Review and fix Luban one-by-one phone runner

This commit is contained in:
2026-05-12 00:31:48 +08:00
parent c29567eda6
commit 0370366000
12 changed files with 1230 additions and 4 deletions
@@ -242,6 +242,13 @@ Integration/verification policy:
- Provider abstraction lessons: `references/sms-provider-abstraction-and-luban-2026-05-11.md`.
- Luban UK live test 2026-05-11: with `chickliu2031som6d8@2925.com` email-verified and on OpenAI `add-phone`, 10 United Kingdom/England OpenAI orders using service_id `537935` were bought and held for ~190s each before release. Attempts 1-9 reached `phone-verification` and were not immediately rejected by OpenAI, but Luban `getSms` stayed `msg=wait`; attempt 10 stayed on `add-phone` after submit and should be classified as `submit_no_sms_page`, not a confirmed SMS page. Summary: bought=10, SMS received=0, all orders released successfully. Reference: `references/luban-uk-openai-10-attempts-no-sms-2026-05-11.md`.
- Luban Chile live test 2026-05-11: service_id `508058` resolved for Chile/OpenAI at cost `0.05`. First number passed the `CL` / `智利` country gate and was bought successfully, but OpenAI stayed on `add-phone` and was classified as immediate reject; the order was held for the 3-minute minimum window and released successfully. Summary: bought=1, rejected_by_openai=1, SMS received=0. Reference: `references/luban-chile-openai-immediate-reject-2026-05-11.md`.
- OpenAI phone-code submit audit 2026-05-11: current phone-verification DOM uses a single input `name=code`, `autocomplete=one-time-code`, `maxLength=6`. Reuse the proven 5sim Vietnam submit method: native value setter + `InputEvent('input', {inputType:'insertText', data: code})` + `change` + exact `继续` click. The Luban free-country runner's generic plain `Event('input')` submit may not update React state; classify received-but-not-accepted codes as `sms_submit_failed`, not success. Reference/helper: `references/openai-phone-code-submit-method-audit-2026-05-11.md`, `scripts/submit_openai_phone_code_corrected.py`.
- Luban one-by-one runner review/fix 2026-05-11: after reviewing the 5sim Vietnam success and 335-activation Indonesia success records, the previous ad-hoc Luban runner had defects: continued after OpenAI `糟糕,出错了!`/Bad Request pages, shallow Luban release retries, possible non-React-safe code submit, and under-logged WhatsApp/SMS channel ambiguity. Use `scripts/luban_one_by_one_phone_verify.py` instead of `/tmp/luban_one_by_one_stop_on_sms.py`. It validates `add-phone` readiness before buying, stops on unrecoverable bad pages, loops Luban `reject` until success/already-released/wrong_status, submits codes with the proven `InputEvent` method, and exits while keeping page/order if `sms_submit_failed_hold_for_retry` occurs. Reference: `references/luban-one-by-one-runner-review-and-fixes-2026-05-11.md`.
- For broad Luban testing, always log page channel text (`WhatsApp` vs SMS). If page says WhatsApp but provider returns SMS-style code, treat submit failures as ambiguous until provider raw fields and OpenAI error text are inspected.
- Luban unrestricted live test 2026-05-11: 10 actual bought numbers across Brazil, Philippines, Argentina, Indonesia, Vietnam, Netherlands, Malaysia, Mexico, France, and Brazil again; max 2 per country, held/released per 3-minute policy. Results: 7 OpenAI immediate rejects, 2 SMS timeouts after reaching `phone-verification`, and 1 France SMS delivery. France `service_id=735664` delivered in ~11s, but code submission left OpenAI on `phone-verification`; classify as `sms_submit_failed`, not success. Do not set `success_request_id` unless OpenAI leaves `phone-verification`; see `references/luban-unrestricted-openai-10-buys-france-sms-submit-failed-2026-05-11.md`.
- Deprecated Luban one-by-one runner note 2026-05-11: `/tmp/luban_one_by_one_stop_on_sms.py` / `scripts/luban_one_by_one_stop_on_sms.py` was an earlier ad-hoc version. It proved the stop-on-SMS idea, but it was superseded by `scripts/luban_one_by_one_phone_verify.py` because the old version could continue after OpenAI bad-page states and had shallow release retry. Do not use the old script for new runs; use the optimized script above.
- Before continuing after a Luban phone run, confirm OpenAI `add-phone` is not in `糟糕,出错了!` state and that the country selector is present; `countryValue:null` / `countryText:null` is a page-state failure, not evidence that a country is unsupported.
- Session review 2026-05-11: class-level lessons from the 2925 + Luban OpenAI onboarding run are summarized in `references/session-review-2925-luban-openai-onboarding-2026-05-11.md`; use it to avoid route-based 2925 false negatives, distinguish OpenAI phone acceptance from SMS delivery, and preserve Luban 3-minute release timing.
If using the long-running runner:
@@ -39,8 +39,8 @@ Import format:
```text
邮箱----密码
user1@2925.com----[REDACTED_PASSWORD_1]
user2@2925.com----[REDACTED_PASSWORD_2]
user1@2925.com----[REDACTED_PASSWORD]
user2@2925.com----[REDACTED_PASSWORD]
```
Normalized account fields:
@@ -285,7 +285,7 @@ BOSS specifically prefers Codex onboarding sub-mailboxes to use **only an 8-lett
```bash
FIVE_SIM_API_KEY=
FIVE_SIM_BASE_URL=https://5sim.net/v1
[REDACTED]
FIVE_SIM_COUNTRY_ORDER=argentina,netherlands,indonesia
FIVE_SIM_OPERATOR=any
FIVE_SIM_PRODUCT=openai
@@ -0,0 +1,150 @@
# Success-record review and Luban one-by-one runner fixes (2026-05-11)
## Why this review was needed
BOSS asked to deeply revisit the known phone-verification success records and compare them with the current Luban flow.
The immediate trigger was a Luban France event where a code was received but OpenAI stayed on `phone-verification`, followed by a one-by-one test that ended with:
```json
{"bought":4,"sms_received":0,"sms_timeout":2,"submit_no_sms_page":2}
```
The current OpenAI page then showed `糟糕,出错了!` on `https://auth.openai.com/add-phone`.
## Success records reviewed
### 1. 5sim Vietnam success, 2026-05-10
Reference: `openai-phone-free-country-vietnam-sms-success-codex2api-region-block-2026-05-10.md`.
Key success properties:
- Strict country/area-code gate before buying and again before submit.
- Count only actual provider activations.
- If OpenAI reaches `phone-verification`, poll provider.
- Submit a strict 6-digit code.
- Consider phone success only when OpenAI leaves `phone-verification` and reaches `about-you` / profile.
### 2. 5sim Indonesia success at 335 activations, 2026-05-11
Reference: `openai-phone-335-success-cpa-oauth-login-session-pitfalls-2026-05-11.md`.
Key success properties:
- OpenAI phone codes should prefer strict 6-digit extraction.
- Do not mark provider activation as finished until browser leaves `phone-verification`.
- A wrong parser selected a 4-digit candidate from a provider blob; rechecking the finished activation and extracting a 6-digit code fixed it.
- After phone success, fill `about-you` fields explicitly (`name`, `age`, `birthday`).
## Defects found in the current Luban one-by-one flow
### Defect 1 — submit-code method not identical to successful 5sim method
The current Luban runner used a generic `setVal` with plain `Event('input')` in one path. The successful 5sim submit used:
```javascript
const input=document.querySelector('input[autocomplete=one-time-code], input[name=code], input');
const setter=Object.getOwnPropertyDescriptor(window.HTMLInputElement.prototype,'value').set;
input.focus();
setter.call(input, code);
input.dispatchEvent(new InputEvent('input', {bubbles:true, inputType:'insertText', data:code}));
input.dispatchEvent(new Event('change', {bubbles:true}));
click exact '继续';
```
Fix: use this exact method for OpenAI phone-code submit.
### Defect 2 — Bad Request / OpenAI error state was not fatal enough
The one-by-one run continued country gates after OpenAI became:
```text
title: 糟糕,出错了! - OpenAI
url: https://auth.openai.com/add-phone
```
The page had no usable country selector/tel input for later countries, producing repeated false country-gate failures.
Fix: add `ensure_add_phone_ready()`:
- require `add-phone` URL, country `select`, and tel input;
- reject pages whose title/body match `糟糕|出错|Bad request|unknown_error|HTTP ERROR`;
- try reload/direct navigate a few times;
- if still not ready, stop the runner before buying another number.
### Defect 3 — Luban release retry was too shallow
France `34133707` initially returned:
```text
停用失败,该供应商需要在:118 秒 后停止.
停用失败,该供应商需要在:43 秒 后停止.
```
The runner stopped retrying, requiring manual cleanup. Later manual check showed `该号码已释放`.
