unbrowse 6.5.2 → 6.6.0

package/dist/cli.js

@@ -31,7 +31,7 @@ var __promiseAll = (args) => Promise.all(args);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // ../../src/build-info.generated.ts
-var BUILD_RELEASE_VERSION = "6.5.2", BUILD_GIT_SHA = "2bedcaef3363", BUILD_CODE_HASH = "5d9ebf619c61", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiNi41LjIiLCJnaXRfc2hhIjoiMmJlZGNhZWYzMzYzIiwiY29kZV9oYXNoIjoiNWQ5ZWJmNjE5YzYxIiwidHJhY2VfdmVyc2lvbiI6IjVkOWViZjYxOWM2MUAyYmVkY2FlZjMzNjMiLCJpc3N1ZWRfYXQiOiIyMDI2LTA1LTAzVDIzOjM2OjIyLjUxM1oifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "wNWNFYL91xCcb02bCfQvbVnHfmLAUCyHeX-oVLv2Wy4", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai", BUILD_DEFAULT_PROFILE = "";
+var BUILD_RELEASE_VERSION = "6.6.0", BUILD_GIT_SHA = "7de260727d86", BUILD_CODE_HASH = "5d9ebf619c61", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiNi42LjAiLCJnaXRfc2hhIjoiN2RlMjYwNzI3ZDg2IiwiY29kZV9oYXNoIjoiNWQ5ZWJmNjE5YzYxIiwidHJhY2VfdmVyc2lvbiI6IjVkOWViZjYxOWM2MUA3ZGUyNjA3MjdkODYiLCJpc3N1ZWRfYXQiOiIyMDI2LTA1LTA0VDA2OjM2OjA0LjY1NVoifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "ZP-8gEii8oLih47bn-ZtfHZzY88cRU-K5rRbAl3oaSA", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai", BUILD_DEFAULT_PROFILE = "";
 
 // ../../src/version.ts
 import { createHash } from "crypto";
@@ -5050,7 +5050,25 @@ function parseArgs(argv) {
     } else if (a.startsWith("--")) {
       const key = a.slice(2);
       const next = rest[i + 1];
-      const valueExpectedFlags = new Set(["skill", "endpoint", "intent", "url", "domain", "params", "path", "extract", "limit"]);
+      const valueExpectedFlags = new Set([
+        "skill",
+        "endpoint",
+        "intent",
+        "url",
+        "domain",
+        "params",
+        "path",
+        "extract",
+        "limit",
+        "session",
+        "ref",
+        "text",
+        "value",
+        "form-selector",
+        "submit-selector",
+        "wait-for",
+        "timeout-ms"
+      ]);
       if (valueExpectedFlags.has(key)) {
         if (next === undefined)
           die(`--${key} requires a value`);
@@ -5379,14 +5397,29 @@ async function cmdResolve(flags) {
     }, endpointNeedsThirdPartyTermsConfirmation = function(endpoint) {
       return endpoint.requires_third_party_terms_confirmation === true;
     }, resolveSkillId = function() {
-      return result.skill?.skill_id ?? result.skill_id;
+      return result.skill?.skill_id ?? result.skill_id ?? result.result?.skill_id;
+    }, resolveAvailableEndpoints = function() {
+      return Array.isArray(result.available_endpoints) ? result.available_endpoints : Array.isArray(result.result?.available_endpoints) ? result.result.available_endpoints : undefined;
+    }, endpointIsSafeToAutoExecute = function(endpoint) {
+      const method = String(endpoint.method ?? "GET").toUpperCase();
+      if (method !== "GET" && method !== "HEAD")
+        return false;
+      if (endpoint.needs_params && Object.keys(extraParams).length === 0)
+        return false;
+      return true;
     };
     const body = { intent };
     const url = flags.url;
     const domain = flags.domain;
-    const explicitEndpointId = flags["endpoint-id"];
-    const autoExecute = !!flags.execute;
-    const extraParams = flags.params ? JSON.parse(flags.params) : {};
+    const endpointFlag = flags["endpoint-id"] ?? flags.endpoint;
+    const explicitEndpointId = typeof endpointFlag === "string" ? endpointFlag : undefined;
+    const noExecute = flags["no-execute"] === true;
+    const autoExecute = !noExecute;
+    const cliKv = flags._params;
+    const extraParams = {
+      ...flags.params ? JSON.parse(flags.params) : {},
+      ...cliKv && Object.keys(cliKv).length > 0 ? cliKv : {}
+    };
     if (url) {
       body.params = { url };
       body.context = { url };
@@ -5429,20 +5462,27 @@ async function cmdResolve(flags) {
       if (loginUrl)
         info(`Authentication required. Run: unbrowse login --url "${loginUrl}"`);
     }
-    if (explicitEndpointId && result.available_endpoints) {
+    if (explicitEndpointId && resolveAvailableEndpoints()) {
       const skillId = resolveSkillId();
       if (skillId) {
         result = await withPendingNotice(api2("POST", `/v1/skills/${skillId}/execute`, execBody(explicitEndpointId)), "Executing selected endpoint...");
       }
     }
-    if (autoExecute && result.available_endpoints && !result.result) {
-      const endpoints = result.available_endpoints;
+    const endpointsForAutoExecute = resolveAvailableEndpoints();
+    if (autoExecute && endpointsForAutoExecute) {
+      const endpoints = endpointsForAutoExecute;
       const skillId = resolveSkillId();
       if (skillId && endpoints.length > 0) {
         const bestEndpoint = endpoints[0];
         if (endpointNeedsThirdPartyTermsConfirmation(bestEndpoint) && !flags["confirm-third-party-terms"]) {
           process.stderr.write(`Skipping auto-execute: endpoint ${bestEndpoint.endpoint_id ?? "?"} ` + `requires explicit third-party terms confirmation. ` + `Re-run with --confirm-third-party-terms to proceed.
