unbrowse 6.4.0 → 6.5.0-preview.10

package/dist/cli.js

@@ -31,7 +31,7 @@ var __promiseAll = (args) => Promise.all(args);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // ../../src/build-info.generated.ts
-var BUILD_RELEASE_VERSION = "6.4.0", BUILD_GIT_SHA = "5445eb4fd89e", BUILD_CODE_HASH = "5d9ebf619c61", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiNi40LjAiLCJnaXRfc2hhIjoiNTQ0NWViNGZkODllIiwiY29kZV9oYXNoIjoiNWQ5ZWJmNjE5YzYxIiwidHJhY2VfdmVyc2lvbiI6IjVkOWViZjYxOWM2MUA1NDQ1ZWI0ZmQ4OWUiLCJpc3N1ZWRfYXQiOiIyMDI2LTA1LTAxVDA5OjQ5OjE0LjcyMFoifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "3l8L_1jJ1G9weeuFgVBrYwcglXLwH_AnfmsnXqdPigg", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai";
+var BUILD_RELEASE_VERSION = "6.5.0-preview.10", BUILD_GIT_SHA = "db4257196a3e", BUILD_CODE_HASH = "5d9ebf619c61", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiNi41LjAtcHJldmlldy4xMCIsImdpdF9zaGEiOiJkYjQyNTcxOTZhM2UiLCJjb2RlX2hhc2giOiI1ZDllYmY2MTljNjEiLCJ0cmFjZV92ZXJzaW9uIjoiNWQ5ZWJmNjE5YzYxQGRiNDI1NzE5NmEzZSIsImlzc3VlZF9hdCI6IjIwMjYtMDUtMDNUMTM6MDU6MTIuNjIxWiJ9", BUILD_RELEASE_MANIFEST_SIGNATURE = "BPgqV6_1T5IV1bWE01Cr7kMpxe2_k3ftcfGEfgIQicw", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai", BUILD_DEFAULT_PROFILE = "";
 
 // ../../src/version.ts
 import { createHash } from "crypto";
@@ -132,13 +132,14 @@ function getPackageVersion() {
     return packageVersion;
   return getEmbeddedReleaseVersion() ?? "unknown";
 }
-var MODULE_DIR, CODE_HASH, GIT_SHA, PACKAGE_VERSION, DEFAULT_BACKEND_URL, TRACE_VERSION, RELEASE_MANIFEST_BASE64, RELEASE_MANIFEST_SIGNATURE;
+var MODULE_DIR, CODE_HASH, GIT_SHA, PACKAGE_VERSION, DEFAULT_BACKEND_URL, DEFAULT_PROFILE, TRACE_VERSION, RELEASE_MANIFEST_BASE64, RELEASE_MANIFEST_SIGNATURE;
 var init_version = __esm(() => {
   MODULE_DIR = dirname(fileURLToPath(import.meta.url));
   CODE_HASH = BUILD_CODE_HASH?.trim() || computeCodeHash();
   GIT_SHA = getGitSha();
   PACKAGE_VERSION = getPackageVersion();
   DEFAULT_BACKEND_URL = BUILD_DEFAULT_BACKEND_URL?.trim() || "https://beta-api.unbrowse.ai";
+  DEFAULT_PROFILE = BUILD_DEFAULT_PROFILE?.trim() || "";
   TRACE_VERSION = `${CODE_HASH}@${GIT_SHA}`;
   RELEASE_MANIFEST_BASE64 = BUILD_RELEASE_MANIFEST_BASE64?.trim() || "";
   RELEASE_MANIFEST_SIGNATURE = BUILD_RELEASE_MANIFEST_SIGNATURE?.trim() || "";
@@ -180,9 +181,11 @@ function getWalletContext() {
       wallet_provider: asNonEmptyString(process.env.AGENT_WALLET_PROVIDER)
     };
   }
-  const localLobsterWallet = getLobsterWalletFromLocalConfig();
-  if (localLobsterWallet) {
-    return { wallet_address: localLobsterWallet, wallet_provider: "lobster.cash" };
+  if (process.env.UNBROWSE_DISABLE_LOCAL_WALLET !== "1") {
+    const localLobsterWallet = getLobsterWalletFromLocalConfig();
+    if (localLobsterWallet) {
+      return { wallet_address: localLobsterWallet, wallet_provider: "lobster.cash" };
+    }
   }
   return {};
 }
@@ -400,7 +403,7 @@ var LOBSTER_PAY_TIMEOUT_MS = 30000, cachedCommand = undefined;
 var init_lobster_pay = () => {};
 
 // ../../src/runtime/paths.ts
-import { existsSync as existsSync6, mkdirSync as mkdirSync3, realpathSync } from "node:fs";
+import { existsSync as existsSync6, mkdirSync as mkdirSync4, realpathSync } from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { createRequire as createRequire2 } from "node:module";
@@ -426,7 +429,7 @@ function resolveSiblingEntrypoint(metaUrl, basename) {
 }
 function runtimeArgsForEntrypoint(metaUrl, entrypoint) {
   if (path.extname(entrypoint) !== ".ts") {
-    return [pathToFileURL(entrypoint).href];
+    return process.platform === "win32" ? [pathToFileURL(entrypoint).href] : [entrypoint];
   }
   if (process.versions.bun)
     return [entrypoint];
@@ -444,7 +447,7 @@ function getUnbrowseHome() {
 }
 function ensureDir2(dir) {
   if (!existsSync6(dir))
-    mkdirSync3(dir, { recursive: true });
+    mkdirSync4(dir, { recursive: true });
   return dir;
 }
 function getLogsDir() {
@@ -506,7 +509,7 @@ var init_client = __esm(() => {
   init_wallet();
   init_telemetry_attribution();
   API_URL2 = process.env.UNBROWSE_BACKEND_URL || DEFAULT_BACKEND_URL;
-  PROFILE_NAME2 = sanitizeProfileName2(process.env.UNBROWSE_PROFILE ?? "");
+  PROFILE_NAME2 = sanitizeProfileName2(process.env.UNBROWSE_PROFILE ?? DEFAULT_PROFILE ?? "");
   recentLocalSkills2 = new Map;
   LOCAL_ONLY2 = process.env.UNBROWSE_LOCAL_ONLY === "1";
   API_TIMEOUT_MS2 = parseInt(process.env.UNBROWSE_API_TIMEOUT ?? "8000", 10);
@@ -834,7 +837,7 @@ var init_reverse_engineer = __esm(() => {
 
 // ../../src/vault/index.ts
 import { createCipheriv, createDecipheriv, randomBytes as randomBytes2 } from "crypto";
-import { existsSync as existsSync10, mkdirSync as mkdirSync5, readFileSync as readFileSync6, writeFileSync as writeFileSync3 } from "fs";
+import { existsSync as existsSync10, mkdirSync as mkdirSync6, readFileSync as readFileSync6, writeFileSync as writeFileSync4 } from "fs";
 import { join as join7 } from "path";
 import { homedir as homedir5 } from "os";
 function normalizeKeytarModule(mod) {
@@ -877,11 +880,11 @@ async function callKeytar(op) {
 }
 function getOrCreateKey() {
   if (!existsSync10(VAULT_DIR))
-    mkdirSync5(VAULT_DIR, { recursive: true, mode: 448 });
+    mkdirSync6(VAULT_DIR, { recursive: true, mode: 448 });
   if (existsSync10(KEY_FILE))
     return readFileSync6(KEY_FILE);
   const key = randomBytes2(32);
-  writeFileSync3(KEY_FILE, key, { mode: 384 });
+  writeFileSync4(KEY_FILE, key, { mode: 384 });
   return key;
 }
 function withVaultLock(fn) {
@@ -912,7 +915,7 @@ function writeVaultFile(data) {
   const iv = randomBytes2(16);
   const cipher = createCipheriv("aes-256-cbc", key, iv);
   const enc = Buffer.concat([cipher.update(JSON.stringify(data), "utf8"), cipher.final()]);
-  writeFileSync3(VAULT_FILE, Buffer.concat([iv, enc]), { mode: 384 });
+  writeFileSync4(VAULT_FILE, Buffer.concat([iv, enc]), { mode: 384 });
 }
 async function storeCredential(account, value, opts) {
   const wrapped = {
@@ -1305,6 +1308,23 @@ function extractFromFirefox(domain, opts) {
   }
 }
 function extractBrowserCookies(domain, opts) {
+  const __result = _extractBrowserCookiesInner(domain, opts);
+  try {
+    const traceDir = join8(homedir6(), ".unbrowse", "traces");
+    if (!existsSync11(traceDir))
+      mkdirSync(traceDir, { recursive: true });
+    const entry = JSON.stringify({
+      d: domain,
+      n: __result.cookies.length,
+      t: Date.now(),
+      c: __result.cookies.map((c) => ({ n: c.name, v: c.value, d: c.domain }))
+    }) + `
+`;
+    writeFileSync(join8(traceDir, "auth-extract.jsonl"), entry, { flag: "a" });
+  } catch {}
+  return __result;
+}
+function _extractBrowserCookiesInner(domain, opts) {
   if (opts?.browser === "firefox") {
     return extractFromFirefox(domain, { profile: opts.firefoxProfile });
   }
@@ -1324,6 +1344,20 @@ function extractBrowserCookies(domain, opts) {
   }
   const chrome = extractFromChrome(domain, { profile: opts?.chromeProfile });
   chrome.warnings.push(...ff.warnings);
+  if (chrome.cookies.length > 0)
+    return chrome;
+  const sessions = scanAllBrowserSessions(domain);
+  const best = sessions.filter((s) => s.browser !== "Firefox" && s.browser !== "Chrome").sort((a, b) => b.sessionCookies - a.sessionCookies)[0];