Fix: `reject_after_min_wait()` now loops until:
- `success`, or
- `已释放`, or
- `wrong_status`, or
- hard retry deadline.
It parses provider messages such as `N 秒 后停止` and sleeps accordingly.
### Defect 4 — provider/channel ambiguity was under-logged
The current OpenAI phone page can show WhatsApp delivery text:
```text
重新发送 WhatsApp 消息
```
The runner must log page channel (`whatsapp`, `sms`, `unknown`). If provider reports a code while page says WhatsApp, classify failures as ambiguous until provider raw fields and OpenAI error text are inspected.
### Defect 5 — `submit_no_sms_page` must not be treated as SMS delivery evidence
If OpenAI stays on `add-phone` after submit but does not show an explicit phone reject, classify as `submit_no_sms_page`, hold for the minimum Luban release window, release, then recover page. Do not count it as `phone-verification` SMS timeout.
## Implemented optimized runner
New script:
```text
scripts/luban_one_by_one_phone_verify.py
```
Key behavior:
1. Buys only one Luban request at a time.
2. Validates OpenAI `add-phone` readiness before each country and before buying.
3. Stops instead of buying when the page is in Bad Request/error state.
4. Holds unused Luban orders for at least 3 minutes before reject.
5. Retries reject until success/already-released/wrong_status or hard deadline.
6. Polls provider for strict 6-digit code.
7. On SMS received, writes the code only to a local file and logs `sms_received` without printing it.
8. Submits code with the proven 5sim InputEvent method.
9. If submit fails, keeps page and provider order for retry and exits with `sms_submit_failed_hold_for_retry`.
10. Does not set success unless OpenAI leaves `/phone-verification`.
Run example:
```bash
PYTHONUNBUFFERED=1 MAX_BUYS=10 PHONE_POLL_SECONDS=220 MIN_HOLD_SECONDS=180 \
/Users/chick/homebrew/opt/python@3.11/bin/python3.11 \
/Users/chick/.hermes/skills/software-development/codex-oauth-plus-onboarding/scripts/luban_one_by_one_phone_verify.py \
| tee /tmp/luban_one_by_one_phone_verify.log
```
Optional priority override:
```bash
LUBAN_COUNTRY_PRIORITY='France,Vietnam,Portugal,Romania,Germany,Netherlands,Argentina'
```
## Operational rule going forward
For Luban/OpenAI tests, use the optimized script above instead of ad-hoc `/tmp/luban_one_by_one_stop_on_sms.py`.
If the runner exits with `sms_submit_failed_hold_for_retry`, do not release the order and do not navigate away. Retry from the preserved page using the local code file and corrected submit helper.
@@ -0,0 +1,84 @@
# Luban one-by-one stop-on-SMS runner and 2026-05-11 retest
## Why this was added
BOSS asked to retry Luban SMS verification one order at a time:
- buy only one active Luban order at once;
- if `sms_received` occurs, notify immediately;
- submit the code with the proven OpenAI phone-code `InputEvent` method;
- if submission fails again, keep the OpenAI `phone-verification` page and do **not** release/navigate away/waste the number before manual retry.
This produced a reusable runner:
```text
scripts/luban_one_by_one_stop_on_sms.py
```
## Runner behavior
Run example:
```bash
PYTHONUNBUFFERED=1 MAX_BUYS=10 PHONE_POLL_SECONDS=220 MIN_HOLD_SECONDS=180 \
/Users/chick/homebrew/opt/python@3.11/bin/python3.11 \
/Users/chick/.hermes/skills/software-development/codex-oauth-plus-onboarding/scripts/luban_one_by_one_stop_on_sms.py \
| tee /tmp/luban_one_by_one_stop_on_sms.log
```
Important behavior:
1. Resolves Luban OpenAI/ChatGPT services dynamically.
2. Prioritizes France first because a previous run received a France code.
3. Verifies OpenAI country gate before buying.
4. Holds failed/timeout/submit-no-SMS-page orders for at least `MIN_HOLD_SECONDS` before release.
5. Retries Luban `reject` when provider returns messages like `停用失败,该供应商需要在:N 秒 后停止`.
6. Stops immediately when a code is received.
7. Uses the corrected OpenAI code submit method:
- `input[autocomplete="one-time-code"], input[name="code"], input`
- native `HTMLInputElement.value` setter
- `InputEvent('input', {inputType:'insertText', data:code})`
- `change`
- exact `继续` click first
8. If code submit does not leave `/phone-verification`, logs `sms_submit_failed_hold_for_retry` and stops without releasing or navigating.
9. Never prints full phone numbers or SMS code. Code is only written to `/tmp/luban_one_by_one_sms_code.txt`.
## 2026-05-11 run result
Command used from `/tmp` copy:
```text
MAX_BUYS=10 PHONE_POLL_SECONDS=220 MIN_HOLD_SECONDS=180
```
Summary:
```json
{
"bought": 4,
"direct_reject": 0,
"sms_timeout": 2,
"sms_received": 0,
"sms_submit_failed": 0,
"success": false,
"submit_no_sms_page": 2
}
```
Orders:
| Country | request_id | Result | Release |
|---|---:|---|---|
| France | 34133707 | `submit_no_sms_page`; stayed on `add-phone` without explicit reject | later confirmed `该号码已释放` |
| Germany | 34133807 | reached `phone-verification`, page channel `whatsapp`, Luban `msg=wait` for ~220s | retry release success |
| Netherlands | 34133909 | reached `phone-verification`, page channel `whatsapp`, Luban `msg=wait` for ~220s | release success |
| Argentina | 34133959 | `submit_no_sms_page`; stayed on `add-phone` | release success |
No SMS code arrived in this retest, so the corrected code-submit path was not exercised.
## Pitfalls learned
- `submit_no_sms_page` is possible without explicit OpenAI rejection. Treat it as neither direct reject nor SMS-page no-delivery. Hold and release the order, then navigate/recover `add-phone` before continuing.
- Some Luban suppliers require longer than exactly 180 seconds to reject. Parse the provider wait message and retry until success/known released, instead of only retrying once.
- Repeated phone attempts can leave OpenAI `add-phone` in `糟糕,出错了!` state; do not buy another number until the page is reloaded/recovered and the country controls work.
- `countryValue:null`/`countryText:null` after an error page means the selector is absent; this is a page-state failure, not a country unsupported result.
@@ -0,0 +1,129 @@
# Luban unrestricted OpenAI phone test: 10 actual buys (2026-05-11)
## Context
Account under test:
```text
2925 account: chickliu2031@2925.com
OpenAI alias: chickliu2031som6d8@2925.com
Email verification: passed
OpenAI page before test: https://auth.openai.com/add-phone
SMS provider: Luban SMS
Run policy: unrestricted countries, at most 2 buys per country, 10 actual bought numbers total
Minimum hold before release: >= 3 minutes per Luban order
```
Secrets, full phone numbers, SMS/email codes, API keys, and proxy strings are omitted.
## Command
```bash
PYTHONUNBUFFERED=1 TOTAL_BUYS=10 MAX_PER_COUNTRY=2 PHONE_POLL_SECONDS=190 \
/Users/chick/homebrew/opt/python@3.11/bin/python3.11 \
/tmp/luban_free_country_2031_10.py \
| tee /tmp/luban_free_country_2031_10.log
```
## Candidate ordering used
The runner dynamically resolved Luban OpenAI/ChatGPT services and put previously poor UK/Chile services near the end. Initial candidate list included:
```text
Brazil service_id=508059 cost=0.05
Philippines service_id=507996 cost=0.05
Argentina service_id=508043 cost=0.1
Indonesia service_id=508001 cost=0.1
Portugal service_id=788870 cost=0.1
Vietnam service_id=1045467 cost=0.1
Canada service_id=788953 cost=0.15
Netherlands service_id=508051 cost=0.15
Thailand service_id=508044 cost=0.15
Malaysia service_id=508068 cost=0.2
Mexico service_id=731456 cost=0.25
France service_id=735664 cost=0.3
Germany service_id=741829 cost=0.43
USA service_id=715285 cost=0.28
Chile service_id=508058 cost=0.05
UK/England service_id=537935 cost=0.05
```
## Final summary
Raw runner summary:
```json
{
"bought": 10,
"attempts": 13,
"rejected_by_openai": 7,
"sms_timeout": 2,
"sms_received": 1,
"submit_no_sms_page": 0,
"success": false,
"counts": {
"Brazil": 2,
"Philippines": 1,
"Argentina": 1,
"Indonesia": 1,
"Vietnam": 1,
"Netherlands": 1,
"Malaysia": 1,
"Mexico": 1,
"France": 1
},
"success_request_id": 34133204,
"success_country": "France",
"final_href": "https://auth.openai.com/phone-verification"
}
```
Important correction: the runner's `success_request_id` field is misleading here. The France SMS arrived, but code submission left OpenAI on `phone-verification`, so the correct classification is:
```text
sms_received=1
sms_submit_failed=1
phone_verification_success=false
```
## Per-country outcome
```text
Brazil #1: bought, OpenAI immediate reject, released OK.