 `);
+        } else if (!endpointIsSafeToAutoExecute(bestEndpoint)) {
+          result.next_action = {
+            title: "Execute selected endpoint",
+            command: `unbrowse execute --skill ${skillId} --endpoint ${bestEndpoint.endpoint_id}`,
+            why: "Resolve found a candidate but did not auto-execute because the endpoint is not a safe ready GET."
+          };
         } else {
           info(`Auto-executing endpoint: ${bestEndpoint.description ?? bestEndpoint.endpoint_id}`);
           result = await withPendingNotice(api2("POST", `/v1/skills/${skillId}/execute`, execBody(bestEndpoint.endpoint_id)), "Executing best endpoint...");
@@ -6289,7 +6329,7 @@ var CLI_REFERENCE = {
     { name: "mcp", usage: "[--no-auto-start]", desc: "Run the stdio MCP server" },
     { name: "setup", usage: "[--opencode auto|global|project|off] [--no-start]", desc: "Bootstrap browser deps + Open Code command" },
     { name: "upgrade", usage: "", desc: "Check latest release and print the right upgrade command" },
-    { name: "resolve", usage: '--intent "..." [--domain "..."] [--url "..."] [opts]', desc: "Returns ranked shortlist of endpoints for an intent. Pick one and call execute. (Two tool calls is the contract \u2014 autoexec is opt-in via --execute, not the default.)" },
+    { name: "resolve", usage: '--intent "..." [--domain "..."] [--url "..."] [opts]', desc: "Resolve an intent, auto-executing the top safe GET endpoint by default; pass --no-execute for metadata only" },
     { name: "explain", usage: '--intent "..." --url "..." [--top N]', desc: "Emit top-N candidate endpoints + evidence for an LLM judge to pick from (no heuristic verdict \u2014 primitives + agent judgment)" },
     { name: "execute", usage: "--skill ID --endpoint ID [-p key=val ...] [--params '{json}'] [opts]", desc: "Execute a specific endpoint. Pass replay params via repeated -p key=val flags or --params with a JSON object" },
     { name: "feedback", usage: "--skill ID --endpoint ID --rating N", desc: "Submit feedback (mandatory after resolve)" },
@@ -6304,6 +6344,7 @@ var CLI_REFERENCE = {
     { name: "skill", usage: "<id>", desc: "Get skill details" },
     { name: "cleanup-stale", usage: "[--skill ID] [--domain host] [--limit N]", desc: "Verify skills and evict stale cached endpoints" },
     { name: "sessions", usage: '--domain "..." [--limit N]', desc: "Debug session logs" },
+    { name: "inspect", usage: "[--session id] [--all]", desc: "Inspect live browser capture evidence, candidate endpoints, and next actions" },
     { name: "go", usage: "<url> [--session id]", desc: "Open a fresh Kuri browser tab, or reuse explicit --session" },
     { name: "submit", usage: "[--session id] [--form-selector sel] [--submit-selector sel] [--wait-for hint] [--assist-site-state]", desc: "Submit current form. Thin browser-native proxy by default; site-state assist and same-origin rehydrate are explicit opt-ins" },
     { name: "snap", usage: "[--session id] [--filter interactive]", desc: "A11y snapshot with @eN refs" },
@@ -6342,7 +6383,8 @@ var CLI_REFERENCE = {
     { flag: "--opencode auto|global|project|off", desc: "setup: install /unbrowse command for Open Code" }
   ],
   resolveExecuteFlags: [
-    { flag: "--execute", desc: "Auto-execute the top trusted endpoint from resolve" },
+    { flag: "--no-execute", desc: "Resolve only; do not auto-execute safe GET endpoints" },
+    { flag: "--execute", desc: "Deprecated no-op alias; safe GET execution is now the default" },
     { flag: "--schema", desc: "Show response schema + extraction hints only (no data)" },
     { flag: '--path "data.items[]"', desc: "Drill into result before extract/output" },
     { flag: '--extract "field1,alias:deep.path.to.val"', desc: "Pick specific fields (no piping needed)" },
@@ -6609,12 +6651,53 @@ function printHelp() {
 async function cmdStatus(flags) {
   const healthy = await fetch(`${BASE_URL}/health`, { signal: AbortSignal.timeout(2000) }).then((r) => r.ok).catch(() => false);
   const versionInfo = checkServerVersion(BASE_URL, import.meta.url);
+  let activeSessions = [];
+  let sessionCount = 0;
+  let latestSessionId = null;
+  if (healthy) {
+    try {
+      const res = await fetch(`${BASE_URL}/v1/browse/sessions`, { signal: AbortSignal.timeout(2000) });
