unbrowse 2.9.0 → 2.10.1

package/dist/cli.js

@@ -30,6 +30,83 @@ var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
 var __promiseAll = (args) => Promise.all(args);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
+// ../../src/payments/cascade.ts
+import { createHash } from "crypto";
+import bs58 from "bs58";
+function payableContributors(skill) {
+  return (skill.contributors ?? []).filter((c) => !!c.wallet_address?.trim());
+}
+function cascadeLabel(skillId) {
+  const digest = createHash("sha256").update(skillId).digest("hex");
+  return `ubr-${digest.slice(0, 23)}`;
+}
+function decodeSecretKey(raw) {
+  const trimmed = raw.trim();
+  if (!trimmed)
+    throw new Error("empty signer secret");
+  if (trimmed.startsWith("[")) {
+    return Uint8Array.from(JSON.parse(trimmed));
+  }
+  if (/^[1-9A-HJ-NP-Za-km-z]+$/.test(trimmed)) {
+    return Uint8Array.from(bs58.decode(trimmed));
+  }
+  return Uint8Array.from(Buffer.from(trimmed, "base64"));
+}
+function recipientsForSkill(skill, platformWallet) {
+  return [
+    { address: platformWallet, share: 10 },
+    ...payableContributors(skill).map((c) => ({
+      address: c.wallet_address.trim(),
+      share: c.share
+    }))
+  ];
+}
+async function ensureCascadeSplitForSkill(skill, deps = {}) {
+  const env = deps.env ?? process.env;
+  if (skill.split_config?.trim()) {
+    return { split_config: skill.split_config.trim(), source: "existing" };
+  }
+  const contributors = payableContributors(skill);
+  if (contributors.length <= 1)
+    return {};
+  const explicitSplitConfig = env.UNBROWSE_CASCADE_SPLIT_ADDRESS?.trim() || env.UNBROWSE_CASCADE_SPLIT_CONFIG?.trim();
+  if (explicitSplitConfig) {
+    return { split_config: explicitSplitConfig, source: "env" };
+  }
+  const platformWallet = env.UNBROWSE_CASCADE_PLATFORM_WALLET?.trim() || env.PAYMENT_RECIPIENT?.trim();
+  const secretKey = env.UNBROWSE_CASCADE_SIGNER_SECRET_KEY?.trim();
+  const rpcUrl = env.UNBROWSE_CASCADE_RPC_URL?.trim();
+  const rpcWsUrl = env.UNBROWSE_CASCADE_RPC_WS_URL?.trim();
+  if (!platformWallet || !secretKey || !rpcUrl || !rpcWsUrl) {
+    return {
+      warning: "cascade_split_not_configured"
+    };
+  }
+  const loadSdk = deps.loadSdk ?? (async () => await import("@cascade-fyi/splits-sdk"));
+  const loadKit = deps.loadKit ?? (async () => await import("@solana/kit"));
+  const [sdk, kit] = await Promise.all([loadSdk(), loadKit()]);
+  const signer = await kit.createKeyPairSignerFromBytes(decodeSecretKey(secretKey));
+  const splits = sdk.createSplitsClient({
+    rpc: kit.createSolanaRpc(rpcUrl),
+    rpcSubscriptions: kit.createSolanaRpcSubscriptions(rpcWsUrl),
+    signer
+  });
+  const result = await splits.ensureSplit({
+    recipients: recipientsForSkill(skill, platformWallet),
+    uniqueId: sdk.labelToSeed(cascadeLabel(skill.skill_id))
+  });
+  if (result.status === "created" || result.status === "updated" || result.status === "no_change") {
+    return {
+      split_config: result.splitConfig,
+      source: "sdk"
+    };
+  }
+  return {
+    warning: result.message || `cascade_split_${result.status}`
+  };
+}
+var init_cascade = () => {};
+
 // ../../src/runtime/lifecycle.ts
 function attributeLifecycle(events) {
   const totals = new Map;
@@ -501,11 +578,75 @@ async function getCookies(tabId) {
   const raw = await kuriGet("/cookies", { tab_id: tabId });
   return raw?.result?.cookies ?? [];
 }
+async function setCookieViaCDP(wsUrl, cookie) {
+  return new Promise((resolve) => {
+    const timer = setTimeout(() => {
+      resolve(false);
+    }, 3000);
+    try {
+      const ws = new (__require("ws"))(wsUrl);
+      ws.on("open", () => {
+        ws.send(JSON.stringify({
+          id: 1,
+          method: "Network.setCookie",
+          params: {
+            ...cookie,
+            url: `https://${cookie.domain.replace(/^\./, "")}/`
+          }
+        }));
+      });
+      ws.on("message", (data) => {
+        clearTimeout(timer);
+        try {
+          const msg = JSON.parse(data.toString());
+          if (msg.id === 1) {
+            ws.close();
+            resolve(msg.result?.success ?? false);
+          }
+        } catch {
+          ws.close();
+          resolve(false);
+        }
+      });
+      ws.on("error", () => {
+        clearTimeout(timer);
+        resolve(false);
+      });
+    } catch {
+      clearTimeout(timer);
+      resolve(false);
+    }
+  });
+}
 async function setCookie(tabId, cookie) {
+  const value = cookie.value.replace(/^"|"$/g, "");
