diff --git a/.gitignore b/.gitignore
index 40656fa..5ec43f5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,17 @@
 .omc
 .obsidian
 /docs/test-screenshots/
+.gstack/
+AWSCLIV2.pkg
+
+# Local developer secrets — template is checked in as .env.example.
+agentkeys-secrets.env
+
+# agentkeys-workflow-collection: per-run recordings (~50MB each, binary
+# trace.zips don't delta-compress). Keep locally; commit only curated
+# reference recordings via explicit negations below.
+provisioner-scripts/recordings/*/
+!provisioner-scripts/recordings/openrouter-signup-reference/
+!provisioner-scripts/recordings/brave-search-signup-reference/
+!provisioner-scripts/recordings/elevenlabs-signup-reference/
+!provisioner-scripts/recordings/.gitkeep
diff --git a/.mcp.json b/.mcp.json
new file mode 100644
index 0000000..6246632
--- /dev/null
+++ b/.mcp.json
@@ -0,0 +1,13 @@
+{
+  "mcpServers": {
+    "chrome-devtools": {
+      "type": "stdio",
+      "command": "npx",
+      "args": [
+        "chrome-devtools-mcp@latest",
+        "--browser-url=http://127.0.0.1:9222"
+      ],
+      "env": {}
+    }
+  }
+}
\ No newline at end of file
diff --git a/agentkeys-secrets.env.example b/agentkeys-secrets.env.example
new file mode 100644
index 0000000..8e89c8f
--- /dev/null
+++ b/agentkeys-secrets.env.example
@@ -0,0 +1,64 @@
+# agentkeys-secrets.env.example
+#
+# Template for local developer secrets. DO NOT commit the real file — that's
+# gitignored as `agentkeys-secrets.env`. Two ways to use:
+#
+#   1. Source it manually per shell:
+#        cp agentkeys-secrets.env.example agentkeys-secrets.env
+#        <fill in real values>
+#        source agentkeys-secrets.env
+#
+#   2. Source it from ~/.zshenv so non-interactive shells (Claude Code's Bash
+#      tool, cron jobs) pick it up too:
+#        echo "[ -f $PWD/agentkeys-secrets.env ] && source $PWD/agentkeys-secrets.env" >> ~/.zshenv
+#
+# After filling, run: `source scripts/stage6-demo-env.sh` to mint 1 h STS
+# temp creds from DAEMON_* and export them as AWS_*.
+
+# ─── Long-lived IAM users (rotate quarterly) ──────────────────────────────────
+
+# Daemon user — only permission is `sts:AssumeRole` into agentkeys-agent.
+# Compromise blast radius = can assume the role; rotate via `aws iam
+# update-access-key --status Inactive` + create new key.
+export DAEMON_ACCESS_KEY_ID=AKIA...REPLACE_ME
+export DAEMON_SECRET_ACCESS_KEY=REPLACE_ME
+
+# Admin user — used for infra changes (SES config, IAM policies). NOT used by
+# the scraper/recorder runtime. If you don't do admin work, leave blank.
+export ADMIN_AWS_ACCESS_KEY_ID=AKIA...REPLACE_ME_OR_BLANK
+export ADMIN_AWS_ACCESS_KEY_SECRET=REPLACE_ME_OR_BLANK
+
+# ─── Non-secret infrastructure knobs ──────────────────────────────────────────
+
+export REGION=us-east-1
+export DOMAIN=bots.litentry.org
+export ACCOUNT_ID=429071895007
+export BUCKET="agentkeys-mail-${ACCOUNT_ID}"
+export ROLE_ARN="arn:aws:iam::${ACCOUNT_ID}:role/agentkeys-agent"
+export DAEMON_USER_ARN="arn:aws:iam::${ACCOUNT_ID}:user/agentkeys-daemon"
+export PARENT_ZONE_ID=Z09723983CFJOHAE3VC65  # litentry.org Route 53 zone
+
+# Bucket where SES drops inbound mail for bots.litentry.org addresses.
+export AGENTKEYS_SES_BUCKET="$BUCKET"
+export AGENTKEYS_EMAIL_BACKEND=ses-s3
+
+# Chrome CDP endpoint the recorder connects to.
+export CDP_URL=http://localhost:9222
+
+# ─── Signup / login test credentials ──────────────────────────────────────────
+
+# Stable password for throwaway signup accounts. Fresh email per run is auto-
+# generated by the recorder (bot-${Date.now()}@bots.litentry.org).
+export AGENTKEYS_SIGNUP_PASSWORD=REPLACE_ME_WITH_STRONG_PASSWORD
+
+# ─── CAPTCHA-solving service (optional) ───────────────────────────────────────
+#
+# CapSolver handles hCaptcha / reCAPTCHA / Cloudflare Turnstile on services
+# that gate signup behind a challenge (ElevenLabs uses invisible hCaptcha).
+# Without this key, the recorder escalates to human-in-loop on those
+# services. Brave Search's custom PoW captcha is NOT a CapSolver task —
+# it solves client-side on its own.
+#
+# Pricing: ~$1 per 1000 hCaptcha solves.
+# Sign up: https://capsolver.com (paste the CAP-... token)
+export CAPSOLVER_API_KEY=CAP-REPLACE_ME
diff --git a/crates/agentkeys-cli/src/lib.rs b/crates/agentkeys-cli/src/lib.rs
index 75785ff..622d0c3 100644
--- a/crates/agentkeys-cli/src/lib.rs
+++ b/crates/agentkeys-cli/src/lib.rs
@@ -909,6 +909,42 @@ pub async fn cmd_provision(
     }
 }
 
+pub async fn cmd_inbox_provision(ctx: &CommandContext, agent: Option<&str>) -> Result<String> {
+    let session = ctx.load_session().context("load session (run `agentkeys init` first)")?;
+    let backend = ctx.backend();
+    let agent_id = resolve_agent(&backend, &session, agent).await?;
+
+    if ctx.verbose {
+        eprintln!("[verbose] POST {}/mock/inbox/provision", ctx.backend_url);
+        eprintln!("[verbose] agent: {}", agent_id.0);
+    }
+
+    let address = backend
+        .provision_inbox(&session, &agent_id)
+        .await
+        .map_err(wrap_backend_error)?;
+
+    Ok(address.to_string())
+}
+
+pub async fn cmd_inbox_list(ctx: &CommandContext, agent: Option<&str>) -> Result<String> {
+    let session = ctx.load_session().context("load session (run `agentkeys init` first)")?;
+    let backend = ctx.backend();
+    let agent_id = resolve_agent(&backend, &session, agent).await?;
+
+    if ctx.verbose {
+        eprintln!("[verbose] GET {}/mock/inbox/list", ctx.backend_url);
+        eprintln!("[verbose] agent: {}", agent_id.0);
+    }
+
+    let addresses = backend
+        .list_inboxes(&session, &agent_id)
+        .await
+        .map_err(wrap_backend_error)?;
+
+    Ok(addresses.iter().map(|a| a.to_string()).collect::<Vec<_>>().join("\n"))
+}
+
 pub fn cmd_feedback() -> String {
     let url = "https://github.com/agentkeys/agentkeys/discussions";
     let opened = std::process::Command::new("open").arg(url).status().is_ok()
diff --git a/crates/agentkeys-cli/src/main.rs b/crates/agentkeys-cli/src/main.rs
index 3940d2e..dcf2383 100644
--- a/crates/agentkeys-cli/src/main.rs
+++ b/crates/agentkeys-cli/src/main.rs
@@ -1,6 +1,7 @@
 use agentkeys_cli::{
-    cmd_approve, cmd_feedback, cmd_init, cmd_link, cmd_provision, cmd_read, cmd_recover,
-    cmd_revoke, cmd_run, cmd_scope, cmd_store, cmd_teardown, cmd_usage, CommandContext,
+    cmd_approve, cmd_feedback, cmd_inbox_list, cmd_inbox_provision, cmd_init, cmd_link,
+    cmd_provision, cmd_read, cmd_recover, cmd_revoke, cmd_run, cmd_scope, cmd_store, cmd_teardown,
+    cmd_usage, CommandContext,
 };
 
 
@@ -172,6 +173,36 @@ enum Commands {
         long_about = "Open https://github.com/agentkeys/agentkeys/discussions in the default browser.\n\nExamples:\n  agentkeys feedback"
     )]
     Feedback,
+
+    #[command(
+        about = "Manage agent inbox addresses",
+        long_about = "Provision or list inbox addresses for an agent.\n\nOmit --agent to default to the session wallet.\n\nExamples:\n  agentkeys inbox provision\n  agentkeys inbox provision --agent 0xAGENT\n  agentkeys inbox list\n  agentkeys inbox list --agent 0xAGENT"
+    )]
+    Inbox {
+        #[command(subcommand)]
+        action: InboxAction,
+    },
+}
+
+#[derive(Subcommand)]
+enum InboxAction {
+    #[command(
+        about = "Provision a new inbox address for an agent",
+        long_about = "Provision a new inbox email address for an agent and print the address.\n\nOmit --agent to default to the session wallet.\n\nExamples:\n  agentkeys inbox provision\n  agentkeys inbox provision --agent 0xAGENT"
+    )]
+    Provision {
+        #[arg(long, help = "Agent wallet address, alias, or email (defaults to session wallet)")]
+        agent: Option<String>,
+    },
+
+    #[command(
+        about = "List inbox addresses provisioned for an agent",
+        long_about = "List all inbox email addresses provisioned for an agent, one per line.\n\nOmit --agent to default to the session wallet.\n\nExamples:\n  agentkeys inbox list\n  agentkeys inbox list --agent 0xAGENT"
+    )]
+    List {
+        #[arg(long, help = "Agent wallet address, alias, or email (defaults to session wallet)")]
+        agent: Option<String>,
+    },
 }
 
 #[tokio::main]
@@ -208,6 +239,14 @@ async fn main() {
             })
         }
         Commands::Feedback => Ok(cmd_feedback()),
+        Commands::Inbox { action } => match action {
+            InboxAction::Provision { agent } => {
+                cmd_inbox_provision(&ctx, agent.as_deref()).await
+            }
+            InboxAction::List { agent } => {
+                cmd_inbox_list(&ctx, agent.as_deref()).await
+            }
+        },
     };
 
     match result {
diff --git a/crates/agentkeys-cli/tests/cli_tests.rs b/crates/agentkeys-cli/tests/cli_tests.rs
index 891d150..9f12d57 100644
--- a/crates/agentkeys-cli/tests/cli_tests.rs
+++ b/crates/agentkeys-cli/tests/cli_tests.rs
@@ -1,8 +1,8 @@
 use std::sync::Arc;
 
 use agentkeys_cli::{
-    cmd_init, cmd_link, cmd_provision, cmd_read, cmd_revoke, cmd_run, cmd_scope, cmd_store,
-    cmd_teardown, cmd_usage, CommandContext,
+    cmd_inbox_list, cmd_inbox_provision, cmd_init, cmd_link, cmd_provision, cmd_read, cmd_revoke,
+    cmd_run, cmd_scope, cmd_store, cmd_teardown, cmd_usage, CommandContext,
 };
 use agentkeys_core::backend::CredentialBackend;
 use agentkeys_core::session_store::SessionStore;
@@ -1059,6 +1059,8 @@ impl CredentialBackend for ProvisionTestBackend {
     async fn resolve_identity(&self, _: &Session, _: &str) -> Result<agentkeys_types::WalletAddress, agentkeys_core::backend::BackendError> { unimplemented!() }
     async fn get_scope(&self, _: &Session, _: &agentkeys_types::WalletAddress) -> Result<Option<agentkeys_types::Scope>, agentkeys_core::backend::BackendError> { unimplemented!() }
     async fn update_scope(&self, _: &Session, _: &agentkeys_types::WalletAddress, _: &agentkeys_types::Scope) -> Result<(), agentkeys_core::backend::BackendError> { unimplemented!() }
+    async fn provision_inbox(&self, _: &Session, _: &agentkeys_types::WalletAddress) -> Result<agentkeys_types::InboxAddress, agentkeys_core::backend::BackendError> { unimplemented!() }
+    async fn list_inboxes(&self, _: &Session, _: &agentkeys_types::WalletAddress) -> Result<Vec<agentkeys_types::InboxAddress>, agentkeys_core::backend::BackendError> { unimplemented!() }
 }
 
 // Test: provision masked output — subprocess emits a success key; stdout must be masked
@@ -1269,3 +1271,48 @@ async fn cmd_scope_add_remove_overlap_errors() {
         "unexpected error: {err}"
     );
 }
+
+#[tokio::test]
+async fn inbox_provision_returns_address() {
+    let backend = create_test_backend();
+    let (store, _tmp) = test_store();
+    let (_wallet, session) = init_session_with_store(&backend, &store).await;
+    let ctx = ctx_with_session(backend, session, store);
+
+    let result = cmd_inbox_provision(&ctx, None).await.unwrap();
+    assert!(
+        result.starts_with("bot-") && result.contains('@'),
+        "expected bot-*@domain address, got: {result}"
+    );
+}
+
+#[tokio::test]
+async fn inbox_list_after_provision_returns_one_entry() {
+    let backend = create_test_backend();
+    let (store, _tmp) = test_store();
+    let (_wallet, session) = init_session_with_store(&backend, &store).await;
+    let ctx = ctx_with_session(backend, session, store);
+
+    let provisioned = cmd_inbox_provision(&ctx, None).await.unwrap();
+    let listed = cmd_inbox_list(&ctx, None).await.unwrap();
+
+    let lines: Vec<&str> = listed.lines().collect();
+    assert_eq!(lines.len(), 1, "expected 1 inbox, got: {listed}");
+    assert_eq!(lines[0], provisioned.trim(), "listed address does not match provisioned");
+}
+
+#[tokio::test]
+async fn inbox_list_accumulates_multiple_provisions() {
+    let backend = create_test_backend();
+    let (store, _tmp) = test_store();
+    let (_wallet, session) = init_session_with_store(&backend, &store).await;
+    let ctx = ctx_with_session(backend, session, store);
+
+    cmd_inbox_provision(&ctx, None).await.unwrap();
+    cmd_inbox_provision(&ctx, None).await.unwrap();
+    cmd_inbox_provision(&ctx, None).await.unwrap();
+
+    let listed = cmd_inbox_list(&ctx, None).await.unwrap();
+    let lines: Vec<&str> = listed.lines().collect();
+    assert_eq!(lines.len(), 3, "expected 3 inboxes, got: {listed}");
+}
diff --git a/crates/agentkeys-core/src/auth_request.rs b/crates/agentkeys-core/src/auth_request.rs
index 1dc9964..39ad2a1 100644
--- a/crates/agentkeys-core/src/auth_request.rs
+++ b/crates/agentkeys-core/src/auth_request.rs
@@ -65,7 +65,7 @@ fn cbor_key_bytes(key: &Value) -> Vec<u8> {
     buf
 }
 
-fn sort_map(map: &mut Vec<(Value, Value)>) {
+fn sort_map(map: &mut [(Value, Value)]) {
     map.sort_by(|(a, _), (b, _)| {
         let a_bytes = cbor_key_bytes(a);
         let b_bytes = cbor_key_bytes(b);
diff --git a/crates/agentkeys-core/src/backend.rs b/crates/agentkeys-core/src/backend.rs
index 8196035..3381bfc 100644
--- a/crates/agentkeys-core/src/backend.rs
+++ b/crates/agentkeys-core/src/backend.rs
@@ -1,7 +1,7 @@
 use agentkeys_types::{
     AuditEvent, AuditFilter, AuthRequest, AuthRequestId, AuthRequestType, CanonicalBytes,
-    EncryptedPairPayload, OpenedAuthRequest, PairCode, PairPayload, PublicKey, RegistrationToken,
-    Scope, ServiceName, Session, SignedAuthDecision, WalletAddress,
+    EncryptedPairPayload, InboxAddress, OpenedAuthRequest, PairCode, PairPayload, PublicKey,
+    RegistrationToken, Scope, ServiceName, Session, SignedAuthDecision, WalletAddress,
 };
 use async_trait::async_trait;
 use thiserror::Error;
@@ -155,6 +155,18 @@ pub trait CredentialBackend: Send + Sync {
         target_wallet: &WalletAddress,
         new_scope: &Scope,
     ) -> Result<(), BackendError>;
+
+    async fn provision_inbox(
+        &self,
+        session: &Session,
+        agent_id: &WalletAddress,
+    ) -> Result<InboxAddress, BackendError>;
+
+    async fn list_inboxes(
+        &self,
+        session: &Session,
+        agent_id: &WalletAddress,
+    ) -> Result<Vec<InboxAddress>, BackendError>;
 }
 
 #[cfg(test)]
@@ -333,6 +345,22 @@ mod tests {
         ) -> Result<(), BackendError> {
             unimplemented!()
         }
+
+        async fn provision_inbox(
+            &self,
+            _session: &Session,
+            _agent_id: &WalletAddress,
+        ) -> Result<InboxAddress, BackendError> {
+            unimplemented!()
+        }
+
+        async fn list_inboxes(
+            &self,
+            _session: &Session,
+            _agent_id: &WalletAddress,
+        ) -> Result<Vec<InboxAddress>, BackendError> {
+            unimplemented!()
+        }
     }
 
     #[test]
diff --git a/crates/agentkeys-core/src/mock_client.rs b/crates/agentkeys-core/src/mock_client.rs
index 5f903b5..bb8d7aa 100644
--- a/crates/agentkeys-core/src/mock_client.rs
+++ b/crates/agentkeys-core/src/mock_client.rs
@@ -4,8 +4,8 @@ use serde_json::{json, Value};
 use crate::backend::{BackendError, CredentialBackend};
 use agentkeys_types::{
     AuditEvent, AuditFilter, AuthRequest, AuthRequestId, AuthRequestType, CanonicalBytes,
-    EncryptedPairPayload, OpenedAuthRequest, PairCode, PairPayload, PublicKey, RegistrationToken,
-    Scope, ServiceName, Session, SignedAuthDecision, WalletAddress,
+    EncryptedPairPayload, InboxAddress, OpenedAuthRequest, PairCode, PairPayload, PublicKey,
+    RegistrationToken, Scope, ServiceName, Session, SignedAuthDecision, WalletAddress,
 };
 
 pub struct MockHttpClient {
@@ -751,6 +751,60 @@ impl CredentialBackend for MockHttpClient {
         Ok(())
     }
 
+    async fn provision_inbox(
+        &self,
+        session: &Session,
+        agent_id: &WalletAddress,
+    ) -> Result<InboxAddress, BackendError> {
+        let resp = self
+            .client
+            .post(self.url("/mock/inbox/provision"))
+            .header("authorization", format!("Bearer {}", session.token))
+            .json(&serde_json::json!({ "agent_id": agent_id.0 }))
+            .send()
+            .await
+            .map_err(|e| BackendError::Transport(e.to_string()))?;
+
+        if !resp.status().is_success() {
+            return Err(Self::map_error(resp).await);
+        }
+
+        let body: Value = resp.json().await.map_err(|e| BackendError::Transport(e.to_string()))?;
+        let address = body["address"]
+            .as_str()
+            .ok_or_else(|| BackendError::Internal("missing address".into()))?
+            .to_string();
+        Ok(InboxAddress(address))
+    }
+
+    async fn list_inboxes(
+        &self,
+        session: &Session,
+        agent_id: &WalletAddress,
+    ) -> Result<Vec<InboxAddress>, BackendError> {
+        let resp = self
+            .client
+            .get(self.url("/mock/inbox/list"))
+            .query(&[("agent_id", &agent_id.0)])
+            .header("authorization", format!("Bearer {}", session.token))
+            .send()
+            .await
+            .map_err(|e| BackendError::Transport(e.to_string()))?;
+
+        if !resp.status().is_success() {
+            return Err(Self::map_error(resp).await);
+        }
+
+        let body: Value = resp.json().await.map_err(|e| BackendError::Transport(e.to_string()))?;
+        let addresses = body
+            .as_array()
+            .ok_or_else(|| BackendError::Internal("expected array".into()))?
+            .iter()
+            .filter_map(|v| v.as_str().map(|s| InboxAddress(s.to_string())))
+            .collect();
+        Ok(addresses)
+    }
+
     async fn recover_session(
         &self,
         identity: &agentkeys_types::AgentIdentity,
diff --git a/crates/agentkeys-mcp/src/lib.rs b/crates/agentkeys-mcp/src/lib.rs
index 53ba696..3b8143f 100644
--- a/crates/agentkeys-mcp/src/lib.rs
+++ b/crates/agentkeys-mcp/src/lib.rs
@@ -345,6 +345,8 @@ mod tests {
         async fn resolve_identity(&self, _: &Session, _: &str) -> Result<WalletAddress, BackendError> { unimplemented!() }
         async fn get_scope(&self, _: &Session, _: &WalletAddress) -> Result<Option<Scope>, BackendError> { unimplemented!() }
         async fn update_scope(&self, _: &Session, _: &WalletAddress, _: &Scope) -> Result<(), BackendError> { unimplemented!() }
+        async fn provision_inbox(&self, _: &Session, _: &WalletAddress) -> Result<agentkeys_types::InboxAddress, BackendError> { unimplemented!() }
+        async fn list_inboxes(&self, _: &Session, _: &WalletAddress) -> Result<Vec<agentkeys_types::InboxAddress>, BackendError> { unimplemented!() }
     }
 
     fn test_session() -> Session {
diff --git a/crates/agentkeys-mock-server/src/db.rs b/crates/agentkeys-mock-server/src/db.rs
index 2e4bd64..c34dc12 100644
--- a/crates/agentkeys-mock-server/src/db.rs
+++ b/crates/agentkeys-mock-server/src/db.rs
@@ -80,6 +80,23 @@ pub fn init_schema(conn: &Connection) -> Result<()> {
             created_at INTEGER NOT NULL,
             PRIMARY KEY (wallet_address, identity_type, identity_value)
         );
+
+        CREATE TABLE IF NOT EXISTS inboxes (
+            address TEXT PRIMARY KEY,
+            agent_wallet TEXT NOT NULL REFERENCES accounts(wallet_address),
+            created_at INTEGER NOT NULL
+        );
+
+        CREATE TABLE IF NOT EXISTS inbox_messages (
+            msg_id TEXT PRIMARY KEY,
+            address TEXT NOT NULL REFERENCES inboxes(address),
+            from_addr TEXT NOT NULL,
+            subject TEXT,
+            body TEXT,
+            received_at INTEGER NOT NULL
+        );
+
+        CREATE INDEX IF NOT EXISTS idx_inbox_msgs_addr_time ON inbox_messages(address, received_at DESC);
         ",
     )
 }
diff --git a/crates/agentkeys-mock-server/src/handlers/audit.rs b/crates/agentkeys-mock-server/src/handlers/audit.rs
index 1340f70..d13340e 100644
--- a/crates/agentkeys-mock-server/src/handlers/audit.rs
+++ b/crates/agentkeys-mock-server/src/handlers/audit.rs
@@ -3,7 +3,6 @@ use axum::{
     http::HeaderMap,
     Json,
 };
-use rusqlite::params;
 use serde::Deserialize;
 use serde_json::{json, Value};
 
diff --git a/crates/agentkeys-mock-server/src/handlers/auth_request.rs b/crates/agentkeys-mock-server/src/handlers/auth_request.rs
index 3f7766c..fe3fdf6 100644
--- a/crates/agentkeys-mock-server/src/handlers/auth_request.rs
+++ b/crates/agentkeys-mock-server/src/handlers/auth_request.rs
@@ -182,7 +182,7 @@ pub async fn open_auth_request(
 
     // Derive pair code uniquely: use nonce + request_details hash to avoid collisions
     let mut hasher = Sha256::new();
-    hasher.update(&nonce);
+    hasher.update(nonce);
     hasher.update(&request_details);
     let hash = hasher.finalize();
     let pair_code = hex::encode(&hash[..4]).to_uppercase();
@@ -193,7 +193,7 @@ pub async fn open_auth_request(
 
     // Compute nonce hash for the response
     let mut nonce_hasher = Sha256::new();
-    nonce_hasher.update(&nonce);
+    nonce_hasher.update(nonce);
     let nonce_hash = nonce_hasher.finalize().to_vec();
 
     let db = state.db.lock().unwrap();
@@ -400,7 +400,7 @@ pub async fn approve_auth_request(
     hasher.update(&request_details);
     hasher.update(&child_pubkey);
     hasher.update(session.token.as_bytes());
-    hasher.update(&created_at.to_be_bytes());
+    hasher.update(created_at.to_be_bytes());
     hasher.update(&nonce);
     let hash_bytes = hasher.finalize();
 
diff --git a/crates/agentkeys-mock-server/src/handlers/inbox.rs b/crates/agentkeys-mock-server/src/handlers/inbox.rs
new file mode 100644
index 0000000..98f0ce7
--- /dev/null
+++ b/crates/agentkeys-mock-server/src/handlers/inbox.rs
@@ -0,0 +1,385 @@
+use axum::{
+    extract::{Query, State},
+    http::HeaderMap,
+    Json,
+};
+use rusqlite::params;
+use serde::Deserialize;
+use serde_json::{json, Value};
+
+use crate::{
+    auth::{extract_bearer_token, is_owner_of, now_secs, validate_session},
+    error::{AppError, AppResult},
+    state::SharedState,
+};
+
+fn email_domain() -> String {
+    std::env::var("AGENTKEYS_EMAIL_DOMAIN").unwrap_or_else(|_| "agentkeys-email.io".to_string())
+}
+
+fn generate_inbox_address() -> String {
+    use rand::Rng;
+    let mut rng = rand::thread_rng();
+    let bytes: [u8; 3] = rng.gen();
+    format!("bot-{}@{}", hex::encode(bytes), email_domain())
+}
+
+fn generate_msg_id() -> String {
+    use rand::Rng;
+    let mut rng = rand::thread_rng();
+    let bytes: [u8; 16] = rng.gen();
+    let hex = hex::encode(bytes);
+    format!(
+        "{}-{}-{}-{}-{}",
+        &hex[0..8],
+        &hex[8..12],
+        &hex[12..16],
+        &hex[16..20],
+        &hex[20..32]
+    )
+}
+
+pub async fn provision_inbox(
+    State(state): State<SharedState>,
+    headers: HeaderMap,
+    Json(body): Json<Value>,
+) -> AppResult<Json<Value>> {
+    let token = headers
+        .get("authorization")
+        .and_then(|v| v.to_str().ok())
+        .and_then(extract_bearer_token)
+        .ok_or_else(|| AppError::unauthorized("missing Authorization header"))?;
+
+    let session = validate_session(&state, token)?;
+
+    let agent_id = body
+        .get("agent_id")
+        .and_then(|v| v.as_str())
+        .ok_or_else(|| AppError::bad_request("agent_id required"))?;
+
+    let db = state.db.lock().unwrap();
+
+    if !is_owner_of(&db, &session.wallet_address, agent_id) {
+        return Err(AppError::forbidden(format!(
+            "session does not own agent {}",
+            agent_id
+        )));
+    }
+
+    let address = generate_inbox_address();
+    let now = now_secs();
+
+    db.execute(
+        "INSERT INTO inboxes (address, agent_wallet, created_at) VALUES (?1, ?2, ?3)",
+        params![address, agent_id, now],
+    )
+    .map_err(|e| AppError::internal(e.to_string()))?;
+
+    Ok(Json(json!({ "address": address, "agent_wallet": agent_id })))
+}
+
+pub async fn deliver_inbox(
+    State(state): State<SharedState>,
+    Json(body): Json<Value>,
+) -> AppResult<Json<Value>> {
+    let address = body
+        .get("address")
+        .and_then(|v| v.as_str())
+        .ok_or_else(|| AppError::bad_request("address required"))?;
+    let from_addr = body
+        .get("from")
+        .and_then(|v| v.as_str())
+        .ok_or_else(|| AppError::bad_request("from required"))?;
+    let subject = body.get("subject").and_then(|v| v.as_str());
+    let message_body = body.get("body").and_then(|v| v.as_str());
+
+    let db = state.db.lock().unwrap();
+
+    let inbox_exists: bool = db
+        .query_row(
+            "SELECT 1 FROM inboxes WHERE address = ?1",
+            params![address],
+            |_| Ok(true),
+        )
+        .unwrap_or(false);
+
+    if !inbox_exists {
+        return Err(AppError::not_found(format!("inbox not found: {}", address)));
+    }
+
+    let msg_id = generate_msg_id();
+    let now = now_secs();
+
+    db.execute(
+        "INSERT INTO inbox_messages (msg_id, address, from_addr, subject, body, received_at)
+         VALUES (?1, ?2, ?3, ?4, ?5, ?6)",
+        params![msg_id, address, from_addr, subject, message_body, now],
+    )
+    .map_err(|e| AppError::internal(e.to_string()))?;
+
+    Ok(Json(json!({ "msg_id": msg_id })))
+}
+
+#[derive(Deserialize)]
+pub struct ListInboxesQuery {
+    pub agent_id: String,
+}
+
+pub async fn list_inboxes(
+    State(state): State<SharedState>,
+    headers: HeaderMap,
+    Query(query): Query<ListInboxesQuery>,
+) -> AppResult<Json<Value>> {
+    let token = headers
+        .get("authorization")
+        .and_then(|v| v.to_str().ok())
+        .and_then(extract_bearer_token)
+        .ok_or_else(|| AppError::unauthorized("missing Authorization header"))?;
+
+    let session = validate_session(&state, token)?;
+
+    let agent_id = &query.agent_id;
+    let db = state.db.lock().unwrap();
+
+    if !is_owner_of(&db, &session.wallet_address, agent_id) {
+        return Err(AppError::forbidden(format!(
+            "session does not own agent {}",
+            agent_id
+        )));
+    }
+
+    let mut stmt = db
+        .prepare("SELECT address FROM inboxes WHERE agent_wallet = ?1 ORDER BY created_at ASC")
+        .map_err(|e| AppError::internal(e.to_string()))?;
+
+    let addresses: Vec<Value> = stmt
+        .query_map(params![agent_id], |row| {
+            let addr: String = row.get(0)?;
+            Ok(Value::String(addr))
+        })
+        .map_err(|e| AppError::internal(e.to_string()))?
+        .filter_map(|r| r.ok())
+        .collect();
+
+    Ok(Json(Value::Array(addresses)))
+}
+
+#[derive(Deserialize)]
+pub struct ListMessagesQuery {
+    pub address: String,
+}
+
+pub async fn list_messages(
+    State(state): State<SharedState>,
+    headers: HeaderMap,
+    Query(query): Query<ListMessagesQuery>,
+) -> AppResult<Json<Value>> {
+    let token = headers
+        .get("authorization")
+        .and_then(|v| v.to_str().ok())
+        .and_then(extract_bearer_token)
+        .ok_or_else(|| AppError::unauthorized("missing Authorization header"))?;
+
+    let session = validate_session(&state, token)?;
+
+    let address = &query.address;
+    let db = state.db.lock().unwrap();
+
+    let agent_wallet: String = db
+        .query_row(
+            "SELECT agent_wallet FROM inboxes WHERE address = ?1",
+            params![address],
+            |row| row.get(0),
+        )
+        .map_err(|_| AppError::not_found(format!("inbox not found: {}", address)))?;
+
+    if !is_owner_of(&db, &session.wallet_address, &agent_wallet) {
+        return Err(AppError::forbidden(format!(
+            "session does not own inbox {}",
+            address
+        )));
+    }
+
+    let mut stmt = db
+        .prepare(
+            "SELECT msg_id, from_addr, subject, body, received_at
+             FROM inbox_messages
+             WHERE address = ?1
+             ORDER BY received_at DESC",
+        )
+        .map_err(|e| AppError::internal(e.to_string()))?;
+
+    let messages: Vec<Value> = stmt
+        .query_map(params![address], |row| {
+            Ok(json!({
+                "msg_id": row.get::<_, String>(0)?,
+                "from": row.get::<_, String>(1)?,
+                "subject": row.get::<_, Option<String>>(2)?,
+                "body": row.get::<_, Option<String>>(3)?,
+                "received_at": row.get::<_, u64>(4)?,
+            }))
+        })
+        .map_err(|e| AppError::internal(e.to_string()))?
+        .filter_map(|r| r.ok())
+        .collect();
+
+    Ok(Json(json!(messages)))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::{create_router, db, state::AppState};
+    use axum::Router;
+    use axum::body::Body;
+    use axum::http::{Method, Request, StatusCode};
+    use http_body_util::BodyExt;
+    use serde_json::{json, Value};
+    use std::sync::Arc;
+    use tower::ServiceExt;
+
+    fn setup() -> Router {
+        let conn = rusqlite::Connection::open_in_memory().unwrap();
+        db::init_schema(&conn).unwrap();
+        let state = Arc::new(AppState::new(conn));
+        create_router(state)
+    }
+
+    async fn body_json(body: axum::body::Body) -> Value {
+        let bytes = body.collect().await.unwrap().to_bytes();
+        serde_json::from_slice(&bytes).unwrap_or(Value::Null)
+    }
+
+    async fn post_json(app: Router, path: &str, body: Value) -> (StatusCode, Value) {
+        let req = Request::builder()
+            .method(Method::POST)
+            .uri(path)
+            .header("content-type", "application/json")
+            .body(Body::from(serde_json::to_string(&body).unwrap()))
+            .unwrap();
+        let resp = app.oneshot(req).await.unwrap();
+        let status = resp.status();
+        let json = body_json(resp.into_body()).await;
+        (status, json)
+    }
+
+    async fn post_json_auth(
+        app: Router,
+        path: &str,
+        token: &str,
+        body: Value,
+    ) -> (StatusCode, Value) {
+        let req = Request::builder()
+            .method(Method::POST)
+            .uri(path)
+            .header("content-type", "application/json")
+            .header("authorization", format!("Bearer {token}"))
+            .body(Body::from(serde_json::to_string(&body).unwrap()))
+            .unwrap();
+        let resp = app.oneshot(req).await.unwrap();
+        let status = resp.status();
+        let json = body_json(resp.into_body()).await;
+        (status, json)
+    }
+
+    async fn get_json_auth(app: Router, path: &str, token: &str) -> (StatusCode, Value) {
+        let req = Request::builder()
+            .method(Method::GET)
+            .uri(path)
+            .header("authorization", format!("Bearer {token}"))
+            .body(Body::empty())
+            .unwrap();
+        let resp = app.oneshot(req).await.unwrap();
+        let status = resp.status();
+        let json = body_json(resp.into_body()).await;
+        (status, json)
+    }
+
+    async fn create_session(app: Router) -> (String, String, Router) {
+        let (status, json) = post_json(
+            app.clone(),
+            "/session/create",
+            json!({ "auth_token": format!("tok-{}", rand::random::<u64>()) }),
+        )
+        .await;
+        assert_eq!(status, StatusCode::OK, "create session failed: {json}");
+        let session = json["session"].as_str().unwrap().to_string();
+        let wallet = json["wallet"].as_str().unwrap().to_string();
+        (session, wallet, app)
+    }
+
+    async fn provision(app: Router, token: &str, agent_wallet: &str) -> (StatusCode, Value) {
+        post_json_auth(
+            app,
+            "/mock/inbox/provision",
+            token,
+            json!({ "agent_id": agent_wallet }),
+        )
+        .await
+    }
+
+    #[tokio::test]
+    async fn provision_returns_unique_address() {
+        let app = setup();
+        let (token, wallet, app) = create_session(app).await;
+
+        let mut addresses = std::collections::HashSet::new();
+        for _ in 0..10 {
+            let (status, json) = provision(app.clone(), &token, &wallet).await;
+            assert_eq!(status, StatusCode::OK, "provision failed: {json}");
+            let addr = json["address"].as_str().unwrap().to_string();
+            addresses.insert(addr);
+        }
+        assert_eq!(addresses.len(), 10, "expected 10 distinct addresses");
+    }
+
+    #[tokio::test]
+    async fn deliver_and_fetch_roundtrip() {
+        let app = setup();
+        let (token, wallet, app) = create_session(app).await;
+
+        let (status, json) = provision(app.clone(), &token, &wallet).await;
+        assert_eq!(status, StatusCode::OK, "provision failed: {json}");
+        let address = json["address"].as_str().unwrap().to_string();
+
+        let (status, json) = post_json(
+            app.clone(),
+            "/mock/inbox/deliver",
+            json!({
+                "address": address,
+                "from": "sender@example.com",
+                "subject": "Hello",
+                "body": "World",
+            }),
+        )
+        .await;
+        assert_eq!(status, StatusCode::OK, "deliver failed: {json}");
+        let msg_id = json["msg_id"].as_str().unwrap().to_string();
+
+        let path = format!("/mock/inbox/messages?address={}", address);
+        let (status, json) = get_json_auth(app.clone(), &path, &token).await;
+        assert_eq!(status, StatusCode::OK, "list failed: {json}");
+        let messages = json.as_array().unwrap();
+        assert_eq!(messages.len(), 1);
+        assert_eq!(messages[0]["msg_id"].as_str().unwrap(), msg_id);
+        assert_eq!(messages[0]["from"].as_str().unwrap(), "sender@example.com");
+        assert_eq!(messages[0]["subject"].as_str().unwrap(), "Hello");
+        assert_eq!(messages[0]["body"].as_str().unwrap(), "World");
+    }
+
+    #[tokio::test]
+    async fn cross_session_list_denied() {
+        let app = setup();
+
+        let (token_a, wallet_a, app) = create_session(app).await;
+        let (token_b, _wallet_b, app) = create_session(app).await;
+
+        let (status, json) = provision(app.clone(), &token_a, &wallet_a).await;
+        assert_eq!(status, StatusCode::OK, "provision failed: {json}");
+        let address = json["address"].as_str().unwrap().to_string();
+
+        let path = format!("/mock/inbox/messages?address={}", address);
+        let (status, _) = get_json_auth(app.clone(), &path, &token_b).await;
+        assert_eq!(status, StatusCode::FORBIDDEN, "expected 403 for session B");
+    }
+}
diff --git a/crates/agentkeys-mock-server/src/handlers/mod.rs b/crates/agentkeys-mock-server/src/handlers/mod.rs
index 50193bf..92055f8 100644
--- a/crates/agentkeys-mock-server/src/handlers/mod.rs
+++ b/crates/agentkeys-mock-server/src/handlers/mod.rs
@@ -2,5 +2,6 @@ pub mod audit;
 pub mod auth_request;
 pub mod credential;
 pub mod identity;
+pub mod inbox;
 pub mod rendezvous;
 pub mod session;
diff --git a/crates/agentkeys-mock-server/src/handlers/session.rs b/crates/agentkeys-mock-server/src/handlers/session.rs
index d541ae6..fb81042 100644
--- a/crates/agentkeys-mock-server/src/handlers/session.rs
+++ b/crates/agentkeys-mock-server/src/handlers/session.rs
@@ -8,11 +8,11 @@ use serde::{Deserialize, Serialize};
 use serde_json::{json, Value};
 
 use crate::{
-    auth::{derive_pair_code_from_nonce, extract_bearer_token, generate_nonce, generate_token, generate_wallet_address, is_owner_of, now_secs, validate_session},
+    auth::{extract_bearer_token, generate_token, generate_wallet_address, is_owner_of, now_secs, validate_session},
     error::{AppError, AppResult},
     state::SharedState,
 };
-use agentkeys_types::{AuthToken, Scope};
+use agentkeys_types::Scope;
 use ed25519_dalek::SigningKey;
 
