unbrowse 2.9.1 → 2.10.2

package/runtime-src/analytics-session.ts

@@ -0,0 +1,33 @@
+import type { ExecutionTrace, OrchestrationTiming } from "./types/index.js";
+
+export interface AnalyticsSessionPayload {
+  session_id: string;
+  started_at: string;
+  completed_at?: string;
+  trace_version?: string;
+  api_calls: number;
+  discovery_queries: number;
+  cached_skill_calls: number;
+  fresh_index_calls: number;
+  browser_mode: "default" | "replaced" | "manual" | "unknown";
+}
+
+export function buildAnalyticsSessionPayload(
+  sessionId: string,
+  startedAt: string,
+  source: OrchestrationTiming["source"],
+  trace: Pick<ExecutionTrace, "completed_at" | "network_events" | "trace_version">,
+): AnalyticsSessionPayload {
+  const cacheLike = source === "marketplace" || source === "route-cache" || source === "first-pass";
+  return {
+    session_id: sessionId,
+    started_at: startedAt,
+    completed_at: trace.completed_at,
+    trace_version: trace.trace_version,
+    api_calls: Math.max(1, trace.network_events?.length ?? 0),
+    discovery_queries: cacheLike ? 1 : 0,
+    cached_skill_calls: cacheLike ? 1 : 0,
+    fresh_index_calls: source === "live-capture" ? 1 : 0,
+    browser_mode: "unknown",
+  };
+}

package/runtime-src/api/routes.ts

@@ -5,7 +5,7 @@ import { extractEndpoints, extractAuthHeaders } from "../reverse-engineer/index.
 import { INTERCEPTOR_SCRIPT, collectInterceptedRequests, injectInterceptor, type RawRequest } from "../capture/index.js";
 import { queueBackgroundIndex } from "../indexer/index.js";
 import { nanoid } from "nanoid";
-import type { SkillManifest } from "../types/index.js";
+import type { ExecutionTrace, OrchestrationTiming, ProjectionOptions, SkillManifest } from "../types/index.js";
 import { extractBrowserCookies } from "../auth/browser-cookies.js";
 import { mergeEndpoints } from "../marketplace/index.js";
 import { buildSkillOperationGraph } from "../graph/index.js";
@@ -14,15 +14,13 @@ import { findExistingSkillForDomain, cachePublishedSkill } from "../client/index
 import { storeCredential } from "../vault/index.js";
 import { generateLocalDescription, writeSkillSnapshot, buildResolveCacheKey, getDomainReuseKey, domainSkillCache, persistDomainCache, scopedCacheKey, snapshotPathForCacheKey, invalidateRouteCacheForDomain, summarizeSchema, extractSampleValues } from "../orchestrator/index.js";
 import { TRACE_VERSION, CODE_HASH, GIT_SHA } from "../version.js";
-import { promoteExplicitExecution, resolveAndExecute } from "../orchestrator/index.js";
+import { promoteExplicitExecution, resolveAndExecute, type OrchestratorResult } from "../orchestrator/index.js";
 import { getSkill } from "../marketplace/index.js";
 import { executeSkill, rankEndpoints } from "../execution/index.js";
-import { storeCredential } from "../vault/index.js";
 import { interactiveLogin, extractBrowserAuth } from "../auth/index.js";
 import { publishSkill } from "../marketplace/index.js";
-import { recordFeedback, recordDiagnostics, recordExecution, getApiKey, getRecentLocalSkill } from "../client/index.js";
+import { recordFeedback, recordDiagnostics, recordExecution, getApiKey, getRecentLocalSkill, recordAnalyticsSession, type AnalyticsSessionPayload } from "../client/index.js";
 import { ROUTE_LIMITS } from "../ratelimit/index.js";
-import type { ProjectionOptions } from "../types/index.js";
 import { getSkillChunk, toAgentSkillChunkView } from "../graph/index.js";
 import { listRecentSessionsForDomain } from "../session-logs.js";
 import { mergeAgentReview } from "../indexer/index.js";
@@ -33,6 +31,43 @@ const BETA_API_URL = process.env.UNBROWSE_BACKEND_URL || "https://beta-api.unbro
 
 const TRACES_DIR = process.env.TRACES_DIR ?? join(process.cwd(), "traces");
 
