unbrowse 9.4.6 → 9.4.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "unbrowse",
-  "version": "9.4.6",
+  "version": "9.4.8",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/unbrowse-ai/unbrowse.git"

package/runtime/cli.js

@@ -1805,7 +1805,7 @@ var init_cached_resolution2 = __esm(() => {
 });
 
 // .tmp-runtime-src/build-info.generated.ts
-var BUILD_RELEASE_VERSION = "9.4.6", BUILD_GIT_SHA = "7dbe211a85f6", BUILD_CODE_HASH = "5d9ebf619c61", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiOS40LjYiLCJnaXRfc2hhIjoiN2RiZTIxMWE4NWY2IiwiY29kZV9oYXNoIjoiNWQ5ZWJmNjE5YzYxIiwidHJhY2VfdmVyc2lvbiI6IjVkOWViZjYxOWM2MUA3ZGJlMjExYTg1ZjYiLCJpc3N1ZWRfYXQiOiIyMDI2LTA2LTE3VDA1OjExOjA5LjM3N1oifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "dfmT3oOkn1DfPkayFn9QI8qxLZwEPmX8pymVxidycUI", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai", BUILD_DEFAULT_PROFILE = "";
+var BUILD_RELEASE_VERSION = "9.4.8", BUILD_GIT_SHA = "6232e149b808", BUILD_CODE_HASH = "5d9ebf619c61", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiOS40LjgiLCJnaXRfc2hhIjoiNjIzMmUxNDliODA4IiwiY29kZV9oYXNoIjoiNWQ5ZWJmNjE5YzYxIiwidHJhY2VfdmVyc2lvbiI6IjVkOWViZjYxOWM2MUA2MjMyZTE0OWI4MDgiLCJpc3N1ZWRfYXQiOiIyMDI2LTA2LTE3VDA1OjU2OjU5LjI5NVoifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "il6JUjT-czqTgXfNfTKHuvYt9woEMgOWvq3Bt83mrho", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai", BUILD_DEFAULT_PROFILE = "";
 
 // .tmp-runtime-src/version.ts
 import { createHash as createHash4 } from "crypto";
@@ -228824,6 +228824,7 @@ import {
   mkdir as mkdir8,
   readdir as readdir6,
   readFile as readFile6,
+  rename as rename6,
   stat as stat4,
   unlink as unlink6,
   writeFile as writeFile6,
@@ -228831,7 +228832,7 @@ import {
 } from "node:fs/promises";
 import { homedir as homedir42 } from "node:os";
 import { join as join62 } from "node:path";
-import { createHash as createHash20 } from "node:crypto";
+import { createHash as createHash20, randomBytes as randomBytes14 } from "node:crypto";
 function statelessTmpRoot() {
   return join62(homedir42(), ".unbrowse", "tmp");
 }
@@ -228845,8 +228846,17 @@ function sessionPath(sessionId) {
 async function writeSessionRecord(rec) {
   const path26 = sessionPath(rec.sessionId);
   await mkdir8(join62(path26, ".."), { recursive: true });
-  await writeFile6(path26, JSON.stringify(rec, null, 2) + `
+  const tmp = `${path26}.tmp.${process.pid}.${randomBytes14(6).toString("hex")}`;
+  await writeFile6(tmp, JSON.stringify(rec, null, 2) + `
 `, { mode: 384 });
+  try {
+    await rename6(tmp, path26);
+  } catch (err) {
+    try {
+      await unlink6(tmp);
+    } catch {}
+    throw err;
+  }
   return path26;
 }
 async function readSessionRecord(sessionId) {
@@ -228913,11 +228923,48 @@ async function mostRecentSession() {
   }
   return newest;
 }
-async function resolveSession(explicitId) {
+function isProcessAlive(pid) {
+  if (!Number.isInteger(pid) || pid <= 0)
+    return false;
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (err) {
+    return err.code === "EPERM";
+  }
+}
+async function mostRecentLiveSession() {
+  const recs = [];
+  for await (const path26 of walkSessionFiles()) {
+    try {
+      recs.push(JSON.parse(await readFile6(path26, "utf8")));
+    } catch {}
+  }
+  recs.sort((a, b) => b.createdAt - a.createdAt);
+  for (const rec of recs) {
+    if (isProcessAlive(rec.chromePid))
+      return rec;
+    await deleteSessionRecord(rec.sessionId).catch(() => {
+      return;
+    });
+  }
+  return null;
+}
+async function resolveSession(explicitId, opts = {}) {
+  const probeLive = opts.probeLive ?? true;
   if (explicitId) {
-    return readSessionRecord(explicitId);
+    const rec = await readSessionRecord(explicitId);
+    if (probeLive && !isProcessAlive(rec.chromePid)) {
+      await deleteSessionRecord(rec.sessionId).catch(() => {
+        return;
+      });
+      const err = new Error("session_expired");
+      err.code = "session_expired";
+      throw err;
+    }
+    return rec;
   }
-  const recent = await mostRecentSession();
+  const recent = probeLive ? await mostRecentLiveSession() : await mostRecentSession();
   if (!recent) {
     const err = new Error("no_active_session");
     err.code = "no_active_session";
@@ -228925,6 +228972,44 @@ async function resolveSession(explicitId) {
   }
   return recent;
 }
+async function reapStaleSessions(opts = {}) {
+  const envMax = Number.parseInt(process.env.UNBROWSE_MAX_BROWSE_SESSIONS ?? "", 10);
+  const maxLive = opts.maxLive ?? (Number.isInteger(envMax) && envMax > 0 ? envMax : 8);
+  const recs = [];
+  for await (const path26 of walkSessionFiles()) {
+    try {
+      recs.push(JSON.parse(await readFile6(path26, "utf8")));
+    } catch {}
+  }
+  let reaped = 0;
+  const live = [];
+  for (const rec of recs) {
+    if (isProcessAlive(rec.chromePid)) {
+      live.push(rec);
+    } else {
+      await deleteSessionRecord(rec.sessionId).catch(() => {
+        return;
+      });
+      reaped++;
+    }
+  }
+  if (live.length > maxLive) {
+    live.sort((a, b) => a.createdAt - b.createdAt);
+    for (const rec of live.slice(0, live.length - maxLive)) {
+      const shared = await anotherSessionUsesChrome(rec.chromePid, rec.sessionId);
+      if (!shared) {
+        try {
+          process.kill(rec.chromePid, "SIGTERM");
+        } catch {}
+      }
+      await deleteSessionRecord(rec.sessionId).catch(() => {
+        return;
+      });
+      reaped++;
+    }
+  }
+  return reaped;
+}
 async function anotherSessionUsesChrome(chromePid, excludeSessionId) {
   const excludeFile = `${excludeSessionId}.json`;
   for await (const path26 of walkSessionFiles()) {
@@ -228974,8 +229059,11 @@ async function handler14(parsed, opts) {
     process.exit(EX_USAGE);
   }
   try {
+    await reapStaleSessions().catch(() => {
+      return;
+    });
     const wsEndpoint = typeof parsed.flags.ws === "string" ? parsed.flags.ws : undefined;
-    const conn = wsEndpoint ? await attach(wsEndpoint) : await spawnChrome({ headless: true, perContextProxy: true, persist: true });
+    const conn = wsEndpoint ? await attach(wsEndpoint) : await spawnChrome({ headless: true, perContextProxy: false, persist: true });
     const target = await createTarget(conn, url, {});
     const sessionId = randomUUID2();
     const rec = {
@@ -229904,7 +229992,7 @@ var init_values = __esm(() => {
 });
 