 /// Session token TTL in seconds — 30 days.
diff --git a/crates/agentkeys-mock-server/src/lib.rs b/crates/agentkeys-mock-server/src/lib.rs
index 6d0a2e2..dbeca30 100644
--- a/crates/agentkeys-mock-server/src/lib.rs
+++ b/crates/agentkeys-mock-server/src/lib.rs
@@ -9,7 +9,6 @@ use axum::{
     Router,
     routing::{delete, get, post, put},
 };
-use std::sync::Arc;
 
 use state::SharedState;
 
@@ -44,6 +43,11 @@ pub fn create_router(state: SharedState) -> Router {
         // Identity
         .route("/identity/link", post(handlers::identity::link_identity))
         .route("/identity/resolve", get(handlers::identity::resolve_identity))
+        // Inbox
+        .route("/mock/inbox/provision", post(handlers::inbox::provision_inbox))
+        .route("/mock/inbox/deliver", post(handlers::inbox::deliver_inbox))
+        .route("/mock/inbox/messages", get(handlers::inbox::list_messages))
+        .route("/mock/inbox/list", get(handlers::inbox::list_inboxes))
         // Health
         .route("/health", get(|| async { "ok" }))
         .with_state(state)
diff --git a/crates/agentkeys-mock-server/src/test_client.rs b/crates/agentkeys-mock-server/src/test_client.rs
index b504828..d1a47ef 100644
--- a/crates/agentkeys-mock-server/src/test_client.rs
+++ b/crates/agentkeys-mock-server/src/test_client.rs
@@ -11,8 +11,8 @@ use tower::ServiceExt;
 use agentkeys_core::backend::{BackendError, CredentialBackend};
 use agentkeys_types::{
     AuditEvent, AuditFilter, AuthRequest, AuthRequestId, AuthRequestType, CanonicalBytes,
-    EncryptedPairPayload, OpenedAuthRequest, PairCode, PairPayload, PublicKey, RegistrationToken,
-    Scope, ServiceName, Session, SignedAuthDecision, WalletAddress,
+    EncryptedPairPayload, InboxAddress, OpenedAuthRequest, PairCode, PairPayload, PublicKey,
+    RegistrationToken, Scope, ServiceName, Session, SignedAuthDecision, WalletAddress,
 };
 
 use crate::{create_router, db, state::{AppState, SharedState}};
@@ -818,4 +818,79 @@ impl CredentialBackend for InProcessBackend {
         };
         Ok((session, wallet))
     }
+
+    async fn provision_inbox(
+        &self,
+        session: &Session,
+        agent_id: &WalletAddress,
+    ) -> Result<InboxAddress, BackendError> {
+        let body = self
+            .post_with_session(
+                "/mock/inbox/provision",
+                session,
+                json!({ "agent_id": agent_id.0 }),
+            )
+            .await?;
+        let address = body["address"]
+            .as_str()
+            .ok_or_else(|| BackendError::Transport("missing address".into()))?
+            .to_string();
+        Ok(InboxAddress(address))
+    }
+
+    async fn list_inboxes(
+        &self,
+        session: &Session,
+        agent_id: &WalletAddress,
+    ) -> Result<Vec<InboxAddress>, BackendError> {
+        let path = format!("/mock/inbox/list?agent_id={}", pct_encode(&agent_id.0));
+        let body = self.get_with_session(&path, session).await?;
+        let addresses = body
+            .as_array()
+            .ok_or_else(|| BackendError::Transport("expected array".into()))?
+            .iter()
+            .filter_map(|v| v.as_str().map(|s| InboxAddress(s.to_string())))
+            .collect();
+        Ok(addresses)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use agentkeys_core::backend::CredentialBackend;
+    use agentkeys_types::AuthToken;
+
+    async fn create_session_for_tests() -> (InProcessBackend, Session, WalletAddress) {
+        let backend = InProcessBackend::new();
+        let (session, wallet) = backend
+            .create_session(AuthToken::Mock("test-token".to_string()))
+            .await
+            .unwrap();
+        (backend, session, wallet)
+    }
+
+    #[tokio::test]
+    async fn provision_inbox_returns_bot_address() {
+        let (backend, session, wallet) = create_session_for_tests().await;
+        let address = backend.provision_inbox(&session, &wallet).await.unwrap();
+        assert!(
+            address.0.starts_with("bot-") && address.0.contains('@'),
+            "expected bot-*@domain address, got: {}",
+            address.0
+        );
+    }
+
+    #[tokio::test]
+    async fn list_inboxes_returns_provisioned_addresses() {
+        let (backend, session, wallet) = create_session_for_tests().await;
+
+        let addr1 = backend.provision_inbox(&session, &wallet).await.unwrap();
+        let addr2 = backend.provision_inbox(&session, &wallet).await.unwrap();
+
+        let inboxes = backend.list_inboxes(&session, &wallet).await.unwrap();
+        assert_eq!(inboxes.len(), 2, "expected 2 inboxes");
+        assert!(inboxes.contains(&addr1));
+        assert!(inboxes.contains(&addr2));
+    }
 }
diff --git a/crates/agentkeys-provisioner/src/orchestrator.rs b/crates/agentkeys-provisioner/src/orchestrator.rs
index 972c024..a4e4c26 100644
--- a/crates/agentkeys-provisioner/src/orchestrator.rs
+++ b/crates/agentkeys-provisioner/src/orchestrator.rs
@@ -1,14 +1,14 @@
 use std::collections::HashMap;
-use std::path::Path;
+use std::path::{Path, PathBuf};
 use std::sync::{Arc, Mutex};
-use std::time::Instant;
+use std::time::{Instant, SystemTime, UNIX_EPOCH};
 
 use agentkeys_core::backend::CredentialBackend;
 use agentkeys_types::{ProvisionEvent, ServiceName, Session, TripwireKind, WalletAddress};
 
 use crate::error::{ProvisionError, ProvisionResult};
 use crate::metrics::{self, ProvisionMetric, VerificationResultLabel};
-use crate::subprocess::{spawn_and_collect, SubprocessConfig};
+use crate::subprocess::{spawn_and_collect, SubprocessConfig, SubprocessOutcome};
 
 #[derive(Debug, Clone)]
 pub struct ActiveProvision {
@@ -86,6 +86,37 @@ impl Drop for ProvisionGuard {
     }
 }
 
+/// Best-effort dump of subprocess output to `~/.agentkeys/logs/provision-<service>-<ts>.log`.
+/// Returns the file path if the write succeeded. Never errors — failure to write the log
+/// must not mask the underlying provision failure.
+fn write_provision_log(service: &str, outcome: &SubprocessOutcome) -> Option<PathBuf> {
+    let home = std::env::var("HOME").ok().map(PathBuf::from)?;
+    let dir = home.join(".agentkeys").join("logs");
+    std::fs::create_dir_all(&dir).ok()?;
+    let ts = SystemTime::now().duration_since(UNIX_EPOCH).ok()?.as_secs();
+    let safe_service: String = service
+        .chars()
+        .map(|c| if c.is_ascii_alphanumeric() || c == '-' || c == '_' { c } else { '_' })
+        .collect();
+    let path = dir.join(format!("provision-{}-{}.log", safe_service, ts));
+
+    let mut body = String::new();
+    body.push_str(&format!(
+        "service: {}\nexit_code: {:?}\nevents_emitted: {}\n\n=== subprocess stdout events ===\n",
+        service,
+        outcome.exit_code,
+        outcome.events.len()
+    ));
+    for ev in &outcome.events {
+        body.push_str(&format!("{:?}\n", ev));
+    }
+    body.push_str("\n=== subprocess stderr ===\n");
+    body.push_str(&outcome.stderr);
+
+    std::fs::write(&path, body).ok()?;
+    Some(path)
+}
+
 /// Returns first 8 chars + `****...` + last 4. For keys shorter than 12 chars returns `****`.
 pub fn mask_key(key: &str) -> String {
     if key.len() < 12 {
@@ -190,7 +221,26 @@ pub async fn run_provision(
     }
 
     let raw_key = api_key.ok_or_else(|| {
-        ProvisionError::Internal("subprocess ended without terminal event".to_string())
+        let stderr_tail: String = outcome
+            .stderr
+            .lines()
+            .rev()
+            .take(20)
+            .collect::<Vec<_>>()
+            .into_iter()
+            .rev()
+            .collect::<Vec<_>>()
+            .join("\n");
+        let log_hint = match write_provision_log(service, &outcome) {
+            Some(path) => format!("full log: {}", path.display()),
+            None => "full log: (unable to write ~/.agentkeys/logs — check HOME + permissions)".to_string(),
+        };
+        ProvisionError::Internal(format!(
+            "subprocess ended without terminal event (exit {:?}). {}. stderr tail:\n{}",
+            outcome.exit_code,
+            log_hint,
+            if stderr_tail.is_empty() { "(empty)" } else { stderr_tail.as_str() }
+        ))
     })?;
 
     let masked = mask_key(&raw_key);
@@ -338,6 +388,8 @@ mod orchestrate {
         async fn resolve_identity(&self, _: &Session, _: &str) -> Result<WalletAddress, BackendError> { unimplemented!() }
         async fn get_scope(&self, _: &Session, _: &WalletAddress) -> Result<Option<Scope>, BackendError> { unimplemented!() }
         async fn update_scope(&self, _: &Session, _: &WalletAddress, _: &Scope) -> Result<(), BackendError> { unimplemented!() }
+        async fn provision_inbox(&self, _: &Session, _: &WalletAddress) -> Result<agentkeys_types::InboxAddress, BackendError> { unimplemented!() }
+        async fn list_inboxes(&self, _: &Session, _: &WalletAddress) -> Result<Vec<agentkeys_types::InboxAddress>, BackendError> { unimplemented!() }
     }
 
     #[tokio::test]
diff --git a/crates/agentkeys-types/src/lib.rs b/crates/agentkeys-types/src/lib.rs
index 476d67a..fb32789 100644
--- a/crates/agentkeys-types/src/lib.rs
+++ b/crates/agentkeys-types/src/lib.rs
@@ -1,3 +1,5 @@
+use std::fmt;
+
 use serde::{Deserialize, Serialize};
 
 pub mod provision;
@@ -7,6 +9,15 @@ pub use provision::{ProvisionErrorCode, ProvisionEvent, TripwireKind};
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Hash)]
 pub struct WalletAddress(pub String);
 
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Hash)]
+pub struct InboxAddress(pub String);
+
+impl fmt::Display for InboxAddress {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{}", self.0)
+    }
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
 pub struct Session {
     pub token: String,
diff --git a/docs/manual-test-stage5.md b/docs/manual-test-stage5.md
index 47d8aca..3b8206c 100644
--- a/docs/manual-test-stage5.md
+++ b/docs/manual-test-stage5.md
@@ -30,70 +30,143 @@ For the demo-only purpose of Stage 5, the goal is the **shortest path to a runni
 
 > **This is a temporary demo solution.** For production (v0.1), the agent mailbox moves to SES-hosted `*@agentkeys-email.io` under the three-layer `TokenAuthority` abstraction. See the [email-system wiki page](../wiki/email-system.md) for the full architecture and why we're running demo-and-production on different backends deliberately.
 
-#### 🚀 Demo path: dedicated personal Gmail + TOTP + app password
+#### 🚀 Demo path: your existing Gmail + plus-addressing + app password
 
-Why dedicated (not your personal inbox with plus-addressing): the agent gets a clean inbox it fully controls, no personal mail pollution, cleanup is a single account-delete.
+Why plus-addressing as the primary demo path:
 
-**1. Create a fresh Gmail account for the bot.**
+- **Unique email per run.** OpenRouter's sign-up/sign-in page is a single URL — if you submit an email that already has an account, you land on a returning-user screen the scraper was not designed to traverse, and the provision fails with a `no terminal event`-style error. `you+or-<timestamp>@gmail.com` is a fresh address to OpenRouter on every run, so every run hits the pristine signup path.
+- **Zero account creation.** Uses your existing Gmail — no new Google account, no new phone verification.
+- **Single inbox to clean up.** The OpenRouter confirmation mail lands in your real inbox; delete one thread after the demo and you're done.
+- **Scales to repeat testing.** Rotate the local-part (`+or-1`, `+or-2`, …) or include a timestamp and you have DWD-equivalent disposable emails without building DWD.
 
-Sign up at [accounts.google.com](https://accounts.google.com) with a name like `wildmeta-stage5-demo@gmail.com`. Google will ask for a recovery phone — use your personal phone; you only need it once for step 2.
+**1. Generate a Gmail app password for IMAP.**
 
-**2. Enable 2-Step Verification and enroll TOTP as the second factor.**
+- Requires 2FA enabled on your Google account. If not already enabled: [myaccount.google.com](https://myaccount.google.com) → Security → turn on 2-Step Verification (TOTP or SMS is fine; enrollment is a one-time cost).
+- Visit [myaccount.google.com/apppasswords](https://myaccount.google.com/apppasswords). Create one named `agentkeys-stage5`. Google gives you a 16-character password.
+- Copy immediately — it's shown once. Revoke anytime from the same page.
 
-Gmail IMAP access chain: `app password` requires `2FA enabled` requires `second factor enrolled`. Using an authenticator app as that second factor makes the account non-interactive after this one-time enrollment.
+**2. Export the env vars.**
 
-- Open [myaccount.google.com](https://myaccount.google.com) → **Security**
-- **Turn on 2-Step Verification.** Google sends an SMS to your recovery phone to start enrollment.
-- Under 2-Step Verification settings, add **Authenticator app** as a second step. Google shows a QR code and a secret.
-- Scan into Google Authenticator / Authy / 1Password / Bitwarden / whatever TOTP client you already use. You now own the second factor.
-- (Optional) once TOTP is active, you can drop SMS as a 2FA method — Google keeps the phone for account recovery but stops using it as a live second factor.
+The scraper splits **IMAP login** from **signup email**. Set both:
 
-**3. Generate an app password for IMAP.**
+```bash
+export AGENTKEYS_EMAIL_BACKEND=gmail
 
-- Visit [myaccount.google.com/apppasswords](https://myaccount.google.com/apppasswords).
-- Create one named "agentkeys-stage5". Google gives you a 16-character password.
-- Copy it immediately — it's shown once. Revoke anytime from the same page.
+# IMAP login — must be the canonical Gmail address.
+export AGENTKEYS_EMAIL_USER="you@gmail.com"
+export AGENTKEYS_EMAIL_PASSWORD="xxxx xxxx xxxx xxxx"   # 16-char app password
 
-**4. Export the four env vars.**
+# What we type into OpenRouter's signup form.
+# Plus-addressed alias so OpenRouter sees a brand-new email per run;
+# mail is still delivered to you@gmail.com.
+export AGENTKEYS_SIGNUP_EMAIL="you+or-$(date +%s)@gmail.com"
 