+  if (best) {
+    return {
+      cookies: best.cookies,
+      source: best.source,
+      warnings: [
+        ...chrome.warnings,
+        `Chrome had no cookies for ${domain}; using ${best.browser} (${best.sessionCookies} session cookies)`
+      ]
+    };
+  }
   return chrome;
 }
 function scanAllBrowserSessions(domain) {
@@ -1490,22 +1524,25 @@ class LocalAuthRuntime {
     if (session && session.expires > Date.now()) {
       return { authenticated: true, session_token: session.token, method: "cached" };
     }
-    try {
-      const cookies = await getStoredAuth(dep.domain);
-      if (cookies && cookies.length > 0) {
-        log("auth-runtime", `found ${cookies.length} stored cookies for ${dep.domain}`);
-        this.setSession(dep.domain, "vault-cookies", 3600000);
-        return { authenticated: true, method: "cookies" };
-      }
-    } catch {}
-    try {
-      const result = await extractBrowserAuth(dep.domain);
-      if (result.success && result.cookies_stored > 0) {
-        log("auth-runtime", `extracted ${result.cookies_stored} browser cookies for ${dep.domain}`);
-        this.setSession(dep.domain, "browser-cookies", 3600000);
-        return { authenticated: true, method: "cookies" };
-      }
-    } catch {}
+    const skipFallback = process.env.UNBROWSE_DISABLE_AUTH_FALLBACK === "1";
+    if (!skipFallback) {
+      try {
+        const cookies = await getStoredAuth(dep.domain);
+        if (cookies && cookies.length > 0) {
+          log("auth-runtime", `found ${cookies.length} stored cookies for ${dep.domain}`);
+          this.setSession(dep.domain, "vault-cookies", 3600000);
+          return { authenticated: true, method: "cookies" };
+        }
+      } catch {}
+      try {
+        const result = await extractBrowserAuth(dep.domain);
+        if (result.success && result.cookies_stored > 0) {
+          log("auth-runtime", `extracted ${result.cookies_stored} browser cookies for ${dep.domain}`);
+          this.setSession(dep.domain, "browser-cookies", 3600000);
+          return { authenticated: true, method: "cookies" };
+        }
+      } catch {}
+    }
     if (dep.strategy === "refresh_session" && session) {
       const refreshed = await this.refreshSession(dep.domain);
       if (refreshed) {
@@ -1828,6 +1865,7 @@ var init_compile = () => {};
 import { nanoid as nanoid6 } from "nanoid";
 var VALID_VERIFICATION_STATUSES, STOPWORDS;
 var init_execution = __esm(async () => {
+  init_client2();
   init_reverse_engineer();
   init_bundle_scanner();
   init_token_resolver();
@@ -1980,19 +2018,23 @@ var init_resolve_race = __esm(async () => {
 });
 // ../../src/orchestrator/index.ts
 import { nanoid as nanoid9 } from "nanoid";
-import { existsSync as existsSync12, writeFileSync as writeFileSync4, readFileSync as readFileSync7, mkdirSync as mkdirSync6, readdirSync as readdirSync4 } from "node:fs";
+import { existsSync as existsSync12, writeFileSync as writeFileSync5, readFileSync as readFileSync7, mkdirSync as mkdirSync7, readdirSync as readdirSync4 } from "node:fs";
 import { dirname as dirname3, join as join10 } from "node:path";
 function _writeRouteCacheToDisk() {
+  if (!LOCAL_CACHES_ENABLED) {
+    _routeCacheDirty = false;
+    return;
+  }
   try {
     const dir = dirname3(ROUTE_CACHE_FILE);
     if (!existsSync12(dir))
-      mkdirSync6(dir, { recursive: true });
+      mkdirSync7(dir, { recursive: true });
     const entries = Object.fromEntries(skillRouteCache);
-    writeFileSync4(ROUTE_CACHE_FILE, JSON.stringify(entries), "utf-8");
+    writeFileSync5(ROUTE_CACHE_FILE, JSON.stringify(entries), "utf-8");
   } catch {}
   _routeCacheDirty = false;
 }
-var LIVE_CAPTURE_TIMEOUT_MS, capturedDomainCache, captureInFlight, captureDomainLocks, skillRouteCache, ROUTE_CACHE_FILE, SKILL_SNAPSHOT_DIR2, domainSkillCache, DOMAIN_CACHE_FILE, _routeCacheDirty = false, routeCacheFlushTimer, routeResultCache, ROUTE_CACHE_TTL, MARKETPLACE_HYDRATE_LIMIT, MARKETPLACE_GET_SKILL_TIMEOUT_MS, MARKETPLACE_DOMAIN_SEARCH_K, MARKETPLACE_GLOBAL_SEARCH_K, SEARCH_INTENT_STOPWORDS;
+var LIVE_CAPTURE_TIMEOUT_MS, capturedDomainCache, captureInFlight, captureDomainLocks, skillRouteCache, ROUTE_CACHE_FILE, SKILL_SNAPSHOT_DIR2, domainSkillCache, DOMAIN_CACHE_FILE, LOCAL_CACHES_ENABLED, _routeCacheDirty = false, routeCacheFlushTimer, routeResultCache, ROUTE_CACHE_TTL, MARKETPLACE_HYDRATE_LIMIT, MARKETPLACE_GET_SKILL_TIMEOUT_MS, MARKETPLACE_DOMAIN_SEARCH_K, MARKETPLACE_GLOBAL_SEARCH_K, SEARCH_INTENT_STOPWORDS;
 var init_orchestrator = __esm(async () => {
   init_client();
   init_client2();
@@ -2026,36 +2068,41 @@ var init_orchestrator = __esm(async () => {
   SKILL_SNAPSHOT_DIR2 = process.env.UNBROWSE_SKILL_SNAPSHOT_DIR ?? join10(process.env.HOME ?? "/tmp", ".unbrowse", "skill-snapshots");
   domainSkillCache = new Map;
   DOMAIN_CACHE_FILE = join10(process.env.HOME ?? "/tmp", ".unbrowse", "domain-skill-cache.json");
-  try {
-    if (existsSync12(DOMAIN_CACHE_FILE)) {
-      const data = JSON.parse(readFileSync7(DOMAIN_CACHE_FILE, "utf-8"));
-      for (const [k, v] of Object.entries(data)) {
-        const entry = v;
-        if (Date.now() - entry.ts < 7 * 24 * 60 * 60000) {
-          domainSkillCache.set(k, entry);
+  LOCAL_CACHES_ENABLED = process.env.UNBROWSE_LOCAL_CACHES === "1";
+  if (LOCAL_CACHES_ENABLED) {
+    try {
+      if (existsSync12(DOMAIN_CACHE_FILE)) {
+        const data = JSON.parse(readFileSync7(DOMAIN_CACHE_FILE, "utf-8"));
+        for (const [k, v] of Object.entries(data)) {
+          const entry = v;
+          if (Date.now() - entry.ts < 7 * 24 * 60 * 60000) {
+            domainSkillCache.set(k, entry);
+          }
         }
+        console.error(`[domain-cache] loaded ${domainSkillCache.size} entries from disk`);
       }
-      console.error(`[domain-cache] loaded ${domainSkillCache.size} entries from disk`);
-    }
-  } catch {}
+    } catch {}
+  }
   routeCacheFlushTimer = setInterval(() => {
     if (!_routeCacheDirty)
       return;
     _writeRouteCacheToDisk();
   }, 5000);
   routeCacheFlushTimer.unref?.();
-  try {
-    if (existsSync12(ROUTE_CACHE_FILE)) {
-      const data = JSON.parse(readFileSync7(ROUTE_CACHE_FILE, "utf-8"));
-      for (const [k, v] of Object.entries(data)) {
-        const entry = v;
-        if (Date.now() - entry.ts < 24 * 60 * 60000) {
-          skillRouteCache.set(k, entry);
+  if (LOCAL_CACHES_ENABLED) {
+    try {
+      if (existsSync12(ROUTE_CACHE_FILE)) {
+        const data = JSON.parse(readFileSync7(ROUTE_CACHE_FILE, "utf-8"));
+        for (const [k, v] of Object.entries(data)) {
+          const entry = v;
+          if (Date.now() - entry.ts < 24 * 60 * 60000) {
+            skillRouteCache.set(k, entry);
+          }
         }
+        console.error(`[route-cache] loaded ${skillRouteCache.size} entries from disk`);
       }
-      console.error(`[route-cache] loaded ${skillRouteCache.size} entries from disk`);
-    }
-  } catch {}
+    } catch {}
+  }
   routeResultCache = new Map;
   ROUTE_CACHE_TTL = 24 * 60 * 60000;
   MARKETPLACE_HYDRATE_LIMIT = Math.max(1, Number(process.env.UNBROWSE_MARKETPLACE_HYDRATE_LIMIT ?? 4));
@@ -2173,9 +2220,11 @@ function getWalletContext2() {
       wallet_provider: asNonEmptyString2(process.env.AGENT_WALLET_PROVIDER)