+      if (res.ok) {
+        const data = await res.json();
+        activeSessions = data.sessions ?? [];
+        sessionCount = data.count ?? activeSessions.length;
+        latestSessionId = data.latest_session_id ?? null;
+      }
+    } catch {}
+  }
   output({
     server: healthy ? "running" : "stopped",
     url: BASE_URL,
-    ...versionInfo ?? {}
+    ...versionInfo ?? {},
+    active_browse_sessions: sessionCount,
+    latest_session_id: latestSessionId,
+    sessions: activeSessions,
+    chrome_debug_url: process.env.CHROME_DEBUG_URL ?? null
   }, !!flags.pretty);
 }
+async function cmdInspect(args, flags) {
+  const explicitSession = typeof flags.session === "string" ? flags.session : typeof args[0] === "string" ? args[0] : undefined;
+  const sessions = await api2("GET", "/v1/browse/sessions");
+  if (flags.all) {
+    output(sessions, !!flags.pretty);
+    return;
+  }
+  const latestSessionId = sessions.latest_session_id ?? sessions.sessions?.at(-1)?.session_id;
+  const sessionId = explicitSession ?? latestSessionId;
+  if (!sessionId) {
+    output({
+      error: "no_active_session",
+      message: "No active browse session to inspect.",
+      next_action: {
+        title: "Open a browser session",
+        command: 'unbrowse go "https://example.com" --pretty',
+        why: "Inspection reads live HAR/interceptor evidence from an active Kuri session."
+      }
+    }, !!flags.pretty);
+    return;
+  }
+  output(await api2("GET", `/v1/browse/sessions/${encodeURIComponent(sessionId)}/buffer`), !!flags.pretty);
+}
 async function cmdRestart(flags) {
   info("Restarting server...");
   await restartServer(BASE_URL, import.meta.url);
@@ -6828,7 +6911,7 @@ async function cmdSnap(flags) {
   }
 }
 async function cmdClick(args, flags) {
-  const ref = args[0];
+  const ref = args[0] ?? (typeof flags.ref === "string" ? flags.ref : undefined);
   if (!ref)
     die("Usage: unbrowse click <ref>");
   output(await api2("POST", "/v1/browse/click", {
@@ -6837,10 +6920,10 @@ async function cmdClick(args, flags) {
   }), false);
 }
 async function cmdFill(args, flags) {
-  const ref = args[0];
-  const value = args.slice(1).join(" ");
+  const ref = args[0] ?? (typeof flags.ref === "string" ? flags.ref : undefined);
+  const value = args.length > 1 ? args.slice(1).join(" ") : typeof flags.text === "string" ? flags.text : typeof flags.value === "string" ? flags.value : "";
   if (!ref || !value)
-    die("Usage: unbrowse fill <ref> <value>");
+    die('Usage: unbrowse fill <ref> <value>  (also: unbrowse fill --ref e5 --text "hello")');
   output(await api2("POST", "/v1/browse/fill", {
     ref,
     value,
@@ -7275,7 +7358,17 @@ async function cmdConnectChrome() {
   console.error("Could not connect to Chrome. Make sure all Chrome windows are closed and try again.");
 }
 async function main() {
-  const { command, args, flags, params: cliParams } = parseArgs(process.argv);
+  const parsed = parseArgs(process.argv);
+  let { command, args, flags } = parsed;
+  const cliParams = parsed.params;
+  if (command === "browse") {
+    const subcommand = args.shift();
+    if (!subcommand || subcommand === "help") {
+      printHelp();
+      process.exit(subcommand === "help" ? 0 : 1);
+    }
+    command = subcommand;
+  }
   if (Object.keys(cliParams).length > 0) {
     flags._params = cliParams;
   }
@@ -7344,6 +7437,7 @@ async function main() {
     "search",
     "sessions",
     "status",
+    "inspect",
     "stop",
     "restart",
     "upgrade",
@@ -7440,6 +7534,8 @@ async function main() {
       return cmdSearch(flags);
     case "sessions":
       return cmdSessions(flags);
+    case "inspect":
+      return cmdInspect(args, flags);
     case "go":
       return cmdGo(args, flags);
     case "submit":

package/dist/mcp.js

@@ -226,11 +226,11 @@ import { dirname, join, parse } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 
 // ../../src/build-info.generated.ts
-var BUILD_RELEASE_VERSION = "6.5.2";
-var BUILD_GIT_SHA = "2bedcaef3363";
+var BUILD_RELEASE_VERSION = "6.6.0";
+var BUILD_GIT_SHA = "7de260727d86";
 var BUILD_CODE_HASH = "5d9ebf619c61";
-var BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiNi41LjIiLCJnaXRfc2hhIjoiMmJlZGNhZWYzMzYzIiwiY29kZV9oYXNoIjoiNWQ5ZWJmNjE5YzYxIiwidHJhY2VfdmVyc2lvbiI6IjVkOWViZjYxOWM2MUAyYmVkY2FlZjMzNjMiLCJpc3N1ZWRfYXQiOiIyMDI2LTA1LTAzVDIzOjM2OjIyLjUxM1oifQ";