-```bash
-export AGENTKEYS_EMAIL_BACKEND=gmail
-export AGENTKEYS_EMAIL_USER="wildmeta-stage5-demo@gmail.com"   # the bot account from step 1
-export AGENTKEYS_EMAIL_PASSWORD="xxxx xxxx xxxx xxxx"          # 16-char app password from step 3
 export AGENTKEYS_EMAIL_HOST="imap.gmail.com"
 export AGENTKEYS_EMAIL_PORT="993"
 ```
 
+> **Why two email vars.** `AGENTKEYS_EMAIL_USER` is the IMAP login — Gmail IMAP only accepts your canonical address (plus-addressing aliases are rejected at login). `AGENTKEYS_SIGNUP_EMAIL` is what we fill into the service's sign-up form — plus-addressing works there because SMTP delivery honors the `+alias` suffix. If `AGENTKEYS_SIGNUP_EMAIL` is unset, the scraper falls back to `AGENTKEYS_EMAIL_USER` — which is fine for a dedicated bot account (see alternative below) but guarantees a "account already exists" collision if you reuse a canonical address across runs.
+
 Once the app password is set, the demo sees **zero 2FA prompts**. App passwords bypass 2FA by design — they're Google's non-interactive credential, scoped to IMAP only, revocable anytime.
 
-**5. Daemon running and paired** — see the Stage 4 manual test guide.
+**3. Build binaries + install provisioner-script deps (one-time).**
+
+```bash
+cd ~/Projects/agentkeys
+cargo build --workspace --release
+npm install --prefix provisioner-scripts
+npx playwright install chromium --with-deps
+```
 
 <details>
-<summary>Alternative: Google Workspace DWD (for operators with an existing Workspace subscription)</summary>
+<summary>Alternative: dedicated throwaway Gmail (cleanest but more setup)</summary>
 
-See [`docs/stage5-workspace-email-setup.md`](stage5-workspace-email-setup.md). That path mints a throwaway `stage5test-<timestamp>@wildmeta.ai` per run, reads its inbox via the Gmail API (no app password, no interactive OAuth), and deletes the user at the end. One-time ~20-minute admin setup + currently 3-5 days of code work to replace the `imapflow` fetcher with a Gmail-API fetcher that uses DWD impersonation. Longer upfront cost than the dedicated-Gmail demo path, but the right choice for enterprise deployments that already run Workspace.
+Create a fresh bot Gmail (`wildmeta-stage5-demo@gmail.com`), enable 2FA + TOTP, generate an app password. Set `AGENTKEYS_EMAIL_USER` to the bot address; leave `AGENTKEYS_SIGNUP_EMAIL` unset. One-time ~10 minutes setup; gives you a fully controlled inbox with no personal-mail pollution. Re-runs need `--force` or account-delete between attempts because the bot address itself will collide.
 
 </details>
 
 <details>
-<summary>Alternative: plus-addressed personal Gmail (shared-inbox quick demo)</summary>
+<summary>Alternative: Google Workspace DWD (for operators with an existing Workspace subscription)</summary>
 
-If you don't want to create a dedicated account and are OK with one-off OpenRouter mail landing in your real inbox, plus-addressing on your existing Gmail works for a single demo run.
+See [`docs/stage5-workspace-email-setup.md`](stage5-workspace-email-setup.md). That path mints a throwaway `stage5test-<timestamp>@wildmeta.ai` per run, reads its inbox via the Gmail API (no app password, no interactive OAuth), and deletes the user at the end. One-time ~20-minute admin setup + currently 3-5 days of code work to replace the `imapflow` fetcher with a Gmail-API fetcher that uses DWD impersonation. Right choice for enterprise deployments that already run Workspace; overkill for the demo.
 
-1. **Your existing personal Gmail account** — plus-addressing is a Gmail-native feature: mail sent to `you+anything@gmail.com` is delivered to `you@gmail.com` without any configuration. A single inbox supports unlimited test aliases (`you+stage5test-20260418@gmail.com`).
-2. **Gmail app password** (not your regular password) — generate at https://myaccount.google.com/apppasswords. Scoped to IMAP access only; revoke after the demo.
-3. **Environment:**
-   ```bash
-   export AGENTKEYS_EMAIL_BACKEND=gmail
-   export AGENTKEYS_EMAIL_USER="you@gmail.com"      # your real Gmail; Stage 5a appends +alias at signup
-   export AGENTKEYS_EMAIL_PASSWORD="<app password>" # NOT your normal Google password
-   export AGENTKEYS_EMAIL_HOST="imap.gmail.com"
-   export AGENTKEYS_EMAIL_PORT="993"
-   ```
+</details>
 
-Downside: the agent doesn't fully control the inbox (shared with the human), and the OpenRouter confirmation email lingers in your personal mail until you delete it.
+### Run it
 
-</details>
+Two terminals. Everything runs from the repo root (`~/Projects/agentkeys`).
+
+**Terminal 1 — mock backend.** Stage 5a stores the provisioned key via the mock server (real Heima + TEE ships in v0.1). Leave this running.
+
+```bash
+cd ~/Projects/agentkeys
+cargo run --release -p agentkeys-mock-server -- --port 8090
+# Expected: "Mock server running on port 8090"
+```
+
+**Terminal 2 — provision.** Carry the Gmail env vars from step 2 into this shell (or re-`export` them here). Note: if you are using plus-addressing, **re-evaluate `AGENTKEYS_SIGNUP_EMAIL` for every run** so the timestamp is fresh and OpenRouter sees a new email — otherwise your second run will collide with the first run's account.
+
+```bash
+cd ~/Projects/agentkeys
+BIN=$(pwd)/target/release/agentkeys
+BACKEND=http://127.0.0.1:8090
+
+# 1. Initialize the master session (one-time per shell / mock restart).
+$BIN --backend $BACKEND init --mock-token stage5-demo
+# Expected: wallet printed; ~/.agentkeys/master/session.json created.
+
+# 2. Sanity-check the email env vars landed in this shell.
+env | grep -E 'AGENTKEYS_(EMAIL|SIGNUP)_'
+# Expected: AGENTKEYS_EMAIL_{BACKEND,USER,PASSWORD,HOST,PORT} and AGENTKEYS_SIGNUP_EMAIL.
+# If AGENTKEYS_SIGNUP_EMAIL is missing, the scraper falls back to AGENTKEYS_EMAIL_USER,
+# which will hit "account already exists" on the second run against OpenRouter.
+
+# 3. Re-seed a fresh signup alias for this run (plus-addressing path only).
+export AGENTKEYS_SIGNUP_EMAIL="you+or-$(date +%s)@gmail.com"
+
+# 4. Run the live OpenRouter provision.
+$BIN --backend $BACKEND provision openrouter
+# Expect ~30-90 s: browser opens headless, account created,
+# email verified, API key extracted + verified, stored in the mock backend.
+```
+
+**What this does under the hood:**
+
+- `init` authenticates the master CLI to the mock backend and caches the session token (OS keychain on macOS/Linux with keychain, file fallback otherwise).
+- `provision openrouter` runs `npx tsx provisioner-scripts/src/scrapers/openrouter.ts` against a real Chromium session, uses the Gmail IMAP creds from your exported env to read the confirmation email, extracts + verifies the key against `https://openrouter.ai/api/v1/models`, and stores it into the mock backend under the master session's wallet.
+- No daemon, no pairing — Stage 5a provision runs entirely as the master CLI. Daemon + pairing are Stage 4's flow for agent-side credential access, not needed for the live provision demo.
+
+**After it succeeds:**
+
+```bash
+# Read the full stored key back.
+$BIN --backend $BACKEND read openrouter
+# Expected: sk-or-v1-...
+
+# Verify it works against OpenRouter.
+curl -s -H "Authorization: Bearer $($BIN --backend $BACKEND read openrouter)" \
+  https://openrouter.ai/api/v1/models | head -c 200
+# Expected: HTTP 200 + a JSON body starting with {"data":[...
+```
+
+**Artifacts you can inspect:**
+
+- `~/.agentkeys/master/session.json` — the master session (wallet + bearer token).
+- `~/.agentkeys/logs/provision-openrouter-<unix_ts>.log` — **written automatically when a provision fails with "no terminal event."** Contains the exit code, every event the subprocess emitted, and the full captured stderr. `ls -lt ~/.agentkeys/logs/ | head` to find the most recent.
+- Stderr of `provision openrouter` — the single-shot step lines shown under "Expected behavior" below.
+
+**Debugging a failure:**
+
+1. Check the error message on stderr — if it ends with `full log: /path/to/provision-openrouter-<ts>.log`, that file has the full signal.
+2. `cat` the log file. The `=== subprocess stderr ===` section usually shows the real cause (Playwright browser-launch error, IMAP connection refused, an unhandled rejection from the pattern, etc.).
+3. For interactive debugging, run the TS scraper directly against a visible browser:
+   ```bash
+   # Temporarily flip headless:false at provisioner-scripts/src/scrapers/openrouter.ts:~116,
+   # then:
+   cd ~/Projects/agentkeys
+   npx tsx provisioner-scripts/src/scrapers/openrouter.ts
+   ```
+   You'll see the page in real time — instant diagnosis for selector drift, returning-user UI paths, or CAPTCHA challenges.
 
 ### Expected behavior
 
@@ -116,6 +189,8 @@ Downside: the agent doesn't fully control the inbox (shared with the human), and
 
 ### Failure modes to watch for
 
+- **"subprocess ended without terminal event"** — the scraper crashed before emitting any event (Playwright browser-launch failed, IMAP connection refused, unhandled rejection, etc.). The error message now ends with `full log: ~/.agentkeys/logs/provision-openrouter-<ts>.log` — open that file; the `=== subprocess stderr ===` section has the real cause. If stderr is empty, re-run the TS scraper directly with `npx tsx provisioner-scripts/src/scrapers/openrouter.ts` and watch the node-side output.
+- **"account already exists" (returning-user path)** — OpenRouter's `/auth` is signup+signin on one URL. If `AGENTKEYS_SIGNUP_EMAIL` is an address that already has an OpenRouter account, the site lands on a returning-user UI the scraper can't traverse, and you'll get a `selector_timeout` tripwire or (if the path is weirder) a "no terminal event." Re-evaluate `AGENTKEYS_SIGNUP_EMAIL` with a fresh timestamp (`you+or-$(date +%s)@gmail.com`) and retry.
 - **CAPTCHA / Cloudflare challenge** — the Tier 2 script does not solve CAPTCHAs. Expect a Tripwire event with `kind: selector_timeout`. This is the signal that Stage 5b's agentic fallback is needed. Until 5b ships, abort and retry from a different IP.
 - **Email didn't arrive within 60 s** — check spam, check plus-addressing forwarding. Tripwire `email_timeout` means the IMAP fetch exhausted its polling window.
 - **Key verification fails with `phantom`** — the scraper extracted something key-shaped that isn't a real API key. OpenRouter may have changed its DOM; inspect the page at the success-step selector and file an issue with the HAR dump.
@@ -206,20 +281,107 @@ These are slop markers. Apply the suggested `cargo clippy --fix` or hand-replace
 
 ---
 
-## 4. What to do when Stage 5b lands
+## 4. Stage 5b — CDP-connected real-Chrome scraper (partial: proven working, blocked on email duplicate)
+
+### What's landed
+
+- **[provisioner-scripts/src/scrapers/openrouter-cdp.ts](../provisioner-scripts/src/scrapers/openrouter-cdp.ts)** — connects to a user-launched real Chrome via `chromium.connectOverCDP()`, drives the OpenRouter Clerk-hosted signup form, polls Gmail IMAP for the OTP code, mints a new key on `/keys`, prints the `sk-or-v1-*` value on stdout.
+- **Why CDP, not Playwright-launched Chromium:** Playwright's bundled Chromium ships with `--enable-automation` baked in. Cloudflare Turnstile detects this at runtime (error **600010** — "browser execution environment suspicious") and refuses to issue a token even when a human clicks the checkbox. Connecting to a user-launched *real* Chrome bypasses this because the browser process has no automation flags. Verified 2026-04-20: Turnstile passes invisibly in real Chrome, Clerk backend returns normal responses.
+
+### How to run (when you have a fresh-to-OpenRouter email)
+
+1. **Launch real Chrome with CDP enabled** (fresh profile, separate from your daily browsing):
+   ```bash
+   /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
+     --remote-debugging-port=9222 \
+     --user-data-dir=/tmp/agentkeys-chrome-profile &
+   ```
+   A blank Chrome window opens. Don't navigate it manually — the scraper drives it.
+
+2. **Export env** (Gmail IMAP creds + a signup email OpenRouter hasn't seen):
+   ```bash
+   export AGENTKEYS_EMAIL_BACKEND=gmail
+   export AGENTKEYS_EMAIL_USER="you@gmail.com"                   # canonical IMAP login
+   export AGENTKEYS_EMAIL_PASSWORD="<gmail app password>"
+   export AGENTKEYS_EMAIL_HOST="imap.gmail.com"
+   export AGENTKEYS_EMAIL_PORT="993"
+   export AGENTKEYS_SIGNUP_EMAIL="<NEW-address-OpenRouter-hasnt-seen>"
+   export AGENTKEYS_SIGNUP_PASSWORD="<strong-random>"
+   ```
+
+3. **Run the scraper:**
+   ```bash
+   cd ~/Projects/agentkeys
+   node --import tsx/esm provisioner-scripts/src/scrapers/openrouter-cdp.ts
+   ```
+   Last stdout line is the `sk-or-v1-*` key. Stderr shows `[cdp] <time> <step>` progress lines.
+
+4. **Store via the CLI:**
+   ```bash
+   $BIN --backend $BACKEND store openrouter <KEY>
+   $BIN --backend $BACKEND read openrouter
+   curl -H "Authorization: Bearer $(... read openrouter)" https://openrouter.ai/api/v1/models
+   ```
+
+### Known blocker — WHY "a fresh-to-OpenRouter email" is non-trivial today
+
+OpenRouter's Clerk integration **normalizes Gmail / Workspace plus-aliases** to the canonical address when checking for duplicates. If `agent@wildmeta.ai` already has an OpenRouter account, every plus-aliased variant (`agent+or-<ts>@wildmeta.ai`, `agent+stage5b@wildmeta.ai`, etc.) gets rejected with:
+
+> This email address is already in use. Creating multiple accounts with the same email address is not allowed.
+
+Only a **different canonical local-part** passes (e.g. `bot-42@wildmeta.ai` is fine if no one has used it; `agent+42@wildmeta.ai` is not because it normalizes to `agent@wildmeta.ai`).
 
-When Stage 5b ships (agentic fallback, `/agentkeys-record-scraper` skill, script-generation loop), this document will grow:
+### Pickup plan — blocked on Stage 6
 
+This unblocks when Stage 6 ships its **throwaway inbox provisioning API** (see [`docs/spec/plans/development-stages.md`](./spec/plans/development-stages.md) §Stage 6 deliverables). Stage 6 mints distinct local-parts like `bot-<random>@agentkeys-email.io` per call, Clerk-normalization-proof because each has a unique local-part. The pickup checklist:
+
+- [ ] Stage 6 SES stack deployed (`agentkeys-email.io` verified, MX/DKIM/SPF live, S3 bucket + IAM OIDC provider + bucket policy per §Stage 6)
+- [ ] `agentkeys inbox provision` CLI mints a `<id>@agentkeys-email.io` and returns the address
+- [ ] `provisioner-scripts/src/lib/email.ts` has an SES-S3 reader variant that reads messages for the provisioned address
+- [ ] Set `AGENTKEYS_SIGNUP_EMAIL` to the provisioned address + point the IMAP fetcher at the SES-S3 reader
+- [ ] Re-run the CDP scraper per §4 step 3 above
+- [ ] Verify all four Stage 5a acceptance criteria pass with the resulting key
+- [ ] Promote the scraper from `provisioner-scripts/src/scrapers/openrouter-cdp.ts` to the default OpenRouter provisioner (delete or archive the Turnstile-blocked `openrouter.ts`)
+
+See [`docs/manual-test-stage6.md`](./manual-test-stage6.md) for the Stage 6 manual demo once that stage lands.
+
+### What's also deferred past the CDP scraper (original Stage 5b scope)
+
+Still-future pieces of the original Stage 5b agentic-fallback design:
 - A new demo path that triggers the agentic fallback via a failing Tier 2 script (expected Tripwire → Tier 3 engagement).
 - A step for inspecting the audit JSONL at `~/.agentkeys/logs/provision-<timestamp>.jsonl`.
 - A `/agentkeys-record-scraper` walkthrough for adding a new service (Brave, Jina, etc.).
 - An assertion that the fallback→PR loop does **not** auto-submit for agent-driven callers (non-TTY).
 
-For now, Stage 5a with OpenRouter as the only deterministic scraper is the full surface.
-
 ---
 
 ## Summary checklist
 
 - [ ] `bash harness/stage-5a-done.sh` exits 0 (covers tests 1–8 above)
 - [ ] (Once ToS cleared) `agentkeys provision openrouter` creates a real account, stores a verified key, `curl` against `/api/v1/models` returns 200
+
+---
+
+## 5. Backend selector — `AGENTKEYS_EMAIL_BACKEND`
+
+`provisioner-scripts/src/lib/email.ts` dispatches `fetchVerificationCode` to one of three backends based on this env var.
+
+| `AGENTKEYS_EMAIL_BACKEND` | Required env vars | Description |
+|---|---|---|
+| `gmail` (default) | `AGENTKEYS_EMAIL_USER`, `AGENTKEYS_EMAIL_PASSWORD` | Polls Gmail via IMAP. Optional: `AGENTKEYS_EMAIL_HOST` (default `imap.gmail.com`), `AGENTKEYS_EMAIL_PORT` (default `993`). |
+| `mock-inbox` | `AGENTKEYS_SESSION_TOKEN`, `AGENTKEYS_SIGNUP_EMAIL` | Polls `GET /mock/inbox/messages?address=<AGENTKEYS_SIGNUP_EMAIL>` on the running mock server. Optional: `AGENTKEYS_BACKEND_URL` (default `http://127.0.0.1:8090`). |
+| `ses-s3` | `AGENTKEYS_SES_BUCKET` | Lists objects under `s3://$AGENTKEYS_SES_BUCKET/inbound/`, downloads new `.eml` files, parses MIME headers. AWS credentials via standard SDK chain (`AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` / instance profile). |
+
+**Quick smoke test for `mock-inbox` dispatch** (server must be running on port 8090; expects a timeout since no message is delivered):
+
+```bash
+AGENTKEYS_EMAIL_BACKEND=mock-inbox \
+AGENTKEYS_SIGNUP_EMAIL=bot-test@agentkeys-email.io \
+AGENTKEYS_SESSION_TOKEN=demo-token \
+node --input-type=module <<'EOF'
+import { fetchVerificationCode } from './provisioner-scripts/src/lib/email.js';
+fetchVerificationCode({ from: /./, subject: /./, codeRegex: /(\d{6})/, timeoutMs: 3000 })
+  .catch(e => { console.log('dispatch ok, error:', e.code ?? e.message); });
+EOF
+# Expected output: "dispatch ok, error: EMAIL_TIMEOUT" (or a fetch error if server is not running)
+```
diff --git a/docs/manual-test-stage6.md b/docs/manual-test-stage6.md
new file mode 100644
index 0000000..76aaa1a
--- /dev/null
+++ b/docs/manual-test-stage6.md
@@ -0,0 +1,222 @@
+# Stage 6 Live Demo — throwaway inbox on `@bots.litentry.org`
+
+**Prerequisite:** [`docs/stage6-aws-setup.md`](./stage6-aws-setup.md) complete through §7 (hand-back values captured). You have the `agentkeys-daemon` user's access key + secret in 1Password.
+
+End-to-end test: provision a throwaway address on your SES-verified domain, drive OpenRouter signup through the Stage 5b CDP scraper, let the verification email flow through SES → S3, have the scraper read it via the `ses-s3` backend, mint + store the API key, verify with `curl`.
+
+## 1. One-time: install + build (skip if already done)
+
+```bash
+cd ~/Projects/agentkeys
+cargo build --workspace --release
+npm install --prefix provisioner-scripts
+npx playwright install chromium --with-deps
+```
+
+## 2. Shell env setup
+
+Two sets of IAM creds stashed under project-specific env vars so neither pollutes `AWS_*` persistently. Only the 1h assumed-role temp creds ever live in `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` / `AWS_SESSION_TOKEN`.
+
+| Identity | Purpose | Env var names |
+|---|---|---|
+| `agentKeys-admin` | Built the infra; used for any non-demo `aws` call via env-prefix | `ADMIN_AWS_ACCESS_KEY_ID` + `ADMIN_AWS_ACCESS_KEY_SECRET` |
+| `agentkeys-daemon` | `sts:AssumeRole` only; impersonated by the daemon | `DAEMON_ACCESS_KEY_ID` + `DAEMON_SECRET_ACCESS_KEY` |
+
+> **Naming drift worth noting:** admin uses `..._ACCESS_KEY_SECRET`, daemon uses AWS-standard `..._SECRET_ACCESS_KEY`. Both work — they're names you chose, not names the AWS SDK reads directly. Pick one pattern eventually to avoid confusion.
+
+**Quick path — just source the helper:**
+
+```bash
+cd ~/Projects/agentkeys
+source scripts/stage6-demo-env.sh
+```
+
+The script populates all Stage 6 env vars, calls `sts:AssumeRole` as the daemon, exports the 1h temp creds into this shell, and prints a sanity-check line. If `DAEMON_ACCESS_KEY_ID` / `DAEMON_SECRET_ACCESS_KEY` aren't in your shell, it fails fast with a clear message.
+
+Re-source it whenever you want fresh creds (temp creds expire in 1h; typical run is 1–3 min).
+
+<details>
+<summary>What the script does (for reference / debugging)</summary>
+
+```bash
+export REGION=us-east-1
+export AWS_REGION="$REGION"   # AWS SDK reads AWS_REGION, not REGION
+export DOMAIN=bots.litentry.org
+export ACCOUNT_ID=429071895007
+export BUCKET="agentkeys-mail-${ACCOUNT_ID}"
+export AGENTKEYS_EMAIL_BACKEND=ses-s3
+export AGENTKEYS_SES_BUCKET="$BUCKET"
+export AGENTKEYS_SIGNUP_EMAIL="bot-$(date +%s)@${DOMAIN}"
+export AGENTKEYS_SIGNUP_PASSWORD="Stg6-$(date +%s)-xZq9okFg"
+export CDP_URL="http://localhost:9222"
+
+CREDS=$(AWS_ACCESS_KEY_ID="$DAEMON_ACCESS_KEY_ID" \
+        AWS_SECRET_ACCESS_KEY="$DAEMON_SECRET_ACCESS_KEY" \
+  aws sts assume-role \
+    --role-arn "arn:aws:iam::${ACCOUNT_ID}:role/agentkeys-agent" \
+    --role-session-name "stage6-demo-$(date +%s)")
+
+export AWS_ACCESS_KEY_ID=$(echo "$CREDS" | jq -r '.Credentials.AccessKeyId')
+export AWS_SECRET_ACCESS_KEY=$(echo "$CREDS" | jq -r '.Credentials.SecretAccessKey')
+export AWS_SESSION_TOKEN=$(echo "$CREDS" | jq -r '.Credentials.SessionToken')
+```
+
+Env-prefix on the AssumeRole call scopes the long-lived daemon keys to that one subprocess — they never touch `AWS_*` in your shell.
+</details>
+
+> **Why env-prefix for AssumeRole.** Writing `AWS_ACCESS_KEY_ID=… AWS_SECRET_ACCESS_KEY=… aws sts ...` on the same line (no `export`) scopes those values to that one subprocess. No save/restore gymnastics, no state to clean up.
+>
+> **Why split between daemon user and agent role.** Daemon user holds long-lived keys but its only permission is `sts:AssumeRole`. Role holds real S3+SES permissions and only hands them out as 1 h temp creds. Compromise of daemon keys bounds to "attacker can assume the role" — key rotation is one CLI call. Full trust chain: [`wiki/email-system.md` §"Architecture topology"](../wiki/email-system.md).
+
+## 3. Start mock server (Terminal A — leave running)
+
+```bash
+cd ~/Projects/agentkeys
+cargo run --release -p agentkeys-mock-server -- --port 8090
+# → "Mock server running on port 8090"
+```
+
+## 4. Launch real Chrome with remote debugging (Terminal B — leave running)
+
+Needed because Playwright-launched Chromium is blocked by Turnstile. The CDP path connects to a real Chrome:
+
+```bash
+/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
+  --remote-debugging-port=9222 \
+  --user-data-dir=/tmp/agentkeys-chrome-profile
+# Leave this window open. Chrome will show a blank page.
+```
+
+## 5. Initialize the master session (Terminal C)
+
+Bring the env from step 2 into this terminal (or re-run step 2):
+
+```bash
+BIN=$(pwd)/target/release/agentkeys
+BACKEND=http://127.0.0.1:8090
+
+$BIN --backend $BACKEND init --mock-token stage6-demo
+# → Initialized. Wallet: 0x...
+```
+
+## 6. Run the CDP scraper + capture the key (Terminal C)
+
+The scraper drives the Chrome from step 4, fills the signup form, waits for Turnstile to resolve (you may need to click the checkbox if a visible challenge appears), polls S3 for the verification email, **handles whichever verification path Clerk is currently serving** (magic-link URL *or* legacy 6-digit OTP), mints a key, prints it on stdout. Magic-link path: the scraper extracts the verify URL from the email body, navigates the Chrome tab to it, and Clerk completes verification automatically — no manual click needed.
+
+**Quick path — run the helper:**
+
+```bash
+cd ~/Projects/agentkeys
+./scripts/stage6-demo-run.sh
+```
+
+The script refreshes `AGENTKEYS_SIGNUP_EMAIL` with a new timestamp, `cd`s into `provisioner-scripts/` (required — `tsx` lives there, not at repo root), runs the CDP scraper, and prints the extracted key. Log streams to `/tmp/cdp.log`; on failure it tails 25 lines automatically.
+
+Capture the key for step 7:
+
+```bash
+KEY=$(./scripts/stage6-demo-run.sh | tail -1)
+echo "extracted: ${KEY:0:12}****...${KEY: -4}"
+```
+
+Common failures (script + log will make them obvious):
+- `env not loaded` → run `source scripts/stage6-demo-env.sh` first
+- `ExpiredToken` in /tmp/cdp.log → your STS creds are >1h old; re-source the env script
+- Scraper hangs on `waiting for Turnstile` >2 min → click the checkbox in the Chrome window from step 4
+- `Cannot find package 'tsx'` → shouldn't happen with the helper, but means you bypassed it and ran from repo root
+
+Expected `/tmp/cdp.log` tail — **magic-link flow** (current Clerk default):
+
+```
+[cdp] HH:MM:SS connecting to CDP at http://localhost:9222
+[cdp] HH:MM:SS navigating to openrouter.ai/auth
+[cdp] HH:MM:SS filling email = bot-<ts>@bots.litentry.org
+[cdp] HH:MM:SS clicking Continue
+[cdp] HH:MM:SS waiting for Turnstile + form to advance ...
+[cdp] HH:MM:SS magic-link verification screen detected
+[cdp] HH:MM:SS fetching verification link from email
+[cdp] HH:MM:SS got verify URL: https://clerk...
+[cdp] HH:MM:SS navigating current tab to verify URL
+[cdp] HH:MM:SS waiting for redirect away from /sign-up
+[cdp] HH:MM:SS navigating to /keys
+[cdp] HH:MM:SS extracted key: sk-or-v1-xxxx****...WXYZ
+```
+
+If Clerk falls back to the legacy **6-digit OTP flow**, you'll see `OTP input appeared (legacy 6-digit flow)` → `fetching 6-digit OTP from email` → `got OTP: 123456` instead. The scraper auto-detects which mode Clerk is serving.
+
+> **If it fails at "waiting for Turnstile..." for >2 min:** check the Chrome window — Turnstile may be showing a visible checkbox. Click it. If no checkbox and URL still `/sign-up`, Turnstile rejected the browser fingerprint. Try a fresh `/tmp/agentkeys-chrome-profile` dir in step 4.
+>
+> **If it fails at "fetching code":** check `aws s3 ls s3://$BUCKET/inbound/ --recursive` — is there a recent object dated within the last 60 seconds? If NO: DNS / MX / SES receipt-rule issue (re-verify via §2 of stage6-aws-setup.md). If YES: the ses-s3 backend may be timing out before the mail arrives (bump `timeoutMs` in openrouter-cdp.ts:121 — default 90s).
+
+## 7. Store + verify the key
+
+```bash
+$BIN --backend $BACKEND store openrouter "$KEY"
+# → stored
+
+$BIN --backend $BACKEND read openrouter
+# → sk-or-v1-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (your key)
+
+curl -sS -H "Authorization: Bearer $($BIN --backend $BACKEND read openrouter)" \
+  https://openrouter.ai/api/v1/models | head -c 200
+# → {"data":[{"id":"...","name":"...",... — HTTP 200 with JSON body
+```
+
+All four acceptance criteria pass when this works:
+1. ✅ `node ... openrouter-cdp.ts` exits 0 with a key on stdout
+2. ✅ stdout key matches `sk-or-v1-[a-zA-Z0-9]+`
+3. ✅ `agentkeys read openrouter` returns that same key
+4. ✅ curl against `/api/v1/models` returns HTTP 200
+
+## 8. (Optional) Re-run — fresh address each time
+
+Because plus-aliases are unreliable on Clerk normalization, always re-evaluate `AGENTKEYS_SIGNUP_EMAIL` before each run:
+
+```bash
+KEY=$(./scripts/stage6-demo-run.sh | tail -1)
+$BIN --backend $BACKEND store openrouter "$KEY" --force
+```
+
+The run script refreshes `AGENTKEYS_SIGNUP_EMAIL` every invocation. If STS creds expired (>1h since last `source`), re-source `scripts/stage6-demo-env.sh` first.
+
+## Known limitations in this interim Stage 6 demo
+
+- **`agentkeys provision openrouter` does NOT use the CDP path.** The CLI wraps `openrouter.ts` (headless Playwright, Turnstile-blocked). Stage 6 demo runs `openrouter-cdp.ts` directly and pipes the key into `agentkeys store`. Planned fix: add a `--cdp` flag or swap the wrapped script.
+- **AWS creds must be assumed-role manually before each run.** The ses-s3 backend does not do AssumeRole internally. Fix (post-Stage 6): have the daemon do the AssumeRole itself, refresh on expiry.
+- **`AMAZON_SES_SETUP_NOTIFICATION`** is polled each cycle; benign, just a wasted HEAD+GET.
+- **Per-user isolation is app-side** — Stage 6 interim trusts the daemon to filter by `To:` header. Cloud-enforced isolation via OIDC PrincipalTag is Stage 7 ([`docs/stage7-wip.md`](./stage7-wip.md)).
+
+## Teardown / cleanup
+
+The 1 h temp creds in `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` / `AWS_SESSION_TOKEN` auto-expire — no restore gymnastics needed. If you want to clear them now:
+
+```bash
+unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
+```
+
+To run admin commands (e.g. inspecting IAM policies), env-prefix with your stashed admin creds — same scoped pattern as §2:
+
+```bash
+AWS_ACCESS_KEY_ID="$ADMIN_AWS_ACCESS_KEY_ID" \
+AWS_SECRET_ACCESS_KEY="$ADMIN_AWS_ACCESS_KEY_SECRET" \
+aws sts get-caller-identity
+# Expected ARN: arn:aws:iam::429071895007:user/agentKeys-admin
+```
+
+Admin creds touch only the one subprocess; your shell never picks them up.
+
+**Stop the long-running processes:**
+- Terminal A: Ctrl+C the mock server.
+- Terminal B: close Chrome.
+- `rm -rf /tmp/agentkeys-chrome-profile /tmp/cdp.log`
+
+**AWS infra teardown** (only if you're done with Stage 6 entirely): see `docs/stage6-aws-setup.md` §Cleanup. Don't run between demo iterations — re-run §2 for fresh temp creds instead.
+
+## Cross-references
+
+- [`docs/stage6-aws-setup.md`](./stage6-aws-setup.md) — operator runbook that stood up the AWS stack
+- [`wiki/email-system.md`](../wiki/email-system.md) — high-level email architecture + scaling model
+- [`docs/spec/ses-email-architecture.md`](./spec/ses-email-architecture.md) — engineering spec; §6.5 covers the same topology at depth
+- [`docs/stage7-wip.md`](./stage7-wip.md) — future OIDC-federation variant (cloud-enforced isolation)
+- [`provisioner-scripts/src/lib/email-backends/ses-s3.ts`](../provisioner-scripts/src/lib/email-backends/ses-s3.ts) — the S3-polling email backend
+- [`provisioner-scripts/src/scrapers/openrouter-cdp.ts`](../provisioner-scripts/src/scrapers/openrouter-cdp.ts) — the CDP scraper this demo uses
diff --git a/docs/spec/plans/development-stages.md b/docs/spec/plans/development-stages.md
index 4dae267..99f95e0 100644
--- a/docs/spec/plans/development-stages.md
+++ b/docs/spec/plans/development-stages.md
@@ -896,6 +896,8 @@ See `docs/spec/ses-email-architecture.md` for the full spec. High-level:
 - [ ] Chain extrinsic pallet for `CredentialMinted` audit events
 - [ ] Daemon MCP tools wired to real minted creds
 - [ ] Stage 5's `provisioner-scripts` updated to read OTPs from the hosted inbox
+- [ ] **Throwaway inbox provisioning API** — on-demand mint of a fresh `<id>@agentkeys-email.io` address per caller. Acceptance: `POST /inbox/provision` (or `agentkeys inbox provision`) returns `{address, agent_wallet}` where `address` is a new locally-unique local-part under our hosted domain, Clerk-normalization-proof (distinct local-part, not plus-alias suffixes). Readable via the same `fetchVerificationCode`-style API as Stage 5, backed by the SES→S3→TEE-decrypt chain. Auto-cleanup or audit-logged revocation after the inbox is done serving signups.
+- [ ] **Stage 5b live-demo re-run against throwaway inbox** — once throwaway-inbox provisioning lands, the Stage 5b CDP scraper (`provisioner-scripts/src/scrapers/openrouter-cdp.ts`) is re-tested end-to-end: provision a throwaway `bot-N@agentkeys-email.io`, run the scraper with that as `AGENTKEYS_SIGNUP_EMAIL`, get a verified `sk-or-v1-*` key back. This closes the [`docs/manual-test-stage5.md`](../../../docs/manual-test-stage5.md) §3 pickup item. (Clerk rejects the Workspace-plus-alias flow as duplicate; only distinct local-parts work.)
 
 ### Tests
 
@@ -909,6 +911,8 @@ See `docs/spec/ses-email-architecture.md` for the full spec. High-level:
 | `email::jwt_without_wallet_claim_denied` | JWT missing `agentkeys_user_wallet` → `sts:AssumeRoleWithWebIdentity` fails per role trust policy |
 | `email::audit_emitted_on_mint` | Every SES/S3 credential mint emits a chain extrinsic with `(child, scope, operation, timestamp)` |
 | `email::grant_revocation_propagates` | Revoke user's email grant → next mint attempt fails within ≤6s |
+| `email::throwaway_inbox_provisioning` | `agentkeys inbox provision` returns a unique `<id>@agentkeys-email.io` address (distinct local-part per call, not plus-alias). A message sent to that address lands in `s3://agentkeys-mail/<wallet>/<address>/*.eml` and is readable via `fetchVerificationCode`. |
+| `email::stage5b_live_demo_rerun` | After a throwaway inbox is provisioned and set as `AGENTKEYS_SIGNUP_EMAIL`, the Stage 5b CDP scraper completes end-to-end: signup → Turnstile passes → OTP fetched → key minted → `agentkeys read openrouter` returns a `sk-or-v1-*` string → `curl /api/v1/models` returns HTTP 200. |
 
 ### Reviewer E2E Checklist
 
diff --git a/docs/spec/ses-email-architecture.md b/docs/spec/ses-email-architecture.md
index 2bd14cd..f80d77e 100644
--- a/docs/spec/ses-email-architecture.md
+++ b/docs/spec/ses-email-architecture.md
@@ -100,6 +100,110 @@ External SMTP  →  SES MX (inbound-smtp.us-east-1.amazonaws.com)
 
 Daemon side (not our concern, but for completeness): the daemon polls its S3 prefix or subscribes to an SNS topic SES writes to; it lists/gets objects with minted creds and parses MIME locally.
 
+## 6.5 Architecture topology — singleton resources, logical per-user separation
+
+Reference for engineers reading this spec who want to know *how the AWS resources actually map to AgentKeys users at runtime*. The whole stack is **singleton on the AWS side**: one IAM user, one role, one bucket, one SES domain identity, one wildcard receipt rule. Per-user state lives in our DB / on chain (the throwaway address) and as an S3 object key (`inbound/<msg_id>.eml`). No AWS resource is ever provisioned per AgentKeys user.
+
+### Resource graph
+
+```mermaid
+graph TB
+    subgraph EXT[" External "]
+        Sender[Sender MTA]
+        Recip[Recipient MTA]
+    end
+    subgraph DNS[" Route 53 "]
+        Records["MX → SES inbound<br/>3× DKIM CNAMEs<br/>SPF + DMARC TXT"]
+    end
+    subgraph SES[" AWS SES "]
+        Inbound["Inbound endpoint<br/>+ wildcard receipt rule"]
+        Outbound["ses:SendRawEmail<br/>+ AWS-managed DKIM signing"]
+    end
+    subgraph S3[" S3 "]
+        Bucket["Singleton bucket<br/>+ bucket policy<br/>+ 30d inbound/* lifecycle"]
+    end
+    subgraph IAM[" IAM "]
+        User["Singleton user agentkeys-daemon<br/>inline: sts:AssumeRole only"]
+        Role["Singleton role agentkeys-agent<br/>inline: s3:Get/List + ses:SendRawEmail"]
+    end
+    subgraph APP[" Daemon "]
+        Daemon[provisioner-scripts ses-s3 backend]
+    end
+    Sender --> Records
+    Records -.-> Sender
+    Sender --> Inbound
+    Inbound --> Bucket
+    Daemon --> User
+    User --> Role
+    Role -.-> Daemon
+    Daemon --> Bucket
+    Daemon --> Outbound
+    Outbound --> Recip
+```
+
+### What scales how
+
+| Singleton (one per AWS account) | Per AgentKeys user (logical) |
+|---|---|
+| 1 IAM user (long-lived access keys) | N throwaway inbox addresses (DB / on-chain) |
+| 1 IAM role (1h temp creds via AssumeRole) | N raw `.eml` objects under `inbound/` (lifecycle-capped) |
+| 1 S3 bucket | |
+| 1 SES domain identity | |
+| 1 SES wildcard receipt rule | |
+
+### Why we deliberately avoid per-user IAM
+
+AWS hard quotas:
+
+| Resource | Default quota / account | What "per AgentKeys user" gives us |
+|---|---|---|
+| IAM users | 5,000 | Hard cap at 5k AgentKeys users |
+| IAM roles | 1,000 | Hard cap at 1k |
+| S3 buckets | 100 (raise to 1k) | Hard cap at 1k |
+
+Singleton design moves the bottleneck from IAM (capped) to SES inbound rate (60 msg/sec/region default, raisable). Throughput math at 10k users × 5 throwaway inboxes × 2 verification mails: ~100k objects steady-state with 30d TTL = ~500MB total = ~$0.01/month S3 storage cost. Scales to millions without IAM changes.
+
+### IAM trust chain
+
+```
+operator's long-lived AWS access keys (in 1Password)
+  ↓ injected to daemon as AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY
+IAM user "agentkeys-daemon"
+  ├─ inline policy: only sts:AssumeRole on the role below
+  ↓
+sts:AssumeRole → temp creds (1h, auto-refreshed)
+  ↓
+IAM role "agentkeys-agent"
+  ├─ trust policy: trusts agentkeys-daemon (the user above)
+  ├─ inline policy:
+  │   ├─ s3:ListBucket on agentkeys-mail-${ACCOUNT_ID}
+  │   ├─ s3:GetObject on agentkeys-mail-${ACCOUNT_ID}/*
+  │   └─ ses:SendRawEmail on identity/<DOMAIN>
+  ↓
+runtime API calls: GetObject (read inbound mail) + SendRawEmail (send outbound)
+```
+
+The split exists so the long-lived secret (user access key) only does ONE thing — assume the role. The role holds all real permissions and only hands them out as 1h temp creds. Compromise of the access key is bounded to "attacker can call AssumeRole on the role"; rotating the key is `aws iam create-access-key` + delete-old, no role-side change.
+
+### Stage 6 vs Stage 7 — same singleton design, different per-user isolation
+
+| | Stage 6 interim (shipped) | Stage 7 target |
+|---|---|---|
+| Bucket policy | `AllowDaemonRead`: role reads whole bucket | `AllowDaemonReadOwnPrefix`: role reads only `${aws:PrincipalTag/agentkeys_user_wallet}/*` |
+| Per-user enforcement | App-side: daemon filters by `To:` header | Cloud-side: S3 returns AccessDenied on cross-prefix reads |
+| Auth flow | `sts:AssumeRole` from IAM user (static keys) | `sts:AssumeRoleWithWebIdentity` from OIDC JWT |
+| AWS resource count | Same singletons | Same singletons (no new IAM per user) |
+| Failure mode if app has a bug | User A could read user B's mail | AccessDenied from cloud — bug caught at the boundary |
+| Where to read more | This spec + [`docs/stage6-aws-setup.md`](../stage6-aws-setup.md) | [`docs/stage7-wip.md`](../stage7-wip.md), §10.4 PrincipalTag pattern below |
+
+The migration from Stage 6 to Stage 7 is mostly a trust-policy rewrite + a `Resource`/`Condition` swap on the bucket policy (see §10.4). No new IAM resources, no per-user provisioning. Singleton stays singleton.
+
+### What this spec does NOT cover (intentionally)
+
+- **Operator setup specifics** (account ID, hosted zone ID, exact ARNs) live in [`docs/stage6-aws-setup.md`](../stage6-aws-setup.md), the operator-facing runbook. Reference that for the actual AWS CLI calls.
+- **PrincipalTag enforcement details** are in §10.4 below + [`wiki/tag-based-access.md`](../../wiki/tag-based-access.md).
