cookiesync-cli 0.1.0__py3-none-any.whl

cookiesync/cookie/crypto.py

@@ -0,0 +1,85 @@
+"""Chrome macOS cookie encryption and decryption (the ``v10`` scheme).
+
+key   = PBKDF2-HMAC-SHA1(safe_storage_password, b"saltysalt", 1003, dklen=16)
+value = AES-128-CBC(key, iv=16x 0x20) over the ciphertext, PKCS7-(un)padded, with a
+        32-byte SHA256(host_key) domain-hash prefix Chrome v24+ prepends — verified on
+        decrypt (a hash mismatch is a wrong key, not garbage), and committed on encrypt
+        against the exact stored ``host_key`` (leading dot included).
+
+``v20`` (app-bound) values cannot be (de)crypted with the Safe Storage key and are rejected.
+"""
+
+from __future__ import annotations
+
+import hashlib
+
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+
+from cookiesync.cookie.models import AesKey, HostKey, SafeStorageKey
+
+SALT = b"saltysalt"
+ITERATIONS = 1003
+KEY_LENGTH = 16
+IV = b"\x20" * 16
+
+
+class DecryptError(Exception):
+    """A cookie value could not be decrypted (v20, malformed, or wrong key)."""
+
+
+def derive_key(password: SafeStorageKey) -> AesKey:
+    """Derive the 16-byte AES key from the raw 'Safe Storage' password."""
+    return AesKey(hashlib.pbkdf2_hmac("sha1", password.encode("utf-8"), SALT, ITERATIONS, dklen=KEY_LENGTH))
+
+
+def pkcs7_pad(data: bytes) -> bytes:
+    pad = 16 - len(data) % 16
+    return data + bytes([pad]) * pad
+
+
+def pkcs7_unpad(data: bytes) -> bytes:
+    if not data:
+        raise DecryptError("empty plaintext")
+    pad = data[-1]
+    if pad < 1 or pad > 16 or pad > len(data):
+        raise DecryptError(f"bad PKCS7 padding length {pad}")
+    if data[-pad:] != bytes([pad]) * pad:
+        raise DecryptError("inconsistent PKCS7 padding")
+    return data[:-pad]
+
+
+def domain_hash(host_key: HostKey) -> bytes:
+    return hashlib.sha256(host_key.encode("utf-8")).digest()
+
+
+def decrypt_value(encrypted: bytes, key: AesKey, host_key: HostKey) -> str:
+    """Decrypt one Chrome cookie ``encrypted_value``. Raise ``DecryptError`` on failure."""
+    if not encrypted:
+        return ""
+    match encrypted[:3]:
+        case b"v20":
+            raise DecryptError("v20 app-bound cookie (not decryptable with the Safe Storage key)")
+        case b"v10":
+            ciphertext = encrypted[3:]
+        case _:
+            try:
+                return encrypted.decode("utf-8")
+            except UnicodeDecodeError as exc:
+                raise DecryptError("unrecognized cookie encoding") from exc
+    if not ciphertext or len(ciphertext) % 16 != 0:
+        raise DecryptError("ciphertext is not a positive multiple of the block size")
+    decryptor = Cipher(algorithms.AES(key), modes.CBC(IV)).decryptor()
+    plain = pkcs7_unpad(decryptor.update(ciphertext) + decryptor.finalize())
+    if len(plain) < 32 or plain[:32] not in {domain_hash(host_key), domain_hash(HostKey(host_key.lstrip(".")))}:
+        raise DecryptError("domain-hash prefix mismatch (wrong key)")
+    try:
+        return plain[32:].decode("utf-8")
+    except UnicodeDecodeError as exc:
+        raise DecryptError("decrypted value is not valid UTF-8 (likely wrong key)") from exc
+
+
+def encrypt_value(plaintext: str, key: AesKey, host_key: HostKey) -> bytes:
+    """Encrypt one cookie value into Chrome's ``v10`` blob, committing to the exact ``host_key``."""
+    encryptor = Cipher(algorithms.AES(key), modes.CBC(IV)).encryptor()
+    block = pkcs7_pad(domain_hash(host_key) + plaintext.encode("utf-8"))
+    return b"v10" + encryptor.update(block) + encryptor.finalize()

