unbrowse 3.4.1 → 3.5.0-preview.1

package/dist/cli.js

@@ -31,7 +31,7 @@ var __promiseAll = (args) => Promise.all(args);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // ../../src/build-info.generated.ts
-var BUILD_RELEASE_VERSION = "3.4.1", BUILD_GIT_SHA = "7b0ee7aec348", BUILD_CODE_HASH = "3d7c45796360", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiMy40LjEiLCJnaXRfc2hhIjoiN2IwZWU3YWVjMzQ4IiwiY29kZV9oYXNoIjoiM2Q3YzQ1Nzk2MzYwIiwidHJhY2VfdmVyc2lvbiI6IjNkN2M0NTc5NjM2MEA3YjBlZTdhZWMzNDgiLCJpc3N1ZWRfYXQiOiIyMDI2LTA0LTA5VDAzOjI3OjIyLjg5MFoifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "Z2fi5XpHHBZygM_Fc14sq2nq-qXEwAxU6uzgqQSD7Ew", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai";
+var BUILD_RELEASE_VERSION = "3.5.0-preview.1", BUILD_GIT_SHA = "98686464d176", BUILD_CODE_HASH = "6712fc4b9fea", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiMy41LjAtcHJldmlldy4xIiwiZ2l0X3NoYSI6Ijk4Njg2NDY0ZDE3NiIsImNvZGVfaGFzaCI6IjY3MTJmYzRiOWZlYSIsInRyYWNlX3ZlcnNpb24iOiI2NzEyZmM0YjlmZWFAOTg2ODY0NjRkMTc2IiwiaXNzdWVkX2F0IjoiMjAyNi0wNC0wOVQxNDowNzoyOC40OTBaIn0", BUILD_RELEASE_MANIFEST_SIGNATURE = "3tfUGHc_qHJwOqJwMh4HuRaGiV99sjiiXCIC8B2DV3A", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai";
 
 // ../../src/version.ts
 import { createHash } from "crypto";
@@ -519,7 +519,17 @@ var init_marketplace = __esm(() => {
 });
 
 // ../../src/domain.ts
-var CC_TLDS;
+function getRegistrableDomain(hostname2) {
+  const parts = hostname2.split(".");
+  if (parts.length >= 3) {
+    const lastTwo = parts.slice(-2).join(".");
+    if (CC_TLDS.has(lastTwo) || GEO_TLD_SUFFIXES.has(lastTwo)) {
+      return parts.slice(-3).join(".");
+    }
+  }
+  return parts.slice(-2).join(".");
+}
+var CC_TLDS, GEO_TLD_SUFFIXES;
 var init_domain = __esm(() => {
   CC_TLDS = new Set([
     "co.uk",
@@ -539,6 +549,43 @@ var init_domain = __esm(() => {
     "net.au",
     "org.au"
   ]);
+  GEO_TLD_SUFFIXES = new Set([
+    "com.sg",
+    "com.hk",
+    "com.my",
+    "com.ph",
+    "com.vn",
+    "com.id",
+    "com.th",
+    "com.np",
+    "com.pk",
+    "com.bd",
+    "com.lk",
+    "com.mm",
+    "com.kh",
+    "com.eg",
+    "com.sa",
+    "com.qa",
+    "com.ae",
+    "com.kw",
+    "com.jo",
+    "com.lb",
+    "com.bh",
+    "com.om",
+    "com.iq",
+    "co.id",
+    "co.th",
+    "co.nz",
+    "co.jp",
+    "co.kr",
+    "co.in",
+    "co.uk",
+    "co.za",
+    "co.zw",
+    "co.ke",
+    "co.tz",
+    "co.ug"
+  ]);
 });
 
 // ../../src/publish-admission.ts
@@ -1013,10 +1060,53 @@ var init_robots = __esm(() => {
 });
 
 // ../../src/site-policy.ts
-var MUTATION_METHODS;
+var MUTATION_METHODS, KNOWN_SESSION_BOUND_PARAMS;
 var init_site_policy = __esm(() => {
   init_domain();
   MUTATION_METHODS = new Set(["POST", "PUT", "PATCH", "DELETE"]);
+  KNOWN_SESSION_BOUND_PARAMS = new Set([
+    "device_id",
+    "WebIdLastTime",
+    "browser_version",
+    "browser_name",
+    "browser_language",
+    "browser_platform",
+    "browser_online",
+    "os",
+    "os_version",
+    "device_platform",
+    "channel",
+    "app_id",
+    "app_name",
+    "app_version",
+    "fp",
+    "msToken",
+    "tt_webid",
+    "tt_webid_v2",
+    "verifyFp",
+    "X-Bogus",
+    "_signature",
+    "aid",
+    "biz_trace_id",
+    "clientABVersions",
+    "coverFormat",
+    "webcast_sdk_version",
+    "live_id",
+    "enter_from",
+    "enter_method",
+    "from_source",
+    "screen_width",
+    "screen_height",
+    "history_len",
+    "is_fullscreen",
+    "is_page_visible",
+    "focus_state",
+    "is_night_mode",
+    "cookie_enabled",
+    "timezone_name",
+    "timezone_offset",
+    "uid"
+  ]);
 });
 
 // ../../src/workflow/compile.ts
@@ -1376,6 +1466,484 @@ function checkWalletConfigured2() {
 }
 var init_wallet2 = () => {};
 
+// ../../src/auth/agent-mail.ts
+var exports_agent_mail = {};
+__export(exports_agent_mail, {
+  waitForVerificationEmail: () => waitForVerificationEmail,
+  getOrCreateSiteInbox: () => getOrCreateSiteInbox,
+  extractVerificationLink: () => extractVerificationLink,
+  extractOtpFromEmail: () => extractOtpFromEmail,
+  autonomousEmailLogin: () => autonomousEmailLogin
+});
+async function amFetch(method, path9, body) {
+  const res = await fetch(`${AGENTMAIL_API}${path9}`, {
+    method,
+    headers: {
+      Authorization: `Bearer ${AGENTMAIL_KEY}`,
+      "Content-Type": "application/json"
+    },
+    ...body ? { body: JSON.stringify(body) } : {}