+  if (cookie.secure || cookie.httpOnly) {
+    try {
+      const res = await fetch("http://127.0.0.1:9222/json", { signal: AbortSignal.timeout(1000) }).catch(() => null);
+      if (res?.ok) {
+        const pages = await res.json();
+        const page = pages.find((p) => p.id === tabId);
+        if (page?.webSocketDebuggerUrl) {
+          const success = await setCookieViaCDP(page.webSocketDebuggerUrl, {
+            name: cookie.name,
+            value,
+            domain: cookie.domain,
+            path: cookie.path || "/",
+            secure: cookie.secure ?? false,
+            httpOnly: cookie.httpOnly ?? false,
+            sameSite: cookie.sameSite || "Lax",
+            ...cookie.expires && cookie.expires > 0 ? { expires: cookie.expires } : {}
+          });
+          if (success)
+            return;
+        }
+      }
+    } catch {}
+  }
   await kuriGet("/cookies", {
     tab_id: tabId,
     name: cookie.name,
-    value: cookie.value,
+    value,
     domain: cookie.domain,
     ...cookie.path ? { path: cookie.path } : {}
   });
@@ -4581,6 +4722,8 @@ __export(exports_client2, {
   validateManifest: () => validateManifest,
   updateEndpointScore: () => updateEndpointScore,
   updateEndpointSchema: () => updateEndpointSchema,
+  syncAgentWallet: () => syncAgentWallet2,
+  setSkillSplitConfig: () => setSkillSplitConfig,
   setSkillPrice: () => setSkillPrice,
   searchIntentResolve: () => searchIntentResolve,
   searchIntentInDomain: () => searchIntentInDomain,
@@ -4592,10 +4735,12 @@ __export(exports_client2, {
   recordFeedback: () => recordFeedback,
   recordExecution: () => recordExecution,
   recordDiagnostics: () => recordDiagnostics,
+  recordAnalyticsSession: () => recordAnalyticsSession,
   publishSkill: () => publishSkill,
   publishGraphEdges: () => publishGraphEdges,
   normalizeAgentEmail: () => normalizeAgentEmail2,
   listSkills: () => listSkills,
+  isX402Error: () => isX402Error,
   isValidAgentEmail: () => isValidAgentEmail2,
   isLocalOnlyMode: () => isLocalOnlyMode,
   hashApiKey: () => hashApiKey,
@@ -4603,7 +4748,7 @@ __export(exports_client2, {
   getSkillChunk: () => getSkillChunk2,
   getSkill: () => getSkill,
   getRecentLocalSkill: () => getRecentLocalSkill,
-  getMyProfile: () => getMyProfile,
+  getMyProfile: () => getMyProfile2,
   getEndpointSchema: () => getEndpointSchema,
   getCreatorEarnings: () => getCreatorEarnings,
   getApiKey: () => getApiKey2,
@@ -4621,7 +4766,7 @@ __export(exports_client2, {
 import { readFileSync as readFileSync2, writeFileSync as writeFileSync3, existsSync as existsSync4, mkdirSync as mkdirSync4, readdirSync as readdirSync2 } from "fs";
 import { join as join3 } from "path";
 import { homedir as homedir2, hostname as hostname2 } from "os";
-import { randomBytes as randomBytes2, createHash as createHash2 } from "crypto";
+import { randomBytes as randomBytes2, createHash as createHash3 } from "crypto";
 import { createInterface as createInterface2 } from "readline";
 function decodeBase64Json2(value) {
   try {
@@ -4638,6 +4783,9 @@ function decodeBase64Json2(value) {
     return;
   }
 }
+function isX402Error(err) {
+  return !!err && typeof err === "object" && err.x402 === true;
+}
 function scopedSkillKey(skillId, scopeId) {
   return scopeId ? `${scopeId}:${skillId}` : skillId;
 }
@@ -4690,6 +4838,20 @@ function resolveAgentName2(preferredEmail, fallbackName) {
   const normalized = normalizeAgentEmail2(preferredEmail ?? "");
   return isValidAgentEmail2(normalized) ? normalized : fallbackName;
 }
+function getLocalWalletContext2() {
+  const lobsterWallet = process.env.LOBSTER_WALLET_ADDRESS?.trim();
+  if (lobsterWallet) {
+    return { wallet_address: lobsterWallet, wallet_provider: "lobster.cash" };
+  }
+  const genericWallet = process.env.AGENT_WALLET_ADDRESS?.trim();
+  if (genericWallet) {
+    return {
+      wallet_address: genericWallet,
+      wallet_provider: process.env.AGENT_WALLET_PROVIDER?.trim() || undefined
+    };
+  }
+  return {};
+}
 function getApiKey2() {
   if (LOCAL_ONLY2)
     return "local-only";
@@ -4705,7 +4867,7 @@ function getApiKey2() {
 function hashApiKey(key) {
   if (!key || key === "local-only")
     return "";
-  return createHash2("sha256").update(key).digest("hex");
+  return createHash3("sha256").update(key).digest("hex");
 }
 function getAgentId() {
   const config = loadConfig2();
@@ -4768,7 +4930,7 @@ async function findUsableApiKey2() {
   }
   return null;
 }
-async function api2(method, path4, body, opts) {
