Skip to content

feat: Windows cookie import for setup-browser-cookies#64

Open
MichaelTheMay wants to merge 6 commits intogarrytan:mainfrom
MichaelTheMay:windows-support
Open

feat: Windows cookie import for setup-browser-cookies#64
MichaelTheMay wants to merge 6 commits intogarrytan:mainfrom
MichaelTheMay:windows-support

Conversation

@MichaelTheMay
Copy link

@MichaelTheMay MichaelTheMay commented Mar 15, 2026

Summary

  • Windows cookie import — full decryption pipeline for Chrome, Edge, and Brave using DPAPI + AES-256-GCM via PowerShell. Supports v10 cookies; v20 App-Bound cookies (Chrome 127+) fail gracefully.
  • Platform dispatcher — routes findInstalledBrowsers, listDomains, importCookies to macOS or Windows module based on process.platform.
  • Shared module — extracted types, Chromium epoch utils, sameSite mapping, profile validation, and DB copy helper to cookie-import-shared.ts.
  • better-sqlite3 dependency — prebuilt native SQLite for Node.js/tsx on Windows.
  • Chrome 96+ Network/Cookies fallback — both macOS and Windows now check the new path first.
  • Cross-platform browser launchcmd /c start (Windows), open (macOS), xdg-open (Linux).
  • 27 new tests for Windows decryption pipeline.
  • Fix: cli.ts IS_WINDOWS used before declaration (ReferenceError on Windows).
  • Fix: win-server.ts simplified — removed bun:sqlite error handler.

Pre-Landing Review

No issues found. (No SQL injection, no LLM outputs, no user-facing HTML. Parameterized queries, sanitized PowerShell inputs, path traversal prevention.)

Eval Results

No prompt-related files changed — evals skipped.

TODOS

  • Updated "v20 encryption format support" → "v20 App-Bound Encryption support" (elevated to P2, v10 AES-256-GCM done)
  • Updated "Linux/Windows cookie decryption" → "Linux cookie decryption" (Windows done, Linux remaining)

Known Limitations

  • Chrome exclusive file lock (Windows): Chrome holds an exclusive lock on its cookie DB on Windows. User must close Chrome first. This affects all third-party cookie tools.
  • v20 App-Bound Encryption (Chrome/Edge 127+): The app_bound_encrypted_key is DPAPI-encrypted with LocalMachine scope + browser-specific entropy, inaccessible to third-party tools. v10 cookies decrypt correctly.

Test plan

  • All cookie tests pass (51 tests across 3 files)
  • Pre-existing test failures are unchanged (bun PATH, getGitRoot, commands timeout — all Windows-specific, not caused by this PR)
  • Integration tested: cookie-import-browser detects Chrome + Edge, picker UI opens, Edge DB reads + DPAPI decrypts

🤖 Generated with Claude Code

MichaelTheMay and others added 6 commits March 15, 2026 01:00
@MichaelTheMay @claude
feat: add Windows support for browse server and CLI
01eb705 
Bun's subprocess pipe handling and WebSocket client are broken on Windows,
which prevents Playwright from launching Chromium. This commit adds a
Node.js-based server path for Windows while keeping the original Bun path
for macOS/Linux.

Changes:
- cli.ts: Windows detection, bun path resolution, 20s startup timeout,
  cross-platform /tmp handling, Windows-compatible process kill (taskkill)
- win-server.ts: Node.js entry point with Bun API polyfills (serve, spawn,
  sleep, file, write) that imports the standard server.ts
- cookie-import-browser.ts: Dynamic import for bun:sqlite to avoid crash
  on Node.js
- meta-commands.ts, snapshot.ts, write-commands.ts: Replace hardcoded /tmp
  with os.tmpdir(), use path.sep for cross-platform path comparison
- server.ts: Cross-platform import.meta.dir fallback
- package.json: Remove Windows-incompatible glob in build script, add tsx dep

Tested on Windows 11 with Node.js v22 + Bun v1.3.10:
- browse goto, text, snapshot, screenshot, responsive, js, console, network,
  tabs, status all verified working

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@MichaelTheMay
Merge remote-tracking branch 'origin/main' into windows-support
a10134e
@MichaelTheMay
refactor: extract shared types and utils to cookie-import-shared.ts
b659896 
Types (BrowserInfoBase, DomainEntry, ImportResult, PlaywrightCookie, RawCookie),
CookieImportError, Chromium epoch utils, sameSite mapping, profile validation,
and DB copy-when-locked helper — shared by macOS and Windows modules.
@MichaelTheMay
feat: add Windows cookie import with DPAPI + AES-256-GCM decryption
5388761 
Windows module (cookie-import-browser-win.ts): Chrome/Edge/Brave detection,
DPAPI master key via PowerShell, v10 AES-256-GCM cookie decryption,
Network/Cookies path fallback for Chrome 96+.

Platform dispatcher (cookie-import.ts): routes to macOS or Windows module
based on process.platform.

Refactored macOS module to import shared code from cookie-import-shared.ts.
Added better-sqlite3 dependency for Node.js/tsx SQLite access on Windows.
27 new tests for Windows decryption pipeline.
@MichaelTheMay
fix: wire up platform dispatcher and cross-platform browser launch
d24f01f 
- cookie-picker-routes.ts: import from platform dispatcher, await async calls
- write-commands.ts: import from dispatcher, platform-detect open command
- win-server.ts: remove bun:sqlite error handler (no longer needed)
- cli.ts: fix IS_WINDOWS used before declaration (ReferenceError)
@MichaelTheMay @claude
chore: bump version and changelog (v0.3.10)
ee90c8d 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MichaelTheMay