npm - unbrowse - Versions diffs - 3.4.0 → 3.5.0-preview.1 - Mend

unbrowse 3.4.0 → 3.5.0-preview.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/cli.js +859 -54
package/dist/mcp.js +5 -5
package/dist/server.js +540 -113
package/package.json +2 -2
package/vendor/kuri/darwin-arm64/kuri +0 -0
package/vendor/kuri/darwin-x64/kuri +0 -0
package/vendor/kuri/linux-arm64/kuri +0 -0
package/vendor/kuri/linux-x64/kuri +0 -0
package/vendor/kuri/manifest.json +6 -10
package/vendor/kuri/win-x64/kuri.exe +0 -0

package/dist/cli.js CHANGED Viewed

@@ -31,7 +31,7 @@ var __promiseAll = (args) => Promise.all(args);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 // ../../src/build-info.generated.ts
-var BUILD_RELEASE_VERSION = "3.4.0", BUILD_GIT_SHA = "361b3d271f3d", BUILD_CODE_HASH = "656382fbb5d5", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiMy40LjAiLCJnaXRfc2hhIjoiMzYxYjNkMjcxZjNkIiwiY29kZV9oYXNoIjoiNjU2MzgyZmJiNWQ1IiwidHJhY2VfdmVyc2lvbiI6IjY1NjM4MmZiYjVkNUAzNjFiM2QyNzFmM2QiLCJpc3N1ZWRfYXQiOiIyMDI2LTA0LTA5VDAyOjUwOjI0LjI0NVoifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "_GYe4ccws1jOZQ13TD27_rBJwKd87JDzsXDQLQR3mZU", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai";
+var BUILD_RELEASE_VERSION = "3.5.0-preview.1", BUILD_GIT_SHA = "98686464d176", BUILD_CODE_HASH = "6712fc4b9fea", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiMy41LjAtcHJldmlldy4xIiwiZ2l0X3NoYSI6Ijk4Njg2NDY0ZDE3NiIsImNvZGVfaGFzaCI6IjY3MTJmYzRiOWZlYSIsInRyYWNlX3ZlcnNpb24iOiI2NzEyZmM0YjlmZWFAOTg2ODY0NjRkMTc2IiwiaXNzdWVkX2F0IjoiMjAyNi0wNC0wOVQxNDowNzoyOC40OTBaIn0", BUILD_RELEASE_MANIFEST_SIGNATURE = "3tfUGHc_qHJwOqJwMh4HuRaGiV99sjiiXCIC8B2DV3A", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai";
 // ../../src/version.ts
 import { createHash } from "crypto";
@@ -519,7 +519,17 @@ var init_marketplace = __esm(() => {
 });
 // ../../src/domain.ts
-var CC_TLDS;
+function getRegistrableDomain(hostname2) {
+  const parts = hostname2.split(".");
+  if (parts.length >= 3) {
+    const lastTwo = parts.slice(-2).join(".");
+    if (CC_TLDS.has(lastTwo) || GEO_TLD_SUFFIXES.has(lastTwo)) {
+      return parts.slice(-3).join(".");
+    }
+  }
+  return parts.slice(-2).join(".");
+}
+var CC_TLDS, GEO_TLD_SUFFIXES;
 var init_domain = __esm(() => {
   CC_TLDS = new Set([
     "co.uk",
@@ -539,6 +549,43 @@ var init_domain = __esm(() => {
     "net.au",
     "org.au"
   ]);
+  GEO_TLD_SUFFIXES = new Set([
+    "com.sg",
+    "com.hk",
+    "com.my",
+    "com.ph",
+    "com.vn",
+    "com.id",
+    "com.th",
+    "com.np",
+    "com.pk",
+    "com.bd",
+    "com.lk",
+    "com.mm",
+    "com.kh",
+    "com.eg",
+    "com.sa",
+    "com.qa",
+    "com.ae",
+    "com.kw",
+    "com.jo",
+    "com.lb",
+    "com.bh",
+    "com.om",
+    "com.iq",
+    "co.id",
+    "co.th",
+    "co.nz",
+    "co.jp",
+    "co.kr",
+    "co.in",
+    "co.uk",
+    "co.za",
+    "co.zw",
+    "co.ke",
+    "co.tz",
+    "co.ug"
+  ]);
 });
 // ../../src/publish-admission.ts
@@ -1013,10 +1060,53 @@ var init_robots = __esm(() => {
 });
 // ../../src/site-policy.ts
-var MUTATION_METHODS;
+var MUTATION_METHODS, KNOWN_SESSION_BOUND_PARAMS;
 var init_site_policy = __esm(() => {
   init_domain();
   MUTATION_METHODS = new Set(["POST", "PUT", "PATCH", "DELETE"]);
+  KNOWN_SESSION_BOUND_PARAMS = new Set([
+    "device_id",
+    "WebIdLastTime",
+    "browser_version",
+    "browser_name",
+    "browser_language",
+    "browser_platform",
+    "browser_online",
+    "os",
+    "os_version",
+    "device_platform",
+    "channel",
+    "app_id",
+    "app_name",
+    "app_version",
+    "fp",
+    "msToken",
+    "tt_webid",
+    "tt_webid_v2",
+    "verifyFp",
+    "X-Bogus",
+    "_signature",
+    "aid",
+    "biz_trace_id",
+    "clientABVersions",
+    "coverFormat",
+    "webcast_sdk_version",
+    "live_id",
+    "enter_from",
+    "enter_method",
+    "from_source",
+    "screen_width",
+    "screen_height",
+    "history_len",
+    "is_fullscreen",
+    "is_page_visible",
+    "focus_state",
+    "is_night_mode",
+    "cookie_enabled",
+    "timezone_name",
+    "timezone_offset",
+    "uid"
+  ]);
 });
 // ../../src/workflow/compile.ts
@@ -1376,6 +1466,484 @@ function checkWalletConfigured2() {
 }
 var init_wallet2 = () => {};
+// ../../src/auth/agent-mail.ts
+var exports_agent_mail = {};
+__export(exports_agent_mail, {
+  waitForVerificationEmail: () => waitForVerificationEmail,
+  getOrCreateSiteInbox: () => getOrCreateSiteInbox,
+  extractVerificationLink: () => extractVerificationLink,
+  extractOtpFromEmail: () => extractOtpFromEmail,
+  autonomousEmailLogin: () => autonomousEmailLogin
+});
+async function amFetch(method, path9, body) {
+  const res = await fetch(`${AGENTMAIL_API}${path9}`, {
+    method,
+    headers: {
+      Authorization: `Bearer ${AGENTMAIL_KEY}`,