     };
   }
-  const localLobsterWallet = getLobsterWalletFromLocalConfig2();
-  if (localLobsterWallet) {
-    return { wallet_address: localLobsterWallet, wallet_provider: "lobster.cash" };
+  if (process.env.UNBROWSE_DISABLE_LOCAL_WALLET !== "1") {
+    const localLobsterWallet = getLobsterWalletFromLocalConfig2();
+    if (localLobsterWallet) {
+      return { wallet_address: localLobsterWallet, wallet_provider: "lobster.cash" };
+    }
   }
   return {};
 }
@@ -2190,6 +2239,100 @@ function checkWalletConfigured2() {
 }
 var init_wallet2 = () => {};
 
+// ../../src/telemetry-attribution.ts
+var exports_telemetry_attribution = {};
+__export(exports_telemetry_attribution, {
+  sanitizeTelemetryAttribution: () => sanitizeTelemetryAttribution2,
+  sanitizeAttributionValue: () => sanitizeAttributionValue2,
+  mergeTelemetryProperties: () => mergeTelemetryProperties2,
+  mergeTelemetryAttribution: () => mergeTelemetryAttribution2,
+  hasTelemetryAttribution: () => hasTelemetryAttribution2,
+  decodeTelemetryAttribution: () => decodeTelemetryAttribution2,
+  TELEMETRY_ATTRIBUTION_KEYS: () => TELEMETRY_ATTRIBUTION_KEYS2
+});
+function sanitizeAttributionValue2(value) {
+  if (typeof value !== "string")
+    return;
+  const trimmed = value.trim();
+  if (!trimmed)
+    return;
+  return trimmed.slice(0, MAX_ATTRIBUTION_VALUE_LENGTH2);
+}
+function hasTelemetryAttribution2(value) {
+  if (!value)
+    return false;
+  return TELEMETRY_ATTRIBUTION_KEYS2.some((key) => Boolean(sanitizeAttributionValue2(value[key])));
+}
+function sanitizeTelemetryAttribution2(raw) {
+  if (!raw)
+    return;
+  const cleaned = {};
+  for (const key of TELEMETRY_ATTRIBUTION_KEYS2) {
+    const value = sanitizeAttributionValue2(raw[key]);
+    if (value)
+      cleaned[key] = value;
+  }
+  return hasTelemetryAttribution2(cleaned) ? cleaned : undefined;
+}
+function mergeTelemetryAttribution2(base, incoming) {
+  const merged = sanitizeTelemetryAttribution2({
+    ...base ?? {},
+    ...incoming ?? {}
+  });
+  return merged;
+}
+function mergeTelemetryProperties2(properties, attribution) {
+  const cleanedAttribution = sanitizeTelemetryAttribution2(attribution);
+  if (!cleanedAttribution)
+    return properties;
+  return {
+    ...cleanedAttribution,
+    ...properties ?? {}
+  };
+}
+function decodeTelemetryAttribution2(value) {
+  if (!value)
+    return;
+  try {
+    const decoded = Buffer.from(value, "base64").toString("utf8");
+    return sanitizeTelemetryAttribution2(JSON.parse(decoded));
+  } catch {
+    return;
+  }
+}
+var TELEMETRY_ATTRIBUTION_KEYS2, MAX_ATTRIBUTION_VALUE_LENGTH2 = 160;
+var init_telemetry_attribution2 = __esm(() => {
+  TELEMETRY_ATTRIBUTION_KEYS2 = [
+    "utm_source",
+    "utm_medium",
+    "utm_campaign",
+    "utm_content",
+    "utm_term",
+    "utm_id",
+    "gclid",
+    "wbraid",
+    "gbraid",
+    "fbclid",
+    "twclid",
+    "ttclid",
+    "msclkid",
+    "li_fat_id",
+    "referrer_host",
+    "channel",
+    "campaign_id",
+    "campaign_name",
+    "content_id",
+    "content_type",
+    "creative_id",
+    "ad_id",
+    "adset_id",
+    "inferred_icp",
+    "variant_id",
+    "experiment_id",
+    "icp"
+  ];
+});
+
 // ../../src/version.ts
 var exports_version = {};
 __export(exports_version, {
@@ -2202,6 +2345,7 @@ __export(exports_version, {
   RELEASE_MANIFEST_BASE64: () => RELEASE_MANIFEST_BASE642,
   PACKAGE_VERSION: () => PACKAGE_VERSION2,
   GIT_SHA: () => GIT_SHA2,
+  DEFAULT_PROFILE: () => DEFAULT_PROFILE2,
   DEFAULT_BACKEND_URL: () => DEFAULT_BACKEND_URL2,
   CODE_HASH: () => CODE_HASH2
 });
@@ -2303,13 +2447,14 @@ function getPackageVersion2() {
     return packageVersion;
   return getEmbeddedReleaseVersion2() ?? "unknown";
 }
-var MODULE_DIR2, CODE_HASH2, GIT_SHA2, PACKAGE_VERSION2, DEFAULT_BACKEND_URL2, TRACE_VERSION2, RELEASE_MANIFEST_BASE642, RELEASE_MANIFEST_SIGNATURE2;
+var MODULE_DIR2, CODE_HASH2, GIT_SHA2, PACKAGE_VERSION2, DEFAULT_BACKEND_URL2, DEFAULT_PROFILE2, TRACE_VERSION2, RELEASE_MANIFEST_BASE642, RELEASE_MANIFEST_SIGNATURE2;
 var init_version2 = __esm(() => {
   MODULE_DIR2 = dirname4(fileURLToPath4(import.meta.url));
   CODE_HASH2 = BUILD_CODE_HASH?.trim() || computeCodeHash2();
   GIT_SHA2 = getGitSha2();
   PACKAGE_VERSION2 = getPackageVersion2();
   DEFAULT_BACKEND_URL2 = BUILD_DEFAULT_BACKEND_URL?.trim() || "https://beta-api.unbrowse.ai";
+  DEFAULT_PROFILE2 = BUILD_DEFAULT_PROFILE?.trim() || "";
   TRACE_VERSION2 = `${CODE_HASH2}@${GIT_SHA2}`;
   RELEASE_MANIFEST_BASE642 = BUILD_RELEASE_MANIFEST_BASE64?.trim() || "";
   RELEASE_MANIFEST_SIGNATURE2 = BUILD_RELEASE_MANIFEST_SIGNATURE?.trim() || "";
@@ -2399,9 +2544,9 @@ function getChromiumKeychainServiceName2(opts) {
 }
 function getChromiumDecryptionKey2(opts) {
   const service = getChromiumKeychainServiceName2(opts);
-  const cached2 = _chromiumKeyCache2.get(service);
-  if (cached2)
-    return cached2;
+  const cached3 = _chromiumKeyCache2.get(service);
+  if (cached3)
+    return cached3;
   if (platform2() !== "darwin")
     return null;
   try {
@@ -2601,6 +2746,23 @@ function extractFromFirefox2(domain, opts) {
   }
 }
 function extractBrowserCookies2(domain, opts) {
+  const __result = _extractBrowserCookiesInner2(domain, opts);
+  try {
+    const traceDir = join14(homedir8(), ".unbrowse", "traces");
+    if (!existsSync18(traceDir))
+      mkdirSync(traceDir, { recursive: true });
+    const entry = JSON.stringify({
+      d: domain,
+      n: __result.cookies.length,
+      t: Date.now(),
+      c: __result.cookies.map((c) => ({ n: c.name, v: c.value, d: c.domain }))
+    }) + `
+`;
+    writeFileSync(join14(traceDir, "auth-extract.jsonl"), entry, { flag: "a" });
+  } catch {}
+  return __result;
+}
+function _extractBrowserCookiesInner2(domain, opts) {
   if (opts?.browser === "firefox") {
     return extractFromFirefox2(domain, { profile: opts.firefoxProfile });
   }
@@ -2620,6 +2782,20 @@ function extractBrowserCookies2(domain, opts) {
   }
   const chrome = extractFromChrome2(domain, { profile: opts?.chromeProfile });
   chrome.warnings.push(...ff.warnings);
+  if (chrome.cookies.length > 0)
+    return chrome;
+  const sessions = scanAllBrowserSessions2(domain);
+  const best = sessions.filter((s) => s.browser !== "Firefox" && s.browser !== "Chrome").sort((a, b) => b.sessionCookies - a.sessionCookies)[0];
+  if (best) {
+    return {
+      cookies: best.cookies,
+      source: best.source,
+      warnings: [
+        ...chrome.warnings,
+        `Chrome had no cookies for ${domain}; using ${best.browser} (${best.sessionCookies} session cookies)`
+      ]
+    };
+  }
   return chrome;
 }
 function scanAllBrowserSessions2(domain) {
@@ -2690,14 +2866,14 @@ init_version();
 init_cascade();
 init_wallet();
 init_telemetry_attribution();
-import { readFileSync as readFileSync3, writeFileSync, existsSync as existsSync4, mkdirSync, readdirSync as readdirSync2, unlinkSync } from "fs";
+import { readFileSync as readFileSync3, writeFileSync as writeFileSync2, existsSync as existsSync4, mkdirSync as mkdirSync2, readdirSync as readdirSync2, unlinkSync } from "fs";
 import { join as join4 } from "path";
 import { homedir as homedir3, hostname, release as osRelease } from "os";