+type AnalyticsSessionResult = {
+  trace: Pick<ExecutionTrace, "trace_id" | "started_at" | "completed_at" | "endpoint_id" | "trace_version">;
+  timing?: Pick<OrchestrationTiming, "source">;
+  source?: OrchestratorResult["source"];
+};
+
+export function buildAnalyticsSessionPayload(
+  result: AnalyticsSessionResult,
+  opts: {
+    browser_mode: AnalyticsSessionPayload["browser_mode"];
+    discovery_queries: number;
+    cached_skill_calls?: number;
+    fresh_index_calls?: number;
+  },
+): AnalyticsSessionPayload {
+  const source = result.timing?.source ?? result.source;
+  const apiCalls = result.trace.endpoint_id ? 1 : 0;
+  const cachedSkillCalls = opts.cached_skill_calls ?? (
+    apiCalls > 0 && source !== "live-capture" && source !== "first-pass" ? 1 : 0
+  );
+  const freshIndexCalls = opts.fresh_index_calls ?? (
+    apiCalls > 0 && (source === "live-capture" || source === "first-pass") ? 1 : 0
+  );
+
+  return {
+    session_id: result.trace.trace_id,
+    started_at: result.trace.started_at,
+    completed_at: result.trace.completed_at,
+    trace_version: result.trace.trace_version ?? TRACE_VERSION,
+    api_calls: apiCalls,
+    discovery_queries: opts.discovery_queries,
+    cached_skill_calls: cachedSkillCalls,
+    fresh_index_calls: freshIndexCalls,
+    browser_mode: opts.browser_mode ?? "unknown",
+  };
+}
+
 
 /** Convert Kuri HAR entries to RawRequest format */
 function harEntriesToRawRequests(entries: KuriHarEntry[]): RawRequest[] {
@@ -183,11 +218,11 @@ async function fetchStats() {
 
   const externalCalls: Promise<unknown>[] = [
     npmPoint("unbrowse", "last-month"),
-    npmPoint("@getfoundry/unbrowse-openclaw", "last-month"),
+    npmPoint("unbrowse-openclaw", "last-month"),
     npmPoint("unbrowse", "1970-01-01:2099-12-31"),
-    npmPoint("@getfoundry/unbrowse-openclaw", "1970-01-01:2099-12-31"),
+    npmPoint("unbrowse-openclaw", "1970-01-01:2099-12-31"),
     npmRange("unbrowse"),
-    npmRange("@getfoundry/unbrowse-openclaw"),
+    npmRange("unbrowse-openclaw"),
     fetch("https://api.github.com/repos/anthropic-ai/unbrowse", {
       headers: { "User-Agent": "unbrowse-stats" },
     }).then(r => r.json() as Promise<Record<string, unknown>>),
@@ -332,6 +367,11 @@ export async function registerRoutes(app: FastifyInstance) {
         res.available_endpoints = innerResult.available_endpoints;
       }
 
+      await recordAnalyticsSession(buildAnalyticsSessionPayload(result, {
+        browser_mode: "replaced",
+        discovery_queries: 1,
+      })).catch(() => {});
+
       return reply.send(result);
     } catch (err) {
       return reply.code(500).send({ error: (err as Error).message });
@@ -602,6 +642,10 @@ export async function registerRoutes(app: FastifyInstance) {
           if (freshResult.trace?.skill_id && freshResult.trace?.endpoint_id) {
             recordExecution(freshResult.trace.skill_id, freshResult.trace.endpoint_id, freshResult.trace, skill).catch(() => {});
           }
+          await recordAnalyticsSession(buildAnalyticsSessionPayload(freshResult, {
+            browser_mode: "manual",
+            discovery_queries: 1,
+          })).catch(() => {});
           return reply.send({
             ...freshResult,
             _recovery: {
@@ -615,6 +659,13 @@ export async function registerRoutes(app: FastifyInstance) {
         }
       }
 