+      "Content-Type": "application/json"
+    },
+    ...body ? { body: JSON.stringify(body) } : {}
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`AgentMail ${method} ${path9}: ${res.status} ${text}`);
+  }
+  return res.json();
+}
+async function getOrCreateSiteInbox(domain) {
+  const safeDomain = domain.replace(/[^a-z0-9-]/gi, "-").toLowerCase();
+  const username = `unbrowse-${safeDomain}`;
+  const clientId = `unbrowse-login-${safeDomain}`;
+  try {
+    const inbox = await amFetch("POST", "/inboxes", {
+      username,
+      domain: "agentmail.to",
+      display_name: `Unbrowse Agent - ${domain}`,
+      client_id: clientId
+    });
+    return inbox;
+  } catch {
+    const email = `${username}@agentmail.to`;
+    try {
+      const inbox = await amFetch("GET", `/inboxes/${encodeURIComponent(email)}`);
+      return inbox;
+    } catch {
+      return { inbox_id: "unbrowse-agent@agentmail.to", email: "unbrowse-agent@agentmail.to" };
+    }
+  }
+}
+async function waitForVerificationEmail(inboxId, fromDomain, timeoutMs = 60000) {
+  const start2 = Date.now();
+  const pollInterval = 3000;
+  while (Date.now() - start2 < timeoutMs) {
+    const data = await amFetch("GET", `/inboxes/${encodeURIComponent(inboxId)}/messages?limit=5&labels=unread`);
+    for (const msg of data.messages ?? []) {
+      if (msg.from?.toLowerCase().includes(fromDomain.toLowerCase())) {
+        return {
+          subject: msg.subject ?? "",
+          text: msg.extractedText ?? msg.text ?? "",
+          html: msg.extractedHtml ?? msg.html ?? ""
+        };
+      }
+    }
+    await new Promise((r) => setTimeout(r, pollInterval));
+  }
+  return null;
+}
+function extractOtpFromEmail(text) {
+  const six = text.match(/\b(\d{6})\b/);
+  if (six)
+    return six[1];
+  const four = text.match(/\b(\d{4})\b/);
+  if (four)
+    return four[1];
+  const codeIs = text.match(/code[:\s]+(\w{4,8})/i);
+  if (codeIs)
+    return codeIs[1];
+  return null;
+}
+function extractVerificationLink(text, html) {
+  const htmlLink = html.match(/href="(https?:\/\/[^"]*(?:verify|confirm|activate|magic|token|auth)[^"]*)"/i);
+  if (htmlLink)
+    return htmlLink[1];
+  const textLink = text.match(/(https?:\/\/\S*(?:verify|confirm|activate|magic|token|auth)\S*)/i);
+  if (textLink)
+    return textLink[1];
+  const anyLink = text.match(/(https?:\/\/\S+)/);
+  if (anyLink)
+    return anyLink[1];
+  return null;
+}
+async function autonomousEmailLogin(domain) {
+  const inbox = await getOrCreateSiteInbox(domain);
+  return {
+    email: inbox.email,
+    inboxId: inbox.inbox_id,
+    waitForOtp: async () => {
+      const email = await waitForVerificationEmail(inbox.inbox_id, domain, 90000);
+      if (!email)
+        return null;
+      return extractOtpFromEmail(email.text);
+    },
+    waitForLink: async () => {
+      const email = await waitForVerificationEmail(inbox.inbox_id, domain, 90000);
+      if (!email)
+        return null;
+      return extractVerificationLink(email.text, email.html);
+    }
+  };
+}
+var AGENTMAIL_API = "https://api.agentmail.to", AGENTMAIL_KEY;
+var init_agent_mail = __esm(() => {
+  AGENTMAIL_KEY = process.env.AGENTMAIL_API_KEY ?? "";
+});
+// ../../src/auth/browser-cookies.ts
+var exports_browser_cookies = {};
+__export(exports_browser_cookies, {
+  scanAllBrowserSessions: () => scanAllBrowserSessions,
+  resolveChromiumCookiesPath: () => resolveChromiumCookiesPath,
+  findBestBrowserSession: () => findBestBrowserSession,
+  extractFromFirefox: () => extractFromFirefox,
+  extractFromChromium: () => extractFromChromium,
+  extractFromChrome: () => extractFromChrome,
+  extractBrowserCookies: () => extractBrowserCookies,
+  decodeChromiumCookieValue: () => decodeChromiumCookieValue
+});
+import { execFileSync as execFileSync4 } from "node:child_process";
+import { createDecipheriv, pbkdf2Sync } from "node:crypto";
+import { copyFileSync, existsSync as existsSync15, mkdtempSync, readdirSync as readdirSync4, rmSync } from "node:fs";
+import { tmpdir, homedir as homedir7, platform } from "node:os";
+import { join as join12 } from "node:path";
+function getChromeUserDataDir() {
+  const home = homedir7();
+  if (platform() === "darwin") {
+    return join12(home, "Library", "Application Support", "Google", "Chrome");
+  }
+  if (platform() === "win32") {
+    const appData = process.env.LOCALAPPDATA ?? join12(home, "AppData", "Local");
+    return join12(appData, "Google", "Chrome", "User Data");
+  }
+  return join12(home, ".config", "google-chrome");
+}
+function resolveChromiumCookiesPath(opts) {
+  if (opts?.cookieDbPath) {
+    return opts.cookieDbPath.replace(/^~\//, homedir7() + "/");
+  }
+  const profileDir = opts?.profile || "Default";
+  const userDataDir = (opts?.userDataDir || getChromeUserDataDir()).replace(/^~\//, homedir7() + "/");