+- **OIDC issuer key derivation + JWKS** are in §10.5 + [`wiki/oidc-federation.md`](../../wiki/oidc-federation.md).
+
 ## 7. Send pipeline (outbound)
 
 Daemon mints credentials once; uses them to call SES directly. Our backend's involvement per-send: zero after the mint.
diff --git a/docs/stage6-aws-setup.md b/docs/stage6-aws-setup.md
new file mode 100644
index 0000000..e7d8f21
--- /dev/null
+++ b/docs/stage6-aws-setup.md
@@ -0,0 +1,470 @@
+# Stage 6 AWS Setup Runbook
+
+**Audience:** the operator setting up Stage 6's hosted-email infra on real AWS for the first time. Default path is a subdomain on an existing parent (`bots.litentry.org` on AWS account `429071895007`); the wiki-canonical standalone `@agentkeys-email.io` path is the post-interim option.
+**Outcome:** an AWS account with SES domain verified, `agentkeys-daemon` IAM user + `agentkeys-agent` role (static-IAM-user trust), S3 bucket + bucket policy, SES receipt rule writing inbound to S3. Once done, the Stage 6 code (mock-server + CLI + provisioner-scripts adapters) can talk to real AWS, and the Stage 5b live demo unblocks. The OIDC-federated variant (TEE-signed JWT → PrincipalTag isolation) is Stage 7 work; test preserved in [`stage7-wip.md`](./stage7-wip.md).
+**Status:** interim build. TEE-held BYODKIM and TEE-signed OIDC JWTs are deferred until [`heima-gaps-vs-desired-architecture.md`](./spec/heima-gaps-vs-desired-architecture.md) §3 + §4 close. AWS-managed DKIM is used as the Stage 6 interim; replace it with TEE-BYODKIM later.
+
+## 0. Preconditions
+
+- AWS account with **IAM admin** or equivalent (roles, OIDC providers, IAM policies, S3 buckets, SES identities, Route 53 hosted zones).
+- `aws` CLI v2 installed and authenticated. `aws sts get-caller-identity` must return your identity.
+- A **parent domain** already hosted in Route 53. This runbook uses a subdomain carved out of the parent. We default to `bots.litentry.org` on account `429071895007` (hosted zone `Z09723983CFJOHAE3VC65`).
+
+### Domain decision — subdomain on litentry.org vs standalone agentkeys-email.io
+
+Two viable shapes:
+
+| Path | Domain | Hosted zone | Cost | Use when |
+|---|---|---|---|---|
+| **A. Subdomain on existing parent** (this runbook's default) | `bots.litentry.org` — email addresses look like `bot-ab12cd@bots.litentry.org` | Reuses `litentry.org` zone (`Z09723983CFJOHAE3VC65`) — just add records, no delegation | $0 — parent already registered | Stage 6 interim / internal testing; parent domain's reputation bootstraps deliverability |
+| **B. Standalone canonical domain** | `agentkeys-email.io` — matches the wiki's published hosted-default | New Route 53 hosted zone on fresh registration | ~$15/yr + fresh-domain reputation build | Production-facing v0.1+; external users will see and trust the name |
+
+Stage 6 goes with Path A because (1) it's what the user already has set up, (2) it's free, (3) inheriting `litentry.org`'s reputation is better for initial deliverability than a brand-new `.io`. The Stage 6 code is domain-agnostic — reads `AGENTKEYS_EMAIL_DOMAIN` — so swapping to `agentkeys-email.io` later is a one-env-var change.
+
+Set these once at the top of your shell for the rest of the runbook:
+
+```bash
+export REGION=us-east-1                         # SES inbound regions: us-east-1, us-west-2, eu-west-1
+export DOMAIN=bots.litentry.org                 # the subdomain we'll run SES under
+export PARENT_ZONE_ID=Z09723983CFJOHAE3VC65     # existing litentry.org Route 53 hosted zone
+export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+export BUCKET=agentkeys-mail-${ACCOUNT_ID}      # bucket names are globally unique; account-id suffix avoids collisions
+```
+
+Verify all four resolved correctly before proceeding:
+
+```bash
+echo "REGION=$REGION DOMAIN=$DOMAIN PARENT_ZONE_ID=$PARENT_ZONE_ID ACCOUNT_ID=$ACCOUNT_ID BUCKET=$BUCKET"
+# Expected: REGION=us-east-1 DOMAIN=bots.litentry.org PARENT_ZONE_ID=Z09723983CFJOHAE3VC65 ACCOUNT_ID=429071895007 BUCKET=agentkeys-mail-429071895007
+```
+
+## 1. DNS prep on the existing litentry.org hosted zone
+
+No domain registration needed — we just publish records for the `bots` subdomain inside the existing litentry.org zone. Later sections generate DKIM tokens and an MX record; you'll UPSERT them against `$PARENT_ZONE_ID`.
+
+Confirm the parent zone is reachable before we start:
+
+```bash
+aws route53 get-hosted-zone --id "$PARENT_ZONE_ID" \
+  --query 'HostedZone.{name: Name, private: Config.PrivateZone}'
+# Expected: {"name": "litentry.org.", "private": false}
+```
+
+If that fails, your aws creds don't have Route 53 permissions on this zone — fix before continuing.
+
+### Note: no subdomain NS delegation required
+
+Because `bots.litentry.org` lives *inside* the same hosted zone as `litentry.org`, every DNS change below is an UPSERT on the parent zone. You do NOT need to create a separate child hosted zone for `bots.litentry.org`. (That's only needed if someone *else* is going to manage `bots.litentry.org` records.)
+
+### Nothing-else-breaks check
+
+This runbook adds records scoped to `bots.litentry.org` and `*.bots.litentry.org`. It does NOT touch the apex `litentry.org` MX, SPF, DMARC, or any records for other subdomains. If you have existing inbound mail on `litentry.org`, it is unaffected.
+
+## 2. SES domain identity + DKIM (AWS-managed interim)
+
+Verify the domain in SES, which also generates AWS-managed DKIM keys we'll publish as CNAMEs.
+
+```bash
+aws sesv2 create-email-identity \
+  --region "$REGION" \
+  --email-identity "$DOMAIN" \
+  --dkim-signing-attributes NextSigningKeyLength=RSA_2048_BIT
+```
+
+Get the three DKIM CNAME tokens AWS generated:
+
+```bash
+aws sesv2 get-email-identity \
+  --region "$REGION" \
+  --email-identity "$DOMAIN" \
+  --query 'DkimAttributes.Tokens' --output text
+# → three strings like: <token1> <token2> <token3>
+```
+
+Publish the DKIM CNAMEs + SPF + DMARC + MX records in Route 53. `jq --arg` interpolates the env vars outside shell parsing, so zsh modifiers never bite; the JSON is validated by jq on construction; no file lands on disk.
+
+```bash
+read -r T1 T2 T3 <<<"$(aws sesv2 get-email-identity --region "$REGION" \
+  --email-identity "$DOMAIN" --query 'DkimAttributes.Tokens' --output text)"
+echo "DKIM tokens: $T1 $T2 $T3"
+
+aws route53 change-resource-record-sets \
+  --hosted-zone-id "$PARENT_ZONE_ID" \
+  --change-batch "$(jq -n \
+    --arg domain "$DOMAIN" \
+    --arg region "$REGION" \
+    --arg t1 "$T1" --arg t2 "$T2" --arg t3 "$T3" \
+    '{
+      Comment: "Stage 6 email infra for \($domain)",
+      Changes: [
+        {Action:"UPSERT", ResourceRecordSet:{Name:"\($t1)._domainkey.\($domain)", Type:"CNAME", TTL:300, ResourceRecords:[{Value:"\($t1).dkim.amazonses.com"}]}},
+        {Action:"UPSERT", ResourceRecordSet:{Name:"\($t2)._domainkey.\($domain)", Type:"CNAME", TTL:300, ResourceRecords:[{Value:"\($t2).dkim.amazonses.com"}]}},
+        {Action:"UPSERT", ResourceRecordSet:{Name:"\($t3)._domainkey.\($domain)", Type:"CNAME", TTL:300, ResourceRecords:[{Value:"\($t3).dkim.amazonses.com"}]}},
+        {Action:"UPSERT", ResourceRecordSet:{Name:$domain, Type:"MX", TTL:300, ResourceRecords:[{Value:"10 inbound-smtp.\($region).amazonaws.com"}]}},
+        {Action:"UPSERT", ResourceRecordSet:{Name:$domain, Type:"TXT", TTL:300, ResourceRecords:[{Value:"\"v=spf1 include:amazonses.com -all\""}]}},
+        {Action:"UPSERT", ResourceRecordSet:{Name:"_dmarc.\($domain)", Type:"TXT", TTL:300, ResourceRecords:[{Value:"\"v=DMARC1; p=quarantine; rua=mailto:dmarc@\($domain)\""}]}}
+      ]
+    }')"
+```
+
+> **Note on the DMARC `rua` address:** the DMARC aggregate-report mailbox `dmarc@$DOMAIN` must exist once the receipt rule in §6 is live. Until then, DMARC reports that come in get swallowed by SES. That's fine for Stage 6 interim. For a production posture, add a dedicated `dmarc@` inbox or point the `rua` at a mailbox you already monitor.
+
+Wait ~5 minutes for propagation, then confirm verification:
+
+```bash
+aws sesv2 get-email-identity --region "$REGION" --email-identity "$DOMAIN" \
+  --query '{verified: VerifiedForSendingStatus, dkim: DkimAttributes.Status}'
+# → {"verified": true, "dkim": "SUCCESS"}
+```
+
+> **Interim DKIM key custody — explicit.** In this Stage 6 setup, **AWS SES itself holds the private DKIM key.** We never generate, see, or store it. The three CNAME records you published point `<token>._domainkey.$DOMAIN` at `<token>.dkim.amazonses.com`, where AWS publishes the matching public key. SES signs every outbound message with the private key sitting inside its DKIM signing service; we just call `ses:SendRawEmail` and trust AWS to sign correctly.
+>
+> **What we're trusting AWS with:** DKIM signing authority for `$DOMAIN`. An AWS-internal compromise or an account takeover could forge mail that passes DKIM as us. Bounded blast radius: the signed mail cannot touch anything in the TEE, forge session tokens, or access user data — it's a reputation risk (spam or phishing claiming to be us), not a key-custody-of-user-data risk.
+>
+> **Migration spectrum (target = TEE-BYODKIM):**
+> | Option | Who holds the private key | Rule #2 | Complexity |
+> |---|---|---|---|
+> | AWS-managed DKIM (this interim) | AWS SES — opaque service | ❌ | trivial |
+> | BYODKIM, key in AWS KMS + Lambda signer | AWS KMS HSM | ⚠ partial | medium (adds outbound Lambda) |
+> | BYODKIM, key in enclave (`dkim/<domain>/v1`) | TEE-sealed, derived from master seed | ✅ | high — blocked on [`heima-gaps §4`](./spec/heima-gaps-vs-desired-architecture.md) |
+>
+> **Swap to TEE-BYODKIM happens when [`heima-gaps §4`](./spec/heima-gaps-vs-desired-architecture.md) closes.** Until then, the Stage 6 interim accepts the AWS-custody tradeoff. Do NOT upgrade to "BYODKIM with file-stored key" — that path is strictly worse than AWS-managed (lower availability, similar trust surface).
+
+## 3. IAM: daemon user + `agentkeys-agent` role
+
+This Stage 6 runbook uses **static IAM-user trust** as the interim: create a dedicated IAM user `agentkeys-daemon`, create the `agentkeys-agent` role that trusts only that user, and attach the S3/SES inline permissions. The user's access keys get injected into the daemon's env at runtime; the daemon calls `sts:AssumeRole` to get temp creds before touching S3 or SES.
+
+For the full OIDC-federated variant (where a TEE-minted JWT is exchanged at STS for temp creds tagged with `agentkeys_user_wallet`), see [`stage7-wip.md`](./stage7-wip.md). That path delivers cryptographic per-user isolation via PrincipalTag but requires `oidc.agentkeys.dev` hosted publicly with a Let's Encrypt cert — deferred because (a) the hosting adds a Stage 7 dependency and (b) the "right" signer for that path is a TEE-derived ES256 key, blocked on [`heima-gaps §3`](./spec/heima-gaps-vs-desired-architecture.md).
+
+### 3a. Create the daemon IAM user
+
+> **Env-var sanity check (run this once before §3 and §4).** Every `jq -n --arg` call below reads `$ACCOUNT_ID`, `$BUCKET`, `$REGION`, `$DOMAIN` from the current shell. A fresh shell tab will have none of them set.
+>
+> ```bash
+> : "${ACCOUNT_ID:?re-run §0 env setup}"
+> : "${REGION:?re-run §0 env setup}"
+> : "${DOMAIN:?re-run §0 env setup}"
+> : "${BUCKET:?re-run §0 env setup}"
+> echo "OK: ACCOUNT_ID=$ACCOUNT_ID REGION=$REGION DOMAIN=$DOMAIN BUCKET=$BUCKET"
+> ```
+
+```bash
+aws iam create-user --user-name agentkeys-daemon
+
+# Generate an access key. Save AccessKeyId + SecretAccessKey IMMEDIATELY —
+# the secret is only shown on creation. Inject into daemon env as
+# AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY later.
+aws iam create-access-key --user-name agentkeys-daemon
+# → save both values to 1Password / your secret manager. NOT to git.
+
+# User's only permission: sts:AssumeRole on the role we're about to create.
+# All real S3/SES access comes from the role.
+aws iam put-user-policy \
+  --user-name agentkeys-daemon \
+  --policy-name agentkeys-daemon-assume-role \
+  --policy-document "$(jq -n --arg acct "$ACCOUNT_ID" '{
+    Version: "2012-10-17",
+    Statement: [{
+      Effect: "Allow",
+      Action: "sts:AssumeRole",
+      Resource: "arn:aws:iam::\($acct):role/agentkeys-agent"
+    }]
+  }')"
+```
+
+> **Why `jq --arg` instead of `cat > file.json <<EOF`.** `jq --arg` passes env values outside shell-parameter-expansion, so zsh modifier shortcuts (`$VAR:r`, `$VAR:h`, etc.) never corrupt ARNs. JSON is validated on construction. Command substitution (`$(...)`) feeds it straight into the AWS CLI arg — no file lands on disk, nothing persists to confuse a later re-run.
+
+### 3b. Create the `agentkeys-agent` role
+
+```bash
+aws iam create-role \
+  --role-name agentkeys-agent \
+  --assume-role-policy-document "$(jq -n --arg acct "$ACCOUNT_ID" '{
+    Version: "2012-10-17",
+    Statement: [{
+      Effect: "Allow",
+      Principal: {AWS: "arn:aws:iam::\($acct):user/agentkeys-daemon"},
+      Action: "sts:AssumeRole"
+    }]
+  }')"
+
+export ROLE_ARN=$(aws iam get-role --role-name agentkeys-agent --query 'Role.Arn' --output text)
+echo "ROLE_ARN=$ROLE_ARN"
+
+# Role's permissions: read from S3 bucket, send from SES. (The bucket is
+# created in §4; the role policy can reference it by ARN before the bucket
+# exists — AWS doesn't validate resource-existence on put-role-policy.)
+aws iam put-role-policy \
+  --role-name agentkeys-agent \
+  --policy-name agentkeys-agent-inline \
+  --policy-document "$(jq -n \
+    --arg bucket "$BUCKET" \
+    --arg region "$REGION" \
+    --arg acct "$ACCOUNT_ID" \
+    --arg domain "$DOMAIN" \
+    '{
+      Version: "2012-10-17",
+      Statement: [
+        {Effect: "Allow", Action: "s3:ListBucket", Resource: "arn:aws:s3:::\($bucket)"},
+        {Effect: "Allow", Action: "s3:GetObject",  Resource: "arn:aws:s3:::\($bucket)/*"},
+        {Effect: "Allow", Action: ["ses:SendRawEmail"], Resource: "arn:aws:ses:\($region):\($acct):identity/\($domain)"}
+      ]
+    }')"
+```
+
+> **Per-user isolation note.** With the static-IAM-user path, per-user isolation lives *app-side* in the daemon — the daemon knows which wallet it's acting as and scopes its own S3 keys accordingly. The cloud does NOT enforce isolation; an app bug could let one wallet read another's prefix. The OIDC-federated path in [`stage7-wip.md`](./stage7-wip.md) enforces isolation at the bucket-policy layer via `${aws:PrincipalTag/agentkeys_user_wallet}` — recommended for production. See also [`wiki/tag-based-access.md`](../wiki/tag-based-access.md).
+
+## 4. S3 bucket for inbound mail
+
+Now that `agentkeys-agent` exists, we can apply the full bucket policy in one shot — no split.
+
+```bash
+aws s3api create-bucket \
+  --region "$REGION" \
+  --bucket "$BUCKET" \
+  $([ "$REGION" != "us-east-1" ] && echo "--create-bucket-configuration LocationConstraint=$REGION")
+
+aws s3api put-public-access-block \
+  --bucket "$BUCKET" \
+  --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true
+```
+
+Bucket policy — SES writes inbound, `agentkeys-agent` role reads:
+
+```bash
+aws s3api put-bucket-policy --bucket "$BUCKET" \
+  --policy "$(jq -n \
+    --arg bucket "$BUCKET" \
+    --arg acct "$ACCOUNT_ID" \
+    '{
+      Version: "2012-10-17",
+      Statement: [
+        {
+          Sid: "AllowSESWriteInbound",
+          Effect: "Allow",
+          Principal: {Service: "ses.amazonaws.com"},
+          Action: "s3:PutObject",
+          Resource: "arn:aws:s3:::\($bucket)/*",
+          Condition: {StringEquals: {"aws:Referer": $acct}}
+        },
+        {
+          Sid: "AllowDaemonRead",
+          Effect: "Allow",
+          Principal: {AWS: "arn:aws:iam::\($acct):role/agentkeys-agent"},
+          Action: ["s3:GetObject", "s3:ListBucket"],
+          Resource: ["arn:aws:s3:::\($bucket)", "arn:aws:s3:::\($bucket)/*"]
+        }
+      ]
+    }')"
+```
+
+Verify both statements present:
+
+```bash
+aws s3api get-bucket-policy --bucket "$BUCKET" --query 'Policy' --output text | jq '.Statement | length'
+# → 2
+```
+
+> **What's different from the OIDC path.** Here `AllowDaemonRead` gives the role read-access to the whole bucket — the daemon is trusted to self-scope via the `s3:prefix` / object-key conventions its own code applies. The OIDC path instead puts a `${aws:PrincipalTag/agentkeys_user_wallet}/*` condition here and mints one PrincipalTag per session. If you later migrate to OIDC, this statement's `Resource` + `Condition` are the two things that change.
+
+## 5. SES receipt rule for inbound
+
+Create a rule set and rule that writes all inbound to our S3 bucket:
+
+```bash
+# Rule set is an account-wide resource; create once
+aws ses create-receipt-rule-set --rule-set-name agentkeys --region "$REGION"
+
+# Rule: match *@$DOMAIN, write to S3
+aws ses create-receipt-rule \
+  --region "$REGION" \
+  --rule-set-name agentkeys \
+  --rule "$(jq -n --arg domain "$DOMAIN" --arg bucket "$BUCKET" '{
+    Name: "agentkeys-inbound",
+    Enabled: true,
+    ScanEnabled: true,
+    TlsPolicy: "Optional",
+    Recipients: [$domain],
+    Actions: [{
+      S3Action: {
+        BucketName: $bucket,
+        ObjectKeyPrefix: "inbound/"
+      }
+    }]
+  }')"
+
+aws ses set-active-receipt-rule-set --rule-set-name agentkeys --region "$REGION"
+```
+
+Note: this writes raw MIME to `s3://agentkeys-mail/inbound/<msg_id>`. The Stage 6 mock mirrors this shape; the ses-s3 adapter in provisioner-scripts reads from this path.
+
+> **Follow-up:** the object-key prefix should eventually become `s3://agentkeys-mail/<user_wallet>/<address>/` so per-user bucket-policy conditions bite. That requires a Lambda between SES and S3 to route by address (Stage 6 post-MVP) or SES's new subdomain routing. For now, all inbound lands in `inbound/` and the daemon filters by `To:` header.
+
+## 6. Test: send yourself a test message
+
+> **Heads-up: you'll likely see one S3 object already** named `inbound/AMAZON_SES_SETUP_NOTIFICATION`. AWS writes that *once* when the receipt rule first activates — it's their "I successfully tested write access to your bucket" marker, NOT your test mail. Confirms SES → S3 plumbing works; ignore it from here on.
+
+Send a message to `test@$DOMAIN` from ANY outside mailbox (your Gmail on your phone works; the macOS `/usr/bin/mail` command usually does NOT — no MTA configured by default, so the message sits queued locally and never reaches SES).
+
+Then verify it landed in S3 within ~30 s. The `LATEST` query below auto-filters out the AWS setup-notification marker so it only picks up real inbound mail:
+
+```bash
+# Any object at all? (You'll likely see AMAZON_SES_SETUP_NOTIFICATION
+# plus your test mail, if it arrived.)
+aws s3 ls "s3://$BUCKET/inbound/" --recursive
+
+# Grab the most-recent REAL inbound object (excluding the SES setup
+# marker) and dump the first 400 bytes of raw MIME:
+LATEST=$(aws s3api list-objects-v2 --bucket "$BUCKET" --prefix "inbound/" \
+  --query 'sort_by(Contents,&LastModified)[?Key!=`inbound/AMAZON_SES_SETUP_NOTIFICATION`] | [-1].Key' \
+  --output text)
+[ "$LATEST" = "None" ] && { echo "no inbound mail yet — see troubleshooting below"; } \
+  || { echo "latest key: $LATEST"; aws s3 cp "s3://$BUCKET/$LATEST" - | head -c 400; }
+```
+
+If you see your `Subject:` + body in the output, the inbound pipeline is live. Skip to §7.
+
+> **Alternative sender — SES self-loop** (avoids needing to switch to your Gmail). Sends from one address on your verified domain to another — same domain, but goes out through the public internet and back via SES inbound, which exercises the full path. Only works if you're out of SES sandbox mode OR the recipient address is verified:
+>
+> ```bash
+> aws ses send-email --region "$REGION" \
+>   --from "noreply@$DOMAIN" \
+>   --destination "ToAddresses=test@$DOMAIN" \
+>   --message "Subject={Data=stage6-setup-test},Body={Text={Data=hello stage 6}}"
+> # If sandbox-mode error: aws sesv2 create-email-identity --region "$REGION" --email-identity "test@$DOMAIN"
+> # then click the verification link AWS emails to test@$DOMAIN (which you can read via S3 once the receipt rule fires).
+> ```
+
+### Troubleshooting — nothing landed in S3
+
+```bash
+# (a) Is the receipt rule set active? Should show "agentkeys".
+aws ses describe-active-receipt-rule-set --region "$REGION" \
+  --query 'Metadata.Name'
+
+# (b) Does $DOMAIN's MX record resolve to SES inbound? Should show
+#     "10 inbound-smtp.us-east-1.amazonaws.com." (or your region's).
+dig MX "$DOMAIN" +short
+
+# (c) Is SES in the right identity state?
+aws sesv2 get-email-identity --region "$REGION" --email-identity "$DOMAIN" \
+  --query '{verified: VerifiedForSendingStatus, dkim: DkimAttributes.Status}'
+
+# (d) Did the sender get a bounce? If you sent from Gmail, check Gmail's
+#     outbox / the inbox for a delivery failure notification.
+```
+
+Most common cause when all four checks pass: you sent from a sender that failed silently. Retry from a distinct outside mailbox you can monitor.
+
+## 7. Operational notes — inbound spam & lifecycle
+
+The wildcard receipt rule from §5 accepts mail to **any** address under `$DOMAIN`, including addresses we never minted. SES's built-in scanners stamp `X-SES-Spam-Verdict` and `X-SES-Virus-Verdict` headers but do not drop mail; storage grows unboundedly without intervention. Three hardening items in priority order for the throwaway-inbox use case.
+
+### 7.1 S3 lifecycle policy — auto-expire `inbound/*` after 30 days (do this now)
+
+Single CLI call. Prevents the bucket from growing forever as bot inboxes accumulate verification emails + any spam that slips through. Throwaway addresses are intended to receive one or two messages then be discarded, so 30 days is generous.
+
+```bash
+aws s3api put-bucket-lifecycle-configuration --bucket "$BUCKET" \
+  --lifecycle-configuration "$(jq -n '{
+    Rules: [{
+      ID: "inbound-30d-ttl",
+      Status: "Enabled",
+      Filter: {Prefix: "inbound/"},
+      Expiration: {Days: 30}
+    }]
+  }')"
+
+# Verify
+aws s3api get-bucket-lifecycle-configuration --bucket "$BUCKET" \
+  --query 'Rules[0].{id: ID, prefix: Filter.Prefix, days: Expiration.Days}'
+# → {"id": "inbound-30d-ttl", "prefix": "inbound/", "days": 30}
+```
+
+Tune `Days` if you want shorter / longer retention. AWS deletes objects in batches once daily, so the actual delete latency is up to 48 h.
+
+### 7.2 Spam handling — read-time, not write-time (Stage 6 interim)
+
+The architecturally clean spot to drop spam is at READ time in our daemon: when it downloads an `.eml` from S3, parse the `X-SES-Spam-Verdict` header; if `FAIL`, skip and don't pass the body to the scraper. This keeps the SES receipt rule trivial (one S3Action), avoids a per-message Lambda invocation cost, and pushes the policy decision to the place that knows what's "real" mail (the bot expects an OpenRouter verification — anything else is spam regardless of SES's verdict).
+
+Pseudo-code for the daemon's filter:
+
+```rust
+// in provisioner-scripts/src/lib/email-backends/ses-s3.ts equivalent
+fn is_spam(eml: &str) -> bool {
+    eml.lines().any(|l| l.starts_with("X-SES-Spam-Verdict: FAIL")
+                     || l.starts_with("X-SES-Virus-Verdict: FAIL"))
+}
+```
+
+Add a write-time Lambda ONLY if S3 cost or daemon poll-bandwidth becomes a problem at scale. For Stage 6 demo, read-time filter is sufficient.
+
+### 7.3 SES sandbox vs production — only matters for OUTBOUND
+
+Fresh AWS accounts ship with SES in **sandbox mode**, which restricts outbound to verified recipient addresses (cap of 200/day). **Inbound is unaffected** — the wildcard receipt rule + S3 write works regardless of sandbox status, which is why your test from Gmail landed despite (likely) being in sandbox.
+
+You only need to request production access when the agent itself starts SENDING mail to arbitrary user addresses (replies, notifications). Request via AWS Console → Support → Create case → "Service limit increase" → "SES Sending Limits" → "Request Production Access". Review usually ≤24 h; provide a one-line use case ("transactional verification mail for AI agent inboxes").
+
+For Stage 6 demo (Gmail-style verification email INBOUND), no action needed.
+
+### What we're NOT mitigating in Stage 6 (deferred)
+
+- **Address enumeration** — an attacker scanning `bot-aaaaaa@`, `bot-aaaaab@`... gets the same "accepted" response from SES. Mitigation requires a per-address allowlist (Lambda lookup against our chain) before S3Action. Tracked as a Stage 6 post-MVP item.
+- **Per-recipient inbound rate limit** — none enforced. A bot inbox can be flooded with tens of thousands of messages. Mitigation: same Lambda pattern.
+- **Sender allow/deny lists** — SES does not have native domain allowlists; would need a Lambda. For verification emails, the sender domain is whoever the agent signs up at (OpenRouter, etc.) — too dynamic for a static allowlist anyway.
+
+## 8. Hand-back to Claude / the Stage 6 code
+
+When the above completes, share these values back so I can wire them into the Stage 6 code (via env vars, NOT committed to git):
+
+```
+ACCOUNT_ID=429071895007
+REGION=us-east-1
+DOMAIN=bots.litentry.org
+PARENT_ZONE_ID=Z09723983CFJOHAE3VC65
+SES_VERIFIED=<yes|no>
+DKIM_STATUS=<SUCCESS|PENDING|FAILED>
+BUCKET_ARN=arn:aws:s3:::agentkeys-mail-429071895007
+ROLE_ARN=arn:aws:iam::429071895007:role/agentkeys-agent
+DAEMON_USER_ARN=arn:aws:iam::429071895007:user/agentkeys-daemon
+DAEMON_ACCESS_KEY_ID=<redacted>
+DAEMON_SECRET_ACCESS_KEY=<redacted>  # share via 1Password, NOT in chat
+```
+
+I'll then wire `AGENTKEYS_EMAIL_BACKEND=ses-s3` in provisioner-scripts to read from `$BUCKET_ARN` using the `agentkeys-daemon` user's access key to assume `$ROLE_ARN` at runtime.
+
+## Follow-ups tracked elsewhere
+
+- **TEE-BYODKIM**: replace AWS-managed DKIM with TEE-held Ed25519. Depends on [`heima-gaps §4`](./spec/heima-gaps-vs-desired-architecture.md). Track via [issue #50](https://github.com/litentry/agentKeys/issues/50).
+- **TEE-signed OIDC JWT**: replace `agentkeys-oidc-stub` / static-IAM trust with TEE-derive(`oidc/issuer/v1`) + sts:AssumeRoleWithWebIdentity. Depends on heima-gaps §3.
+- **Per-address S3 prefix**: currently all inbound lands in `s3://$BUCKET/inbound/`; Stage 6 post-MVP should route to `s3://$BUCKET/<wallet>/<address>/` either via SES Lambda or subdomain routing.
+- **Throwaway inbox lifecycle**: currently addresses are unbounded; Stage 6 post-MVP should add TTL + audit-logged revocation.
+
+## Cleanup (if you want to tear down)
+
+```bash
+# Disable the active rule set (keeps SES inbound from hitting this bucket)
+aws ses set-active-receipt-rule-set --rule-set-name "" --region "$REGION"
+
+# Drop the role
+aws iam delete-role-policy --role-name agentkeys-agent --policy-name agentkeys-agent-inline
+aws iam delete-role --role-name agentkeys-agent
+
+# Drop the daemon user (list + delete access keys first — can't delete a user with keys)
+for KEY in $(aws iam list-access-keys --user-name agentkeys-daemon --query 'AccessKeyMetadata[*].AccessKeyId' --output text); do
+  aws iam delete-access-key --user-name agentkeys-daemon --access-key-id "$KEY"
+done
+aws iam delete-user-policy --user-name agentkeys-daemon --policy-name agentkeys-daemon-assume-role
+aws iam delete-user --user-name agentkeys-daemon
+
+# Drop the bucket (contents first)
+aws s3 rm "s3://$BUCKET" --recursive
+aws s3api delete-bucket --bucket "$BUCKET"
+
+# Delete SES domain identity
+aws sesv2 delete-email-identity --region "$REGION" --email-identity "$DOMAIN"
+
+# Domain / hosted zone stays — you're using the existing litentry.org zone.
+# Only the Stage 6 records we UPSERTed need cleanup; leave DNS alone unless
+# you want to revert SPF/DMARC/MX/DKIM records on bots.litentry.org.
+```
diff --git a/docs/stage7-wip.md b/docs/stage7-wip.md
new file mode 100644
index 0000000..8e91c3f
--- /dev/null
+++ b/docs/stage7-wip.md
@@ -0,0 +1,123 @@
+# Stage 7 — WIP notes
+
+> **WIP / scratchpad.** Preserves the Stage 7 OIDC-federation test for future work. Revise as prereqs land. Not a finished guide.
+
+## What Stage 7 is
+
+Expose our TEE (or interim ES256 signer) as a conforming OIDC Identity Provider at a stable public URL. Any cloud that trusts the issuer can exchange our JWTs for scoped temp creds via standard federation. Per [`docs/spec/plans/development-stages.md`](./spec/plans/development-stages.md), this is the "Generalized OIDC Provider" stage after Stage 6 (Federated Own Email).
+
+## Why it's not running yet
+
+- Needs `oidc.agentkeys.dev` (or equivalent) hosted publicly with a public-CA TLS cert so AWS IAM accepts `create-open-id-connect-provider`.
+- The "right" signer is a TEE-derived ES256 key at path `oidc/issuer/v1`, blocked on [`heima-gaps §3`](./spec/heima-gaps-vs-desired-architecture.md).
+- [`services/oidc-stub/`](../services/oidc-stub/) ships an interim local-file ES256 signer; swap for TEE when §3 closes.
+
+## Test script — preserved for when both prereqs are in place
+
+### Prereqs
+
+- Stage 6 AWS setup complete per [`docs/stage6-aws-setup.md`](./stage6-aws-setup.md).
+- `services/oidc-stub/` hosted publicly. Options: CloudFront+S3 + Lambda for `/internal/sign`; ECS Fargate with ALB; or ngrok for dev (`ngrok http 34568`).
+- `export OIDC_ISSUER=https://<your-hosted-url>`; verify `curl -sf "$OIDC_ISSUER/.well-known/openid-configuration" | jq .issuer`.
+
+### 1. Register the OIDC provider in IAM
+
+```bash
+aws iam create-open-id-connect-provider \
+  --url "$OIDC_ISSUER" \
+  --client-id-list sts.amazonaws.com \
+  --thumbprint-list ''
+export OIDC_PROVIDER_ARN="arn:aws:iam::${ACCOUNT_ID}:oidc-provider/$(echo $OIDC_ISSUER | sed 's|https://||')"
+```
+
+### 2. Replace the role's trust policy with the federated variant
+
+Replaces [`stage6-aws-setup.md` §3b](./stage6-aws-setup.md) (static IAM user). Principal becomes the OIDC provider; the `sts:TagSession` + `aws:RequestTag/agentkeys_user_wallet` condition is what wires cloud-enforced per-user isolation in §3 below.
+
+```bash
+OIDC_ISSUER_HOST="$(echo "$OIDC_ISSUER" | sed 's|https://||')"
+
+aws iam update-assume-role-policy \
+  --role-name agentkeys-agent \
+  --policy-document "$(jq -n \
+    --arg provider "$OIDC_PROVIDER_ARN" \
+    --arg aud_key "${OIDC_ISSUER_HOST}:aud" \
+    '{
+      Version: "2012-10-17",
+      Statement: [{
+        Effect: "Allow",
+        Principal: {Federated: $provider},
+        Action: ["sts:AssumeRoleWithWebIdentity", "sts:TagSession"],
+        Condition: {
+          StringEquals: {($aud_key): "sts.amazonaws.com"},
+          StringNotEquals: {"aws:RequestTag/agentkeys_user_wallet": ""}
+        }
+      }]
+    }')"
+```
+
+### 3. Upgrade bucket policy to PrincipalTag-scoped
+
+Replaces the `AllowDaemonRead` statement in [`stage6-aws-setup.md` §4](./stage6-aws-setup.md). Cloud now enforces "the assumed session can only touch the prefix matching its PrincipalTag":
+
+```json
+{
+  "Sid": "AllowDaemonReadOwnPrefix",
+  "Effect": "Allow",
+  "Principal": {"AWS": "arn:aws:iam::${ACCOUNT_ID}:role/agentkeys-agent"},
+  "Action": ["s3:GetObject", "s3:ListBucket"],
+  "Resource": [
+    "arn:aws:s3:::$BUCKET",
+    "arn:aws:s3:::$BUCKET/${aws:PrincipalTag/agentkeys_user_wallet}/*"
+  ],
+  "Condition": {
+    "StringEquals": {"s3:prefix": "${aws:PrincipalTag/agentkeys_user_wallet}/"}
+  }
+}
+```
+
+### 4. End-to-end proof
+
+The one test that proves Stage 7 works: a JWT claiming wallet A can only touch wallet A's prefix — never B's.
+
+```bash
+# Mint a JWT via the stub
+WALLET=0x1111111111111111111111111111111111111111
+JWT=$(curl -sf -X POST http://localhost:34568/internal/sign \
+  -H 'content-type: application/json' \
+  -d "{
+    \"iss\": \"$OIDC_ISSUER\",
+    \"sub\": \"agentkeys:agent:$WALLET\",
+    \"aud\": \"sts.amazonaws.com\",
+    \"agentkeys_user_wallet\": \"$WALLET\",
+    \"exp\": $(($(date +%s) + 300)),
+    \"iat\": $(date +%s)
+  }" | jq -r .jwt)
+
+# Exchange for temp creds
+CREDS=$(aws sts assume-role-with-web-identity \
+  --role-arn "arn:aws:iam::${ACCOUNT_ID}:role/agentkeys-agent" \
+  --role-session-name "stage7-wip-$(date +%s)" \
+  --web-identity-token "$JWT")
+export AWS_ACCESS_KEY_ID=$(echo "$CREDS" | jq -r .Credentials.AccessKeyId)
+export AWS_SECRET_ACCESS_KEY=$(echo "$CREDS" | jq -r .Credentials.SecretAccessKey)
+export AWS_SESSION_TOKEN=$(echo "$CREDS" | jq -r .Credentials.SessionToken)
+
+# (a) own prefix — should succeed (empty is fine, no AccessDenied)
+aws s3api list-objects-v2 --bucket "$BUCKET" --prefix "$WALLET/"
+
+# (b) someone else's prefix — THIS IS THE KEY MOMENT — should AccessDenied
+aws s3api list-objects-v2 --bucket "$BUCKET" --prefix "0xdeadbeef/"
+```
+
+Test (b) is what Stage 6's static-IAM path can't prove. Cloud-enforced, zero app-side trust.
+
+### 5. Swap the stub for a TEE-derived signer
+
+When [`heima-gaps §3`](./spec/heima-gaps-vs-desired-architecture.md) closes, replace [`services/oidc-stub/src/keys.ts`](../services/oidc-stub/src/keys.ts)'s local-file key loader with a call to the TEE's `derive("oidc/issuer/v1")`. JWKS, JWT shape, STS exchange, and bucket-policy enforcement all stay identical. ~50 lines in `keys.ts`.
+
+## TODO pickups
+
+- Host `services/oidc-stub/` publicly (CloudFront+S3 for static discovery + Lambda for sign)
+- Promote to `docs/manual-test-stage7.md` once the test passes live
+- Add the equivalent GCP Workload Identity Federation + Ali Cloud RAM recipes (Stage 7 target is generalized, not AWS-only)
diff --git a/harness/stage-5a-live-demo-handoff.sh b/harness/stage-5a-live-demo-handoff.sh
new file mode 100755
index 0000000..d6d0325
--- /dev/null
+++ b/harness/stage-5a-live-demo-handoff.sh
@@ -0,0 +1,103 @@
+#!/usr/bin/env bash
+# Stage 5a live-demo one-shot handoff.
+# Preconditions checked up front; failures are loud; prints SUCCESS when
+# all four acceptance criteria pass.
+#
+# Usage (with AGENTKEYS_EMAIL_{BACKEND,USER,PASSWORD,HOST,PORT} exported;
+# AGENTKEYS_SIGNUP_EMAIL is auto-minted below if unset):
+#   cd ~/Projects/agentkeys
+#   bash harness/stage-5a-live-demo-handoff.sh
+set -uo pipefail
+
+REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$REPO_ROOT"
+BIN="$REPO_ROOT/target/release/agentkeys"
+BACKEND="${BACKEND:-http://127.0.0.1:8090}"
+
+say()  { printf '\n\033[1;34m==>\033[0m %s\n' "$*"; }
+fail() { printf '\033[1;31mFAIL:\033[0m %s\n' "$*" >&2; exit 1; }
+pass() { printf '\033[1;32mPASS:\033[0m %s\n' "$*"; }
+
+say "Preflight — required env"
+: "${AGENTKEYS_EMAIL_BACKEND:?AGENTKEYS_EMAIL_BACKEND must be set (e.g. gmail)}"
+: "${AGENTKEYS_EMAIL_USER:?AGENTKEYS_EMAIL_USER must be set to the CANONICAL Gmail address (NOT a plus-alias; IMAP login only accepts canonical)}"
+: "${AGENTKEYS_EMAIL_PASSWORD:?AGENTKEYS_EMAIL_PASSWORD must be set (Gmail app password; NOT your normal Google password)}"
+: "${AGENTKEYS_EMAIL_HOST:?AGENTKEYS_EMAIL_HOST must be set (imap.gmail.com)}"
+: "${AGENTKEYS_EMAIL_PORT:?AGENTKEYS_EMAIL_PORT must be set (993)}"
+
+# Auto-mint a fresh single-plus alias for THIS run so OpenRouter never sees
+# a repeat email. Strip any existing +suffix on AGENTKEYS_EMAIL_USER first:
+# some email validators (including OpenRouter's) reject double-plus addresses
+# like agent+2026042001+or-...@wildmeta.ai and silently drop the signup. The
+# inbox delivery path doesn't care, but the signup form does.
+if [ -z "${AGENTKEYS_SIGNUP_EMAIL:-}" ]; then
+  RAW_LOCAL="${AGENTKEYS_EMAIL_USER%@*}"
+  CANONICAL_LOCAL="${RAW_LOCAL%%+*}"   # strip first + and everything after
+  DOMAIN="${AGENTKEYS_EMAIL_USER#*@}"
+  export AGENTKEYS_SIGNUP_EMAIL="${CANONICAL_LOCAL}+or-$(date +%s)@${DOMAIN}"
+  say "Auto-minted AGENTKEYS_SIGNUP_EMAIL=$AGENTKEYS_SIGNUP_EMAIL (stripped existing plus-alias before appending)"
+fi
+
+say "Preflight — binary exists"
+[ -x "$BIN" ] || fail "$BIN not found. Run: cargo build --release -p agentkeys-cli"
+
+say "Preflight — mock-server at $BACKEND is up"
+curl -sf "$BACKEND/health" >/dev/null 2>&1 \
+  || curl -sf "$BACKEND" >/dev/null 2>&1 \
+  || fail "mock-server not reachable at $BACKEND. Run: cargo run --release -p agentkeys-mock-server -- --port 8090 &"
+
+say "Preflight — node + playwright deps + chromium browser"
+command -v node >/dev/null || fail "node not on PATH"
+command -v npx  >/dev/null || fail "npx not on PATH"
+[ -d provisioner-scripts/node_modules ] \
+  || fail "provisioner-scripts deps missing. Run: npm install --prefix provisioner-scripts"
+# Playwright caches browsers under \$HOME/Library/Caches/ms-playwright on macOS;
+# a run-in-unusual-HOME provision will hit "browserType.launch: Executable
+# doesn't exist" unless they are installed under THIS \$HOME.
+if ! ls "${HOME}/Library/Caches/ms-playwright/chromium_headless_shell-"* >/dev/null 2>&1 \
+  && ! ls "${HOME}/.cache/ms-playwright/chromium_headless_shell-"* >/dev/null 2>&1; then
+  fail "Playwright chromium not installed under \$HOME=$HOME. Run: npx playwright install chromium --with-deps"
+fi
+
+say "1. Initialize master session"
+$BIN --backend $BACKEND init --mock-token stage5-live-demo || fail "init"
+
+say "2. Env snapshot (masking secrets)"
+env | grep -E 'AGENTKEYS_(EMAIL|SIGNUP)_' | sed 's/\(PASSWORD=\).*/\1***REDACTED***/'
+
+say "3. agentkeys provision openrouter"
+if ! $BIN --backend $BACKEND provision openrouter; then
+  EC=$?
+  echo "---exit=$EC---"
+  LOG=$(ls -t $HOME/.agentkeys/logs/provision-openrouter-*.log 2>/dev/null | head -1)
+  if [ -n "$LOG" ]; then
+    echo "=== most recent provision log: $LOG ==="
+    cat "$LOG"
+  else
+    echo "(no provision log written — orchestrator path unreachable)"
+  fi
+  fail "provision failed; inspect log above"
+fi
+
+say "4. AC#1-#3 — read full key back (exit 0 + masked-key form already checked above)"
+KEY=$($BIN --backend $BACKEND read openrouter) || fail "read openrouter"
+case "$KEY" in
+  sk-or-v1-*) pass "read returned key of correct prefix" ;;
+  *) fail "read returned unexpected prefix: $(echo "$KEY" | head -c 12)..." ;;
+esac
+
+say "5. AC#4 — curl OpenRouter /api/v1/models"