cookiesync/cookie/domains.py

@@ -0,0 +1,38 @@
+"""Host parsing and the cookie send-rule: what the browser would send to a host.
+
+No public-suffix list: ``cookie_applies`` implements the actual domain-match the
+browser uses, which is all we need to pick the cookies for one target host.
+"""
+
+from __future__ import annotations
+
+from cookiesync.cookie.models import Host, HostKey
+
+
+def normalize_host(url: str) -> Host:
+    """Lowercase bare host from a URL or domain (strip scheme, path, query, port, leading dot)."""
+    v = url.strip().lower()
+    if "://" in v:
+        v = v.split("://", 1)[1]
+    v = v.split("/", 1)[0].split("?", 1)[0]
+    if "@" in v:
+        v = v.split("@", 1)[1]
+    if ":" in v:
+        v = v.split(":", 1)[0]
+    return Host(v.strip("."))
+
+
+def url_scheme(url: str, *, default: str = "https") -> str:
+    """Scheme of a URL, or ``default`` for a bare domain."""
+    return url.split("://", 1)[0].lower() if "://" in url else default
+
+
+def cookie_applies(host_key: HostKey, host: Host) -> bool:
+    """Would a browser send a cookie with this ``host_key`` to ``host``?
+
+    Domain cookies (leading dot) match the base host and any subdomain; host-only
+    cookies match exactly. Mirrors the browser's own send rule.
+    """
+    hk = host_key.lower()
+    rh = host.lower()
+    return (rh == hk[1:] or rh.endswith(hk)) if hk.startswith(".") else rh == hk

cookiesync/cookie/getcookie.py

@@ -0,0 +1,113 @@
+"""Cross-browser cookie fallback via ``@mherod/get-cookie``, swept across every browser.
+
+Used when Chrome self-decrypt finds nothing — the user is logged in via
+Brave/Arc/Edge/Safari/Firefox, or the cookies are app-bound (v20). We deliberately
+omit ``--browser`` so get-cookie queries every browser. The package is lazily
+``bun add``-ed once into a persistent data dir (it needs the native better-sqlite3
+module) and reused; ``bunx`` is the last-resort path.
+"""
+
+from __future__ import annotations
+
+import json
+import os
+import shutil
+from pathlib import Path
+from typing import TYPE_CHECKING
+
+import anyio
+
+from cookiesync.cookie.models import Host
+from cookiesync.cookie.serialize import normalize_getcookie_record
+
+if TYPE_CHECKING:
+    from cookiesync.cookie.models import Cookie
+
+GETCOOKIE_VERSION = "4.4.3"
+PACKAGE = f"@mherod/get-cookie@{GETCOOKIE_VERSION}"
+PACKAGE_JSON = '{"name":"cookiesync-getcookie-cache","private":true}\n'
+
+
+class GetCookieError(Exception):
+    """The get-cookie fallback could not run or its output could not be parsed."""
+
+
+def data_dir() -> Path:
+    """Persistent cache dir for the lazily installed get-cookie package."""
+    return Path(os.environ.get("XDG_CACHE_HOME") or Path.home() / ".cache") / "cookiesync"
+
+
+def cached_cli() -> Path | None:
+    cli = data_dir() / "node_modules" / "@mherod" / "get-cookie" / "dist" / "cli.cjs"
+    return cli if cli.is_file() else None
+
+
+async def ensure_installed() -> Path | None:
+    """Lazily ``bun add`` get-cookie into the data dir (builds better-sqlite3). Cached."""
+    if cli := cached_cli():
+        return cli
+    if not (bun := shutil.which("bun")):
+        return None
+    (data := data_dir()).mkdir(parents=True, exist_ok=True)
+    if not (pkg := data / "package.json").is_file():
+        pkg.write_text(PACKAGE_JSON)
+    await anyio.run_process([bun, "add", PACKAGE], cwd=str(data), check=True)
+    return cached_cli()
+
+
+async def command(host: Host) -> list[str]:
+    """The argv that runs get-cookie for ``host`` across all browsers (cached CLI, else bunx)."""
+    match (await ensure_installed(), shutil.which("bun"), shutil.which("bunx")):
+        case (cli, bun, _) if cli and bun:
+            return [bun, str(cli), "%", host, "--output", "json"]
+        case (_, _, bunx) if bunx:
+            return [bunx, PACKAGE, "%", host, "--output", "json"]
+        case _:
+            raise GetCookieError("neither a cached get-cookie nor bun/bunx is available")
+
+
+def _decode_anywhere(text: str) -> object | None:
+    decoder = json.JSONDecoder()
+    for i, ch in enumerate(text):
+        if ch in "[{":
+            try:
+                return decoder.raw_decode(text, i)[0]
+            except json.JSONDecodeError:
+                continue
+    return None
+
+
+def parse(stdout: str) -> list[dict]:
+    """Parse get-cookie JSON, tolerating leading log noise before the JSON value.
+
+    Scans every ``[``/``{`` offset and returns the first that ``raw_decode``s, so log
+    lines that themselves contain brackets (e.g. ``[get-cookie] ...``) don't trip it.
+    """
+    if not (out := stdout.strip()):
+        return []
+    match _decode_anywhere(out):
+        case None:
+            raise GetCookieError("could not parse get-cookie JSON output")
+        case data:
+            ...
+    match data:
+        case {"cookies": list() as cookies}:
+            return cookies
+        case {"data": list() as records}:
+            return records
+        case dict():
+            return [data]
+        case list():
+            return data
+        case _:
+            return []
+
+
+async def fetch_cookies(host: Host) -> list[Cookie]:
+    """Sweep every browser for ``host`` via get-cookie and return decoded cookies.
+
+    Example:
+        >>> await fetch_cookies(Host("github.com"))
+    """
+    proc = await anyio.run_process(await command(host), check=True)
+    return [normalize_getcookie_record(record, host) for record in parse(proc.stdout.decode("utf-8"))]

