fix: keep skill package layout
This commit is contained in:
@@ -47,12 +47,15 @@ These are confirmed operating rules for BOSS's environment:
|
||||
- The new account password is unified through `CUSTOM_PASSWORD`. If it is empty, stop and ask BOSS to fill it, unless BOSS explicitly allows auto-generation for that run.
|
||||
- ClawEmail creates a fresh mailbox for every run (`CLAWEMAIL_CREATE_PER_RUN=true`). Record every created mailbox locally with outcome classification: pending, success, failed.
|
||||
- Phone/SMS platform has no default. Keep `PHONE_VERIFICATION_ENABLED=false` and `PHONE_SMS_PROVIDER` empty unless BOSS configures one or approves enabling it after a phone verification appears.
|
||||
- If phone verification appears and BOSS has configured 5sim, use **SMS activation for `openai`**, not WhatsApp receive channels. The original extension's 5sim provider buys `/v1/user/buy/activation/{country}/{operator}/openai`, polls `/v1/user/check/{activationId}`, and finishes/cancels the activation. Follow the configured `FIVE_SIM_COUNTRY_ID` first; if it is empty, the extension default is `vietnam`. Do **not** silently switch countries after a rejected number unless BOSS changes config or approves fallback. Before buying/submitting a non-USA number, verify the OpenAI visible country selector is already the expected country (for example `越南 (+84)`); if it reverted to `美国 (+1)`, fix the selector first or the number will be parsed as invalid. Use visible UI paste/click on `add-phone` when possible because CDP-only input mutation can desync React state and revert the country on submit. If a number is **not immediately rejected**, do not cancel it after one polling timeout: poll 5sim, click OpenAI `重新发送`, poll again, and retry resend at least once before canceling/rotating. If changing proxy (for example `1085` → `1083`), expect OpenAI auth session invalidation and restart from a fresh target OAuth URL. Codex2API env URLs may point at `/admin/accounts`; derive the API origin before calling `/api/admin/oauth/generate-auth-url`. See `references/openai-add-phone-5sim-sms-activation-2026-05-10.md`, `references/openai-phone-verification-5sim-sms-2026-05-10.md`, and `references/openai-phone-verification-proxy1083-resend-2026-05-10.md` for observed behavior, resend strategy, proxy-switch recovery, and pitfalls.
|
||||
- Plus mode uses `PLUS_PAYMENT_METHOD=gopay`. Any paid GoPay action still requires explicit confirmation immediately before payment/approval.
|
||||
- GoPay WhatsApp OTP uses **方案 A / manual checkpoint**: set `GOPAY_OTP_SOURCE=manual`. The extension detects OTP input and opens a side-panel prompt (`requestGoPayOtpInput` / “输入 GoPay 验证码”); BOSS pastes the WhatsApp code, then the extension fills OTP, fills `GOPAY_PIN`, and continues.
|
||||
- `GOPAY_OTP` should normally stay empty before the run. It is only a temporary prefill/cache for the current OTP dialog, not a durable secret.
|
||||
- Do not implement WhatsApp scraping/API automation unless BOSS explicitly requests it later.
|
||||
|
||||
|
||||
- When BOSS says the environment is normal and asks to start registration testing, treat `socks5://192.168.2.8:1085` as the expected browser proxy unless BOSS overrides it. If `BROWSER_PROXY_SERVER` is empty, patch the local env to this SOCKS5 endpoint and verify it before launching Chrome; do not stop with a question asking whether to use it.
|
||||
- For ordinary-account test runs, set `PLUS_MODE_ENABLED=false` before launching. Keep `PLUS_PAYMENT_METHOD=gopay` untouched for later Plus runs, but do not enter Plus/payment steps.
|
||||
- Registration/OAuth tests are step-gated for BOSS: after environment/config prep and mailbox creation, report the created mailbox and wait for explicit “继续” before launching the visible browser flow.
|
||||
|
||||
1. **Explicit target**: BOSS must specify exactly one target mode: `sub2api`, `codex2api`, or `cpa`; there is no default target, and an empty `PANEL_MODE` must stop execution.
|
||||
2. **Single-run default**: default to one account / one OAuth flow unless BOSS explicitly requests a count.
|
||||
@@ -258,6 +261,8 @@ Important permissions include `tabs`, `webNavigation`, `webRequest`, `proxy`, `d
|
||||
|
||||
## Normal OAuth Flow Steps
|
||||
|
||||
**BOSS correction / manual-flow allowance:** if BOSS asks only to test whether ordinary registration works, do not over-focus on running the original extension as the automation engine. It is acceptable to follow the extension's normal-flow sequence manually through visible Chrome, CDP, and `mail-cli`. The extension should be treated as a process reference unless BOSS explicitly asks to use it. Still keep all checkpoints: stop for CAPTCHA/Cloudflare/security challenge/phone/payment, and do not proceed to OAuth until email verification succeeds.