+      await recordAnalyticsSession(buildAnalyticsSessionPayload(execResult, {
+        browser_mode: "manual",
+        discovery_queries: 0,
+        cached_skill_calls: execResult.trace.endpoint_id ? 1 : 0,
+        fresh_index_calls: 0,
+      })).catch(() => {});
+
       return reply.send(execResult);
     } catch (err) {
       return reply.code(500).send({ error: (err as Error).message });

package/runtime-src/auth/index.ts

@@ -27,6 +27,29 @@ export interface LoginResult {
   error?: string;
 }
 
+export interface BrowserAuthSourceMeta {
+  family?: string;
+  userDataDir?: string;
+  cookieDbPath?: string;
+}
+
+export interface StoredAuthBundle {
+  cookies: AuthCookie[];
+  headers: Record<string, string>;
+  source_keys: string[];
+  source_meta?: BrowserAuthSourceMeta | null;
+}
+
+export function storedAuthNeedsBrowserRefresh(bundle: StoredAuthBundle | null | undefined): boolean {
+  if (!bundle) return true;
+  if (bundle.cookies.length === 0 && Object.keys(bundle.headers).length === 0) return true;
+  const sourceMeta = bundle.source_meta;
+  if (!sourceMeta) return true;
+  if (sourceMeta.family === "chromium" && !sourceMeta.userDataDir && !sourceMeta.cookieDbPath) {
+    return true;
+  }
+  return false;
+}
 /**
  * Open a visible browser for the user to complete login.
  * Uses Kuri to manage the browser tab, polls for login completion via cookies.
@@ -225,6 +248,17 @@ function filterExpired(cookies: AuthCookie[]): AuthCookie[] {
 export async function getStoredAuth(
   domain: string
 ): Promise<AuthCookie[] | null> {
+  const bundle = await getStoredAuthBundle(domain);
+  return bundle?.cookies?.length ? bundle.cookies : null;
+}
+
+/**
+ * Retrieve the stored auth bundle for a domain from the vault.
+ * Preserves headers/source metadata while filtering expired cookies.
+ */
+export async function getStoredAuthBundle(
+  domain: string
+): Promise<StoredAuthBundle | null> {
   const regDomain = getRegistrableDomain(domain);
   const keysToTry = [`auth:${regDomain}`];
   if (domain !== regDomain) keysToTry.push(`auth:${domain}`);
@@ -233,12 +267,10 @@ export async function getStoredAuth(
     const stored = await getCredential(key);
     if (!stored) continue;
     try {
-      const parsed = JSON.parse(stored) as { cookies?: AuthCookie[] };
-      const cookies = parsed.cookies;
-      if (!cookies || cookies.length === 0) continue;
-
+      const parsed = JSON.parse(stored) as Partial<StoredAuthBundle> & { cookies?: AuthCookie[] };
+      const cookies = parsed.cookies ?? [];
       const valid = filterExpired(cookies);
-      if (valid.length === 0) {
+      if (cookies.length > 0 && valid.length === 0 && Object.keys(parsed.headers ?? {}).length === 0) {
         log("auth", `all ${cookies.length} cookies for ${domain} (key: ${key}) are expired — deleting`);
         await deleteCredential(key);
         continue;
@@ -246,11 +278,17 @@ export async function getStoredAuth(
       if (valid.length < cookies.length) {
         log("auth", `filtered ${cookies.length - valid.length} expired cookies for ${domain}`);
       }
-      return valid;
+      return {
+        cookies: valid,
+        headers: parsed.headers ?? {},
+        source_keys: parsed.source_keys ?? [],
+        source_meta: parsed.source_meta ?? null,
+      };
     } catch {
       continue;
     }
   }
+
   return null;
 }
 

package/runtime-src/client/index.ts

@@ -4,6 +4,7 @@ import { homedir, hostname } from "os";
 import { randomBytes, createHash } from "crypto";
 import { createInterface } from "readline";
 import type { AgentSkillChunkView, EndpointStats, ExecutionTrace, OrchestrationTiming, SkillManifest, ValidationResult } from "../types/index.js";
+import { ensureCascadeSplitForSkill } from "../payments/cascade.js";
 import { attributeLifecycle } from "../runtime/lifecycle.js";
 import type { LifecycleEvent } from "../runtime/lifecycle.js";
 