 // .tmp-runtime-src/cli-v7/act/fill.ts
-import { randomBytes as randomBytes14, createHash as createHash25 } from "node:crypto";
+import { randomBytes as randomBytes15, createHash as createHash25 } from "node:crypto";
 function canonicalizeSignedFragment2(body) {
   return JSON.stringify({
     pointer: body.pointer,
@@ -230015,7 +230103,7 @@ async function handler15(parsed, opts) {
   }
   const contextHashHex = deriveContextHash(rec.sessionId, selector, currentUrl, Date.now());
   const contextHashBytes = Buffer.from(contextHashHex, "hex");
-  const nonce = new Uint8Array(randomBytes14(32));
+  const nonce = new Uint8Array(randomBytes15(32));
   let resolved;
   try {
     resolved = await resolve16(pointerUri, nonce, {
@@ -230128,7 +230216,7 @@ var init_fill = __esm(() => {
 
 // .tmp-runtime-src/cli-v7/act/fill-form.ts
 import { spawnSync as spawnSync4 } from "node:child_process";
-import { randomBytes as randomBytes15, createHash as createHash26 } from "node:crypto";
+import { randomBytes as randomBytes16, createHash as createHash26 } from "node:crypto";
 import { homedir as homedir44 } from "node:os";
 import { join as join64 } from "node:path";
 function sha256Hex7(s) {
@@ -230384,7 +230472,7 @@ async function handler16(parsed, opts) {
     }
     const pointerUri = slot.value_pointer;
     const fieldContextHash = sha256Hex7(`${rec.sessionId}:${slot.selector}:${currentUrl}:${Math.floor(Date.now() / FIVE_MINUTES_MS3)}`);
-    const nonce = new Uint8Array(randomBytes15(32));
+    const nonce = new Uint8Array(randomBytes16(32));
     let resolved;
     try {
       resolved = await resolve16(pointerUri, nonce, {
@@ -230493,7 +230581,7 @@ var init_fill_form = __esm(() => {
 });
 