Philippines: bought, OpenAI immediate reject, released OK.
Argentina: bought, OpenAI immediate reject, released OK.
Indonesia: bought, OpenAI immediate reject, released OK.
Portugal: buy failed, supplier maintenance; not counted as a bought number.
Vietnam: bought, OpenAI immediate reject, released OK.
Canada: buy failed, supplier maintenance; not counted as a bought number.
Netherlands: bought, OpenAI immediate reject, released OK.
Thailand: buy failed, supplier maintenance; not counted as a bought number.
Malaysia: bought, OpenAI immediate reject, released OK.
Mexico: bought, OpenAI entered phone-verification, no SMS after ~202s. First release attempts returned supplier wait messages, later manual recheck showed wrong_status/already released.
France: bought, OpenAI entered phone-verification, SMS arrived in ~11s, but code submission failed / page stayed on phone-verification. Later manual status check showed getSms success and reject returned already released.
Brazil #2: bought, OpenAI entered phone-verification, no SMS after ~193s, released OK.
```
## Operational conclusions
1. Luban unrestricted had one useful signal: **France service_id=735664 delivered an SMS quickly**, unlike UK/Mexico/Brazil no-delivery cases.
2. Delivery alone is not success. The runner must verify OpenAI leaves `phone-verification` after submitting the SMS code before marking success.
3. If `sms_received` but page remains `phone-verification`, classify `sms_submit_failed` and stop/diagnose the code extraction or page input method; do not continue spending while leaving the account on a possibly code-locked phone page.
4. Release handling must cover all post-submit paths:
- immediate reject -> hold >=3 minutes -> reject;
- SMS timeout -> reject, and if Luban says supplier still needs time, schedule another retry until `success`, `wrong_status`, or `already released`;
- SMS received but code not accepted -> check status/release or confirm provider already closed the request.
5. Do not write `success_request_id` unless OpenAI actually leaves `phone-verification` and the account advances.
## Runner patch requirements
Before reusing `/tmp/luban_free_country_2031_10.py` logic as a bundled script:
```text
- Rename success_request_id to candidate_sms_request_id unless browser success is true.
- Add sms_submit_failed counter.
- After submit_code(), inspect body for “代码不正确” / “incorrect code” / still-on-phone-verification and classify failure.
- If code submission fails, do not continue to the next country until the current request is released/closed and OpenAI page is deliberately reset to add-phone.
- Keep 3-minute minimum hold before release for Luban provider orders.
- Treat Luban reject responses containing supplier wait seconds as deferred-release, and recheck/retry until closed.
```
@@ -0,0 +1,102 @@
# OpenAI phone-code submit method audit: Luban France SMS received but submit failed (2026-05-11)
## Context
During Luban free-country testing with `chickliu2031som6d8@2925.com`, France request `34133204` received a code but the runner stayed on OpenAI `phone-verification` after submitting it.
Do not classify that event as a completed phone verification. The correct class is:
```text
sms_received_but_submit_failed
```
## DOM observed on OpenAI phone-verification
Inspection of the current OpenAI phone verification page showed a single code input, not six split inputs:
```json
{
"href": "https://auth.openai.com/phone-verification",
"title": "查看你的手机 - OpenAI",
"input": {
"type": "text",
"name": "code",
"autocomplete": "one-time-code",
"inputMode": "numeric",
"maxLength": 6,
"placeholder": "代码"
},
"buttons": ["继续", "重新发送 WhatsApp 消息"]
}
```
So the correct target is:
```javascript
input[autocomplete="one-time-code"], input[name="code"], input
```
## Difference from the previously successful 5sim Vietnam submit
The successful 5sim Vietnam part2 runner submitted the phone code with:
```javascript
const input=document.querySelector('input[autocomplete=one-time-code], input[name=code], input');
const setter=Object.getOwnPropertyDescriptor(window.HTMLInputElement.prototype,'value').set;
input.focus();
setter.call(input, code);
input.dispatchEvent(new InputEvent('input', {bubbles:true, inputType:'insertText', data:code}));
input.dispatchEvent(new Event('change', {bubbles:true}));
[...document.querySelectorAll('button')].find(b=>(b.innerText||'').trim()==='继续')?.click();
```
The Luban free-country runner used a generic `setVal` helper with plain `Event('input')` instead of `InputEvent('input', {inputType:'insertText', data:code})`:
```javascript
setVal(inputs[0], code); // dispatches Event('input') + Event('change')
```
That may fail to update OpenAI's React/form state even when the DOM value looks set.
## Required fix
For phone-code submission, use the proven 5sim method exactly:
1. Select `input[autocomplete="one-time-code"], input[name="code"], input`.
2. Use the native HTMLInputElement `value` setter.
3. Dispatch `InputEvent('input', {bubbles:true, inputType:'insertText', data:code})`.
4. Dispatch `change`.
5. Verify `input.value.length === 6` and the Continue button is not disabled.
6. Click the exact Chinese `继续` button first, then fallback to English/regex.
7. Save a redacted submit context: input count/name/autocomplete/maxLength, button disabled state, post-submit href/title/body excerpt. Never log the code.
A reusable helper is packaged with this skill:
```text
scripts/submit_openai_phone_code_corrected.py
```
It accepts a code or code-file path, submits using the proven method, and redacts the code from output.
## Extra channel warning
The current phone verification page displayed:
```text
输入我们刚刚通过 WhatsApp 发送到 ... 的验证码。
重新发送 WhatsApp 消息
```
The runner must record the delivery channel text. If the page channel is WhatsApp but the SMS provider reports an SMS-style code, treat failures as ambiguous until the raw provider fields are inspected. Do not auto-mark as success unless OpenAI leaves `/phone-verification`.
## Runner classification fix
After `sms_received`, if submitting the code leaves OpenAI on `/phone-verification`, classify as:
```text
sms_submit_failed
```
not `success_request_id`.
Also release/finish the provider order explicitly according to provider rules and log the result.
@@ -0,0 +1,102 @@
# Session review: 2925 + Luban OpenAI onboarding lessons (2026-05-11)
## Why this reference exists
BOSS asked to actively review the conversation and update the skill library. This session produced several reusable lessons for the broader `codex-oauth-plus-onboarding` workflow, and they belong under the existing umbrella skill rather than as narrow one-off skills.
## Class-level lessons captured
### 1. 2925 Webmail false negatives are a scraper problem until proven otherwise
A manual user check found OpenAI verification mail in 2925 Inbox even though automation reported `candidateCount=0` for multiple resend cycles. The root cause was route-based scraping:
```text
Wrong: https://2925.com/#/mailList?type=收件箱
Right: click the left-side 收件箱 nav, then inspect the real list at #/mailList
```
Reusable rule: before concluding OpenAI did not deliver to a 2925 alias, verify the scraper uses the real DOM flow:
```text
click left 收件箱 -> toolbar 刷新 -> table.maillist-table tr -> hidden tooltip/title/textContent -> open newest matching row -> extract code from message body
```
Detailed reference: `references/mail2925-correct-inbox-scraping-openai-code-2026-05-11.md`.
### 2. SMS-provider tests must separate OpenAI acceptance from SMS delivery
Luban UK demonstrated a useful distinction:
```text
OpenAI acceptance: attempts 1-9 reached phone-verification and were not rejected.
SMS delivery: 0/10 messages arrived after ~190s each.
```
Do not collapse these into a single “failed” label; report both dimensions. Attempt 10 stayed on `add-phone`, so it must be classified as `submit_no_sms_page`, not as a confirmed no-SMS phone-verification attempt.
Detailed reference: `references/luban-uk-openai-10-attempts-no-sms-2026-05-11.md`.
### 3. Luban release timing is provider-specific
BOSS explicitly corrected the release cadence: for real SMS-delivery testing, hold each Luban order at least 3 minutes before releasing. Immediate or too-early release can return provider errors like:
```text
停用失败,该供应商需要在两分钟后停止.
```
Reusable rule: calculate release eligibility from the purchase timestamp, not from the last poll timestamp.
### 4. Country samples should be documented with service_id and result class
Luban country/service results are not interchangeable:
```text
UK / service_id=537935: OpenAI usually accepted, SMS did not arrive in 10 attempts.
Chile / service_id=508058: first attempt was immediately rejected by OpenAI.
```
This helps future runs avoid repeating low-yield country/provider combinations without explicit BOSS approval.
Detailed reference: `references/luban-chile-openai-immediate-reject-2026-05-11.md`.
### 5. After background process completion, always process the result visibly
A prior tool turn ended with an empty response after writing a script. BOSS explicitly asked to process tool results and continue. The skill already contains the rule to always return a visible status after tool-driven steps; this session reinforces that it is not optional.