+async function apiRequest2(method, path4, body, opts) {
   const key = opts?.noAuth ? "" : getApiKey2();
   const controller = new AbortController;
   const timer = setTimeout(() => controller.abort(), opts?.timeoutMs ?? API_TIMEOUT_MS2);
@@ -4814,6 +4976,10 @@ async function api2(method, path4, body, opts) {
     const msg = errData.details?.length ? `${errData.error}: ${errData.details.join("; ")}` : errData.error ?? `API HTTP ${res.status}`;
     throw new Error(msg);
   }
+  return { data, headers: res.headers };
+}
+async function api2(method, path4, body, opts) {
+  const { data } = await apiRequest2(method, path4, body, opts);
   return data;
 }
 async function promptTosAcceptance2(summary, tosUrl) {
@@ -4911,6 +5077,13 @@ async function ensureRegistered2(options) {
       console.log("[unbrowse] Restored saved registration.");
     }
     await checkTosStatus2();
+    try {
+      const profile = await getMyProfile2();
+      const wallet = getLocalWalletContext2();
+      if (wallet.wallet_address && profile.wallet_address !== wallet.wallet_address) {
+        await syncAgentWallet2(wallet);
+      }
+    } catch {}
     return;
   }
   let tosInfo;
@@ -4930,7 +5103,8 @@ async function ensureRegistered2(options) {
   const name = options?.promptForEmail ? await promptAgentEmail2(fallbackName) : resolveAgentName2(process.env.UNBROWSE_AGENT_EMAIL, fallbackName);
   console.log(`Registering as "${name}"...`);
   try {
-    const { agent_id, api_key } = await api2("POST", "/v1/agents/register", { name, tos_version: tosInfo.version });
+    const wallet = getLocalWalletContext2();
+    const { agent_id, api_key } = await api2("POST", "/v1/agents/register", { name, tos_version: tosInfo.version, ...wallet });
     process.env.UNBROWSE_API_KEY = api_key;
     saveConfig2({
       api_key,
@@ -4938,7 +5112,8 @@ async function ensureRegistered2(options) {
       agent_name: name,
       registered_at: new Date().toISOString(),
       tos_accepted_version: tosInfo.version,
-      tos_accepted_at: new Date().toISOString()
+      tos_accepted_at: new Date().toISOString(),
+      ...wallet
     });
     console.log(`Registered as ${name}. API key saved to ~/.unbrowse/config.json`);
   } catch (err) {
@@ -5094,7 +5269,27 @@ async function publishSkill(draft) {
   }
   if (LOCAL_ONLY2)
     throw new Error("local-only mode");
-  return api2("POST", "/v1/skills", draft, { timeoutMs: PUBLISH_TIMEOUT_MS2 });
+  const wallet = getLocalWalletContext2();
+  const published = await api2("POST", "/v1/skills", {
+    ...draft,
+    ...wallet.wallet_address ? wallet : {}
+  }, { timeoutMs: PUBLISH_TIMEOUT_MS2 });
+  const cascade = await ensureCascadeSplitForSkill(published).catch((err) => ({
+    warning: `cascade_split_failed:${err.message}`
+  }));
+  const warnings = [...published.warnings ?? []];
+  if (cascade.warning)
+    warnings.push(cascade.warning);
+  if (cascade.split_config && cascade.split_config !== published.split_config) {
+    const updated = await api2("PATCH", `/v1/skills/${published.skill_id}`, {
+      split_config: cascade.split_config
+    });
+    return {
+      ...updated,
+      warnings
+    };
+  }
+  return { ...published, warnings };
 }
 async function deprecateSkill(skillId) {
   if (LOCAL_ONLY2)
@@ -5136,16 +5331,29 @@ async function searchIntentResolve(intent, domain, domainK = 5, globalK = 10) {
   if (LOCAL_ONLY2)
     return { domain_results: [], global_results: [], skipped_global: false };
   try {
-    return await api2("POST", "/v1/search/resolve", {
+    const { data, headers } = await apiRequest2("POST", "/v1/search/resolve", {
       intent,
       domain,
       domain_k: domainK,
       global_k: globalK
     });
-  } catch {
+    const actualCostHeader = headers.get("X-Unbrowse-Cost-Uc");
+    const actualCostUc = actualCostHeader && /^\d+$/.test(actualCostHeader) ? Number(actualCostHeader) : undefined;
+    return actualCostUc != null ? { ...data, actual_cost_uc: actualCostUc } : data;
+  } catch (err) {
+    if (isX402Error(err))
+      throw err;
     const [domain_results, global_results] = await Promise.all([
-      domain ? searchIntentInDomain(intent, domain, domainK).catch(() => []) : Promise.resolve([]),
-      searchIntent(intent, globalK).catch(() => [])
+      domain ? searchIntentInDomain(intent, domain, domainK).catch((fallbackErr) => {
+        if (isX402Error(fallbackErr))
+          throw fallbackErr;
+        return [];
+      }) : Promise.resolve([]),
+      searchIntent(intent, globalK).catch((fallbackErr) => {