+HTTP_CODE=$(curl -sS -o /tmp/or-models.json -w '%{http_code}' \
+  -H "Authorization: Bearer $KEY" \
+  https://openrouter.ai/api/v1/models)
+if [ "$HTTP_CODE" != "200" ]; then
+  echo "unexpected HTTP $HTTP_CODE"
+  head -c 500 /tmp/or-models.json
+  fail "OpenRouter /api/v1/models did not return 200"
+fi
+head -c 40 /tmp/or-models.json
+echo ''
+pass "OpenRouter /api/v1/models returned 200"
+
+say "ALL FOUR ACCEPTANCE CRITERIA PASS"
+echo "SUCCESS"
diff --git a/provisioner-scripts/archived-probes/diag-imap.mjs b/provisioner-scripts/archived-probes/diag-imap.mjs
new file mode 100644
index 0000000..ec0c89e
--- /dev/null
+++ b/provisioner-scripts/archived-probes/diag-imap.mjs
@@ -0,0 +1,76 @@
+// Diagnostic: IMAP auth + folder scan for OpenRouter verification emails.
+// Usage (from provisioner-scripts/): node diag-imap.mjs
+// Requires AGENTKEYS_EMAIL_{USER,PASSWORD,HOST,PORT} exported.
+import { ImapFlow } from "imapflow";
+
+const user = process.env.AGENTKEYS_EMAIL_USER;
+const pass = process.env.AGENTKEYS_EMAIL_PASSWORD;
+const host = process.env.AGENTKEYS_EMAIL_HOST ?? "imap.gmail.com";
+const port = parseInt(process.env.AGENTKEYS_EMAIL_PORT ?? "993", 10);
+
+if (!user || !pass) {
+  console.error("ERROR: AGENTKEYS_EMAIL_USER and AGENTKEYS_EMAIL_PASSWORD required");
+  process.exit(2);
+}
+
+const client = new ImapFlow({
+  host, port, secure: true,
+  auth: { user, pass },
+  logger: false,
+});
+
+try {
+  console.log(`1) connecting as ${user}...`);
+  await client.connect();
+  console.log("   OK");
+
+  console.log("2) listing mailboxes...");
+  const listResult = await client.list();
+  const mailboxes = listResult.map(b => b.path);
+  console.log(`   found ${mailboxes.length} mailboxes: ${mailboxes.join(", ")}`);
+
+  // Gmail key folders
+  const candidates = ["INBOX", "[Gmail]/Spam", "[Gmail]/All Mail", "[Gmail]/Trash"];
+  for (const box of candidates) {
+    if (!mailboxes.includes(box)) continue;
+    try {
+      await client.mailboxOpen(box);
+      const uids = await client.search({
+        from: "noreply@openrouter.ai",
+        since: new Date(Date.now() - 24 * 3600 * 1000), // last 24h
+      });
+      console.log(`3) [${box}] openrouter emails (last 24h): ${uids.length}`);
+      // Show the most recent one's envelope
+      if (uids.length > 0) {
+        const msg = await client.fetchOne(uids[uids.length - 1], { envelope: true, source: false });
+        if (msg) {
+          console.log(`     most recent: from=${msg.envelope.from?.[0]?.address} subject="${msg.envelope.subject}" date=${msg.envelope.date}`);
+          console.log(`     TO: ${JSON.stringify(msg.envelope.to?.map(t => t.address))}`);
+        }
+      }
+    } catch (err) {
+      console.log(`   [${box}] error: ${err.message}`);
+    }
+  }
+
+  // Broader search: anything mentioning openrouter in subject (catches forwards, digest emails)
+  console.log("4) broader search in INBOX for 'openrouter' subject (last 24h):");
+  try {
+    await client.mailboxOpen("INBOX");
+    const uids = await client.search({
+      subject: "openrouter",
+      since: new Date(Date.now() - 24 * 3600 * 1000),
+    });
+    console.log(`   found ${uids.length}`);
+  } catch (err) {
+    console.log(`   error: ${err.message}`);
+  }
+
+} catch (err) {
+  console.error(`FATAL: ${err.message}`);
+  console.error(err.stack);
+  process.exit(1);
+} finally {
+  await client.logout().catch(() => {});
+}
+console.log("DONE");
diff --git a/provisioner-scripts/archived-probes/diag-openrouter.mjs b/provisioner-scripts/archived-probes/diag-openrouter.mjs
new file mode 100644
index 0000000..1d6b8f7
--- /dev/null
+++ b/provisioner-scripts/archived-probes/diag-openrouter.mjs
@@ -0,0 +1,113 @@
+// Diagnostic: step through OpenRouter signup manually, saving a screenshot +
+// HTML snapshot at each checkpoint. Captures where the real DOM diverges from
+// the scraper's selectors.
+//
+// Usage (from repo root):
+//   cd provisioner-scripts
+//   node diag-openrouter.mjs
+// Writes artifacts to /tmp/or-diag/ so we can inspect after the run.
+import { chromium } from "playwright";
+import { mkdir, writeFile } from "fs/promises";
+
+const OUT = "/tmp/or-diag";
+const EMAIL = process.env.AGENTKEYS_SIGNUP_EMAIL ?? process.env.AGENTKEYS_EMAIL_USER;
+if (!EMAIL) {
+  console.error("ERROR: set AGENTKEYS_SIGNUP_EMAIL or AGENTKEYS_EMAIL_USER");
+  process.exit(2);
+}
+
+await mkdir(OUT, { recursive: true });
+
+async function snap(page, label) {
+  try {
+    const url = page.url();
+    const title = await page.title();
+    const html = await page.content();
+    await page.screenshot({ path: `${OUT}/${label}.png`, fullPage: true });
+    await writeFile(`${OUT}/${label}.html`, html);
+    await writeFile(`${OUT}/${label}.meta.txt`,
+      `url: ${url}\ntitle: ${title}\nhtml_len: ${html.length}\n`);
+    console.log(`  snapshot ${label}: url=${url} title="${title}"`);
+  } catch (err) {
+    console.log(`  snapshot ${label} FAILED: ${err.message}`);
+  }
+}
+
+const browser = await chromium.launch({ headless: true });
+const ctx = await browser.newContext({
+  userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
+});
+const page = await ctx.newPage();
+
+try {
+  console.log(`Using signup email: ${EMAIL}`);
+  console.log("1) goto https://openrouter.ai/auth");
+  await page.goto("https://openrouter.ai/auth", { waitUntil: "networkidle", timeout: 30_000 });
+  await snap(page, "01-landed");
+
+  console.log("2) looking for any email-like input");
+  // Broad probe — whatever the scraper's 'input[name="email"]' misses.
+  const candidates = await page.$$eval(
+    "input, button",
+    nodes => nodes.map(n => ({
+      tag: n.tagName.toLowerCase(),
+      type: n.getAttribute("type"),
+      name: n.getAttribute("name"),
+      id: n.id,
+      placeholder: n.getAttribute("placeholder"),
+      text: (n.innerText || n.value || "").slice(0, 80),
+      ariaLabel: n.getAttribute("aria-label"),
+    }))
+  );
+  await writeFile(`${OUT}/02-candidates.json`, JSON.stringify(candidates, null, 2));
+  console.log(`   wrote ${candidates.length} candidates to ${OUT}/02-candidates.json`);
+  const emailLikely = candidates.filter(c =>
+    c.tag === "input" && (
+      c.type === "email" ||
+      c.name?.includes("email") ||
+      c.id?.includes("email") ||
+      c.placeholder?.toLowerCase().includes("email") ||
+      c.ariaLabel?.toLowerCase().includes("email")
+    )
+  );
+  console.log(`   email-like inputs:`, emailLikely);
+
+  console.log("3) looking for sign-in / sign-up CTA buttons");
+  const buttons = candidates.filter(c =>
+    c.tag === "button" && /sign|continue|next|submit|start/i.test(c.text || "")
+  );
+  console.log(`   sign-up-likely buttons:`, buttons);
+
+  await snap(page, "02-inspected");
+
+  // If there's an obvious email input + sign-up button, try submitting
+  if (emailLikely.length > 0) {
+    const e0 = emailLikely[0];
+    const selector =
+      e0.id ? `#${e0.id}` :
+      e0.name ? `input[name="${e0.name}"]` :
+      `input[type="${e0.type}"]`;
+    console.log(`4) attempting fill on ${selector} with ${EMAIL}`);
+    await page.fill(selector, EMAIL);
+    await snap(page, "03-filled");
+
+    // `buttons` is already the sign/continue/next/submit/start-filtered set.
+    const submitBtn = buttons[0];
+    if (submitBtn) {
+      console.log(`5) clicking button: text="${submitBtn.text}"`);
+      await page.getByRole("button", { name: new RegExp(submitBtn.text?.split("\n")[0] ?? "", "i") }).first().click();
+      await page.waitForTimeout(3000);
+      await snap(page, "04-after-submit");
+    } else {
+      console.log("5) no obvious submit button — skipped click");
+    }
+  }
+
+  console.log("DONE — inspect artifacts under /tmp/or-diag/");
+} catch (err) {
+  console.error(`FATAL: ${err.message}`);
+  await snap(page, "99-error").catch(() => {});
+  process.exit(1);
+} finally {
+  await browser.close();
+}
diff --git a/provisioner-scripts/archived-probes/diag-or-flow.mjs b/provisioner-scripts/archived-probes/diag-or-flow.mjs
new file mode 100644
index 0000000..52f91ba
--- /dev/null
+++ b/provisioner-scripts/archived-probes/diag-or-flow.mjs
@@ -0,0 +1,111 @@
+// Full-flow Clerk signup probe for OpenRouter. Walks through every post-submit
+// DOM state, capturing screenshots + HTML + candidate inventory after each
+// user-initiated transition. Used to design the scraper's new selectors.
+//
+// Usage (from provisioner-scripts/):
+//   node diag-or-flow.mjs
+// Writes artifacts to /tmp/or-flow/.
+import { chromium } from "playwright";
+import { mkdir, writeFile } from "fs/promises";
+
+const OUT = "/tmp/or-flow";
+const EMAIL = process.env.AGENTKEYS_SIGNUP_EMAIL ?? process.env.AGENTKEYS_EMAIL_USER;
+if (!EMAIL) { console.error("ERROR: AGENTKEYS_SIGNUP_EMAIL or AGENTKEYS_EMAIL_USER required"); process.exit(2); }
+
+await mkdir(OUT, { recursive: true });
+
+async function snap(page, label) {
+  try {
+    const url = page.url();
+    const title = await page.title();
+    const html = await page.content();
+    await page.screenshot({ path: `${OUT}/${label}.png`, fullPage: true });
+    await writeFile(`${OUT}/${label}.html`, html);
+    const candidates = await page.$$eval(
+      "input, button, a[role='button']",
+      nodes => nodes.map(n => ({
+        tag: n.tagName.toLowerCase(),
+        type: n.getAttribute("type"),
+        name: n.getAttribute("name"),
+        id: n.id,
+        placeholder: n.getAttribute("placeholder"),
+        text: (n.innerText || n.value || "").slice(0, 80).replace(/\s+/g, " ").trim(),
+        ariaLabel: n.getAttribute("aria-label"),
+        dataLocalization: n.getAttribute("data-localization-key"),
+      })).filter(c => c.id || c.name || c.placeholder || c.text || c.ariaLabel)
+    );
+    await writeFile(`${OUT}/${label}.candidates.json`, JSON.stringify(candidates, null, 2));
+    console.log(`\n[${label}] url=${url} title="${title}"`);
+    console.log(`  inputs:`, candidates.filter(c => c.tag === "input").map(c => `${c.id || c.name} (type=${c.type}, placeholder="${c.placeholder}")`));
+    console.log(`  buttons:`, candidates.filter(c => c.tag === "button" || c.tag === "a").map(c => `"${c.text}" (id=${c.id}, data-loc=${c.dataLocalization})`));
+  } catch (err) {
+    console.log(`  snapshot ${label} FAILED: ${err.message}`);
+  }
+}
+
+const browser = await chromium.launch({ headless: true });
+const ctx = await browser.newContext({
+  userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
+});
+const page = await ctx.newPage();
+
+try {
+  console.log(`Probe email: ${EMAIL}`);
+
+  // STATE 1: landing
+  await page.goto("https://openrouter.ai/auth", { waitUntil: "networkidle", timeout: 30_000 });
+  await snap(page, "01-landing");
+
+  // STATE 2: fill all three fields (email + password + legal checkbox)
+  await page.waitForSelector('#emailAddress-field', { timeout: 10_000 });
+  await page.fill('#emailAddress-field', EMAIL);
+  await page.fill('#password-field', `AgKe-${Date.now()}-Pw!9xZ`);
+  // legal checkbox: click the label or the input. Checkbox inputs are often
+  // display:none in Radix UI — clicking the label is the reliable path.
+  try {
+    await page.locator('label[for="legalAccepted-field"]').click();
+  } catch {
+    await page.check('#legalAccepted-field').catch(() => {});
+  }
+  await snap(page, "02-all-filled");
+
+  // Click the form's primary button.
+  await page.locator('button[data-localization-key="formButtonPrimary"]').first().click({ timeout: 5_000 });
+  console.log("\nclicked formButtonPrimary");
+  // Give Clerk time to transition. Use waitForLoadState + small fixed delay for the DOM to settle.
+  await page.waitForLoadState("networkidle", { timeout: 15_000 }).catch(() => {});
+  await page.waitForTimeout(2000);
+  await snap(page, "03-after-submit");
+
+  // STATE 3: enumerate inputs — should now be the OTP-entry step
+  const step3Candidates = await page.$$eval("input", inputs =>
+    inputs.map(i => ({
+      id: i.id, name: i.getAttribute("name"), type: i.getAttribute("type"),
+      placeholder: i.getAttribute("placeholder"), ariaLabel: i.getAttribute("aria-label"),
+      inputMode: i.getAttribute("inputmode"),
+      autocomplete: i.getAttribute("autocomplete"),
+      maxlength: i.getAttribute("maxlength"),
+    }))
+  );
+  console.log(`\nstep 3 all inputs:`, JSON.stringify(step3Candidates, null, 2));
+
+  // Save localization keys + any text blocks that identify this step
+  const headings = await page.$$eval("h1, h2, h3, p", els =>
+    els.map(e => (e.innerText || "").trim()).filter(t => t && t.length < 200)
+  );
+  console.log(`\nstep 3 headings/paras:`, headings.slice(0, 10));
+
+  // Error messages?
+  const errors = await page.$$eval('[role="alert"], .cl-formFieldError, .cl-alertText, [data-localization-key*="error"]', els =>
+    els.map(e => (e.innerText || "").trim()).filter(Boolean)
+  );
+  if (errors.length) console.log(`\nerrors visible:`, errors);
+
+  console.log("\nDONE — inspect /tmp/or-flow/");
+} catch (err) {
+  console.error(`FATAL: ${err.message}`);
+  await snap(page, "99-error").catch(() => {});
+  process.exit(1);
+} finally {
+  await browser.close();
+}
diff --git a/provisioner-scripts/archived-probes/diag-or-signin.mjs b/provisioner-scripts/archived-probes/diag-or-signin.mjs
new file mode 100644
index 0000000..eb63c82
--- /dev/null
+++ b/provisioner-scripts/archived-probes/diag-or-signin.mjs
@@ -0,0 +1,53 @@
+// Probe: does OpenRouter's SIGN-IN (not sign-up) page have Turnstile?
+// If sign-in is clean, we can pivot Stage 5a's strategy from "create new account"
+// to "sign in to existing account and mint a new API key" — which is what the
+// user actually wants anyway.
+import { chromium } from "playwright";
+import { mkdir, writeFile } from "fs/promises";
+
+const OUT = "/tmp/or-signin";
+await mkdir(OUT, { recursive: true });
+
+const browser = await chromium.launch({ headless: true });
+const ctx = await browser.newContext({
+  userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
+  viewport: { width: 1280, height: 900 },
+});
+const page = await ctx.newPage();
+
+try {
+  // Try /sign-in directly
+  await page.goto("https://openrouter.ai/sign-in", { waitUntil: "networkidle", timeout: 30_000 });
+  await page.screenshot({ path: `${OUT}/signin.png`, fullPage: true });
+  await writeFile(`${OUT}/signin.html`, await page.content());
+
+  const inputs = await page.$$eval("input", ins => ins.map(i => ({
+    id: i.id, name: i.getAttribute("name"), type: i.getAttribute("type"),
+    placeholder: i.getAttribute("placeholder"),
+  })));
+  const buttons = await page.$$eval("button", bs => bs.map(b => ({
+    text: (b.innerText || "").trim().slice(0, 40),
+    disabled: b.disabled,
+    dataLoc: b.getAttribute("data-localization-key"),
+  })).filter(b => b.text || b.dataLoc));
+  const headings = await page.$$eval("h1, h2, h3, p", els =>
+    els.map(e => (e.innerText || "").trim()).filter(t => t && t.length < 150).slice(0, 15));
+
+  const hasTurnstile = inputs.some(i => i.name === "cf-turnstile-response");
+
+  console.log(`url: ${page.url()}`);
+  console.log(`turnstile present on sign-in: ${hasTurnstile}`);
+  console.log(`\nheadings:`);
+  headings.forEach(h => console.log(`  ${h}`));
+  console.log(`\ninputs:`);
+  inputs.forEach(i => console.log(`  id=${i.id} name=${i.name} type=${i.type} placeholder="${i.placeholder}"`));
+  console.log(`\nbuttons:`);
+  buttons.forEach(b => console.log(`  text="${b.text}" disabled=${b.disabled} data-loc=${b.dataLoc}`));
+
+  console.log("DONE");
+} catch (err) {
+  console.error(`FATAL: ${err.message}`);
+  process.exit(1);
+} finally {
+  await browser.close();
+}
diff --git a/provisioner-scripts/archived-probes/diag-or-turnstile.mjs b/provisioner-scripts/archived-probes/diag-or-turnstile.mjs
new file mode 100644
index 0000000..0aede00
--- /dev/null
+++ b/provisioner-scripts/archived-probes/diag-or-turnstile.mjs
@@ -0,0 +1,92 @@
+// Probe: after clicking Continue, poll for Turnstile to resolve and check if
+// Clerk advances to the email-verification step. If Turnstile never resolves
+// in headless, the scraper cannot proceed past signup without Stage 5b.
+import { chromium } from "playwright";
+import { mkdir, writeFile } from "fs/promises";
+
+const OUT = "/tmp/or-turnstile";
+const EMAIL = process.env.AGENTKEYS_SIGNUP_EMAIL ?? process.env.AGENTKEYS_EMAIL_USER;
+if (!EMAIL) { console.error("ERROR: email env required"); process.exit(2); }
+await mkdir(OUT, { recursive: true });
+
+const browser = await chromium.launch({ headless: true });
+const ctx = await browser.newContext({
+  userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
+  viewport: { width: 1280, height: 900 },
+  locale: "en-US",
+  timezoneId: "America/Los_Angeles",
+});
+const page = await ctx.newPage();
+
+async function snap(label) {
+  await page.screenshot({ path: `${OUT}/${label}.png`, fullPage: true });
+  await writeFile(`${OUT}/${label}.html`, await page.content());
+}
+
+async function turnstileState() {
+  return page.$$eval(
+    'input[name="cf-turnstile-response"]',
+    inputs => inputs.map(i => ({ id: i.id, value: i.value, hasValue: i.value && i.value.length > 0 }))
+  );
+}
+
+async function formState() {
+  const headings = await page.$$eval("h1, h2, h3, p", els =>
+    els.map(e => (e.innerText || "").trim()).filter(t => t && t.length < 150).slice(0, 10));
+  const buttons = await page.$$eval("button", btns =>
+    btns.map(b => ({ text: (b.innerText || "").trim().slice(0, 40), disabled: b.disabled, dataLoc: b.getAttribute("data-localization-key") })).filter(b => b.text || b.dataLoc));
+  const inputs = await page.$$eval("input", ins =>
+    ins.map(i => ({ id: i.id, type: i.getAttribute("type"), name: i.getAttribute("name") })));
+  const errors = await page.$$eval('[role="alert"], .cl-formFieldError, .cl-alertText', els =>
+    els.map(e => (e.innerText || "").trim()).filter(Boolean));
+  return { url: page.url(), headings, buttons, inputs, errors };
+}
+
+try {
+  console.log(`email: ${EMAIL}`);
+  await page.goto("https://openrouter.ai/auth", { waitUntil: "networkidle", timeout: 30_000 });
+
+  await page.fill('#emailAddress-field', EMAIL);
+  // Use realistic password (strong, varied)
+  await page.fill('#password-field', `Stg5-${Date.now()}-xZq9!ok`);
+  await page.locator('label[for="legalAccepted-field"]').click().catch(() => page.check('#legalAccepted-field'));
+
+  await snap("01-filled");
+  console.log("state before submit:");
+  console.log(JSON.stringify(await turnstileState(), null, 2));
+
+  await page.locator('button[data-localization-key="formButtonPrimary"]').first().click({ timeout: 5_000 });
+  console.log("\nclicked Continue — polling Turnstile for 60s...");
+
+  // Poll for up to 60s: watch Turnstile response value + form advance
+  for (let s = 0; s < 60; s += 3) {
+    await page.waitForTimeout(3000);
+    const ts = await turnstileState();
+    const fs = await formState();
+    const hasTs = ts.some(t => t.hasValue);
+    const submitted = !fs.url.includes("sign-up") || fs.headings.some(h => /verify|verification|code/i.test(h));
+    console.log(`  t=${s+3}s: ts_solved=${hasTs} url=${fs.url.slice(0, 60)} headings=[${fs.headings.slice(0, 3).join(" | ")}] errors=[${fs.errors.slice(0, 2).join(" | ")}]`);
+    if (submitted) {
+      console.log("  → FORM ADVANCED");
+      await snap(`advanced-at-${s+3}s`);
+      console.log(JSON.stringify(fs, null, 2));
+      break;
+    }
+    if (fs.errors.length && fs.errors.some(e => e && !/password meets/i.test(e))) {
+      console.log("  → ERROR BRANCH");
+      await snap(`error-at-${s+3}s`);
+      console.log("errors:", fs.errors);
+      break;
+    }
+  }
+  await snap("99-final");
+  console.log("\nfinal state:", JSON.stringify(await formState(), null, 2));
+  console.log("final turnstile:", JSON.stringify(await turnstileState(), null, 2));
+  console.log("DONE");
+} catch (err) {
+  console.error(`FATAL: ${err.message}`);
+  await snap("99-error").catch(() => {});
+  process.exit(1);
+} finally {
+  await browser.close();
+}
diff --git a/provisioner-scripts/archived-probes/probe-brave-captcha.mjs b/provisioner-scripts/archived-probes/probe-brave-captcha.mjs
new file mode 100644
index 0000000..1d69bff
--- /dev/null
+++ b/provisioner-scripts/archived-probes/probe-brave-captcha.mjs
@@ -0,0 +1,22 @@
+import { chromium } from 'playwright';
+const browser = await chromium.connectOverCDP('http://localhost:9222');
+const ctx = browser.contexts()[0];
+const page = ctx.pages().find(p => p.url().includes('brave.com')) ?? ctx.pages()[0];
+console.log('URL:', page.url());
+const state = await page.evaluate(() => {
+  const btn = document.getElementById('captcha-button');
+  const sol = document.querySelector('input[name="captchaSolution"]');
+  return {
+    buttonText: btn ? (btn.textContent||'').trim().slice(0,50) : 'no captcha-button',
+    buttonDisabled: btn ? btn.disabled : null,
+    captchaSolutionValue: sol ? (sol.value ? `SET (len=${sol.value.length})` : 'EMPTY') : 'no captchaSolution input',
+    // What captcha libs is the page loading?
+    scriptSrcs: Array.from(document.scripts).map(s => s.src).filter(s => /captcha|challenge|verify|pow|turnstile|hcaptcha|friendly/i.test(s)).slice(0,10),
+    // Any iframes?
+    iframeSrcs: Array.from(document.querySelectorAll('iframe')).map(f => f.src).filter(Boolean).slice(0,10),
+    // Network: captcha-related fetch endpoints if we inspect performance timing
+    captchaPerf: performance.getEntriesByType('resource').filter(r => /captcha|challenge|verify|pow|friendly|mcaptcha|hcaptcha/i.test(r.name)).map(r => ({ name: r.name, duration: Math.round(r.duration) })).slice(0,10),
+  };
+});
+console.log(JSON.stringify(state, null, 2));
+process.exit(0);
diff --git a/provisioner-scripts/archived-probes/probe-brave-otp.mjs b/provisioner-scripts/archived-probes/probe-brave-otp.mjs
new file mode 100644
index 0000000..01d2b35
--- /dev/null
+++ b/provisioner-scripts/archived-probes/probe-brave-otp.mjs
@@ -0,0 +1,47 @@
+import { chromium } from 'playwright';
+const browser = await chromium.connectOverCDP('http://localhost:9222');
+const ctx = browser.contexts()[0];
+const page = ctx.pages()[0];
+
+// Assume already on /verify-otp from a prior run
+console.log('URL:', page.url());
+if (!page.url().includes('/verify-otp')) {
+  console.log('not on verify-otp, exiting');
+  process.exit(0);
+}
+
+const inspect = async (label) => {
+  const out = await page.evaluate(() => {
+    const inp = document.getElementById('otp');
+    const btn = document.querySelector('button.btn.btn--filled.btn--large');
+    return { value: inp?.value, disabled: btn?.disabled, btnText: (btn?.textContent||'').trim() };
+  });
+  console.log(label, JSON.stringify(out));
+};
+
+await inspect('initial');
+
+console.log('=== attempt 1: pressSequentially ===');
+await page.click('#otp');
+await page.locator('#otp').pressSequentially('111111', { delay: 80 });
+await inspect('after pressSequentially');
+
+await page.waitForTimeout(500);
+await inspect('after 500ms');
+
+console.log('=== attempt 2: clear, use humanType-style ===');
+await page.fill('#otp', '');
+await page.locator('#otp').focus();
+await page.keyboard.type('222222', { delay: 80 });
+await inspect('after keyboard.type');
+
+await page.waitForTimeout(500);
+await inspect('after 500ms');
+
+console.log('=== attempt 3: clear, use fill + dispatch input ===');
+await page.fill('#otp', '');
+await page.fill('#otp', '333333');
+await page.locator('#otp').dispatchEvent('input');
+await inspect('after fill+dispatch');
+
+process.exit(0);
diff --git a/provisioner-scripts/archived-probes/probe-brave-pow-wait.mjs b/provisioner-scripts/archived-probes/probe-brave-pow-wait.mjs
new file mode 100644
index 0000000..321241b
--- /dev/null
+++ b/provisioner-scripts/archived-probes/probe-brave-pow-wait.mjs
@@ -0,0 +1,48 @@
+import { chromium } from 'playwright';
+const browser = await chromium.connectOverCDP('http://localhost:9222');
+const ctx = browser.contexts()[0];
+await ctx.clearCookies();
+const page = ctx.pages()[0];
+await page.goto('https://api-dashboard.search.brave.com/register', { waitUntil: 'networkidle', timeout: 20000 });
+await page.waitForTimeout(1500);
+
+// Fill form minimally
+const email = `bot-pow-${Date.now()}@bots.litentry.org`;
+const pw = 'PowTest-' + Date.now();
+await page.fill('#email', email);
+await page.fill('#password', pw);
+await page.fill('#passwordVerification', pw);
+await page.fill('#name', 'AgentKeys PoW Test');
+await page.fill('#company', 'Testing');
+console.log('form filled, clicking Register...');
+
+await page.click('#captcha-button');
+const clickAt = Date.now();
+console.log('clicked at', new Date(clickAt).toISOString());
+
+// Poll every 2s for up to 3 minutes to see how the state evolves
+for (let i = 0; i < 90; i++) {
+  await page.waitForTimeout(2000);
+  const elapsedS = Math.round((Date.now() - clickAt) / 1000);
+  const state = await page.evaluate(() => {
+    const btn = document.getElementById('captcha-button');
+    const sol = document.querySelector('input[name="captchaSolution"]');
+    return {
+      url: location.href,
+      btnText: btn ? (btn.textContent||'').trim() : 'gone',
+      btnDisabled: btn ? btn.disabled : null,
+      captchaSolution: sol ? (sol.value ? `SET(${sol.value.length})` : 'EMPTY') : 'gone',
+      errors: Array.from(document.querySelectorAll('[role="alert"], [class*="error" i]')).filter(e => !!(e.offsetWidth||e.offsetHeight)).map(e => (e.textContent||'').trim().slice(0,150)).slice(0,3),
+    };
+  }).catch(() => ({error: 'page closed'}));
+  console.log(`t=${elapsedS}s url=${state.url?.replace('https://api-dashboard.search.brave.com','')} btn=${JSON.stringify(state.btnText)} dis=${state.btnDisabled} sol=${state.captchaSolution} err=${JSON.stringify(state.errors||[])}`);
+  if (state.url && !state.url.includes('/register')) {
+    console.log('URL advanced!', state.url);
+    break;
+  }
+  if (state.btnText && state.btnText !== 'Verifying' && state.btnText !== 'Register') {
+    console.log('button text changed:', state.btnText);
+    break;
+  }
+}
+process.exit(0);
diff --git a/provisioner-scripts/archived-probes/probe-brave-register.mjs b/provisioner-scripts/archived-probes/probe-brave-register.mjs
new file mode 100644
index 0000000..be4ff14
--- /dev/null
+++ b/provisioner-scripts/archived-probes/probe-brave-register.mjs
@@ -0,0 +1,28 @@
+import { chromium } from 'playwright';
+const browser = await chromium.connectOverCDP('http://localhost:9222');
+const ctx = browser.contexts()[0];
+const page = ctx.pages()[0];
+// Navigate to register page fresh
+await page.goto('https://api-dashboard.search.brave.com/register', { waitUntil: 'networkidle', timeout: 15000 });
+await page.waitForTimeout(1500);
+const state = await page.evaluate(() => {
+  const btn = document.getElementById('captcha-button');
+  const sol = document.querySelector('input[name="captchaSolution"]');
+  // Look at ALL scripts, not just with captcha in name
+  const allScripts = Array.from(document.scripts).map(s => s.src).filter(Boolean);
+  // Inspect the button's event handlers via getAttribute
+  return {
+    buttonText: btn ? (btn.textContent||'').trim() : null,
+    buttonDisabled: btn ? btn.disabled : null,
+    buttonClasses: btn ? btn.className.slice(0,100) : null,
+    captchaSolutionValue: sol ? (sol.value ? `SET (len=${sol.value.length})` : 'EMPTY') : 'no input',
+    // Check if there's a Web Worker reference
+    hasWorker: typeof Worker !== 'undefined',
+    // Scripts on the page
+    scriptCount: allScripts.length,
+    // Brave-specific script names (they probably include the PoW lib)
+    braveScripts: allScripts.filter(s => /brave\.com|search-api|captcha/i.test(s)).slice(0, 10),
+  };
+});
+console.log(JSON.stringify(state, null, 2));
+process.exit(0);
diff --git a/provisioner-scripts/archived-probes/probe-btn.mjs b/provisioner-scripts/archived-probes/probe-btn.mjs
new file mode 100644
index 0000000..7c77811
--- /dev/null
+++ b/provisioner-scripts/archived-probes/probe-btn.mjs
@@ -0,0 +1,26 @@
+import { chromium } from 'playwright';
+const browser = await chromium.connectOverCDP('http://localhost:9222');
+const page = browser.contexts()[0].pages()[0];
+console.log('url:', page.url());
+
+// Try the same filter approach the recorder uses
+for (const [label, rx] of [
+  ['exact', /^Create new secret key$/i],
+  ['substring', /Create new secret key/i],
+]) {
+  const count = await page.locator('button').filter({ hasText: rx }).count();
+  console.log(`${label} (hasText regex): ${count} matches`);
+}
+
+// Direct query
+const raw = await page.evaluate(() => {
+  const btns = Array.from(document.querySelectorAll('button'));
+  return btns.map(b => ({
+    text: b.textContent,
+    innerHTML: b.innerHTML.slice(0, 200),
+    visible: !!(b.offsetWidth || b.offsetHeight),
+    disabled: b.disabled,
+  })).filter(b => b.text && b.text.toLowerCase().includes('create'));
+});
+console.log('buttons with Create in innerText:', JSON.stringify(raw, null, 2));
+process.exit(0);
diff --git a/provisioner-scripts/archived-probes/probe-elevenlabs-disabled.mjs b/provisioner-scripts/archived-probes/probe-elevenlabs-disabled.mjs
new file mode 100644
index 0000000..f0d8f38
--- /dev/null
+++ b/provisioner-scripts/archived-probes/probe-elevenlabs-disabled.mjs
@@ -0,0 +1,72 @@
+import { chromium } from 'playwright';
+const browser = await chromium.connectOverCDP('http://localhost:9222');
+const ctx = browser.contexts()[0];
+await ctx.clearCookies();
+const page = ctx.pages()[0];
+await page.goto('https://elevenlabs.io/app/sign-up', { waitUntil: 'networkidle', timeout: 30000 });
+await page.waitForTimeout(2000);
+
+// Dismiss cookie banner if present
+const acceptBtn = page.locator('button#CybotCookiebotDialogBodyButtonAccept').first();
+if (await acceptBtn.isVisible().catch(() => false)) {
+  await acceptBtn.click({ force: true });
+  console.log('cookie banner dismissed');
+  await page.waitForTimeout(500);
+}
+
+const inspect = async (label) => {
+  const data = await page.evaluate(() => {
+    const inputs = Array.from(document.querySelectorAll('input[type="email"], input[type="password"], input[type="text"]:not([name="h-captcha-response"])'));
+    const submit = document.querySelector('form button[type="submit"]');
+    const taList = Array.from(document.querySelectorAll('textarea[name="h-captcha-response"]'));
+    return {
+      inputs: inputs.map(i => ({ name: i.name, type: i.type, value_len: i.value?.length ?? 0, placeholder: i.placeholder })),
+      submit: submit ? { disabled: submit.disabled, text: (submit.textContent||'').trim().slice(0,40) } : null,
+      captcha_textareas: taList.map(t => ({ id: t.id, value_len: t.value?.length ?? 0 })),
+    };
+  });
+  console.log(label, JSON.stringify(data, null, 2));
+};
+
+console.log('=== initial state ===');
+await inspect('0 - on page load');
+
+// Fill email
+const emails = await page.locator('input[type="email"]').all();
+console.log('email inputs:', emails.length);
+if (emails.length) {
+  await emails[0].click();
+  await emails[0].pressSequentially('bot-probe-test@bots.litentry.org', { delay: 60 });
+}
+await page.waitForTimeout(500);
+await inspect('1 - after email');
+
+// Fill password
+const passwords = await page.locator('input[type="password"]').all();
+console.log('password inputs:', passwords.length);
+for (let i = 0; i < passwords.length; i++) {
+  await passwords[i].click();
+  await passwords[i].pressSequentially('Stg6-test-xYzQ9okFg', { delay: 50 });
+}
+await page.waitForTimeout(800);
+await inspect('2 - after password(s)');
+
+// wait 10s more to see if invisible captcha auto-executes
+for (let i = 0; i < 5; i++) {
+  await page.waitForTimeout(2000);
+  await inspect(`3 - +${(i+1)*2}s`);
+}
+
+// Try clicking Sign up (even if disabled, playwright force:true will try)
+console.log('=== attempting submit click (force) ===');
+const submit = page.locator('form button[type="submit"]').first();
+await submit.click({ force: true }).catch(e => console.log('click err:', e.message.split('\n')[0]));
+await page.waitForTimeout(3000);
+await inspect('4 - after force click');
+
+// See if challenge appeared
+const challengeVisible = await page.locator('iframe[src*="hcaptcha.com"][src*="frame=challenge"]').first().isVisible({timeout: 3000}).catch(() => false);
+console.log('challenge iframe visible:', challengeVisible);
+
+console.log('URL after all attempts:', page.url());
+process.exit(0);
diff --git a/provisioner-scripts/archived-probes/probe-elevenlabs-submit.mjs b/provisioner-scripts/archived-probes/probe-elevenlabs-submit.mjs
new file mode 100644
index 0000000..096145b
--- /dev/null
+++ b/provisioner-scripts/archived-probes/probe-elevenlabs-submit.mjs
@@ -0,0 +1,36 @@
+import { chromium } from 'playwright';
+const browser = await chromium.connectOverCDP('http://localhost:9222');
+const ctx = browser.contexts()[0];
+const page = ctx.pages()[0];
+
+const inspect = async (label) => {
+  const data = await page.evaluate(() => {
+    const btns = Array.from(document.querySelectorAll('button'));
+    return {
+      submitCandidates: btns
+        .map(b => ({
+          text: (b.textContent||'').trim().slice(0, 60),
+          disabled: b.disabled,
+          type: b.type,
+          agent: b.getAttribute('data-agent-id'),
+          hasSignup: /sign.?up|register|continue|create/i.test(b.textContent||''),
+        }))
+        .filter(b => b.hasSignup || b.text.length > 0 && b.text.length < 50),
+      googleBtns: btns.filter(b => /google/i.test(b.textContent||'')).map(b=>({text:(b.textContent||'').trim().slice(0,40),disabled:b.disabled})),
+    };
+  });
+  console.log(label, JSON.stringify(data, null, 2));
+};
+
+await inspect('initial');
+
+// See if there's a Google sign-up button (not Sign up) or maybe the flow is different
+// Check page title and main heading
+const title = await page.evaluate(() => ({
+  title: document.title,
+  h1: Array.from(document.querySelectorAll('h1,h2')).map(h => h.textContent).slice(0,3),
+  url: location.href,
+}));
+console.log('page:', JSON.stringify(title));
+
+process.exit(0);
diff --git a/provisioner-scripts/archived-probes/probe-openai-key.mjs b/provisioner-scripts/archived-probes/probe-openai-key.mjs
new file mode 100644
index 0000000..87a1d1b
--- /dev/null
+++ b/provisioner-scripts/archived-probes/probe-openai-key.mjs
@@ -0,0 +1,26 @@
+import { chromium } from 'playwright';
+const browser = await chromium.connectOverCDP('http://localhost:9222');
+const page = browser.contexts()[0].pages()[0];
+console.log('url:', page.url());
+
+const keys = await page.evaluate(() => {
+  const out = [];
+  // Codes
+  document.querySelectorAll('code, pre').forEach(el => {
+    const txt = (el.textContent || '').trim();
+    if (txt.startsWith('sk-')) out.push({tag: el.tagName, text: txt.slice(0, 60)});
+  });
+  // Inputs
+  document.querySelectorAll('input, textarea').forEach(el => {
+    const v = el.value || '';
+    if (v.startsWith('sk-')) out.push({tag: el.tagName, type: el.type, value: v.slice(0, 60)});
+  });
+  // Any span/div with sk-
+  document.querySelectorAll('span,div,p,output').forEach(el => {
+    const txt = (el.textContent || '').trim();
+    if (/^sk-[A-Za-z0-9_-]{40,}$/.test(txt)) out.push({tag: el.tagName, text: txt.slice(0, 60)});
+  });
+  return out;
+});
+console.log('key elements:', JSON.stringify(keys, null, 2));
+process.exit(0);
diff --git a/provisioner-scripts/archived-probes/probe-openai-login.mjs b/provisioner-scripts/archived-probes/probe-openai-login.mjs
new file mode 100644
index 0000000..5952ac4
--- /dev/null
+++ b/provisioner-scripts/archived-probes/probe-openai-login.mjs
@@ -0,0 +1,25 @@
+import { chromium } from 'playwright';
+const browser = await chromium.connectOverCDP('http://localhost:9222');
+const page = browser.contexts()[0].pages()[0];
+console.log('url:', page.url());
+console.log('title:', await page.title());
+await page.waitForTimeout(2000);
+
+const state = await page.evaluate(() => {
+  const bodyText = (document.body.textContent || '').replace(/\s+/g, ' ').trim().slice(0, 2000);
+  const headings = Array.from(document.querySelectorAll('h1,h2,h3')).map(h => (h.textContent||'').trim());
+  const buttons = Array.from(document.querySelectorAll('button')).map(b => ({
+    text: (b.textContent || '').trim().slice(0, 80),
+    disabled: b.disabled,
+    type: b.type,
+  })).filter(b => b.text);
+  const inputs = Array.from(document.querySelectorAll('input')).map(i => ({
+    type: i.type, name: i.name, id: i.id, placeholder: i.placeholder, autocomplete: i.autocomplete,
+  }));
+  const links = Array.from(document.querySelectorAll('a')).slice(0, 10).map(a => ({
+    text: (a.textContent||'').trim().slice(0, 60), href: (a.href||'').slice(0, 80),
+  }));
+  return { bodyText, headings, buttons, inputs, links };
+});
+console.log(JSON.stringify(state, null, 2));
+process.exit(0);
diff --git a/provisioner-scripts/archived-probes/probe-openai-signup.mjs b/provisioner-scripts/archived-probes/probe-openai-signup.mjs
new file mode 100644
index 0000000..3e5dc89
--- /dev/null
+++ b/provisioner-scripts/archived-probes/probe-openai-signup.mjs
@@ -0,0 +1,25 @@
+import { chromium } from 'playwright';
+const browser = await chromium.connectOverCDP('http://localhost:9222');
+const page = browser.contexts()[0].pages().find(p => p.url().includes('openai.com')) ?? browser.contexts()[0].pages()[0];
+console.log('url:', page.url());
+console.log('title:', await page.title());
+
+const state = await page.evaluate(() => {
+  const inputs = Array.from(document.querySelectorAll('input')).map(i => ({
+    type: i.type, name: i.name, id: i.id, placeholder: i.placeholder, autocomplete: i.autocomplete, required: i.required, disabled: i.disabled,
+  }));
+  const buttons = Array.from(document.querySelectorAll('button')).map(b => ({
+    text: (b.textContent || '').trim().slice(0, 80),