 // .tmp-runtime-src/cli-v7/act/type.ts
-import { randomBytes as randomBytes16, createHash as createHash27 } from "node:crypto";
+import { randomBytes as randomBytes17, createHash as createHash27 } from "node:crypto";
 function canonicalizeSignedFragment3(body) {
   return JSON.stringify({
     pointer: body.pointer,
@@ -230633,7 +230721,7 @@ async function handler17(parsed, opts) {
   const auditUrl = `${apiBase.replace(/\/$/, "")}/v1/audit/fill`;
   const contextHashHex = deriveContextHash2(rec.sessionId, currentUrl, Date.now());
   const contextHashBytes = Buffer.from(contextHashHex, "hex");
-  const nonce = new Uint8Array(randomBytes16(32));
+  const nonce = new Uint8Array(randomBytes17(32));
   let resolved;
   try {
     resolved = await resolve16(pointerUri, nonce, {
@@ -231010,7 +231098,7 @@ var init_press = __esm(() => {
 });
 
 // .tmp-runtime-src/cli-v7/act/select.ts
-import { randomBytes as randomBytes17, createHash as createHash28 } from "node:crypto";
+import { randomBytes as randomBytes18, createHash as createHash28 } from "node:crypto";
 function canonicalizeSignedFragment4(body) {
   return JSON.stringify({
     pointer: body.pointer,
@@ -231189,7 +231277,7 @@ async function handler20(parsed, opts) {
   const pointerUri = pointerArg;
   const contextHashHex = deriveContextHash(rec.sessionId, selector, currentUrl, Date.now());
   const contextHashBytes = Buffer.from(contextHashHex, "hex");
-  const nonce = new Uint8Array(randomBytes17(32));
+  const nonce = new Uint8Array(randomBytes18(32));
   let resolved;
   try {
     resolved = await resolve16(pointerUri, nonce, {
@@ -231613,7 +231701,7 @@ var init_submit = __esm(() => {
 });
 
 // .tmp-runtime-src/cli-v7/act/execute.ts
-import { randomBytes as randomBytes18, createHash as createHash29 } from "node:crypto";
+import { randomBytes as randomBytes19, createHash as createHash29 } from "node:crypto";
 function sha256Hex10(s) {
   return createHash29("sha256").update(s, "utf8").digest("hex");
 }
@@ -231698,7 +231786,7 @@ async function fetchEndpointDescriptor(endpointId, apiBase, parsed) {
   };
 }
 async function resolveSlot(opts) {
-  const nonce = new Uint8Array(randomBytes18(32));
+  const nonce = new Uint8Array(randomBytes19(32));
   const contextHashHex = deriveExecContextHash(opts.sessionId, opts.locator, opts.url);
   const contextHashBytes = Buffer.from(contextHashHex, "hex");
   const resolved = await resolve16(opts.pointerUri, nonce, {
@@ -232457,7 +232545,7 @@ async function handler26(parsed, opts) {
   const explicitId = parsed.positional[0] ?? (typeof parsed.flags.session === "string" ? parsed.flags.session : undefined);
   let rec;
   try {
-    rec = explicitId ? await readSessionRecord(explicitId) : await resolveSession(undefined);
+    rec = explicitId ? await readSessionRecord(explicitId) : await resolveSession(undefined, { probeLive: false });
   } catch (err) {
     if (!explicitId && err.code === "no_active_session") {
       emit({ ok: true, subcommand: "act close", op_kind: meta.op_kind, idempotent_noop: true }, opts);
@@ -232593,7 +232681,7 @@ async function handler27(parsed, opts) {
   const explicitId = parsed.positional[0] ?? (typeof parsed.flags.session === "string" ? parsed.flags.session : undefined);
   let rec;
   try {
-    rec = explicitId ? await readSessionRecord(explicitId) : await resolveSession(undefined);
+    rec = explicitId ? await readSessionRecord(explicitId) : await resolveSession(undefined, { probeLive: false });
   } catch (err) {
     if (!explicitId && err.code === "no_active_session") {
       emit({
@@ -233368,7 +233456,7 @@ var init_escalate_on_miss = __esm(() => {
 });
 
 // .tmp-runtime-src/cli-v7/eval/resolve.ts
-import { createHash as createHash33, randomBytes as randomBytes19 } from "node:crypto";
+import { createHash as createHash33, randomBytes as randomBytes20 } from "node:crypto";
 function searchToShortlist(results) {
   return { domain_results: [], global_results: Array.isArray(results) ? results : [] };
 }
@@ -233476,7 +233564,7 @@ async function handler44(parsed, opts) {
         process.exit(ok2 ? 0 : EX_GENERIC);
       } catch {}
     }
-    const nonce = bytesToBase648(new Uint8Array(randomBytes19(32)));
+    const nonce = bytesToBase648(new Uint8Array(randomBytes20(32)));
     const fragment = canonicalizeSignedFragment({
       intent,
       surrogateUrl: urlFlag ?? null,
@@ -234763,7 +234851,7 @@ var init_stats = __esm(() => {
 });
 
