unbrowse 3.3.4 → 3.4.0

package/dist/cli.js

@@ -31,7 +31,7 @@ var __promiseAll = (args) => Promise.all(args);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // ../../src/build-info.generated.ts
-var BUILD_RELEASE_VERSION = "3.3.4", BUILD_GIT_SHA = "d398ad6f1a60", BUILD_CODE_HASH = "d6e5ef2546cd", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiMy4zLjQiLCJnaXRfc2hhIjoiZDM5OGFkNmYxYTYwIiwiY29kZV9oYXNoIjoiZDZlNWVmMjU0NmNkIiwidHJhY2VfdmVyc2lvbiI6ImQ2ZTVlZjI1NDZjZEBkMzk4YWQ2ZjFhNjAiLCJpc3N1ZWRfYXQiOiIyMDI2LTA0LTA3VDA2OjQxOjAxLjcwNVoifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "TaaK5qrudsUghz2Lc3jQCjMDbn6-mbEul9OwGz6J6WA", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai";
+var BUILD_RELEASE_VERSION = "3.4.0", BUILD_GIT_SHA = "361b3d271f3d", BUILD_CODE_HASH = "656382fbb5d5", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiMy40LjAiLCJnaXRfc2hhIjoiMzYxYjNkMjcxZjNkIiwiY29kZV9oYXNoIjoiNjU2MzgyZmJiNWQ1IiwidHJhY2VfdmVyc2lvbiI6IjY1NjM4MmZiYjVkNUAzNjFiM2QyNzFmM2QiLCJpc3N1ZWRfYXQiOiIyMDI2LTA0LTA5VDAyOjUwOjI0LjI0NVoifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "_GYe4ccws1jOZQ13TD27_rBJwKd87JDzsXDQLQR3mZU", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai";
 