+    type: b.type, disabled: b.disabled, class: b.className.slice(0, 60), ariaLabel: b.getAttribute('aria-label'),
+  })).filter(b => b.text);
+  const iframes = Array.from(document.querySelectorAll('iframe')).map(i => i.src.slice(0, 200));
+  const captchaIndicators = {
+    hcaptcha: !!document.querySelector('[class*="hcaptcha" i], iframe[src*="hcaptcha.com"]'),
+    recaptcha: !!document.querySelector('[class*="recaptcha" i], iframe[src*="recaptcha"]'),
+    turnstile: !!document.querySelector('iframe[src*="challenges.cloudflare.com"], input[name="cf-turnstile-response"]'),
+  };
+  const bodyText = document.body.textContent?.slice(0, 1500).replace(/\s+/g, ' ') ?? '';
+  return { inputs, buttons, iframes, captchaIndicators, bodyText };
+});
+console.log(JSON.stringify(state, null, 2));
+process.exit(0);
diff --git a/provisioner-scripts/package-lock.json b/provisioner-scripts/package-lock.json
index 688847e..4e0c33d 100644
--- a/provisioner-scripts/package-lock.json
+++ b/provisioner-scripts/package-lock.json
@@ -8,6 +8,7 @@
       "name": "agentkeys-provisioner-scripts",
       "version": "0.1.0",
       "dependencies": {
+        "@aws-sdk/client-s3": "^3.0.0",
         "imapflow": "^1.0.190",
         "node-html-parser": "^7.0.1",
         "playwright": "^1.49.0"
@@ -19,231 +20,861 @@
         "vitest": "^2.1.0"
       }
     },
-    "node_modules/@esbuild/aix-ppc64": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.7.tgz",
-      "integrity": "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "aix"
-      ],
+    "node_modules/@aws-crypto/crc32": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-5.2.0.tgz",
+      "integrity": "sha512-nLbCWqQNgUiwwtFsen1AdzAtvuLRsQS8rYgMuxCrdKf9kOssamGLuPwyTY9wyYblNr9+1XM8v6zoDTPPSIeANg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/util": "^5.2.0",
+        "@aws-sdk/types": "^3.222.0",
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=16.0.0"
       }
     },
-    "node_modules/@esbuild/android-arm": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.7.tgz",
-      "integrity": "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
-      "engines": {
-        "node": ">=18"
+    "node_modules/@aws-crypto/crc32c": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-5.2.0.tgz",
+      "integrity": "sha512-+iWb8qaHLYKrNvGRbiYRHSdKRWhto5XlZUEBwDjYNf+ly5SVYG6zEoYIdxvf5R3zyeP16w4PLBn3rH1xc74Rag==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/util": "^5.2.0",
+        "@aws-sdk/types": "^3.222.0",
+        "tslib": "^2.6.2"
       }
     },
-    "node_modules/@esbuild/android-arm64": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.7.tgz",
-      "integrity": "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
+    "node_modules/@aws-crypto/sha1-browser": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-5.2.0.tgz",
+      "integrity": "sha512-OH6lveCFfcDjX4dbAvCFSYUjJZjDr/3XJ3xHtjn3Oj5b9RjojQo8npoLeA/bNwkOkrSQ0wgrHzXk4tDRxGKJeg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/supports-web-crypto": "^5.2.0",
+        "@aws-crypto/util": "^5.2.0",
+        "@aws-sdk/types": "^3.222.0",
+        "@aws-sdk/util-locate-window": "^3.0.0",
+        "@smithy/util-utf8": "^2.0.0",
+        "tslib": "^2.6.2"
+      }
+    },
+    "node_modules/@aws-crypto/sha1-browser/node_modules/@smithy/is-array-buffer": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz",
+      "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=14.0.0"
       }
     },
-    "node_modules/@esbuild/android-x64": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.7.tgz",
-      "integrity": "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
+    "node_modules/@aws-crypto/sha1-browser/node_modules/@smithy/util-buffer-from": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz",
+      "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/is-array-buffer": "^2.2.0",
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=14.0.0"
       }
     },
-    "node_modules/@esbuild/darwin-arm64": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.7.tgz",
-      "integrity": "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
+    "node_modules/@aws-crypto/sha1-browser/node_modules/@smithy/util-utf8": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz",
+      "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/util-buffer-from": "^2.2.0",
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=14.0.0"
       }
     },
-    "node_modules/@esbuild/darwin-x64": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.7.tgz",
-      "integrity": "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
+    "node_modules/@aws-crypto/sha256-browser": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-5.2.0.tgz",
+      "integrity": "sha512-AXfN/lGotSQwu6HNcEsIASo7kWXZ5HYWvfOmSNKDsEqC4OashTp8alTmaz+F7TC2L083SFv5RdB+qU3Vs1kZqw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/sha256-js": "^5.2.0",
+        "@aws-crypto/supports-web-crypto": "^5.2.0",
+        "@aws-crypto/util": "^5.2.0",
+        "@aws-sdk/types": "^3.222.0",
+        "@aws-sdk/util-locate-window": "^3.0.0",
+        "@smithy/util-utf8": "^2.0.0",
+        "tslib": "^2.6.2"
+      }
+    },
+    "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/is-array-buffer": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz",
+      "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=14.0.0"
       }
     },
-    "node_modules/@esbuild/freebsd-arm64": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.7.tgz",
-      "integrity": "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ],
+    "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/util-buffer-from": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz",
+      "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/is-array-buffer": "^2.2.0",
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=14.0.0"
       }
     },
-    "node_modules/@esbuild/freebsd-x64": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.7.tgz",
-      "integrity": "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ],
+    "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/util-utf8": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz",
+      "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/util-buffer-from": "^2.2.0",
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=14.0.0"
       }
     },
-    "node_modules/@esbuild/linux-arm": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.7.tgz",
-      "integrity": "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+    "node_modules/@aws-crypto/sha256-js": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-5.2.0.tgz",
+      "integrity": "sha512-FFQQyu7edu4ufvIZ+OadFpHHOt+eSTBaYaki44c+akjg7qZg9oOQeLlk77F6tSYqjDAFClrHJk9tMf0HdVyOvA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/util": "^5.2.0",
+        "@aws-sdk/types": "^3.222.0",
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=16.0.0"
       }
     },
-    "node_modules/@esbuild/linux-arm64": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.7.tgz",
-      "integrity": "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+    "node_modules/@aws-crypto/supports-web-crypto": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-5.2.0.tgz",
+      "integrity": "sha512-iAvUotm021kM33eCdNfwIN//F77/IADDSs58i+MDaOqFrVjZo9bAal0NK7HurRuWLLpF1iLX7gbWrjHjeo+YFg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      }
+    },
+    "node_modules/@aws-crypto/util": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-5.2.0.tgz",
+      "integrity": "sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.222.0",
+        "@smithy/util-utf8": "^2.0.0",
+        "tslib": "^2.6.2"
+      }
+    },
+    "node_modules/@aws-crypto/util/node_modules/@smithy/is-array-buffer": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz",
+      "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=14.0.0"
       }
     },
-    "node_modules/@esbuild/linux-ia32": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.7.tgz",
-      "integrity": "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg==",
-      "cpu": [
-        "ia32"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+    "node_modules/@aws-crypto/util/node_modules/@smithy/util-buffer-from": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz",
+      "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/is-array-buffer": "^2.2.0",
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=14.0.0"
       }
     },
-    "node_modules/@esbuild/linux-loong64": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.7.tgz",
-      "integrity": "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q==",
-      "cpu": [
-        "loong64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+    "node_modules/@aws-crypto/util/node_modules/@smithy/util-utf8": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz",
+      "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/util-buffer-from": "^2.2.0",
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=14.0.0"
       }
     },
-    "node_modules/@esbuild/linux-mips64el": {
-      "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.7.tgz",
-      "integrity": "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw==",
-      "cpu": [
-        "mips64el"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
+    "node_modules/@aws-sdk/client-s3": {
+      "version": "3.1032.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.1032.0.tgz",
+      "integrity": "sha512-A1wjVhV3IgsZ5td2l4AWgK03EjZ+ldwbiorxuO1hPf7RHJtSdr6oq/gKzyUwP7Tm7ma/M2xS/tplg5C8XB8RWg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/sha1-browser": "5.2.0",
+        "@aws-crypto/sha256-browser": "5.2.0",
+        "@aws-crypto/sha256-js": "5.2.0",
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/credential-provider-node": "^3.972.32",
+        "@aws-sdk/middleware-bucket-endpoint": "^3.972.10",
+        "@aws-sdk/middleware-expect-continue": "^3.972.10",
+        "@aws-sdk/middleware-flexible-checksums": "^3.974.9",
+        "@aws-sdk/middleware-host-header": "^3.972.10",
+        "@aws-sdk/middleware-location-constraint": "^3.972.10",
+        "@aws-sdk/middleware-logger": "^3.972.10",
+        "@aws-sdk/middleware-recursion-detection": "^3.972.11",
+        "@aws-sdk/middleware-sdk-s3": "^3.972.30",
+        "@aws-sdk/middleware-ssec": "^3.972.10",
+        "@aws-sdk/middleware-user-agent": "^3.972.31",
+        "@aws-sdk/region-config-resolver": "^3.972.12",
+        "@aws-sdk/signature-v4-multi-region": "^3.996.18",
+        "@aws-sdk/types": "^3.973.8",
+        "@aws-sdk/util-endpoints": "^3.996.7",
+        "@aws-sdk/util-user-agent-browser": "^3.972.10",
+        "@aws-sdk/util-user-agent-node": "^3.973.17",
+        "@smithy/config-resolver": "^4.4.16",
+        "@smithy/core": "^3.23.15",
+        "@smithy/eventstream-serde-browser": "^4.2.14",
+        "@smithy/eventstream-serde-config-resolver": "^4.3.14",
+        "@smithy/eventstream-serde-node": "^4.2.14",
+        "@smithy/fetch-http-handler": "^5.3.17",
+        "@smithy/hash-blob-browser": "^4.2.15",
+        "@smithy/hash-node": "^4.2.14",
+        "@smithy/hash-stream-node": "^4.2.14",
+        "@smithy/invalid-dependency": "^4.2.14",
+        "@smithy/md5-js": "^4.2.14",
+        "@smithy/middleware-content-length": "^4.2.14",
+        "@smithy/middleware-endpoint": "^4.4.30",
+        "@smithy/middleware-retry": "^4.5.3",
+        "@smithy/middleware-serde": "^4.2.18",
+        "@smithy/middleware-stack": "^4.2.14",
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/node-http-handler": "^4.5.3",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/smithy-client": "^4.12.11",
+        "@smithy/types": "^4.14.1",
+        "@smithy/url-parser": "^4.2.14",
+        "@smithy/util-base64": "^4.3.2",
+        "@smithy/util-body-length-browser": "^4.2.2",
+        "@smithy/util-body-length-node": "^4.2.3",
+        "@smithy/util-defaults-mode-browser": "^4.3.47",
+        "@smithy/util-defaults-mode-node": "^4.2.52",
+        "@smithy/util-endpoints": "^3.4.1",
+        "@smithy/util-middleware": "^4.2.14",
+        "@smithy/util-retry": "^4.3.2",
+        "@smithy/util-stream": "^4.5.23",
+        "@smithy/util-utf8": "^4.2.2",
+        "@smithy/util-waiter": "^4.2.16",
+        "tslib": "^2.6.2"
+      },
       "engines": {
-        "node": ">=18"
+        "node": ">=20.0.0"
       }
     },
-    "node_modules/@esbuild/linux-ppc64": {
+    "node_modules/@aws-sdk/core": {
+      "version": "3.974.1",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.974.1.tgz",
+      "integrity": "sha512-gy/gffKz0zaHDaqRiLCdIvgHmaAL/HXuAtMcBP7euYSFx4BsbsdlfmUBJag+Gqe62z6/XuloKyQyaiH+kS3Vrg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.973.8",
+        "@aws-sdk/xml-builder": "^3.972.18",
+        "@smithy/core": "^3.23.15",
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/signature-v4": "^5.3.14",
+        "@smithy/smithy-client": "^4.12.11",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-base64": "^4.3.2",
+        "@smithy/util-middleware": "^4.2.14",
+        "@smithy/util-utf8": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/crc64-nvme": {
+      "version": "3.972.7",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/crc64-nvme/-/crc64-nvme-3.972.7.tgz",
+      "integrity": "sha512-QUagVVBbC8gODCF6e1aV0mE2TXWB9Opz4k8EJFdNrujUVQm5R4AjJa1mpOqzwOuROBzqJU9zawzig7M96L8Ejg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-env": {
+      "version": "3.972.27",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.972.27.tgz",
+      "integrity": "sha512-xfUt2CUZDC+Tf16A6roD1b4pk/nrXdkoLY3TEhv198AXDtBo5xUJP1zd0e8SmuKLN4PpIBX96OizZbmMlcI6oQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-http": {
+      "version": "3.972.29",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.972.29.tgz",
+      "integrity": "sha512-hjNeYb6oLyHgMihra83ie0J/T2y9om3cy1qC90h9DRgvYXEoN4BCFf8bHguZjKhXunnv7YkmZRuYL5Mkk77eCA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/fetch-http-handler": "^5.3.17",
+        "@smithy/node-http-handler": "^4.5.3",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/smithy-client": "^4.12.11",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-stream": "^4.5.23",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-ini": {
+      "version": "3.972.31",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.972.31.tgz",
+      "integrity": "sha512-PuQ7e8WYzAPpzvFcajxf8c0LqSzakVHVlKw8M0oubk8Kf347YOCCqT1seQrHs5AdZuIh2RD9LX4O+Xa5ImEBfQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/credential-provider-env": "^3.972.27",
+        "@aws-sdk/credential-provider-http": "^3.972.29",
+        "@aws-sdk/credential-provider-login": "^3.972.31",
+        "@aws-sdk/credential-provider-process": "^3.972.27",
+        "@aws-sdk/credential-provider-sso": "^3.972.31",
+        "@aws-sdk/credential-provider-web-identity": "^3.972.31",
+        "@aws-sdk/nested-clients": "^3.996.21",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/credential-provider-imds": "^4.2.14",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/shared-ini-file-loader": "^4.4.9",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-login": {
+      "version": "3.972.31",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-login/-/credential-provider-login-3.972.31.tgz",
+      "integrity": "sha512-bBmWDmtSpmLOZR6a0kmowBcVL1hiL8Vlap/RXeMpFd7JbWl87YcwqL6T9LH/0oBVEZXu1dUZAtojgSuZgMO5xw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/nested-clients": "^3.996.21",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/shared-ini-file-loader": "^4.4.9",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-node": {
+      "version": "3.972.32",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.972.32.tgz",
+      "integrity": "sha512-9aj0x9hGYUondBZSD0XkksAdHhOKttFw4BWpLCeggeg40qSJxGrAP++g0GCm0VqWc1WtC/NRFiAVzPCy56vmog==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/credential-provider-env": "^3.972.27",
+        "@aws-sdk/credential-provider-http": "^3.972.29",
+        "@aws-sdk/credential-provider-ini": "^3.972.31",
+        "@aws-sdk/credential-provider-process": "^3.972.27",
+        "@aws-sdk/credential-provider-sso": "^3.972.31",
+        "@aws-sdk/credential-provider-web-identity": "^3.972.31",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/credential-provider-imds": "^4.2.14",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/shared-ini-file-loader": "^4.4.9",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-process": {
+      "version": "3.972.27",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.972.27.tgz",
+      "integrity": "sha512-1CZvfb1WzudWWIFAVQkd1OI/T1RxPcSvNWzNsb2BMBVsBJzBtB8dV5f2nymHVU4UqwxipdVt/DAbgdDRf33JDg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/shared-ini-file-loader": "^4.4.9",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-sso": {
+      "version": "3.972.31",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.972.31.tgz",
+      "integrity": "sha512-x8Mx18S48XMl9bEEpYwmXDTvjWGPIfDadReN37Lc099/DUrlL4Zs9T9rwwggo6DkKS1aev6v+MTUx7JTa87TZQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/nested-clients": "^3.996.21",
+        "@aws-sdk/token-providers": "3.1032.0",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/shared-ini-file-loader": "^4.4.9",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-web-identity": {
+      "version": "3.972.31",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.972.31.tgz",
+      "integrity": "sha512-zfuNMIkGfjYsHis9qytYf74Bcmq6Ji9Xwf4w53baRCI/b2otTwZv3SW1uRiJ5Di7999QzRGhHZ96+eUeo3gSOA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/nested-clients": "^3.996.21",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/shared-ini-file-loader": "^4.4.9",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-bucket-endpoint": {
+      "version": "3.972.10",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.972.10.tgz",
+      "integrity": "sha512-Vbc2frZH7wXlMNd+ZZSXUEs/l1Sv8Jj4zUnIfwrYF5lwaLdXHZ9xx4U3rjUcaye3HRhFVc+E5DbBxpRAbB16BA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.973.8",
+        "@aws-sdk/util-arn-parser": "^3.972.3",
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-config-provider": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-expect-continue": {
+      "version": "3.972.10",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.972.10.tgz",
+      "integrity": "sha512-2Yn0f1Qiq/DjxYR3wfI3LokXnjOhFM7Ssn4LTdFDIxRMCE6I32MAsVnhPX1cUZsuVA9tiZtwwhlSLAtFGxAZlQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-flexible-checksums": {
+      "version": "3.974.9",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.974.9.tgz",
+      "integrity": "sha512-ye6xVuMEQ5NCT+yQOryGYsuCXnOwu7iGFGzV+qpXZOWtqXIAAaFostapxj6RCubw36rekVwmdB2lcspFuyNfYQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/crc32": "5.2.0",
+        "@aws-crypto/crc32c": "5.2.0",
+        "@aws-crypto/util": "5.2.0",
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/crc64-nvme": "^3.972.7",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/is-array-buffer": "^4.2.2",
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-middleware": "^4.2.14",
+        "@smithy/util-stream": "^4.5.23",
+        "@smithy/util-utf8": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-host-header": {
+      "version": "3.972.10",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.972.10.tgz",
+      "integrity": "sha512-IJSsIMeVQ8MMCPbuh1AbltkFhLBLXn7aejzfX5YKT/VLDHn++Dcz8886tXckE+wQssyPUhaXrJhdakO2VilRhg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-location-constraint": {
+      "version": "3.972.10",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.972.10.tgz",
+      "integrity": "sha512-rI3NZvJcEvjoD0+0PI0iUAwlPw2IlSlhyvgBK/3WkKJQE/YiKFedd9dMN2lVacdNxPNhxL/jzQaKQdrGtQagjQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-logger": {
+      "version": "3.972.10",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.972.10.tgz",
+      "integrity": "sha512-OOuGvvz1Dm20SjZo5oEBePFqxt5nf8AwkNDSyUHvD9/bfNASmstcYxFAHUowy4n6Io7mWUZ04JURZwSBvyQanQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-recursion-detection": {
+      "version": "3.972.11",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.972.11.tgz",
+      "integrity": "sha512-+zz6f79Kj9V5qFK2P+D8Ehjnw4AhphAlCAsPjUqEcInA9umtSSKMrHbSagEeOIsDNuvVrH98bjRHcyQukTrhaQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.973.8",
+        "@aws/lambda-invoke-store": "^0.2.2",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-sdk-s3": {
+      "version": "3.972.30",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.972.30.tgz",
+      "integrity": "sha512-hoQRxjJu4tt3gEOQin21rJKotClJC+x7AmCh9ylRct1DJeaNI/BRlFxMbuhJe54bG6xANPagSs0my8K30QyV9g==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/types": "^3.973.8",
+        "@aws-sdk/util-arn-parser": "^3.972.3",
+        "@smithy/core": "^3.23.15",
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/signature-v4": "^5.3.14",
+        "@smithy/smithy-client": "^4.12.11",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-config-provider": "^4.2.2",
+        "@smithy/util-middleware": "^4.2.14",
+        "@smithy/util-stream": "^4.5.23",
+        "@smithy/util-utf8": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-ssec": {
+      "version": "3.972.10",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.972.10.tgz",
+      "integrity": "sha512-Gli9A0u8EVVb+5bFDGS/QbSVg28w/wpEidg1ggVcSj65BDTdGR6punsOcVjqdiu1i42WHWo51MCvARPIIz9juw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-user-agent": {
+      "version": "3.972.31",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.972.31.tgz",
+      "integrity": "sha512-L+hXN2HDomlIsWSHW5DVD7ppccCeRnlHXZ5uHG34ePTjF5bm0I1fmrJLbUGiW97xRXWryit5cjdP4Sx2FwiGog==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/types": "^3.973.8",
+        "@aws-sdk/util-endpoints": "^3.996.7",
+        "@smithy/core": "^3.23.15",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-retry": "^4.3.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/nested-clients": {
+      "version": "3.996.21",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/nested-clients/-/nested-clients-3.996.21.tgz",
+      "integrity": "sha512-Me3d/ua2lb2G0bQfFmvCeQQp3+nN6GSPqMxDmi/IQlQ8CrlpQ5C0JJHpz2AnOUkEFI0lBNrAL3Vnt29l44ndkA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/sha256-browser": "5.2.0",
+        "@aws-crypto/sha256-js": "5.2.0",
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/middleware-host-header": "^3.972.10",
+        "@aws-sdk/middleware-logger": "^3.972.10",
+        "@aws-sdk/middleware-recursion-detection": "^3.972.11",
+        "@aws-sdk/middleware-user-agent": "^3.972.31",
+        "@aws-sdk/region-config-resolver": "^3.972.12",
+        "@aws-sdk/types": "^3.973.8",
+        "@aws-sdk/util-endpoints": "^3.996.7",
+        "@aws-sdk/util-user-agent-browser": "^3.972.10",
+        "@aws-sdk/util-user-agent-node": "^3.973.17",
+        "@smithy/config-resolver": "^4.4.16",
+        "@smithy/core": "^3.23.15",
+        "@smithy/fetch-http-handler": "^5.3.17",
+        "@smithy/hash-node": "^4.2.14",
+        "@smithy/invalid-dependency": "^4.2.14",
+        "@smithy/middleware-content-length": "^4.2.14",
+        "@smithy/middleware-endpoint": "^4.4.30",
+        "@smithy/middleware-retry": "^4.5.3",
+        "@smithy/middleware-serde": "^4.2.18",
+        "@smithy/middleware-stack": "^4.2.14",
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/node-http-handler": "^4.5.3",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/smithy-client": "^4.12.11",
+        "@smithy/types": "^4.14.1",
+        "@smithy/url-parser": "^4.2.14",
+        "@smithy/util-base64": "^4.3.2",
+        "@smithy/util-body-length-browser": "^4.2.2",
+        "@smithy/util-body-length-node": "^4.2.3",
+        "@smithy/util-defaults-mode-browser": "^4.3.47",
+        "@smithy/util-defaults-mode-node": "^4.2.52",
+        "@smithy/util-endpoints": "^3.4.1",
+        "@smithy/util-middleware": "^4.2.14",
+        "@smithy/util-retry": "^4.3.2",
+        "@smithy/util-utf8": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/region-config-resolver": {
+      "version": "3.972.12",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.972.12.tgz",
+      "integrity": "sha512-QQI43Mxd53nBij0pm8HXC+t4IOC6gnhhZfzxE0OATQyO6QfPV4e+aTIRRuAJKA6Nig/cR8eLwPryqYTX9ZrjAQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/config-resolver": "^4.4.16",
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/signature-v4-multi-region": {
+      "version": "3.996.18",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.996.18.tgz",
+      "integrity": "sha512-4KT8UXRmvNAP5zKq9UI1MIwbnmSChZncBt89RKu/skMqZSSWGkBZTAJsZ+no+txfmF3kVaUFv31CTBZkQ5BJpQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/middleware-sdk-s3": "^3.972.30",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/signature-v4": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/token-providers": {
+      "version": "3.1032.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.1032.0.tgz",
+      "integrity": "sha512-n+PU8Z+gll7p3wDrH+Wo6fkt8sPrVnq30YYM6Ryga95oJlEneNMEbDHj0iqjMX3V7gaGdJo/hJWyPo4lscP+mA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "^3.974.1",
+        "@aws-sdk/nested-clients": "^3.996.21",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/shared-ini-file-loader": "^4.4.9",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/types": {
+      "version": "3.973.8",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.973.8.tgz",
+      "integrity": "sha512-gjlAdtHMbtR9X5iIhVUvbVcy55KnznpC6bkDUWW9z915bi0ckdUr5cjf16Kp6xq0bP5HBD2xzgbL9F9Quv5vUw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/util-arn-parser": {
+      "version": "3.972.3",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.972.3.tgz",
+      "integrity": "sha512-HzSD8PMFrvgi2Kserxuff5VitNq2sgf3w9qxmskKDiDTThWfVteJxuCS9JXiPIPtmCrp+7N9asfIaVhBFORllA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/util-endpoints": {
+      "version": "3.996.7",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.996.7.tgz",
+      "integrity": "sha512-ty4LQxN1QC+YhUP28NfEgZDEGXkyqOQy+BDriBozqHsrYO4JMgiPhfizqOGF7P+euBTZ5Ez6SKlLAMCLo8tzmw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/types": "^4.14.1",
+        "@smithy/url-parser": "^4.2.14",
+        "@smithy/util-endpoints": "^3.4.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/util-locate-window": {
+      "version": "3.965.5",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.965.5.tgz",
+      "integrity": "sha512-WhlJNNINQB+9qtLtZJcpQdgZw3SCDCpXdUJP7cToGwHbCWCnRckGlc6Bx/OhWwIYFNAn+FIydY8SZ0QmVu3xTQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/util-user-agent-browser": {
+      "version": "3.972.10",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.972.10.tgz",
+      "integrity": "sha512-FAzqXvfEssGdSIz8ejatan0bOdx1qefBWKF/gWmVBXIP1HkS7v/wjjaqrAGGKvyihrXTXW00/2/1nTJtxpXz7g==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/types": "^4.14.1",
+        "bowser": "^2.11.0",
+        "tslib": "^2.6.2"
+      }
+    },
+    "node_modules/@aws-sdk/util-user-agent-node": {
+      "version": "3.973.17",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.973.17.tgz",
+      "integrity": "sha512-utF5qjjbuJQuU9VdCkWl7L87sr93cApsrD+uxGfUnlafX8iyEzJrb7EZnufjThURZVTOtelRMXrblWxpefElUg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/middleware-user-agent": "^3.972.31",
+        "@aws-sdk/types": "^3.973.8",
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-config-provider": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      },
+      "peerDependencies": {
+        "aws-crt": ">=1.0.0"
+      },
+      "peerDependenciesMeta": {
+        "aws-crt": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@aws-sdk/xml-builder": {
+      "version": "3.972.18",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.972.18.tgz",
+      "integrity": "sha512-BMDNVG1ETXRhl1tnisQiYBef3RShJ1kfZA7x7afivTFMLirfHNTb6U71K569HNXhSXbQZsweHvSDZ6euBw8hPA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "fast-xml-parser": "5.5.8",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/@aws/lambda-invoke-store": {
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/@aws/lambda-invoke-store/-/lambda-invoke-store-0.2.4.tgz",
+      "integrity": "sha512-iY8yvjE0y651BixKNPgmv1WrQc+GZ142sb0z4gYnChDDY2YqI4P/jsSopBWrKfAt7LOJAkOXt7rC/hms+WclQQ==",
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@esbuild/aix-ppc64": {
       "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.7.tgz",
-      "integrity": "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ==",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.7.tgz",
+      "integrity": "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg==",
       "cpu": [
         "ppc64"
       ],
@@ -251,50 +882,50 @@
       "license": "MIT",
       "optional": true,
       "os": [
-        "linux"
+        "aix"
       ],
       "engines": {
         "node": ">=18"
       }
     },
-    "node_modules/@esbuild/linux-riscv64": {
+    "node_modules/@esbuild/android-arm": {
       "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.7.tgz",
-      "integrity": "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ==",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.7.tgz",
+      "integrity": "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ==",
       "cpu": [
-        "riscv64"
+        "arm"
       ],
       "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
-        "linux"
+        "android"
       ],
       "engines": {
         "node": ">=18"
       }
     },
-    "node_modules/@esbuild/linux-s390x": {
+    "node_modules/@esbuild/android-arm64": {
       "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.7.tgz",
-      "integrity": "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw==",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.7.tgz",
+      "integrity": "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ==",
       "cpu": [
-        "s390x"
+        "arm64"
       ],
       "dev": true,
       "license": "MIT",
       "optional": true,
       "os": [
-        "linux"
+        "android"
       ],
       "engines": {
         "node": ">=18"
       }
     },
-    "node_modules/@esbuild/linux-x64": {
+    "node_modules/@esbuild/android-x64": {
       "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.7.tgz",
-      "integrity": "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA==",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.7.tgz",
+      "integrity": "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg==",
       "cpu": [
         "x64"
       ],
@@ -302,16 +933,16 @@
       "license": "MIT",
       "optional": true,
       "os": [
-        "linux"
+        "android"
       ],
       "engines": {
         "node": ">=18"
       }
     },
-    "node_modules/@esbuild/netbsd-arm64": {
+    "node_modules/@esbuild/darwin-arm64": {
       "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.7.tgz",
-      "integrity": "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w==",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.7.tgz",
+      "integrity": "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw==",
       "cpu": [
         "arm64"
       ],
@@ -319,16 +950,16 @@
       "license": "MIT",
       "optional": true,
       "os": [
-        "netbsd"
+        "darwin"
       ],
       "engines": {
         "node": ">=18"
       }
     },
-    "node_modules/@esbuild/netbsd-x64": {
+    "node_modules/@esbuild/darwin-x64": {
       "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.7.tgz",
-      "integrity": "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw==",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.7.tgz",
+      "integrity": "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ==",
       "cpu": [
         "x64"
       ],
@@ -336,16 +967,16 @@
       "license": "MIT",
       "optional": true,
       "os": [
-        "netbsd"
+        "darwin"
       ],
       "engines": {
         "node": ">=18"
       }
     },
-    "node_modules/@esbuild/openbsd-arm64": {
+    "node_modules/@esbuild/freebsd-arm64": {
       "version": "0.27.7",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.7.tgz",
-      "integrity": "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A==",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w==",
       "cpu": [
         "arm64"
       ],
@@ -353,13 +984,234 @@
       "license": "MIT",
       "optional": true,
       "os": [
-        "openbsd"
+        "freebsd"
       ],
       "engines": {
         "node": ">=18"
       }
     },
-    "node_modules/@esbuild/openbsd-x64": {
+    "node_modules/@esbuild/freebsd-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.7.tgz",
+      "integrity": "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.7.tgz",
+      "integrity": "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.7.tgz",
+      "integrity": "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ia32": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.7.tgz",
+      "integrity": "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-loong64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.7.tgz",
+      "integrity": "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-mips64el": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.7.tgz",
+      "integrity": "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw==",
+      "cpu": [
+        "mips64el"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ppc64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.7.tgz",
+      "integrity": "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-riscv64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.7.tgz",
+      "integrity": "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-s390x": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.7.tgz",
+      "integrity": "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.7.tgz",
+      "integrity": "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.7.tgz",
+      "integrity": "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-x64": {
       "version": "0.27.7",
       "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.7.tgz",
       "integrity": "sha512-+A1NJmfM8WNDv5CLVQYJ5PshuRm/4cI6WMZRg1by1GwPIQPCTs1GLEUHwiiQGT5zDdyLiRM/l1G0Pv54gvtKIg==",
@@ -670,159 +1522,878 @@
         "linux"
       ]
     },
-    "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.60.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.1.tgz",
-      "integrity": "sha512-QKgFl+Yc1eEk6MmOBfRHYF6lTxiiiV3/z/BRrbSiW2I7AFTXoBFvdMEyglohPj//2mZS4hDOqeB0H1ACh3sBbg==",
-      "cpu": [
-        "riscv64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
+    "node_modules/@rollup/rollup-linux-riscv64-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.1.tgz",
+      "integrity": "sha512-QKgFl+Yc1eEk6MmOBfRHYF6lTxiiiV3/z/BRrbSiW2I7AFTXoBFvdMEyglohPj//2mZS4hDOqeB0H1ACh3sBbg==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-musl": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.1.tgz",
+      "integrity": "sha512-RAjXjP/8c6ZtzatZcA1RaQr6O1TRhzC+adn8YZDnChliZHviqIjmvFwHcxi4JKPSDAt6Uhf/7vqcBzQJy0PDJg==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-s390x-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.1.tgz",
+      "integrity": "sha512-wcuocpaOlaL1COBYiA89O6yfjlp3RwKDeTIA0hM7OpmhR1Bjo9j31G1uQVpDlTvwxGn2nQs65fBFL5UFd76FcQ==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.1.tgz",
+      "integrity": "sha512-77PpsFQUCOiZR9+LQEFg9GClyfkNXj1MP6wRnzYs0EeWbPcHs02AXu4xuUbM1zhwn3wqaizle3AEYg5aeoohhg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-musl": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.1.tgz",
+      "integrity": "sha512-5cIATbk5vynAjqqmyBjlciMJl1+R/CwX9oLk/EyiFXDWd95KpHdrOJT//rnUl4cUcskrd0jCCw3wpZnhIHdD9w==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-openbsd-x64": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.1.tgz",
+      "integrity": "sha512-cl0w09WsCi17mcmWqqglez9Gk8isgeWvoUZ3WiJFYSR3zjBQc2J5/ihSjpl+VLjPqjQ/1hJRcqBfLjssREQILw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-openharmony-arm64": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.1.tgz",
+      "integrity": "sha512-4Cv23ZrONRbNtbZa37mLSueXUCtN7MXccChtKpUnQNgF010rjrjfHx3QxkS2PI7LqGT5xXyYs1a7LbzAwT0iCA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-arm64-msvc": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.1.tgz",
+      "integrity": "sha512-i1okWYkA4FJICtr7KpYzFpRTHgy5jdDbZiWfvny21iIKky5YExiDXP+zbXzm3dUcFpkEeYNHgQ5fuG236JPq0g==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-ia32-msvc": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.1.tgz",
+      "integrity": "sha512-u09m3CuwLzShA0EYKMNiFgcjjzwqtUMLmuCJLeZWjjOYA3IT2Di09KaxGBTP9xVztWyIWjVdsB2E9goMjZvTQg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-gnu": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.1.tgz",
+      "integrity": "sha512-k+600V9Zl1CM7eZxJgMyTUzmrmhB/0XZnF4pRypKAlAgxmedUA+1v9R+XOFv56W4SlHEzfeMtzujLJD22Uz5zg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-msvc": {
+      "version": "4.60.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.1.tgz",
+      "integrity": "sha512-lWMnixq/QzxyhTV6NjQJ4SFo1J6PvOX8vUx5Wb4bBPsEb+8xZ89Bz6kOXpfXj9ak9AHTQVQzlgzBEc1SyM27xQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@smithy/chunked-blob-reader": {
+      "version": "5.2.2",
+      "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-5.2.2.tgz",
+      "integrity": "sha512-St+kVicSyayWQca+I1rGitaOEH6uKgE8IUWoYnnEX26SWdWQcL6LvMSD19Lg+vYHKdT9B2Zuu7rd3i6Wnyb/iw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/chunked-blob-reader-native": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-4.2.3.tgz",