+  const candidates = [
+    join12(userDataDir, profileDir, "Network", "Cookies"),
+    join12(userDataDir, profileDir, "Cookies"),
+    join12(userDataDir, "Network", "Cookies"),
+    join12(userDataDir, "Cookies")
+  ];
+  return candidates.find((candidate) => existsSync15(candidate)) ?? candidates[0] ?? null;
+}
+function getFirefoxProfilesRoot() {
+  const home = homedir7();
+  if (platform() === "darwin") {
+    return join12(home, "Library", "Application Support", "Firefox", "Profiles");
+  }
+  if (platform() === "linux") {
+    return join12(home, ".mozilla", "firefox");
+  }
+  if (platform() === "win32") {
+    const appData = process.env.APPDATA;
+    if (!appData)
+      return null;
+    return join12(appData, "Mozilla", "Firefox", "Profiles");
+  }
+  return null;
+}
+function pickFirefoxProfile(profilesRoot, profile) {
+  if (profile) {
+    const candidate2 = join12(profilesRoot, profile, "cookies.sqlite");
+    return existsSync15(candidate2) ? candidate2 : null;
+  }
+  const entries = readdirSync4(profilesRoot, { withFileTypes: true });
+  const defaultRelease = entries.find((e) => e.isDirectory() && e.name.includes("default-release"));
+  const targetDir = defaultRelease?.name ?? entries.find((e) => e.isDirectory())?.name;
+  if (!targetDir)
+    return null;
+  const candidate = join12(profilesRoot, targetDir, "cookies.sqlite");
+  return existsSync15(candidate) ? candidate : null;
+}
+function getFirefoxCookiesPath(profile) {
+  const profilesRoot = getFirefoxProfilesRoot();
+  if (!profilesRoot || !existsSync15(profilesRoot))
+    return null;
+  return pickFirefoxProfile(profilesRoot, profile);
+}
+function getChromiumKeychainServiceName(opts) {
+  if (opts?.safeStorageService)
+    return opts.safeStorageService;
+  return `${opts?.browserName || "Chrome"} Safe Storage`;
+}
+function getChromiumDecryptionKey(opts) {
+  const service = getChromiumKeychainServiceName(opts);
+  const cached = _chromiumKeyCache.get(service);
+  if (cached)
+    return cached;
+  if (platform() !== "darwin")
+    return null;
+  try {
+    const keyOutput = execFileSync4("security", ["find-generic-password", "-s", service, "-w"], { encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] }).trim();
+    if (!keyOutput)
+      return null;
+    const derived = pbkdf2Sync(keyOutput, "saltysalt", 1003, 16, "sha1");
+    _chromiumKeyCache.set(service, derived);
+    return derived;
+  } catch {
+    return null;
+  }
+}
+function decryptChromiumValue(encryptedHex, opts) {
+  try {
+    const buf = Buffer.from(encryptedHex, "hex");
+    if (buf.length < 4)
+      return null;
+    const version = buf.subarray(0, 3).toString("utf8");
+    if (version !== "v10" && version !== "v11") {
+      return buf.toString("utf8");
+    }
+    const key = getChromiumDecryptionKey(opts);
+    if (!key)
+      return null;
+    const payload = buf.subarray(3);
+    if (payload.length >= 48) {
+      try {
+        const iv2 = payload.subarray(16, 32);
+        const encrypted = payload.subarray(32);
+        const decipher2 = createDecipheriv("aes-128-cbc", key, iv2);
+        decipher2.setAutoPadding(true);
+        const decrypted2 = Buffer.concat([decipher2.update(encrypted), decipher2.final()]);
+        const val = decrypted2.toString("utf8").replace(/[^\x20-\x7E]/g, "");
+        if (val.length > 0)
+          return val;
+      } catch {}
+    }
+    const iv = Buffer.alloc(16, 32);
+    const decipher = createDecipheriv("aes-128-cbc", key, iv);
+    decipher.setAutoPadding(true);
+    const decrypted = Buffer.concat([decipher.update(payload), decipher.final()]);
+    return decrypted.toString("utf8").replace(/[^\x20-\x7E]/g, "");
+  } catch {
+    return null;
+  }
+}
+function decodeChromiumCookieValue(rawValue, encryptedHex, opts) {
+  if (rawValue)
+    return rawValue;
+  if (!encryptedHex)
+    return null;
+  return decryptChromiumValue(encryptedHex, opts);
+}
+function withTempCopy(dbPath, fn) {
+  const tempDir = mkdtempSync(join12(tmpdir(), "unbrowse-cookies-"));
+  const tempDb = join12(tempDir, "cookies.db");
+  try {
+    copyFileSync(dbPath, tempDb);
+    for (const ext of ["-wal", "-shm"]) {
+      const src = dbPath + ext;
+      if (existsSync15(src))
+        copyFileSync(src, tempDb + ext);
+    }
+    return fn(tempDb);
+  } finally {
+    try {
+      rmSync(tempDir, { recursive: true, force: true });
+    } catch {}
+  }
+}
+function sqliteQuery(dbPath, sql) {
+  return execFileSync4("sqlite3", ["-separator", "|", dbPath, sql], {
+    encoding: "utf8",
+    maxBuffer: 4 * 1024 * 1024
+  }).trim();
+}
+function buildDomainWhereClause(domain, column) {
+  const reg = getRegistrableDomain(domain);
+  const variants = new Set([
+    reg,
+    `.${reg}`,
+    domain,
+    `.${domain}`,