 // ../../src/version.ts
 import { createHash } from "crypto";
@@ -753,9 +753,16 @@ var init_reverse_engineer = __esm(() => {
     "sec-ch-ua",
     "sec-ch-ua-mobile",
     "sec-ch-ua-platform",
+    "sec-ch-ua-full-version-list",
+    "sec-ch-ua-arch",
+    "sec-ch-ua-bitness",
+    "sec-ch-ua-model",
+    "sec-ch-ua-wow64",
     "sec-fetch-dest",
     "sec-fetch-mode",
     "sec-fetch-site",
+    "sec-fetch-user",
+    "upgrade-insecure-requests",
     "x-requested-with"
   ]);
   AD_SCHEMA_KEYS = new Set([
@@ -1383,6 +1390,7 @@ import { join as join4 } from "path";
 import { homedir as homedir3, hostname, release as osRelease } from "os";
 import { randomBytes, createHash as createHash2 } from "crypto";
 import { createInterface } from "readline";
+import { execSync } from "child_process";
 var API_URL = process.env.UNBROWSE_BACKEND_URL || DEFAULT_BACKEND_URL;
 var PROFILE_NAME = sanitizeProfileName(process.env.UNBROWSE_PROFILE ?? "");
 var recentLocalSkills = new Map;
@@ -1746,6 +1754,30 @@ async function apiRequest(method, path, body, opts) {
     console.warn("[unbrowse] Please restart the unbrowse service to accept the new terms.");
     throw new Error("ToS update required. Restart unbrowse to accept new terms.");
   }
+  if (res.status === 426 && !opts?.skipAutoUpdate) {
+    const errCode = data.error;
+    if (errCode === "client_update_required" || errCode === "client_verification_failed") {
+      console.warn(`
+[unbrowse] Server requires a client update (${errCode}).`);
+      console.warn("[unbrowse] Attempting automatic update...");
+      try {
+        const updateCmd = process.env.UNBROWSE_UPDATE_COMMAND || "curl -fsSL https://unbrowse.ai/install.sh | bash";
+        execSync(updateCmd, { stdio: "inherit", timeout: 120000 });
+        console.warn("[unbrowse] Update installed. Restarting server...");
+        try {
+          execSync("pkill -9 -f 'unbrowse|kuri'", { stdio: "ignore", timeout: 5000 });
+        } catch {}
+        await new Promise((r) => setTimeout(r, 2000));
+        console.warn("[unbrowse] Retrying request with updated client...");
+        return apiRequest(method, path, body, { ...opts, skipAutoUpdate: true });
+      } catch (updateErr) {
+        console.warn(`[unbrowse] Auto-update failed: ${updateErr.message}`);
+        const cmd = data.update_command ?? "curl -fsSL https://unbrowse.ai/install.sh | bash";
+        console.warn(`[unbrowse] Please update manually: ${cmd}`);
+        throw new Error(`Client update required. Run: ${cmd}`);
+      }
+    }
+  }
   if (res.status === 402) {
     const paymentRequired = res.headers.get("PAYMENT-REQUIRED");
     const legacyPaymentTerms = res.headers.get("X-Payment-Required");
@@ -3629,6 +3661,53 @@ async function cmdExecute(flags) {
       endpoint_id: typeof flags.endpoint === "string" ? flags.endpoint : null
     }
   });
+  if (flags.curl) {
+    const endpointId = typeof flags.endpoint === "string" ? flags.endpoint : undefined;
+    if (!endpointId)
+      die("--curl requires --endpoint");
+    const skill = await api2("GET", `/v1/skills/${skillId}`);
+    const ep = (skill.endpoints ?? []).find((e) => e.endpoint_id === endpointId);
+    if (!ep)
+      die(`Endpoint ${endpointId} not found`);
+    let method = ep.method ?? "GET";
+    let url = ep.url_template;
+    let headers = { ...ep.headers_template ?? {} };
+    let body = ep.body;
+    try {
+      const preview = await api2("GET", `/v1/skills/${skillId}/request-preview/${endpointId}`);
+      if (preview.headers)
+        headers = preview.headers;
+      if (preview.body)
+        body = preview.body;
+      if (preview.url)
+        url = preview.url;
+      if (preview.method)
+        method = preview.method;
+    } catch {}
+    const parts = ["curl"];
+    if (method !== "GET")
+      parts.push(`-X ${method}`);
+    parts.push(`'${url}'`);
+    for (const [k, v] of Object.entries(headers)) {
+      if (/^(newrelic|traceparent|tracestate)$/i.test(k))
+        continue;
+      parts.push(`-H '${k}: ${v}'`);
+    }
+    if (body) {
+      if (!headers["content-type"] && !headers["Content-Type"])
+        parts.push(`-H 'Content-Type: application/json'`);
+      parts.push(`-d '${JSON.stringify(body)}'`);
+    }
+    output({
+      curl: parts.join(" \\\n  "),
+      endpoint_id: endpointId,
+      method,
+      url,
+      ...body ? { body } : {},
+      headers
+    }, !!flags.pretty);
+    return;
+  }
   try {
     const body = { params: {} };
     if (flags.endpoint) {
@@ -3988,6 +4067,49 @@ async function cmdSetup(flags) {
   output(report, true);
   if (report.browser_engine.action === "failed")
     process.exit(1);
+  try {
+    info("Trying your first resolve...");
+    const demoUrl = "https://jsonplaceholder.typicode.com";
+    const demoIntent = "list all posts";
+    await recordFunnelTelemetryEvent("resolve_started", {
+      source: "setup",
+      hostType,
+      properties: { command: "guided-first-resolve", intent: demoIntent, url: demoUrl }
+    });
+    const resolveResult = await api2("POST", "/v1/intent/resolve", {
+      intent: demoIntent,
+      params: { url: demoUrl },
+      context: { url: demoUrl },
+      projection: { raw: true }
+    });
+    if (isResolveSuccessResult(resolveResult)) {
+      await recordFunnelTelemetryEvent("resolve_completed", {
+        source: "setup",
+        hostType,
+        properties: { command: "guided-first-resolve", intent: demoIntent, url: demoUrl, source: resolveResult.source }
+      });
+      const endpoints = resolveResult.available_endpoints;
+      if (endpoints && endpoints.length > 0) {
+        info(`Found ${endpoints.length} API endpoint${endpoints.length > 1 ? "s" : ""} on ${demoUrl}:`);
+        for (const ep of endpoints.slice(0, 5)) {
+          const method = ep.method ?? "GET";
+          const desc = ep.description ?? ep.url_template ?? ep.endpoint_id ?? "";
+          info(`  ${method} ${desc}`);
+        }
+      } else {
+        info(`Resolve succeeded on ${demoUrl}`);
+      }
+      info("");
+      info("That's unbrowse. Try your own:");
+      info('  unbrowse resolve --intent "search for shoes" --url "https://amazon.com"');
+    } else {
+      info("Guided resolve returned no results \u2014 try manually:");
+      info('  unbrowse resolve --intent "list posts" --url "https://jsonplaceholder.typicode.com"');
+    }
+  } catch {
+    info("Setup complete. Try your first resolve:");
+    info('  unbrowse resolve --intent "list posts" --url "https://jsonplaceholder.typicode.com"');
+  }
 }
 var CLI_REFERENCE = {
   commands: [
@@ -4044,6 +4166,7 @@ var CLI_REFERENCE = {
     { flag: "--limit N", desc: "Cap array output to N items" },
     { flag: "--endpoint-id ID", desc: "Pick a specific endpoint" },
     { flag: "--dry-run", desc: "Preview mutations" },
+    { flag: "--curl", desc: "Output the captured request as a curl command (no execution)" },
     { flag: "--params '{...}'", desc: "Extra params as JSON" }
   ],
   examples: [
@@ -4542,7 +4665,7 @@ async function cmdClose(flags) {
   output(await api2("POST", "/v1/browse/close", typeof flags.session === "string" ? { session_id: flags.session } : undefined), false);
 }
 async function cmdConnectChrome() {
-  const { execSync, spawn: spawnProc } = __require("child_process");
+  const { execSync: execSync2, spawn: spawnProc } = __require("child_process");
   try {
     const res = await fetch("http://127.0.0.1:9222/json/version", { signal: AbortSignal.timeout(1000) });
     if (res.ok) {
@@ -4555,16 +4678,16 @@ async function cmdConnectChrome() {
     }
   } catch {}
   try {
-    execSync("pkill -f kuri/chrome-profile", { stdio: "ignore" });
+    execSync2("pkill -f kuri/chrome-profile", { stdio: "ignore" });
   } catch {}
   console.log("Quitting Chrome to relaunch with remote debugging...");
   if (process.platform === "darwin") {
     try {
-      execSync('osascript -e "quit app \\"Google Chrome\\""', { stdio: "ignore", timeout: 5000 });
+      execSync2('osascript -e "quit app \\"Google Chrome\\""', { stdio: "ignore", timeout: 5000 });
     } catch {}
   } else {
     try {
-      execSync("pkill -f chrome", { stdio: "ignore" });
+      execSync2("pkill -f chrome", { stdio: "ignore" });
     } catch {}
   }
   await new Promise((r) => setTimeout(r, 2000));