-var BUILD_RELEASE_MANIFEST_SIGNATURE = "wNWNFYL91xCcb02bCfQvbVnHfmLAUCyHeX-oVLv2Wy4";
+var BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiNi42LjAiLCJnaXRfc2hhIjoiN2RlMjYwNzI3ZDg2IiwiY29kZV9oYXNoIjoiNWQ5ZWJmNjE5YzYxIiwidHJhY2VfdmVyc2lvbiI6IjVkOWViZjYxOWM2MUA3ZGUyNjA3MjdkODYiLCJpc3N1ZWRfYXQiOiIyMDI2LTA1LTA0VDA2OjM2OjA0LjY1NVoifQ";
+var BUILD_RELEASE_MANIFEST_SIGNATURE = "ZP-8gEii8oLih47bn-ZtfHZzY88cRU-K5rRbAl3oaSA";
 var BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai";
 var BUILD_DEFAULT_PROFILE = "";
 

package/dist/server.js

@@ -211,13 +211,11 @@ function resolveKuriLaunchConfig(env = process.env) {
     headless = true;
   }
   const cleanRoom = envFlag(env.UNBROWSE_LOCAL_ONLY) || envFlag(env.KURI_CLEAN_ROOM);
-  const browserCookieOptOut = falseyEnv(env.UNBROWSE_IMPORT_BROWSER_COOKIES);
-  const explicitAttach = envFlag(env.KURI_ATTACH_EXISTING_CHROME ?? env.UNBROWSE_ATTACH_EXISTING_CHROME);
   const disableCdpAttach = envFlag(env.KURI_DISABLE_CDP_ATTACH);
-  const canAttachToExistingChrome = !headless && !disableCdpAttach && !cleanRoom;
+  const attachToExistingChrome = !disableCdpAttach && !cleanRoom;
   return {
     headless,
-    attachToExistingChrome: canAttachToExistingChrome && (explicitAttach || browserCookieOptOut)
+    attachToExistingChrome
   };
 }
 function kuriBinaryName() {
@@ -7344,7 +7342,7 @@ var init_capture = __esm(async () => {
 });
 
 // ../../src/build-info.generated.ts
-var BUILD_RELEASE_VERSION = "6.5.2", BUILD_GIT_SHA = "2bedcaef3363", BUILD_CODE_HASH = "5d9ebf619c61", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiNi41LjIiLCJnaXRfc2hhIjoiMmJlZGNhZWYzMzYzIiwiY29kZV9oYXNoIjoiNWQ5ZWJmNjE5YzYxIiwidHJhY2VfdmVyc2lvbiI6IjVkOWViZjYxOWM2MUAyYmVkY2FlZjMzNjMiLCJpc3N1ZWRfYXQiOiIyMDI2LTA1LTAzVDIzOjM2OjIyLjUxM1oifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "wNWNFYL91xCcb02bCfQvbVnHfmLAUCyHeX-oVLv2Wy4", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai", BUILD_DEFAULT_PROFILE = "";
+var BUILD_RELEASE_VERSION = "6.6.0", BUILD_GIT_SHA = "7de260727d86", BUILD_CODE_HASH = "5d9ebf619c61", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiNi42LjAiLCJnaXRfc2hhIjoiN2RlMjYwNzI3ZDg2IiwiY29kZV9oYXNoIjoiNWQ5ZWJmNjE5YzYxIiwidHJhY2VfdmVyc2lvbiI6IjVkOWViZjYxOWM2MUA3ZGUyNjA3MjdkODYiLCJpc3N1ZWRfYXQiOiIyMDI2LTA1LTA0VDA2OjM2OjA0LjY1NVoifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "ZP-8gEii8oLih47bn-ZtfHZzY88cRU-K5rRbAl3oaSA", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai", BUILD_DEFAULT_PROFILE = "";
 
 // ../../src/version.ts
 import { createHash as createHash2 } from "crypto";
@@ -25771,9 +25769,7 @@ async function resolveRequestedBrowseSession(sessions, client, requestedSessionI
   const live = await listLiveBrowseSessions(sessions, client);
   if (live.length === 0)
     throw new BrowseSessionError("no_active_session");
-  if (live.length > 1)
-    throw new BrowseSessionError("session_id_required");
-  return live[0];
+  return live[live.length - 1];
 }
 async function withSessionQueue(sessionId, fn) {
   const prev = sessionQueues.get(sessionId) ?? Promise.resolve();
@@ -27923,6 +27919,17 @@ function passiveIndexFromRequests(requests, pageUrl, options = {}) {
 function passiveIndexHar(entries, pageUrl, options = {}) {
   passiveIndexFromRequests(harEntriesToRawRequests(entries), pageUrl, options);
 }
+function rememberInspectedHarEntries(sessionId, entries) {
+  if (entries.length === 0)
+    return;
+  const existing = inspectedHarEntries.get(sessionId) ?? [];
+  inspectedHarEntries.set(sessionId, [...existing, ...entries]);
+}
+function drainInspectedHarEntries(sessionId) {
+  const entries = inspectedHarEntries.get(sessionId) ?? [];
+  inspectedHarEntries.delete(sessionId);
+  return entries;
+}
 function browseBrokerPorts() {
   return Array.from({ length: BROWSE_BROKER_MAX }, (_, index) => BROWSE_BROKER_BASE_PORT + index);
 }
@@ -28155,6 +28162,130 @@ async function registerRoutes(app) {
       next_step: settings.auto_publish_checkpoints ? "Auto-publish after sync/close is enabled unless a domain rule blocks it." : "Auto-publish after sync/close is disabled. Use index for local recompute and publish only when you explicitly want remote share."