@@ -70,6 +71,8 @@ interface UnbrowseConfig {
   registered_at: string;
   tos_accepted_version: string | null;
   tos_accepted_at: string | null;
+  wallet_address?: string;
+  wallet_provider?: string;
 }
 
 type ApiKeySource = "env" | "config";
@@ -116,6 +119,23 @@ export function resolveAgentName(preferredEmail: string | undefined, fallbackNam
   return isValidAgentEmail(normalized) ? normalized : fallbackName;
 }
 
+function getLocalWalletContext(): { wallet_address?: string; wallet_provider?: string } {
+  const lobsterWallet = process.env.LOBSTER_WALLET_ADDRESS?.trim();
+  if (lobsterWallet) {
+    return { wallet_address: lobsterWallet, wallet_provider: "lobster.cash" };
+  }
+
+  const genericWallet = process.env.AGENT_WALLET_ADDRESS?.trim();
+  if (genericWallet) {
+    return {
+      wallet_address: genericWallet,
+      wallet_provider: process.env.AGENT_WALLET_PROVIDER?.trim() || undefined,
+    };
+  }
+
+  return {};
+}
+
 export function getApiKey(): string {
   if (LOCAL_ONLY) return "local-only";
   // Env var takes priority, then cached config
@@ -211,7 +231,12 @@ async function findUsableApiKey(): Promise<{ key: string; source: ApiKeySource }
   return null;
 }
 
-async function api<T = unknown>(method: string, path: string, body?: unknown, opts?: { noAuth?: boolean; timeoutMs?: number }): Promise<T> {
+async function apiRequest<T = unknown>(
+  method: string,
+  path: string,
+  body?: unknown,
+  opts?: { noAuth?: boolean; timeoutMs?: number },
+): Promise<{ data: T; headers: Headers }> {
   const key = opts?.noAuth ? "" : getApiKey();
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), opts?.timeoutMs ?? API_TIMEOUT_MS);
@@ -268,6 +293,11 @@ async function api<T = unknown>(method: string, path: string, body?: unknown, op
     const msg = errData.details?.length ? `${errData.error}: ${errData.details.join("; ")}` : errData.error ?? `API HTTP ${res.status}`;
     throw new Error(msg);
   }
+  return { data: data as T, headers: res.headers };
+}
+
+async function api<T = unknown>(method: string, path: string, body?: unknown, opts?: { noAuth?: boolean; timeoutMs?: number }): Promise<T> {
+  const { data } = await apiRequest<T>(method, path, body, opts);
   return data;
 }
 
@@ -382,6 +412,13 @@ export async function ensureRegistered(options?: { promptForEmail?: boolean }):
       console.log("[unbrowse] Restored saved registration.");
     }
     await checkTosStatus();
+    try {
+      const profile = await getMyProfile();
+      const wallet = getLocalWalletContext();
+      if (wallet.wallet_address && profile.wallet_address !== wallet.wallet_address) {
+        await syncAgentWallet(wallet);
+      }
+    } catch { /* non-fatal */ }
     return;
   }
 
@@ -408,8 +445,9 @@ export async function ensureRegistered(options?: { promptForEmail?: boolean }):
   console.log(`Registering as "${name}"...`);
 
   try {
+    const wallet = getLocalWalletContext();
     const { agent_id, api_key } = await api<{ agent_id: string; api_key: string }>(
-      "POST", "/v1/agents/register", { name, tos_version: tosInfo.version }
+      "POST", "/v1/agents/register", { name, tos_version: tosInfo.version, ...wallet }
     );
 
     process.env.UNBROWSE_API_KEY = api_key;
@@ -420,6 +458,7 @@ export async function ensureRegistered(options?: { promptForEmail?: boolean }):
       registered_at: new Date().toISOString(),
       tos_accepted_version: tosInfo.version,
       tos_accepted_at: new Date().toISOString(),
+      ...wallet,
     });
 