+      "integrity": "sha512-jA5k5Udn7Y5717L86h4EIv06wIr3xn8GM1qHRi/Nf31annXcXHJjBKvgztnbn2TxH3xWrPBfgwHsOwZf0UmQWw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/util-base64": "^4.3.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/config-resolver": {
+      "version": "4.4.16",
+      "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-4.4.16.tgz",
+      "integrity": "sha512-GFlGPNLZKrGfqWpqVb31z7hvYCA9ZscfX1buYnvvMGcRYsQQnhH+4uN6mWWflcD5jB4OXP/LBrdpukEdjl41tg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-config-provider": "^4.2.2",
+        "@smithy/util-endpoints": "^3.4.1",
+        "@smithy/util-middleware": "^4.2.14",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/core": {
+      "version": "3.23.15",
+      "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.23.15.tgz",
+      "integrity": "sha512-E7GVCgsQttzfujEZb6Qep005wWf4xiL4x06apFEtzQMWYBPggZh/0cnOxPficw5cuK/YjjkehKoIN4YUaSh0UQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "@smithy/url-parser": "^4.2.14",
+        "@smithy/util-base64": "^4.3.2",
+        "@smithy/util-body-length-browser": "^4.2.2",
+        "@smithy/util-middleware": "^4.2.14",
+        "@smithy/util-stream": "^4.5.23",
+        "@smithy/util-utf8": "^4.2.2",
+        "@smithy/uuid": "^1.1.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/credential-provider-imds": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-4.2.14.tgz",
+      "integrity": "sha512-Au28zBN48ZAoXdooGUHemuVBrkE+Ie6RPmGNIAJsFqj33Vhb6xAgRifUydZ2aY+M+KaMAETAlKk5NC5h1G7wpg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/types": "^4.14.1",
+        "@smithy/url-parser": "^4.2.14",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/eventstream-codec": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-4.2.14.tgz",
+      "integrity": "sha512-erZq0nOIpzfeZdCyzZjdJb4nVSKLUmSkaQUVkRGQTXs30gyUGeKnrYEg+Xe1W5gE3aReS7IgsvANwVPxSzY6Pw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/crc32": "5.2.0",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-hex-encoding": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/eventstream-serde-browser": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-4.2.14.tgz",
+      "integrity": "sha512-8IelTCtTctWRbb+0Dcy+C0aICh1qa0qWXqgjcXDmMuCvPJRnv26hiDZoAau2ILOniki65mCPKqOQs/BaWvO4CQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/eventstream-serde-universal": "^4.2.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/eventstream-serde-config-resolver": {
+      "version": "4.3.14",
+      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-4.3.14.tgz",
+      "integrity": "sha512-sqHiHpYRYo3FJlaIxD1J8PhbcmJAm7IuM16mVnwSkCToD7g00IBZzKuiLNMGmftULmEUX6/UAz8/NN5uMP8bVA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/eventstream-serde-node": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-4.2.14.tgz",
+      "integrity": "sha512-Ht/8BuGlKfFTy0H3+8eEu0vdpwGztCnaLLXtpXNdQqiR7Hj4vFScU3T436vRAjATglOIPjJXronY+1WxxNLSiw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/eventstream-serde-universal": "^4.2.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/eventstream-serde-universal": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-4.2.14.tgz",
+      "integrity": "sha512-lWyt4T2XQZUZgK3tQ3Wn0w3XBvZsK/vjTuJl6bXbnGZBHH0ZUSONTYiK9TgjTTzU54xQr3DRFwpjmhp0oLm3gg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/eventstream-codec": "^4.2.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/fetch-http-handler": {
+      "version": "5.3.17",
+      "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-5.3.17.tgz",
+      "integrity": "sha512-bXOvQzaSm6MnmLaWA1elgfQcAtN4UP3vXqV97bHuoOrHQOJiLT3ds6o9eo5bqd0TJfRFpzdGnDQdW3FACiAVdw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/querystring-builder": "^4.2.14",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-base64": "^4.3.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/hash-blob-browser": {
+      "version": "4.2.15",
+      "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-4.2.15.tgz",
+      "integrity": "sha512-0PJ4Al3fg2nM4qKrAIxyNcApgqHAXcBkN8FeizOz69z0rb26uZ6lMESYtxegaTlXB5Hj84JfwMPavMrwDMjucA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/chunked-blob-reader": "^5.2.2",
+        "@smithy/chunked-blob-reader-native": "^4.2.3",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/hash-node": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-4.2.14.tgz",
+      "integrity": "sha512-8ZBDY2DD4wr+GGjTpPtiglEsqr0lUP+KHqgZcWczFf6qeZ/YRjMIOoQWVQlmwu7EtxKTd8YXD8lblmYcpBIA1g==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-buffer-from": "^4.2.2",
+        "@smithy/util-utf8": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/hash-stream-node": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-4.2.14.tgz",
+      "integrity": "sha512-tw4GANWkZPb6+BdD4Fgucqzey2+r73Z/GRo9zklsCdwrnxxumUV83ZIaBDdudV4Ylazw3EPTiJZhpX42105ruQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-utf8": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/invalid-dependency": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-4.2.14.tgz",
+      "integrity": "sha512-c21qJiTSb25xvvOp+H2TNZzPCngrvl5vIPqPB8zQ/DmJF4QWXO19x1dWfMJZ6wZuuWUPPm0gV8C0cU3+ifcWuw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/is-array-buffer": {
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-4.2.2.tgz",
+      "integrity": "sha512-n6rQ4N8Jj4YTQO3YFrlgZuwKodf4zUFs7EJIWH86pSCWBaAtAGBFfCM7Wx6D2bBJ2xqFNxGBSrUWswT3M0VJow==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/md5-js": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-4.2.14.tgz",
+      "integrity": "sha512-V2v0vx+h0iUSNG1Alt+GNBMSLGCrl9iVsdd+Ap67HPM9PN479x12V8LkuMoKImNZxn3MXeuyUjls+/7ZACZghA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-utf8": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/middleware-content-length": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-4.2.14.tgz",
+      "integrity": "sha512-xhHq7fX4/3lv5NHxLUk3OeEvl0xZ+Ek3qIbWaCL4f9JwgDZEclPBElljaZCAItdGPQl/kSM4LPMOpy1MYgprpw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/middleware-endpoint": {
+      "version": "4.4.30",
+      "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-4.4.30.tgz",
+      "integrity": "sha512-qS2XqhKeXmdZ4nEQ4cOxIczSP/Y91wPAHYuRwmWDCh975B7/57uxsm5d6sisnUThn2u2FwzMdJNM7AbO1YPsPg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/core": "^3.23.15",
+        "@smithy/middleware-serde": "^4.2.18",
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/shared-ini-file-loader": "^4.4.9",
+        "@smithy/types": "^4.14.1",
+        "@smithy/url-parser": "^4.2.14",
+        "@smithy/util-middleware": "^4.2.14",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/middleware-retry": {
+      "version": "4.5.3",
+      "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-4.5.3.tgz",
+      "integrity": "sha512-TE8dJNi6JuxzGSxMCVd3i9IEWDndCl3bmluLsBNDWok8olgj65OfkndMhl9SZ7m14c+C5SQn/PcUmrDl57rSFw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/core": "^3.23.15",
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/service-error-classification": "^4.2.14",
+        "@smithy/smithy-client": "^4.12.11",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-middleware": "^4.2.14",
+        "@smithy/util-retry": "^4.3.2",
+        "@smithy/uuid": "^1.1.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/middleware-serde": {
+      "version": "4.2.18",
+      "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-4.2.18.tgz",
+      "integrity": "sha512-M6CSgnp3v4tYz9ynj2JHbA60woBZcGqEwNjTKjBsNHPV26R1ZX52+0wW8WsZU18q45jD0tw2wL22S17Ze9LpEw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/core": "^3.23.15",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/middleware-stack": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-4.2.14.tgz",
+      "integrity": "sha512-2dvkUKLuFdKsCRmOE4Mn63co0Djtsm+JMh0bYZQupN1pJwMeE8FmQmRLLzzEMN0dnNi7CDCYYH8F0EVwWiPBeA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/node-config-provider": {
+      "version": "4.3.14",
+      "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-4.3.14.tgz",
+      "integrity": "sha512-S+gFjyo/weSVL0P1b9Ts8C/CwIfNCgUPikk3sl6QVsfE/uUuO+QsF+NsE/JkpvWqqyz1wg7HFdiaZuj5CoBMRg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/shared-ini-file-loader": "^4.4.9",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/node-http-handler": {
+      "version": "4.5.3",
+      "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.5.3.tgz",
+      "integrity": "sha512-lc5jFL++x17sPhIwMWJ3YOnqmSjw/2Po6VLDlUIXvxVWRuJwRXnJ4jOBBLB0cfI5BB5ehIl02Fxr1PDvk/kxDw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/querystring-builder": "^4.2.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/property-provider": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-4.2.14.tgz",
+      "integrity": "sha512-WuM31CgfsnQ/10i7NYr0PyxqknD72Y5uMfUMVSniPjbEPceiTErb4eIqJQ+pdxNEAUEWrewrGjIRjVbVHsxZiQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/protocol-http": {
+      "version": "5.3.14",
+      "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-5.3.14.tgz",
+      "integrity": "sha512-dN5F8kHx8RNU0r+pCwNmFZyz6ChjMkzShy/zup6MtkRmmix4vZzJdW+di7x//b1LiynIev88FM18ie+wwPcQtQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/querystring-builder": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-4.2.14.tgz",
+      "integrity": "sha512-XYA5Z0IqTeF+5XDdh4BBmSA0HvbgVZIyv4cmOoUheDNR57K1HgBp9ukUMx3Cr3XpDHHpLBnexPE3LAtDsZkj2A==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-uri-escape": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/querystring-parser": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-4.2.14.tgz",
+      "integrity": "sha512-hr+YyqBD23GVvRxGGrcc/oOeNlK3PzT5Fu4dzrDXxzS1LpFiuL2PQQqKPs87M79aW7ziMs+nvB3qdw77SqE7Lw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/service-error-classification": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-4.2.14.tgz",
+      "integrity": "sha512-vVimoUnGxlx4eLLQbZImdOZFOe+Zh+5ACntv8VxZuGP72LdWu5GV3oEmCahSEReBgRJoWjypFkrehSj7BWx1HQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/shared-ini-file-loader": {
+      "version": "4.4.9",
+      "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-4.4.9.tgz",
+      "integrity": "sha512-495/V2I15SHgedSJoDPD23JuSfKAp726ZI1V0wtjB07Wh7q/0tri/0e0DLefZCHgxZonrGKt/OCTpAtP1wE1kQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/signature-v4": {
+      "version": "5.3.14",
+      "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-5.3.14.tgz",
+      "integrity": "sha512-1D9Y/nmlVjCeSivCbhZ7hgEpmHyY1h0GvpSZt3l0xcD9JjmjVC1CHOozS6+Gh+/ldMH8JuJ6cujObQqfayAVFA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/is-array-buffer": "^4.2.2",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-hex-encoding": "^4.2.2",
+        "@smithy/util-middleware": "^4.2.14",
+        "@smithy/util-uri-escape": "^4.2.2",
+        "@smithy/util-utf8": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/smithy-client": {
+      "version": "4.12.11",
+      "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-4.12.11.tgz",
+      "integrity": "sha512-wzz/Wa1CH/Tlhxh0s4DQPEcXSxSVfJ59AZcUh9Gu0c6JTlKuwGf4o/3P2TExv0VbtPFt8odIBG+eQGK2+vTECg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/core": "^3.23.15",
+        "@smithy/middleware-endpoint": "^4.4.30",
+        "@smithy/middleware-stack": "^4.2.14",
+        "@smithy/protocol-http": "^5.3.14",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-stream": "^4.5.23",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/types": {
+      "version": "4.14.1",
+      "resolved": "https://registry.npmjs.org/@smithy/types/-/types-4.14.1.tgz",
+      "integrity": "sha512-59b5HtSVrVR/eYNei3BUj3DCPKD/G7EtDDe7OEJE7i7FtQFugYo6MxbotS8mVJkLNVf8gYaAlEBwwtJ9HzhWSg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/url-parser": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-4.2.14.tgz",
+      "integrity": "sha512-p06BiBigJ8bTA3MgnOfCtDUWnAMY0YfedO/GRpmc7p+wg3KW8vbXy1xwSu5ASy0wV7rRYtlfZOIKH4XqfhjSQQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/querystring-parser": "^4.2.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/util-base64": {
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-4.3.2.tgz",
+      "integrity": "sha512-XRH6b0H/5A3SgblmMa5ErXQ2XKhfbQB+Fm/oyLZ2O2kCUrwgg55bU0RekmzAhuwOjA9qdN5VU2BprOvGGUkOOQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/util-buffer-from": "^4.2.2",
+        "@smithy/util-utf8": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/util-body-length-browser": {
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-4.2.2.tgz",
+      "integrity": "sha512-JKCrLNOup3OOgmzeaKQwi4ZCTWlYR5H4Gm1r2uTMVBXoemo1UEghk5vtMi1xSu2ymgKVGW631e2fp9/R610ZjQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/util-body-length-node": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-4.2.3.tgz",
+      "integrity": "sha512-ZkJGvqBzMHVHE7r/hcuCxlTY8pQr1kMtdsVPs7ex4mMU+EAbcXppfo5NmyxMYi2XU49eqaz56j2gsk4dHHPG/g==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/util-buffer-from": {
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-4.2.2.tgz",
+      "integrity": "sha512-FDXD7cvUoFWwN6vtQfEta540Y/YBe5JneK3SoZg9bThSoOAC/eGeYEua6RkBgKjGa/sz6Y+DuBZj3+YEY21y4Q==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/is-array-buffer": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/util-config-provider": {
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-4.2.2.tgz",
+      "integrity": "sha512-dWU03V3XUprJwaUIFVv4iOnS1FC9HnMHDfUrlNDSh4315v0cWyaIErP8KiqGVbf5z+JupoVpNM7ZB3jFiTejvQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@smithy/util-defaults-mode-browser": {
+      "version": "4.3.47",
+      "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-4.3.47.tgz",
+      "integrity": "sha512-zlIuXai3/SHjQUQ8y3g/woLvrH573SK2wNjcDaHu5e9VOcC0JwM1MI0Sq0GZJyN3BwSUneIhpjZ18nsiz5AtQw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/smithy-client": "^4.12.11",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
     },
-    "node_modules/@rollup/rollup-linux-riscv64-musl": {
-      "version": "4.60.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.1.tgz",
-      "integrity": "sha512-RAjXjP/8c6ZtzatZcA1RaQr6O1TRhzC+adn8YZDnChliZHviqIjmvFwHcxi4JKPSDAt6Uhf/7vqcBzQJy0PDJg==",
-      "cpu": [
-        "riscv64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
+    "node_modules/@smithy/util-defaults-mode-node": {
+      "version": "4.2.52",
+      "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-4.2.52.tgz",
+      "integrity": "sha512-cQBz8g68Vnw1W2meXlkb3D/hXJU+Taiyj9P8qLJtjREEV9/Td65xi4A/H1sRQ8EIgX5qbZbvdYPKygKLholZ3w==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/config-resolver": "^4.4.16",
+        "@smithy/credential-provider-imds": "^4.2.14",
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/property-provider": "^4.2.14",
+        "@smithy/smithy-client": "^4.12.11",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
     },
-    "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.60.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.1.tgz",
-      "integrity": "sha512-wcuocpaOlaL1COBYiA89O6yfjlp3RwKDeTIA0hM7OpmhR1Bjo9j31G1uQVpDlTvwxGn2nQs65fBFL5UFd76FcQ==",
-      "cpu": [
-        "s390x"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
+    "node_modules/@smithy/util-endpoints": {
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-3.4.1.tgz",
+      "integrity": "sha512-wMxNDZJrgS5mQV9oxCs4TWl5767VMgOfqfZ3JHyCkMtGC2ykW9iPqMvFur695Otcc5yxLG8OKO/80tsQBxrhXg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/node-config-provider": "^4.3.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
     },
-    "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.60.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.1.tgz",
-      "integrity": "sha512-77PpsFQUCOiZR9+LQEFg9GClyfkNXj1MP6wRnzYs0EeWbPcHs02AXu4xuUbM1zhwn3wqaizle3AEYg5aeoohhg==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
+    "node_modules/@smithy/util-hex-encoding": {
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-4.2.2.tgz",
+      "integrity": "sha512-Qcz3W5vuHK4sLQdyT93k/rfrUwdJ8/HZ+nMUOyGdpeGA1Wxt65zYwi3oEl9kOM+RswvYq90fzkNDahPS8K0OIg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
     },
-    "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.60.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.1.tgz",
-      "integrity": "sha512-5cIATbk5vynAjqqmyBjlciMJl1+R/CwX9oLk/EyiFXDWd95KpHdrOJT//rnUl4cUcskrd0jCCw3wpZnhIHdD9w==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
+    "node_modules/@smithy/util-middleware": {
+      "version": "4.2.14",
+      "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-4.2.14.tgz",
+      "integrity": "sha512-1Su2vj9RYNDEv/V+2E+jXkkwGsgR7dc4sfHn9Z7ruzQHJIEni9zzw5CauvRXlFJfmgcqYP8fWa0dkh2Q2YaQyw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
     },
-    "node_modules/@rollup/rollup-openbsd-x64": {
-      "version": "4.60.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.1.tgz",
-      "integrity": "sha512-cl0w09WsCi17mcmWqqglez9Gk8isgeWvoUZ3WiJFYSR3zjBQc2J5/ihSjpl+VLjPqjQ/1hJRcqBfLjssREQILw==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openbsd"
-      ]
+    "node_modules/@smithy/util-retry": {
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-4.3.2.tgz",
+      "integrity": "sha512-2+KTsJEwTi63NUv4uR9IQ+IFT1yu6Rf6JuoBK2WKaaJ/TRvOiOVGcXAsEqX/TQN2thR9yII21kPUJq1UV/WI2A==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/service-error-classification": "^4.2.14",
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
     },
-    "node_modules/@rollup/rollup-openharmony-arm64": {
-      "version": "4.60.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.1.tgz",
-      "integrity": "sha512-4Cv23ZrONRbNtbZa37mLSueXUCtN7MXccChtKpUnQNgF010rjrjfHx3QxkS2PI7LqGT5xXyYs1a7LbzAwT0iCA==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openharmony"
-      ]
+    "node_modules/@smithy/util-stream": {
+      "version": "4.5.23",
+      "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-4.5.23.tgz",
+      "integrity": "sha512-N6on1+ngJ3RznZOnDWNveIwnTSlqxNnXuNAh7ez889ZZaRdXoNRTXKgmYOLe6dB0gCmAVtuRScE1hymQFl4hpg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/fetch-http-handler": "^5.3.17",
+        "@smithy/node-http-handler": "^4.5.3",
+        "@smithy/types": "^4.14.1",
+        "@smithy/util-base64": "^4.3.2",
+        "@smithy/util-buffer-from": "^4.2.2",
+        "@smithy/util-hex-encoding": "^4.2.2",
+        "@smithy/util-utf8": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
     },
-    "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.60.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.1.tgz",
-      "integrity": "sha512-i1okWYkA4FJICtr7KpYzFpRTHgy5jdDbZiWfvny21iIKky5YExiDXP+zbXzm3dUcFpkEeYNHgQ5fuG236JPq0g==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
+    "node_modules/@smithy/util-uri-escape": {
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-4.2.2.tgz",
+      "integrity": "sha512-2kAStBlvq+lTXHyAZYfJRb/DfS3rsinLiwb+69SstC9Vb0s9vNWkRwpnj918Pfi85mzi42sOqdV72OLxWAISnw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
     },
-    "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.60.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.1.tgz",
-      "integrity": "sha512-u09m3CuwLzShA0EYKMNiFgcjjzwqtUMLmuCJLeZWjjOYA3IT2Di09KaxGBTP9xVztWyIWjVdsB2E9goMjZvTQg==",
-      "cpu": [
-        "ia32"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
+    "node_modules/@smithy/util-utf8": {
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-4.2.2.tgz",
+      "integrity": "sha512-75MeYpjdWRe8M5E3AW0O4Cx3UadweS+cwdXjwYGBW5h/gxxnbeZ877sLPX/ZJA9GVTlL/qG0dXP29JWFCD1Ayw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/util-buffer-from": "^4.2.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
     },
-    "node_modules/@rollup/rollup-win32-x64-gnu": {
-      "version": "4.60.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.1.tgz",
-      "integrity": "sha512-k+600V9Zl1CM7eZxJgMyTUzmrmhB/0XZnF4pRypKAlAgxmedUA+1v9R+XOFv56W4SlHEzfeMtzujLJD22Uz5zg==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
+    "node_modules/@smithy/util-waiter": {
+      "version": "4.2.16",
+      "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-4.2.16.tgz",
+      "integrity": "sha512-GtclrKoZ3Lt7jPQ7aTIYKfjY92OgceScftVnkTsG8e1KV8rkvZgN+ny6YSRhd9hxB8rZtwVbmln7NTvE5O3GmQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^4.14.1",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
     },
-    "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.60.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.1.tgz",
-      "integrity": "sha512-lWMnixq/QzxyhTV6NjQJ4SFo1J6PvOX8vUx5Wb4bBPsEb+8xZ89Bz6kOXpfXj9ak9AHTQVQzlgzBEc1SyM27xQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
+    "node_modules/@smithy/uuid": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@smithy/uuid/-/uuid-1.1.2.tgz",
+      "integrity": "sha512-O/IEdcCUKkubz60tFbGA7ceITTAJsty+lBjNoorP4Z6XRqaFb/OjQjZODophEcuq68nKm6/0r+6/lLQ+XVpk8g==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
     },
     "node_modules/@types/estree": {
       "version": "1.0.8",
@@ -1014,6 +2585,12 @@
       "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==",
       "license": "ISC"
     },
+    "node_modules/bowser": {
+      "version": "2.14.1",
+      "resolved": "https://registry.npmjs.org/bowser/-/bowser-2.14.1.tgz",
+      "integrity": "sha512-tzPjzCxygAKWFOJP011oxFHs57HzIhOEracIgAePE4pqB3LikALKnSzUyU4MGs9/iCEUuHlAJTjTc5M+u7YEGg==",
+      "license": "MIT"
+    },
     "node_modules/cac": {
       "version": "6.7.14",
       "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz",
@@ -1252,6 +2829,41 @@
         "node": ">=12.0.0"
       }
     },
+    "node_modules/fast-xml-builder": {
+      "version": "1.1.5",
+      "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz",
+      "integrity": "sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/NaturalIntelligence"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "path-expression-matcher": "^1.1.3"
+      }
+    },
+    "node_modules/fast-xml-parser": {
+      "version": "5.5.8",
+      "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.5.8.tgz",
+      "integrity": "sha512-Z7Fh2nVQSb2d+poDViM063ix2ZGt9jmY1nWhPfHBOK2Hgnb/OW3P4Et3P/81SEej0J7QbWtJqxO05h8QYfK7LQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/NaturalIntelligence"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "fast-xml-builder": "^1.1.4",
+        "path-expression-matcher": "^1.2.0",
+        "strnum": "^2.2.0"
+      },
+      "bin": {
+        "fxparser": "src/cli/cli.js"
+      }
+    },
     "node_modules/fsevents": {
       "version": "2.3.2",
       "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
@@ -1437,6 +3049,21 @@
         "node": ">=14.0.0"
       }
     },
+    "node_modules/path-expression-matcher": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz",
+      "integrity": "sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/NaturalIntelligence"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
     "node_modules/pathe": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/pathe/-/pathe-1.1.2.tgz",
@@ -1731,6 +3358,18 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/strnum": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.2.3.tgz",
+      "integrity": "sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/NaturalIntelligence"
+        }
+      ],
+      "license": "MIT"
+    },
     "node_modules/thread-stream": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-4.0.0.tgz",
@@ -1787,6 +3426,12 @@
         "node": ">=14.0.0"
       }
     },
+    "node_modules/tslib": {
+      "version": "2.8.1",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
+      "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
+      "license": "0BSD"
+    },
     "node_modules/tsx": {
       "version": "4.21.0",
       "resolved": "https://registry.npmjs.org/tsx/-/tsx-4.21.0.tgz",
diff --git a/provisioner-scripts/package.json b/provisioner-scripts/package.json
index f02365e..7b8e0a2 100644
--- a/provisioner-scripts/package.json
+++ b/provisioner-scripts/package.json
@@ -11,7 +11,8 @@
   "dependencies": {
     "playwright": "^1.49.0",
     "imapflow": "^1.0.190",
-    "node-html-parser": "^7.0.1"
+    "node-html-parser": "^7.0.1",
+    "@aws-sdk/client-s3": "^3.0.0"
   },
   "devDependencies": {
     "vitest": "^2.1.0",
diff --git a/provisioner-scripts/scripts/weekly-live-test.sh b/provisioner-scripts/scripts/weekly-live-test.sh
new file mode 100755
index 0000000..8e2083a
--- /dev/null
+++ b/provisioner-scripts/scripts/weekly-live-test.sh
@@ -0,0 +1,108 @@
+#!/usr/bin/env bash
+# Weekly live-test runner for AgentKeys scrapers.
+#
+# Runs every deterministic scraper under src/scrapers/ end-to-end against
+# real services. Prints a pass/fail summary. Exit code is non-zero if any
+# scraper fails.
+#
+# NOT in CI — this creates real accounts and burns real API calls. Meant
+# for the project owner / dedicated human contributor to run on a schedule
+# (weekly cron, or before cutting a release) so provider-side flow drift
+# gets caught before a user does.
+#
+# Usage (from repo root):
+#   source scripts/stage6-demo-env.sh   # loads DAEMON_* + mints 1h STS creds
+#   bash provisioner-scripts/scripts/weekly-live-test.sh
+#
+# Every test run:
+#   1. resets Chrome to a fresh throwaway profile
+#   2. mints a fresh bot-$(date +%s)@bots.litentry.org signup email
+#   3. runs the scraper, captures JSON events to /tmp/
+#   4. records pass/fail based on {"type":"success"} presence
+#
+# Add a new service: drop its scraper under src/scrapers/<slug>-cdp.ts,
+# then add a `run_scraper <slug>` line in the body below.
+
+set -u
+
+REPO_ROOT=$(cd "$(dirname "$0")/../.." && pwd)
+PROVISIONER_ROOT="$REPO_ROOT/provisioner-scripts"
+RESET_CHROME="$REPO_ROOT/scripts/reset-chrome-for-recording.sh"
+
+if [ ! -x "$RESET_CHROME" ]; then
+  echo "error: $RESET_CHROME not found or not executable" >&2
+  exit 2
+fi
+if [ -z "${DAEMON_ACCESS_KEY_ID:-}" ] || [ -z "${DAEMON_SECRET_ACCESS_KEY:-}" ]; then
+  echo "error: DAEMON_* creds not loaded — run 'source scripts/stage6-demo-env.sh' first" >&2
+  exit 2
+fi
+
+PASS=()
+FAIL=()
+
+run_scraper() {
+  local slug=$1
+  local script="$PROVISIONER_ROOT/src/scrapers/${slug}-cdp.ts"
+  local log="/tmp/live-test-${slug}-$(date +%Y%m%d-%H%M%S).jsonl"
+
+  if [ ! -f "$script" ]; then
+    echo "skip: $script not found"
+    return
+  fi
+
+  echo ""
+  echo "=== $slug ==="
+  bash "$RESET_CHROME" 2>&1 | tail -2
+
+  # Fresh signup email per run (SES-S3 backend is configured by stage6-demo-env.sh).
+  export AGENTKEYS_SIGNUP_EMAIL="bot-$(date +%s)@${DOMAIN:-bots.litentry.org}"
+  # stage6-demo-env.sh exports AGENTKEYS_SIGNUP_PASSWORD; keep it.
+  if [ -z "${AGENTKEYS_SIGNUP_PASSWORD:-}" ]; then
+    echo "error: AGENTKEYS_SIGNUP_PASSWORD not set (stage6-demo-env.sh not sourced)" >&2
+    FAIL+=("$slug (missing-env)")
+    return
+  fi
+
+  echo "email:    $AGENTKEYS_SIGNUP_EMAIL"
+  echo "log:      $log"
+
+  local start=$(date +%s)
+  (cd "$PROVISIONER_ROOT" && npx tsx "src/scrapers/${slug}-cdp.ts") > "$log" 2>&1
+  local rc=$?
+  local elapsed=$(( $(date +%s) - start ))
+
+  if [ $rc -eq 0 ] && grep -q '"type":"success"' "$log"; then
+    local masked
+    masked=$(grep -o '"api_key":"[^"]*"' "$log" | head -1 | sed 's/.*"api_key":"\(sk-[^"]\{8\}\).*/\1****/')
+    PASS+=("$slug ($elapsed"s", $masked)")
+    echo "PASS ($elapsed"s", $masked)"
+  else
+    local err
+    err=$(grep -o '"type":"error","code":"[^"]*","details":"[^"]*"' "$log" | head -1)
+    FAIL+=("$slug ($elapsed"s", $err, log=$log)")
+    echo "FAIL ($elapsed"s") — see $log"
+    tail -5 "$log"
+  fi
+}
+
+# === scrapers to test ===
+run_scraper openrouter
+run_scraper openai
+
+# === summary ===
+echo ""
+echo "================================================================"
+echo "WEEKLY LIVE TEST SUMMARY  ($(date -u +%Y-%m-%dT%H:%M:%SZ))"
+echo "================================================================"
+if [ ${#PASS[@]} -gt 0 ]; then
+  echo "PASS (${#PASS[@]}):"
+  for p in "${PASS[@]}"; do echo "  ✓ $p"; done
+fi
+if [ ${#FAIL[@]} -gt 0 ]; then
+  echo "FAIL (${#FAIL[@]}):"
+  for f in "${FAIL[@]}"; do echo "  ✗ $f"; done
+fi
+echo "================================================================"
+
+[ ${#FAIL[@]} -eq 0 ]
diff --git a/provisioner-scripts/src/lib/captcha/hcaptcha.ts b/provisioner-scripts/src/lib/captcha/hcaptcha.ts
new file mode 100644
index 0000000..c9039c4
--- /dev/null
+++ b/provisioner-scripts/src/lib/captcha/hcaptcha.ts
@@ -0,0 +1,224 @@
+import type { Page } from "playwright";
+import { escalateAndThrow } from "../human-assist.js";
+
+export type HCaptchaMode = "not-present" | "auto-passive" | "capsolver" | "human" | "timeout";
+
+export interface HCaptchaOpts {
+  detectTimeoutMs?: number;
+  autoPassiveWindowMs?: number;
+  capsolverTimeoutMs?: number;
+  humanFallbackTimeoutMs?: number;
+  screenshotPathOnEscalate?: string;
+}
+
+// Detects hCaptcha on the page and resolves it via CapSolver when
+// CAPSOLVER_API_KEY is set, otherwise waits for the human to solve it in
+// the Chrome window. ElevenLabs uses invisible hCaptcha — page JS injects
+// the iframe and expects a token in textarea[name="h-captcha-response"].
+//
+// Flow:
+//   1. Detect iframe[src*="hcaptcha.com"] OR textarea[name="h-captcha-response"].
+//   2. If not present → not-present.
+//   3. Poll for token-populated within autoPassiveWindowMs. If it populates
+//      on its own (invisible-mode passes), return auto-passive.
+//   4. If CAPSOLVER_API_KEY is set: extract sitekey from iframe URL, submit
+//      to CapSolver, poll for token, inject into the textarea, fire
+//      input+change events. Return capsolver.
+//   5. Else human fallback (like turnstile-handler).
+export async function handleHCaptcha(
+  page: Page,
+  opts: HCaptchaOpts = {}
+): Promise<HCaptchaMode> {
+  const detectTimeout = opts.detectTimeoutMs ?? 5_000;
+  // Invisible hCaptcha fingerprints the browser after submit click and often
+  // auto-passes in 5-25s on real Chrome. 30s gives passive a fair shot.
+  const autoPassiveWindow = opts.autoPassiveWindowMs ?? 30_000;
+  const capsolverTimeout = opts.capsolverTimeoutMs ?? 180_000;
+  const humanFallbackTimeout = opts.humanFallbackTimeoutMs ?? 180_000;
+
+  const iframeSel = 'iframe[src*="hcaptcha.com"]';
+  const textareaSel = 'textarea[name="h-captcha-response"]';
+
+  const present = await page
+    .locator(`${iframeSel}, ${textareaSel}`)
+    .first()
+    .isVisible({ timeout: detectTimeout })
+    .catch(() => false);
+  const domPresent =
+    present ||
+    (await page.locator(textareaSel).count().catch(() => 0)) > 0;
+  if (!domPresent) return "not-present";
+
+  const isResolved = async (): Promise<boolean> => {
+    try {
+      const val = await page.evaluate(() => {
+        const tas = Array.from(
+          document.querySelectorAll<HTMLTextAreaElement>(
+            'textarea[name="h-captcha-response"]',
+          ),
+        );
+        return tas.find((t) => t.value && t.value.length > 20)?.value ?? "";
+      });
+      return Boolean(val);
+    } catch {
+      return false;
+    }
+  };
+
+  const start = Date.now();
+  while (Date.now() - start < autoPassiveWindow) {
+    if (await isResolved()) return "auto-passive";
+    await page.waitForTimeout(500);
+  }
+
+  const apiKey = process.env["CAPSOLVER_API_KEY"];
+  if (apiKey) {
+    const sitekey = await extractSitekey(page);
+    if (!sitekey) {
+      process.stderr.write("[hcaptcha] capsolver wanted but sitekey not found; falling back to human\n");
+    } else {
+      process.stderr.write(`[hcaptcha] solving via CapSolver (sitekey=${sitekey.slice(0, 8)}...)\n`);
+      const token = await solveHCaptchaViaCapSolver({
+        apiKey,
+        websiteUrl: page.url(),
+        websiteKey: sitekey,
+        timeoutMs: capsolverTimeout,
+      }).catch((err) => {
+        process.stderr.write(`[hcaptcha] CapSolver failed: ${err.message}\n`);
+        return null;
+      });
+      if (token) {
+        await page.evaluate((t) => {
+          const tas = Array.from(
+            document.querySelectorAll<HTMLTextAreaElement>(
+              'textarea[name="h-captcha-response"]',
+            ),
+          );
+          for (const ta of tas) {
+            ta.value = t;
+            ta.dispatchEvent(new Event("input", { bubbles: true }));
+            ta.dispatchEvent(new Event("change", { bubbles: true }));
+          }
+          // Some frontends also watch a global window callback. ElevenLabs
+          // registers `window.hcaptchaOnVerify` or similar. Best-effort call.
+          const w = window as unknown as {
+            hcaptchaOnVerify?: (t: string) => void;
+            onHCaptchaSuccess?: (t: string) => void;
+          };
+          try {
+            w.hcaptchaOnVerify?.(t);
+            w.onHCaptchaSuccess?.(t);
+          } catch {
+            /* ignore */
+          }
+        }, token);
+        // Give the framework a moment to revalidate the form.
+        await page.waitForTimeout(800);
+        if (await isResolved()) return "capsolver";
+        // Even if textarea.value check fails, the form may have accepted.
+        return "capsolver";
+      }
+    }
+  }
+
+  process.stderr.write(
+    "[hcaptcha] CapSolver unavailable or failed — please solve hCaptcha " +
+      "in the Chrome window. Waiting up to " +
+      Math.round(humanFallbackTimeout / 1000) +
+      "s...\n\x07\n",
+  );
+  const humanDeadline = Date.now() + humanFallbackTimeout;
+  while (Date.now() < humanDeadline) {
+    if (await isResolved()) return "human";
+    await page.waitForTimeout(1_000);
+  }
+
+  escalateAndThrow({
+    reason: "captcha",
+    hint: "hCaptcha did not resolve within fallback window",
+    url: page.url(),
+    screenshotPath: opts.screenshotPathOnEscalate ?? "(no screenshot)",
+    lastActionLog: [],
+  });
+}
+
+async function extractSitekey(page: Page): Promise<string | undefined> {
+  const iframeSrc = await page
+    .locator('iframe[src*="hcaptcha.com"]')
+    .first()
+    .getAttribute("src")
+    .catch(() => null);
+  if (iframeSrc) {
+    const m = iframeSrc.match(/sitekey=([a-f0-9-]{20,})/i);
+    if (m) return m[1];
+  }
+  // Fallback: scan DOM attributes and scripts for data-sitekey or sitekey.
+  return page
+    .evaluate(() => {
+      const attr = document.querySelector("[data-sitekey]")?.getAttribute("data-sitekey");
+      if (attr) return attr;
+      const html = document.documentElement.outerHTML;
+      const m = html.match(/sitekey[=:\s"']+([a-f0-9-]{30,})/i);
+      return m ? m[1] : undefined;
+    })
+    .catch(() => undefined);
+}
+
+interface CapSolverOpts {
+  apiKey: string;
+  websiteUrl: string;
+  websiteKey: string;
+  timeoutMs: number;
+  pollIntervalMs?: number;
+}
+
+async function solveHCaptchaViaCapSolver(opts: CapSolverOpts): Promise<string> {
+  const pollInterval = opts.pollIntervalMs ?? 3_000;
+  const createRes = await fetch("https://api.capsolver.com/createTask", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      clientKey: opts.apiKey,
+      task: {
+        type: "HCaptchaTaskProxyless",
+        websiteURL: opts.websiteUrl,
+        websiteKey: opts.websiteKey,
+      },
+    }),
+  });
+  const createJson = (await createRes.json()) as {
+    errorId?: number;
+    errorDescription?: string;
+    taskId?: string;
+  };
+  if (createJson.errorId || !createJson.taskId) {
+    throw new Error(`createTask: ${createJson.errorDescription ?? "unknown"}`);
+  }
+  const taskId = createJson.taskId;
+
+  const deadline = Date.now() + opts.timeoutMs;
+  while (Date.now() < deadline) {
+    await new Promise((r) => setTimeout(r, pollInterval));
+    const resultRes = await fetch("https://api.capsolver.com/getTaskResult", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ clientKey: opts.apiKey, taskId }),
+    });
+    const resultJson = (await resultRes.json()) as {
+      errorId?: number;
+      errorDescription?: string;
+      status?: "ready" | "processing" | "failed";
+      solution?: { gRecaptchaResponse?: string; token?: string };
+    };
+    if (resultJson.errorId) {
+      throw new Error(`getTaskResult: ${resultJson.errorDescription ?? "unknown"}`);
+    }
+    if (resultJson.status === "ready") {
+      const token =
+        resultJson.solution?.gRecaptchaResponse ?? resultJson.solution?.token;
+      if (!token) throw new Error("getTaskResult ready but no token in solution");
+      return token;
+    }
+  }
+  throw new Error(`CapSolver timed out after ${opts.timeoutMs}ms (taskId=${taskId})`);
+}
diff --git a/provisioner-scripts/src/lib/captcha/turnstile.ts b/provisioner-scripts/src/lib/captcha/turnstile.ts
new file mode 100644
index 0000000..b92c614
--- /dev/null
+++ b/provisioner-scripts/src/lib/captcha/turnstile.ts
@@ -0,0 +1,119 @@
+import type { Page } from "playwright";
+import { escalateAndThrow } from "../human-assist.js";
+
+export type TurnstileMode = "not-present" | "auto-passive" | "auto-click" | "human" | "timeout";
+
+export interface TurnstileOpts {
+  detectTimeoutMs?: number;
+  autoPassiveWindowMs?: number;
+  totalTimeoutMs?: number;
+  screenshotPathOnEscalate?: string;
+}
+
+// v1: human-only Turnstile handling, matching openrouter-cdp.ts:79-100
+// proven pattern. v2 TODO: add Claude-CV path via IPC with the skill host.
+//
+// Flow:
+//   1. Detect iframe/input within detectTimeoutMs (default 3s).
+//   2. If not present → not-present (return immediately).
+//   3. Poll for response-value population up to autoPassiveWindowMs (10s).
+//      If populated without human action → auto-passive.
+//   4. If still waiting, log to stderr + wait totalTimeoutMs (180s) for
+//      the human to click in the Chrome window.
+//   5. If response populates → human mode. Else → escalate.