     });
   });
+  app.get("/v1/browse/sessions", async (_req, reply) => {
+    const sessions = Array.from(browseSessions.values()).map((s) => ({
+      session_id: s.sessionId,
+      tab_id: s.tabId,
+      url: s.url,
+      domain: s.domain,
+      har_active: s.harActive,
+      broker_port: s.brokerPort ?? null,
+      streaming_publish_active: streamingWatchers.has(s.sessionId),
+      marketplace_publish: (() => {
+        const decision = decideCheckpointPublish(s.domain || profileName(s.url));
+        return {
+          enabled: decision.publishQueued,
+          mode: decision.mode,
+          reason: decision.reason
+        };
+      })(),
+      suggested_commands: [
+        `unbrowse inspect --session ${s.sessionId} --pretty`,
+        `unbrowse resolve --intent "<task>" --url "${s.url}" --pretty`,
+        `unbrowse close --session ${s.sessionId}`
+      ]
+    }));
+    const latest = sessions[sessions.length - 1] ?? null;
+    return reply.send({ sessions, count: sessions.length, latest_session_id: latest?.session_id ?? null });
+  });
+  app.get("/v1/browse/sessions/:id/buffer", async (req, reply) => {
+    const { id } = req.params;
+    let session;
+    for (const s of browseSessions.values()) {
+      if (s.sessionId === id || s.tabId === id) {
+        session = s;
+        break;
+      }
+    }
+    if (!session)
+      return reply.code(404).send({ error: "session_not_found", id });
+    let intercepted = [];
+    let interceptError = null;
+    try {
+      intercepted = await collectInterceptedRequests(session.tabId);
+    } catch (err) {
+      interceptError = err instanceof Error ? err.message : String(err);
+    }
+    let harEntries = [];
+    let harError = null;
+    if (session.harActive) {
+      try {
+        const broker = brokerForSession(session);
+        const stopResult = await broker.harStop(session.tabId);
+        harEntries = stopResult.entries ?? [];
+        rememberInspectedHarEntries(session.sessionId, harEntries);
+        try {
+          await broker.harStart(session.tabId);
+        } catch {}
+      } catch (err) {
+        harError = err instanceof Error ? err.message : String(err);
+      }
+    }
+    const rawRequests = [
+      ...Array.isArray(intercepted) ? intercepted : [],
+      ...harEntriesToRawRequests(harEntries, session.url)
+    ];
+    const candidateEndpoints = extractEndpoints(rawRequests, undefined, {
+      pageUrl: session.url,
+      finalUrl: session.url
+    }).slice(0, 10).map((endpoint) => ({
+      endpoint_id: endpoint.endpoint_id,
+      method: endpoint.method,
+      url_template: endpoint.url_template,
+      description: endpoint.description ?? generateLocalDescription(endpoint),
+      reliability_score: endpoint.reliability_score,
+      idempotency: endpoint.idempotency,
+      auth_token_count: endpoint.auth_tokens?.length ?? 0
+    }));
+    const publishDecision = decideCheckpointPublish(session.domain || profileName(session.url));
+    return reply.send({
+      session: {
+        session_id: session.sessionId,
+        tab_id: session.tabId,
+        url: session.url,
+        domain: session.domain,
+        har_active: session.harActive,
+        streaming_publish_active: streamingWatchers.has(session.sessionId),
+        marketplace_publish: {
+          enabled: publishDecision.publishQueued,
+          mode: publishDecision.mode,
+          reason: publishDecision.reason
+        }
+      },
+      intercepted_requests: intercepted,
+      intercepted_count: Array.isArray(intercepted) ? intercepted.length : 0,
+      intercept_error: interceptError,
+      har_entries: harEntries.map((e) => ({
+        url: e?.request?.url,
+        method: e?.request?.method,
+        status: e?.response?.status,
+        mime_type: e?.response?.content?.mimeType,
+        size: e?.response?.bodySize
+      })),
+      har_count: harEntries.length,
+      har_error: harError,
+      total_captured: (Array.isArray(intercepted) ? intercepted.length : 0) + harEntries.length,
+      candidate_endpoints: candidateEndpoints,
+      candidate_endpoint_count: candidateEndpoints.length,
+      next_actions: [
+        {
+          title: "Resolve from captured evidence",
+          command: `unbrowse resolve --intent "<task>" --url "${session.url}" --pretty`,
+          why: "Runs the normal resolver after the current in-flight capture has been exposed."