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`AgentMail ${method} ${path9}: ${res.status} ${text}`);
+  }
+  return res.json();
+}
+async function getOrCreateSiteInbox(domain) {
+  const safeDomain = domain.replace(/[^a-z0-9-]/gi, "-").toLowerCase();
+  const username = `unbrowse-${safeDomain}`;
+  const clientId = `unbrowse-login-${safeDomain}`;
+  try {
+    const inbox = await amFetch("POST", "/inboxes", {
+      username,
+      domain: "agentmail.to",
+      display_name: `Unbrowse Agent - ${domain}`,
+      client_id: clientId
+    });
+    return inbox;
+  } catch {
+    const email = `${username}@agentmail.to`;
+    try {
+      const inbox = await amFetch("GET", `/inboxes/${encodeURIComponent(email)}`);
+      return inbox;
+    } catch {
+      return { inbox_id: "unbrowse-agent@agentmail.to", email: "unbrowse-agent@agentmail.to" };
+    }
+  }
+}
+async function waitForVerificationEmail(inboxId, fromDomain, timeoutMs = 60000) {
+  const start2 = Date.now();
+  const pollInterval = 3000;
+  while (Date.now() - start2 < timeoutMs) {
+    const data = await amFetch("GET", `/inboxes/${encodeURIComponent(inboxId)}/messages?limit=5&labels=unread`);
+    for (const msg of data.messages ?? []) {
+      if (msg.from?.toLowerCase().includes(fromDomain.toLowerCase())) {
+        return {
+          subject: msg.subject ?? "",
+          text: msg.extractedText ?? msg.text ?? "",
+          html: msg.extractedHtml ?? msg.html ?? ""
+        };
+      }
+    }
+    await new Promise((r) => setTimeout(r, pollInterval));
+  }
+  return null;
+}
+function extractOtpFromEmail(text) {
+  const six = text.match(/\b(\d{6})\b/);
+  if (six)
+    return six[1];
+  const four = text.match(/\b(\d{4})\b/);
+  if (four)
+    return four[1];
+  const codeIs = text.match(/code[:\s]+(\w{4,8})/i);
+  if (codeIs)
+    return codeIs[1];
+  return null;
+}
+function extractVerificationLink(text, html) {
+  const htmlLink = html.match(/href="(https?:\/\/[^"]*(?:verify|confirm|activate|magic|token|auth)[^"]*)"/i);
+  if (htmlLink)
+    return htmlLink[1];
+  const textLink = text.match(/(https?:\/\/\S*(?:verify|confirm|activate|magic|token|auth)\S*)/i);
+  if (textLink)
+    return textLink[1];
+  const anyLink = text.match(/(https?:\/\/\S+)/);
+  if (anyLink)
+    return anyLink[1];
+  return null;
+}
+async function autonomousEmailLogin(domain) {
+  const inbox = await getOrCreateSiteInbox(domain);
+  return {
+    email: inbox.email,
+    inboxId: inbox.inbox_id,
+    waitForOtp: async () => {
+      const email = await waitForVerificationEmail(inbox.inbox_id, domain, 90000);
+      if (!email)
+        return null;
+      return extractOtpFromEmail(email.text);
+    },
+    waitForLink: async () => {
+      const email = await waitForVerificationEmail(inbox.inbox_id, domain, 90000);
+      if (!email)
+        return null;
+      return extractVerificationLink(email.text, email.html);
+    }
+  };
+}
+var AGENTMAIL_API = "https://api.agentmail.to", AGENTMAIL_KEY;
+var init_agent_mail = __esm(() => {
+  AGENTMAIL_KEY = process.env.AGENTMAIL_API_KEY ?? "";
+});
+
+// ../../src/auth/browser-cookies.ts
+var exports_browser_cookies = {};
+__export(exports_browser_cookies, {
+  scanAllBrowserSessions: () => scanAllBrowserSessions,
+  resolveChromiumCookiesPath: () => resolveChromiumCookiesPath,
+  findBestBrowserSession: () => findBestBrowserSession,
+  extractFromFirefox: () => extractFromFirefox,
+  extractFromChromium: () => extractFromChromium,
+  extractFromChrome: () => extractFromChrome,
+  extractBrowserCookies: () => extractBrowserCookies,
+  decodeChromiumCookieValue: () => decodeChromiumCookieValue
+});
+import { execFileSync as execFileSync4 } from "node:child_process";
+import { createDecipheriv, pbkdf2Sync } from "node:crypto";
+import { copyFileSync, existsSync as existsSync15, mkdtempSync, readdirSync as readdirSync4, rmSync } from "node:fs";
+import { tmpdir, homedir as homedir7, platform } from "node:os";
+import { join as join12 } from "node:path";
+function getChromeUserDataDir() {
+  const home = homedir7();
+  if (platform() === "darwin") {
+    return join12(home, "Library", "Application Support", "Google", "Chrome");
+  }
+  if (platform() === "win32") {
+    const appData = process.env.LOCALAPPDATA ?? join12(home, "AppData", "Local");
+    return join12(appData, "Google", "Chrome", "User Data");
+  }
+  return join12(home, ".config", "google-chrome");
+}
+function resolveChromiumCookiesPath(opts) {
+  if (opts?.cookieDbPath) {