cookiesync/cookie/merge.py

@@ -0,0 +1,74 @@
+"""Pure union merge of cookie sets across machines: newest-wins, no tombstones.
+
+Per the product decision, deletions are union-only — a cookie absent from one source is
+never treated as a delete, so the merge is a plain union keyed by the cookie's logical
+identity. The key is the *schema-superset* uniqueness tuple
+``(host_key, top_frame_site_key, name, path, source_scheme, source_port,
+has_cross_site_ancestor)``; a ``Cookie`` from a v18 store (which lacks the last three
+columns) already carries the model's sentinel defaults for them, so heterogeneous
+v18/v24 cookies share one logical key space. Within a key, the winner is the max by
+``(last_update_utc, content_hash)``: ``content_hash`` breaks a timestamp tie
+deterministically from the cookie's value and flags, so the result is independent of
+source order — and two cookies with identical content collapse to the same stored row.
+"""
+
+from __future__ import annotations
+
+import hashlib
+from typing import TYPE_CHECKING
+
+from cookiesync.cookie.models import Cookie
+
+if TYPE_CHECKING:
+    from collections.abc import Iterable
+
+MergeKey = tuple[str, str, str, str, int, int, int]
+MergeRank = tuple[int, str]
+
+
+def merge_key(cookie: Cookie) -> MergeKey:
+    return (
+        cookie.host_key,
+        cookie.top_frame_site_key,
+        cookie.name,
+        cookie.path,
+        cookie.source_scheme,
+        cookie.source_port,
+        cookie.has_cross_site_ancestor,
+    )
+
+
+def content_hash(cookie: Cookie) -> str:
+    return hashlib.sha256(
+        "\x00".join(
+            (
+                cookie.value,
+                str(cookie.expires_utc),
+                str(cookie.samesite),
+                str(int(cookie.is_secure)),
+                str(int(cookie.is_httponly)),
+            )
+        ).encode("utf-8")
+    ).hexdigest()
+
+
+def merge_rank(cookie: Cookie) -> MergeRank:
+    return (int(cookie.last_update_utc), content_hash(cookie))
+
+
+def merge(*sources: Iterable[Cookie]) -> tuple[Cookie, ...]:
+    """Union all ``sources`` into one cookie set, keeping the newest per logical key.
+
+    Each cookie is keyed by its schema-superset uniqueness tuple; for each key the winner
+    is the cookie with the greatest ``(last_update_utc, content_hash)``, so the result is
+    deterministic regardless of source order. No tombstones: a cookie missing from a source
+    is never a deletion.
+
+    Example:
+        >>> merge(machine_a_cookies, machine_b_cookies)
+    """
+    winners: dict[MergeKey, Cookie] = {}
+    for cookie in (c for source in sources for c in source):
+        if (key := merge_key(cookie)) not in winners or merge_rank(cookie) > merge_rank(winners[key]):
+            winners[key] = cookie
+    return tuple(winners.values())