+    `www.${reg}`,
+    `.www.${reg}`
+  ]);
+  for (const d of variants) {
+    if (d.includes("'"))
+      throw new Error(`Invalid domain for cookie query: ${d}`);
+  }
+  const escaped = [...variants].map((d) => `'${d}'`);
+  const likeReg = reg.includes("'") ? reg : reg;
+  const likePattern = `'%.${likeReg}'`;
+  return `(${column} IN (${escaped.join(", ")}) OR ${column} LIKE ${likePattern})`;
+}
+function extractFromChrome(domain, opts) {
+  return extractFromChromium(domain, {
+    profile: opts?.profile,
+    browserName: "Chrome"
+  });
+}
+function extractFromChromium(domain, opts) {
+  const warnings = [];
+  const dbPath = resolveChromiumCookiesPath(opts);
+  const sourceLabel = opts?.browserName || "Chromium";
+  if (!dbPath || !existsSync15(dbPath)) {
+    warnings.push(`${sourceLabel} cookies DB not found${dbPath ? ` at ${dbPath}` : ""}`);
+    return { cookies: [], source: null, warnings };
+  }
+  try {
+    const cookies = withTempCopy(dbPath, (tempDb) => {
+      const where = buildDomainWhereClause(domain, "host_key");
+      const sql = `SELECT name, value, hex(encrypted_value) as ev, host_key, path, is_secure, is_httponly, samesite, expires_utc FROM cookies WHERE ${where};`;
+      const rows = sqliteQuery(tempDb, sql);
+      if (!rows)
+        return [];
+      const results = [];
+      for (const line of rows.split(`
+`)) {
+        const parts = line.split("|");
+        if (parts.length < 9)
+          continue;
+        const [name, rawValue, encHex, host, cookiePath, secure, httpOnly, sameSite, expiresUtc] = parts;
+        const value = decodeChromiumCookieValue(rawValue, encHex, opts);
+        if (!value)
+          continue;
+        results.push({
+          name,
+          value,
+          domain: host,
+          path: cookiePath || "/",
+          secure: secure === "1",
+          httpOnly: httpOnly === "1",
+          sameSite: sameSite === "0" ? "None" : sameSite === "1" ? "Lax" : "Strict",
+          expires: expiresUtc === "0" ? -1 : Math.floor((Number(expiresUtc) - 11644473600000000) / 1e6)
+        });
+      }
+      return results;
+    });
+    const source = opts?.cookieDbPath ? `${sourceLabel} cookie DB "${dbPath}"` : opts?.userDataDir ? `${sourceLabel} user data "${opts.userDataDir}"${opts.profile ? ` profile "${opts.profile}"` : ""}` : opts?.profile ? `${sourceLabel} profile "${opts.profile}"` : `${sourceLabel} default profile`;
+    if (cookies.length === 0) {
+      warnings.push(`No cookies for ${domain} found in ${source}`);
+    }
+    log("auth", `extracted ${cookies.length} cookies for ${domain} from ${source}`);
+    return { cookies, source: cookies.length > 0 ? source : null, warnings };
+  } catch (err) {
+    warnings.push(`${sourceLabel} extraction failed: ${err instanceof Error ? err.message : err}`);
+    return { cookies: [], source: null, warnings };
+  }
+}
+function extractFromFirefox(domain, opts) {
+  const warnings = [];
+  const dbPath = getFirefoxCookiesPath(opts?.profile);
+  if (!dbPath) {
+    warnings.push("Firefox cookies DB not found");
+    return { cookies: [], source: null, warnings };
+  }
+  try {
+    const cookies = withTempCopy(dbPath, (tempDb) => {
+      const where = buildDomainWhereClause(domain, "host");
+      const sql = `SELECT name, value, host, path, isSecure, isHttpOnly, sameSite, expiry FROM moz_cookies WHERE ${where};`;
+      const rows = sqliteQuery(tempDb, sql);
+      if (!rows)
+        return [];
+      const results = [];
+      for (const line of rows.split(`
+`)) {
+        const parts = line.split("|");
+        if (parts.length < 8)
+          continue;
+        const [name, value, host, cookiePath, secure, httpOnly, sameSite, expiry] = parts;
+        if (!name || !value)
+          continue;
+        results.push({
+          name,
+          value,
+          domain: host,
+          path: cookiePath || "/",
+          secure: secure === "1",
+          httpOnly: httpOnly === "1",
+          sameSite: sameSite === "0" ? "None" : sameSite === "1" ? "Lax" : "Strict",
+          expires: Number(expiry) || -1
+        });
+      }
+      return results;
+    });
+    const source = opts?.profile ? `Firefox profile "${opts.profile}"` : "Firefox default profile";
+    if (cookies.length === 0) {
+      warnings.push(`No cookies for ${domain} found in ${source}`);
+    }
+    log("auth", `extracted ${cookies.length} cookies for ${domain} from ${source}`);
+    return { cookies, source: cookies.length > 0 ? source : null, warnings };
+  } catch (err) {
+    warnings.push(`Firefox extraction failed: ${err instanceof Error ? err.message : err}`);
+    return { cookies: [], source: null, warnings };
+  }
+}
+function extractBrowserCookies(domain, opts) {
+  if (opts?.browser === "firefox") {