+    return opts.cookieDbPath.replace(/^~\//, homedir7() + "/");
+  }
+  const profileDir = opts?.profile || "Default";
+  const userDataDir = (opts?.userDataDir || getChromeUserDataDir()).replace(/^~\//, homedir7() + "/");
+  const candidates = [
+    join12(userDataDir, profileDir, "Network", "Cookies"),
+    join12(userDataDir, profileDir, "Cookies"),
+    join12(userDataDir, "Network", "Cookies"),
+    join12(userDataDir, "Cookies")
+  ];
+  return candidates.find((candidate) => existsSync15(candidate)) ?? candidates[0] ?? null;
+}
+function getFirefoxProfilesRoot() {
+  const home = homedir7();
+  if (platform() === "darwin") {
+    return join12(home, "Library", "Application Support", "Firefox", "Profiles");
+  }
+  if (platform() === "linux") {
+    return join12(home, ".mozilla", "firefox");
+  }
+  if (platform() === "win32") {
+    const appData = process.env.APPDATA;
+    if (!appData)
+      return null;
+    return join12(appData, "Mozilla", "Firefox", "Profiles");
+  }
+  return null;
+}
+function pickFirefoxProfile(profilesRoot, profile) {
+  if (profile) {
+    const candidate2 = join12(profilesRoot, profile, "cookies.sqlite");
+    return existsSync15(candidate2) ? candidate2 : null;
+  }
+  const entries = readdirSync4(profilesRoot, { withFileTypes: true });
+  const defaultRelease = entries.find((e) => e.isDirectory() && e.name.includes("default-release"));
+  const targetDir = defaultRelease?.name ?? entries.find((e) => e.isDirectory())?.name;
+  if (!targetDir)
+    return null;
+  const candidate = join12(profilesRoot, targetDir, "cookies.sqlite");
+  return existsSync15(candidate) ? candidate : null;
+}
+function getFirefoxCookiesPath(profile) {
+  const profilesRoot = getFirefoxProfilesRoot();
+  if (!profilesRoot || !existsSync15(profilesRoot))
+    return null;
+  return pickFirefoxProfile(profilesRoot, profile);
+}
+function getChromiumKeychainServiceName(opts) {
+  if (opts?.safeStorageService)
+    return opts.safeStorageService;
+  return `${opts?.browserName || "Chrome"} Safe Storage`;
+}
+function getChromiumDecryptionKey(opts) {
+  const service = getChromiumKeychainServiceName(opts);
+  const cached = _chromiumKeyCache.get(service);
+  if (cached)
+    return cached;
+  if (platform() !== "darwin")
+    return null;
+  try {
+    const keyOutput = execFileSync4("security", ["find-generic-password", "-s", service, "-w"], { encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] }).trim();
+    if (!keyOutput)
+      return null;
+    const derived = pbkdf2Sync(keyOutput, "saltysalt", 1003, 16, "sha1");
+    _chromiumKeyCache.set(service, derived);
+    return derived;
+  } catch {
+    return null;
+  }
+}
+function decryptChromiumValue(encryptedHex, opts) {
+  try {
+    const buf = Buffer.from(encryptedHex, "hex");
+    if (buf.length < 4)
+      return null;
+    const version = buf.subarray(0, 3).toString("utf8");
+    if (version !== "v10" && version !== "v11") {
+      return buf.toString("utf8");
+    }
+    const key = getChromiumDecryptionKey(opts);
+    if (!key)
+      return null;
+    const payload = buf.subarray(3);
+    if (payload.length >= 48) {
+      try {
+        const iv2 = payload.subarray(16, 32);
+        const encrypted = payload.subarray(32);
+        const decipher2 = createDecipheriv("aes-128-cbc", key, iv2);
+        decipher2.setAutoPadding(true);
+        const decrypted2 = Buffer.concat([decipher2.update(encrypted), decipher2.final()]);
+        const val = decrypted2.toString("utf8").replace(/[^\x20-\x7E]/g, "");
+        if (val.length > 0)
+          return val;
+      } catch {}
+    }
+    const iv = Buffer.alloc(16, 32);
+    const decipher = createDecipheriv("aes-128-cbc", key, iv);
+    decipher.setAutoPadding(true);
+    const decrypted = Buffer.concat([decipher.update(payload), decipher.final()]);
+    return decrypted.toString("utf8").replace(/[^\x20-\x7E]/g, "");
+  } catch {
+    return null;
+  }
+}
+function decodeChromiumCookieValue(rawValue, encryptedHex, opts) {
+  if (rawValue)
+    return rawValue;
+  if (!encryptedHex)
+    return null;
+  return decryptChromiumValue(encryptedHex, opts);
+}
+function withTempCopy(dbPath, fn) {
+  const tempDir = mkdtempSync(join12(tmpdir(), "unbrowse-cookies-"));
+  const tempDb = join12(tempDir, "cookies.db");
+  try {
+    copyFileSync(dbPath, tempDb);
+    for (const ext of ["-wal", "-shm"]) {
+      const src = dbPath + ext;
+      if (existsSync15(src))