package/dist/mcp.js

@@ -225,11 +225,11 @@ import { dirname, join, parse } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 
 // ../../src/build-info.generated.ts
-var BUILD_RELEASE_VERSION = "3.3.4";
-var BUILD_GIT_SHA = "d398ad6f1a60";
-var BUILD_CODE_HASH = "d6e5ef2546cd";
-var BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiMy4zLjQiLCJnaXRfc2hhIjoiZDM5OGFkNmYxYTYwIiwiY29kZV9oYXNoIjoiZDZlNWVmMjU0NmNkIiwidHJhY2VfdmVyc2lvbiI6ImQ2ZTVlZjI1NDZjZEBkMzk4YWQ2ZjFhNjAiLCJpc3N1ZWRfYXQiOiIyMDI2LTA0LTA3VDA2OjQxOjAxLjcwNVoifQ";
-var BUILD_RELEASE_MANIFEST_SIGNATURE = "TaaK5qrudsUghz2Lc3jQCjMDbn6-mbEul9OwGz6J6WA";
+var BUILD_RELEASE_VERSION = "3.4.0";
+var BUILD_GIT_SHA = "361b3d271f3d";
+var BUILD_CODE_HASH = "656382fbb5d5";
+var BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiMy40LjAiLCJnaXRfc2hhIjoiMzYxYjNkMjcxZjNkIiwiY29kZV9oYXNoIjoiNjU2MzgyZmJiNWQ1IiwidHJhY2VfdmVyc2lvbiI6IjY1NjM4MmZiYjVkNUAzNjFiM2QyNzFmM2QiLCJpc3N1ZWRfYXQiOiIyMDI2LTA0LTA5VDAyOjUwOjI0LjI0NVoifQ";
+var BUILD_RELEASE_MANIFEST_SIGNATURE = "_GYe4ccws1jOZQ13TD27_rBJwKd87JDzsXDQLQR3mZU";
 var BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai";
 
 // ../../src/version.ts
@@ -748,6 +748,7 @@ function readImpactSummary() {
 import { readFileSync as readFileSync5, writeFileSync as writeFileSync3, existsSync as existsSync7, mkdirSync as mkdirSync4, readdirSync as readdirSync3, unlinkSync as unlinkSync3 } from "fs";
 import { join as join5 } from "path";
 import { homedir as homedir4, hostname, release as osRelease } from "os";
+import { execSync } from "child_process";
 
 // ../../src/payments/cascade.ts
 import bs58 from "bs58";
@@ -856,6 +857,30 @@ async function apiRequest(method, path4, body, opts) {
     console.warn("[unbrowse] Please restart the unbrowse service to accept the new terms.");
     throw new Error("ToS update required. Restart unbrowse to accept new terms.");
   }
+  if (res.status === 426 && !opts?.skipAutoUpdate) {
+    const errCode = data.error;
+    if (errCode === "client_update_required" || errCode === "client_verification_failed") {
+      console.warn(`
+[unbrowse] Server requires a client update (${errCode}).`);
+      console.warn("[unbrowse] Attempting automatic update...");
+      try {
+        const updateCmd = process.env.UNBROWSE_UPDATE_COMMAND || "curl -fsSL https://unbrowse.ai/install.sh | bash";
+        execSync(updateCmd, { stdio: "inherit", timeout: 120000 });
+        console.warn("[unbrowse] Update installed. Restarting server...");
+        try {
+          execSync("pkill -9 -f 'unbrowse|kuri'", { stdio: "ignore", timeout: 5000 });
+        } catch {}
+        await new Promise((r) => setTimeout(r, 2000));
+        console.warn("[unbrowse] Retrying request with updated client...");
+        return apiRequest(method, path4, body, { ...opts, skipAutoUpdate: true });
+      } catch (updateErr) {
+        console.warn(`[unbrowse] Auto-update failed: ${updateErr.message}`);
+        const cmd = data.update_command ?? "curl -fsSL https://unbrowse.ai/install.sh | bash";
+        console.warn(`[unbrowse] Please update manually: ${cmd}`);
+        throw new Error(`Client update required. Run: ${cmd}`);
+      }
+    }
+  }
   if (res.status === 402) {
     const paymentRequired = res.headers.get("PAYMENT-REQUIRED");
     const legacyPaymentTerms = res.headers.get("X-Payment-Required");

