playwright-cdp-probe 0.2.0__tar.gz

playwright_cdp_probe-0.2.0/.github/workflows/ci.yml

@@ -0,0 +1,31 @@
+name: CI
+
+on:
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install package and dev deps
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+          playwright install chromium
+
+      - name: Ruff
+        run: ruff check .
+
+      - name: Pytest
+        run: pytest

playwright_cdp_probe-0.2.0/.github/workflows/release.yml

@@ -0,0 +1,54 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install package and dev deps
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+          playwright install chromium
+
+      - name: Ruff
+        run: ruff check .
+
+      - name: Pytest
+        run: pytest
+
+  publish:
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install build tools
+        run: python -m pip install --upgrade pip build twine
+
+      - name: Build
+        run: python -m build
+
+      - name: Twine check
+        run: twine check dist/*
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          password: ${{ secrets.PYPI_API_TOKEN }}

playwright_cdp_probe-0.2.0/.gitignore

@@ -0,0 +1,12 @@
+__pycache__/
+*.py[cod]
+*$py.class
+*.egg-info/
+.eggs/
+dist/
+build/
+.pytest_cache/
+.ruff_cache/
+.venv/
+venv/
+.env

playwright_cdp_probe-0.2.0/CHANGELOG.md

@@ -0,0 +1,35 @@
+# Changelog
+
+## v0.2.0 — 2026-06-11
+
+### Added
+
+- `playwright_cdp_probe.integrations.mlx` — `mlx_launch_and_probe(profile_id)` (Launcher start → CDP probe → stop)
+- `cdp-probe mlx --profile-id UUID` (`[mlx]` extra); `mlx-launch` kept as hidden alias
+- `docs/MLX_INTEGRATION.md` — Launcher flow, CLI, and Python API
+- MLX integration tests with `httpx.MockTransport` (no real MLX account)
+
+- `--format json|table|github-actions` on `run`, `check-local`, `mlx`, and `report`
+- GitHub Actions workflow annotations (`::error`, `::warning`, `::notice`) for CI
+- Score-band exit codes: `0` pass (≤30), `1` warn (31–60), `2` fail (>60), `3` runtime error
+- `cdp-probe --version` via Click (package metadata)
+- `docs/SCORING.md` — transparent signal weight rubric
+- URL validation for `run` / `mlx-launch` navigation targets
+- `headless_launch` recorded on collected signals
+- GitHub Actions CI matrix (Python 3.10 / 3.11 / 3.12)
+- Expanded test suite (timeout, invalid URL, headed vs headless, CDP path, formats)
+
+### Changed
+
+- Removed `--strict` / `--threshold`; exit code now follows fixed score bands
+- Report JSON includes `exit_code` field
+- Table output shows exit band legend and `headless_launch`
+
+### Fixed
+
+- MLX launcher tests tolerate query-string URL matching
+
+## v0.1.0 — 2026-06-01
+
+- Initial release: `run`, `check-local`, `report`, optional `mlx-launch`
+- Weighted exposure scoring (0–100) with JSON report cache

playwright_cdp_probe-0.2.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 playwright-cdp-probe contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