 // .tmp-runtime-src/cli-v7/eval/skills.ts
-import { createHash as createHash39, randomBytes as randomBytes20 } from "node:crypto";
+import { createHash as createHash39, randomBytes as randomBytes21 } from "node:crypto";
 function resolveApiBase4() {
   return process.env.UNBROWSE_API_URL ?? process.env.UNBROWSE_BACKEND_URL ?? DEFAULT_BACKEND_URL;
 }
@@ -234851,7 +234939,7 @@ async function handler54(parsed, opts) {
     let backendError = null;
     const pubkeyBytes = await getWalletPubkey();
     const walletPubkey = bytesToHex17(pubkeyBytes);
-    const nonce = bytesToBase649(new Uint8Array(randomBytes20(32)));
+    const nonce = bytesToBase649(new Uint8Array(randomBytes21(32)));
     const fragment = canonicalizeSignedFragment({
       op: "list_skills",
       domain: domainFlag ?? null,
@@ -234961,7 +235049,7 @@ var init_skills = __esm(() => {
 });
 
 // .tmp-runtime-src/cli-v7/eval/skill.ts
-import { createHash as createHash40, randomBytes as randomBytes21 } from "node:crypto";
+import { createHash as createHash40, randomBytes as randomBytes22 } from "node:crypto";
 function resolveApiBase5() {
   return process.env.UNBROWSE_API_URL ?? process.env.UNBROWSE_BACKEND_URL ?? DEFAULT_BACKEND_URL;
 }
@@ -235025,7 +235113,7 @@ async function handler55(parsed, opts) {
     let backendError = null;
     const pubkeyBytes = await getWalletPubkey();
     const walletPubkey = bytesToHex18(pubkeyBytes);
-    const nonce = bytesToBase6410(new Uint8Array(randomBytes21(32)));
+    const nonce = bytesToBase6410(new Uint8Array(randomBytes22(32)));
     const fragment = canonicalizeSignedFragment({ op: "get_skill", skillId, nonce }, ["op", "skillId", "nonce"]);
     const signed = await signBytes(new TextEncoder().encode(fragment));
     const signatureHex = bytesToHex18(signed.signature);
@@ -235138,7 +235226,7 @@ var init_skill2 = __esm(async () => {
 });
 
 // .tmp-runtime-src/cli-v7/eval/earnings.ts
-import { createHash as createHash41, randomBytes as randomBytes22 } from "node:crypto";
+import { createHash as createHash41, randomBytes as randomBytes23 } from "node:crypto";
 function resolveApiBase6() {
   return process.env.UNBROWSE_API_URL ?? process.env.UNBROWSE_BACKEND_URL ?? DEFAULT_BACKEND_URL;
 }
@@ -235197,7 +235285,7 @@ async function handler56(parsed, opts) {
     const headers = { accept: "application/json" };
     if (fresh)
       headers["cache-control"] = "no-cache";
-    const nonce = bytesToBase6411(new Uint8Array(randomBytes22(32)));
+    const nonce = bytesToBase6411(new Uint8Array(randomBytes23(32)));
     const fragment = canonicalizeSignedFragment({
       op: "get_earnings",
       agentId,

package/runtime/mcp.js

@@ -36310,7 +36310,7 @@ var init_cached_resolution = __esm(() => {
 });
 
 // .tmp-runtime-src/build-info.generated.ts
-var BUILD_RELEASE_VERSION = "9.4.6", BUILD_GIT_SHA = "7dbe211a85f6", BUILD_CODE_HASH = "5d9ebf619c61", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiOS40LjYiLCJnaXRfc2hhIjoiN2RiZTIxMWE4NWY2IiwiY29kZV9oYXNoIjoiNWQ5ZWJmNjE5YzYxIiwidHJhY2VfdmVyc2lvbiI6IjVkOWViZjYxOWM2MUA3ZGJlMjExYTg1ZjYiLCJpc3N1ZWRfYXQiOiIyMDI2LTA2LTE3VDA1OjExOjA5LjM3N1oifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "dfmT3oOkn1DfPkayFn9QI8qxLZwEPmX8pymVxidycUI", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai", BUILD_DEFAULT_PROFILE = "";
+var BUILD_RELEASE_VERSION = "9.4.8", BUILD_GIT_SHA = "6232e149b808", BUILD_CODE_HASH = "5d9ebf619c61", BUILD_RELEASE_MANIFEST_BASE64 = "eyJzY2hlbWFfdmVyc2lvbiI6MSwicmVsZWFzZV92ZXJzaW9uIjoiOS40LjgiLCJnaXRfc2hhIjoiNjIzMmUxNDliODA4IiwiY29kZV9oYXNoIjoiNWQ5ZWJmNjE5YzYxIiwidHJhY2VfdmVyc2lvbiI6IjVkOWViZjYxOWM2MUA2MjMyZTE0OWI4MDgiLCJpc3N1ZWRfYXQiOiIyMDI2LTA2LTE3VDA1OjU2OjU5LjI5NVoifQ", BUILD_RELEASE_MANIFEST_SIGNATURE = "il6JUjT-czqTgXfNfTKHuvYt9woEMgOWvq3Bt83mrho", BUILD_DEFAULT_BACKEND_URL = "https://beta-api.unbrowse.ai", BUILD_DEFAULT_PROFILE = "";
 