## Current skill-library state after this session
Updated umbrella:
```text
codex-oauth-plus-onboarding
```
New/updated references:
```text
references/mail2925-correct-inbox-scraping-openai-code-2026-05-11.md
references/luban-uk-openai-10-attempts-no-sms-2026-05-11.md
references/luban-chile-openai-immediate-reject-2026-05-11.md
```
Gitea sync verified at commit:
```text
c29567eda6e1619401d2ccdbc937e7534c35940e
```
## Future action pattern
For new OpenAI/Codex onboarding runs using 2925 + Luban:
1. Load this umbrella skill first.
2. Prefer the corrected 2925 scraper flow before declaring email non-delivery.
3. For Luban, resolve service_id dynamically and log country/provider/service_id/cost.
4. Hold Luban orders at least 3 minutes when testing delivery.
5. Classify outcomes precisely:
- `rejected_by_openai`
- `phone_verification_no_sms`
- `submit_no_sms_page`
- `sms_received_but_code_rejected`
- `phone_verified`
6. Write a concise reference and sync Gitea after non-trivial provider/country tests.
@@ -0,0 +1,311 @@
#!/usr/bin/env python3
"""Luban OpenAI phone verification, one order at a time.
Designed for BOSS's OpenAI/Codex onboarding runs:
- buys only one Luban request at a time;
- waits >=3 minutes before rejecting unused orders;
- stops immediately on SMS submit failure and keeps page/order for retry;
- uses the phone-code submit method proven by the previous 5sim success;
- refuses to keep buying when OpenAI add-phone is in Bad Request/error state.
Secrets are read from ~/.hermes/env/codex_oauth_onboarding.env and never printed.
"""
import json, urllib.request, urllib.error, urllib.parse, websocket, itertools, time, pathlib, re, shlex, os, sys
CDP_PORT=os.environ.get('CDP_PORT','9228')
CDP=f'http://127.0.0.1:{CDP_PORT}'
ENV=pathlib.Path.home()/'.hermes/env/codex_oauth_onboarding.env'
env={}
for line in ENV.read_text(errors='ignore').splitlines():
s=line.strip()
if not s or s.startswith('#') or '=' not in s: continue
if s.startswith('export '): s=s[7:].strip()
k,v=s.split('=',1); k=k.strip(); v=v.strip()
try:
if v and v[0] in '"\'': v=shlex.split(v)[0]
except Exception: pass
env[k]=v.strip('"\'')
KEY=env.get('LUBAN_SMS_API_KEY') or env.get('LUBAN_API_KEY')
BASE=(env.get('LUBAN_SMS_API_BASE') or 'https://lubansms.com/v2/api').rstrip('/')
SERVICE=env.get('LUBAN_SMS_SERVICE_QUERY','OpenAI')
LANG=env.get('LUBAN_SMS_LANGUAGE','en')
POLL_SECONDS=max(180,int(os.environ.get('PHONE_POLL_SECONDS','220')))
MAX_BUYS=int(os.environ.get('MAX_BUYS','10'))
MIN_HOLD=int(os.environ.get('MIN_HOLD_SECONDS','180'))
STATE=pathlib.Path(os.environ.get('LUBAN_RUN_STATE','/tmp/luban_one_by_one_state.json'))
CODE_FILE=pathlib.Path(os.environ.get('LUBAN_CODE_FILE','/tmp/luban_one_by_one_sms_code.txt'))
if not KEY: raise SystemExit('missing_luban_key')
COUNTRY_MAP={
'France':('france','FR','法国','33'), 'Brazil':('brazil','BR','巴西','55'), 'Philippines':('philippines','PH','菲律宾','63'),
'Argentina':('argentina','AR','阿根廷','54'), 'Indonesia':('indonesia','ID','印度尼西亚','62'), 'Vietnam':('vietnam','VN','越南','84'),
'Netherlands':('netherlands','NL','荷兰','31'), 'Malaysia':('malaysia','MY','马来西亚','60'), 'Mexico':('mexico','MX','墨西哥','52'),
'Portugal':('portugal','PT','葡萄牙','351'), 'Romania':('romania','RO','罗马尼亚','40'), 'Germany':('germany','DE','德国','49'),
'Thailand':('thailand','TH','泰国','66'), 'Colombia':('colombia','CO','哥伦比亚','57'), 'Italy':('italy','IT','意大利','39'),
'Poland':('poland','PL','波兰','48'), 'Spain':('spain','ES','西班牙','34'), 'United Kingdom/England':('england','GB','英国','44'),
'England':('england','GB','英国','44'), 'United Kingdom':('england','GB','英国','44'), 'Chile':('chile','CL','智利','56'),
}
DEFAULT_PRIORITY=['France','Vietnam','Portugal','Romania','Germany','Netherlands','Argentina','Brazil','Philippines','Indonesia','Malaysia','Mexico']
PRIORITY=[x.strip() for x in os.environ.get('LUBAN_COUNTRY_PRIORITY',','.join(DEFAULT_PRIORITY)).split(',') if x.strip()]
BAD_PAGE_RE=re.compile(r'糟糕|出错|Bad request|unknown_error|this page isn|HTTP ERROR|currently unable', re.I)
def log(o):
o.setdefault('ts',int(time.time()))
print(json.dumps(o,ensure_ascii=False),flush=True)
def http_json(endpoint, **params):
params={k:v for k,v in params.items() if v is not None}; params['apikey']=KEY
url=BASE+'/'+endpoint.lstrip('/')+'?'+urllib.parse.urlencode(params)
req=urllib.request.Request(url,headers={'Accept':'application/json','User-Agent':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36'})
try:
with urllib.request.urlopen(req,timeout=35) as r:
txt=r.read().decode(errors='ignore'); st=r.status
except urllib.error.HTTPError as e:
txt=e.read().decode(errors='ignore'); st=e.code
except Exception as e:
return 0, {'error':type(e).__name__+': '+str(e)}
try: data=json.loads(txt)
except Exception: data={'raw':txt[:300]}
return st,data
def strict_code_from_provider(d):
if isinstance(d,dict):
for k in ['sms_code','code','verification_code']:
v=d.get(k)
if v:
m=re.search(r'(?<!\d)(\d{6})(?!\d)',str(v))
if m: return m.group(1)
for k in ['sms','msg','message','text','content']:
v=d.get(k)
if v:
m=re.search(r'(?<!\d)(\d{6})(?!\d)',str(v))
if m: return m.group(1)
m=re.search(r'(?<!\d)(\d{6})(?!\d)', json.dumps(d,ensure_ascii=False) if not isinstance(d,str) else d)
return m.group(1) if m else None
def cdp():
tabs=json.loads(urllib.request.urlopen(CDP+'/json/list',timeout=10).read().decode())
pages=[t for t in tabs if t.get('type')=='page' and 'auth.openai.com' in t.get('url','')] or [t for t in tabs if t.get('type')=='page']
if not pages: raise RuntimeError('no_cdp_page')
ws=websocket.create_connection(pages[0]['webSocketDebuggerUrl'],timeout=15,suppress_origin=True); cnt=itertools.count(1)
def call(m,p=None,timeout=60):
i=next(cnt); ws.send(json.dumps({'id':i,'method':m,'params':p or {}})); end=time.time()+timeout
while time.time()<end:
msg=json.loads(ws.recv())
if msg.get('id')==i:
if 'error' in msg: raise RuntimeError(msg['error'])
return msg.get('result',{})
raise TimeoutError(m)
call('Runtime.enable'); call('Page.enable')
def ev(e,timeout=90):
return call('Runtime.evaluate',{'expression':e,'returnByValue':True,'awaitPromise':True},timeout).get('result',{}).get('value')
return ws,call,ev
def page_state():
ws,call,ev=cdp()
try:
return ev("({href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,2600),hasSelect:!!document.querySelector('select'),hasTel:!!document.querySelector('input[type=tel]')})")
finally: ws.close()
def navigate_add_phone():
ws,call,ev=cdp()
try:
call('Page.navigate',{'url':'https://auth.openai.com/add-phone'}); time.sleep(8)
return ev("({href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,2600),hasSelect:!!document.querySelector('select'),hasTel:!!document.querySelector('input[type=tel]')})")
finally: ws.close()
def ensure_add_phone_ready(max_rounds=3):
last=None
for i in range(max_rounds):
st=page_state() if i==0 else navigate_add_phone()
last=st
text=(st.get('title','')+' '+st.get('body',''))
ready='add-phone' in st.get('href','') and st.get('hasSelect') and st.get('hasTel') and not BAD_PAGE_RE.search(text)
if ready:
return True, st
# Try one hard reload after a bad page before giving up.
ws,call,ev=cdp()
try:
call('Page.reload',{'ignoreCache':True}); time.sleep(6)
finally:
ws.close()
return False, last
def select_country_clear(iso,cname,dial):
ok_page, st = ensure_add_phone_ready()
if not ok_page:
return {'ok':False,'fatal':True,'error':'add_phone_not_ready','state':st}
ws,call,ev=cdp()
try:
gate=ev(f"""(async()=>{{
const sleep=ms=>new Promise(r=>setTimeout(r,ms));
const sel=document.querySelector('select');
if(sel){{sel.value={json.dumps(iso)}; sel.dispatchEvent(new Event('input',{{bubbles:true}})); sel.dispatchEvent(new Event('change',{{bubbles:true}})); await sleep(1300);}}
const tel=document.querySelector('input[type=tel]');
if(tel){{tel.focus(); const setter=Object.getOwnPropertyDescriptor(HTMLInputElement.prototype,'value').set; setter.call(tel,''); tel.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'deleteContentBackward'}})); tel.dispatchEvent(new Event('change',{{bubbles:true}}));}}
return {{href:location.href,title:document.title,countryValue:sel?.value,countryText:sel?.options?.[sel.selectedIndex]?.text,body:(document.body.innerText||'').slice(0,2200),hasSelect:!!sel,hasTel:!!tel}};
}})()""",90)
text=(gate.get('body','')+gate.get('countryText',''))
gate['ok']=gate.get('countryValue')==iso and (cname in text or ('+'+dial) in text) and not BAD_PAGE_RE.search(gate.get('title','')+' '+gate.get('body',''))
return gate
finally: ws.close()
def submit_phone(full,dial):
digits=re.sub(r'\D','',str(full)); local=digits
if local.startswith(dial): local=local[len(dial):]
if local.startswith('0'): local=local[1:]
ws,call,ev=cdp()
try:
return ev(f"""(async()=>{{
const sleep=ms=>new Promise(r=>setTimeout(r,ms));
const tel=document.querySelector('input[type=tel]'); if(!tel) return {{href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,1500),reason:'no_tel'}};
const setter=Object.getOwnPropertyDescriptor(HTMLInputElement.prototype,'value').set;
tel.focus(); setter.call(tel,''); tel.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'deleteContentBackward'}}));
setter.call(tel,{json.dumps(local)}); tel.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'insertText',data:{json.dumps(local)}}})); tel.dispatchEvent(new Event('change',{{bubbles:true}}));
await sleep(700);
const sel=document.querySelector('select'); const btn=[...document.querySelectorAll('button')].find(b=>(b.innerText||'').trim()==='继续')||[...document.querySelectorAll('button')].find(b=>/Continue|Next|继续/.test(b.innerText||''));
const before={{countryValue:sel?.value,countryText:sel?.options?.[sel.selectedIndex]?.text,telLen:tel?.value?.length,buttonDisabled:btn?.disabled}};
if(btn && !btn.disabled) btn.click();
await sleep(10000);
return {{before,href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,3000)}};
}})()""",170)
finally: ws.close()
def poll_sms(rid,start_ts):
end=start_ts+POLL_SECONDS; last={}
while time.time()<end:
st,d=http_json('getSms',request_id=rid); last=d if isinstance(d,dict) else {}
code=strict_code_from_provider(last)
if code: return code,last
log({'phase':'sms_poll_wait','request_id':rid,'http':st,'msg':last.get('msg'),'elapsed':int(time.time()-start_ts)})
time.sleep(10)
return None,last
def submit_code_corrected(code):
ws,call,ev=cdp()
try:
return ev(f"""(async()=>{{
const code={json.dumps(code)}; const sleep=ms=>new Promise(r=>setTimeout(r,ms));
const input=document.querySelector('input[autocomplete="one-time-code"], input[name="code"], input');
const before={{href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,1300),inputCount:document.querySelectorAll('input').length,hasInput:!!input,inputName:input?.name,inputAutocomplete:input?.autocomplete,inputMaxLength:input?.maxLength}};
if(!input) return {{ok:false,reason:'no_input',before}};
input.focus(); const setter=Object.getOwnPropertyDescriptor(window.HTMLInputElement.prototype,'value').set;
setter.call(input,''); input.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'deleteContentBackward',data:null}}));
setter.call(input,code); input.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'insertText',data:code}})); input.dispatchEvent(new Event('change',{{bubbles:true}}));
await sleep(500); const afterInput={{valueLen:(input.value||'').length,valid:input.checkValidity?.(),disabled:input.disabled}};
const btn=[...document.querySelectorAll('button')].find(b=>(b.innerText||'').trim()==='继续') || [...document.querySelectorAll('button')].find(b=>/Continue|Next|Verify|验证|继续/.test(b.innerText||''));
const button={{exists:!!btn,text:btn?.innerText,disabled:btn?.disabled,ariaDisabled:btn?.getAttribute('aria-disabled')}};
if(btn && !btn.disabled) btn.click(); await sleep(12000);
return {{ok:true,before,afterInput,button,after:{{href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,2200)}}}};
}})()""",170)
finally: ws.close()
def reject_after_min_wait(rid,buy_ts):
# Keep trying until success/already released/wrong_status or a hard cap, because Luban can return "N seconds later".
deadline=time.time()+420
while True:
wait=max(0,MIN_HOLD-(time.time()-buy_ts))
if wait>0:
log({'phase':'release_wait_min_hold','request_id':rid,'sleep_seconds':int(wait)})
time.sleep(wait)
st,d=http_json('setStatus',request_id=rid,status='reject')
msg=str(d.get('msg') if isinstance(d,dict) else d)
ok=st==200 and isinstance(d,dict) and d.get('code')==0
already=('已释放' in msg or 'wrong_status' in msg)
log({'phase':'activation_reject','request_id':rid,'http':st,'ok':ok or already,'msg':msg[:120]})
if ok or already:
return True
m=re.search(r'(\d+)\s*秒',msg)
delay=min(max(int(m.group(1))+5,30),90) if m else 75
if time.time()+delay>deadline:
log({'phase':'activation_reject_give_up','request_id':rid,'msg':msg[:120]})
return False
time.sleep(delay)
def fetch_services():
rows=[]
for page in range(1,8):
st,d=http_json('List',service=SERVICE,language=LANG,page=page)
if st!=200 or not isinstance(d,dict) or d.get('code')!=0 or not isinstance(d.get('msg'),list): continue
for r in d['msg']:
cen=str(r.get('country_name_en') or r.get('country_name') or '')
name=str(r.get('service_name') or '')
if cen in COUNTRY_MAP and r.get('service_id') and ('openai' in name.lower() or 'chatgpt' in name.lower() or SERVICE.lower() in name.lower()): rows.append(r)
seen={}
for r in rows:
cen=str(r.get('country_name_en') or r.get('country_name') or '')
if cen not in seen: seen[cen]=r
def score(r):
cen=str(r.get('country_name_en') or r.get('country_name') or '')
pri=PRIORITY.index(cen) if cen in PRIORITY else 50
try: cost=float(r.get('cost'))
except Exception: cost=99
return (pri,cost,cen)
return sorted(seen.values(),key=score)
services=fetch_services()
log({'phase':'run_start','mode':'luban_one_by_one_v2','max_buys':MAX_BUYS,'poll_seconds':POLL_SECONDS,'min_hold':MIN_HOLD,'candidate_services':[{'service_id':r.get('service_id'),'country':r.get('country_name_en'),'cost':r.get('cost')} for r in services[:15]]})
summary={'bought':0,'direct_reject':0,'sms_timeout':0,'sms_received':0,'sms_submit_failed':0,'success':False,'submit_no_sms_page':0}
if not services:
log({'phase':'no_services'}); sys.exit(2)
for svc in services:
if summary['bought']>=MAX_BUYS or summary['success']: break
cen=str(svc.get('country_name_en') or svc.get('country_name') or '')