playwright_cdp_probe-0.2.0/PKG-INFO

@@ -0,0 +1,237 @@
+Metadata-Version: 2.4
+Name: playwright-cdp-probe
+Version: 0.2.0
+Summary: Catch automation leaks before production — score CDP sessions for webdriver and headless fingerprints.
+Project-URL: Homepage, https://github.com/playwright-cdp-probe/playwright-cdp-probe
+Project-URL: Documentation, https://github.com/playwright-cdp-probe/playwright-cdp-probe#readme
+Project-URL: Repository, https://github.com/playwright-cdp-probe/playwright-cdp-probe
+Project-URL: Issues, https://github.com/playwright-cdp-probe/playwright-cdp-probe/issues
+Author: playwright-cdp-probe contributors
+License-Expression: MIT
+License-File: LICENSE
+Keywords: anti-bot-testing,automation-exposure,bot-detection,bot-score,cdp-probe,exposure-score,headless-fingerprint,navigator-webdriver,puppeteer-audit,selenium-audit,stealth-audit,webdriver-leak
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Internet :: WWW/HTTP :: Browsers
+Classifier: Typing :: Typed
+Requires-Python: >=3.10
+Requires-Dist: click>=8.1
+Requires-Dist: playwright>=1.40
+Provides-Extra: dev
+Requires-Dist: httpx>=0.27; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.24; extra == 'dev'
+Requires-Dist: pytest-cov>=5.0; extra == 'dev'
+Requires-Dist: pytest-httpx>=0.34; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.8; extra == 'dev'
+Provides-Extra: mlx
+Requires-Dist: httpx>=0.27; extra == 'mlx'
+Description-Content-Type: text/markdown
+
+# playwright-cdp-probe
+
+Python 3.10+ | MLX optional · [Compatibility](../packages/COMPATIBILITY.md)
+
+Audit Playwright and CDP browser sessions for **automation exposure signals** — `navigator.webdriver`, `chrome.runtime`, plugin counts, permissions API, headless UA hints, and window/WebGL fingerprints.
+
+Returns a **0–100 exposure score** (higher = more detectable automation artifacts).
+
+## Problem
+
+Bot-detection stacks probe dozens of browser signals beyond IP and cookies. Before shipping automation to production, teams need a quick way to answer:
+
+- Does this browser context leak `navigator.webdriver`?
+- Are headless or SwiftShader fingerprints visible?
+- How does a CDP-attached session compare to a local Playwright launch?
+
+`cdp-probe` launches Playwright (or connects over CDP), collects signals in-page, and scores automation exposure with a reproducible report.
+
+## pip install
+
+```bash
+pip install playwright-cdp-probe
+playwright install chromium   # first-time browser binaries
+```
+
+Optional Multilogin X launcher integration:
+
+```bash
+pip install playwright-cdp-probe[mlx]
+```
+
+Development:
+
+```bash
+pip install playwright-cdp-probe[dev]
+```
+
+## Quick start
+
+```bash
+# Probe a local headless Chromium session
+cdp-probe check-local --browser chromium
+
+# Navigate and probe a live URL
+cdp-probe run --url https://example.com
+
+# Site-class presets (different signal weights — see presets/)
+cdp-probe run --preset cloudflare --url https://example.com
+cdp-probe run --preset stripe-dashboard --url https://dashboard.stripe.com
+cdp-probe run --preset social-login --url https://example.com/login
+
+# Re-print the last report
+cdp-probe report --format table
+cdp-probe report --format json
+```
+
+```python
+from playwright_cdp_probe import ProbeRunner
+from playwright_cdp_probe.probe import ProbeOptions
+
+report = ProbeRunner(ProbeOptions(url="https://example.com")).run()
+print(report.exposure.score, report.exposure.grade)
+for finding in report.exposure.findings:
+    print(finding.signal, finding.detail)