 // .tmp-runtime-src/version.ts
 import { createHash as createHash4 } from "crypto";
@@ -222213,6 +222213,7 @@ import {
   mkdir as mkdir6,
   readdir as readdir4,
   readFile as readFile4,
+  rename as rename4,
   stat as stat3,
   unlink as unlink4,
   writeFile as writeFile4,
@@ -222220,7 +222221,7 @@ import {
 } from "node:fs/promises";
 import { homedir as homedir36 } from "node:os";
 import { join as join53 } from "node:path";
-import { createHash as createHash22 } from "node:crypto";
+import { createHash as createHash22, randomBytes as randomBytes11 } from "node:crypto";
 function statelessTmpRoot() {
   return join53(homedir36(), ".unbrowse", "tmp");
 }
@@ -222234,8 +222235,17 @@ function sessionPath(sessionId) {
 async function writeSessionRecord(rec) {
   const path26 = sessionPath(rec.sessionId);
   await mkdir6(join53(path26, ".."), { recursive: true });
-  await writeFile4(path26, JSON.stringify(rec, null, 2) + `
+  const tmp = `${path26}.tmp.${process.pid}.${randomBytes11(6).toString("hex")}`;
+  await writeFile4(tmp, JSON.stringify(rec, null, 2) + `
 `, { mode: 384 });
+  try {
+    await rename4(tmp, path26);
+  } catch (err) {
+    try {
+      await unlink4(tmp);
+    } catch {}
+    throw err;
+  }
   return path26;
 }
 async function readSessionRecord(sessionId) {
@@ -222302,11 +222312,48 @@ async function mostRecentSession() {
   }
   return newest;
 }
-async function resolveSession(explicitId) {
+function isProcessAlive(pid) {
+  if (!Number.isInteger(pid) || pid <= 0)
+    return false;
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (err) {
+    return err.code === "EPERM";
+  }
+}
+async function mostRecentLiveSession() {
+  const recs = [];
+  for await (const path26 of walkSessionFiles()) {
+    try {
+      recs.push(JSON.parse(await readFile4(path26, "utf8")));
+    } catch {}
+  }
+  recs.sort((a, b) => b.createdAt - a.createdAt);
+  for (const rec of recs) {
+    if (isProcessAlive(rec.chromePid))
+      return rec;
+    await deleteSessionRecord(rec.sessionId).catch(() => {
+      return;
+    });
+  }
+  return null;
+}
+async function resolveSession(explicitId, opts = {}) {
+  const probeLive = opts.probeLive ?? true;
   if (explicitId) {
-    return readSessionRecord(explicitId);
+    const rec = await readSessionRecord(explicitId);
+    if (probeLive && !isProcessAlive(rec.chromePid)) {
+      await deleteSessionRecord(rec.sessionId).catch(() => {
+        return;
+      });
+      const err = new Error("session_expired");
+      err.code = "session_expired";
+      throw err;
+    }
+    return rec;
   }
-  const recent = await mostRecentSession();
+  const recent = probeLive ? await mostRecentLiveSession() : await mostRecentSession();
   if (!recent) {
     const err = new Error("no_active_session");
     err.code = "no_active_session";
@@ -222314,6 +222361,44 @@ async function resolveSession(explicitId) {
   }
   return recent;
 }
+async function reapStaleSessions(opts = {}) {
+  const envMax = Number.parseInt(process.env.UNBROWSE_MAX_BROWSE_SESSIONS ?? "", 10);
+  const maxLive = opts.maxLive ?? (Number.isInteger(envMax) && envMax > 0 ? envMax : 8);
+  const recs = [];
+  for await (const path26 of walkSessionFiles()) {
+    try {
+      recs.push(JSON.parse(await readFile4(path26, "utf8")));
+    } catch {}
+  }
+  let reaped = 0;
+  const live = [];
+  for (const rec of recs) {
+    if (isProcessAlive(rec.chromePid)) {
+      live.push(rec);
+    } else {
+      await deleteSessionRecord(rec.sessionId).catch(() => {
+        return;
+      });
+      reaped++;
+    }
+  }
+  if (live.length > maxLive) {
+    live.sort((a, b) => a.createdAt - b.createdAt);
+    for (const rec of live.slice(0, live.length - maxLive)) {
+      const shared = await anotherSessionUsesChrome(rec.chromePid, rec.sessionId);
+      if (!shared) {
+        try {
+          process.kill(rec.chromePid, "SIGTERM");
+        } catch {}
+      }
+      await deleteSessionRecord(rec.sessionId).catch(() => {
+        return;
+      });
+      reaped++;
+    }
+  }
+  return reaped;
+}
 async function anotherSessionUsesChrome(chromePid, excludeSessionId) {
   const excludeFile = `${excludeSessionId}.json`;
   for await (const path26 of walkSessionFiles()) {
@@ -222367,8 +222452,11 @@ async function handler14(parsed, opts) {
     process.exit(EX_USAGE);
   }
   try {
+    await reapStaleSessions().catch(() => {
+      return;
+    });
     const wsEndpoint = typeof parsed.flags.ws === "string" ? parsed.flags.ws : undefined;
-    const conn = wsEndpoint ? await attach(wsEndpoint) : await spawnChrome({ headless: true, perContextProxy: true, persist: true });
+    const conn = wsEndpoint ? await attach(wsEndpoint) : await spawnChrome({ headless: true, perContextProxy: false, persist: true });
     const target = await createTarget(conn, url, {});
     const sessionId = randomUUID4();
     const rec = {
@@ -223302,7 +223390,7 @@ __export(exports_fill, {
   handler: () => handler15,
   deriveContextHash: () => deriveContextHash
 });
-import { randomBytes as randomBytes11, createHash as createHash27 } from "node:crypto";