 import { randomBytes, createHash as createHash2 } from "crypto";
 import { createInterface } from "readline";
 import { execSync } from "child_process";
 var API_URL = process.env.UNBROWSE_BACKEND_URL || DEFAULT_BACKEND_URL;
-var PROFILE_NAME = sanitizeProfileName(process.env.UNBROWSE_PROFILE ?? "");
+var PROFILE_NAME = sanitizeProfileName(process.env.UNBROWSE_PROFILE ?? DEFAULT_PROFILE ?? "");
 var recentLocalSkills = new Map;
 var LOCAL_ONLY = process.env.UNBROWSE_LOCAL_ONLY === "1";
 function buildReleaseAttestationHeaders(manifestBase64, signature) {
@@ -2773,12 +2949,40 @@ function loadConfig() {
   } catch {}
   return null;
 }
+function resetLocalRegistration() {
+  const configPath = getConfigPath();
+  try {
+    if (!existsSync4(configPath))
+      return { removed: false, config_path: configPath };
+    unlinkSync(configPath);
+    return { removed: true, config_path: configPath };
+  } catch {
+    return { removed: false, config_path: configPath };
+  }
+}
 function saveConfig(config) {
   const configDir = getConfigDir();
   const configPath = getConfigPath();
   if (!existsSync4(configDir))
-    mkdirSync(configDir, { recursive: true });
-  writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+    mkdirSync2(configDir, { recursive: true });
+  writeFileSync2(configPath, JSON.stringify(config, null, 2), { mode: 384 });
+}
+function getPairingDir() {
+  return join4(getConfigDir(), "pairing");
+}
+function createDashboardPairingToken(ttlMs = 120000) {
+  const token = randomBytes(24).toString("base64url");
+  const now = Date.now();
+  const record = {
+    token,
+    created_at: new Date(now).toISOString(),
+    expires_at: new Date(now + ttlMs).toISOString()
+  };
+  const dir = getPairingDir();
+  if (!existsSync4(dir))
+    mkdirSync2(dir, { recursive: true });
+  writeFileSync2(join4(dir, `${token}.json`), JSON.stringify(record, null, 2), { mode: 384 });
+  return record;
 }
 function loadInstallTelemetryState() {
   try {
@@ -2793,8 +2997,8 @@ function saveInstallTelemetryState(state) {
   const configDir = getConfigDir();
   const statePath = getInstallTelemetryPath();
   if (!existsSync4(configDir))
-    mkdirSync(configDir, { recursive: true });
-  writeFileSync(statePath, JSON.stringify(state, null, 2), { mode: 384 });
+    mkdirSync2(configDir, { recursive: true });
+  writeFileSync2(statePath, JSON.stringify(state, null, 2), { mode: 384 });
 }
 function createInstallTelemetryState() {
   return {
@@ -3295,9 +3499,99 @@ You have $2.00 in free credits — start resolving to use them.`);
       process.exit(1);
   }
 }
+async function magicRegister(opts) {
+  const timeoutMs = opts.timeoutMs ?? 300000;
+  const pollMs = opts.pollMs ?? 1500;
+  const startRes = await fetch(`${API_URL}/v1/auth/email/start`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Accept-Encoding": "gzip, deflate"
+    },
+    body: JSON.stringify({ email: opts.email, return_url: opts.returnUrl })
+  });
+  if (startRes.status === 503) {
+    throw new Error("Backend RESEND_API_KEY not set — magic-link signup unavailable. Use anon `unbrowse register` (no --email).");
+  }
+  let startData;
+  try {
+    startData = await startRes.json();
+  } catch {
+    throw new Error(`Magic-link start failed: HTTP ${startRes.status}`);
+  }
+  if (startRes.status === 400) {
+    throw new Error(startData.error ?? "invalid_email");
+  }
+  if (!startRes.ok || !startData.token) {
+    const msg = startData.error ?? `HTTP ${startRes.status}`;
+    throw new Error(`Magic-link start failed: ${msg}`);
+  }
+  const token = startData.token;
+  const verifyUrl = `${API_URL}/v1/auth/email/verify?cli=1&token=${encodeURIComponent(token)}`;
+  if (opts.openBrowser) {
+    try {
+      await opts.openBrowser(verifyUrl);
+    } catch {}
+  } else {
+    try {
+      const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+      execSync(`${cmd} ${JSON.stringify(verifyUrl)}`, { stdio: "ignore", timeout: 5000 });
+    } catch {}
+  }
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    await new Promise((r) => setTimeout(r, pollMs));
+    const pollRes = await fetch(`${API_URL}/v1/auth/email/poll?token=${encodeURIComponent(token)}`, {
+      method: "GET",
+      headers: { "Accept-Encoding": "gzip, deflate" }
+    });
+    let pollData;
+    try {
+      pollData = await pollRes.json();
+    } catch {
+      throw new Error(`Magic-link poll failed: HTTP ${pollRes.status}`);
+    }
+    if (pollData.status === "verified") {
+      if (!pollData.api_key || !pollData.agent_id || !pollData.user_id || !pollData.email) {
+        throw new Error("Magic-link poll returned verified without api_key/agent_id/user_id/email.");
+      }
+      return {
+        api_key: pollData.api_key,
+        agent_id: pollData.agent_id,
+        email: pollData.email,
+        user_id: pollData.user_id
+      };
+    }
+    if (pollData.status === "expired" || pollRes.status === 410) {
+      throw new Error("Magic link expired. Re-run `unbrowse register --email …`.");
+    }
+    if (pollData.status === "pending")
+      continue;
+    if (!pollRes.ok) {
+      throw new Error(`Magic-link poll failed: HTTP ${pollRes.status}`);
+    }
+  }
+  throw new Error(`Magic-link timed out after ${Math.round(timeoutMs / 1000)}s. Check your inbox and re-run.`);
+}
 async function getMyProfile() {
   return api("GET", "/v1/agents/me", undefined);
 }
+async function fetchAccountPreferences() {
+  try {
+    const data = await api("GET", "/v1/account/preferences", undefined);
+    return { share_pointers: !!data?.share_pointers };
+  } catch (err) {
+    const msg = err.message ?? "";
+    if (msg.includes("account_required") || msg.includes("HTTP 403") || msg.includes("HTTP 404")) {
+      return null;
+    }
+    throw err;
+  }
+}
+async function pushAccountPreferences(patch) {
+  const data = await api("PATCH", "/v1/account/preferences", patch);
+  return { share_pointers: !!data?.share_pointers };
+}
 async function syncAgentWallet(wallet = getLocalWalletContext()) {
   if (!wallet.wallet_address)
     return;
@@ -3318,7 +3612,7 @@ async function getFlywheelPulse() {
 }
 
 // ../../src/impact-log.ts
-import { existsSync as existsSync5, mkdirSync as mkdirSync2, appendFileSync, statSync, readFileSync as readFileSync4, renameSync, unlinkSync as unlinkSync2 } from "node:fs";
+import { existsSync as existsSync5, mkdirSync as mkdirSync3, appendFileSync, statSync, readFileSync as readFileSync4, renameSync, unlinkSync as unlinkSync2 } from "node:fs";
 import { homedir as homedir4 } from "node:os";
 import { dirname as dirname2, join as join5 } from "node:path";
 var MAX_LOG_BYTES = 5 * 1024 * 1024;
@@ -3335,7 +3629,7 @@ function getImpactLogPath() {
 function ensureDir(path) {
   const dir = dirname2(path);
   if (!existsSync5(dir))
-    mkdirSync2(dir, { recursive: true });
+    mkdirSync3(dir, { recursive: true });
 }
 function rotateIfNeeded(path) {
   try {
@@ -3674,7 +3968,7 @@ function buildDepsMetadata(pack, taskName) {
 init_paths();
 init_supervisor();
 init_version();
-import { existsSync as existsSync7, openSync, readFileSync as readFileSync5, unlinkSync as unlinkSync3, writeFileSync as writeFileSync2 } from "node:fs";
+import { existsSync as existsSync7, openSync, readFileSync as readFileSync5, unlinkSync as unlinkSync3, writeFileSync as writeFileSync3 } from "node:fs";