     console.log(`Registered as ${name}. API key saved to ~/.unbrowse/config.json`);
@@ -596,7 +635,29 @@ export async function publishSkill(
     } as SkillManifest & { warnings: string[] };
   }
   if (LOCAL_ONLY) throw new Error("local-only mode");
-  return api("POST", "/v1/skills", draft, { timeoutMs: PUBLISH_TIMEOUT_MS });
+  const wallet = getLocalWalletContext();
+  const published = await api<SkillManifest & { warnings: string[] }>("POST", "/v1/skills", {
+    ...draft,
+    ...(wallet.wallet_address ? wallet : {}),
+  }, { timeoutMs: PUBLISH_TIMEOUT_MS });
+
+  const cascade = await ensureCascadeSplitForSkill(published).catch((err) => ({
+    warning: `cascade_split_failed:${(err as Error).message}`,
+  }));
+  const warnings = [...(published.warnings ?? [])];
+  if (cascade.warning) warnings.push(cascade.warning);
+
+  if (cascade.split_config && cascade.split_config !== published.split_config) {
+    const updated = await api<SkillManifest>("PATCH", `/v1/skills/${published.skill_id}`, {
+      split_config: cascade.split_config,
+    });
+    return {
+      ...updated,
+      warnings,
+    };
+  }
+
+  return { ...published, warnings };
 }
 
 export async function deprecateSkill(skillId: string): Promise<void> {
@@ -669,10 +730,11 @@ export async function searchIntentResolve(
   domain_results: Array<{ id: number; score: number; metadata: Record<string, unknown> }>;
   global_results: Array<{ id: number; score: number; metadata: Record<string, unknown> }>;
   skipped_global: boolean;
+  actual_cost_uc?: number;
 }> {
   if (LOCAL_ONLY) return { domain_results: [], global_results: [], skipped_global: false };
   try {
-    return await api<{
+    const { data, headers } = await apiRequest<{
       domain_results: Array<{ id: number; score: number; metadata: Record<string, unknown> }>;
       global_results: Array<{ id: number; score: number; metadata: Record<string, unknown> }>;
       skipped_global: boolean;
@@ -682,6 +744,11 @@ export async function searchIntentResolve(
       domain_k: domainK,
       global_k: globalK,
     });
+    const actualCostHeader = headers.get("X-Unbrowse-Cost-Uc");
+    const actualCostUc = actualCostHeader && /^\d+$/.test(actualCostHeader)
+      ? Number(actualCostHeader)
+      : undefined;
+    return actualCostUc != null ? { ...data, actual_cost_uc: actualCostUc } : data;
   } catch (err) {
     if (isX402Error(err)) throw err;
     const [domain_results, global_results] = await Promise.all([
@@ -710,6 +777,18 @@ export interface ExecutionPayload {
   indexer_id?: string;
 }
 
+export interface AnalyticsSessionPayload {
+  session_id: string;
+  started_at: string;
+  completed_at?: string;
+  trace_version?: string;
+  api_calls: number;
+  discovery_queries?: number;
+  cached_skill_calls?: number;
+  fresh_index_calls?: number;
+  browser_mode?: "default" | "replaced" | "manual" | "unknown";
+}
+
 /**
  * Build the POST body for /v1/stats/execution.
  * Pure function — no I/O, fully testable.
@@ -747,11 +826,16 @@ export async function recordExecution(
   await api("POST", "/v1/stats/execution", payload);
 }
 
+export async function recordAnalyticsSession(payload: AnalyticsSessionPayload): Promise<void> {
+  if (LOCAL_ONLY) return;
+  await api("POST", "/v1/analytics/sessions", payload);
+}
+
 /** Record a payment transaction for a paid skill execution. Fire-and-forget. */
 export async function recordTransaction(params: {
   transaction_id: string;
   consumer_id: string;
-  creator_id: string;
+  creator_id?: string;
   skill_id: string;
   endpoint_id?: string;
   price_usd: number;
@@ -812,6 +896,23 @@ export async function recordOrchestrationPerf(timing: OrchestrationTiming): Prom
   await api("POST", "/v1/stats/perf", { ...timing, phase_totals_ms: phaseTotals });
 }
 