package/dist/server.js

@@ -788,7 +788,14 @@ async function findReusableIdleTab(state = defaultBrokerState) {
   try {
     const tabs = await kuriGet(state, "/tabs");
     const candidate = tabs.find((tab) => /^(about:blank|chrome:\/\/newtab\/?)$/i.test(tab?.url ?? ""));
-    return candidate?.id ?? "";
+    if (!candidate?.id)
+      return "";
+    try {
+      await kuriGet(state, "/evaluate", { tab_id: candidate.id, expression: "1" });
+      return candidate.id;
+    } catch {
+      return "";
+    }
   } catch {
     return "";
   }
@@ -4265,7 +4272,15 @@ function extractEndpoints(requests, wsMessages, context) {
   }).filter(Boolean)) : new Map;
   for (const { req } of scored) {
     const normalized = normalizeUrl(req.url);
-    const key = `${req.method}:${normalized}`;
+    let key = `${req.method}:${normalized}`;
+    if (/graphql/i.test(req.url) && req.method !== "GET" && req.request_body) {
+      try {
+        const parsed = JSON.parse(req.request_body);
+        const opName = parsed.operationName ?? parsed.query?.match(/(?:query|mutation)\s+(\w+)/)?.[1];
+        if (opName)
+          key += `#op=${opName}`;
+      } catch {}
+    }
     if (seen.has(key))
       continue;
     seen.add(key);
@@ -5006,9 +5021,16 @@ var init_reverse_engineer = __esm(() => {
     "sec-ch-ua",
     "sec-ch-ua-mobile",
     "sec-ch-ua-platform",
+    "sec-ch-ua-full-version-list",
+    "sec-ch-ua-arch",
+    "sec-ch-ua-bitness",
+    "sec-ch-ua-model",
+    "sec-ch-ua-wow64",
     "sec-fetch-dest",
     "sec-fetch-mode",
     "sec-fetch-site",
+    "sec-fetch-user",
+    "upgrade-insecure-requests",
     "x-requested-with"
   ]);
   SENSITIVE_HEADER_PATTERN = /token|key|secret|credential|password|session/i;
@@ -5547,7 +5569,7 @@ async function collectInterceptedRequests(tabId) {
 }
 async function injectInterceptor(tabId) {
   const SETUP = `(function(){if(window.__unbrowse_interceptor_installed)return;window.__unbrowse_interceptor_installed=true;window.__unbrowse_intercepted=[];window.__UB_MAX=2*1024*1024;window.__UB_MAX_JS=2*1024*1024;window.__UB_MAX_N=500;})()`;
-  const FETCH_PATCH = `(function(){if(!window.__unbrowse_interceptor_installed)return;var M=window.__UB_MAX,MJ=window.__UB_MAX_JS,MN=window.__UB_MAX_N;var oF=window.fetch;window.fetch=function(){var a=arguments,u=typeof a[0]==='string'?a[0]:(a[0]&&a[0].url?a[0].url:''),o=a[1]||{},m=(o.method||'GET').toUpperCase(),rb=o.body?String(o.body).substring(0,M):void 0,rh={};if(o.headers){if(typeof o.headers.forEach==='function')o.headers.forEach(function(v,k){rh[k]=v});else Object.keys(o.headers).forEach(function(k){rh[k]=o.headers[k]})}return oF.apply(this,a).then(function(r){if(window.__unbrowse_intercepted.length>=MN)return r;var ct=r.headers.get('content-type')||'';var isJ=ct.indexOf('javascript')!==-1||/\\.js(\\?|$)/.test(u);var isD=ct.indexOf('json')!==-1||ct.indexOf('x-protobuf')!==-1||ct.indexOf('text/plain')!==-1||u.indexOf('/api/')!==-1||u.indexOf('graphql')!==-1||u.indexOf('voyager')!==-1;if(!isJ&&!isD)return r;if(/\\.(css|woff2?|png|jpg|svg|ico)(\\?|$)/.test(u))return r;var c=r.clone();c.text().then(function(b){var lim=isJ?MJ:M;if(b.length>lim)return;var rr={};r.headers.forEach(function(v,k){rr[k]=v});window.__unbrowse_intercepted.push({url:u,method:m,request_headers:rh,request_body:rb,response_status:r.status,response_headers:rr,response_body:b,content_type:ct,is_js:isJ,timestamp:new Date().toISOString()})}).catch(function(){});return r}).catch(function(e){throw e})}})()`;
+  const FETCH_PATCH = `(function(){if(!window.__unbrowse_interceptor_installed)return;var M=window.__UB_MAX,MJ=window.__UB_MAX_JS,MN=window.__UB_MAX_N;var oF=window.fetch;window.fetch=function(){var a=arguments,isR=a[0]&&typeof a[0]==='object'&&typeof a[0].url==='string',u=typeof a[0]==='string'?a[0]:(isR?a[0].url:''),o=a[1]||{},m=(o.method||(isR?a[0].method:null)||'GET').toUpperCase(),rb=o.body?String(o.body).substring(0,M):void 0,rbP=null;if(!rb&&isR&&m!=='GET'&&m!=='HEAD'){try{var rc=a[0].clone();rbP=rc.text().then(function(t){return t?t.substring(0,M):void 0}).catch(function(){return void 0})}catch(e){}}var rh={};if(isR&&a[0].headers&&typeof a[0].headers.forEach==='function')a[0].headers.forEach(function(v,k){rh[k]=v});if(o.headers){if(typeof o.headers.forEach==='function')o.headers.forEach(function(v,k){rh[k]=v});else Object.keys(o.headers).forEach(function(k){rh[k]=o.headers[k]})}return oF.apply(this,a).then(function(r){if(window.__unbrowse_intercepted.length>=MN)return r;var ct=r.headers.get('content-type')||'';var isJ=ct.indexOf('javascript')!==-1||/\\.js(\\?|$)/.test(u);var isD=ct.indexOf('json')!==-1||ct.indexOf('x-protobuf')!==-1||ct.indexOf('text/plain')!==-1||u.indexOf('/api/')!==-1||u.indexOf('graphql')!==-1||u.indexOf('voyager')!==-1;if(!isJ&&!isD)return r;if(/\\.(css|woff2?|png|jpg|svg|ico)(\\?|$)/.test(u))return r;var c=r.clone();Promise.all([c.text(),rbP?rbP:Promise.resolve(rb)]).then(function(res){var b=res[0],rrb=res[1];var lim=isJ?MJ:M;if(b.length>lim)return;var rr={};r.headers.forEach(function(v,k){rr[k]=v});window.__unbrowse_intercepted.push({url:u,method:m,request_headers:rh,request_body:rrb,response_status:r.status,response_headers:rr,response_body:b,content_type:ct,is_js:isJ,timestamp:new Date().toISOString()})}).catch(function(){});return r}).catch(function(e){throw e})}})()`;
   const XHR_PATCH = `(function(){if(!window.__unbrowse_interceptor_installed)return;var M=window.__UB_MAX,MJ=window.__UB_MAX_JS,MN=window.__UB_MAX_N;var oO=XMLHttpRequest.prototype.open,oS=XMLHttpRequest.prototype.send;XMLHttpRequest.prototype.open=function(m,u){this.__ub_m=m;this.__ub_u=u;this.__ub_h={};var oSH=this.setRequestHeader.bind(this);this.setRequestHeader=function(k,v){this.__ub_h[k]=v;oSH(k,v)}.bind(this);return oO.apply(this,arguments)};XMLHttpRequest.prototype.send=function(b){var x=this;x.addEventListener('load',function(){if(window.__unbrowse_intercepted.length>=MN)return;var ct=x.getResponseHeader('content-type')||'',u=x.__ub_u||'';var isJ=ct.indexOf('javascript')!==-1||/\\.js(\\?|$)/.test(u);var isD=ct.indexOf('json')!==-1||ct.indexOf('x-protobuf')!==-1||ct.indexOf('text/plain')!==-1||u.indexOf('/api/')!==-1||u.indexOf('graphql')!==-1||u.indexOf('voyager')!==-1;if(!isJ&&!isD)return;if(/\\.(css|woff2?|png|jpg|svg|ico)(\\?|$)/.test(u))return;var rb=x.responseText||'';var lim=isJ?MJ:M;if(rb.length>lim)return;window.__unbrowse_intercepted.push({url:u,method:(x.__ub_m||'GET').toUpperCase(),request_headers:x.__ub_h||{},request_body:b?String(b).substring(0,M):void 0,response_status:x.status,response_headers:{},response_body:rb,content_type:ct,is_js:isJ,timestamp:new Date().toISOString()})});return oS.apply(this,arguments)}})()`;