+        copyFileSync(src, tempDb + ext);
+    }
+    return fn(tempDb);
+  } finally {
+    try {
+      rmSync(tempDir, { recursive: true, force: true });
+    } catch {}
+  }
+}
+function sqliteQuery(dbPath, sql) {
+  return execFileSync4("sqlite3", ["-separator", "|", dbPath, sql], {
+    encoding: "utf8",
+    maxBuffer: 4 * 1024 * 1024
+  }).trim();
+}
+function buildDomainWhereClause(domain, column) {
+  const reg = getRegistrableDomain(domain);
+  const variants = new Set([
+    reg,
+    `.${reg}`,
+    domain,
+    `.${domain}`,
+    `www.${reg}`,
+    `.www.${reg}`
+  ]);
+  for (const d of variants) {
+    if (d.includes("'"))
+      throw new Error(`Invalid domain for cookie query: ${d}`);
+  }
+  const escaped = [...variants].map((d) => `'${d}'`);
+  const likeReg = reg.includes("'") ? reg : reg;
+  const likePattern = `'%.${likeReg}'`;
+  return `(${column} IN (${escaped.join(", ")}) OR ${column} LIKE ${likePattern})`;
+}
+function extractFromChrome(domain, opts) {
+  return extractFromChromium(domain, {
+    profile: opts?.profile,
+    browserName: "Chrome"
+  });
+}
+function extractFromChromium(domain, opts) {
+  const warnings = [];
+  const dbPath = resolveChromiumCookiesPath(opts);
+  const sourceLabel = opts?.browserName || "Chromium";
+  if (!dbPath || !existsSync15(dbPath)) {
+    warnings.push(`${sourceLabel} cookies DB not found${dbPath ? ` at ${dbPath}` : ""}`);
+    return { cookies: [], source: null, warnings };
+  }
+  try {
+    const cookies = withTempCopy(dbPath, (tempDb) => {
+      const where = buildDomainWhereClause(domain, "host_key");
+      const sql = `SELECT name, value, hex(encrypted_value) as ev, host_key, path, is_secure, is_httponly, samesite, expires_utc FROM cookies WHERE ${where};`;
+      const rows = sqliteQuery(tempDb, sql);
+      if (!rows)
+        return [];
+      const results = [];
+      for (const line of rows.split(`
+`)) {
+        const parts = line.split("|");
+        if (parts.length < 9)
+          continue;
+        const [name, rawValue, encHex, host, cookiePath, secure, httpOnly, sameSite, expiresUtc] = parts;
+        const value = decodeChromiumCookieValue(rawValue, encHex, opts);
+        if (!value)
+          continue;
+        results.push({
+          name,
+          value,
+          domain: host,
+          path: cookiePath || "/",
+          secure: secure === "1",
+          httpOnly: httpOnly === "1",
+          sameSite: sameSite === "0" ? "None" : sameSite === "1" ? "Lax" : "Strict",
+          expires: expiresUtc === "0" ? -1 : Math.floor((Number(expiresUtc) - 11644473600000000) / 1e6)
+        });
+      }
+      return results;
+    });
+    const source = opts?.cookieDbPath ? `${sourceLabel} cookie DB "${dbPath}"` : opts?.userDataDir ? `${sourceLabel} user data "${opts.userDataDir}"${opts.profile ? ` profile "${opts.profile}"` : ""}` : opts?.profile ? `${sourceLabel} profile "${opts.profile}"` : `${sourceLabel} default profile`;
+    if (cookies.length === 0) {
+      warnings.push(`No cookies for ${domain} found in ${source}`);
+    }
+    log("auth", `extracted ${cookies.length} cookies for ${domain} from ${source}`);
+    return { cookies, source: cookies.length > 0 ? source : null, warnings };
+  } catch (err) {
+    warnings.push(`${sourceLabel} extraction failed: ${err instanceof Error ? err.message : err}`);
+    return { cookies: [], source: null, warnings };
+  }
+}
+function extractFromFirefox(domain, opts) {
+  const warnings = [];
+  const dbPath = getFirefoxCookiesPath(opts?.profile);
+  if (!dbPath) {
+    warnings.push("Firefox cookies DB not found");
+    return { cookies: [], source: null, warnings };
+  }
+  try {
+    const cookies = withTempCopy(dbPath, (tempDb) => {
+      const where = buildDomainWhereClause(domain, "host");
+      const sql = `SELECT name, value, host, path, isSecure, isHttpOnly, sameSite, expiry FROM moz_cookies WHERE ${where};`;
+      const rows = sqliteQuery(tempDb, sql);
+      if (!rows)
+        return [];
+      const results = [];
+      for (const line of rows.split(`
+`)) {
+        const parts = line.split("|");
+        if (parts.length < 8)
+          continue;
+        const [name, value, host, cookiePath, secure, httpOnly, sameSite, expiry] = parts;
+        if (!name || !value)
+          continue;
+        results.push({
+          name,
+          value,
+          domain: host,
+          path: cookiePath || "/",
+          secure: secure === "1",
+          httpOnly: httpOnly === "1",
