npm - unbrowse - Versions diffs - 2.12.1 → 2.12.4 - Mend

unbrowse 2.12.1 → 2.12.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/README.md +22 -0
package/SKILL.md +754 -0
package/bin/unbrowse-wrapper.mjs +0 -3
package/bin/unbrowse.js +0 -1
package/dist/cli.js +1359 -19304
package/dist/mcp.js +673 -19345
package/package.json +6 -3
package/runtime-src/analytics-session.ts +2 -2
package/runtime-src/api/browse-session.ts +520 -49
package/runtime-src/api/browse-submit-prereqs.ts +48 -0
package/runtime-src/api/browse-submit.ts +756 -34
package/runtime-src/api/routes.ts +832 -357
package/runtime-src/auth/index.ts +160 -7
package/runtime-src/browser/index.ts +17 -9
package/runtime-src/build-info.generated.ts +4 -0
package/runtime-src/capture/index.ts +35 -29
package/runtime-src/cli.ts +214 -67
package/runtime-src/client/index.ts +141 -52
package/runtime-src/execution/index.ts +345 -59
package/runtime-src/indexer/index.ts +210 -251
package/runtime-src/kuri/client.ts +788 -248
package/runtime-src/mcp.ts +505 -48
package/runtime-src/orchestrator/first-pass-action.ts +69 -28
package/runtime-src/orchestrator/index.ts +605 -135
package/runtime-src/orchestrator/passive-publish.ts +33 -3
package/runtime-src/payments/wallet.ts +76 -11
package/runtime-src/publish/sanitize.ts +197 -0
package/runtime-src/publish-admission.ts +279 -0
package/runtime-src/reverse-engineer/description-prompt.ts +83 -2
package/runtime-src/reverse-engineer/index.ts +21 -10
package/runtime-src/routing-telemetry.ts +395 -0
package/runtime-src/runtime/browser-auth.ts +12 -0
package/runtime-src/runtime/local-server.ts +77 -23
package/runtime-src/server.ts +9 -3
package/runtime-src/settings.ts +221 -0
package/runtime-src/site-policy.ts +54 -0
package/runtime-src/stale-cleanup-runner.ts +144 -0
package/runtime-src/stale-cleanup.ts +133 -0
package/runtime-src/telemetry-attribution.ts +120 -0
package/runtime-src/types/skill.ts +439 -0
package/runtime-src/verification/auth-gate.ts +8 -0
package/runtime-src/verification/candidates.ts +27 -0
package/runtime-src/verification/index.ts +21 -15
package/runtime-src/version.ts +61 -13
package/runtime-src/workflow/artifact.ts +161 -0
package/runtime-src/workflow/compile.ts +808 -0
package/runtime-src/workflow/publish.ts +205 -0
package/runtime-src/workflow/runtime.ts +213 -0
package/scripts/postinstall.mjs +28 -17
package/scripts/release-assets.mjs +24 -0
package/scripts/verify-release-assets.mjs +39 -0
package/vendor/kuri/darwin-arm64/kuri +0 -0
package/vendor/kuri/darwin-x64/kuri +0 -0
package/vendor/kuri/linux-arm64/kuri +0 -0
package/vendor/kuri/linux-x64/kuri +0 -0
package/vendor/kuri/manifest.json +24 -0

package/README.md CHANGED Viewed

@@ -41,6 +41,13 @@ Typical MCP host config:
 ## Quick start
+```bash
+# One-line install from the latest GitHub release
+curl -fsSL https://unbrowse.ai/install.sh | sh
+```
+That installer now follows the Kuri pattern: detect platform, download the matching release tarball, install `unbrowse` into `~/.local/bin`, then run `unbrowse setup`.
 ```bash
 # Deterministic setup from a repo clone
 git clone --single-branch --depth 1 https://github.com/unbrowse-ai/unbrowse.git ~/unbrowse
@@ -62,6 +69,9 @@ npm install -g unbrowse
 unbrowse setup
 ```
+The npm package is binary-first: install downloads the prebuilt Bun-compiled CLI for your platform. It does not ship the TypeScript runtime or JS fallback launcher.
+On supported platforms, install now fails fast if the matching GitHub release asset is missing or unreachable.
 For generic MCP hosts:
 ```bash
@@ -140,6 +150,17 @@ unbrowse search --intent "get stock prices"
 For most MCP hosts, the standard flow is `unbrowse_resolve` first, then `unbrowse_execute`. For JS-heavy or first-time capture workflows, use the browser tool chain: `unbrowse_go -> unbrowse_snap -> action tools -> unbrowse_submit/unbrowse_sync -> unbrowse_close`.
+## Dependency walk for multi-step UIs
+Treat each successful browser submit as a dependency boundary.
+- Do not jump straight to guessed downstream URLs like `/date-selection.html` or `/payment.html` unless the current session already reached them through the real page flow.
+- Use `unbrowse_submit` for the actual transition, then trust the returned `url`, `session_id`, and any next-step hints over your own assumptions.
+- `unbrowse_sync` after a good transition so the route graph records which request chain unlocked the next page.
+- If a page later returns `abandonedCart`, `session_expired`, or a wrong audience/product variant, restart from the last known good upstream step and walk forward again.
+The dependency graph is not just API-to-API. On JS-heavy checkout flows it also captures browser-state prerequisites: selected product, resident/non-resident audience, date, slot, auth, and cart state. Future agents should reason from those prerequisites before calling deeper steps.
 ## Demo notes
 - First-time capture/indexing on a site can take 20-80 seconds. That is the slow path; repeats should be much faster.
@@ -220,6 +241,7 @@ Non-GET endpoints (POST, PUT, DELETE) require explicit confirmation:
 - `dry_run: true` — preview what would execute without side effects
 - `confirm_unsafe: true` — explicit user consent to proceed
+- `confirm_third_party_terms: true` — extra explicit confirmation for policy-sensitive domains/actions such as X write endpoints
 GET endpoints auto-execute. Mutations never fire without opt-in.