   for (const chunk of [SETUP, FETCH_PATCH, XHR_PATCH]) {
     await evaluate(tabId, chunk).catch(() => {});
@@ -5555,10 +5577,22 @@ async function injectInterceptor(tabId) {
 }
 function mergePassiveCaptureData(intercepted, harEntries, extensionEntries, responseBodies, performanceUrls = []) {
   const seen = new Map;
+  function graphqlDedup(url, requestBody) {
+    if (!requestBody || !/graphql/i.test(url))
+      return url;
+    try {
+      const parsed = JSON.parse(requestBody);
+      const opName = parsed.operationName ?? parsed.query?.match(/(?:query|mutation)\s+(\w+)/)?.[1];
+      if (opName)
+        return `${url}#op=${opName}`;
+    } catch {}
+    return url;
+  }
   for (const entry of intercepted) {
     if (entry.is_js)
       continue;
-    seen.set(entry.url, {
+    const key = graphqlDedup(entry.url, entry.request_body);
+    seen.set(key, {
       url: entry.url,
       method: entry.method,
       request_headers: entry.request_headers,
@@ -5571,21 +5605,25 @@ function mergePassiveCaptureData(intercepted, harEntries, extensionEntries, resp
   }
   for (const entry of harEntries) {
     const url = entry.request?.url;
-    if (!url || seen.has(url))
+    if (!url)
       continue;
     if (entry.request.method === "OPTIONS")
       continue;
+    const postBody = entry.request.postData?.text;
+    const key = graphqlDedup(url, postBody);
+    if (seen.has(key))
+      continue;
     const reqHeaders = {};
     for (const h of entry.request.headers ?? [])
       reqHeaders[h.name] = h.value;
     const respHeaders = {};
     for (const h of entry.response.headers ?? [])
       respHeaders[h.name] = h.value;
-    seen.set(url, {
+    seen.set(key, {
       url,
       method: entry.request.method,
       request_headers: reqHeaders,
-      request_body: entry.request.postData?.text,
+      request_body: postBody,
       response_status: entry.response.status,
       response_headers: respHeaders,
       response_body: responseBodies.get(url) ?? entry.response.content?.text,
@@ -5599,14 +5637,19 @@ function mergePassiveCaptureData(intercepted, harEntries, extensionEntries, resp
     const respHeaders = {};
     for (const h of entry.responseHeaders ?? [])
       respHeaders[h.name] = h.value;
-    const existing = seen.get(entry.url);
-    if (existing) {
-      for (const [k, v] of Object.entries(reqHeaders)) {
-        if (!existing.request_headers[k])
-          existing.request_headers[k] = v;
+    let merged = false;
+    for (const [key, existing] of seen) {
+      if (existing.url === entry.url) {
+        for (const [k, v] of Object.entries(reqHeaders)) {
+          if (!existing.request_headers[k])
+            existing.request_headers[k] = v;
+        }
+        merged = true;
+        break;
       }
-      continue;
     }
+    if (merged)
+      continue;
     seen.set(entry.url, {
       url: entry.url,
       method: entry.method,
@@ -6763,13 +6806,23 @@ var MAX_CONCURRENT_TABS = 3, activeTabs = 0, waitQueue, activeTabRegistry, inter
   var origFetch = window.fetch;
   window.fetch = function() {
     var args = arguments;
-    var url = typeof args[0] === 'string' ? args[0] : (args[0] && args[0].url ? args[0].url : '');
+    var isRequestObj = args[0] && typeof args[0] === 'object' && typeof args[0].url === 'string';
+    var url = typeof args[0] === 'string' ? args[0] : (isRequestObj ? args[0].url : '');
     var opts = args[1] || {};
-    var method = (opts.method || 'GET').toUpperCase();
+    // Extract method: prefer explicit opts, then Request object, then default GET
+    var method = (opts.method || (isRequestObj ? args[0].method : null) || 'GET').toUpperCase();
+    // Extract body: prefer explicit opts.body, then clone+read Request body
     var reqBody = opts.body ? String(opts.body).substring(0, MAX_BODY) : undefined;
+    var reqBodyPromise = null;
+    if (!reqBody && isRequestObj && method !== 'GET' && method !== 'HEAD') {
+      try {
+        var reqClone = args[0].clone();
+        reqBodyPromise = reqClone.text().then(function(t) { return t ? t.substring(0, MAX_BODY) : undefined; }).catch(function() { return undefined; });
+      } catch(e) { /* clone failed */ }
+    }
     var reqHeaders = {};
     // Extract headers from Request object (first arg)
-    if (args[0] && typeof args[0] === 'object' && args[0].headers && typeof args[0].headers.forEach === 'function') {
+    if (isRequestObj && args[0].headers && typeof args[0].headers.forEach === 'function') {
       args[0].headers.forEach(function(v, k) { reqHeaders[k] = v; });
     }
     // Override/merge with explicit opts.headers (second arg)
@@ -6792,7 +6845,13 @@ var MAX_CONCURRENT_TABS = 3, activeTabs = 0, waitQueue, activeTabRegistry, inter
       if (!isJs && !isData) return response;
       if (/\\.(css|woff2?|png|jpg|svg|ico)(\\?|$)/.test(url)) return response;
       var clone = response.clone();
-      clone.text().then(function(body) {
+      // Resolve request body (from Request object clone) and response body in parallel
+      Promise.all([
+        clone.text(),
+        reqBodyPromise ? reqBodyPromise : Promise.resolve(reqBody)
+      ]).then(function(results) {
+        var body = results[0];
+        var resolvedReqBody = results[1];
         var limit = isJs ? MAX_JS_BODY : MAX_BODY;
         if (body.length > limit) return;
         var respHeaders = {};
@@ -6801,7 +6860,7 @@ var MAX_CONCURRENT_TABS = 3, activeTabs = 0, waitQueue, activeTabRegistry, inter
           url: url,
           method: method,
           request_headers: reqHeaders,
-          request_body: reqBody,
+          request_body: resolvedReqBody,
           response_status: response.status,
           response_headers: respHeaders,
           response_body: body,
@@ -6884,7 +6943,7 @@ var init_capture = __esm(async () => {
 });
 