+import { randomBytes as randomBytes12, createHash as createHash27 } from "node:crypto";
 function canonicalizeSignedFragment2(body) {
   return JSON.stringify({
     pointer: body.pointer,
@@ -223413,7 +223501,7 @@ async function handler15(parsed, opts) {
   }
   const contextHashHex = deriveContextHash(rec.sessionId, selector, currentUrl, Date.now());
   const contextHashBytes = Buffer.from(contextHashHex, "hex");
-  const nonce = new Uint8Array(randomBytes11(32));
+  const nonce = new Uint8Array(randomBytes12(32));
   let resolved;
   try {
     resolved = await resolve12(pointerUri, nonce, {
@@ -223533,7 +223621,7 @@ __export(exports_fill_form, {
   deriveFormContextHash: () => deriveFormContextHash
 });
 import { spawnSync as spawnSync4 } from "node:child_process";
-import { randomBytes as randomBytes12, createHash as createHash28 } from "node:crypto";
+import { randomBytes as randomBytes13, createHash as createHash28 } from "node:crypto";
 import { homedir as homedir38 } from "node:os";
 import { join as join55 } from "node:path";
 function sha256Hex7(s) {
@@ -223789,7 +223877,7 @@ async function handler16(parsed, opts) {
     }
     const pointerUri = slot.value_pointer;
     const fieldContextHash = sha256Hex7(`${rec.sessionId}:${slot.selector}:${currentUrl}:${Math.floor(Date.now() / FIVE_MINUTES_MS3)}`);
-    const nonce = new Uint8Array(randomBytes12(32));
+    const nonce = new Uint8Array(randomBytes13(32));
     let resolved;
     try {
       resolved = await resolve12(pointerUri, nonce, {
@@ -223902,7 +223990,7 @@ var exports_type = {};
 __export(exports_type, {
   handler: () => handler17
 });
-import { randomBytes as randomBytes13, createHash as createHash29 } from "node:crypto";
+import { randomBytes as randomBytes14, createHash as createHash29 } from "node:crypto";
 function canonicalizeSignedFragment3(body) {
   return JSON.stringify({
     pointer: body.pointer,
@@ -224042,7 +224130,7 @@ async function handler17(parsed, opts) {
   const auditUrl = `${apiBase.replace(/\/$/, "")}/v1/audit/fill`;
   const contextHashHex = deriveContextHash2(rec.sessionId, currentUrl, Date.now());
   const contextHashBytes = Buffer.from(contextHashHex, "hex");
-  const nonce = new Uint8Array(randomBytes13(32));
+  const nonce = new Uint8Array(randomBytes14(32));
   let resolved;
   try {
     resolved = await resolve12(pointerUri, nonce, {
@@ -224431,7 +224519,7 @@ var exports_select = {};
 __export(exports_select, {
   handler: () => handler20
 });
-import { randomBytes as randomBytes14, createHash as createHash30 } from "node:crypto";
+import { randomBytes as randomBytes15, createHash as createHash30 } from "node:crypto";
 function canonicalizeSignedFragment4(body) {
   return JSON.stringify({
     pointer: body.pointer,
@@ -224610,7 +224698,7 @@ async function handler20(parsed, opts) {
   const pointerUri = pointerArg;
   const contextHashHex = deriveContextHash(rec.sessionId, selector, currentUrl, Date.now());
   const contextHashBytes = Buffer.from(contextHashHex, "hex");
-  const nonce = new Uint8Array(randomBytes14(32));
+  const nonce = new Uint8Array(randomBytes15(32));
   let resolved;
   try {
     resolved = await resolve12(pointerUri, nonce, {
@@ -225046,7 +225134,7 @@ var exports_execute = {};
 __export(exports_execute, {
   handler: () => handler23
 });
-import { randomBytes as randomBytes15, createHash as createHash31 } from "node:crypto";
+import { randomBytes as randomBytes16, createHash as createHash31 } from "node:crypto";
 function sha256Hex10(s) {
   return createHash31("sha256").update(s, "utf8").digest("hex");
 }
@@ -225131,7 +225219,7 @@ async function fetchEndpointDescriptor(endpointId, apiBase, parsed) {
   };
 }
 async function resolveSlot(opts) {
-  const nonce = new Uint8Array(randomBytes15(32));
+  const nonce = new Uint8Array(randomBytes16(32));
   const contextHashHex = deriveExecContextHash(opts.sessionId, opts.locator, opts.url);
   const contextHashBytes = Buffer.from(contextHashHex, "hex");
   const resolved = await resolve12(opts.pointerUri, nonce, {
@@ -225903,7 +225991,7 @@ async function handler26(parsed, opts) {
   const explicitId = parsed.positional[0] ?? (typeof parsed.flags.session === "string" ? parsed.flags.session : undefined);
   let rec;
   try {
-    rec = explicitId ? await readSessionRecord(explicitId) : await resolveSession(undefined);
+    rec = explicitId ? await readSessionRecord(explicitId) : await resolveSession(undefined, { probeLive: false });
   } catch (err) {
     if (!explicitId && err.code === "no_active_session") {
       emit({ ok: true, subcommand: "act close", op_kind: meta.op_kind, idempotent_noop: true }, opts);
@@ -226043,7 +226131,7 @@ async function handler27(parsed, opts) {
   const explicitId = parsed.positional[0] ?? (typeof parsed.flags.session === "string" ? parsed.flags.session : undefined);
   let rec;
   try {
-    rec = explicitId ? await readSessionRecord(explicitId) : await resolveSession(undefined);
+    rec = explicitId ? await readSessionRecord(explicitId) : await resolveSession(undefined, { probeLive: false });