+```
+
+## CLI
+
+| Command | Description |
+|---------|-------------|
+| `cdp-probe run --url URL` | Launch browser, navigate, score exposure |
+| `cdp-probe run --preset NAME --url URL` | Score with site-class weights (`presets/`) |
+| `cdp-probe check-local --browser chromium\|firefox` | Probe `about:blank` locally |
+| `cdp-probe report --format json\|table\|github-actions` | Format last saved report |
+| `cdp-probe mlx --profile-id UUID` | MLX Launcher → CDP probe → stop (`[mlx]` extra) |
+
+### Exit codes
+
+| Code | Meaning |
+|------|---------|
+| `0` | **pass** — exposure score ≤ 30 |
+| `1` | **warn** — exposure score 31–60 |
+| `2` | **fail** — exposure score > 60 |
+| `3` | Runtime / validation error |
+
+```bash
+cdp-probe run --url https://example.com --format github-actions
+cdp-probe --version
+```
+
+Signal weights and bands are documented in [docs/SCORING.md](docs/SCORING.md).
+
+### Presets
+
+`presets/*.json` define alternate weight maps for common gate pages. Default rubric in [docs/SCORING.md](docs/SCORING.md) is generic; presets emphasize signals each surface tends to punish.
+
+| Preset | CLI | What vanilla Chrome / Playwright usually fails |
+|--------|-----|-----------------------------------------------|
+| `cloudflare` | `cdp-probe run --preset cloudflare --url URL` | Turnstile / JS challenge: `HeadlessChrome` UA, `navigator.webdriver`, SwiftShader WebGL, empty `navigator.plugins` |
+| `stripe-dashboard` | `cdp-probe run --preset stripe-dashboard --url URL` | Radar-style fingerprint drift: thin plugin lists, missing `chrome.runtime`, empty `navigator.languages` |
+| `social-login` | `cdp-probe run --preset social-login --url URL` | OAuth popups: `webdriver`, zero outer window size in headless, inner/outer dimension mismatch |
+
+Reports are saved to `~/.cache/cdp-probe/last-report.json` (override with `--output`). Preset name is recorded in report `mode` (e.g. `run:cloudflare`).
+
+## API
+
+| Symbol | Description |
+|--------|-------------|
+| `ProbeRunner` | Launch Playwright or `connect_over_cdp`, collect signals |
+| `ProbeOptions` | `url`, `browser`, `headless`, `cdp_endpoint` |
+| `compute_exposure_score(signals)` | Score 0–100 with weighted findings |
+| `ProbeReport` | Signals + exposure + timestamp |
+| `format_report(report, "json"\|"table")` | CLI-compatible formatting |
+
+### Signals collected
+
+- `navigator.webdriver`
+- `window.chrome.runtime` (Chromium)
+- `navigator.plugins` / `mimeTypes` counts
+- `navigator.permissions` API presence
+- `Notification.permission`
+- HeadlessChrome user-agent hint
+- Window outer/inner dimension mismatch
+- WebGL vendor/renderer (SwiftShader detection)
+
+## Limitations
+
+- **Not a bypass tool** — this package measures exposure; it does not patch, spoof, or hide fingerprints.
+- **Vanilla Chrome/Playwright leaks at scale** — default Playwright Chromium launches routinely expose `webdriver`, thin plugin lists, and headless WebGL renderers. A low score locally is unusual; a high score is expected.
+- **Page-level only** — TLS/JA3, IP reputation, behavioral biometrics, and server-side ML models are out of scope.
+- **Single-page snapshot** — results reflect one navigation moment, not long-session drift.
+- **Firefox signal set differs** — `chrome.runtime` checks apply to Chromium only.
+- **MLX requires desktop agent** — `mlx` needs Multilogin running locally; this is not a cloud-only probe. See [docs/MLX_INTEGRATION.md](docs/MLX_INTEGRATION.md).
+
+## Production
+