+// --- Analytics Sessions ---
+
+export async function recordAnalyticsSession(session: {
+  session_id: string;
+  started_at: string;
+  completed_at?: string;
+  trace_version?: string;
+  api_calls: number;
+  discovery_queries?: number;
+  cached_skill_calls?: number;
+  fresh_index_calls?: number;
+  browser_mode?: "default" | "replaced" | "manual" | "unknown";
+}): Promise<void> {
+  if (LOCAL_ONLY) return;
+  await api("POST", "/v1/analytics/sessions", session);
+}
+
 // --- Validation ---
 
 export async function validateManifest(manifest: unknown): Promise<ValidationResult> {
@@ -917,11 +1018,23 @@ export async function verifyMarketplaceDiscovery(
 
 // --- Agent Registration ---
 
-export async function registerAgent(name: string): Promise<{ agent_id: string; api_key: string }> {
-  return api<{ agent_id: string; api_key: string }>("POST", "/v1/agents/register", { name });
+export async function registerAgent(
+  name: string,
+  wallet: { wallet_address?: string; wallet_provider?: string } = getLocalWalletContext(),
+): Promise<{ agent_id: string; api_key: string }> {
+  return api<{ agent_id: string; api_key: string }>("POST", "/v1/agents/register", { name, ...wallet });
 }
 
-export async function getAgent(agentId: string): Promise<{ agent_id: string; name: string; created_at: string; skills_discovered: string[]; total_executions: number; total_feedback_given: number } | null> {
+export async function getAgent(agentId: string): Promise<{
+  agent_id: string;
+  name: string;
+  created_at: string;
+  wallet_address?: string | null;
+  wallet_provider?: string | null;
+  skills_discovered: string[];
+  total_executions: number;
+  total_feedback_given: number;
+} | null> {
   try {
     return await api("GET", `/v1/agents/${agentId}`);
   } catch {
@@ -929,10 +1042,27 @@ export async function getAgent(agentId: string): Promise<{ agent_id: string; nam
   }
 }
 
-export async function getMyProfile(): Promise<{ agent_id: string; name: string; created_at: string; skills_discovered: string[]; total_executions: number; total_feedback_given: number }> {
+export async function getMyProfile(): Promise<{
+  agent_id: string;
+  name: string;
+  created_at: string;
+  wallet_address?: string | null;
+  wallet_provider?: string | null;
+  skills_discovered: string[];
+  total_executions: number;
+  total_feedback_given: number;
+}> {
   return api("GET", "/v1/agents/me", undefined);
 }
 
+export async function syncAgentWallet(wallet = getLocalWalletContext()): Promise<void> {
+  if (!wallet.wallet_address) return;
+  await api("POST", "/v1/agents/wallet", wallet);
+  const config = loadConfig();
+  if (!config) return;
+  saveConfig({ ...config, ...wallet });
+}
+
 
 // --- Transaction Visibility ---
 
@@ -989,3 +1119,7 @@ export async function getCreatorEarnings(agentId: string): Promise<{
 export async function setSkillPrice(skillId: string, priceUsd: number): Promise<unknown> {
   return api("PATCH", `/v1/skills/${skillId}`, { base_price_usd: priceUsd });
 }
+
+export async function setSkillSplitConfig(skillId: string, splitConfig: string | null): Promise<unknown> {
+  return api("PATCH", `/v1/skills/${skillId}`, { split_config: splitConfig });
+}

package/runtime-src/execution/index.ts

@@ -6,6 +6,7 @@ import { publishSkill, mergeEndpoints } from "../marketplace/index.js";
 import { updateEndpointScore } from "../marketplace/index.js";
 import { getCredential, storeCredential, deleteCredential } from "../vault/index.js";
 import { getStoredAuth, getAuthCookies, refreshAuthFromBrowser } from "../auth/index.js";
+import { resolvePreExecutionAuth } from "../auth/dependency-runtime.js";
 import { authRuntime } from "../auth/runtime.js";
 import { applyProjection, inferSchema } from "../transform/index.js";
 import { detectSchemaDrift } from "../transform/drift.js";
@@ -2284,7 +2285,7 @@ export async function executeEndpoint(
   recordExecution(skill.skill_id, endpoint.endpoint_id, trace, skill).catch(() => {});
 