cookiesync/cookie/models.py

@@ -0,0 +1,90 @@
+"""Cookie data model: branded primitives, the decrypted ``Cookie``, its raw DB row, and storage state.
+
+Timestamps stay Chrome-native (``ChromeMicros``, µs since 1601) throughout the model;
+conversion to Unix seconds and Playwright sameSite strings happens only at serialize time.
+"""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+from typing import NewType
+
+Host = NewType("Host", str)
+HostKey = NewType("HostKey", str)
+SafeStorageKey = NewType("SafeStorageKey", str)
+AesKey = NewType("AesKey", bytes)
+ChromeMicros = NewType("ChromeMicros", int)
+
+WINDOWS_EPOCH_OFFSET = 11_644_473_600
+
+SAMESITE_PLAYWRIGHT = {-1: "Lax", 0: "None", 1: "Lax", 2: "Strict"}
+
+
+def chrome_micros_to_unix(micros: ChromeMicros) -> float:
+    """Chrome timestamp (µs since 1601) to Unix seconds, or ``-1`` for a session cookie."""
+    return -1 if micros <= 0 else micros / 1_000_000 - WINDOWS_EPOCH_OFFSET
+
+
+def unix_to_chrome_micros(seconds: float) -> ChromeMicros:
+    """Unix seconds to a Chrome timestamp (µs since 1601)."""
+    return ChromeMicros(round((seconds + WINDOWS_EPOCH_OFFSET) * 1_000_000))
+
+
+def samesite_to_playwright(samesite: int) -> str:
+    """Chrome-native sameSite int (-1/0/1/2) to the Playwright string."""
+    return SAMESITE_PLAYWRIGHT[samesite]
+
+
+@dataclass(frozen=True, slots=True)
+class Cookie:
+    """One decrypted cookie, with Chrome-native column values.
+
+    Example:
+        >>> Cookie(HostKey(".x.com"), "sid", "abc", "/", ChromeMicros(0), ...)
+    """
+
+    host_key: HostKey
+    name: str
+    value: str
+    path: str
+    expires_utc: ChromeMicros
+    last_update_utc: ChromeMicros
+    creation_utc: ChromeMicros
+    is_secure: bool
+    is_httponly: bool
+    samesite: int
+    source_scheme: int = 2
+    source_port: int = 443
+    top_frame_site_key: str = ""
+    has_cross_site_ancestor: int = 0
+
+
+@dataclass(frozen=True, slots=True)
+class EncryptedRow:
+    """A raw, pre-decrypt cookie row straight off the Chrome SQLite store.
+
+    Carries both the ``encrypted_value`` blob and the legacy plaintext ``value`` column.
+    """
+
+    host_key: HostKey
+    name: str
+    encrypted_value: bytes
+    value: str
+    path: str
+    expires_utc: ChromeMicros
+    last_update_utc: ChromeMicros
+    creation_utc: ChromeMicros
+    is_secure: bool
+    is_httponly: bool
+    samesite: int
+    source_scheme: int = 2
+    source_port: int = 443
+    top_frame_site_key: str = ""
+    has_cross_site_ancestor: int = 0
+
+
+@dataclass(frozen=True, slots=True)
+class StorageState:
+    """A bundle of decrypted cookies, ready to seed a browser session."""
+
+    cookies: tuple[Cookie, ...]