 // ../../src/build-info.generated.ts
-var BUILD_RELEASE_VERSION = "3.3.4", BUILD_GIT_SHA = "d398ad6f1a60", BUILD_CODE_HASH = "d6e5ef2546cd", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiMy4zLjQiLCJnaXRfc2hhIjoiZDM5OGFkNmYxYTYwIiwiY29kZV9oYXNoIjoiZDZlNWVmMjU0NmNkIiwidHJhY2VfdmVyc2lvbiI6ImQ2ZTVlZjI1NDZjZEBkMzk4YWQ2ZjFhNjAiLCJpc3N1ZWRfYXQiOiIyMDI2LTA0LTA3VDA2OjQxOjAxLjcwNVoifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "TaaK5qrudsUghz2Lc3jQCjMDbn6-mbEul9OwGz6J6WA", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai";
+var BUILD_RELEASE_VERSION = "3.4.0", BUILD_GIT_SHA = "361b3d271f3d", BUILD_CODE_HASH = "656382fbb5d5", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiMy40LjAiLCJnaXRfc2hhIjoiMzYxYjNkMjcxZjNkIiwiY29kZV9oYXNoIjoiNjU2MzgyZmJiNWQ1IiwidHJhY2VfdmVyc2lvbiI6IjY1NjM4MmZiYjVkNUAzNjFiM2QyNzFmM2QiLCJpc3N1ZWRfYXQiOiIyMDI2LTA0LTA5VDAyOjUwOjI0LjI0NVoifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "_GYe4ccws1jOZQ13TD27_rBJwKd87JDzsXDQLQR3mZU", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai";
 