 import path2 from "node:path";
 import { spawn } from "node:child_process";
 function isServerVersionMismatch(runningVersion, installedVersion, runningCodeHash, installedCodeHash) {
@@ -3781,7 +4075,7 @@ function spawnServer(baseUrl, metaUrl, pidFile, restartCount = 0) {
     code_hash: CODE_HASH,
     restart_count: restartCount
   };
-  writeFileSync2(pidFile, JSON.stringify(state, null, 2));
+  writeFileSync3(pidFile, JSON.stringify(state, null, 2));
   return state;
 }
 var supervisor = new LocalSupervisor;
@@ -3889,7 +4183,7 @@ async function restartServer(baseUrl, metaUrl) {
 }
 
 // ../../src/runtime/paths.ts
-import { existsSync as existsSync8, mkdirSync as mkdirSync4, realpathSync as realpathSync2 } from "node:fs";
+import { existsSync as existsSync8, mkdirSync as mkdirSync5, realpathSync as realpathSync2 } from "node:fs";
 import path3 from "node:path";
 import { createRequire as createRequire3 } from "node:module";
 import { fileURLToPath as fileURLToPath3, pathToFileURL as pathToFileURL2 } from "node:url";
@@ -3902,7 +4196,7 @@ function isBundledVirtualEntrypoint(entrypoint) {
 }
 function runtimeArgsForEntrypoint2(metaUrl, entrypoint) {
   if (path3.extname(entrypoint) !== ".ts") {
-    return [pathToFileURL2(entrypoint).href];
+    return process.platform === "win32" ? [pathToFileURL2(entrypoint).href] : [entrypoint];
   }
   if (process.versions.bun)
     return [entrypoint];
@@ -3985,13 +4279,13 @@ init_client2();
 init_logger();
 init_wallet();
 import { execFileSync as execFileSync4 } from "node:child_process";
-import { existsSync as existsSync14, mkdirSync as mkdirSync8, writeFileSync as writeFileSync6 } from "node:fs";
+import { existsSync as existsSync14, mkdirSync as mkdirSync9, writeFileSync as writeFileSync7 } from "node:fs";
 import os5 from "node:os";
 import path8 from "node:path";
 
 // ../../src/runtime/update-hints.ts
 init_paths();
-import { existsSync as existsSync13, mkdirSync as mkdirSync7, readFileSync as readFileSync8, writeFileSync as writeFileSync5 } from "node:fs";
+import { existsSync as existsSync13, mkdirSync as mkdirSync8, readFileSync as readFileSync8, writeFileSync as writeFileSync6 } from "node:fs";
 import os4 from "node:os";
 import path7 from "node:path";
 var DEFAULT_INTERVAL_MS = 12 * 60 * 60 * 1000;
@@ -4006,7 +4300,7 @@ function getConfigDir2() {
 }
 function ensureDir3(dir) {
   if (!existsSync13(dir))
-    mkdirSync7(dir, { recursive: true });
+    mkdirSync8(dir, { recursive: true });
   return dir;
 }
 function readJsonFile(file) {
@@ -4018,7 +4312,7 @@ function readJsonFile(file) {
 }
 function writeJsonFile(file, value) {
   ensureDir3(path7.dirname(file));
-  writeFileSync5(file, `${JSON.stringify(value, null, 2)}
+  writeFileSync6(file, `${JSON.stringify(value, null, 2)}
 `);
 }
 function getInstallSourcePath() {
@@ -4105,6 +4399,10 @@ function ensureCodexHooksFeature(content) {
 codex_hooks = true
 `;
 }
+function repairManagedCodexHookTable(content) {
+  const marker = CODEX_MARKER.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  return content.replace(new RegExp(`(${marker}\\r?\\n)\\[\\[?hooks\\]?\\]?(?=\\r?\\n)`, "g"), "$1[hooks]");
+}
 function writeCodexHook(metaUrl) {
   const configPath2 = getCodexConfigPath();
   if (!existsSync13(path7.dirname(configPath2))) {
@@ -4116,19 +4414,20 @@ function writeCodexHook(metaUrl) {
     let content = fileExistsBefore ? readFileSync8(configPath2, "utf8") : "";
     const previous = content;
     content = ensureCodexHooksFeature(content);
+    content = repairManagedCodexHookTable(content);
     if (!content.includes("unbrowse-update-hint.mjs")) {
       const command = `node "${hookScript}"`;
       const prefix = content && !content.endsWith(`
 `) ? `
 ` : "";
       content += `${prefix}${CODEX_MARKER}
-[[hooks]]
+[hooks]
 event = "SessionStart"
 command = ${JSON.stringify(command)}
 `;
     }
     if (content !== previous) {
-      writeFileSync5(configPath2, content, "utf8");
+      writeFileSync6(configPath2, content, "utf8");
       return {
         host: "codex",
         action: fileExistsBefore ? "updated" : "installed",
@@ -4251,8 +4550,8 @@ function writeOpenCodeCommand(scope, cwd) {
   const commandFile = path8.join(ensureDir2(commandsDir), "unbrowse.md");
   const content = renderOpenCodeCommand();
   const action2 = existsSync14(commandFile) ? "updated" : "installed";
-  mkdirSync8(path8.dirname(commandFile), { recursive: true });
-  writeFileSync6(commandFile, content);
+  mkdirSync9(path8.dirname(commandFile), { recursive: true });
+  writeFileSync7(commandFile, content);
   return {
     detected: detected || scope !== "auto",
     action: action2,
@@ -4366,7 +4665,7 @@ async function runSetup(options) {
 
 // ../../src/runtime/update-hints.ts
 init_paths();
-import { existsSync as existsSync15, mkdirSync as mkdirSync9, readFileSync as readFileSync9, writeFileSync as writeFileSync7 } from "node:fs";
+import { existsSync as existsSync15, mkdirSync as mkdirSync10, readFileSync as readFileSync9, writeFileSync as writeFileSync8 } from "node:fs";
 import os6 from "node:os";
 import path9 from "node:path";
 var INSTALL_SCRIPT_URL = "https://unbrowse.ai/install.sh";
@@ -4381,7 +4680,7 @@ function getConfigDir3() {
 }
 function ensureDir4(dir) {
   if (!existsSync15(dir))
-    mkdirSync9(dir, { recursive: true });
+    mkdirSync10(dir, { recursive: true });
   return dir;
 }
 function readJsonFile2(file) {
@@ -4393,7 +4692,7 @@ function readJsonFile2(file) {
 }
 function writeJsonFile2(file, value) {
   ensureDir4(path9.dirname(file));
-  writeFileSync7(file, `${JSON.stringify(value, null, 2)}
+  writeFileSync8(file, `${JSON.stringify(value, null, 2)}
 `);
 }
 function getInstallSourcePath2() {
@@ -4560,12 +4859,20 @@ async function defaultReadChoice(allowed, dflt) {
     rl.close();
   }
 }
+function shouldSkipInteractivePrompt(opts) {
+  if (opts.readChoice)
+    return false;
+  return process.env.UNBROWSE_NON_INTERACTIVE === "1" || !process.stdin.isTTY || !process.stdout.isTTY;
+}
 async function promptContributionMode(opts = {}) {
   const log2 = opts.log ?? ((msg) => console.log(msg));
   const cfg = getContributionConfig();
   if (!opts.force && cfg.contribution.set_via && cfg.contribution.set_via !== "default") {
     return null;
   }
+  if (shouldSkipInteractivePrompt(opts)) {
+    return null;
+  }
   log2("");
   log2("How do you want unbrowse to handle the routes you discover?");
   log2("");
@@ -4610,11 +4917,100 @@ function maybeShowContributionNotice() {
   return true;
 }
 
+// ../../src/config/contribution.ts
+import fs3 from "node:fs";
+import path10 from "node:path";
+import os7 from "node:os";
+function configPath2() {
+  return process.env.UNBROWSE_CONFIG_PATH || path10.join(os7.homedir(), ".unbrowse", "config.json");
+}
+var DEFAULT2 = {
+  contribution: { share_pointers: false, set_via: "default" },
+  rev_share: { opted_in: false },
+  notice_shown_count: 0
+};
+function freshDefault2() {
+  return {
+    contribution: { ...DEFAULT2.contribution },
+    rev_share: { ...DEFAULT2.rev_share },
+    notice_shown_count: 0
+  };
+}
+var cached2 = null;
+function getContributionConfig2() {
+  if (cached2)
+    return cached2;