+    return extractFromFirefox(domain, { profile: opts.firefoxProfile });
+  }
+  if (opts?.browser === "chrome") {
+    return extractFromChrome(domain, { profile: opts.chromeProfile });
+  }
+  if (opts?.browser === "chromium") {
+    return extractFromChromium(domain, opts.chromium);
+  }
+  const ff = extractFromFirefox(domain, { profile: opts?.firefoxProfile });
+  if (ff.cookies.length > 0)
+    return ff;
+  if (opts?.chromium?.cookieDbPath || opts?.chromium?.userDataDir) {
+    const chromium = extractFromChromium(domain, opts.chromium);
+    chromium.warnings.push(...ff.warnings);
+    return chromium;
+  }
+  const chrome = extractFromChrome(domain, { profile: opts?.chromeProfile });
+  chrome.warnings.push(...ff.warnings);
+  return chrome;
+}
+function scanAllBrowserSessions(domain) {
+  const results = [];
+  const home = homedir7();
+  for (const browser of CHROMIUM_BROWSERS) {
+    const userDataDir = platform() === "darwin" ? join12(home, "Library", "Application Support", browser.macPath) : platform() === "win32" ? join12(process.env.LOCALAPPDATA ?? join12(home, "AppData", "Local"), browser.macPath, "User Data") : join12(home, ".config", browser.macPath.toLowerCase());
+    if (!existsSync15(userDataDir))
+      continue;
+    try {
+      const result = extractFromChromium(domain, {
+        userDataDir,
+        browserName: browser.name
+      });
+      if (result.cookies.length > 0) {
+        const sessionCookies = result.cookies.filter((c) => c.httpOnly || c.secure).length;
+        results.push({
+          browser: browser.name,
+          cookies: result.cookies,
+          sessionCookies,
+          source: result.source
+        });
+      }
+    } catch {}
+  }
+  try {
+    const ff = extractFromFirefox(domain);
+    if (ff.cookies.length > 0) {
+      const sessionCookies = ff.cookies.filter((c) => c.httpOnly || c.secure).length;
+      results.push({
+        browser: "Firefox",
+        cookies: ff.cookies,
+        sessionCookies,
+        source: ff.source
+      });
+    }
+  } catch {}
+  results.sort((a, b) => b.sessionCookies - a.sessionCookies);
+  return results;
+}
+function findBestBrowserSession(domain) {
+  const sessions = scanAllBrowserSessions(domain);
+  return sessions[0] ?? null;
+}
+var _chromiumKeyCache, CHROMIUM_BROWSERS;
+var init_browser_cookies = __esm(() => {
+  init_logger();
+  init_domain();
+  _chromiumKeyCache = new Map;
+  CHROMIUM_BROWSERS = [
+    { name: "Chrome", macPath: "Google/Chrome" },
+    { name: "Arc", macPath: "Arc/User Data" },
+    { name: "Brave", macPath: "BraveSoftware/Brave-Browser" },
+    { name: "Edge", macPath: "Microsoft Edge" },
+    { name: "Vivaldi", macPath: "Vivaldi" },
+    { name: "Opera", macPath: "com.operasoftware.Opera" },
+    { name: "Dia", macPath: "Dia/User Data" },
+    { name: "Chromium", macPath: "Chromium" }
+  ];
+});
 // ../../src/cli.ts
 import { config as loadEnv } from "dotenv";
 import { spawn as spawn3 } from "child_process";
@@ -3662,50 +4230,7 @@ async function cmdExecute(flags) {
     }
   });
   if (flags.curl) {
-    const endpointId = typeof flags.endpoint === "string" ? flags.endpoint : undefined;
-    if (!endpointId)
-      die("--curl requires --endpoint");
-    const skill = await api2("GET", `/v1/skills/${skillId}`);
-    const ep = (skill.endpoints ?? []).find((e) => e.endpoint_id === endpointId);
-    if (!ep)
-      die(`Endpoint ${endpointId} not found`);
-    let method = ep.method ?? "GET";
-    let url = ep.url_template;
-    let headers = { ...ep.headers_template ?? {} };
-    let body = ep.body;
-    try {
-      const preview = await api2("GET", `/v1/skills/${skillId}/request-preview/${endpointId}`);
-      if (preview.headers)
-        headers = preview.headers;
-      if (preview.body)
-        body = preview.body;
-      if (preview.url)
-        url = preview.url;
-      if (preview.method)
-        method = preview.method;
-    } catch {}
-    const parts = ["curl"];
-    if (method !== "GET")
-      parts.push(`-X ${method}`);
-    parts.push(`'${url}'`);
-    for (const [k, v] of Object.entries(headers)) {
-      if (/^(newrelic|traceparent|tracestate)$/i.test(k))
-        continue;
-      parts.push(`-H '${k}: ${v}'`);
-    }
-    if (body) {
-      if (!headers["content-type"] && !headers["Content-Type"])
-        parts.push(`-H 'Content-Type: application/json'`);
-      parts.push(`-d '${JSON.stringify(body)}'`);
-    }
-    output({
-      curl: parts.join(" \\\n  "),
-      endpoint_id: endpointId,
-      method,
-      url,
-      ...body ? { body } : {},
-      headers
-    }, !!flags.pretty);
+    die("--curl has been removed. Use `unbrowse execute` to run endpoints through Unbrowse.");
     return;
   }
   try {
@@ -4149,7 +4674,9 @@ var CLI_REFERENCE = {