|
||||
|
||||
Normal mode step definitions:
|
||||
|
||||
1. `open-chatgpt` — clear ChatGPT/OpenAI cookies and open ChatGPT.
|
||||
@@ -371,12 +376,9 @@ The built-in export function exports `getPersistedSettings()` as JSON; this can
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Extension does not appear
|
||||
### Google Chrome stable may ignore `--load-extension`
|
||||
|
||||
- Confirm Chrome was launched with `--load-extension` and `--disable-extensions-except` pointing to the repo directory.
|
||||
- Confirm `manifest.json` exists and is Manifest V3.
|
||||
- Use a non-headless browser. Chrome extension side panels are usually not practical in headless mode.
|
||||
- When using Chrome DevTools Protocol, do not assume the first `/json` `service_worker` target is this automation extension; verify the extension is visible in `chrome://extensions/` and that the target URL/ID corresponds to the unpacked repo before sending `SAVE_SETTING` / `AUTO_RUN`.
|
||||
On BOSS's macOS Chrome stable 147, verbose logs showed `--load-extension is not allowed in Google Chrome, ignoring.` In that case, `ps` still shows the flag but the extension card never appears. Do not keep relaunching the same way. Use the visible UI workaround: open `chrome://extensions`, enable Developer Mode, physically click **加载未打包的扩展程序**, choose the repo folder in the macOS picker, then verify the unpacked card is `ENABLED`. See `references/chrome-147-unpacked-extension-loading-2026-05-09.md`.
|
||||
|
||||
### PassWall2/DNS split rules still polluted
|
||||
|
||||
@@ -406,9 +408,31 @@ curl --proxy socks5h://192.168.2.8:1085 -I -L --max-time 30 https://chatgpt.com/
|
||||
|
||||
Use `socks5h://` with `curl` so DNS resolution happens through the SOCKS proxy. If proxy TCP tests fail with `No route to host`, stop: this is a LAN/gateway/proxy reachability problem, not an OpenAI OAuth or extension problem.
|
||||
|
||||
### SOCKS5 gateway not reachable
|
||||
### OpenAI/ChatGPT direct-connect preflight before launching Chrome
|
||||
|
||||
Before opening the visible Chrome registration flow, run a raw DNS/TLS preflight even if the rest of the environment looks healthy:
|
||||
|
||||
```bash
|
||||
python3 - <<'PY'
|
||||
import socket
|
||||
for host in ['chatgpt.com','accounts.openai.com','auth.openai.com','openai.com']:
|
||||
try:
|
||||
print(host, sorted({x[4][0] for x in socket.getaddrinfo(host,443,proto=socket.IPPROTO_TCP)}))
|
||||
except Exception as e:
|
||||
print(host, 'ERR', e)
|
||||
PY
|
||||
curl -I -L --max-time 25 https://chatgpt.com/ | sed -n '1,30p'
|
||||
```
|
||||
|
||||
If `BROWSER_PROXY_SERVER` is empty and DNS/TLS shows known pollution or transport failure, **stop before launching the registration/OAuth flow**. Examples observed during BOSS's Codex2API + GoPay plan-A test:
|
||||
|
||||
- `chatgpt.com` resolving to non-Cloudflare/suspicious ranges such as `67.230.169.182` or odd IPv6 entries.
|
||||
- `accounts.openai.com` resolving to suspicious ranges such as `199.59.149.234` / `2001::...`.
|
||||
- `curl https://chatgpt.com/` failing with `LibreSSL SSL_connect: SSL_ERROR_SYSCALL`.
|
||||
|
||||
Treat this as an environment/proxy/DNS problem, not an extension, ClawEmail, Codex2API, or account problem. Ask BOSS to fill a reachable `BROWSER_PROXY_SERVER=socks5://host:port` or `http://host:port`, then re-run proxy TCP/exit-IP/ChatGPT checks before starting Chrome. This avoids burning a registration attempt on a flow that will almost certainly stall on OpenAI auth.
|
||||
|
||||
|
||||
If BOSS asks to test a specific proxy such as `socks5://192.168.2.8:1085`, test gateway reachability before browser/extension automation. Use `socks5h://` in curl when the intent is to force DNS through the SOCKS proxy:
|
||||
|
||||
```bash
|
||||
PROXY='socks5h://192.168.2.8:1085'
|
||||
@@ -422,6 +446,31 @@ ping -c 3 -W 1000 192.168.2.8 || true
|
||||
|
||||
If the Mac cannot reach the gateway/port (`No route to host`, `Couldn't connect to server`, ping loss), report this as a local gateway/port problem rather than continuing OAuth or extension tests. See `references/passwall2-socks5-gateway-reachability-2026-05-08.md` for the session example.