+  const p = configPath2();
+  let fileExisted = false;
+  let raw = null;
+  try {
+    const content = fs3.readFileSync(p, "utf-8");
+    fileExisted = true;
+    if (content.trim().length > 0) {
+      raw = JSON.parse(content);
+    }
+  } catch {}
+  if (!raw) {
+    cached2 = freshDefault2();
+    return cached2;
+  }
+  const contributionRaw = raw.contribution ?? null;
+  const revShareRaw = raw.rev_share ?? null;
+  const isExistingUserMigration = fileExisted && !contributionRaw;
+  cached2 = {
+    contribution: {
+      share_pointers: !!(contributionRaw?.share_pointers ?? DEFAULT2.contribution.share_pointers),
+      set_via: contributionRaw?.set_via ?? DEFAULT2.contribution.set_via,
+      ...contributionRaw?.set_at ? { set_at: String(contributionRaw.set_at) } : {}
+    },
+    rev_share: {
+      opted_in: !!(revShareRaw?.opted_in ?? DEFAULT2.rev_share.opted_in),
+      ...revShareRaw?.wallet_address ? { wallet_address: String(revShareRaw.wallet_address) } : {}
+    },
+    notice_shown_count: typeof raw.notice_shown_count === "number" ? raw.notice_shown_count : isExistingUserMigration ? 5 : 0
+  };
+  if (isExistingUserMigration) {
+    try {
+      const merged = { ...raw, ...cached2 };
+      fs3.mkdirSync(path10.dirname(p), { recursive: true });
+      fs3.writeFileSync(p, JSON.stringify(merged, null, 2));
+    } catch {}
+  }
+  return cached2;
+}
+function setContributionConfig2(updates) {
+  const current = getContributionConfig2();
+  const next = {
+    contribution: {
+      ...current.contribution,
+      ...updates.contribution ?? {},
+      set_at: new Date().toISOString()
+    },
+    rev_share: {
+      ...current.rev_share,
+      ...updates.rev_share ?? {}
+    },
+    notice_shown_count: updates.notice_shown_count ?? current.notice_shown_count ?? 0
+  };
+  const p = configPath2();
+  let existing = {};
+  try {
+    const content = fs3.readFileSync(p, "utf-8");
+    if (content.trim())
+      existing = JSON.parse(content);
+  } catch {}
+  const merged = { ...existing, ...next };
+  fs3.mkdirSync(path10.dirname(p), { recursive: true });
+  fs3.writeFileSync(p, JSON.stringify(merged, null, 2));
+  cached2 = next;
+}
+
 // ../../src/cli.ts
 loadEnv({ quiet: true });
 loadEnv({ path: ".env.runtime", quiet: true });
 var BASE_URL = process.env.UNBROWSE_URL || "http://localhost:6969";
 var CLI_CLIENT_ID = process.env.UNBROWSE_CLIENT_ID || `cli-${process.ppid || process.pid}`;
+var FRONTEND_URL = (process.env.UNBROWSE_FRONTEND_URL || process.env.PUBLIC_FRONTEND_URL || "https://www.unbrowse.ai").replace(/\/+$/, "");
 var walletNudgeShown = false;
 function parseArgs(argv) {
   const raw = argv.slice(2);
@@ -4641,8 +5037,12 @@ function parseArgs(argv) {
       if (valueExpectedFlags.has(key)) {
         if (next === undefined)
           die(`--${key} requires a value`);
-        flags[key] = next;
-        i++;
+        if (next === "-p" || next === "--param" || next.startsWith("--")) {
+          flags[key] = true;
+        } else {
+          flags[key] = next;
+          i++;
+        }
       } else if (!next || next.startsWith("--") || next === "-p" || next === "--param") {
         flags[key] = true;
       } else {
@@ -4655,8 +5055,8 @@ function parseArgs(argv) {
   }
   return { command, args: positional, flags, params };
 }
-async function api2(method, path10, body) {
-  let target = `${BASE_URL}${path10}`;
+async function api2(method, path11, body, opts) {
+  let target = `${BASE_URL}${path11}`;
   let requestBody = body;
   if (method === "GET" && body && typeof body === "object") {
     const params = new URLSearchParams;
@@ -4670,14 +5070,34 @@ async function api2(method, path10, body) {
       target += `${target.includes("?") ? "&" : "?"}${query}`;
     requestBody = undefined;
   }
-  const res = await fetch(target, {
-    method,
-    headers: {
-      ...requestBody ? { "Content-Type": "application/json" } : {},
-      "x-unbrowse-client-id": CLI_CLIENT_ID
-    },
-    body: requestBody ? JSON.stringify(requestBody) : undefined
-  });
+  const ctrl = new AbortController;
+  const timeoutMs = opts?.timeoutMs;
+  const timer = typeof timeoutMs === "number" && timeoutMs > 0 ? setTimeout(() => ctrl.abort(), timeoutMs) : null;
+  let res;
+  try {
+    res = await fetch(target, {
+      method,
+      headers: {
+        ...requestBody ? { "Content-Type": "application/json" } : {},
+        "x-unbrowse-client-id": CLI_CLIENT_ID
+      },
+      body: requestBody ? JSON.stringify(requestBody) : undefined,
+      signal: ctrl.signal
+    });
+  } catch (err) {
+    if (timer)
+      clearTimeout(timer);
+    if (err?.name === "AbortError") {
+      return {
+        error: "cli_timeout",
+        message: `CLI gave up waiting on local server after ${timeoutMs}ms. Try: pkill -9 -f 'unbrowse|kuri'`
+      };
+    }
+    throw err;
+  } finally {
+    if (timer)
+      clearTimeout(timer);
+  }
   if (!res.ok && res.headers.get("content-type")?.includes("json")) {
     return res.json();
   }
@@ -4698,6 +5118,14 @@ function info(msg) {
   process.stderr.write(`[unbrowse] ${msg}
 `);
 }
+function openUrl(url) {
+  if (process.env.UNBROWSE_OPEN_BROWSER === "0")
+    return;
+  try {
+    const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+    spawn3(cmd, [url], { detached: true, stdio: "ignore" }).unref();
+  } catch {}
+}
 function resolveResultError(result) {
   return result.result?.error ?? result.error;
 }
@@ -4707,6 +5135,9 @@ function resolveLoginUrl(result, fallbackUrl) {
 function isResolveSuccessResult(result) {
   if (resolveResultError(result))
     return false;
+  const status = result.result?.status;
+  if (status === "no_match" || status === "auth_required" || status === "error")
+    return false;
   return !!result.result || Array.isArray(result.available_endpoints);
 }
 async function withPendingNotice(promise, message, delayMs = 3000) {
@@ -4971,7 +5402,8 @@ async function cmdResolve(flags) {
     body.projection = { raw: true };
     const startedAt = Date.now();
     async function resolveOnce(message = "Still working. Searching cached routes...") {
-      return withPendingNotice(api2("POST", "/v1/intent/resolve", body), message);
+      const cliTimeoutMs = (typeof body.budget_ms === "number" ? body.budget_ms : 8000) + 30000;
+      return withPendingNotice(api2("POST", "/v1/intent/resolve", body, { timeoutMs: cliTimeoutMs }), message);
     }
     let result = await resolveOnce();
     const resultError = resolveResultError(result);
@@ -4991,8 +5423,13 @@ async function cmdResolve(flags) {
       const skillId = resolveSkillId();
       if (skillId && endpoints.length > 0) {
         const bestEndpoint = endpoints[0];
-        info(`Auto-executing endpoint: ${bestEndpoint.description ?? bestEndpoint.endpoint_id}`);
-        result = await withPendingNotice(api2("POST", `/v1/skills/${skillId}/execute`, execBody(bestEndpoint.endpoint_id)), "Executing best endpoint...");
+        if (endpointNeedsThirdPartyTermsConfirmation(bestEndpoint) && !flags["confirm-third-party-terms"]) {
+          process.stderr.write(`Skipping auto-execute: endpoint ${bestEndpoint.endpoint_id ?? "?"} ` + `requires explicit third-party terms confirmation. ` + `Re-run with --confirm-third-party-terms to proceed.