+          sameSite: sameSite === "0" ? "None" : sameSite === "1" ? "Lax" : "Strict",
+          expires: Number(expiry) || -1
+        });
+      }
+      return results;
+    });
+    const source = opts?.profile ? `Firefox profile "${opts.profile}"` : "Firefox default profile";
+    if (cookies.length === 0) {
+      warnings.push(`No cookies for ${domain} found in ${source}`);
+    }
+    log("auth", `extracted ${cookies.length} cookies for ${domain} from ${source}`);
+    return { cookies, source: cookies.length > 0 ? source : null, warnings };
+  } catch (err) {
+    warnings.push(`Firefox extraction failed: ${err instanceof Error ? err.message : err}`);
+    return { cookies: [], source: null, warnings };
+  }
+}
+function extractBrowserCookies(domain, opts) {
+  if (opts?.browser === "firefox") {
+    return extractFromFirefox(domain, { profile: opts.firefoxProfile });
+  }
+  if (opts?.browser === "chrome") {
+    return extractFromChrome(domain, { profile: opts.chromeProfile });
+  }
+  if (opts?.browser === "chromium") {
+    return extractFromChromium(domain, opts.chromium);
+  }
+  const ff = extractFromFirefox(domain, { profile: opts?.firefoxProfile });
+  if (ff.cookies.length > 0)
+    return ff;
+  if (opts?.chromium?.cookieDbPath || opts?.chromium?.userDataDir) {
+    const chromium = extractFromChromium(domain, opts.chromium);
+    chromium.warnings.push(...ff.warnings);
+    return chromium;
+  }
+  const chrome = extractFromChrome(domain, { profile: opts?.chromeProfile });
+  chrome.warnings.push(...ff.warnings);
+  return chrome;
+}
+function scanAllBrowserSessions(domain) {
+  const results = [];
+  const home = homedir7();
+  for (const browser of CHROMIUM_BROWSERS) {
+    const userDataDir = platform() === "darwin" ? join12(home, "Library", "Application Support", browser.macPath) : platform() === "win32" ? join12(process.env.LOCALAPPDATA ?? join12(home, "AppData", "Local"), browser.macPath, "User Data") : join12(home, ".config", browser.macPath.toLowerCase());
+    if (!existsSync15(userDataDir))
+      continue;
+    try {
+      const result = extractFromChromium(domain, {
+        userDataDir,
+        browserName: browser.name
+      });
+      if (result.cookies.length > 0) {
+        const sessionCookies = result.cookies.filter((c) => c.httpOnly || c.secure).length;
+        results.push({
+          browser: browser.name,
+          cookies: result.cookies,
+          sessionCookies,
+          source: result.source
+        });
+      }
+    } catch {}
+  }
+  try {
+    const ff = extractFromFirefox(domain);
+    if (ff.cookies.length > 0) {
+      const sessionCookies = ff.cookies.filter((c) => c.httpOnly || c.secure).length;
+      results.push({
+        browser: "Firefox",
+        cookies: ff.cookies,
+        sessionCookies,
+        source: ff.source
+      });
+    }
+  } catch {}
+  results.sort((a, b) => b.sessionCookies - a.sessionCookies);
+  return results;
+}
+function findBestBrowserSession(domain) {
+  const sessions = scanAllBrowserSessions(domain);
+  return sessions[0] ?? null;
+}
+var _chromiumKeyCache, CHROMIUM_BROWSERS;
+var init_browser_cookies = __esm(() => {
+  init_logger();
+  init_domain();
+  _chromiumKeyCache = new Map;
+  CHROMIUM_BROWSERS = [
+    { name: "Chrome", macPath: "Google/Chrome" },
+    { name: "Arc", macPath: "Arc/User Data" },
+    { name: "Brave", macPath: "BraveSoftware/Brave-Browser" },
+    { name: "Edge", macPath: "Microsoft Edge" },
+    { name: "Vivaldi", macPath: "Vivaldi" },
+    { name: "Opera", macPath: "com.operasoftware.Opera" },
+    { name: "Dia", macPath: "Dia/User Data" },
+    { name: "Chromium", macPath: "Chromium" }
+  ];
+});
+
 // ../../src/cli.ts
 import { config as loadEnv } from "dotenv";
 import { spawn as spawn3 } from "child_process";
@@ -4106,7 +4674,9 @@ var CLI_REFERENCE = {
     { name: "forward", usage: "[--session id]", desc: "Navigate forward" },
     { name: "sync", usage: "[--session id]", desc: "Checkpoint current capture, keep tab open, queue background index + publish, then inspect via skill/publish review" },
     { name: "close", usage: "[--session id]", desc: "Checkpoint capture, queue background index + publish, close browse session, then inspect via skill/publish review" },
-    { name: "stats", usage: "[--json] [--pretty]", desc: "Show lifetime time/tokens/cost saved and marketplace earnings/spending" }