 // ../../src/version.ts
 import { createHash } from "crypto";
@@ -7399,6 +7458,7 @@ import { join as join6 } from "path";
 import { homedir as homedir4, hostname, release as osRelease } from "os";
 import { randomBytes as randomBytes2, createHash as createHash3 } from "crypto";
 import { createInterface } from "readline";
+import { execSync } from "child_process";
 function buildReleaseAttestationHeaders(manifestBase64, signature) {
   const manifest = manifestBase64.trim();
   const sig = signature.trim();
@@ -7772,6 +7832,30 @@ async function apiRequest(method, path4, body, opts) {
     console.warn("[unbrowse] Please restart the unbrowse service to accept the new terms.");
     throw new Error("ToS update required. Restart unbrowse to accept new terms.");
   }
+  if (res.status === 426 && !opts?.skipAutoUpdate) {
+    const errCode = data.error;
+    if (errCode === "client_update_required" || errCode === "client_verification_failed") {
+      console.warn(`
+[unbrowse] Server requires a client update (${errCode}).`);
+      console.warn("[unbrowse] Attempting automatic update...");
+      try {
+        const updateCmd = process.env.UNBROWSE_UPDATE_COMMAND || "curl -fsSL https://unbrowse.ai/install.sh | bash";
+        execSync(updateCmd, { stdio: "inherit", timeout: 120000 });
+        console.warn("[unbrowse] Update installed. Restarting server...");
+        try {
+          execSync("pkill -9 -f 'unbrowse|kuri'", { stdio: "ignore", timeout: 5000 });
+        } catch {}
+        await new Promise((r) => setTimeout(r, 2000));
+        console.warn("[unbrowse] Retrying request with updated client...");
+        return apiRequest(method, path4, body, { ...opts, skipAutoUpdate: true });
+      } catch (updateErr) {
+        console.warn(`[unbrowse] Auto-update failed: ${updateErr.message}`);
+        const cmd = data.update_command ?? "curl -fsSL https://unbrowse.ai/install.sh | bash";
+        console.warn(`[unbrowse] Please update manually: ${cmd}`);
+        throw new Error(`Client update required. Run: ${cmd}`);
+      }
+    }
+  }
   if (res.status === 402) {
     const paymentRequired = res.headers.get("PAYMENT-REQUIRED");
     const legacyPaymentTerms = res.headers.get("X-Payment-Required");
@@ -14450,6 +14534,7 @@ __export(exports_execution, {
   templatizeQueryParams: () => templatizeQueryParams,
   shouldIgnoreLearnedBrowserStrategy: () => shouldIgnoreLearnedBrowserStrategy,
   resolveExecutionUrlTemplate: () => resolveExecutionUrlTemplate,
+  reloadExecutionAuthState: () => reloadExecutionAuthState,
   rankEndpoints: () => rankEndpoints,
   projectResultForIntent: () => projectResultForIntent,
   isCanonicalReplayEndpoint: () => isCanonicalReplayEndpoint,
@@ -16245,10 +16330,6 @@ async function executeEndpoint(skill, endpoint, params = {}, projection, options
       ...sessionHeaders,
       ...normalizeReplayHeaders(extraHeaders)
     };
-    delete headers["sec-ch-ua"];
-    delete headers["sec-ch-ua-mobile"];
-    delete headers["sec-ch-ua-platform"];
-    delete headers["upgrade-insecure-requests"];
     if (cookies.length > 0) {
       const cookieStr = cookies.map((c) => {
         const v = c.value.startsWith('"') && c.value.endsWith('"') ? c.value.slice(1, -1) : c.value;
@@ -22857,6 +22938,10 @@ async function resolveRequestedBrowseSession(sessions, client, requestedSessionI
     const session = sessions.get(requestedSessionId);
     if (!session)
       throw new BrowseSessionError("session_not_found");
+    if (!await isBrowseSessionLive(session, client)) {
+      removeBrowseSession(sessions, requestedSessionId);
+      throw new BrowseSessionError("session_expired");
+    }
     return session;
   }
   const live = await listLiveBrowseSessions(sessions, client);
@@ -22927,7 +23012,7 @@ async function getOrCreateNavigateBrowseSession(sessions, client, injectIntercep
   }
   return createBrowseSession(sessions, client, injectInterceptor2);
 }
-var BrowseSessionError, RECOVERABLE_BROWSE_FAILURES, LIVE_CHECK_RETRIES = 8, LIVE_CHECK_RETRY_DELAY_MS = 250, sessionQueues;
+var BrowseSessionError, RECOVERABLE_BROWSE_FAILURES, LIVE_CHECK_RETRIES = 3, LIVE_CHECK_RETRY_DELAY_MS = 100, sessionQueues;
 var init_browse_session = __esm(() => {
   init_client();
   BrowseSessionError = class BrowseSessionError extends Error {
@@ -25541,6 +25626,39 @@ async function registerRoutes(app) {
       return reply.code(500).send({ error: err.message });
     }
   });
+  app.get("/v1/skills/:skill_id/request-preview/:endpoint_id", async (req, reply) => {
+    const { skill_id, endpoint_id } = req.params;
+    const skill = await loadSkillForMutation(skill_id);
+    if (!skill)
+      return reply.status(404).send({ error: "skill_not_found" });
+    const ep = skill.endpoints.find((e) => e.endpoint_id === endpoint_id);
+    if (!ep)
+      return reply.status(404).send({ error: "endpoint_not_found" });
+    let epDomain;
+    try {
+      epDomain = new URL(ep.url_template).hostname;
+    } catch {
+      epDomain = skill.domain;
+    }
+    const authHeaders = {};
+    const cookies = [];
+    const { reloadExecutionAuthState: reloadExecutionAuthState2 } = await init_execution().then(() => exports_execution);
+    await reloadExecutionAuthState2(skill, epDomain, authHeaders, cookies);
+    const allHeaders = { ...ep.headers_template ?? {}, ...authHeaders };
+    if (cookies.length > 0) {
+      allHeaders["Cookie"] = cookies.map((c) => `${c.name}=${c.value}`).join("; ");
+    }
+    return reply.send({
+      method: ep.method,
+      url: ep.url_template,
+      headers: allHeaders,
+      body: ep.body ?? null,
+      query: ep.query ?? null,
+      path_params: ep.path_params ?? null,
+      cookies: cookies.length > 0 ? cookies.map((c) => ({ name: c.name, domain: c.domain })) : null,
+      trigger_url: ep.trigger_url ?? null
+    });
+  });
   app.post("/v1/auth/steal", { config: { rateLimit: { max: 30, timeWindow: "1 minute" } } }, async (req, reply) => {
     const {
       url,
@@ -25850,6 +25968,11 @@ async function registerRoutes(app) {
         session2.url = typeof finalUrl === "string" && finalUrl.startsWith("http") ? finalUrl : url;
         session2.domain = profileName(session2.url);
         await injectInterceptor(session2.tabId);
+        try {
+          await broker.evaluate(session2.tabId, "window.scrollTo(0, document.body.scrollHeight)");
+          await new Promise((r) => setTimeout(r, 2500));
+          await broker.evaluate(session2.tabId, "window.scrollTo(0, 0)");
+        } catch {}
         const stillLive = await isBrowseSessionLive(session2, browseClient).catch(() => false);
         if (!stillLive)
           throw { error: "CDP command failed" };
@@ -26222,7 +26345,7 @@ await __promiseAll([
   init_capture(),
   init_stale_cleanup_runner()
 ]);
-import { execSync as execSync2 } from "node:child_process";
+import { execSync as execSync3 } from "node:child_process";
 import { mkdirSync as mkdirSync13, unlinkSync as unlinkSync2, writeFileSync as writeFileSync12 } from "node:fs";
 import path5 from "node:path";
 import Fastify from "fastify";
@@ -26254,7 +26377,7 @@ async function startUnbrowseServer(options = {}) {
   const pidFile = options.pidFile ?? process.env.UNBROWSE_PID_FILE;
   updatePidFile(pidFile, host, port);
   try {
-    execSync2("pkill -f chrome-headless-shell", { stdio: "ignore" });
+    execSync3("pkill -f chrome-headless-shell", { stdio: "ignore" });
   } catch {}
   startBackgroundRegistration();
   const app = Fastify({ logger: options.logger ?? true });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "unbrowse",
-  "version": "3.3.4",
+  "version": "3.4.0",
   "description": "Reverse-engineer any website into reusable API skills. Zero-dep single binary with embedded browser engine.",
   "type": "module",
   "bin": {