+Partner offers, eligibility, and disclosure: [docs/AFFILIATE.md](docs/AFFILIATE.md).
+
+For production workflows that need **isolated antidetect profiles**, connect Playwright over a Launcher API CDP endpoint instead of launching vanilla Chromium:
+
+1. Start an antidetect profile via the MLX Launcher API (`automation_type=playwright`).
+2. Read the returned local port (`http://127.0.0.1:{port}`).
+3. `connect_over_cdp` and re-run the probe to compare exposure.
+
+```bash
+export MLX_TOKEN="your-bearer-token"
+export MLX_FOLDER_ID="your-folder-uuid"
+cdp-probe mlx --profile-id PROFILE_UUID --url https://example.com
+```
+
+Or programmatically:
+
+```python
+from playwright_cdp_probe.integrations.mlx import mlx_launch_and_probe
+
+report = mlx_launch_and_probe(
+    "profile-id",
+    folder_id="folder-id",
+    token="...",
+    url="https://example.com",
+)
+print(report.exposure.score)
+```
+
+Compare `check-local` (vanilla Playwright) vs `mlx` (isolated profile) scores to quantify exposure reduction — not elimination.
+
+## Guides
+
+Monorepo playbooks (copy-paste commands, sample output, diagrams):
+
+| Guide | Flow |
+|-------|------|
+| [Detection fail → MLX farm](../packages/docs/workflows/WORKFLOW_DETECTED.md) | `cdp-probe` → `cdp-connect` → `farm-runner mlx-pool` |
+| [Competitor migration](../packages/docs/workflows/WORKFLOW_MIGRATION.md) | `antidetect-import` → `profile-factory mlx-create` |
+| [Proxy lane → profile pool](../packages/docs/workflows/WORKFLOW_FARM.md) | `proxy-lane` → `profile-factory` → `farm-runner mlx-pool` |
+
+**FAQ:** [docs/FAQ.md](docs/FAQ.md) — Playwright detection, CDP exposure, headless Chrome.
+
+## Related tools
+
+| Tool | Use with |
+|------|----------|
+| [playwright-cdp-probe](../playwright-cdp-probe/) — Score CDP/WebDriver exposure and fingerprint leaks | → [cdp-connect-kit](../cdp-connect-kit/) when probe fails |
+| [cookie-jar-bridge](../cookie-jar-bridge/) — Convert, validate, and merge cookies across formats | → [session-bundle-kit](../session-bundle-kit/) for full session |
+| [proxy-lane-checker](../proxy-lane-checker/) — Batch-check proxies for connectivity, geo, and DNSBL | → [profile-yaml-factory](../profile-yaml-factory/) |
+| [fingerprint-coherence](../fingerprint-coherence/) — Lint fingerprints for cross-signal contradictions | → [profile-yaml-factory](../profile-yaml-factory/) before create |
+| [human-input-kit](../human-input-kit/) — Human-like mouse, scroll, and warmup replay | → [automation-farm-runner](../automation-farm-runner/) |
+| [cdp-connect-kit](../cdp-connect-kit/) — Playwright CDP connect; MLX start/stop helpers | → all packages needing CDP |
+| [session-bundle-kit](../session-bundle-kit/) — Export/import cookies and storage as portable bundles | → [cookie-jar-bridge](../cookie-jar-bridge/) |
+| [profile-yaml-factory](../profile-yaml-factory/) — YAML blueprints → MLX `profile/create` payloads | → [antidetect-importer](../antidetect-importer/) after migration |
+| [antidetect-importer](../antidetect-importer/) — Parse competitor exports and push to MLX | → [profile-yaml-factory](../profile-yaml-factory/) |
+| [automation-farm-runner](../automation-farm-runner/) — YAML job queue and MLX profile-pool runner | → [cdp-connect-kit](../cdp-connect-kit/) `[mlx]` |
+
+## License
+
+MIT
+
+---
+
+**Production antidetect:** [Multilogin X](https://multilogin.com/?ref=SAAS50) · Code `SAAS50` (-50% browser) · `MIN50` (-50% cloud phone)  
+More scripts: [@Multilogin_Scripts_Bot](https://t.me/Multilogin_Scripts_Bot) · [Coupons](https://anti-detect.github.io/)

