultCookies.length > 0) return vaultCookies;
-  if (!opts?.autoExtract) return null;
 
-  // 2. Auto-extract from browser (bird pattern)
   log("auth", `no vault cookies for ${domain} — auto-extracting from browser`);
   try {
     const result = await extractBrowserAuth(domain);