npm - unbrowse - Versions diffs - 2.8.2 → 2.8.4 - Mend

unbrowse 2.8.2 → 2.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli.js +19 -7
package/package.json +1 -1
package/runtime-src/api/routes.ts +15 -1
package/runtime-src/execution/index.ts +9 -9

package/dist/cli.js CHANGED Viewed

@@ -11161,12 +11161,11 @@ async function executeEndpoint(skill, endpoint, params = {}, projection, options
         return `${c.name}=${v}`;
       }).join("; ");
       headers["cookie"] = cookieStr;
-      if (!headers["x-csrf-token"] && !headers["x-xsrf-token"]) {
-        const csrfCookie = cookies.find((c) => /^(ct0|csrf_token|_csrf|csrftoken|XSRF-TOKEN|_xsrf)$/i.test(c.name));
-        if (csrfCookie) {
-          const v = csrfCookie.value.startsWith('"') && csrfCookie.value.endsWith('"') ? csrfCookie.value.slice(1, -1) : csrfCookie.value;
-          headers["x-csrf-token"] = v;
-        }
+      const csrfCookie = cookies.find((c) => /^(ct0|csrf_token|_csrf|csrftoken|XSRF-TOKEN|_xsrf)$/i.test(c.name));
+      if (csrfCookie) {
+        const v = csrfCookie.value.startsWith(") && csrfCookie.value.endsWith(") ? csrfCookie.value.slice(1, -1) : csrfCookie.value;
+        headers["x-csrf-token"] = v;
+        headers["x-xsrf-token"] = v;
       }
     }
     if (endpoint.csrf_plan && cookies.length > 0) {
@@ -16742,7 +16741,20 @@ async function registerRoutes(app) {
     const clientScope = clientScopeFor(req);
     const { skill_id } = req.params;
     const { params, projection, confirm_unsafe, dry_run, intent, context_url } = req.body;
-    const skill = getRecentLocalSkill(skill_id, clientScope) ?? await getSkill2(skill_id, clientScope);
+    let skill = getRecentLocalSkill(skill_id, clientScope);
+    if (!skill) {
+      const { findExistingSkillForDomain: findLocal } = await Promise.resolve().then(() => (init_client2(), exports_client2));
+      for (const [, entry] of domainSkillCache) {
+        if (entry.skillId === skill_id && entry.localSkillPath) {
+          try {
+            skill = JSON.parse(__require("fs").readFileSync(entry.localSkillPath, "utf-8"));
+          } catch {}
+          break;
+        }
+      }
+    }
+    if (!skill)
+      skill = await getSkill2(skill_id, clientScope);
     if (!skill)
       return reply.code(404).send({ error: "Skill not found" });
     const execParams = {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "unbrowse",
-  "version": "2.8.2",
+  "version": "2.8.4",
   "description": "Reverse-engineer any website into reusable API skills. Zero-dep single binary with embedded browser engine.",
   "type": "module",
   "bin": {

package/runtime-src/api/routes.ts CHANGED Viewed

@@ -410,7 +410,21 @@ export async function registerRoutes(app: FastifyInstance) {
       intent?: string;
       context_url?: string;
     };
-    const skill = getRecentLocalSkill(skill_id, clientScope) ?? await getSkill(skill_id, clientScope);
+    // Check local caches first: recent skills → domain snapshots → marketplace
+    let skill = getRecentLocalSkill(skill_id, clientScope);
+    if (!skill) {
+      // Check domain snapshot cache — passively indexed skills live here
+      const { findExistingSkillForDomain: findLocal } = await import("../client/index.js");
+      for (const [, entry] of domainSkillCache) {
+        if (entry.skillId === skill_id && entry.localSkillPath) {
+          try {
+            skill = JSON.parse(require("fs").readFileSync(entry.localSkillPath, "utf-8"));
+          } catch { /* snapshot read failed */ }
+          break;
+        }
+      }
+    }
+    if (!skill) skill = await getSkill(skill_id, clientScope);
     if (!skill) return reply.code(404).send({ error: "Skill not found" });
     const execParams = {
       ...(params ?? {}),

package/runtime-src/execution/index.ts CHANGED Viewed

@@ -1880,15 +1880,15 @@ export async function executeEndpoint(
       headers["cookie"] = cookieStr;
       // CSRF token auto-detection (bird pattern): many sites require CSRF tokens
-      // as both a cookie AND a header. Detect common patterns and replay them.
-      if (!headers["x-csrf-token"] && !headers["x-xsrf-token"]) {
-        const csrfCookie = cookies.find((c) =>
-          /^(ct0|csrf_token|_csrf|csrftoken|XSRF-TOKEN|_xsrf)$/i.test(c.name)
-        );
-        if (csrfCookie) {
-          const v = csrfCookie.value.startsWith('"') && csrfCookie.value.endsWith('"') ? csrfCookie.value.slice(1, -1) : csrfCookie.value;
-          headers["x-csrf-token"] = v;
-        }
+      // as both a cookie AND a header. The cookie value is always fresher than
+      // any stored vault header, so it ALWAYS overrides.
+      const csrfCookie = cookies.find((c) =>
+        /^(ct0|csrf_token|_csrf|csrftoken|XSRF-TOKEN|_xsrf)$/i.test(c.name)
+      );
+      if (csrfCookie) {
+        const v = csrfCookie.value.startsWith(') && csrfCookie.value.endsWith(') ? csrfCookie.value.slice(1, -1) : csrfCookie.value;
+        headers["x-csrf-token"] = v;
+        headers["x-xsrf-token"] = v;
       }
     }