     { name: "forward", usage: "[--session id]", desc: "Navigate forward" },
     { name: "sync", usage: "[--session id]", desc: "Checkpoint current capture, keep tab open, queue background index + publish, then inspect via skill/publish review" },
     { name: "close", usage: "[--session id]", desc: "Checkpoint capture, queue background index + publish, close browse session, then inspect via skill/publish review" },
-    { name: "stats", usage: "[--json] [--pretty]", desc: "Show lifetime time/tokens/cost saved and marketplace earnings/spending" }
+    { name: "stats", usage: "[--json] [--pretty]", desc: "Show lifetime time/tokens/cost saved and marketplace earnings/spending" },
+    { name: "corpus-test", usage: "--url <url> [--id <id>] [--retries N]", desc: "Capture a single URL with retry logic; keeps best result across N attempts" },
+    { name: "corpus-run", usage: "--corpus <file> --out <file> [--retries N]", desc: "Run corpus-test over all cases in a corpus JSON file and write a comparable snapshot" }
   ],
   globalFlags: [
     { flag: "--pretty", desc: "Indented JSON output" },
@@ -4166,7 +4693,6 @@ var CLI_REFERENCE = {
     { flag: "--limit N", desc: "Cap array output to N items" },
     { flag: "--endpoint-id ID", desc: "Pick a specific endpoint" },
     { flag: "--dry-run", desc: "Preview mutations" },
-    { flag: "--curl", desc: "Output the captured request as a curl command (no execution)" },
     { flag: "--params '{...}'", desc: "Extra params as JSON" }
   ],
   examples: [
@@ -4664,8 +5190,270 @@ async function cmdSync(flags) {
 async function cmdClose(flags) {
   output(await api2("POST", "/v1/browse/close", typeof flags.session === "string" ? { session_id: flags.session } : undefined), false);
 }
+async function cmdLoginAuto(flags) {
+  const url = flags.url;
+  if (!url)
+    return die("--url is required");
+  const domain = (() => {
+    try {
+      return new URL(url).hostname.replace(/^www\./, "");
+    } catch {
+      return url;
+    }
+  })();
+  info(`[login-auto] creating agent email for ${domain}...`);
+  const { autonomousEmailLogin: autonomousEmailLogin2 } = await Promise.resolve().then(() => (init_agent_mail(), exports_agent_mail));
+  const session = await autonomousEmailLogin2(domain);
+  info(`[login-auto] agent email: ${session.email}`);
+  info(`[login-auto] use this email to register/login on ${domain}`);
+  info(`[login-auto] then run: unbrowse login-auto --url ${url} --wait-otp`);
+  info(`[login-auto]    or:    unbrowse login-auto --url ${url} --wait-link`);
+  if (flags["wait-otp"]) {
+    info(`[login-auto] waiting for OTP email from ${domain}...`);
+    const otp = await session.waitForOtp();
+    if (otp) {
+      info(`[login-auto] OTP received: ${otp}`);
+      output({ email: session.email, otp, domain });
+    } else {
+      info(`[login-auto] no OTP received within 90 seconds`);
+      output({ email: session.email, otp: null, domain, error: "timeout" });
+    }
+    return;
+  }
+  if (flags["wait-link"]) {
+    info(`[login-auto] waiting for verification link from ${domain}...`);
+    const link = await session.waitForLink();
+    if (link) {
+      info(`[login-auto] verification link: ${link}`);
+      output({ email: session.email, link, domain });
+    } else {
+      info(`[login-auto] no verification email within 90 seconds`);
+      output({ email: session.email, link: null, domain, error: "timeout" });
+    }
+    return;
+  }
+  output({ email: session.email, inbox_id: session.inboxId, domain });
+}
+async function cmdSessionsScan(flags) {
+  const domain = flags.domain;
+  const { scanAllBrowserSessions: scanAllBrowserSessions2, findBestBrowserSession: findBestBrowserSession2 } = await Promise.resolve().then(() => (init_browser_cookies(), exports_browser_cookies));
+  const { execFileSync: execFileSync5, existsSync: existsSync16 } = await import("./cli-imports.js").catch(() => ({ execFileSync: __require("child_process").execFileSync, existsSync: __require("fs").existsSync }));
+  if (domain) {
+    const sessions = scanAllBrowserSessions2(domain);
+    if (sessions.length === 0) {
+      info(`No browser has a session for ${domain}`);
+      output({ domain, sessions: [], best: null });
+      return;
+    }
+    const best = sessions[0];
+    info(`Best session for ${domain}: ${best.browser} (${best.sessionCookies} session cookies)`);
+    output({
+      domain,
+      sessions: sessions.map((s) => ({
+        browser: s.browser,
+        cookies: s.cookies.length,
+        session_cookies: s.sessionCookies
+      })),
+      best: { browser: best.browser, session_cookies: best.sessionCookies }
+    });
+    return;
+  }
+  const home = __require("os").homedir();
+  const { join: join13 } = __require("path");
+  const browsers = [