cookiesync/cookie/pipeline.py

@@ -0,0 +1,101 @@
+"""The extract/apply orchestration over a ``CookieBackend``.
+
+``extract`` decrypts a host's cookies from a backend with an already-obtained key — the
+consent gate lives in the backend, not here, so ``extract`` is pure given its key. It
+filters to the host (in the backend), decrypts each row, drops expired cookies, and falls
+back to the cross-browser ``get-cookie`` sweep when self-decrypt yields nothing. ``apply``
+writes a cookie set back through the backend.
+"""
+
+from __future__ import annotations
+
+import time
+from typing import TYPE_CHECKING
+
+from cookiesync.cookie import getcookie
+from cookiesync.cookie.crypto import DecryptError, decrypt_value
+from cookiesync.cookie.domains import normalize_host
+from cookiesync.cookie.models import (
+    Cookie,
+    StorageState,
+    chrome_micros_to_unix,
+)
+
+if TYPE_CHECKING:
+    from collections.abc import Sequence
+
+    from cookiesync.cookie.backend import CookieBackend
+    from cookiesync.cookie.browsers import Browser
+    from cookiesync.cookie.models import AesKey, EncryptedRow
+
+
+def _decrypt_row(row: EncryptedRow, key: AesKey, counts: dict[str, int]) -> Cookie | None:
+    try:
+        value = decrypt_value(row.encrypted_value, key, row.host_key)
+    except DecryptError as exc:
+        counts["v20" if "v20" in str(exc) else "failed"] += 1
+        return None
+    return Cookie(
+        host_key=row.host_key,
+        name=row.name,
+        value=value,
+        path=row.path,
+        expires_utc=row.expires_utc,
+        last_update_utc=row.last_update_utc,
+        creation_utc=row.creation_utc,
+        is_secure=row.is_secure,
+        is_httponly=row.is_httponly,
+        samesite=row.samesite,
+        source_scheme=row.source_scheme,
+        source_port=row.source_port,
+        top_frame_site_key=row.top_frame_site_key,
+        has_cross_site_ancestor=row.has_cross_site_ancestor,
+    )
+
+
+def _is_live(cookie: Cookie, *, now: float, include_expired: bool) -> bool:
+    return include_expired or (expires := chrome_micros_to_unix(cookie.expires_utc)) == -1 or expires >= now
+
+
+async def extract(
+    url: str,
+    *,
+    browser: Browser,
+    key: AesKey,
+    backend: CookieBackend,
+    profile: str | None = None,
+    include_expired: bool = False,
+    fallback: bool = True,
+) -> StorageState:
+    """Decrypt a host's cookies via ``backend`` with an already-obtained ``key``.
+
+    The consent gate is the caller's responsibility — ``key`` is passed in, never obtained
+    here. Rows are read and host-filtered by the backend, decrypted with ``key`` (``v20``
+    app-bound and undecryptable rows are skipped), and expired cookies are dropped unless
+    ``include_expired``. When self-decrypt yields nothing and ``fallback`` is set, the
+    cross-browser ``get-cookie`` sweep runs instead.
+
+    Example:
+        >>> await extract("https://x.com", browser=chrome, key=key, backend=backend)
+    """
+    host = normalize_host(url)
+    counts = {"v20": 0, "failed": 0}
+    now = time.time()
+    cookies = tuple(
+        cookie
+        for row in await backend.read_rows(browser, host, profile=profile)
+        if (cookie := _decrypt_row(row, key, counts)) is not None
+        and _is_live(cookie, now=now, include_expired=include_expired)
+    )
+    if not cookies and fallback:
+        return StorageState(tuple(await getcookie.fetch_cookies(host)))
+    return StorageState(cookies)
+
+
+async def apply(cookies: Sequence[Cookie], *, browser: Browser, key: AesKey, backend: CookieBackend) -> int:
+    """Write ``cookies`` back through ``backend``, returning the number of rows written.
+
+    Example:
+        >>> await apply(state.cookies, browser=chrome, key=key, backend=backend)
+    """
+    return await backend.write_rows(browser, cookies, key)