+        },
+        {
+          title: "Checkpoint and publish review material",
+          command: `unbrowse sync --session ${session.sessionId} --pretty`,
+          why: "Keeps the tab open and compiles current browser traffic into local skill evidence."
+        },
+        {
+          title: "Close after judging",
+          command: `unbrowse close --session ${session.sessionId}`,
+          why: "Flushes final capture, saves auth, and stops the live tab."
+        }
+      ]
+    });
+  });
   app.get("/v1/trace/:trace_id", async (req, reply) => {
     const { trace_id } = req.params;
     const traceDir = path6.join(process.env.UNBROWSE_TRACE_DIR ?? path6.join(os4.homedir(), ".unbrowse", "traces"));
@@ -28181,6 +28312,25 @@ async function registerRoutes(app) {
     const { intent, params, context, projection, confirm_unsafe, confirm_third_party_terms, dry_run, force_capture, skip_robots_check, visual_context, budget_ms } = req.body;
     if (!intent)
       return reply.code(400).send({ error: "intent required" });
+    let inflightFlushResult = null;
+    if (context?.url && !force_capture) {
+      try {
+        const activeSession = findActiveSessionForDomain(context.url);
+        if (activeSession) {
+          const flushed = await lightFlushBrowseCapture(activeSession);
+          if (flushed.request_count > 0) {
+            inflightFlushResult = {
+              skill_id: flushed.skill_id,
+              request_count: flushed.request_count,
+              endpoint_count: flushed.endpoint_count
+            };
+            console.log(`[in-flight-flush] session=${activeSession.sessionId.slice(0, 8)} domain=${flushed.domain} requests=${flushed.request_count} endpoints=${flushed.endpoint_count} skill=${flushed.skill_id?.slice(0, 15) ?? "none"}`);
+          }
+        }
+      } catch (err) {
+        console.warn(`[in-flight-flush] failed: ${err.message}`);
+      }
+    }
     try {
       const result = await resolveAndExecute(intent, params ?? {}, context, projection, { confirm_unsafe, confirm_third_party_terms, dry_run, force_capture, skip_robots_check, client_scope: clientScope, budget_ms });
       const res = attachAgentOutcomeHints({ ...result }, {
@@ -28209,6 +28359,9 @@ async function registerRoutes(app) {
           }
         } catch {}
       }
+      if (inflightFlushResult) {
+        res.inflight_flush = inflightFlushResult;
+      }
       return reply.send(res);
     } catch (err) {
       return reply.code(500).send({ error: err.message });
@@ -28809,7 +28962,20 @@ async function registerRoutes(app) {
   }
   function sendBrowseSessionError(reply, error) {
     if (error instanceof BrowseSessionError) {
-      return reply.code(error.statusCode).send({ error: error.code });
+      const latestSession = Array.from(browseSessions.values()).at(-1);
+      return reply.code(error.statusCode).send({
+        error: error.code,
+        ...latestSession ? { latest_session_id: latestSession.sessionId } : {},
+        next_action: latestSession ? {
+          title: "Retry with latest active session",
+          command: `unbrowse inspect --session ${latestSession.sessionId} --pretty`,
+          why: "A live session exists; inspect it or pass --session to the browser command."
+        } : {
+          title: "Open a browser session",
+          command: 'unbrowse go "<url>" --pretty',
+          why: "This command needs a live Kuri-backed browse session."
+        }
+      });
     }
     if (isRecoverableBrowseFailure(error)) {
       return reply.code(502).send({
@@ -28853,6 +29019,143 @@ async function registerRoutes(app) {
     session.harActive = true;
     await injectInterceptor(session.tabId).catch(() => {});
   }
+  async function lightFlushBrowseCapture(session) {
+    let harEntries = [];
+    if (session.harActive) {
+      try {
+        const broker = brokerForSession(session);
+        const stopResult = await broker.harStop(session.tabId);
+        harEntries = stopResult.entries ?? [];
+        try {
+          await broker.harStart(session.tabId);
+        } catch {}
+      } catch {}
+    }
+    harEntries = [...drainInspectedHarEntries(session.sessionId), ...harEntries];
+    const allRequests = await enrichPassiveCaptureRequests({
+      tabId: session.tabId,
+      captureUrl: session.url,
+      harEntries,
+      intent: `browse ${session.domain || profileName(session.url)}`
+    });
+    if (allRequests.length === 0) {
+      return { skill_id: null, domain: session.domain, request_count: 0, endpoint_count: 0 };
+    }
+    const jsBundles = new Map;
+    try {
+      const intercepted = await collectInterceptedRequests(session.tabId).catch(() => []);
+      for (const entry of intercepted) {