+    { name: "stats", usage: "[--json] [--pretty]", desc: "Show lifetime time/tokens/cost saved and marketplace earnings/spending" },
+    { name: "corpus-test", usage: "--url <url> [--id <id>] [--retries N]", desc: "Capture a single URL with retry logic; keeps best result across N attempts" },
+    { name: "corpus-run", usage: "--corpus <file> --out <file> [--retries N]", desc: "Run corpus-test over all cases in a corpus JSON file and write a comparable snapshot" }
   ],
   globalFlags: [
     { flag: "--pretty", desc: "Indented JSON output" },
@@ -4620,8 +5190,270 @@ async function cmdSync(flags) {
 async function cmdClose(flags) {
   output(await api2("POST", "/v1/browse/close", typeof flags.session === "string" ? { session_id: flags.session } : undefined), false);
 }
+async function cmdLoginAuto(flags) {
+  const url = flags.url;
+  if (!url)
+    return die("--url is required");
+  const domain = (() => {
+    try {
+      return new URL(url).hostname.replace(/^www\./, "");
+    } catch {
+      return url;
+    }
+  })();
+  info(`[login-auto] creating agent email for ${domain}...`);
+  const { autonomousEmailLogin: autonomousEmailLogin2 } = await Promise.resolve().then(() => (init_agent_mail(), exports_agent_mail));
+  const session = await autonomousEmailLogin2(domain);
+  info(`[login-auto] agent email: ${session.email}`);
+  info(`[login-auto] use this email to register/login on ${domain}`);
+  info(`[login-auto] then run: unbrowse login-auto --url ${url} --wait-otp`);
+  info(`[login-auto]    or:    unbrowse login-auto --url ${url} --wait-link`);
+  if (flags["wait-otp"]) {
+    info(`[login-auto] waiting for OTP email from ${domain}...`);
+    const otp = await session.waitForOtp();
+    if (otp) {
+      info(`[login-auto] OTP received: ${otp}`);
+      output({ email: session.email, otp, domain });
+    } else {
+      info(`[login-auto] no OTP received within 90 seconds`);
+      output({ email: session.email, otp: null, domain, error: "timeout" });
+    }
+    return;
+  }
+  if (flags["wait-link"]) {
+    info(`[login-auto] waiting for verification link from ${domain}...`);
+    const link = await session.waitForLink();
+    if (link) {
+      info(`[login-auto] verification link: ${link}`);
+      output({ email: session.email, link, domain });
+    } else {
+      info(`[login-auto] no verification email within 90 seconds`);
+      output({ email: session.email, link: null, domain, error: "timeout" });
+    }
+    return;
+  }
+  output({ email: session.email, inbox_id: session.inboxId, domain });
+}
+async function cmdSessionsScan(flags) {
+  const domain = flags.domain;
+  const { scanAllBrowserSessions: scanAllBrowserSessions2, findBestBrowserSession: findBestBrowserSession2 } = await Promise.resolve().then(() => (init_browser_cookies(), exports_browser_cookies));
+  const { execFileSync: execFileSync5, existsSync: existsSync16 } = await import("./cli-imports.js").catch(() => ({ execFileSync: __require("child_process").execFileSync, existsSync: __require("fs").existsSync }));
+  if (domain) {
+    const sessions = scanAllBrowserSessions2(domain);
+    if (sessions.length === 0) {
+      info(`No browser has a session for ${domain}`);
+      output({ domain, sessions: [], best: null });
+      return;
+    }
+    const best = sessions[0];
+    info(`Best session for ${domain}: ${best.browser} (${best.sessionCookies} session cookies)`);
+    output({
+      domain,
+      sessions: sessions.map((s) => ({
+        browser: s.browser,
+        cookies: s.cookies.length,
+        session_cookies: s.sessionCookies
+      })),
+      best: { browser: best.browser, session_cookies: best.sessionCookies }
+    });
+    return;
+  }
+  const home = __require("os").homedir();
+  const { join: join13 } = __require("path");
+  const browsers = [
+    { name: "Chrome", path: join13(home, "Library/Application Support/Google/Chrome/Default/Cookies") },
+    { name: "Dia", path: join13(home, "Library/Application Support/Dia/User Data/Default/Cookies") },
+    { name: "Arc", path: join13(home, "Library/Application Support/Arc/User Data/Default/Cookies") },
+    { name: "Brave", path: join13(home, "Library/Application Support/BraveSoftware/Brave-Browser/Default/Cookies") },
+    { name: "Edge", path: join13(home, "Library/Application Support/Microsoft Edge/Default/Cookies") }
+  ];
+  const allSessions = [];
+  for (const b of browsers) {
+    if (!__require("fs").existsSync(b.path))
+      continue;
+    try {
+      const tmp = `/tmp/unbrowse-scan-${b.name}.db`;