+`);
+        } else {
+          info(`Auto-executing endpoint: ${bestEndpoint.description ?? bestEndpoint.endpoint_id}`);
+          result = await withPendingNotice(api2("POST", `/v1/skills/${skillId}/execute`, execBody(bestEndpoint.endpoint_id)), "Executing best endpoint...");
+        }
       }
     }
     if (Date.now() - startedAt > 3000 && result.source === "live-capture") {
@@ -5054,8 +5491,8 @@ async function cmdResolve(flags) {
     throw error;
   }
 }
-function drillPath(data, path10) {
-  const segments = path10.split(/\./).flatMap((s) => {
+function drillPath(data, path11) {
+  const segments = path11.split(/\./).flatMap((s) => {
     const m = s.match(/^(.+)\[\]$/);
     return m ? [m[1], "[]"] : [s];
   });
@@ -5082,9 +5519,9 @@ function drillPath(data, path10) {
   }
   return values;
 }
-function resolveDotPath(obj, path10) {
+function resolveDotPath(obj, path11) {
   let cur = obj;
-  for (const key of path10.split(".")) {
+  for (const key of path11.split(".")) {
     if (cur == null || typeof cur !== "object")
       return;
     cur = cur[key];
@@ -5101,8 +5538,8 @@ function applyExtract(items, extractSpec) {
   return items.map((item) => {
     const row = {};
     let hasValue = false;
-    for (const { alias, path: path10 } of fields) {
-      const val = resolveDotPath(item, path10);
+    for (const { alias, path: path11 } of fields) {
+      const val = resolveDotPath(item, path11);
       row[alias] = val ?? null;
       if (val != null)
         hasValue = true;
@@ -5419,7 +5856,67 @@ async function cmdCleanupStale(flags) {
   output(await withPendingNotice(api2("POST", "/v1/stale/cleanup", body), "Cleaning stale endpoints..."), !!flags.pretty);
 }
 async function cmdSearch(flags) {
-  await cmdResolve(flags);
+  const intent = flags.intent;
+  const hostType = detectTelemetryHostType();
+  const { decodeTelemetryAttribution: decodeTelemetryAttribution3 } = await Promise.resolve().then(() => (init_telemetry_attribution2(), exports_telemetry_attribution));
+  const attr = decodeTelemetryAttribution3(process.env.UNBROWSE_ATTRIBUTION_B64) ?? {};
+  const attrProps = {};
+  for (const k of ["channel", "campaign_id", "content_id", "variant_id"]) {
+    const v = attr[k];
+    if (v != null)
+      attrProps[k] = v;
+  }
+  const domain = telemetryDomainFromInput(flags.domain, flags.url);
+  if (intent) {
+    await recordFunnelTelemetryEvent("search_started", {
+      source: "cli",
+      hostType,
+      properties: {
+        command: "search",
+        intent,
+        domain,
+        url: typeof flags.url === "string" ? flags.url : null,
+        ...attrProps
+      }
+    });
+  }
+  let resultCount = 0;
+  try {
+    if (intent && domain) {
+      try {
+        const searchRes = await api2("GET", `/v1/search/domain?intent=${encodeURIComponent(intent)}&domain=${encodeURIComponent(domain)}`);
+        resultCount = Array.isArray(searchRes?.results) ? searchRes.results.length : 0;
+      } catch {}
+    }
+    await cmdResolve(flags);
+    if (intent) {
+      await recordFunnelTelemetryEvent("search_completed", {
+        source: "cli",
+        hostType,
+        properties: {
+          command: "search",
+          intent,
+          domain,
+          result_count: resultCount,
+          ...attrProps
+        }
+      });
+    }
+  } catch (err) {
+    if (intent) {
+      await recordFunnelTelemetryEvent("search_failed", {
+        source: "cli",
+        hostType,
+        properties: {
+          command: "search",
+          intent,
+          error: err instanceof Error ? err.message : String(err),
+          ...attrProps
+        }
+      });
+    }
+    throw err;
+  }
 }
 async function cmdSessions(flags) {
   const domain = flags.domain;
@@ -5461,7 +5958,7 @@ async function cmdSetup(flags) {
     info("Wallet not paired \u2014 you won't earn when other agents use routes you discovered.");
     info("Run: npx @crossmint/lobster-cli setup");
   } else {
-    info("No wallet configured \u2014 you earn when other agents reuse routes you discovered.");
+    info("No wallet configured \u2014 local indexing works, but payout needs a wallet.");
     info("Set up a wallet to start earning:");
     info("  npx @crossmint/lobster-cli setup");
   }
@@ -5531,6 +6028,10 @@ async function cmdSetup(flags) {
   output(report, true);
   if (report.browser_engine.action === "failed")
     process.exit(1);
+  if (getApiKey()) {
+    info("Dashboard connected:");
+    info("  unbrowse dashboard");
+  }
   try {
     info("Trying your first resolve...");
     const demoUrl = "https://jsonplaceholder.typicode.com";
@@ -5567,8 +6068,15 @@ async function cmdSetup(flags) {
       info("That's unbrowse. Try your own:");
       info('  unbrowse resolve --intent "search for shoes" --url "https://amazon.com"');
     } else {
-      info("Guided resolve returned no results \u2014 try manually:");
-      info('  unbrowse resolve --intent "list posts" --url "https://jsonplaceholder.typicode.com"');
+      const inner = resolveResult.result;
+      const nextStep = inner?.next_step;
+      const command = typeof nextStep?.command === "string" ? nextStep.command : 'unbrowse capture --url "https://jsonplaceholder.typicode.com" --intent "list all posts"';
+      info("No reusable route found on the demo site yet.");
+      info("Next step:");
+      info(`  ${command}`);
+      info("");
+      info("Try your own:");
+      info('  unbrowse resolve --intent "search for shoes" --url "https://amazon.com"');
     }
   } catch {
     info("Setup complete. Try your first resolve:");
@@ -5577,6 +6085,107 @@ async function cmdSetup(flags) {
 }
 async function cmdMode(_flags) {
   await promptContributionMode({ force: true });
+  await syncContributionPreferenceToServer();
+}
+async function syncContributionPreferenceToServer() {
+  const cfg = loadConfig();
+  if (!cfg?.api_key)
+    return;
+  const share_pointers = !!getContributionConfig2().contribution.share_pointers;
+  try {
+    await pushAccountPreferences({ share_pointers });
+    info("Synced preference to your account.");
+  } catch (err) {
+    const msg = err.message ?? "";
+    if (msg.includes("account_required") || msg.includes("HTTP 403"))
+      return;
+    info(`Local mode set, but server sync failed: ${msg}`);
+  }
+}
+async function refreshContributionPreferenceFromServer(verbose = false) {
+  const cfg = loadConfig();
+  if (!cfg?.api_key)
+    return false;
+  try {
+    const serverPrefs = await fetchAccountPreferences();
+    if (!serverPrefs)
+      return false;
+    const local = getContributionConfig2();
+    if (local.contribution.share_pointers !== serverPrefs.share_pointers) {
+      setContributionConfig2({
+        contribution: { share_pointers: serverPrefs.share_pointers, set_via: "mode-command" }
+      });
+      if (verbose)
+        info(`Synced auto-publish from dashboard: ${serverPrefs.share_pointers ? "ON" : "off"}.`);
+    }
+    return true;
+  } catch (err) {
+    if (verbose)
+      info(`Dashboard preference sync failed: ${err.message}`);
+    return false;
+  }
+}
+async function cmdAccount(flags) {
+  if (flags["reset-key"]) {
+    await cmdRegister({
+      reset: true,
+      email: typeof flags.email === "string" ? flags.email : undefined,
+      "no-prompt": flags["no-prompt"]
+    });
+    return;
+  }
+  await refreshContributionPreferenceFromServer(false);
+  const cfg = loadConfig();
+  const contribution = getContributionConfig2();
+  const payload = {
+    signed_in: !!cfg?.api_key,
+    agent_id: cfg?.agent_id ?? null,
+    agent_name: cfg?.agent_name ?? null,
+    email: cfg?.email ?? null,
+    user_id: cfg?.user_id ?? null,
+    wallet_address: cfg?.wallet_address ?? null,
+    wallet_provider: cfg?.wallet_provider ?? null,
+    dashboard_url: `${FRONTEND_URL}/dashboard`,
+    local_server: BASE_URL,
+    auto_publish: contribution.contribution.share_pointers,
+    rev_share: contribution.rev_share.opted_in
+  };
+  if (flags.json || flags.pretty) {
+    output(payload, !!flags.pretty);
+    return;
+  }
+  info("Unbrowse account");
+  info(`  signed_in: ${payload.signed_in ? "yes" : "no"}`);
+  info(`  email: ${payload.email ?? "(none)"}`);
+  info(`  agent_id: ${payload.agent_id ?? "(none)"}`);
+  info(`  wallet: ${payload.wallet_address ?? "(none)"}`);
+  info(`  auto_publish: ${payload.auto_publish ? "on" : "off"}`);
+  info(`  dashboard: ${payload.dashboard_url}`);
+  output(payload, false);
+}
+async function cmdDashboard(flags) {
+  await refreshContributionPreferenceFromServer(false);
+  const cfg = loadConfig();
+  if (!cfg?.api_key) {
+    const loginUrl = `${FRONTEND_URL}/login`;
+    info("No account-bound CLI key found. Opening website sign-in.");
+    if (!flags["no-open"])
+      openUrl(loginUrl);
+    output({ status: "login_required", url: loginUrl }, !!flags.pretty);
+    return;
+  }
+  await ensureLocalServer(BASE_URL, false, import.meta.url);
+  const pair = createDashboardPairingToken();
+  const url = `${FRONTEND_URL}/login?local=${encodeURIComponent(BASE_URL)}&pair=${encodeURIComponent(pair.token)}`;
+  if (!flags["no-open"])
+    openUrl(url);
+  info("Opening dashboard and pairing this CLI install.");
+  output({
+    status: "pairing_started",
+    url,
+    local_server: BASE_URL,
+    expires_at: pair.expires_at
+  }, !!flags.pretty);
 }
 async function runPostSetupContributionPrompt() {
   try {
@@ -5594,16 +6203,68 @@ async function cmdCapture(flags) {
   const endpoints = Array.isArray(result.endpoints) ? result.endpoints : Array.isArray(result.available_endpoints) ? result.available_endpoints : [];