cookiesync/cookie/serialize.py

@@ -0,0 +1,132 @@
+"""Render a ``StorageState`` to stdout in one of four cookie wire formats.
+
+The Playwright/agent-browser format is the load-bearing one: ``agent-browser
+--state -`` consumes the standard ``{"cookies": [...], "origins": []}`` storageState
+shape. We only carry cookies (the local store has no localStorage), so ``origins``
+is always empty. The other formats serve cookies.txt (netscape), a ``Cookie:``
+request header, and a raw JSON array of the same per-cookie dicts.
+
+``render`` yields lines so the caller can stream straight to stdout.
+"""
+
+from __future__ import annotations
+
+import json
+from enum import StrEnum
+from typing import TYPE_CHECKING
+
+from cookiesync.cookie.domains import normalize_host, url_scheme
+from cookiesync.cookie.models import (
+    ChromeMicros,
+    Cookie,
+    HostKey,
+    chrome_micros_to_unix,
+    samesite_to_playwright,
+    unix_to_chrome_micros,
+)
+
+if TYPE_CHECKING:
+    from collections.abc import Iterator
+
+    from cookiesync.cookie.models import StorageState
+
+SAMESITE_GETCOOKIE = {"strict": 2, "lax": 1, "none": 0}
+
+
+class OutputFormat(StrEnum):
+    """The wire format ``render`` emits a ``StorageState`` in.
+
+    Example:
+        >>> "".join(render(state, OutputFormat.PLAYWRIGHT))
+    """
+
+    PLAYWRIGHT = "playwright"
+    NETSCAPE = "netscape"
+    HEADER = "header"
+    JSON = "json"
+
+
+def playwright_cookie(cookie: Cookie) -> dict:
+    """One Playwright-shaped cookie dict from a Chrome-native ``Cookie``.
+
+    ``sameSite=None`` forces ``secure`` true, since browsers reject the pair otherwise.
+    """
+    same = samesite_to_playwright(cookie.samesite)
+    return {
+        "name": cookie.name,
+        "value": cookie.value,
+        "domain": cookie.host_key,
+        "path": cookie.path,
+        "expires": chrome_micros_to_unix(cookie.expires_utc),
+        "httpOnly": cookie.is_httponly,
+        "secure": cookie.is_secure or same == "None",
+        "sameSite": same,
+    }
+
+
+def netscape_line(cookie: Cookie) -> str:
+    """One cookies.txt row: tab-separated, with the leading-dot subdomain flag."""
+    include_subdomains = cookie.host_key.startswith(".")
+    expires = chrome_micros_to_unix(cookie.expires_utc)
+    return "\t".join(
+        (
+            cookie.host_key,
+            "TRUE" if include_subdomains else "FALSE",
+            cookie.path,
+            "TRUE" if cookie.is_secure else "FALSE",
+            str(0 if expires < 0 else int(expires)),
+            cookie.name,
+            cookie.value,
+        )
+    )
+
+
+def render(state: StorageState, fmt: OutputFormat) -> Iterator[str]:
+    """Yield the lines of ``state`` rendered in ``fmt``, ready to stream to stdout."""
+    match fmt:
+        case OutputFormat.PLAYWRIGHT:
+            yield json.dumps({"cookies": [playwright_cookie(c) for c in state.cookies], "origins": []})
+        case OutputFormat.JSON:
+            yield json.dumps([playwright_cookie(c) for c in state.cookies])
+        case OutputFormat.NETSCAPE:
+            yield "# Netscape HTTP Cookie File"
+            yield from (netscape_line(c) for c in state.cookies)
+        case OutputFormat.HEADER:
+            yield "; ".join(f"{c.name}={c.value}" for c in state.cookies)
+
+
+def normalize_getcookie_record(record: dict, url: str) -> Cookie:
+    """Map one ``@mherod/get-cookie`` JSON record into the ``Cookie`` model.
+
+    get-cookie reliably emits name/value/domain; the rest varies, so path defaults
+    to ``/``, secure follows the URL scheme, and attributes come from a ``meta``
+    block when present. A session cookie (no expiry) lands at ``ChromeMicros(0)``.
+    """
+    meta = record.get("meta") or {}
+    host = normalize_host(url)
+    host_key = HostKey(record.get("domain") or host)
+    return Cookie(
+        host_key=host_key,
+        name=record["name"],
+        value=record["value"],
+        path=record.get("path") or "/",
+        expires_utc=_record_expiry(record),
+        last_update_utc=ChromeMicros(0),
+        creation_utc=ChromeMicros(0),
+        is_secure=bool(meta.get("secure", url_scheme(url) == "https")),
+        is_httponly=bool(meta.get("httpOnly", meta.get("httponly", False))),
+        samesite=SAMESITE_GETCOOKIE.get(str(meta.get("sameSite") or meta.get("samesite") or "lax").lower(), 1),
+    )
+
+
+def _record_expiry(record: dict) -> ChromeMicros:
+    raw = record.get("expiry", record.get("expires"))
+    match raw:
+        case bool():
+            return ChromeMicros(0)
+        case int() | float():
+            return unix_to_chrome_micros(float(raw))
+        case str() if raw.strip().lstrip("-").isdigit():
+            return unix_to_chrome_micros(float(raw))
+        case _:
+            return ChromeMicros(0)