   } catch (err) {
     if (!explicitId && err.code === "no_active_session") {
       emit({
@@ -226845,7 +226933,7 @@ __export(exports_resolve, {
   searchToShortlist: () => searchToShortlist,
   handler: () => handler44
 });
-import { createHash as createHash35, randomBytes as randomBytes16 } from "node:crypto";
+import { createHash as createHash35, randomBytes as randomBytes17 } from "node:crypto";
 function searchToShortlist(results) {
   return { domain_results: [], global_results: Array.isArray(results) ? results : [] };
 }
@@ -226953,7 +227041,7 @@ async function handler44(parsed, opts) {
         process.exit(ok2 ? 0 : EX_GENERIC);
       } catch {}
     }
-    const nonce = bytesToBase647(new Uint8Array(randomBytes16(32)));
+    const nonce = bytesToBase647(new Uint8Array(randomBytes17(32)));
     const fragment = canonicalizeSignedFragment({
       intent,
       surrogateUrl: urlFlag ?? null,
@@ -228323,7 +228411,7 @@ var exports_skills = {};
 __export(exports_skills, {
   handler: () => handler54
 });
-import { createHash as createHash41, randomBytes as randomBytes17 } from "node:crypto";
+import { createHash as createHash41, randomBytes as randomBytes18 } from "node:crypto";
 function resolveApiBase4() {
   return process.env.UNBROWSE_API_URL ?? process.env.UNBROWSE_BACKEND_URL ?? DEFAULT_BACKEND_URL;
 }
@@ -228411,7 +228499,7 @@ async function handler54(parsed, opts) {
     let backendError = null;
     const pubkeyBytes = await getWalletPubkey();
     const walletPubkey = bytesToHex16(pubkeyBytes);
-    const nonce = bytesToBase648(new Uint8Array(randomBytes17(32)));
+    const nonce = bytesToBase648(new Uint8Array(randomBytes18(32)));
     const fragment = canonicalizeSignedFragment({
       op: "list_skills",
       domain: domainFlag ?? null,
@@ -228525,7 +228613,7 @@ var exports_skill2 = {};
 __export(exports_skill2, {
   handler: () => handler55
 });
-import { createHash as createHash42, randomBytes as randomBytes18 } from "node:crypto";
+import { createHash as createHash42, randomBytes as randomBytes19 } from "node:crypto";
 function resolveApiBase5() {
   return process.env.UNBROWSE_API_URL ?? process.env.UNBROWSE_BACKEND_URL ?? DEFAULT_BACKEND_URL;
 }
@@ -228589,7 +228677,7 @@ async function handler55(parsed, opts) {
     let backendError = null;
     const pubkeyBytes = await getWalletPubkey();
     const walletPubkey = bytesToHex17(pubkeyBytes);
-    const nonce = bytesToBase649(new Uint8Array(randomBytes18(32)));
+    const nonce = bytesToBase649(new Uint8Array(randomBytes19(32)));
     const fragment = canonicalizeSignedFragment({ op: "get_skill", skillId, nonce }, ["op", "skillId", "nonce"]);
     const signed = await signBytes(new TextEncoder().encode(fragment));
     const signatureHex = bytesToHex17(signed.signature);
@@ -228706,7 +228794,7 @@ var exports_earnings = {};
 __export(exports_earnings, {
   handler: () => handler56
 });
-import { createHash as createHash43, randomBytes as randomBytes19 } from "node:crypto";
+import { createHash as createHash43, randomBytes as randomBytes20 } from "node:crypto";
 function resolveApiBase6() {
   return process.env.UNBROWSE_API_URL ?? process.env.UNBROWSE_BACKEND_URL ?? DEFAULT_BACKEND_URL;
 }
@@ -228765,7 +228853,7 @@ async function handler56(parsed, opts) {
     const headers = { accept: "application/json" };
     if (fresh)
       headers["cache-control"] = "no-cache";
-    const nonce = bytesToBase6410(new Uint8Array(randomBytes19(32)));
+    const nonce = bytesToBase6410(new Uint8Array(randomBytes20(32)));
     const fragment = canonicalizeSignedFragment({
       op: "get_earnings",
       agentId,
@@ -234486,7 +234574,7 @@ __export(exports_vault2, {
   getCredential: () => getCredential2,
   deleteCredential: () => deleteCredential2
 });
-import { createCipheriv as createCipheriv4, createDecipheriv as createDecipheriv6, randomBytes as randomBytes20 } from "crypto";
+import { createCipheriv as createCipheriv4, createDecipheriv as createDecipheriv6, randomBytes as randomBytes21 } from "crypto";
 import { existsSync as existsSync57, mkdirSync as mkdirSync37, readFileSync as readFileSync47, writeFileSync as writeFileSync33 } from "fs";
 import { join as join65 } from "path";
 import { homedir as homedir48 } from "os";
@@ -234568,7 +234656,7 @@ function getOrCreateKey2() {
     mkdirSync37(VAULT_DIR2, { recursive: true, mode: 448 });
   if (existsSync57(KEY_FILE3))
     return readFileSync47(KEY_FILE3);
-  const key2 = randomBytes20(32);
+  const key2 = randomBytes21(32);
   writeFileSync33(KEY_FILE3, key2, { mode: 384 });
   return key2;
 }
@@ -234597,7 +234685,7 @@ function readVaultFile2() {
 }
 function writeVaultFile2(data2) {
   const key2 = getOrCreateKey2();
-  const iv = randomBytes20(16);
+  const iv = randomBytes21(16);
   const cipher = createCipheriv4("aes-256-cbc", key2, iv);
   const enc2 = Buffer.concat([cipher.update(JSON.stringify(data2), "utf8"), cipher.final()]);
   writeFileSync33(VAULT_FILE2, Buffer.concat([iv, enc2]), { mode: 384 });