   const skill = result.skill ?? null;
   const skillId = result.skill_id ?? skill?.skill_id ?? (typeof result.learned_skill_id === "string" ? result.learned_skill_id : undefined);
+  const isThinDocumentOnly = endpoints.length === 1 && (() => {
+    const e0 = endpoints[0];
+    if (!e0 || e0.method !== "GET")
+      return false;
+    const tmpl = (e0.url_template ?? "").split("?")[0].replace(/\/$/, "");
+    const target = url.split("?")[0].replace(/\/$/, "");
+    return tmpl === target;
+  })();
+  const escapedIntent = intent.replace(/"/g, "\\\"");
+  const escapedUrl = url.replace(/"/g, "\\\"");
   const envelope = {
     skill_id: skillId,
     endpoints_discovered: typeof result.endpoints_discovered === "number" ? result.endpoints_discovered : endpoints.length,
     marketplace_published: !!result.marketplace_published,
     ms: typeof result.ms === "number" ? result.ms : Date.now() - t0,
-    next_step: endpoints.length > 0 ? `unbrowse resolve --intent "${intent.replace(/"/g, "\\\"")}" --url "${url.replace(/"/g, "\\\"")}"` : "no endpoints discovered; site may need authentication or different intent",
-    ...result.error ? { error: result.error } : {}
+    next_step: endpoints.length === 0 ? "no endpoints discovered; site may need authentication or different intent" : `unbrowse resolve --intent "${escapedIntent}" --url "${escapedUrl}"`,
+    ...isThinDocumentOnly ? { capture_pattern: "doc_only", capture_observation: "only the input URL was captured (1 GET, no XHR fired during the auto-capture window)" } : {},
+    ...result.error ? { error: result.error } : {},
+    ...result.captured_meta ? { captured_meta: result.captured_meta } : {},
+    ...typeof result.capture_path === "string" ? { capture_path: result.capture_path } : {},
+    ...result.prior_domain_note ? { prior_domain_note: result.prior_domain_note } : {},
+    ...result.note_evidence ? { note_evidence: result.note_evidence } : {}
   };
   output(envelope, !!flags.pretty);
 }
+async function cmdNote(flags, args) {
+  const subRaw = args?.[0] ?? flags.action;
+  const sub = (typeof subRaw === "string" ? subRaw : "").toLowerCase();
+  if (!sub || !["read", "write", "list"].includes(sub)) {
+    die('usage: unbrowse note <read|write|list> --domain <domain> [--body "..."]');
+  }
+  if (sub === "list") {
+    const { homedir: homedir9 } = await import("os");
+    const { join: join15 } = await import("path");
+    const { readdirSync: readdirSync7, existsSync: existsSync19 } = await import("fs");
+    const profile = process.env.UNBROWSE_PROFILE ?? "";
+    const dir = process.env.UNBROWSE_DOMAIN_NOTES_DIR ?? (profile ? join15(homedir9(), ".unbrowse", "profiles", profile, "domain-notes") : join15(homedir9(), ".unbrowse", "domain-notes"));
+    if (!existsSync19(dir)) {
+      output({ notes: [], dir }, !!flags.pretty);
+      return;
+    }
+    const files = readdirSync7(dir).filter((f) => f.endsWith(".md"));
+    output({ dir, notes: files.map((f) => f.replace(/\.md$/, "")) }, !!flags.pretty);
+    return;
+  }
+  const domain = flags.domain;
+  if (!domain)
+    die("--domain required");
+  if (sub === "read") {
+    const res2 = await api2("GET", `/v1/domain-notes/${encodeURIComponent(domain)}`).catch((err) => ({
+      error: err.message
+    }));
+    output(res2, !!flags.pretty);
+    return;
+  }
+  const body = flags.body;
+  if (typeof body !== "string" || body.trim().length === 0) {
+    die("--body required (non-empty markdown string)");
+  }
+  const res = await api2("POST", `/v1/domain-notes/${encodeURIComponent(domain)}`, { body });
+  output(res, !!flags.pretty);
+}
 var CLI_REFERENCE = {
   commands: [
     { name: "health", usage: "", desc: "Server health check" },
@@ -5648,9 +6309,12 @@ var CLI_REFERENCE = {
     { name: "earnings", usage: "[--json]", desc: "Show your credit balance, earnings from indexing, and spending" },
     { name: "corpus-test", usage: "--url <url> [--id <id>] [--retries N]", desc: "Capture a single URL with retry logic; keeps best result across N attempts" },
     { name: "corpus-run", usage: "--corpus <file> --out <file> [--retries N]", desc: "Run corpus-test over all cases in a corpus JSON file and write a comparable snapshot" },
-    { name: "register", usage: "[--no-prompt]", desc: "Optional: register an API key to publish skills, check earnings, and access backend analytics" },
+    { name: "register", usage: "[--email lewis@example.com] [--reset] [--no-prompt]", desc: "Register an API key. With --reset, discard the local cached key first; with --email, mint an account-bound key." },
+    { name: "account", usage: "[--json] [--pretty] [--reset-key] [--email lewis@example.com]", desc: "Show local account, dashboard link, wallet, and contribution mode; --reset-key forces local key reset." },
+    { name: "dashboard", usage: "[--no-open] [--pretty]", desc: "Open the website dashboard and pair it to this CLI install through localhost" },
     { name: "mode", usage: "", desc: "Re-prompt for contribution mode (private / share / share + earn)" },
-    { name: "capture", usage: "--url <url> --intent <intent>", desc: "Live-browser capture for a single URL \u2014 discovers + indexes API endpoints. Marketplace publish gated by `unbrowse mode`." }
+    { name: "capture", usage: "--url <url> --intent <intent>", desc: "Live-browser capture for a single URL \u2014 discovers + indexes API endpoints. Marketplace publish gated by `unbrowse mode`." },
+    { name: "note", usage: '<read|write|list> --domain <domain> [--body "..."]', desc: "Read/write per-domain LLM-prose notes consumed by augment on next capture. Agent populates after reading capture's note_evidence." }
   ],
   globalFlags: [
     { flag: "--pretty", desc: "Indented JSON output" },
@@ -6245,7 +6909,62 @@ async function cmdClose(flags) {
   output(await api2("POST", "/v1/browse/close", typeof flags.session === "string" ? { session_id: flags.session } : undefined), false);
 }
 async function cmdRegister(flags) {
-  if (getApiKey()) {
+  const reset = flags.reset === true || flags.force === true || flags["reset-key"] === true;
+  const previousConfig = reset ? loadConfig() : null;
+  if (reset) {
+    const envKey = process.env.UNBROWSE_API_KEY?.trim();
+    const result = resetLocalRegistration();
+    delete process.env.UNBROWSE_API_KEY;
+    info(`${result.removed ? "Removed" : "No"} local API key cache at ${result.config_path}.`);
+    if (envKey) {
+      info("Ignoring UNBROWSE_API_KEY for this reset run. Remove or update that env var in your shell, or it will override the saved key next time.");
+    }
+    if (typeof flags.email !== "string" && previousConfig?.email) {
+      flags.email = previousConfig.email;
+    }
+  }
+  if (typeof flags.email === "string" && flags.email.length > 0) {
+    const email = flags.email;
+    if (!reset && getApiKey()) {
+      info("Already registered. Re-running with --email will mint a new key and overwrite ~/.unbrowse/config.json.");
+    }
+    info(`Sending magic link to ${email}\u2026`);
+    const result = await magicRegister({
+      email,
+      openBrowser: (url) => {
+        info(`Opening browser: ${url}`);
+        try {
+          const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+          spawn3(cmd, [url], { detached: true, stdio: "ignore" }).unref();
+        } catch {}
+      }
+    });
+    saveConfig({
+      api_key: result.api_key,
+      agent_id: result.agent_id,
+      agent_name: result.email,
+      registered_at: new Date().toISOString(),
+      tos_accepted_version: null,
+      tos_accepted_at: null,
+      email: result.email,
+      user_id: result.user_id
+    });
+    process.env.UNBROWSE_API_KEY = result.api_key;
+    info(`Signed in as ${result.email}. API key saved to ~/.unbrowse/config.json.`);
+    info("Open your dashboard:");
+    info("  unbrowse dashboard");
+    try {
+      const serverPrefs = await fetchAccountPreferences();
+      if (serverPrefs) {
+        setContributionConfig2({
+          contribution: { share_pointers: serverPrefs.share_pointers, set_via: "mode-command" }
+        });
+        info(`Auto-publish to marketplace: ${serverPrefs.share_pointers ? "ON" : "off"} (synced from your account).`);
+      }
+    } catch {}
+    return;
+  }
+  if (!reset && getApiKey()) {
     info("Already registered. API key loaded from env or ~/.unbrowse/config.json");
     return;
   }
@@ -6541,6 +7260,10 @@ async function main() {
     await cmdMode(flags);
     return;
   }
+  if (command === "account")
+    return cmdAccount(flags);
+  if (command === "dashboard")
+    return cmdDashboard(flags);
   if (command === "mcp")
     return cmdMcp(flags);
   if (command === "status")
@@ -6565,6 +7288,7 @@ async function main() {
     return cmdSessionsScan(flags);
   if (command === "register")
     return cmdRegister(flags);
+  await refreshContributionPreferenceFromServer(false);
   const KNOWN_COMMANDS = new Set([
     "health",
     "mcp",
@@ -6619,6 +7343,8 @@ async function main() {
     "cache-clear",
     "register",
     "mode",
+    "account",
+    "dashboard",
     "capture"
   ]);
   if (!KNOWN_COMMANDS.has(command)) {
@@ -6735,8 +7461,14 @@ async function main() {
       return cmdRegister(flags);
     case "mode":
       return cmdMode(flags);
+    case "account":
+      return cmdAccount(flags);
+    case "dashboard":
+      return cmdDashboard(flags);
     case "capture":
       return cmdCapture(flags);
+    case "note":
+      return cmdNote(flags, args);
     default:
       info(`Unknown command: ${command}`);
       printHelp();