|
||||
|
||||
### Extension launch appears successful but `chrome://extensions` is empty
|
||||
|
||||
Chrome/CDP can mislead in multi-profile sessions. A process may show `--load-extension`, and CDP may even transiently show a `chrome-extension://.../service_worker.js` target, while the intended unpacked extension is not actually visible or registered in the isolated profile.
|
||||
|
||||
Before starting OpenAI registration, verify the intended automation extension with stronger evidence:
|
||||
|
||||
- `chrome://extensions/` visibly shows the `codex-oauth-automation-extension` unpacked card; or
|
||||
- `Default/Preferences` has an `extensions.settings` entry whose manifest/path match the intended repo; or
|
||||
- the intended extension page/sidepanel opens and renders expected UI; or
|
||||
- an extension-context runtime call reads the expected manifest/state.
|
||||
|
||||
If `chrome://extensions` is empty and `extensions.settings` is empty, stop before registration. Report the block as **extension launch/registration failure before signup**, keep the ClawEmail record pending/failed according to whether signup was actually attempted, and avoid burning the mailbox on a manual unsupported flow. See `references/chrome-147-unpacked-extension-loading-2026-05-09.md` for the observed Chrome 147 anomaly and debug checklist.
|
||||
|
||||
### OpenAI verification email does not arrive in ClawEmail
|
||||
|
||||
A 2026-05-09 ordinary-registration test reached OpenAI's normal `email-verification` page with two fresh ClawEmail sub-mailboxes, but no OpenAI code arrived in inbox or spam even after resend. Both sub-mailboxes passed a self-send receive test, so the block was classified as OpenAI/ClawEmail deliverability rather than browser, proxy, extension, CAPTCHA, or phone-verification failure. See `references/openai-clawemail-verification-nondelivery-2026-05-09.md`.
|
||||
|
||||
When this happens:
|
||||
|
||||
1. Confirm the exact email in the OpenAI page body via DOM, not OCR only.
|
||||
2. Poll the **sub-mailbox profile**, not just the default primary mailbox profile.
|
||||
3. Check inbox and spam.
|
||||
4. Send a self-test email to the sub-mailbox and verify it arrives.
|
||||
5. If self-test works but OpenAI mail still does not arrive after resend, stop and record `openai_email_verification` failure; try a primary ClawEmail mailbox or another provider next.
|
||||
|
||||
### Proxy not applied
|
||||
|
||||
- Visit an IP-check page in the isolated browser before starting.
|
||||
@@ -453,6 +502,16 @@ If the Mac cannot reach the gateway/port (`No route to host`, `Couldn't connect
|
||||
- Confirm GPC helper URL/card key/phone/PIN/OTP channel settings.
|
||||
- Stop before retrying paid operations repeatedly; ask BOSS.
|
||||
|
||||
See `references/macos-screenshot-proxy-and-registration-prep-2026-05-09.md` for the session note covering the macOS TCC screenshot fix, LAN/SOCKS5 verification, and ordinary-registration prep sequence.
|
||||
|
||||
See `references/openai-clawemail-verification-nondelivery-2026-05-09.md` for the ordinary registration test where OpenAI reached the email-verification page for two ClawEmail submailboxes, but no OpenAI verification email arrived despite submailbox self-test delivery working.
|
||||
|
||||
See `references/openai-add-phone-5sim-sms-activation-2026-05-10.md` for the phone-verification continuation where OpenAI `add-phone` required SMS, BOSS corrected that WhatsApp receive channels must not be used, and 5sim `activation/*/openai` orders plus visible country selection were identified as the right class of workflow.
|
||||
|
||||
See `references/openai-phone-verification-5sim-sms-2026-05-10.md` for the later detailed retry notes: follow configured country/default `vietnam`, cancel failed 5sim orders before buying new ones, treat OpenAI `无法向此电话号码发送验证码` as a number/provider rejection, and avoid CDP-only mutations that desync the React country selector back to `美国 (+1)`.
|
||||
|
||||
See `references/openai-add-phone-1083-vietnam-resend-2026-05-10.md` for the follow-up test requested by BOSS: switch browser proxy to `socks5://192.168.2.8:1083`, regenerate Codex2API OAuth URL from the origin API when the auth session expires, continue with configured-country `vietnam` SMS activation, and for non-rejected numbers poll 5sim then click `重新发送` before canceling/retrying.
|
||||
|
||||
## Verification Checklist
|
||||
|
||||
- [ ] Config file exists at `~/.hermes/env/codex_oauth_onboarding.env` with mode-specific fields.
|
||||
|
||||
Reference in New Issue
Block a user