+    { name: "Chrome", path: join13(home, "Library/Application Support/Google/Chrome/Default/Cookies") },
+    { name: "Dia", path: join13(home, "Library/Application Support/Dia/User Data/Default/Cookies") },
+    { name: "Arc", path: join13(home, "Library/Application Support/Arc/User Data/Default/Cookies") },
+    { name: "Brave", path: join13(home, "Library/Application Support/BraveSoftware/Brave-Browser/Default/Cookies") },
+    { name: "Edge", path: join13(home, "Library/Application Support/Microsoft Edge/Default/Cookies") }
+  ];
+  const allSessions = [];
+  for (const b of browsers) {
+    if (!__require("fs").existsSync(b.path))
+      continue;
+    try {
+      const tmp = `/tmp/unbrowse-scan-${b.name}.db`;
+      __require("child_process").execFileSync("cp", [b.path, tmp]);
+      const result = __require("child_process").execFileSync("sqlite3", [
+        tmp,
+        `SELECT host_key, COUNT(*) as c FROM cookies WHERE is_httponly=1 OR is_secure=1 GROUP BY host_key HAVING c >= 2 ORDER BY c DESC LIMIT 50;`
+      ], { encoding: "utf8" });
+      for (const line of result.trim().split(`
+`)) {
+        if (!line)
+          continue;
+        const [d, count] = line.split("|");
+        if (/google|facebook|doubleclick|rubiconproject|demdex|hcaptcha|protechts/.test(d))
+          continue;
+        allSessions.push({ browser: b.name, domain: d, session_cookies: parseInt(count) || 0 });
+      }
+      __require("child_process").execFileSync("rm", [tmp]);
+    } catch {}
+  }
+  const byDomain = new Map;
+  for (const s of allSessions) {
+    const existing = byDomain.get(s.domain);
+    if (!existing || s.session_cookies > existing.session_cookies) {
+      byDomain.set(s.domain, s);
+    }
+  }
+  const sorted = [...byDomain.values()].sort((a, b) => b.session_cookies - a.session_cookies);
+  info(`Found ${sorted.length} logged-in domains across ${browsers.filter((b) => __require("fs").existsSync(b.path)).length} browsers`);
+  output({ sessions: sorted.slice(0, 30) });
+}
+async function captureOnce(url) {
+  try {
+    const goResult = await api2("POST", "/v1/browse/go", { url });
+    if (goResult.error) {
+      return { capture: "error", endpoints: 0, requests: 0, error: String(goResult.error) };
+    }
+    await new Promise((r) => setTimeout(r, 6000));
+    const closeResult = await api2("POST", "/v1/browse/close", {});
+    if (closeResult.error) {
+      return { capture: "error", endpoints: 0, requests: 0, error: String(closeResult.error) };
+    }
+    return {
+      capture: "ok",
+      endpoints: closeResult.endpoint_count ?? 0,
+      requests: closeResult.request_count ?? 0,
+      raw: closeResult
+    };
+  } catch (err) {
+    return { capture: "error", endpoints: 0, requests: 0, error: err.message };
+  }
+}
+async function cmdCorpusTest(flags) {
+  const url = flags.url;
+  if (!url)
+    die("--url is required for corpus-test");
+  const id = flags.id || new URL(url).hostname;
+  const retries = flags.retries ? parseInt(flags.retries, 10) : 3;
+  let best = { capture: "error", endpoints: 0, requests: 0 };
+  let attempts = 0;
+  for (let attempt = 0;attempt < retries; attempt++) {
+    attempts++;
+    info(`corpus-test [${id}] attempt ${attempt + 1}/${retries}`);
+    const result = await captureOnce(url);
+    if (result.endpoints > best.endpoints)
+      best = result;
+    if (best.endpoints > 0)
+      break;
+    if (attempt < retries - 1) {
+      try {
+        spawn3("pkill", ["-9", "-f", "kuri|chrome-profile"], { stdio: "ignore" });
+      } catch {}
+      await new Promise((r) => setTimeout(r, 2000));
+    }
+  }
+  output({
+    id,
+    url,
+    capture: best.capture,
+    endpoints: best.endpoints,
+    requests: best.requests,
+    attempts,
+    best_of: retries,
+    ...best.error ? { error: best.error } : {}
+  }, !!flags.pretty);
+}
+async function cmdCorpusRun(flags) {
+  const corpusPath = flags.corpus;
+  const outPath = flags.out;
+  if (!corpusPath)
+    die("--corpus is required for corpus-run");
+  if (!outPath)
+    die("--out is required for corpus-run");
+  const retries = flags.retries ? parseInt(flags.retries, 10) : 3;
+  let corpus;
+  try {
+    const raw = __require("fs").readFileSync(corpusPath, "utf-8");
+    corpus = JSON.parse(raw);
+  } catch (err) {
+    die(`Failed to read corpus file: ${err.message}`);
+  }
+  if (!Array.isArray(corpus.cases) || corpus.cases.length === 0) {
+    die("Corpus file must have a non-empty 'cases' array");
+  }
+  let gitSha = "unknown";
+  try {
+    const { execSync: execSync3 } = __require("child_process");
+    gitSha = execSync3("git rev-parse --short HEAD", { encoding: "utf-8" }).trim();
+  } catch {}
+  const startTime = Date.now();
+  const results = [];
+  info(`corpus-run: ${corpus.cases.length} cases, retries=${retries}`);
+  for (const c of corpus.cases) {