+        if (entry.is_js && entry.response_body && jsBundles.size < 20) {
+          jsBundles.set(entry.url, entry.response_body);
+        }
+      }
+    } catch {}
+    const syncResult = await cacheBrowseRequests({
+      sessionUrl: session.url,
+      sessionDomain: session.domain,
+      requests: allRequests,
+      getPageHtml: () => brokerForSession(session).getPageHtml(session.tabId),
+      jsBundles: jsBundles.size > 0 ? jsBundles : undefined,
+      intent: `browse ${session.domain || profileName(session.url)}`
+    });
+    if (syncResult.skill && syncResult.domain) {
+      const domainKey = getDomainReuseKey(session.url || syncResult.domain);
+      if (domainKey) {
+        const cacheKey2 = scopedCacheKey("local", `${domainKey}:${syncResult.skill.skill_id}`);
+        writeSkillSnapshot(cacheKey2, syncResult.skill);
+        domainSkillCache.set(domainKey, {
+          skillId: syncResult.skill.skill_id,
+          localSkillPath: snapshotPathForCacheKey(cacheKey2),
+          ts: Date.now()
+        });
+        persistDomainCache();
+      }
+    }
+    return {
+      skill_id: syncResult.skill?.skill_id ?? null,
+      domain: syncResult.domain,
+      request_count: allRequests.length,
+      endpoint_count: syncResult.skill?.endpoints.length ?? 0
+    };
+  }
+  function findActiveSessionForDomain(targetUrl) {
+    const targetDomain = getDomainReuseKey(targetUrl);
+    if (!targetDomain)
+      return null;
+    let match = null;
+    for (const session of browseSessions.values()) {
+      if (!session.harActive)
+        continue;
+      const sessionDomain = getDomainReuseKey(session.url);
+      if (sessionDomain === targetDomain)
+        match = session;
+    }
+    return match;
+  }
+  const streamingWatchers = new Map;
+  const STREAMING_INTERVAL_MS = parseInt(process.env.UNBROWSE_STREAMING_INTERVAL_MS ?? "10000", 10);
+  const STREAMING_ENABLED = process.env.UNBROWSE_STREAMING_PUBLISH !== "0";
+  const streamingState = new Map;
+  function startStreamingWatcher(session) {
+    if (!STREAMING_ENABLED)
+      return;
+    if (streamingWatchers.has(session.sessionId))
+      return;
+    streamingState.set(session.sessionId, { lastEndpointCount: 0, lastSkillId: null });
+    const tick = async () => {
+      if (!browseSessions.has(session.sessionId)) {
+        stopStreamingWatcher(session.sessionId);
+        return;
+      }
+      const live = browseSessions.get(session.sessionId);
+      if (!live || !live.harActive)
+        return;
+      try {
+        const flushed = await lightFlushBrowseCapture(live);
+        const state = streamingState.get(session.sessionId);
+        if (!state)
+          return;
+        const grew = flushed.endpoint_count > state.lastEndpointCount || flushed.skill_id && flushed.skill_id !== state.lastSkillId;
+        if (grew && flushed.skill_id) {
+          state.lastEndpointCount = flushed.endpoint_count;
+          state.lastSkillId = flushed.skill_id;
+          const domainKey = getDomainReuseKey(live.url || flushed.domain);
+          const cacheEntry = domainKey ? domainSkillCache.get(domainKey) : null;
+          if (cacheEntry?.localSkillPath) {
+            const skill = readSkillSnapshot(cacheEntry.localSkillPath);
+            if (skill) {
+              const decision = decideCheckpointPublish(flushed.domain);
+              queueBackgroundIndex({
+                skill: { ...skill },
+                domain: flushed.domain,
+                intent: skill.intent_signature || `browse ${flushed.domain}`,
+                contextUrl: live.url,
+                cacheKey: `streaming:${flushed.domain}:${Date.now()}`,
+                publishAfterIndex: decision.publishQueued
+              });
+              console.log(`[streaming-publish] session=${session.sessionId.slice(0, 8)} domain=${flushed.domain} endpoints=${flushed.endpoint_count} publish=${decision.publishQueued}`);
+            }
+          }
+        }
+      } catch (err) {
+        console.warn(`[streaming-publish] tick failed: ${err.message}`);
+      }
+    };
+    const timer = setInterval(() => {
+      tick();
+    }, STREAMING_INTERVAL_MS);
+    streamingWatchers.set(session.sessionId, timer);
+    console.log(`[streaming-publish] watcher started session=${session.sessionId.slice(0, 8)} interval=${STREAMING_INTERVAL_MS}ms`);
+  }
+  function stopStreamingWatcher(sessionId) {
+    const timer = streamingWatchers.get(sessionId);
+    if (timer) {
+      clearInterval(timer);
+      streamingWatchers.delete(sessionId);
+    }
+    streamingState.delete(sessionId);
+    inspectedHarEntries.delete(sessionId);
+  }
   async function flushBrowseCapture(session, options = {}) {
     let harEntries = [];
     if (session.harActive) {