package/scripts/postinstall.mjs

@@ -59,18 +59,15 @@ function ensureExecutable(filePath) {
 ensureExecutable(wrapperPath);
 ensureExecutable(launcherPath);
 
-// Skip binary download in CI build environments — the release pipeline builds
-// binaries AFTER install, so the download would always 404 and fail.
-if (process.env.CI && (process.env.GITHUB_ACTIONS || process.env.UNBROWSE_SKIP_BINARY_DOWNLOAD)) {
-  process.exit(0);
-}
-
 // Skip if binary already exists (re-install)
 if (existsSync(binaryPath)) {
   ensureExecutable(binaryPath);
+  console.log(`[unbrowse] Binary already exists, skipping.`);
   process.exit(0);
 }
 
+// Local binary override — used by smoke tests to inject a pre-built binary.
+// Must run BEFORE the CI skip so packaged smoke tests work in GitHub Actions.
 if (localBinaryPath) {
   if (!existsSync(localBinaryPath)) {
     console.warn(`[unbrowse] Local binary override not found: ${localBinaryPath}`);
@@ -83,6 +80,13 @@ if (localBinaryPath) {
   process.exit(0);
 }
 
+// Skip binary download in CI build environments — the release pipeline builds
+// binaries AFTER install, so the download would always 404 and fail.
+// Placed after the local binary override so smoke tests still work.
+if (process.env.CI && (process.env.GITHUB_ACTIONS || process.env.UNBROWSE_SKIP_BINARY_DOWNLOAD)) {
+  process.exit(0);
+}
+
 const platform = process.platform; // darwin, linux
 const arch = process.arch; // arm64, x64
 const target = `${platform}-${arch}`;