slug,iso,cname,dial=COUNTRY_MAP[cen]
gate=select_country_clear(iso,cname,dial)
log({'phase':'country_gate','country':cen,'ok':gate.get('ok'),'fatal':gate.get('fatal'),'countryValue':gate.get('countryValue'),'countryText':gate.get('countryText'),'href':gate.get('href') or (gate.get('state') or {}).get('href'),'title':gate.get('title') or (gate.get('state') or {}).get('title')})
if gate.get('fatal'):
summary['fatal_page_recovery_failed']=True
break
if not gate.get('ok'):
continue
st,d=http_json('getNumber',service_id=svc['service_id'])
rid=d.get('request_id') if isinstance(d,dict) else None; phone=d.get('number') if isinstance(d,dict) else None
if not (rid and phone):
log({'phase':'buy_fail','country':cen,'service_id':svc.get('service_id'),'http':st,'code':d.get('code') if isinstance(d,dict) else None,'msg':d.get('msg') if isinstance(d,dict) else str(d)[:160]})
continue
summary['bought']+=1; buy_ts=time.time()
STATE.write_text(json.dumps({'current_request_id':rid,'country':cen,'service_id':svc.get('service_id'),'phone_redacted':'[REDACTED]'+re.sub(r'\D','',str(phone))[-4:]},ensure_ascii=False,indent=2))
log({'phase':'activation_bought','buy_index':summary['bought'],'country':cen,'service_id':svc.get('service_id'),'request_id':rid,'phone_redacted':'[REDACTED]'+re.sub(r'\D','',str(phone))[-4:]})
res=submit_phone(phone,dial)
body=res.get('body',''); text=res.get('title','')+' '+body
rejected=any(x in body for x in ['无法向此电话号码发送验证码','电话号码无效']) or any(x in body.lower() for x in ['invalid phone','unable to send'])
bad_page=bool(BAD_PAGE_RE.search(text))
sms_page=('phone-verification' in res.get('href','')) or ('验证码' in body and '重新发送' in body and not rejected and not bad_page)
channel='whatsapp' if re.search(r'WhatsApp|Whats\s*App',body,re.I) else ('sms' if re.search(r'SMS|短信|text message',body,re.I) else 'unknown')
log({'phase':'phone_submitted','buy_index':summary['bought'],'country':cen,'request_id':rid,'href':res.get('href'),'title':res.get('title'),'rejected':rejected,'bad_page':bad_page,'sms_page':sms_page,'channel':channel})
if rejected or bad_page:
summary['direct_reject']+=1 if rejected else 0
summary['submit_no_sms_page']+=0 if rejected else 1
reject_after_min_wait(rid,buy_ts)
if bad_page:
okp, pst=ensure_add_phone_ready()
log({'phase':'post_bad_page_recovery','ok':okp,'href':pst.get('href') if isinstance(pst,dict) else None,'title':pst.get('title') if isinstance(pst,dict) else None})
if not okp: break
continue
if not sms_page:
summary['submit_no_sms_page']+=1
reject_after_min_wait(rid,buy_ts)
continue
code,last=poll_sms(rid,buy_ts)
if not code:
summary['sms_timeout']+=1
log({'phase':'sms_timeout','buy_index':summary['bought'],'country':cen,'request_id':rid,'last_msg':last.get('msg') if isinstance(last,dict) else None,'waited_seconds':int(time.time()-buy_ts)})
reject_after_min_wait(rid,buy_ts)
continue
summary['sms_received']+=1; CODE_FILE.write_text(code)
log({'phase':'sms_received','buy_index':summary['bought'],'country':cen,'request_id':rid,'elapsed':int(time.time()-buy_ts),'provider_fields':[k for k in (last or {}).keys() if k not in ('apikey','number')]})
res2=submit_code_corrected(code)
after=res2.get('after') or {}; before=res2.get('before') or {}
success='phone-verification' not in after.get('href','') and '代码不正确' not in after.get('body','') and 'incorrect' not in after.get('body','').lower()
log({'phase':'sms_code_submitted_corrected','success':bool(success),'request_id':rid,'country':cen,'href':after.get('href'),'title':after.get('title'),'input_meta':{k:before.get(k) for k in ['inputCount','hasInput','inputName','inputAutocomplete','inputMaxLength']},'button':res2.get('button'),'body_excerpt':(after.get('body') or '')[:500].replace(code,'[REDACTED_CODE]')})
if success:
summary.update({'success':True,'success_request_id':rid,'success_country':cen,'final_href':after.get('href')})
break
summary.update({'sms_submit_failed':summary['sms_submit_failed']+1,'held_request_id':rid,'held_country':cen,'final_href':after.get('href')})
log({'phase':'sms_submit_failed_hold_for_retry','request_id':rid,'country':cen,'action':'KEEP_PAGE_AND_ORDER_NO_RELEASE','code_file':str(CODE_FILE)})
log({'phase':'run_final','summary':summary})
sys.exit(4)
log({'phase':'run_final','summary':summary})
sys.exit(0 if summary.get('success') else 3)
@@ -0,0 +1,248 @@
#!/usr/bin/env python3
"""Luban one-by-one OpenAI phone verification runner.
Purpose:
- Buy and test one Luban activation at a time.
- Stop immediately when SMS is received and submit using the proven OpenAI code InputEvent method.
- If code submission fails, keep the OpenAI phone-verification page and provider order state for manual/retry investigation; do not navigate away or start another order.
- Hold rejected/timeout/submit_no_sms_page orders for a configurable minimum before release.
Environment:
- Reads ~/.hermes/env/codex_oauth_onboarding.env for LUBAN_SMS_API_KEY and optional LUBAN_SMS_API_BASE.
- Uses OpenAI Chrome CDP at CDP_PORT (default 9228).
Safety:
- Never prints full phone numbers or SMS codes.
- Writes current request metadata to /tmp/luban_one_by_one_state.json.
- Writes raw code only to /tmp/luban_one_by_one_sms_code.txt when a code arrives.
"""
import json, urllib.request, urllib.error, urllib.parse, websocket, itertools, time, pathlib, re, shlex, os, sys
CDP_PORT=os.environ.get('CDP_PORT','9228'); CDP=f'http://127.0.0.1:{CDP_PORT}'
ENV=pathlib.Path.home()/'.hermes/env/codex_oauth_onboarding.env'; env={}
for line in ENV.read_text(errors='ignore').splitlines():
s=line.strip()
if not s or s.startswith('#') or '=' not in s: continue
if s.startswith('export '): s=s[7:].strip()
k,v=s.split('=',1); k=k.strip(); v=v.strip()
try:
if v and v[0] in '"\'': v=shlex.split(v)[0]
except Exception: pass
env[k]=v.strip('"\'')
KEY=env.get('LUBAN_SMS_API_KEY') or env.get('LUBAN_API_KEY')
BASE=(env.get('LUBAN_SMS_API_BASE') or 'https://lubansms.com/v2/api').rstrip('/')
SERVICE=env.get('LUBAN_SMS_SERVICE_QUERY','OpenAI'); LANG=env.get('LUBAN_SMS_LANGUAGE','en')
POLL_SECONDS=max(180,int(os.environ.get('PHONE_POLL_SECONDS','220')))
MAX_BUYS=int(os.environ.get('MAX_BUYS','10'))
MIN_HOLD=int(os.environ.get('MIN_HOLD_SECONDS','180'))
STATE=pathlib.Path('/tmp/luban_one_by_one_state.json')
CODE_FILE=pathlib.Path('/tmp/luban_one_by_one_sms_code.txt')
if not KEY: raise SystemExit('missing_luban_key')
COUNTRY_MAP={
'France':('france','FR','法国','33'), 'Brazil':('brazil','BR','巴西','55'), 'Philippines':('philippines','PH','菲律宾','63'),
'Argentina':('argentina','AR','阿根廷','54'), 'Indonesia':('indonesia','ID','印度尼西亚','62'), 'Vietnam':('vietnam','VN','越南','84'),
'Netherlands':('netherlands','NL','荷兰','31'), 'Malaysia':('malaysia','MY','马来西亚','60'), 'Mexico':('mexico','MX','墨西哥','52'),
'Portugal':('portugal','PT','葡萄牙','351'), 'Romania':('romania','RO','罗马尼亚','40'), 'Germany':('germany','DE','德国','49'),
'Thailand':('thailand','TH','泰国','66'), 'Colombia':('colombia','CO','哥伦比亚','57'), 'Italy':('italy','IT','意大利','39'),
'Poland':('poland','PL','波兰','48'), 'Spain':('spain','ES','西班牙','34'), 'United Kingdom/England':('england','GB','英国','44'),
'England':('england','GB','英国','44'), 'United Kingdom':('england','GB','英国','44'), 'Chile':('chile','CL','智利','56'),
}