+        if (isX402Error(fallbackErr))
+          throw fallbackErr;
+        return [];
+      })
     ]);
     return { domain_results, global_results, skipped_global: false };
   }
@@ -5210,6 +5418,11 @@ async function recordOrchestrationPerf(timing) {
   const phaseTotals = Object.fromEntries(attributeLifecycle(events));
   await api2("POST", "/v1/stats/perf", { ...timing, phase_totals_ms: phaseTotals });
 }
+async function recordAnalyticsSession(session) {
+  if (LOCAL_ONLY2)
+    return;
+  await api2("POST", "/v1/analytics/sessions", session);
+}
 async function validateManifest(manifest) {
   if (LOCAL_ONLY2)
     return { valid: true, hardErrors: [], softWarnings: [] };
@@ -5264,8 +5477,8 @@ async function verifyMarketplaceDiscovery(skillId, intent, maxWaitMs = 60000) {
   }
   return { found: false, latency_ms: Date.now() - start2 };
 }
-async function registerAgent(name) {
-  return api2("POST", "/v1/agents/register", { name });
+async function registerAgent(name, wallet = getLocalWalletContext2()) {
+  return api2("POST", "/v1/agents/register", { name, ...wallet });
 }
 async function getAgent(agentId) {
   try {
@@ -5274,9 +5487,18 @@ async function getAgent(agentId) {
     return null;
   }
 }
-async function getMyProfile() {
+async function getMyProfile2() {
   return api2("GET", "/v1/agents/me", undefined);
 }
+async function syncAgentWallet2(wallet = getLocalWalletContext2()) {
+  if (!wallet.wallet_address)
+    return;
+  await api2("POST", "/v1/agents/wallet", wallet);
+  const config = loadConfig2();
+  if (!config)
+    return;
+  saveConfig2({ ...config, ...wallet });
+}
 async function getTransactionHistory(agentId) {
   return api2("GET", `/v1/transactions/consumer/${agentId}`);
 }
@@ -5286,8 +5508,12 @@ async function getCreatorEarnings(agentId) {
 async function setSkillPrice(skillId, priceUsd) {
   return api2("PATCH", `/v1/skills/${skillId}`, { base_price_usd: priceUsd });
 }
+async function setSkillSplitConfig(skillId, splitConfig) {
+  return api2("PATCH", `/v1/skills/${skillId}`, { split_config: splitConfig });
+}
 var API_URL2, PROFILE_NAME2, recentLocalSkills2, LOCAL_ONLY2, EMAIL_RE2, API_TIMEOUT_MS2, PUBLISH_TIMEOUT_MS2;
 var init_client2 = __esm(() => {
+  init_cascade();
   API_URL2 = process.env.UNBROWSE_BACKEND_URL || "https://beta-api.unbrowse.ai";
   PROFILE_NAME2 = sanitizeProfileName2(process.env.UNBROWSE_PROFILE ?? "");
   recentLocalSkills2 = new Map;
@@ -5371,7 +5597,7 @@ var init_marketplace = __esm(() => {
 });
 
 // ../../src/version.ts
-import { createHash as createHash3 } from "crypto";
+import { createHash as createHash4 } from "crypto";
 import { readFileSync as readFileSync3, readdirSync as readdirSync3 } from "fs";
 import { dirname, join as join4 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
@@ -5391,7 +5617,7 @@ function computeCodeHash() {
   try {
     const srcDir = join4(MODULE_DIR, ".");
     const files = collectTsFiles(srcDir).sort();
-    const hash = createHash3("sha256");
+    const hash = createHash4("sha256");
     for (const file of files) {
       hash.update(file.slice(srcDir.length));
       hash.update(readFileSync3(file, "utf-8"));
@@ -5413,7 +5639,7 @@ var init_version = __esm(() => {
 });
 
 // ../../src/telemetry.ts
-import { createHash as createHash4 } from "node:crypto";
+import { createHash as createHash5 } from "node:crypto";
 import { existsSync as existsSync5, mkdirSync as mkdirSync5, writeFileSync as writeFileSync4 } from "node:fs";
 import { join as join5 } from "node:path";
 function getTraceDir() {
@@ -5430,7 +5656,7 @@ function safeBindingNames(bindings) {
 }
 function hashResponseBody(result) {
   const str = typeof result === "string" ? result : JSON.stringify(result ?? "");
-  return createHash4("sha256").update(str).digest("hex").slice(0, 32);
+  return createHash5("sha256").update(str).digest("hex").slice(0, 32);
 }
 function classifyFailure(error) {
   if (!error)
@@ -6243,6 +6469,10 @@ function filterExpired(cookies) {
   });
 }
 async function getStoredAuth(domain) {
+  const bundle = await getStoredAuthBundle(domain);
+  return bundle?.cookies?.length ? bundle.cookies : null;
+}
+async function getStoredAuthBundle(domain) {
   const regDomain = getRegistrableDomain(domain);
   const keysToTry = [`auth:${regDomain}`];
   if (domain !== regDomain)
@@ -6253,11 +6483,9 @@ async function getStoredAuth(domain) {
       continue;
     try {
       const parsed = JSON.parse(stored);
-      const cookies = parsed.cookies;
-      if (!cookies || cookies.length === 0)