+      __require("child_process").execFileSync("cp", [b.path, tmp]);
+      const result = __require("child_process").execFileSync("sqlite3", [
+        tmp,
+        `SELECT host_key, COUNT(*) as c FROM cookies WHERE is_httponly=1 OR is_secure=1 GROUP BY host_key HAVING c >= 2 ORDER BY c DESC LIMIT 50;`
+      ], { encoding: "utf8" });
+      for (const line of result.trim().split(`
+`)) {
+        if (!line)
+          continue;
+        const [d, count] = line.split("|");
+        if (/google|facebook|doubleclick|rubiconproject|demdex|hcaptcha|protechts/.test(d))
+          continue;
+        allSessions.push({ browser: b.name, domain: d, session_cookies: parseInt(count) || 0 });
+      }
+      __require("child_process").execFileSync("rm", [tmp]);
+    } catch {}
+  }
+  const byDomain = new Map;
+  for (const s of allSessions) {
+    const existing = byDomain.get(s.domain);
+    if (!existing || s.session_cookies > existing.session_cookies) {
+      byDomain.set(s.domain, s);
+    }
+  }
+  const sorted = [...byDomain.values()].sort((a, b) => b.session_cookies - a.session_cookies);
+  info(`Found ${sorted.length} logged-in domains across ${browsers.filter((b) => __require("fs").existsSync(b.path)).length} browsers`);
+  output({ sessions: sorted.slice(0, 30) });
+}
+async function captureOnce(url) {
+  try {
+    const goResult = await api2("POST", "/v1/browse/go", { url });
+    if (goResult.error) {
+      return { capture: "error", endpoints: 0, requests: 0, error: String(goResult.error) };
+    }
+    await new Promise((r) => setTimeout(r, 6000));
+    const closeResult = await api2("POST", "/v1/browse/close", {});
+    if (closeResult.error) {
+      return { capture: "error", endpoints: 0, requests: 0, error: String(closeResult.error) };
+    }
+    return {
+      capture: "ok",
+      endpoints: closeResult.endpoint_count ?? 0,
+      requests: closeResult.request_count ?? 0,
+      raw: closeResult
+    };
+  } catch (err) {
+    return { capture: "error", endpoints: 0, requests: 0, error: err.message };
+  }
+}
+async function cmdCorpusTest(flags) {
+  const url = flags.url;
+  if (!url)
+    die("--url is required for corpus-test");
+  const id = flags.id || new URL(url).hostname;
+  const retries = flags.retries ? parseInt(flags.retries, 10) : 3;
+  let best = { capture: "error", endpoints: 0, requests: 0 };
+  let attempts = 0;
+  for (let attempt = 0;attempt < retries; attempt++) {
+    attempts++;
+    info(`corpus-test [${id}] attempt ${attempt + 1}/${retries}`);
+    const result = await captureOnce(url);
+    if (result.endpoints > best.endpoints)
+      best = result;
+    if (best.endpoints > 0)
+      break;
+    if (attempt < retries - 1) {
+      try {
+        spawn3("pkill", ["-9", "-f", "kuri|chrome-profile"], { stdio: "ignore" });
+      } catch {}
+      await new Promise((r) => setTimeout(r, 2000));
+    }
+  }
+  output({
+    id,
+    url,
+    capture: best.capture,
+    endpoints: best.endpoints,
+    requests: best.requests,
+    attempts,
+    best_of: retries,
+    ...best.error ? { error: best.error } : {}
+  }, !!flags.pretty);
+}
+async function cmdCorpusRun(flags) {
+  const corpusPath = flags.corpus;
+  const outPath = flags.out;
+  if (!corpusPath)
+    die("--corpus is required for corpus-run");
+  if (!outPath)
+    die("--out is required for corpus-run");
+  const retries = flags.retries ? parseInt(flags.retries, 10) : 3;
+  let corpus;
+  try {
+    const raw = __require("fs").readFileSync(corpusPath, "utf-8");
+    corpus = JSON.parse(raw);
+  } catch (err) {
+    die(`Failed to read corpus file: ${err.message}`);
+  }
+  if (!Array.isArray(corpus.cases) || corpus.cases.length === 0) {
+    die("Corpus file must have a non-empty 'cases' array");
+  }
+  let gitSha = "unknown";
+  try {
+    const { execSync: execSync3 } = __require("child_process");
+    gitSha = execSync3("git rev-parse --short HEAD", { encoding: "utf-8" }).trim();
+  } catch {}
+  const startTime = Date.now();
+  const results = [];
+  info(`corpus-run: ${corpus.cases.length} cases, retries=${retries}`);
+  for (const c of corpus.cases) {
+    const caseId = c.id || new URL(c.url).hostname;
+    info(`corpus-run [${caseId}] starting`);
+    try {
+      spawn3("pkill", ["-9", "-f", "kuri|chrome-profile"], { stdio: "ignore" });
+    } catch {}
+    await new Promise((r) => setTimeout(r, 1500));
+    let best = { capture: "error", endpoints: 0, requests: 0 };