package/vendor/kuri/manifest.json

@@ -2,7 +2,7 @@
   "repo_url": "https://github.com/justrach/kuri.git",
   "branch": "adding-extensions",
   "source_sha": "149881254046a20778f642b69f20f0c6468f6fb4",
-  "built_at": "2026-06-17T04:52:34.112Z",
+  "built_at": "2026-06-17T05:38:20.711Z",
   "binaries": {
     "darwin-arm64": {
       "zig_target": "aarch64-macos",
@@ -21,11 +21,11 @@
     },
     "linux-x64": {
       "zig_target": "x86_64-linux",
-      "sha256": "cb569b4c62bec7750c26296995233210fddc8cd705f202317c84598be3a2ab20"
+      "sha256": "67beaecf2eb2e79d5753b3bfca2189879a9390c7c957f601fe0381fe7143232e"
     },
     "win-x64": {
       "zig_target": "x86_64-windows-gnu",
-      "sha256": "c11585f8a0f37b7bc9d806f4abe1cb8214df7e8e72c6137f9687c8bc9a0983ad",
+      "sha256": "9f98f92332eed0bddf66e33e2a86222c9b953a16103d2db7d37dfecb7278885f",
       "source": "pre-staged"
     }
   },
@@ -33,22 +33,22 @@
     "darwin-arm64": {
       "zig_target": "aarch64-macos",
       "lib": "libkuri_ffi.dylib",
-      "sha256": "ec187aa7dd740d7f9019d4bb87e60cd560bb598507c665950a81dea1decb21c3"
+      "sha256": "18af0fbf604d5f4037dde9d84ce153b9dc5388500a10b73fcb3d0a26a3e0f0b4"
     },
     "darwin-x64": {
       "zig_target": "x86_64-macos",
       "lib": "libkuri_ffi.dylib",
-      "sha256": "f5d9f19aefbd48bfdad8c8cd2edc5e90f4f26e12b46f54c2c06f6e1a7d6412a5"
+      "sha256": "0878786f78ed181cab625559fccf43a9602a9dffcdac5ae78728fc2edeb2aec4"
     },
     "linux-arm64": {
       "zig_target": "aarch64-linux",
       "lib": "libkuri_ffi.so",
-      "sha256": "4d51b7c929470ceadd4f19264ccadc4bc281fc66936ebb1fadb72c0a57af4ce9"
+      "sha256": "6c970a279635a94d6d904e33edf9aea6d46bb04ad2a34fdcfdbbc4ba189df3d7"
     },
     "linux-x64": {
       "zig_target": "x86_64-linux",
       "lib": "libkuri_ffi.so",
-      "sha256": "c149020821b3f0e776972eb64cb9ca0fdd5180698d2f72f267bdd96be1d75d9b"
+      "sha256": "4225545bcfa7cc30dd9a148f9942a0166af4dcb2b747686dd0a61ecb3688656d"
     }
   }
 }