PRIORITY=['France','Vietnam','Portugal','Romania','Germany','Netherlands','Argentina','Brazil','Philippines','Indonesia','Malaysia','Mexico']
def log(o):
o.setdefault('ts',int(time.time())); print(json.dumps(o,ensure_ascii=False),flush=True)
def http_json(endpoint, **params):
params={k:v for k,v in params.items() if v is not None}; params['apikey']=KEY
url=BASE+'/'+endpoint.lstrip('/')+'?'+urllib.parse.urlencode(params)
req=urllib.request.Request(url,headers={'Accept':'application/json','User-Agent':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36'})
try:
with urllib.request.urlopen(req,timeout=35) as r: txt=r.read().decode(errors='ignore'); st=r.status
except urllib.error.HTTPError as e: txt=e.read().decode(errors='ignore'); st=e.code
except Exception as e: return 0, {'error':type(e).__name__+': '+str(e)}
try: data=json.loads(txt)
except Exception: data={'raw':txt[:300]}
return st,data
def strict_code_from_provider(d):
if isinstance(d,dict):
for k in ['sms_code','code','verification_code']:
v=d.get(k)
if v:
m=re.search(r'(?<!\d)(\d{6})(?!\d)',str(v))
if m: return m.group(1)
for k in ['sms','msg','message','text','content']:
v=d.get(k)
if v:
m=re.search(r'(?<!\d)(\d{6})(?!\d)',str(v))
if m: return m.group(1)
m=re.search(r'(?<!\d)(\d{6})(?!\d)', json.dumps(d,ensure_ascii=False) if not isinstance(d,str) else d)
return m.group(1) if m else None
def cdp():
tabs=json.loads(urllib.request.urlopen(CDP+'/json/list',timeout=10).read().decode())
pages=[t for t in tabs if t.get('type')=='page' and 'auth.openai.com' in t.get('url','')] or [t for t in tabs if t.get('type')=='page']
if not pages: raise RuntimeError('no_cdp_page')
ws=websocket.create_connection(pages[0]['webSocketDebuggerUrl'],timeout=15,suppress_origin=True); cnt=itertools.count(1)
def call(m,p=None,timeout=60):
i=next(cnt); ws.send(json.dumps({'id':i,'method':m,'params':p or {}})); end=time.time()+timeout
while time.time()<end:
msg=json.loads(ws.recv())
if msg.get('id')==i:
if 'error' in msg: raise RuntimeError(msg['error'])
return msg.get('result',{})
raise TimeoutError(m)
call('Runtime.enable'); call('Page.enable')
def ev(e,timeout=90): return call('Runtime.evaluate',{'expression':e,'returnByValue':True,'awaitPromise':True},timeout).get('result',{}).get('value')
return ws,call,ev
def page_state():
ws,call,ev=cdp()
try: return ev("({href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,2200)})")
finally: ws.close()
def navigate_add_phone():
ws,call,ev=cdp()
try:
call('Page.navigate',{'url':'https://auth.openai.com/add-phone'}); time.sleep(8)
return ev("({href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,2000)})")
finally: ws.close()
def select_country_clear(iso,cname,dial):
st=page_state()
if 'add-phone' not in st.get('href',''):
st=navigate_add_phone()
if 'add-phone' not in st.get('href',''):
return {'ok':False,'error':'not_add_phone','state':st}
ws,call,ev=cdp()
try:
gate=ev(f"""(async()=>{{
const sleep=ms=>new Promise(r=>setTimeout(r,ms));
const sel=document.querySelector('select');
if(sel){{sel.value={json.dumps(iso)}; sel.dispatchEvent(new Event('input',{{bubbles:true}})); sel.dispatchEvent(new Event('change',{{bubbles:true}})); await sleep(1300);}}
const tel=document.querySelector('input[type=tel]'); if(tel){{tel.focus(); const setter=Object.getOwnPropertyDescriptor(HTMLInputElement.prototype,'value').set; setter.call(tel,''); tel.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'deleteContentBackward'}})); tel.dispatchEvent(new Event('change',{{bubbles:true}}));}}
return {{href:location.href,countryValue:sel?.value,countryText:sel?.options?.[sel.selectedIndex]?.text,body:(document.body.innerText||'').slice(0,2000)}};
}})()""",90)
text=(gate.get('body','')+gate.get('countryText',''))
ok=gate.get('countryValue')==iso and (cname in text or ('+'+dial) in text)
gate['ok']=ok
return gate
finally: ws.close()
def submit_phone(full,dial):
digits=re.sub(r'\D','',str(full)); local=digits
if local.startswith(dial): local=local[len(dial):]
if local.startswith('0'): local=local[1:]
ws,call,ev=cdp()
try:
return ev(f"""(async()=>{{const sleep=ms=>new Promise(r=>setTimeout(r,ms)); const tel=document.querySelector('input[type=tel]'); const setter=Object.getOwnPropertyDescriptor(HTMLInputElement.prototype,'value').set; tel.focus(); setter.call(tel,''); tel.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'deleteContentBackward'}})); setter.call(tel,{json.dumps(local)}); tel.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'insertText',data:{json.dumps(local)}}})); tel.dispatchEvent(new Event('change',{{bubbles:true}})); await sleep(700); const sel=document.querySelector('select'); const btn=[...document.querySelectorAll('button')].find(b=>(b.innerText||'').trim()==='继续')||[...document.querySelectorAll('button')].find(b=>/Continue|Next|继续/.test(b.innerText||'')); const before={{countryValue:sel?.value,countryText:sel?.options?.[sel.selectedIndex]?.text,telLen:tel?.value?.length,buttonDisabled:btn?.disabled}}; if(btn) btn.click(); await sleep(10000); return {{before,href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,2800)}};}})()""",170)
finally: ws.close()
def poll_sms(rid,start_ts):
end=start_ts+POLL_SECONDS; last={}
while time.time()<end:
st,d=http_json('getSms',request_id=rid); last=d if isinstance(d,dict) else {}
code=strict_code_from_provider(last)
if code: return code,last
log({'phase':'sms_poll_wait','request_id':rid,'http':st,'msg':last.get('msg'),'elapsed':int(time.time()-start_ts)})
time.sleep(10)
return None,last
def submit_code_corrected(code):
ws,call,ev=cdp()
try:
return ev(f"""(async()=>{{
const code={json.dumps(code)}; const sleep=ms=>new Promise(r=>setTimeout(r,ms));
const input=document.querySelector('input[autocomplete="one-time-code"], input[name="code"], input');
const before={{href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,1300),inputCount:document.querySelectorAll('input').length,hasInput:!!input,inputName:input?.name,inputAutocomplete:input?.autocomplete,inputMaxLength:input?.maxLength}};
if(!input) return {{ok:false,reason:'no_input',before}};
input.focus(); const setter=Object.getOwnPropertyDescriptor(window.HTMLInputElement.prototype,'value').set;
setter.call(input,''); input.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'deleteContentBackward',data:null}}));
setter.call(input,code); input.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'insertText',data:code}})); input.dispatchEvent(new Event('change',{{bubbles:true}}));
await sleep(500); const afterInput={{valueLen:(input.value||'').length,valid:input.checkValidity?.(),disabled:input.disabled}};
const btn=[...document.querySelectorAll('button')].find(b=>(b.innerText||'').trim()==='继续') || [...document.querySelectorAll('button')].find(b=>/Continue|Next|Verify|验证|继续/.test(b.innerText||''));
const button={{exists:!!btn,text:btn?.innerText,disabled:btn?.disabled,ariaDisabled:btn?.getAttribute('aria-disabled')}};
if(btn) btn.click(); await sleep(12000);
return {{ok:true,before,afterInput,button,after:{{href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,2000)}}}};
}})()""",170)
finally: ws.close()
def reject_after_min_wait(rid,buy_ts):
wait=max(0,MIN_HOLD-(time.time()-buy_ts))
if wait>0:
log({'phase':'release_wait_min_hold','request_id':rid,'sleep_seconds':int(wait)}); time.sleep(wait)