@@ -28861,6 +29164,7 @@ async function registerRoutes(app) {
         harEntries = entries;
       } catch {}
     }
+    harEntries = [...drainInspectedHarEntries(session.sessionId), ...harEntries];
     session.harActive = false;
     const allRequests = await enrichPassiveCaptureRequests({
       tabId: session.tabId,
@@ -29061,6 +29365,7 @@ async function registerRoutes(app) {
           }
         }
       } catch {}
+      startStreamingWatcher(session);
       return reply.send({
         ok: true,
         session_id: session.sessionId,
@@ -29068,7 +29373,21 @@ async function registerRoutes(app) {
         tab_id: session.tabId,
         auth_profile: session.domain,
         ...result.cookiesInjected > 0 ? { cookies_injected: result.cookiesInjected } : {},
-        ...authRequired ? { auth_required: true, auth_hint: authHint } : {}
+        ...authRequired ? { auth_required: true, auth_hint: authHint } : {},
+        autonomy: (() => {
+          const publishDecision = decideCheckpointPublish(session.domain);
+          return {
+            har_active: session.harActive,
+            streaming_publish_active: streamingWatchers.has(session.sessionId),
+            attached_existing_chrome: result.attachedExistingChrome ?? false,
+            chrome_debug_url: process.env.CHROME_DEBUG_URL ?? null,
+            inspect_command: `unbrowse inspect --session ${session.sessionId} --pretty`,
+            inspect_buffer: `GET ${process.env.UNBROWSE_API_BASE ?? "http://127.0.0.1:6969"}/v1/browse/sessions/${session.sessionId}/buffer`,
+            marketplace_publish_enabled: publishDecision.publishQueued,
+            marketplace_publish_mode: publishDecision.mode,
+            marketplace_publish_reason: publishDecision.reason
+          };
+        })()
       });
     } catch (error) {
       return sendBrowseSessionError(reply, error);
@@ -29110,6 +29429,7 @@ async function registerRoutes(app) {
       activeSession.domain = profileName(activeSession.url);
       const stillLive = await isBrowseSessionLive(activeSession, browseClient).catch(() => false);
       if (!stillLive) {
+        stopStreamingWatcher(activeSession.sessionId);
         removeBrowseSession(browseSessions, activeSession.sessionId);
         throw new BrowseSessionError("session_expired");
       }
@@ -29337,6 +29657,7 @@ async function registerRoutes(app) {
           await saveAuthProfileBestEffort(session2.tabId, session2.domain, "browse_close");
         }
         const syncResult2 = await flushBrowseCapture(session2, { queueIndex: true, queuePublish: true });
+        stopStreamingWatcher(session2.sessionId);
         await broker.closeTab(session2.tabId).catch(() => {});
         removeBrowseSession(browseSessions, session2.sessionId);
         return syncResult2;
@@ -29366,7 +29687,7 @@ function saveTrace(trace) {
   const t = trace;
   writeFileSync13(join19(TRACES_DIR, `${t.trace_id}.json`), JSON.stringify(trace, null, 2));
 }
-var BETA_API_URL, TRACES_DIR, BROWSE_BROKER_MAX, BROWSE_BROKER_BASE_PORT, browseSessions, statsCache = null, STATS_CACHE_TTL;
+var BETA_API_URL, TRACES_DIR, BROWSE_BROKER_MAX, BROWSE_BROKER_BASE_PORT, browseSessions, inspectedHarEntries, statsCache = null, STATS_CACHE_TTL;
 var init_routes = __esm(async () => {
   init_client();
   init_reverse_engineer();
@@ -29405,6 +29726,7 @@ var init_routes = __esm(async () => {
   BROWSE_BROKER_MAX = Math.max(1, Number(process.env.KURI_MULTI_BROKER_MAX ?? "1"));
   BROWSE_BROKER_BASE_PORT = Number(process.env.KURI_PORT ?? "7700");
   browseSessions = new Map;
+  inspectedHarEntries = new Map;
   STATS_CACHE_TTL = 5 * 60 * 1000;
 });
 
@@ -29459,6 +29781,16 @@ async function startUnbrowseServer(options = {}) {
     process.env.UNBROWSE_SKIP_TOS_CHECK = "1";
   }
   startBackgroundRegistration();
+  const UNBROWSE_CDP_PORT = Number(process.env.UNBROWSE_CDP_PORT ?? 9222);
+  if (!process.env.CHROME_DEBUG_URL) {
+    process.env.CHROME_DEBUG_URL = `http://127.0.0.1:${UNBROWSE_CDP_PORT}`;
+  }
+  if (!process.env.PUPPETEER_BROWSER_WS_ENDPOINT) {
+    process.env.PUPPETEER_BROWSER_WS_ENDPOINT = `ws://127.0.0.1:${UNBROWSE_CDP_PORT}`;
+  }
+  if (!process.env.PLAYWRIGHT_CHROMIUM_REMOTE_DEBUGGING_URL) {
+    process.env.PLAYWRIGHT_CHROMIUM_REMOTE_DEBUGGING_URL = `http://127.0.0.1:${UNBROWSE_CDP_PORT}`;
+  }
   const app = Fastify({ logger: options.logger ?? true });
   await app.register(cors, { origin: true });
   await registerRateLimiter(app);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "unbrowse",
-  "version": "6.5.2",
+  "version": "6.6.0",
   "description": "Reverse-engineer any website into reusable API skills. Zero-dep single binary with embedded browser engine.",
   "type": "module",
   "bin": {