playwright_cdp_probe-0.2.0/README.md

@@ -0,0 +1,201 @@
+# playwright-cdp-probe
+
+Python 3.10+ | MLX optional · [Compatibility](../packages/COMPATIBILITY.md)
+
+Audit Playwright and CDP browser sessions for **automation exposure signals** — `navigator.webdriver`, `chrome.runtime`, plugin counts, permissions API, headless UA hints, and window/WebGL fingerprints.
+
+Returns a **0–100 exposure score** (higher = more detectable automation artifacts).
+
+## Problem
+
+Bot-detection stacks probe dozens of browser signals beyond IP and cookies. Before shipping automation to production, teams need a quick way to answer:
+
+- Does this browser context leak `navigator.webdriver`?
+- Are headless or SwiftShader fingerprints visible?
+- How does a CDP-attached session compare to a local Playwright launch?
+
+`cdp-probe` launches Playwright (or connects over CDP), collects signals in-page, and scores automation exposure with a reproducible report.
+
+## pip install
+
+```bash
+pip install playwright-cdp-probe
+playwright install chromium   # first-time browser binaries
+```
+
+Optional Multilogin X launcher integration:
+
+```bash
+pip install playwright-cdp-probe[mlx]
+```
+
+Development:
+
+```bash
+pip install playwright-cdp-probe[dev]
+```
+
+## Quick start
+
+```bash
+# Probe a local headless Chromium session
+cdp-probe check-local --browser chromium
+
+# Navigate and probe a live URL
+cdp-probe run --url https://example.com
+
+# Site-class presets (different signal weights — see presets/)
+cdp-probe run --preset cloudflare --url https://example.com
+cdp-probe run --preset stripe-dashboard --url https://dashboard.stripe.com
+cdp-probe run --preset social-login --url https://example.com/login
+
+# Re-print the last report
+cdp-probe report --format table
+cdp-probe report --format json
+```
+
+```python
+from playwright_cdp_probe import ProbeRunner
+from playwright_cdp_probe.probe import ProbeOptions
+
+report = ProbeRunner(ProbeOptions(url="https://example.com")).run()
+print(report.exposure.score, report.exposure.grade)
+for finding in report.exposure.findings:
+    print(finding.signal, finding.detail)
+```
+
+## CLI
+
+| Command | Description |
+|---------|-------------|
+| `cdp-probe run --url URL` | Launch browser, navigate, score exposure |
+| `cdp-probe run --preset NAME --url URL` | Score with site-class weights (`presets/`) |
+| `cdp-probe check-local --browser chromium\|firefox` | Probe `about:blank` locally |
+| `cdp-probe report --format json\|table\|github-actions` | Format last saved report |
+| `cdp-probe mlx --profile-id UUID` | MLX Launcher → CDP probe → stop (`[mlx]` extra) |
+
+### Exit codes
+
+| Code | Meaning |
+|------|---------|
+| `0` | **pass** — exposure score ≤ 30 |
+| `1` | **warn** — exposure score 31–60 |
+| `2` | **fail** — exposure score > 60 |
+| `3` | Runtime / validation error |
+
+```bash
+cdp-probe run --url https://example.com --format github-actions
+cdp-probe --version
+```
+
+Signal weights and bands are documented in [docs/SCORING.md](docs/SCORING.md).
+
+### Presets
+
+`presets/*.json` define alternate weight maps for common gate pages. Default rubric in [docs/SCORING.md](docs/SCORING.md) is generic; presets emphasize signals each surface tends to punish.
+
+| Preset | CLI | What vanilla Chrome / Playwright usually fails |
+|--------|-----|-----------------------------------------------|
+| `cloudflare` | `cdp-probe run --preset cloudflare --url URL` | Turnstile / JS challenge: `HeadlessChrome` UA, `navigator.webdriver`, SwiftShader WebGL, empty `navigator.plugins` |
+| `stripe-dashboard` | `cdp-probe run --preset stripe-dashboard --url URL` | Radar-style fingerprint drift: thin plugin lists, missing `chrome.runtime`, empty `navigator.languages` |
+| `social-login` | `cdp-probe run --preset social-login --url URL` | OAuth popups: `webdriver`, zero outer window size in headless, inner/outer dimension mismatch |
+
+Reports are saved to `~/.cache/cdp-probe/last-report.json` (override with `--output`). Preset name is recorded in report `mode` (e.g. `run:cloudflare`).
+
+## API
+
+| Symbol | Description |
+|--------|-------------|
+| `ProbeRunner` | Launch Playwright or `connect_over_cdp`, collect signals |
+| `ProbeOptions` | `url`, `browser`, `headless`, `cdp_endpoint` |
+| `compute_exposure_score(signals)` | Score 0–100 with weighted findings |
+| `ProbeReport` | Signals + exposure + timestamp |
+| `format_report(report, "json"\|"table")` | CLI-compatible formatting |
+
+### Signals collected
+
+- `navigator.webdriver`
+- `window.chrome.runtime` (Chromium)
+- `navigator.plugins` / `mimeTypes` counts