   // Record transaction if this was a paid execution (fire-and-forget)
-  if (trace.success && skill.indexer_id && skill.base_price_usd && skill.base_price_usd > 0) {
+  if (trace.success && options?.payment_verified === true && skill.base_price_usd && skill.base_price_usd > 0) {
     const consumerConfig = (() => {
       try { return JSON.parse(require("fs").readFileSync(require("os").homedir() + "/.unbrowse/config.json", "utf-8")); }
       catch { return {}; }

package/runtime-src/orchestrator/index.ts

@@ -1737,6 +1737,7 @@ export async function resolveAndExecute(
     response_bytes: 0,
     time_saved_pct: 0,
     tokens_saved_pct: 0,
+    actual_total_ms: 0,
     trace_version: TRACE_VERSION,
   };
   const decisionTrace: Record<string, unknown> = {
@@ -1781,6 +1782,7 @@ export async function resolveAndExecute(
     trace?: ExecutionTrace,
   ): OrchestrationTiming {
     timing.total_ms = Date.now() - t0;
+    timing.actual_total_ms = timing.total_ms;
     timing.source = source;
     timing.skill_id = skillId;
 
@@ -1793,6 +1795,10 @@ export async function resolveAndExecute(
     const cost = skill?.discovery_cost;
     const baselineTokens = cost?.capture_tokens ?? DEFAULT_CAPTURE_TOKENS;
     const baselineMs = cost?.capture_ms ?? DEFAULT_CAPTURE_MS;
+    const paidSearchUc = timing.paid_search_uc ?? 0;
+    const paidExecutionUc = timing.paid_execution_uc ?? 0;
+    const totalActualCostUc = paidSearchUc + paidExecutionUc;
+    if (totalActualCostUc > 0) timing.actual_cost_uc = totalActualCostUc;
 
     // Token savings: marketplace/cache returns structured data, skipping full-page browsing
     if (source === "marketplace" || source === "route-cache" || source === "first-pass") {
@@ -1804,6 +1810,10 @@ export async function resolveAndExecute(
           ? Math.round((Math.max(0, baselineMs - timing.total_ms) / baselineMs) * 100)
           : 0;
     }
+    if (cost?.capture_ms != null) {
+      timing.baseline_total_ms = cost.capture_ms;
+      timing.time_saved_ms = Math.max(0, cost.capture_ms - timing.total_ms);
+    }
 
     // Stamp trace with token metrics so they persist in trace files
     if (trace) {
@@ -2935,6 +2945,7 @@ export async function resolveAndExecute(
       domain_results: SearchResult[];
       global_results: SearchResult[];
       skipped_global: boolean;
+      actual_cost_uc?: number;
     };
     try {
       searchResponse = await Promise.race([
@@ -2944,7 +2955,7 @@ export async function resolveAndExecute(
           MARKETPLACE_DOMAIN_SEARCH_K,
           MARKETPLACE_GLOBAL_SEARCH_K,
         ),
-        new Promise<{ domain_results: SearchResult[]; global_results: SearchResult[]; skipped_global: boolean }>((resolve) =>
+        new Promise<{ domain_results: SearchResult[]; global_results: SearchResult[]; skipped_global: boolean; actual_cost_uc?: number }>((resolve) =>
           setTimeout(() => {
             console.log(`[marketplace] timeout after ${MARKETPLACE_TIMEOUT_MS}ms — falling through to browser`);
             resolve({ domain_results: [], global_results: [], skipped_global: true });
@@ -2986,6 +2997,9 @@ export async function resolveAndExecute(
         skipped_global: false,
       };
     }
+    if (typeof searchResponse.actual_cost_uc === "number" && searchResponse.actual_cost_uc > 0) {
+      timing.paid_search_uc = searchResponse.actual_cost_uc;
+    }
     const { domain_results: domainResults, global_results: globalResults } = searchResponse;
     timing.search_ms = Date.now() - ts0;
     console.log(`[marketplace] search: ${domainResults.length} domain + ${globalResults.length} global results (${timing.search_ms}ms)`);