-        continue;
+      const cookies = parsed.cookies ?? [];
       const valid = filterExpired(cookies);
-      if (valid.length === 0) {
+      if (cookies.length > 0 && valid.length === 0 && Object.keys(parsed.headers ?? {}).length === 0) {
         log("auth", `all ${cookies.length} cookies for ${domain} (key: ${key}) are expired — deleting`);
         await deleteCredential(key);
         continue;
@@ -6265,7 +6493,12 @@ async function getStoredAuth(domain) {
       if (valid.length < cookies.length) {
         log("auth", `filtered ${cookies.length - valid.length} expired cookies for ${domain}`);
       }
-      return valid;
+      return {
+        cookies: valid,
+        headers: parsed.headers ?? {},
+        source_keys: parsed.source_keys ?? [],
+        source_meta: parsed.source_meta ?? null
+      };
     } catch {
       continue;
     }
@@ -11346,7 +11579,7 @@ async function executeEndpoint(skill, endpoint, params = {}, projection, options
     } catch {}
   }
   recordExecution(skill.skill_id, endpoint.endpoint_id, trace, skill).catch(() => {});
-  if (trace.success && skill.indexer_id && skill.base_price_usd && skill.base_price_usd > 0) {
+  if (trace.success && options?.payment_verified === true && skill.base_price_usd && skill.base_price_usd > 0) {
     const consumerConfig = (() => {
       try {
         return JSON.parse(__require("fs").readFileSync(__require("os").homedir() + "/.unbrowse/config.json", "utf-8"));
@@ -12656,7 +12889,7 @@ var init_prefetch = __esm(async () => {
 });
 
 // ../../src/orchestrator/first-pass-action.ts
-import { createHash as createHash5 } from "node:crypto";
+import { createHash as createHash6 } from "node:crypto";
 function classifyIntent(intent) {
   if (/\b(search|find|discover|look\s+for|browse)\b/i.test(intent))
     return "search";
@@ -12703,7 +12936,7 @@ function filterJsonApiEntries(entries) {
 function synthesizeSkillFromIntercepted(interceptedEntries, domain, intent) {
   if (interceptedEntries.length === 0)
     return;
-  const hash = createHash5("sha1").update(interceptedEntries.map((e) => e.request.url).join("|")).digest("hex").slice(0, 8);
+  const hash = createHash6("sha1").update(interceptedEntries.map((e) => e.request.url).join("|")).digest("hex").slice(0, 8);
   const endpoints = interceptedEntries.map((entry, i) => {
     const parsed = new URL(entry.request.url);
     return {
@@ -12927,7 +13160,7 @@ function checkWalletConfigured() {
 import { nanoid as nanoid7 } from "nanoid";
 import { existsSync as existsSync9, writeFileSync as writeFileSync7, readFileSync as readFileSync6, mkdirSync as mkdirSync8, readdirSync as readdirSync5 } from "node:fs";
 import { dirname as dirname2, join as join9 } from "node:path";
-import { createHash as createHash6 } from "node:crypto";
+import { createHash as createHash7 } from "node:crypto";
 function summarizeSchema(schema, maxDepth = 3) {
   function walk(s, depth) {
     if (depth <= 0)
@@ -13042,7 +13275,7 @@ function scopedResolveCacheKeys(scope, key) {
   return scope === "global" ? [scopedCacheKey("global", key)] : [scopedCacheKey(scope, key), scopedCacheKey("global", key)];
 }
 function snapshotPathForCacheKey(cacheKey) {
-  const digest = createHash6("sha1").update(cacheKey).digest("hex");
+  const digest = createHash7("sha1").update(cacheKey).digest("hex");
   return join9(SKILL_SNAPSHOT_DIR, `${digest}.json`);
 }
 function writeSkillSnapshot(cacheKey, skill) {
@@ -14146,6 +14379,7 @@ async function resolveAndExecute(intent, params = {}, context, projection, optio
     response_bytes: 0,
     time_saved_pct: 0,
     tokens_saved_pct: 0,
+    actual_total_ms: 0,
     trace_version: TRACE_VERSION
   };
   const decisionTrace = {
@@ -14181,6 +14415,7 @@ async function resolveAndExecute(intent, params = {}, context, projection, optio
   }
   function finalize(source, result2, skillId, skill, trace2) {
     timing.total_ms = Date.now() - t0;
+    timing.actual_total_ms = timing.total_ms;
     timing.source = source;
     timing.skill_id = skillId;
     const resultStr = typeof result2 === "string" ? result2 : JSON.stringify(result2 ?? "");
@@ -14189,11 +14424,20 @@ async function resolveAndExecute(intent, params = {}, context, projection, optio
     const cost = skill?.discovery_cost;
     const baselineTokens = cost?.capture_tokens ?? DEFAULT_CAPTURE_TOKENS;
     const baselineMs = cost?.capture_ms ?? DEFAULT_CAPTURE_MS;
+    const paidSearchUc = timing.paid_search_uc ?? 0;
+    const paidExecutionUc = timing.paid_execution_uc ?? 0;