# Keep retrying provider-deferred releases until released or retries exhausted.
for attempt in range(1,5):
st,d=http_json('setStatus',request_id=rid,status='reject')
ok=st==200 and d.get('code')==0
log({'phase':'activation_reject' if attempt==1 else 'activation_reject_retry','attempt':attempt,'request_id':rid,'http':st,'ok':ok,'msg':d.get('msg')})
if ok or '已释放' in str(d.get('msg')) or 'wrong_status' in str(d.get('msg')):
return
m=re.search(r'(\d+)\s*秒', str(d.get('msg') or ''))
time.sleep(max(45, min(130, int(m.group(1))+5 if m else 75)))
def fetch_services():
rows=[]
for page in range(1,8):
st,d=http_json('List',service=SERVICE,language=LANG,page=page)
if st!=200 or d.get('code')!=0 or not isinstance(d.get('msg'),list): continue
for r in d['msg']:
cen=str(r.get('country_name_en') or r.get('country_name') or '')
name=str(r.get('service_name') or '')
if cen in COUNTRY_MAP and r.get('service_id') and ('openai' in name.lower() or 'chatgpt' in name.lower() or SERVICE.lower() in name.lower()): rows.append(r)
seen={}
for r in rows:
cen=str(r.get('country_name_en') or r.get('country_name') or '')
if cen not in seen: seen[cen]=r
def score(r):
cen=str(r.get('country_name_en') or r.get('country_name') or '')
pri=PRIORITY.index(cen) if cen in PRIORITY else 50
try: cost=float(r.get('cost'))
except Exception: cost=99
return (pri,cost,cen)
return sorted(seen.values(),key=score)
services=fetch_services()
log({'phase':'run_start','mode':'one_by_one_stop_on_sms_or_success','max_buys':MAX_BUYS,'poll_seconds':POLL_SECONDS,'min_hold':MIN_HOLD,'candidate_services':[{'service_id':r.get('service_id'),'country':r.get('country_name_en'),'cost':r.get('cost')} for r in services[:15]]})
summary={'bought':0,'direct_reject':0,'sms_timeout':0,'sms_received':0,'sms_submit_failed':0,'success':False}
for svc in services:
if summary['bought']>=MAX_BUYS or summary['success']: break
cen=str(svc.get('country_name_en') or svc.get('country_name') or '')
slug,iso,cname,dial=COUNTRY_MAP[cen]
gate=select_country_clear(iso,cname,dial); log({'phase':'country_gate','country':cen,'ok':gate.get('ok'),'countryValue':gate.get('countryValue'),'countryText':gate.get('countryText'),'href':gate.get('href')})
if not gate.get('ok'): continue
st,d=http_json('getNumber',service_id=svc['service_id'])
rid=d.get('request_id') if isinstance(d,dict) else None; phone=d.get('number') if isinstance(d,dict) else None
if not (rid and phone):
log({'phase':'buy_fail','country':cen,'service_id':svc.get('service_id'),'http':st,'code':d.get('code') if isinstance(d,dict) else None,'msg':d.get('msg') if isinstance(d,dict) else str(d)[:160]}); continue
summary['bought']+=1; buy_ts=time.time()
STATE.write_text(json.dumps({'current_request_id':rid,'country':cen,'service_id':svc.get('service_id'),'phone_redacted':'[REDACTED]'+re.sub(r'\D','',str(phone))[-4:]},ensure_ascii=False,indent=2))
log({'phase':'activation_bought','buy_index':summary['bought'],'country':cen,'service_id':svc.get('service_id'),'request_id':rid,'phone_redacted':'[REDACTED]'+re.sub(r'\D','',str(phone))[-4:]})
res=submit_phone(phone,dial)
body=res.get('body',''); rejected=any(x in body for x in ['无法向此电话号码发送验证码','电话号码无效']) or any(x in body.lower() for x in ['invalid phone','unable to send'])
sms_page=('phone-verification' in res.get('href','')) or ('验证码' in body and '重新发送' in body and not rejected)
channel='whatsapp' if re.search(r'WhatsApp|Whats\s*App',body,re.I) else ('sms' if re.search(r'SMS|短信|text message',body,re.I) else 'unknown')
log({'phase':'phone_submitted','buy_index':summary['bought'],'country':cen,'request_id':rid,'href':res.get('href'),'rejected':rejected,'sms_page':sms_page,'channel':channel})
if rejected:
summary['direct_reject']+=1; reject_after_min_wait(rid,buy_ts); continue
if not sms_page:
summary.setdefault('submit_no_sms_page',0); summary['submit_no_sms_page']+=1; reject_after_min_wait(rid,buy_ts); continue
code,last=poll_sms(rid,buy_ts)
if not code:
summary['sms_timeout']+=1; log({'phase':'sms_timeout','buy_index':summary['bought'],'country':cen,'request_id':rid,'last_msg':last.get('msg') if isinstance(last,dict) else None,'waited_seconds':int(time.time()-buy_ts)}); reject_after_min_wait(rid,buy_ts); continue
summary['sms_received']+=1; CODE_FILE.write_text(code)
log({'phase':'sms_received','buy_index':summary['bought'],'country':cen,'request_id':rid,'elapsed':int(time.time()-buy_ts),'provider_fields':[k for k in (last or {}).keys() if k not in ('apikey','number')]})
res2=submit_code_corrected(code)
after=res2.get('after') or {}; before=res2.get('before') or {}
success='phone-verification' not in after.get('href','') and '代码不正确' not in after.get('body','') and 'incorrect' not in after.get('body','').lower()
log({'phase':'sms_code_submitted_corrected','success':bool(success),'request_id':rid,'country':cen,'href':after.get('href'),'title':after.get('title'),'input_meta':{k:before.get(k) for k in ['inputCount','hasInput','inputName','inputAutocomplete','inputMaxLength']},'button':res2.get('button'),'body_excerpt':(after.get('body') or '')[:500].replace(code,'[REDACTED_CODE]')})
if success:
summary['success']=True; summary['success_request_id']=rid; summary['success_country']=cen; summary['final_href']=after.get('href')
break
else:
summary['sms_submit_failed']+=1; summary['held_request_id']=rid; summary['held_country']=cen; summary['final_href']=after.get('href')
log({'phase':'sms_submit_failed_hold_for_retry','request_id':rid,'country':cen,'action':'KEEP_PAGE_AND_ORDER_NO_RELEASE','code_file':str(CODE_FILE)})
log({'phase':'run_final','summary':summary})
sys.exit(4)
log({'phase':'run_final','summary':summary})
sys.exit(0 if summary.get('success') else 3)
@@ -0,0 +1,93 @@
#!/usr/bin/env python3
"""Submit an OpenAI phone verification code using the method proven in successful runs.
Usage:
submit_openai_phone_code_corrected.py <code-or-file> [cdp_port]
The script never prints the code. It targets the visible OpenAI auth tab on the given
Chrome DevTools port, fills `input[autocomplete="one-time-code"], input[name="code"], input`
with the native value setter, dispatches an InputEvent with insertText metadata, clicks
Continue, and prints a redacted JSON result.
"""
import itertools
import json
import pathlib
import re
import sys
import time
import urllib.request
import websocket
def redact_code(obj, code):
s = json.dumps(obj, ensure_ascii=False)
return s.replace(code, "[REDACTED_CODE]")
def main():
if len(sys.argv) < 2:
raise SystemExit("usage: submit_openai_phone_code_corrected.py <code-or-file> [cdp_port]")
arg = sys.argv[1]
cdp_port = sys.argv[2] if len(sys.argv) > 2 else "9228"
p = pathlib.Path(arg)
raw = p.read_text().strip() if p.exists() else arg.strip()
code = "".join(re.findall(r"\d", raw))[:6]
if len(code) != 6:
raise SystemExit("invalid_code_len")
cdp = f"http://127.0.0.1:{cdp_port}"
tabs = json.loads(urllib.request.urlopen(cdp + "/json/list", timeout=10).read().decode())
pages = [t for t in tabs if t.get("type") == "page" and "auth.openai.com" in t.get("url", "")]
if not pages:
raise SystemExit("no_auth_page")
ws = websocket.create_connection(pages[0]["webSocketDebuggerUrl"], timeout=15, suppress_origin=True)
counter = itertools.count(1)
def call(method, params=None, timeout=60):
msg_id = next(counter)
ws.send(json.dumps({"id": msg_id, "method": method, "params": params or {}}))
deadline = time.time() + timeout
while time.time() < deadline:
msg = json.loads(ws.recv())
if msg.get("id") == msg_id:
if "error" in msg:
raise RuntimeError(msg["error"])
return msg.get("result", {})
raise TimeoutError(method)
call("Runtime.enable")
call("Page.enable")
expr = f"""
(async()=>{{
const code={json.dumps(code)};
const sleep=ms=>new Promise(r=>setTimeout(r,ms));
const input=document.querySelector('input[autocomplete="one-time-code"], input[name="code"], input');
const before={{href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,1000),inputCount:document.querySelectorAll('input').length,hasInput:!!input,inputName:input?.name,inputAutocomplete:input?.autocomplete,inputMaxLength:input?.maxLength}};
if(!input) return {{ok:false,reason:'no_input',before}};
input.focus();
const setter=Object.getOwnPropertyDescriptor(window.HTMLInputElement.prototype,'value').set;
setter.call(input,'');
input.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'deleteContentBackward',data:null}}));
setter.call(input,code);
input.dispatchEvent(new InputEvent('input',{{bubbles:true,inputType:'insertText',data:code}}));
input.dispatchEvent(new Event('change',{{bubbles:true}}));
await sleep(500);
const afterInput={{valueLen:(input.value||'').length, valid:input.checkValidity?.(), disabled:input.disabled}};
const btn=[...document.querySelectorAll('button')].find(b=>(b.innerText||'').trim()==='继续') || [...document.querySelectorAll('button')].find(b=>/Continue|Next|Verify|验证|继续/.test(b.innerText||''));
const button={{exists:!!btn,text:btn?.innerText,disabled:btn?.disabled,ariaDisabled:btn?.getAttribute('aria-disabled')}};
if(btn) btn.click();
await sleep(12000);
return {{ok:true,before,afterInput,button,after:{{href:location.href,title:document.title,body:(document.body.innerText||'').slice(0,1600)}}}};
}})()
"""
try:
result = call("Runtime.evaluate", {"expression": expr, "returnByValue": True, "awaitPromise": True}, 90)["result"].get("value")
print(redact_code(result, code))
finally:
ws.close()
if __name__ == "__main__":
main()
@@ -110,7 +110,7 @@ HERO_SMS_COUNTRY_FALLBACK=
# 5sim
FIVE_SIM_API_KEY=
FIVE_SIM_PRODUCT=
[REDACTED]
FIVE_SIM_COUNTRY_ORDER=
FIVE_SIM_COUNTRY_ID=
FIVE_SIM_COUNTRY_LABEL=