+- `navigator.permissions` API presence
+- `Notification.permission`
+- HeadlessChrome user-agent hint
+- Window outer/inner dimension mismatch
+- WebGL vendor/renderer (SwiftShader detection)
+
+## Limitations
+
+- **Not a bypass tool** — this package measures exposure; it does not patch, spoof, or hide fingerprints.
+- **Vanilla Chrome/Playwright leaks at scale** — default Playwright Chromium launches routinely expose `webdriver`, thin plugin lists, and headless WebGL renderers. A low score locally is unusual; a high score is expected.
+- **Page-level only** — TLS/JA3, IP reputation, behavioral biometrics, and server-side ML models are out of scope.
+- **Single-page snapshot** — results reflect one navigation moment, not long-session drift.
+- **Firefox signal set differs** — `chrome.runtime` checks apply to Chromium only.
+- **MLX requires desktop agent** — `mlx` needs Multilogin running locally; this is not a cloud-only probe. See [docs/MLX_INTEGRATION.md](docs/MLX_INTEGRATION.md).
+
+## Production
+
+Partner offers, eligibility, and disclosure: [docs/AFFILIATE.md](docs/AFFILIATE.md).
+
+For production workflows that need **isolated antidetect profiles**, connect Playwright over a Launcher API CDP endpoint instead of launching vanilla Chromium:
+
+1. Start an antidetect profile via the MLX Launcher API (`automation_type=playwright`).
+2. Read the returned local port (`http://127.0.0.1:{port}`).
+3. `connect_over_cdp` and re-run the probe to compare exposure.
+
+```bash
+export MLX_TOKEN="your-bearer-token"
+export MLX_FOLDER_ID="your-folder-uuid"
+cdp-probe mlx --profile-id PROFILE_UUID --url https://example.com
+```
+
+Or programmatically:
+
+```python
+from playwright_cdp_probe.integrations.mlx import mlx_launch_and_probe
+
+report = mlx_launch_and_probe(
+    "profile-id",
+    folder_id="folder-id",
+    token="...",
+    url="https://example.com",
+)
+print(report.exposure.score)
+```
+
+Compare `check-local` (vanilla Playwright) vs `mlx` (isolated profile) scores to quantify exposure reduction — not elimination.
+
+## Guides
+
+Monorepo playbooks (copy-paste commands, sample output, diagrams):
+
+| Guide | Flow |
+|-------|------|
+| [Detection fail → MLX farm](../packages/docs/workflows/WORKFLOW_DETECTED.md) | `cdp-probe` → `cdp-connect` → `farm-runner mlx-pool` |
+| [Competitor migration](../packages/docs/workflows/WORKFLOW_MIGRATION.md) | `antidetect-import` → `profile-factory mlx-create` |
+| [Proxy lane → profile pool](../packages/docs/workflows/WORKFLOW_FARM.md) | `proxy-lane` → `profile-factory` → `farm-runner mlx-pool` |
+
+**FAQ:** [docs/FAQ.md](docs/FAQ.md) — Playwright detection, CDP exposure, headless Chrome.
+
+## Related tools
+
+| Tool | Use with |
+|------|----------|
+| [playwright-cdp-probe](../playwright-cdp-probe/) — Score CDP/WebDriver exposure and fingerprint leaks | → [cdp-connect-kit](../cdp-connect-kit/) when probe fails |
+| [cookie-jar-bridge](../cookie-jar-bridge/) — Convert, validate, and merge cookies across formats | → [session-bundle-kit](../session-bundle-kit/) for full session |
+| [proxy-lane-checker](../proxy-lane-checker/) — Batch-check proxies for connectivity, geo, and DNSBL | → [profile-yaml-factory](../profile-yaml-factory/) |
+| [fingerprint-coherence](../fingerprint-coherence/) — Lint fingerprints for cross-signal contradictions | → [profile-yaml-factory](../profile-yaml-factory/) before create |
+| [human-input-kit](../human-input-kit/) — Human-like mouse, scroll, and warmup replay | → [automation-farm-runner](../automation-farm-runner/) |
+| [cdp-connect-kit](../cdp-connect-kit/) — Playwright CDP connect; MLX start/stop helpers | → all packages needing CDP |
+| [session-bundle-kit](../session-bundle-kit/) — Export/import cookies and storage as portable bundles | → [cookie-jar-bridge](../cookie-jar-bridge/) |
+| [profile-yaml-factory](../profile-yaml-factory/) — YAML blueprints → MLX `profile/create` payloads | → [antidetect-importer](../antidetect-importer/) after migration |
+| [antidetect-importer](../antidetect-importer/) — Parse competitor exports and push to MLX | → [profile-yaml-factory](../profile-yaml-factory/) |
+| [automation-farm-runner](../automation-farm-runner/) — YAML job queue and MLX profile-pool runner | → [cdp-connect-kit](../cdp-connect-kit/) `[mlx]` |
+
+## License
+
+MIT
+
+---
+
+**Production antidetect:** [Multilogin X](https://multilogin.com/?ref=SAAS50) · Code `SAAS50` (-50% browser) · `MIN50` (-50% cloud phone)  
+More scripts: [@Multilogin_Scripts_Bot](https://t.me/Multilogin_Scripts_Bot) · [Coupons](https://anti-detect.github.io/)