+    let attempts = 0;
+    for (let attempt = 0;attempt < retries; attempt++) {
+      attempts++;
+      const result = await captureOnce(c.url);
+      if (result.endpoints > best.endpoints)
+        best = result;
+      if (best.endpoints > 0)
+        break;
+      if (attempt < retries - 1) {
+        try {
+          spawn3("pkill", ["-9", "-f", "kuri|chrome-profile"], { stdio: "ignore" });
+        } catch {}
+        await new Promise((r) => setTimeout(r, 2000));
+      }
+    }
+    let resolveEndpoints = 0;
+    if (best.capture === "ok" && best.endpoints > 0) {
+      try {
+        const resolveResult = await api2("GET", "/v1/resolve", {
+          intent: c.intent ?? `get data from ${caseId}`,
+          url: c.url,
+          domain: new URL(c.url).hostname
+        });
+        const endpoints = resolveResult.endpoints ?? resolveResult.results ?? [];
+        resolveEndpoints = Array.isArray(endpoints) ? endpoints.length : 0;
+      } catch {}
+    }
+    const verdict = best.capture === "error" ? "fail" : best.endpoints > 0 ? "pass" : "fail";
+    results.push({
+      id: caseId,
+      capture: best.capture,
+      endpoints: best.endpoints,
+      requests: best.requests,
+      resolve_endpoints: resolveEndpoints,
+      verdict,
+      attempts,
+      notes: best.error ?? ""
+    });
+    const snapshot3 = {
+      git_sha: gitSha,
+      timestamp: new Date().toISOString(),
+      total_runtime_ms: Date.now() - startTime,
+      results
+    };
+    try {
+      __require("fs").writeFileSync(outPath, JSON.stringify(snapshot3, null, 2));
+    } catch {}
+    info(`corpus-run [${caseId}] done: endpoints=${best.endpoints} verdict=${verdict} attempts=${attempts}`);
+  }
+  const totalRuntime = Date.now() - startTime;
+  const pass = results.filter((r) => r.verdict === "pass").length;
+  const fail = results.filter((r) => r.verdict === "fail").length;
+  const snapshot2 = {
+    git_sha: gitSha,
+    timestamp: new Date().toISOString(),
+    total_runtime_ms: totalRuntime,
+    results
+  };
+  __require("fs").writeFileSync(outPath, JSON.stringify(snapshot2, null, 2));
+  info(`corpus-run complete: ${pass} pass, ${fail} fail of ${results.length} total`);
+  output(snapshot2, !!flags.pretty);
+}
 async function cmdConnectChrome() {
-  const { execSync: execSync2, spawn: spawnProc } = __require("child_process");
+  const { execSync: execSync3, spawn: spawnProc } = __require("child_process");
   try {
     const res = await fetch("http://127.0.0.1:9222/json/version", { signal: AbortSignal.timeout(1000) });
     if (res.ok) {
@@ -4634,16 +5466,16 @@ async function cmdConnectChrome() {
     }
   } catch {}
   try {
-    execSync2("pkill -f kuri/chrome-profile", { stdio: "ignore" });
+    execSync3("pkill -f kuri/chrome-profile", { stdio: "ignore" });
   } catch {}
   console.log("Quitting Chrome to relaunch with remote debugging...");
   if (process.platform === "darwin") {
     try {
-      execSync2('osascript -e "quit app \\"Google Chrome\\""', { stdio: "ignore", timeout: 5000 });
+      execSync3('osascript -e "quit app \\"Google Chrome\\""', { stdio: "ignore", timeout: 5000 });
     } catch {}
   } else {
     try {
-      execSync2("pkill -f chrome", { stdio: "ignore" });
+      execSync3("pkill -f chrome", { stdio: "ignore" });
     } catch {}
   }
   await new Promise((r) => setTimeout(r, 2000));
@@ -4695,6 +5527,10 @@ async function main() {
     return cmdConnectChrome();
   if (command === "stats")
     return cmdStats(flags);
+  if (command === "sessions-scan")
+    return cmdSessionsScan(flags);
+  if (command === "login-auto")
+    return cmdLoginAuto(flags);
   const KNOWN_COMMANDS = new Set([
     "health",
     "mcp",
@@ -4740,7 +5576,12 @@ async function main() {
     "sync",
     "close",
     "connect-chrome",
-    "stats"
+    "stats",
+    "corpus-test",
+    "corpus-run",
+    "sessions-scan",
+    "cache-clear",
+    "login-auto"
   ]);
   if (!KNOWN_COMMANDS.has(command)) {
     const pack = findSitePack(command);
@@ -4840,6 +5681,14 @@ async function main() {
       return cmdConnectChrome();
     case "stats":
       return cmdStats(flags);
+    case "corpus-test":
+      return cmdCorpusTest(flags);
+    case "corpus-run":
+      return cmdCorpusRun(flags);
+    case "sessions-scan":
+      return cmdSessionsScan(flags);
+    case "login-auto":
+      return cmdLoginAuto(flags);
     default:
       info(`Unknown command: ${command}`);
       printHelp();