+    const totalActualCostUc = paidSearchUc + paidExecutionUc;
+    if (totalActualCostUc > 0)
+      timing.actual_cost_uc = totalActualCostUc;
     if (source === "marketplace" || source === "route-cache" || source === "first-pass") {
       timing.tokens_saved = Math.max(0, baselineTokens - responseTokens);
       timing.tokens_saved_pct = baselineTokens > 0 ? Math.round(timing.tokens_saved / baselineTokens * 100) : 0;
       timing.time_saved_pct = baselineMs > 0 ? Math.round(Math.max(0, baselineMs - timing.total_ms) / baselineMs * 100) : 0;
     }
+    if (cost?.capture_ms != null) {
+      timing.baseline_total_ms = cost.capture_ms;
+      timing.time_saved_ms = Math.max(0, cost.capture_ms - timing.total_ms);
+    }
     if (trace2) {
       trace2.tokens_used = responseTokens;
       trace2.tokens_saved = timing.tokens_saved;
@@ -15053,17 +15297,54 @@ async function resolveAndExecute(intent, params = {}, context, projection, optio
   const MARKETPLACE_TIMEOUT_MS = context?.url ? 5000 : 30000;
   if (!forceCapture) {
     const ts0 = Date.now();
-    const { domain_results: domainResults, global_results: globalResults } = await Promise.race([
-      searchIntentResolve(queryIntent, requestedDomain ?? undefined, MARKETPLACE_DOMAIN_SEARCH_K, MARKETPLACE_GLOBAL_SEARCH_K),
-      new Promise((resolve) => setTimeout(() => {
-        console.log(`[marketplace] timeout after ${MARKETPLACE_TIMEOUT_MS}ms — falling through to browser`);
-        resolve({ domain_results: [], global_results: [], skipped_global: true });
-      }, MARKETPLACE_TIMEOUT_MS))
-    ]).catch(() => ({
-      domain_results: [],
-      global_results: [],
-      skipped_global: false
-    }));
+    let searchResponse;
+    try {
+      searchResponse = await Promise.race([
+        searchIntentResolve(queryIntent, requestedDomain ?? undefined, MARKETPLACE_DOMAIN_SEARCH_K, MARKETPLACE_GLOBAL_SEARCH_K),
+        new Promise((resolve) => setTimeout(() => {
+          console.log(`[marketplace] timeout after ${MARKETPLACE_TIMEOUT_MS}ms — falling through to browser`);
+          resolve({ domain_results: [], global_results: [], skipped_global: true });
+        }, MARKETPLACE_TIMEOUT_MS))
+      ]);
+    } catch (err) {
+      if (isX402Error(err)) {
+        const trace2 = {
+          trace_id: nanoid7(),
+          skill_id: "marketplace-search",
+          endpoint_id: "search",
+          started_at: new Date().toISOString(),
+          completed_at: new Date().toISOString(),
+          success: false,
+          status_code: 402,
+          error: "payment_required"
+        };
+        return {
+          result: {
+            error: "payment_required",
+            payment_status: "payment_required",
+            wallet_provider: "lobster.cash",
+            message: "Marketplace search requires payment before shared graph results are returned.",
+            next_step: "Pay the Tier 3 search fee, or re-run with force capture for free local discovery.",
+            indexing_fallback_available: true,
+            tier: "tier3",
+            terms: err.terms
+          },
+          trace: trace2,
+          source: "marketplace",
+          skill: undefined,
+          timing: finalize("marketplace", null, undefined, undefined, trace2)
+        };
+      }
+      searchResponse = {
+        domain_results: [],
+        global_results: [],
+        skipped_global: false
+      };
+    }
+    if (typeof searchResponse.actual_cost_uc === "number" && searchResponse.actual_cost_uc > 0) {
+      timing.paid_search_uc = searchResponse.actual_cost_uc;
+    }
+    const { domain_results: domainResults, global_results: globalResults } = searchResponse;
     timing.search_ms = Date.now() - ts0;
     console.log(`[marketplace] search: ${domainResults.length} domain + ${globalResults.length} global results (${timing.search_ms}ms)`);
     const seen = new Set;
@@ -16387,11 +16668,29 @@ var init_verification = __esm(() => {
 var exports_routes = {};
 __export(exports_routes, {
   registerRoutes: () => registerRoutes,
-  registerBrowseSession: () => registerBrowseSession
+  registerBrowseSession: () => registerBrowseSession,
+  buildAnalyticsSessionPayload: () => buildAnalyticsSessionPayload
 });
 import { nanoid as nanoid8 } from "nanoid";
 import { writeFileSync as writeFileSync8, existsSync as existsSync12, mkdirSync as mkdirSync9 } from "fs";
 import { join as join12 } from "path";
+function buildAnalyticsSessionPayload(result, opts) {
+  const source = result.timing?.source ?? result.source;