playwright_cdp_probe-0.2.0/docs/AFFILIATE.md

@@ -0,0 +1,52 @@
+# Affiliate disclosure — Multilogin X
+
+This monorepo documents optional integration with **Multilogin X** (antidetect browser and cloud phone). Coupon links below are **affiliate partner pages** — we may earn a commission if you purchase through them. Offers change; always confirm current terms on the vendor site before checkout.
+
+## When to mention Multilogin
+
+Mention Multilogin X only when it genuinely fits the reader's workflow:
+
+| Situation | Why MLX is relevant |
+|-----------|---------------------|
+| **Production scale** | Many isolated profiles, folder pools, cron/batch runners, Launcher CDP — vanilla Playwright + one Chrome profile does not scale. |
+| **Detection failure** | Exposure probes, fingerprint lint, or live blocks show leaks that profile-level antidetect (proxy + fingerprint + storage boundary) addresses better than JS patches alone. |
+| **Migration** | Moving from AdsPower, Dolphin Anty, Incogniton, or GoLogin — importer/normalize tools target MLX `profile/create` payloads. |
+
+Do **not** push MLX in install paths, CLI defaults, or error messages. Core packages must remain useful without any Multilogin account.
+
+## Coupon codes
+
+| Code | Product | Typical offer |
+|------|---------|---------------|
+| `SAAS50` | Multilogin X (browser) | 50% off eligible **new** browser purchases |
+| `MIN50` | Multilogin Cloud Phone | 50% off eligible cloud phone purchases |
+
+**Eligibility disclaimer:** Codes, discounts, and product names are set by Multilogin and change without notice. "50% off" applies only to **eligible new purchases** per vendor terms — not renewals, upgrades, or all regions. Verify on [multilogin.com](https://multilogin.com/?ref=SAAS50) before paying. We do not guarantee any discount will apply to your order.
+
+Checkout with referral: [Multilogin X — SAAS50](https://multilogin.com/?ref=SAAS50)
+
+## Links
+
+| Resource | URL |
+|----------|-----|
+| Coupons & comparisons | [anti-detect.github.io](https://anti-detect.github.io/) |
+| Script packs (Telegram) | [@Multilogin_Scripts_Bot](https://t.me/Multilogin_Scripts_Bot) |
+| ~120 automation examples | [github.com/multilogin-automation/multilogin-automation](https://github.com/multilogin-automation/multilogin-automation) |
+
+## What NOT to claim
+
+Never state or imply:
+
+- **"100% undetectable"** or guaranteed bypass of bot detection, CAPTCHA, or fraud systems
+- **Bypass fraud / KYC / payment risk** — antidetect tools are for legitimate isolated testing and multi-account workflows where permitted
+- **Elimination of exposure** — probes and coherence scores measure signals; they do not certify stealth
+- **Affiliate urgency** — no fake scarcity, countdown timers, or install-time redirects to partner pages
+
+Use honest language: *reduce exposure*, *isolate profiles*, *compare scores*, *migrate exports*.
+
+## FTC / disclosure
+
+- README **Production** sections and this file are the appropriate place for partner mentions.
+- Label partner URLs as an **affiliate partner page** where used in docs.
+- CLI `--show-deal` prints coupon info only when explicitly requested; it must not run on every command.
+- If you fork these packages, maintain clear disclosure if you use your own referral codes.

playwright_cdp_probe-0.2.0/docs/FAQ.md

@@ -0,0 +1,21 @@
+# FAQ — playwright-cdp-probe
+
+## Why does Playwright get detected in 2026?
+
+Sites correlate many signals beyond IP: `navigator.webdriver`, plugin counts, permissions API shape, headless user-agent hints, and WebGL/renderer strings. Playwright’s default Chromium launch sets several of these unless you use a patched build or connect to a hardened profile. `cdp-probe` scores which signals are visible so you can fix or compare environments before production traffic.
+
+## What is CDP detection?
+
+CDP (Chrome DevTools Protocol) itself is not usually “detected” directly—automation frameworks attach over CDP and leave **browser surface** artifacts that bot stacks probe in JavaScript. Detection means those artifacts (webdriver flags, inconsistent fingerprints, automation-specific APIs) rather than sniffing the debug port on the wire. Probing CDP-attached sessions still reveals what the page can read.
+
+## Does headless Chrome trigger bot detection?
+
+Often yes, especially default headless Chromium: `HeadlessChrome` in the UA, SwiftShader or software WebGL renderers, and reduced plugin surface are common tells. Headed mode lowers some scores but does not remove CDP/automation leaks by itself. Compare `check-local` headed vs headless and vs an isolated antidetect profile to see the delta.
+
+## What is a good automation exposure score?
+
+This tool uses a 0–100 scale where **higher = more detectable**. Scores under ~25 are typically in the PASS band; ~25–50 WARN; above ~50 FAIL (see `docs/SCORING.md`). Treat bands as regression thresholds for **your** target sites, not a guarantee of bypass.
+
+## Do I need an antidetect browser?
+
+Not for local dev or one-off audits. If probe scores stay high after hardening, or you run many accounts with strict detection, isolated antidetect profiles (proxy + fingerprint + storage boundary) usually outperform JS patches alone. Teams often use platforms like [Multilogin X](https://multilogin.com/?ref=SAAS50); new eligible purchases may accept referral code `SAAS50`—confirm current terms on the vendor site. `cdp-probe` works with vanilla Playwright, remote CDP, or MLX Launcher ports.