+    const caseId = c.id || new URL(c.url).hostname;
+    info(`corpus-run [${caseId}] starting`);
+    try {
+      spawn3("pkill", ["-9", "-f", "kuri|chrome-profile"], { stdio: "ignore" });
+    } catch {}
+    await new Promise((r) => setTimeout(r, 1500));
+    let best = { capture: "error", endpoints: 0, requests: 0 };
+    let attempts = 0;
+    for (let attempt = 0;attempt < retries; attempt++) {
+      attempts++;
+      const result = await captureOnce(c.url);
+      if (result.endpoints > best.endpoints)
+        best = result;
+      if (best.endpoints > 0)
+        break;
+      if (attempt < retries - 1) {
+        try {
+          spawn3("pkill", ["-9", "-f", "kuri|chrome-profile"], { stdio: "ignore" });
+        } catch {}
+        await new Promise((r) => setTimeout(r, 2000));
+      }
+    }
+    let resolveEndpoints = 0;
+    if (best.capture === "ok" && best.endpoints > 0) {
+      try {
+        const resolveResult = await api2("GET", "/v1/resolve", {
+          intent: c.intent ?? `get data from ${caseId}`,
+          url: c.url,
+          domain: new URL(c.url).hostname
+        });
+        const endpoints = resolveResult.endpoints ?? resolveResult.results ?? [];
+        resolveEndpoints = Array.isArray(endpoints) ? endpoints.length : 0;
+      } catch {}
+    }
+    const verdict = best.capture === "error" ? "fail" : best.endpoints > 0 ? "pass" : "fail";
+    results.push({
+      id: caseId,
+      capture: best.capture,
+      endpoints: best.endpoints,
+      requests: best.requests,
+      resolve_endpoints: resolveEndpoints,
+      verdict,
+      attempts,
+      notes: best.error ?? ""
+    });
+    const snapshot3 = {
+      git_sha: gitSha,
+      timestamp: new Date().toISOString(),
+      total_runtime_ms: Date.now() - startTime,
+      results
+    };
+    try {
+      __require("fs").writeFileSync(outPath, JSON.stringify(snapshot3, null, 2));
+    } catch {}
+    info(`corpus-run [${caseId}] done: endpoints=${best.endpoints} verdict=${verdict} attempts=${attempts}`);
+  }
+  const totalRuntime = Date.now() - startTime;
+  const pass = results.filter((r) => r.verdict === "pass").length;
+  const fail = results.filter((r) => r.verdict === "fail").length;
+  const snapshot2 = {
+    git_sha: gitSha,
+    timestamp: new Date().toISOString(),
+    total_runtime_ms: totalRuntime,
+    results
+  };
+  __require("fs").writeFileSync(outPath, JSON.stringify(snapshot2, null, 2));
+  info(`corpus-run complete: ${pass} pass, ${fail} fail of ${results.length} total`);
+  output(snapshot2, !!flags.pretty);
+}
 async function cmdConnectChrome() {
-  const { execSync: execSync2, spawn: spawnProc } = __require("child_process");
+  const { execSync: execSync3, spawn: spawnProc } = __require("child_process");
   try {
     const res = await fetch("http://127.0.0.1:9222/json/version", { signal: AbortSignal.timeout(1000) });
     if (res.ok) {
@@ -4678,16 +5466,16 @@ async function cmdConnectChrome() {
     }
   } catch {}
   try {
-    execSync2("pkill -f kuri/chrome-profile", { stdio: "ignore" });
+    execSync3("pkill -f kuri/chrome-profile", { stdio: "ignore" });
   } catch {}
   console.log("Quitting Chrome to relaunch with remote debugging...");
   if (process.platform === "darwin") {
     try {
-      execSync2('osascript -e "quit app \\"Google Chrome\\""', { stdio: "ignore", timeout: 5000 });
+      execSync3('osascript -e "quit app \\"Google Chrome\\""', { stdio: "ignore", timeout: 5000 });
     } catch {}
   } else {
     try {
-      execSync2("pkill -f chrome", { stdio: "ignore" });
+      execSync3("pkill -f chrome", { stdio: "ignore" });
     } catch {}
   }
   await new Promise((r) => setTimeout(r, 2000));
@@ -4739,6 +5527,10 @@ async function main() {
     return cmdConnectChrome();
   if (command === "stats")
     return cmdStats(flags);
+  if (command === "sessions-scan")
+    return cmdSessionsScan(flags);
+  if (command === "login-auto")
+    return cmdLoginAuto(flags);
   const KNOWN_COMMANDS = new Set([
     "health",
     "mcp",
@@ -4784,7 +5576,12 @@ async function main() {
     "sync",
     "close",
     "connect-chrome",
-    "stats"
+    "stats",
+    "corpus-test",
+    "corpus-run",
+    "sessions-scan",
+    "cache-clear",
+    "login-auto"
   ]);
   if (!KNOWN_COMMANDS.has(command)) {
     const pack = findSitePack(command);
@@ -4884,6 +5681,14 @@ async function main() {
       return cmdConnectChrome();
     case "stats":
       return cmdStats(flags);
+    case "corpus-test":
+      return cmdCorpusTest(flags);
+    case "corpus-run":
+      return cmdCorpusRun(flags);
+    case "sessions-scan":
+      return cmdSessionsScan(flags);
+    case "login-auto":
+      return cmdLoginAuto(flags);
     default:
       info(`Unknown command: ${command}`);
       printHelp();