+  const apiCalls = result.trace.endpoint_id ? 1 : 0;
+  const cachedSkillCalls = opts.cached_skill_calls ?? (apiCalls > 0 && source !== "live-capture" && source !== "first-pass" ? 1 : 0);
+  const freshIndexCalls = opts.fresh_index_calls ?? (apiCalls > 0 && (source === "live-capture" || source === "first-pass") ? 1 : 0);
+  return {
+    session_id: result.trace.trace_id,
+    started_at: result.trace.started_at,
+    completed_at: result.trace.completed_at,
+    trace_version: result.trace.trace_version ?? TRACE_VERSION,
+    api_calls: apiCalls,
+    discovery_queries: opts.discovery_queries,
+    cached_skill_calls: cachedSkillCalls,
+    fresh_index_calls: freshIndexCalls,
+    browser_mode: opts.browser_mode ?? "unknown"
+  };
+}
 function harEntriesToRawRequests(entries) {
   return entries.filter((e) => e.request && e.response).map((e) => ({
     url: e.request.url,
@@ -16493,11 +16792,11 @@ async function fetchStats() {
   const npmRange = (pkg) => fetch(`https://api.npmjs.org/downloads/range/last-month/${pkg}`).then((r) => r.json());
   const externalCalls = [
     npmPoint("unbrowse", "last-month"),
-    npmPoint("@getfoundry/unbrowse-openclaw", "last-month"),
+    npmPoint("unbrowse-openclaw", "last-month"),
     npmPoint("unbrowse", "1970-01-01:2099-12-31"),
-    npmPoint("@getfoundry/unbrowse-openclaw", "1970-01-01:2099-12-31"),
+    npmPoint("unbrowse-openclaw", "1970-01-01:2099-12-31"),
     npmRange("unbrowse"),
-    npmRange("@getfoundry/unbrowse-openclaw"),
+    npmRange("unbrowse-openclaw"),
     fetch("https://api.github.com/repos/anthropic-ai/unbrowse", {
       headers: { "User-Agent": "unbrowse-stats" }
     }).then((r) => r.json())
@@ -16606,6 +16905,10 @@ async function registerRoutes(app) {
       if (innerResult?.available_endpoints && !res.available_endpoints) {
         res.available_endpoints = innerResult.available_endpoints;
       }
+      await recordAnalyticsSession(buildAnalyticsSessionPayload(result, {
+        browser_mode: "replaced",
+        discovery_queries: 1
+      })).catch(() => {});
       return reply.send(result);
     } catch (err) {
       return reply.code(500).send({ error: err.message });
@@ -16815,6 +17118,10 @@ async function registerRoutes(app) {
           if (freshResult.trace?.skill_id && freshResult.trace?.endpoint_id) {
             recordExecution(freshResult.trace.skill_id, freshResult.trace.endpoint_id, freshResult.trace, skill).catch(() => {});
           }
+          await recordAnalyticsSession(buildAnalyticsSessionPayload(freshResult, {
+            browser_mode: "manual",
+            discovery_queries: 1
+          })).catch(() => {});
           return reply.send({
             ...freshResult,
             _recovery: {
@@ -16825,6 +17132,12 @@ async function registerRoutes(app) {
           });
         } catch {}
       }
+      await recordAnalyticsSession(buildAnalyticsSessionPayload(execResult, {
+        browser_mode: "manual",
+        discovery_queries: 0,
+        cached_skill_calls: execResult.trace.endpoint_id ? 1 : 0,
+        fresh_index_calls: 0
+      })).catch(() => {});
       return reply.send(execResult);
     } catch (err) {
       return reply.code(500).send({ error: err.message });
@@ -16995,6 +17308,7 @@ async function registerRoutes(app) {
     if (session.domain && session.domain !== newDomain) {
       await authProfileSave(session.tabId, session.domain).catch(() => {});
     }
+    let cookiesInjected = 0;
     if (newDomain && newDomain !== session.domain) {
       await authProfileLoad(session.tabId, newDomain).catch(() => {});
       try {
@@ -17003,6 +17317,7 @@ async function registerRoutes(app) {
           for (const c of browserCookies) {
             await setCookie(session.tabId, c).catch(() => {});
           }
+          cookiesInjected = browserCookies.length;
         }
       } catch {}
     }
@@ -17015,7 +17330,7 @@ async function registerRoutes(app) {
     session.url = typeof finalUrl === "string" && finalUrl.startsWith("http") ? finalUrl : url;
     session.domain = profileName(session.url);
     await injectInterceptor(session.tabId);
-    return reply.send({ ok: true, url: session.url, tab_id: session.tabId, auth_profile: session.domain });
+    return reply.send({ ok: true, url: session.url, tab_id: session.tabId, auth_profile: session.domain, ...cookiesInjected > 0 ? { cookies_injected: cookiesInjected } : {} });
   });
   app.post("/v1/browse/snap", async (req, reply) => {
     const { filter } = req.body ?? {};
@@ -17329,10 +17644,10 @@ var init_routes = __esm(async () => {
   init_session_logs();
   await __promiseAll([
     init_indexer(),
+    init_vault(),
     init_orchestrator(),
     init_orchestrator(),
     init_execution(),
-    init_vault(),
     init_auth(),
     init_indexer()
   ]);
@@ -17417,10 +17732,11 @@ var init_server = __esm(async () => {
 import { config as loadEnv } from "dotenv";
 
 // ../../src/client/index.ts
+init_cascade();
 import { readFileSync, writeFileSync, existsSync, mkdirSync, readdirSync } from "fs";
 import { join } from "path";
 import { homedir, hostname } from "os";
-import { randomBytes, createHash } from "crypto";
+import { randomBytes, createHash as createHash2 } from "crypto";
 import { createInterface } from "readline";
 var API_URL = process.env.UNBROWSE_BACKEND_URL || "https://beta-api.unbrowse.ai";
 var PROFILE_NAME = sanitizeProfileName(process.env.UNBROWSE_PROFILE ?? "");
@@ -17482,6 +17798,20 @@ function resolveAgentName(preferredEmail, fallbackName) {
   const normalized = normalizeAgentEmail(preferredEmail ?? "");
   return isValidAgentEmail(normalized) ? normalized : fallbackName;
 }
+function getLocalWalletContext() {
+  const lobsterWallet = process.env.LOBSTER_WALLET_ADDRESS?.trim();
+  if (lobsterWallet) {
+    return { wallet_address: lobsterWallet, wallet_provider: "lobster.cash" };
+  }
+  const genericWallet = process.env.AGENT_WALLET_ADDRESS?.trim();
+  if (genericWallet) {
+    return {
+      wallet_address: genericWallet,
+      wallet_provider: process.env.AGENT_WALLET_PROVIDER?.trim() || undefined
+    };
+  }
+  return {};
+}
 function getApiKey() {
   if (LOCAL_ONLY)
     return "local-only";
@@ -17553,7 +17883,7 @@ async function findUsableApiKey() {
   }
   return null;
 }
-async function api(method, path, body, opts) {
+async function apiRequest(method, path, body, opts) {
   const key = opts?.noAuth ? "" : getApiKey();
   const controller = new AbortController;
   const timer = setTimeout(() => controller.abort(), opts?.timeoutMs ?? API_TIMEOUT_MS);
@@ -17599,6 +17929,10 @@ async function api(method, path, body, opts) {
     const msg = errData.details?.length ? `${errData.error}: ${errData.details.join("; ")}` : errData.error ?? `API HTTP ${res.status}`;
     throw new Error(msg);
   }
+  return { data, headers: res.headers };
+}
+async function api(method, path, body, opts) {
+  const { data } = await apiRequest(method, path, body, opts);
   return data;
 }
 async function promptTosAcceptance(summary, tosUrl) {
@@ -17696,6 +18030,13 @@ async function ensureRegistered(options) {
       console.log("[unbrowse] Restored saved registration.");
     }
     await checkTosStatus();
+    try {
+      const profile = await getMyProfile();
+      const wallet = getLocalWalletContext();
+      if (wallet.wallet_address && profile.wallet_address !== wallet.wallet_address) {
+        await syncAgentWallet(wallet);
+      }
+    } catch {}
     return;
   }
   let tosInfo;
@@ -17715,7 +18056,8 @@ async function ensureRegistered(options) {
   const name = options?.promptForEmail ? await promptAgentEmail(fallbackName) : resolveAgentName(process.env.UNBROWSE_AGENT_EMAIL, fallbackName);
   console.log(`Registering as "${name}"...`);
   try {
-    const { agent_id, api_key } = await api("POST", "/v1/agents/register", { name, tos_version: tosInfo.version });
+    const wallet = getLocalWalletContext();
+    const { agent_id, api_key } = await api("POST", "/v1/agents/register", { name, tos_version: tosInfo.version, ...wallet });
     process.env.UNBROWSE_API_KEY = api_key;
     saveConfig({
       api_key,
@@ -17723,7 +18065,8 @@ async function ensureRegistered(options) {
       agent_name: name,
       registered_at: new Date().toISOString(),
       tos_accepted_version: tosInfo.version,
-      tos_accepted_at: new Date().toISOString()
+      tos_accepted_at: new Date().toISOString(),
+      ...wallet
     });
     console.log(`Registered as ${name}. API key saved to ~/.unbrowse/config.json`);
   } catch (err) {
@@ -17732,6 +18075,18 @@ async function ensureRegistered(options) {
     process.exit(1);
   }
 }
+async function getMyProfile() {
+  return api("GET", "/v1/agents/me", undefined);
+}
+async function syncAgentWallet(wallet = getLocalWalletContext()) {
+  if (!wallet.wallet_address)
+    return;
+  await api("POST", "/v1/agents/wallet", wallet);
+  const config = loadConfig();
+  if (!config)
+    return;
+  saveConfig({ ...config, ...wallet });
+}
 
 // ../../src/cli/shortcuts.ts
 var linkedin = {