+export async function handleTurnstile(
+  page: Page,
+  opts: TurnstileOpts = {}
+): Promise<TurnstileMode> {
+  // Clerk widgets + Turnstile iframe can take 3–7s to attach after form submit
+  // on slow networks. 3s was too aggressive; bumping to 8s reduces false
+  // "not-present" returns. If genuinely absent the 8s cost is one-time.
+  const detectTimeout = opts.detectTimeoutMs ?? 8_000;
+  const autoPassiveWindow = opts.autoPassiveWindowMs ?? 10_000;
+  const totalTimeout = opts.totalTimeoutMs ?? 180_000;
+
+  const iframeSel = 'iframe[src*="challenges.cloudflare.com"]';
+  const inputSel = 'input[name="cf-turnstile-response"]';
+
+  // Turnstile renders its visible widget inside a shadow root that Playwright
+  // can't see. The cf-turnstile-response input IS in the DOM (display:none)
+  // before any iframe attaches. Use count() as a presence signal — isVisible
+  // returns false for the hidden input and misses the iframe attach race.
+  const present = await page
+    .locator(`${iframeSel}, ${inputSel}`)
+    .first()
+    .isVisible({ timeout: detectTimeout })
+    .catch(() => false);
+  const domPresent =
+    present || (await page.locator(inputSel).count().catch(() => 0)) > 0;
+  if (!domPresent) {
+    return "not-present";
+  }
+
+  const isResolved = async (): Promise<boolean> => {
+    try {
+      const val = await page.locator(inputSel).first().inputValue({ timeout: 500 });
+      return Boolean(val && val.length > 0);
+    } catch {
+      return false;
+    }
+  };
+
+  const start = Date.now();
+  while (Date.now() - start < autoPassiveWindow) {
+    if (await isResolved()) return "auto-passive";
+    await page.waitForTimeout(500);
+  }
+
+  // Auto-click attempt: Turnstile's visible checkbox sits at a consistent
+  // position inside the cross-origin iframe (~25px from left, vertically
+  // centered). We can't pierce the iframe (cross-origin), but we can click
+  // at that absolute screen coordinate via the parent page's mouse.
+  process.stderr.write(
+    "[turnstile] auto-passive window elapsed; attempting mouse-click at iframe checkbox position\n"
+  );
+  try {
+    const box = await page
+      .locator(iframeSel)
+      .first()
+      .boundingBox({ timeout: 2_000 });
+    if (box) {
+      // Humanized approach to avoid instant teleport.
+      const targetX = box.x + 25;
+      const targetY = box.y + box.height / 2;
+      await page.mouse.move(targetX - 30, targetY + 10, { steps: 8 });
+      await page.waitForTimeout(150 + Math.floor(Math.random() * 200));
+      await page.mouse.move(targetX, targetY, { steps: 6 });
+      await page.waitForTimeout(80 + Math.floor(Math.random() * 120));
+      await page.mouse.click(targetX, targetY);
+      // Turnstile takes 1-3s to validate after click.
+      const clickDeadline = Date.now() + 15_000;
+      while (Date.now() < clickDeadline) {
+        if (await isResolved()) return "auto-click";
+        await page.waitForTimeout(500);
+      }
+    }
+  } catch {
+    // iframe bounding box unavailable; fall through to human wait
+  }
+
+  process.stderr.write(
+    "[turnstile] auto-click did not resolve — please click the checkbox " +
+      "in the Chrome window. Waiting up to " +
+      Math.round((totalTimeout - (Date.now() - start)) / 1000) +
+      "s...\n\x07\n"
+  );
+
+  while (Date.now() - start < totalTimeout) {
+    if (await isResolved()) return "human";
+    await page.waitForTimeout(1_000);
+  }
+
+  escalateAndThrow({
+    reason: "captcha",
+    hint: "Turnstile did not resolve within 180s",
+    url: page.url(),
+    screenshotPath: opts.screenshotPathOnEscalate ?? "(no screenshot)",
+    lastActionLog: [],
+  });
+}
diff --git a/provisioner-scripts/src/lib/email-analyzer.ts b/provisioner-scripts/src/lib/email-analyzer.ts
new file mode 100644
index 0000000..a275332
--- /dev/null
+++ b/provisioner-scripts/src/lib/email-analyzer.ts
@@ -0,0 +1,244 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { S3Client, ListObjectsV2Command, GetObjectCommand } from "@aws-sdk/client-s3";
+
+export type EmailAnalysis =
+  | {
+      verifyType: "magic-link";
+      from: string;
+      subject: string;
+      url: string;
+      urlHasHtmlEntities: boolean;
+      bodyDigest: string;
+    }
+  | {
+      verifyType: "otp";
+      from: string;
+      subject: string;
+      code: string;
+      bodyDigest: string;
+    }
+  | {
+      verifyType: "unknown";
+      from: string;
+      subject: string;
+      reason: string;
+      bodyDigest: string;
+    };
+
+// Shared URL detector — matches verification-link flavored URLs (Clerk,
+// generic /verify, ticket-based, etc.). Kept broad so we catch shapes
+// we haven't seen yet and surface them as `unknown` with the raw URL.
+const MAGIC_LINK_URL_REGEX = /(https:\/\/[^\s<>"'\)]*(?:clerk|\/verify|ticket=|verification|magic)[^\s<>"'\)]*)/i;
+const OTP_REGEX = /\b(\d{6})\b/;
+
+// Strip HTML tags and <style>…</style> blocks so the OTP extractor doesn't
+// match 6-digit CSS hex color codes (e.g. #141415) in email stylesheets.
+function stripHtmlForText(body: string): string {
+  return body
+    .replace(/<style\b[^>]*>[\s\S]*?<\/style>/gi, " ")
+    .replace(/<script\b[^>]*>[\s\S]*?<\/script>/gi, " ")
+    .replace(/<!--[\s\S]*?-->/g, " ")
+    .replace(/<[^>]+>/g, " ")
+    .replace(/&nbsp;/g, " ")
+    .replace(/&amp;/g, "&")
+    .replace(/&lt;/g, "<")
+    .replace(/&gt;/g, ">")
+    .replace(/\s+/g, " ")
+    .trim();
+}
+
+// Extract the OTP code from the visible (text) portion of the email. Prefer
+// codes that appear near labels ("code", "verification", "one-time", "login"),
+// fall back to the first remaining 6-digit sequence. Stripping HTML+CSS is
+// essential because email templates commonly embed 6-digit hex color codes
+// (e.g. #141415) that would otherwise be picked up as the OTP.
+function extractOtpCode(bodyText: string): string | undefined {
+  const labeled = bodyText.match(
+    /(?:verification|security|login|sign[-\s]?in|one[-\s]?time|auth(?:entication)?|access)\s*code[^0-9]{0,40}(\d{6})/i,
+  );
+  if (labeled) return labeled[1];
+  const before = bodyText.match(/(\d{6})[^0-9]{0,40}(?:is\s+your|to\s+(?:verify|sign|log))/i);
+  if (before) return before[1];
+  const first = OTP_REGEX.exec(bodyText);
+  return first ? first[1] : undefined;
+}
+
+export function parseHeaders(rawMime: string): { from: string; subject: string; body: string } {
+  const lines = rawMime.split(/\r?\n/);
+  let from = "";
+  let subject = "";
+  let bodyStartIndex = -1;
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    if (line === "") {
+      bodyStartIndex = i + 1;
+      break;
+    }
+    const lower = line.toLowerCase();
+    if (lower.startsWith("from:")) from = line.slice(5).trim();
+    else if (lower.startsWith("subject:")) subject = line.slice(8).trim();
+  }
+  const body = bodyStartIndex >= 0 ? lines.slice(bodyStartIndex).join("\n") : "";
+  return { from, subject, body };
+}
+
+export function normalizeQP(body: string): string {
+  return body
+    .replace(/=\r?\n/g, "")
+    .replace(/=3D/gi, "=")
+    .replace(/=2E/gi, ".")
+    .replace(/=2F/gi, "/")
+    .replace(/=3A/gi, ":")
+    .replace(/=3F/gi, "?")
+    .replace(/=26/gi, "&");
+}
+
+export function analyzeEmail(rawMime: string): EmailAnalysis {
+  const { from, subject, body } = parseHeaders(rawMime);
+  const normalized = normalizeQP(body);
+  const snippet = normalized.slice(0, 500).replace(/\s+/g, " ").trim();
+
+  // Magic-link takes priority if a recognizable URL is present.
+  const urlMatch = MAGIC_LINK_URL_REGEX.exec(normalized);
+  if (urlMatch && urlMatch[1]) {
+    return {
+      verifyType: "magic-link",
+      from,
+      subject,
+      url: urlMatch[1],
+      urlHasHtmlEntities: /&(amp|lt|gt|quot|#39|#x27);/.test(urlMatch[1]),
+      bodyDigest: snippet,
+    };
+  }
+
+  // No verification URL — look for 6-digit OTP in the visible text (HTML/CSS
+  // stripped) so we don't latch onto CSS hex color codes.
+  const plainText = stripHtmlForText(normalized);
+  const otpCode = extractOtpCode(plainText);
+  if (otpCode) {
+    return {
+      verifyType: "otp",
+      from,
+      subject,
+      code: otpCode,
+      bodyDigest: snippet,
+    };
+  }
+
+  return {
+    verifyType: "unknown",
+    from,
+    subject,
+    reason: "no magic-link URL and no 6-digit code found after QP normalization",
+    bodyDigest: snippet,
+  };
+}
+
+// High-level helper for scrapers: poll S3 for a fresh email matching
+// from/subject patterns, then parse it via analyzeEmail (HTML-strip + label-
+// aware OTP extract). Returns the structured EmailAnalysis — caller picks
+// between verifyType === "magic-link" | "otp" | "unknown".
+//
+// Only works with the ses-s3 email backend. Gmail-IMAP / mock-inbox callers
+// continue using `fetchVerificationCode` from lib/email.ts with a regex.
+export async function fetchAndAnalyzeSesEmail(opts: {
+  bucket: string;
+  region?: string;
+  fromPattern: RegExp;
+  subjectPattern: RegExp;
+  startedAtMs?: number;
+  timeoutMs?: number;
+}): Promise<EmailAnalysis> {
+  const startedAtMs = opts.startedAtMs ?? Date.now();
+  const { rawMime } = await pollFreshRawEmail({
+    bucket: opts.bucket,
+    region: opts.region,
+    startedAtMs,
+    timeoutMs: opts.timeoutMs ?? 120_000,
+    fromPattern: opts.fromPattern,
+    subjectPattern: opts.subjectPattern,
+  });
+  return analyzeEmail(rawMime);
+}
+
+async function streamToString(stream: NodeJS.ReadableStream): Promise<string> {
+  const chunks: Buffer[] = [];
+  for await (const chunk of stream) {
+    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk as string));
+  }
+  return Buffer.concat(chunks).toString("utf-8");
+}
+
+// Poll S3 for the freshest matching inbound email after `startedAtMs`.
+// Returns { key, rawMime } once a fresh object is found, or throws on timeout.
+export async function pollFreshRawEmail(opts: {
+  bucket: string;
+  region?: string;
+  startedAtMs: number;
+  freshnessGraceMs?: number;
+  timeoutMs?: number;
+  pollIntervalMs?: number;
+  fromPattern?: RegExp;
+  subjectPattern?: RegExp;
+  s3Override?: S3Client;
+}): Promise<{ key: string; rawMime: string }> {
+  const region =
+    opts.region ??
+    process.env["AWS_REGION"] ??
+    process.env["AWS_DEFAULT_REGION"] ??
+    process.env["REGION"] ??
+    "us-east-1";
+  const s3 = opts.s3Override ?? new S3Client({ region });
+  const threshold = new Date(opts.startedAtMs - (opts.freshnessGraceMs ?? 60_000));
+  const timeout = opts.timeoutMs ?? 120_000;
+  const interval = opts.pollIntervalMs ?? 2_000;
+  const begin = Date.now();
+  const seen = new Set<string>();
+
+  while (Date.now() - begin < timeout) {
+    const list = await s3.send(new ListObjectsV2Command({ Bucket: opts.bucket, Prefix: "inbound/" }));
+    const objs = (list.Contents ?? [])
+      .filter((o) => o.Key && !seen.has(o.Key))
+      .filter((o) => !o.LastModified || o.LastModified >= threshold)
+      .sort((a, b) => (b.LastModified?.getTime() ?? 0) - (a.LastModified?.getTime() ?? 0));
+
+    for (const obj of objs) {
+      if (!obj.Key) continue;
+      seen.add(obj.Key);
+      const resp = await s3.send(new GetObjectCommand({ Bucket: opts.bucket, Key: obj.Key }));
+      if (!resp.Body) continue;
+      const rawMime = await streamToString(resp.Body as NodeJS.ReadableStream);
+      if (opts.fromPattern || opts.subjectPattern) {
+        const { from, subject } = parseHeaders(rawMime);
+        if (opts.fromPattern && !opts.fromPattern.test(from)) continue;
+        if (opts.subjectPattern && !opts.subjectPattern.test(subject)) continue;
+      }
+      return { key: obj.Key, rawMime };
+    }
+
+    await new Promise<void>((resolve) => setTimeout(resolve, interval));
+  }
+
+  throw new Error(
+    `pollFreshRawEmail: no fresh matching email arrived in s3://${opts.bucket}/inbound/ within ${timeout}ms`
+  );
+}
+
+// Read a raw .eml from disk, analyze, and dump { raw.eml, normalized.txt,
+// analysis.json } into a per-email subdir under recordings/.../emails/.
+export function dumpEmailToRecording(
+  emailsDir: string,
+  key: string,
+  rawMime: string
+): EmailAnalysis {
+  const safeKey = key.replace(/[^a-zA-Z0-9._-]/g, "_");
+  const dir = path.join(emailsDir, safeKey);
+  fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(path.join(dir, "raw.eml"), rawMime);
+  const { body } = parseHeaders(rawMime);
+  fs.writeFileSync(path.join(dir, "normalized.txt"), normalizeQP(body));
+  const analysis = analyzeEmail(rawMime);
+  fs.writeFileSync(path.join(dir, "analysis.json"), JSON.stringify(analysis, null, 2));
+  return analysis;
+}
diff --git a/provisioner-scripts/src/lib/email-backends/gmail-imap.ts b/provisioner-scripts/src/lib/email-backends/gmail-imap.ts
new file mode 100644
index 0000000..cde0bce
--- /dev/null
+++ b/provisioner-scripts/src/lib/email-backends/gmail-imap.ts
@@ -0,0 +1,125 @@
+import { parse as parseHtml } from "node-html-parser";
+import type { FetchOpts } from "../email.js";
+
+export interface ImapClientLike {
+  connect(): Promise<void>;
+  close(): Promise<void>;
+  mailboxOpen(name: string): Promise<void>;
+  search(query: object): Promise<number[]>;
+  fetchOne(
+    uid: number,
+    query: object
+  ): Promise<{
+    envelope: { from: Array<{ address: string }>; subject: string };
+    source: Buffer | string;
+  } | null>;
+}
+
+interface EmailTimeoutError {
+  code: "EMAIL_TIMEOUT";
+  elapsed_ms: number;
+}
+
+interface EmailNotFoundError {
+  code: "EMAIL_NOT_FOUND";
+  elapsed_ms: number;
+}
+
+async function createDefaultImapClient(): Promise<ImapClientLike> {
+  const emailUser = process.env["AGENTKEYS_EMAIL_USER"];
+  const emailPassword = process.env["AGENTKEYS_EMAIL_PASSWORD"];
+  if (!emailUser) throw new Error("AGENTKEYS_EMAIL_USER env var is required");
+  if (!emailPassword) throw new Error("AGENTKEYS_EMAIL_PASSWORD env var is required");
+
+  const host = process.env["AGENTKEYS_EMAIL_HOST"] ?? "imap.gmail.com";
+  const port = parseInt(process.env["AGENTKEYS_EMAIL_PORT"] ?? "993", 10);
+
+  const { ImapFlow } = await import("imapflow");
+
+  return new ImapFlow({
+    host,
+    port,
+    secure: true,
+    auth: { user: emailUser, pass: emailPassword },
+    logger: false,
+  }) as unknown as ImapClientLike;
+}
+
+function extractTextFromBody(source: Buffer | string): string {
+  const raw = typeof source === "string" ? source : source.toString("utf-8");
+  if (raw.includes("<html") || raw.includes("<HTML")) {
+    const root = parseHtml(raw);
+    return root.text;
+  }
+  return raw;
+}
+
+export async function fetchViaGmailImap(opts: FetchOpts & { imapClientFactory?: () => ImapClientLike }): Promise<string> {
+  const pollIntervalMs = opts.pollIntervalMs ?? 1500;
+  const startedAt = Date.now();
+
+  const client = opts.imapClientFactory
+    ? opts.imapClientFactory()
+    : await createDefaultImapClient();
+
+  try {
+    await client.connect();
+    await client.mailboxOpen("INBOX");
+
+    while (true) {
+      const elapsed = Date.now() - startedAt;
+
+      if (elapsed >= opts.timeoutMs) {
+        const timeoutErr: EmailTimeoutError = { code: "EMAIL_TIMEOUT", elapsed_ms: elapsed };
+        throw timeoutErr;
+      }
+
+      const uids = await client.search({ all: true });
+
+      let matchedEnvelope = false;
+
+      for (const uid of uids) {
+        const msg = await client.fetchOne(uid, { envelope: true, source: true });
+        if (!msg) continue;
+
+        const fromAddress = msg.envelope.from[0]?.address ?? "";
+        const subjectLine = msg.envelope.subject ?? "";
+
+        if (!opts.from.test(fromAddress) || !opts.subject.test(subjectLine)) {
+          continue;
+        }
+
+        matchedEnvelope = true;
+        const bodyText = extractTextFromBody(msg.source);
+        const match = opts.codeRegex.exec(bodyText);
+
+        if (match && match[1] !== undefined) {
+          return match[1];
+        }
+      }
+
+      if (matchedEnvelope) {
+        const notFoundErr: EmailNotFoundError = {
+          code: "EMAIL_NOT_FOUND",
+          elapsed_ms: Date.now() - startedAt,
+        };
+        throw notFoundErr;
+      }
+
+      const remainingMs = opts.timeoutMs - (Date.now() - startedAt);
+      if (remainingMs <= 0) {
+        const timeoutErr: EmailTimeoutError = {
+          code: "EMAIL_TIMEOUT",
+          elapsed_ms: Date.now() - startedAt,
+        };
+        throw timeoutErr;
+      }
+
+      await new Promise<void>((resolve) =>
+        setTimeout(resolve, Math.min(pollIntervalMs, remainingMs))
+      );
+    }
+  } finally {
+    await client.close();
+  }
+}
diff --git a/provisioner-scripts/src/lib/email-backends/mock-inbox.ts b/provisioner-scripts/src/lib/email-backends/mock-inbox.ts
new file mode 100644
index 0000000..aafb7ae
--- /dev/null
+++ b/provisioner-scripts/src/lib/email-backends/mock-inbox.ts
@@ -0,0 +1,76 @@
+import type { FetchOpts } from "../email.js";
+
+interface InboxMessage {
+  msg_id: string;
+  from: string;
+  subject: string | null;
+  body: string | null;
+  received_at: number;
+}
+
+interface EmailTimeoutError {
+  code: "EMAIL_TIMEOUT";
+  elapsed_ms: number;
+}
+
+export async function fetchViaMockInbox(opts: FetchOpts): Promise<string> {
+  const backendUrl = process.env["AGENTKEYS_BACKEND_URL"] ?? "http://127.0.0.1:8090";
+  const sessionToken = process.env["AGENTKEYS_SESSION_TOKEN"];
+  if (!sessionToken) {
+    throw new Error("AGENTKEYS_SESSION_TOKEN env var is required for mock-inbox backend");
+  }
+
+  const inboxAddress = process.env["AGENTKEYS_SIGNUP_EMAIL"];
+  if (!inboxAddress) {
+    throw new Error("AGENTKEYS_SIGNUP_EMAIL env var is required for mock-inbox backend");
+  }
+
+  const pollIntervalMs = opts.pollIntervalMs ?? 2000;
+  const startedAt = Date.now();
+
+  const endpoint = `${backendUrl}/mock/inbox/messages?address=${encodeURIComponent(inboxAddress)}`;
+
+  while (true) {
+    const elapsed = Date.now() - startedAt;
+
+    if (elapsed >= opts.timeoutMs) {
+      const timeoutErr: EmailTimeoutError = { code: "EMAIL_TIMEOUT", elapsed_ms: elapsed };
+      throw timeoutErr;
+    }
+
+    const response = await fetch(endpoint, {
+      headers: { Authorization: `Bearer ${sessionToken}` },
+    });
+
+    if (!response.ok) {
+      throw new Error(`mock-inbox fetch failed: ${response.status} ${response.statusText}`);
+    }
+
+    const messages: InboxMessage[] = await response.json() as InboxMessage[];
+
+    for (const msg of messages) {
+      const fromAddr = msg.from ?? "";
+      const subjectLine = msg.subject ?? "";
+
+      if (!opts.from.test(fromAddr) || !opts.subject.test(subjectLine)) {
+        continue;
+      }
+
+      const bodyText = msg.body ?? "";
+      const match = opts.codeRegex.exec(bodyText);
+      if (match && match[1] !== undefined) {
+        return match[1];
+      }
+    }
+
+    const remainingMs = opts.timeoutMs - (Date.now() - startedAt);
+    if (remainingMs <= 0) {
+      const timeoutErr: EmailTimeoutError = { code: "EMAIL_TIMEOUT", elapsed_ms: Date.now() - startedAt };
+      throw timeoutErr;
+    }
+
+    await new Promise<void>((resolve) =>
+      setTimeout(resolve, Math.min(pollIntervalMs, remainingMs))
+    );
+  }
+}
diff --git a/provisioner-scripts/src/lib/email-backends/ses-s3.ts b/provisioner-scripts/src/lib/email-backends/ses-s3.ts
new file mode 100644
index 0000000..2c3f778
--- /dev/null
+++ b/provisioner-scripts/src/lib/email-backends/ses-s3.ts
@@ -0,0 +1,188 @@
+import type { FetchOpts } from "../email.js";
+import { S3Client, ListObjectsV2Command, GetObjectCommand } from "@aws-sdk/client-s3";
+
+export class EmailTimeoutError extends Error {
+  readonly code = "EMAIL_TIMEOUT" as const;
+  constructor(
+    public readonly elapsed_ms: number,
+    public readonly scanned: number,
+    public readonly reasons: Record<string, number>,
+    public readonly samples: Array<{ key: string; from: string; subject: string }>
+  ) {
+    const reasonsStr = Object.entries(reasons)
+      .map(([k, v]) => `${k}=${v}`)
+      .join(" ");
+    const samplesStr = samples
+      .slice(0, 5)
+      .map((s) => `  - ${s.key} | from=${s.from.slice(0, 50)} | subject=${s.subject.slice(0, 50)}`)
+      .join("\n");
+    super(
+      `EMAIL_TIMEOUT after ${elapsed_ms}ms — scanned ${scanned} objects | ${reasonsStr}\n` +
+      (samples.length > 0 ? `most recent objects:\n${samplesStr}` : "bucket appeared empty during poll")
+    );
+    this.name = "EmailTimeoutError";
+  }
+}
+
+const debug = (msg: string) => process.stderr.write(`[ses-s3] ${new Date().toISOString().slice(11, 19)} ${msg}\n`);
+
+function parseEmailHeaders(rawMime: string): { from: string; subject: string; body: string } {
+  const lines = rawMime.split(/\r?\n/);
+  let from = "";
+  let subject = "";
+  let bodyStartIndex = -1;
+
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    if (line === "") {
+      bodyStartIndex = i + 1;
+      break;
+    }
+    const lower = line.toLowerCase();
+    if (lower.startsWith("from:")) {
+      from = line.slice(5).trim();
+    } else if (lower.startsWith("subject:")) {
+      subject = line.slice(8).trim();
+    }
+  }
+
+  const body = bodyStartIndex >= 0 ? lines.slice(bodyStartIndex).join("\n") : "";
+  return { from, subject, body };
+}
+
+async function streamToString(stream: NodeJS.ReadableStream): Promise<string> {
+  const chunks: Buffer[] = [];
+  for await (const chunk of stream) {
+    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk as string));
+  }
+  return Buffer.concat(chunks).toString("utf-8");
+}
+
+// Most transactional providers (Clerk/SendGrid/Postmark) encode HTML bodies in
+// quoted-printable. That splits long URLs across lines via "=\n" soft breaks and
+// encodes reserved chars (=3D, =2E, =2F, =3A). A naive regex over the raw body
+// fails to match verification URLs. Normalizing before regex keeps the backend
+// generic across OTP digits and magic-link URLs.
+function normalizeQuotedPrintable(body: string): string {
+  return body
+    .replace(/=\r?\n/g, "")
+    .replace(/=3D/gi, "=")
+    .replace(/=2E/gi, ".")
+    .replace(/=2F/gi, "/")
+    .replace(/=3A/gi, ":")
+    .replace(/=3F/gi, "?")
+    .replace(/=26/gi, "&");
+}
+
+export async function fetchViaSesS3(opts: FetchOpts, s3ClientOverride?: S3Client): Promise<string> {
+  const bucket = process.env["AGENTKEYS_SES_BUCKET"];
+  if (!bucket) {
+    throw new Error("AGENTKEYS_SES_BUCKET env var is required for ses-s3 backend");
+  }
+
+  // AWS SDK reads AWS_REGION / AWS_DEFAULT_REGION. Fall back to REGION
+  // (our runbook's preferred name) so one forgotten AWS_-prefix doesn't
+  // stop the whole flow. Explicit config beats SDK's default chain here.
+  const region =
+    process.env["AWS_REGION"] ??
+    process.env["AWS_DEFAULT_REGION"] ??
+    process.env["REGION"] ??
+    "us-east-1";
+  const s3 = s3ClientOverride ?? new S3Client({ region });
+
+  const pollIntervalMs = opts.pollIntervalMs ?? 2000;
+  const startedAt = Date.now();
+  // The bucket accumulates emails from prior runs. Verification tokens expire
+  // in ~10 min, so matching an old email silently fails at page.goto with
+  // "link expired". Only consider emails that arrived after the scraper
+  // began polling, minus a small grace window for SES→S3 latency + clock skew.
+  const freshnessThreshold = new Date(startedAt - (opts.freshnessGraceMs ?? 60_000));
+  const seenKeys = new Set<string>();
+  const reasons: Record<string, number> = {
+    stale: 0,
+    from_rejected: 0,
+    subject_rejected: 0,
+    regex_no_match: 0,
+    empty_body: 0,
+    matched: 0,
+  };
+  const samples: Array<{ key: string; from: string; subject: string }> = [];
+
+  debug(`polling s3://${bucket}/inbound/ — from=${opts.from} subject=${opts.subject} code=${opts.codeRegex} timeout=${opts.timeoutMs}ms freshnessThreshold=${freshnessThreshold.toISOString()}`);
+
+  while (true) {
+    const elapsed = Date.now() - startedAt;
+    if (elapsed >= opts.timeoutMs) {
+      throw new EmailTimeoutError(elapsed, seenKeys.size, reasons, samples);
+    }
+
+    const listResponse = await s3.send(
+      new ListObjectsV2Command({ Bucket: bucket, Prefix: "inbound/" })
+    );
+    // Freshest-first so we prefer the most recent verification email when
+    // more than one arrives (e.g. user clicked "Resend").
+    const objects = (listResponse.Contents ?? [])
+      .slice()
+      .sort((a, b) => (b.LastModified?.getTime() ?? 0) - (a.LastModified?.getTime() ?? 0));
+
+    for (const obj of objects) {
+      const key = obj.Key;
+      if (!key || seenKeys.has(key)) continue;
+      seenKeys.add(key);
+
+      if (obj.LastModified && obj.LastModified < freshnessThreshold) {
+        reasons.stale++;
+        debug(`skip ${key}: LastModified=${obj.LastModified.toISOString()} is older than freshness threshold (prior-run leftover)`);
+        continue;
+      }
+
+      const getResponse = await s3.send(new GetObjectCommand({ Bucket: bucket, Key: key }));
+      if (!getResponse.Body) {
+        reasons.empty_body++;
+        debug(`skip ${key}: empty body`);
+        continue;
+      }
+
+      const rawMime = await streamToString(getResponse.Body as NodeJS.ReadableStream);
+      const { from, subject, body } = parseEmailHeaders(rawMime);
+      samples.push({ key, from, subject });
+      if (samples.length > 10) samples.shift();
+
+      const fromOk = opts.from.test(from);
+      const subjectOk = opts.subject.test(subject);
+      if (!fromOk) {
+        reasons.from_rejected++;
+        debug(`skip ${key}: from=${JSON.stringify(from)} did not match ${opts.from}`);
+        continue;
+      }
+      if (!subjectOk) {
+        reasons.subject_rejected++;
+        debug(`skip ${key}: from=${JSON.stringify(from)} OK but subject=${JSON.stringify(subject)} did not match ${opts.subject}`);
+        continue;
+      }
+
+      const normalizedBody = normalizeQuotedPrintable(body);
+      const match = opts.codeRegex.exec(normalizedBody);
+      if (match && match[1] !== undefined) {
+        reasons.matched++;
+        debug(`MATCH ${key}: extracted ${match[1].slice(0, 80)}${match[1].length > 80 ? "..." : ""}`);
+        return match[1];
+      }
+      reasons.regex_no_match++;
+      const bodySnippet = normalizedBody.slice(0, 400).replace(/\s+/g, " ");
+      debug(`skip ${key}: from+subject matched but codeRegex ${opts.codeRegex} found nothing. body[0..400]=${JSON.stringify(bodySnippet)}`);
+    }
+
+    const remainingMs = opts.timeoutMs - (Date.now() - startedAt);
+    if (remainingMs <= 0) {
+      throw new EmailTimeoutError(Date.now() - startedAt, seenKeys.size, reasons, samples);
+    }
+    if (seenKeys.size === 0 && elapsed > 10_000 && elapsed % 20_000 < pollIntervalMs) {
+      debug(`still waiting — bucket is empty after ${Math.round(elapsed / 1000)}s. Check MX/DNS or SES receipt rule.`);
+    }
+
+    await new Promise<void>((resolve) =>
+      setTimeout(resolve, Math.min(pollIntervalMs, remainingMs))
+    );
+  }
+}
diff --git a/provisioner-scripts/src/lib/email.ts b/provisioner-scripts/src/lib/email.ts
index b91c326..77ca810 100644
--- a/provisioner-scripts/src/lib/email.ts
+++ b/provisioner-scripts/src/lib/email.ts
@@ -1,18 +1,4 @@
-import { parse as parseHtml } from "node-html-parser";
-
-export interface ImapClientLike {
-  connect(): Promise<void>;
-  close(): Promise<void>;
-  mailboxOpen(name: string): Promise<void>;
-  search(query: object): Promise<number[]>;
-  fetchOne(
-    uid: number,
-    query: object
-  ): Promise<{
-    envelope: { from: Array<{ address: string }>; subject: string };
-    source: Buffer | string;
-  } | null>;
-}
+export type { ImapClientLike } from "./email-backends/gmail-imap.js";
 
 export interface FetchOpts {
   from: RegExp;
@@ -20,114 +6,43 @@ export interface FetchOpts {
   codeRegex: RegExp;
   timeoutMs: number;
   pollIntervalMs?: number;
-  imapClientFactory?: () => ImapClientLike;
-}
-
-interface EmailTimeoutError {
-  code: "EMAIL_TIMEOUT";
-  elapsed_ms: number;
-}
-
-interface EmailNotFoundError {
-  code: "EMAIL_NOT_FOUND";
-  elapsed_ms: number;
+  // ses-s3 only: how many ms before poll start a message may be and still
+  // count as fresh. Default 60_000. Smaller = stricter rejection of prior-run
+  // leftovers; larger = more tolerant to clock skew / S3 delivery latency.
+  freshnessGraceMs?: number;
+  imapClientFactory?: () => import("./email-backends/gmail-imap.js").ImapClientLike;
 }
 
-async function createDefaultImapClient(): Promise<ImapClientLike> {
-  const emailUser = process.env["AGENTKEYS_EMAIL_USER"];
-  const emailPassword = process.env["AGENTKEYS_EMAIL_PASSWORD"];
-  if (!emailUser) throw new Error("AGENTKEYS_EMAIL_USER env var is required");
-  if (!emailPassword) throw new Error("AGENTKEYS_EMAIL_PASSWORD env var is required");
+type EmailBackend = "gmail" | "mock-inbox" | "ses-s3";
 
-  const host = process.env["AGENTKEYS_EMAIL_HOST"] ?? "imap.gmail.com";
-  const port = parseInt(process.env["AGENTKEYS_EMAIL_PORT"] ?? "993", 10);
-
-  const { ImapFlow } = await import("imapflow");
-
-  return new ImapFlow({
-    host,
-    port,
-    secure: true,
-    auth: { user: emailUser, pass: emailPassword },
-    logger: false,
-  }) as unknown as ImapClientLike;
-}
-
-function extractTextFromBody(source: Buffer | string): string {
-  const raw = typeof source === "string" ? source : source.toString("utf-8");
-  if (raw.includes("<html") || raw.includes("<HTML")) {
-    const root = parseHtml(raw);
-    return root.text;
+function resolveBackend(): EmailBackend {
+  const raw = process.env["AGENTKEYS_EMAIL_BACKEND"] ?? "gmail";
+  if (raw === "gmail" || raw === "mock-inbox" || raw === "ses-s3") {
+    return raw;
   }
-  return raw;
+  throw new Error(
+    `Unknown AGENTKEYS_EMAIL_BACKEND value "${raw}". Accepted values: gmail, mock-inbox, ses-s3`
+  );
 }
 
 export async function fetchVerificationCode(opts: FetchOpts): Promise<string> {
-  const pollIntervalMs = opts.pollIntervalMs ?? 1500;
-  const startedAt = Date.now();
-
-  const client = opts.imapClientFactory
-    ? opts.imapClientFactory()
-    : await createDefaultImapClient();
-
-  try {
-    await client.connect();
-    await client.mailboxOpen("INBOX");
+  const backend = resolveBackend();
 
-    while (true) {
-      const elapsed = Date.now() - startedAt;
-
-      if (elapsed >= opts.timeoutMs) {
-        const timeoutErr: EmailTimeoutError = { code: "EMAIL_TIMEOUT", elapsed_ms: elapsed };
-        throw timeoutErr;
-      }
-
-      const uids = await client.search({ all: true });
-
-      let matchedEnvelope = false;
-
-      for (const uid of uids) {
-        const msg = await client.fetchOne(uid, { envelope: true, source: true });
-        if (!msg) continue;
-
-        const fromAddress = msg.envelope.from[0]?.address ?? "";
-        const subjectLine = msg.envelope.subject ?? "";
-
-        if (!opts.from.test(fromAddress) || !opts.subject.test(subjectLine)) {
-          continue;
-        }
-
-        matchedEnvelope = true;
-        const bodyText = extractTextFromBody(msg.source);
-        const match = opts.codeRegex.exec(bodyText);
-
-        if (match && match[1] !== undefined) {
-          return match[1];
-        }
-      }
-
-      if (matchedEnvelope) {
-        const notFoundErr: EmailNotFoundError = {
-          code: "EMAIL_NOT_FOUND",
-          elapsed_ms: Date.now() - startedAt,
-        };
-        throw notFoundErr;
-      }
+  if (backend === "gmail") {
+    const { fetchViaGmailImap } = await import("./email-backends/gmail-imap.js");
+    return fetchViaGmailImap(opts);
+  }
 
-      const remainingMs = opts.timeoutMs - (Date.now() - startedAt);
-      if (remainingMs <= 0) {
-        const timeoutErr: EmailTimeoutError = {
-          code: "EMAIL_TIMEOUT",
-          elapsed_ms: Date.now() - startedAt,
-        };
-        throw timeoutErr;
-      }
+  if (backend === "mock-inbox") {
+    const { fetchViaMockInbox } = await import("./email-backends/mock-inbox.js");
+    return fetchViaMockInbox(opts);
+  }
 
-      await new Promise<void>((resolve) =>
-        setTimeout(resolve, Math.min(pollIntervalMs, remainingMs))
-      );
-    }
-  } finally {
-    await client.close();
+  if (backend === "ses-s3") {
+    const { fetchViaSesS3 } = await import("./email-backends/ses-s3.js");
+    return fetchViaSesS3(opts);
   }
+
+  const _exhaustive: never = backend;
+  throw new Error(`Unhandled backend: ${String(_exhaustive)}`);
 }
diff --git a/provisioner-scripts/src/lib/human-assist.ts b/provisioner-scripts/src/lib/human-assist.ts
new file mode 100644
index 0000000..1662d26
--- /dev/null
+++ b/provisioner-scripts/src/lib/human-assist.ts
@@ -0,0 +1,50 @@
+import * as fs from "node:fs";
+
+export type AssistReason =
+  | "captcha"
+  | "unknown-modal"
+  | "selector-missing"
+  | "verification-blocked"
+  | "auth-challenge"
+  | "other";
+
+export interface AssistContext {
+  reason: AssistReason;
+  hint: string;
+  url: string;
+  screenshotPath: string;
+  lastActionLog: string[];
+}
+
+const ESCALATION_LOG_PATH =
+  process.env["AGENTKEYS_ESCALATION_LOG"] ?? "/tmp/agentkeys-escalations.jsonl";
+
+// v1 helper: appends one JSONL line to the escalation log, then throws an
+// Error. Scrapers call this at every spot where the recording's observed
+// shape might have drifted (captcha, unknown modal, selector missing,
+// auth challenge, etc.). v2 will replace the body with a HumanAssist
+// provider dispatch (stdin prompt, desktop notification, Slack message)
+// and the interface stays identical — zero code change in callers.
+export function escalateAndThrow(ctx: AssistContext): never {
+  const entry = { ...ctx, ts: new Date().toISOString() };
+  try {
+    fs.appendFileSync(ESCALATION_LOG_PATH, JSON.stringify(entry) + "\n");
+  } catch {
+    // best-effort: if we can't write the log, still throw so the caller
+    // learns about the escalation through the exception path.
+  }
+  throw new Error(
+    `[${ctx.reason}] ${ctx.hint} at ${ctx.url} (screenshot: ${ctx.screenshotPath})`
+  );
+}
+
+// v2 (not implemented yet): HumanAssist interface for richer channels.
+// Define here so callers can reference the type when they're ready.
+export type AssistResult =
+  | { action: "resolved"; continue: true; skipStep?: boolean; note?: string }
+  | { action: "aborted"; reason: string }
+  | { action: "timeout" };
+
+export interface HumanAssist {
+  requestAssistance(ctx: AssistContext & { timeoutMs: number }): Promise<AssistResult>;
+}
diff --git a/provisioner-scripts/src/lib/playwright-patterns.ts b/provisioner-scripts/src/lib/playwright-patterns.ts
new file mode 100644
index 0000000..fb2f685
--- /dev/null
+++ b/provisioner-scripts/src/lib/playwright-patterns.ts
@@ -0,0 +1,303 @@
+// Generic Playwright helpers shared between the workflow-recorder and
+// production scrapers. Rule: only truly service-agnostic primitives live
+// here. Service-specific text patterns and dismissal flows (e.g. OpenRouter's
+// "where did you first hear" onboarding survey) stay in the scraper file.
+//
+// Every helper here has survived at least one recorder iteration against a
+// live service; behavior must stay byte-identical to the recorder embedded
+// version so the shared import doesn't regress the recorder.
+
+import type { Locator, Page } from "playwright";
+
+// Random wait between min and max ms. Short enough that the recorder doesn't
+// feel sluggish but long enough to avoid "every action in 0ms" bot-signature.
+export function jitterDelay(minMs: number, maxMs: number): Promise<void> {
+  const ms = Math.floor(minMs + Math.random() * (maxMs - minMs));
+  return new Promise((r) => setTimeout(r, ms));
+}
+
+// Iterate candidate selectors in priority order. For each, enumerate all
+// matches and click the FIRST visible+enabled one. Returns the winning
+// selector string, or null if nothing matched.
+//
+// Essential for Clerk-family pages that render aria-hidden duplicates of
+// their primary button — `.first()` would grab the hidden template and the
+// click would time out on invisible.
+export async function clickFirstVisible(
+  page: Page,
+  selectors: string[],
+): Promise<string | null> {
+  for (const sel of selectors) {
+    const candidates = await page.locator(sel).all();
+    for (const c of candidates) {
+      const visible = await c.isVisible().catch(() => false);
+      if (!visible) continue;
+      // Skip disabled buttons — Playwright's .click() on a disabled element
+      // succeeds silently (no throw) but doesn't fire the action. We'd then
+      // falsely think we submitted. Check enabled state before attempting.
+      const enabled = await c.isEnabled().catch(() => true);
+      if (!enabled) continue;
+      // Layer 1 humanization: move mouse to element BEFORE clicking. A
+      // direct click teleports the cursor which is a fingerprinting signal
+      // Turnstile watches for.
+      try {
+        const box = await c.boundingBox();
+        if (box) {
+          await page.mouse.move(box.x + box.width / 2, box.y + box.height / 2, {
+            steps: 10,
+          });
+          await jitterDelay(120, 280);
+        }
+        await c.click({ timeout: 5_000 });
+        return sel;
+      } catch {
+        // visible but not clickable (covered by overlay, etc.); try next
+      }
+    }
+  }
+  return null;
+}
+
+// Human-ish typing: sequential keystrokes with a randomized inter-key delay.
+// Replaces `.fill()` which writes instantly (another Turnstile red flag) and
+// doesn't fire React/Svelte onChange for controlled inputs. Focuses with a
+// mouse-move-then-click so the cursor trail looks natural.
+export async function humanType(
+  page: Page,
+  selector: string,
+  value: string,
+): Promise<void> {
+  const locator = page.locator(selector).first();
+  const box = await locator.boundingBox();
+  if (box) {
+    await page.mouse.move(box.x + box.width / 2, box.y + box.height / 2, {
+      steps: 8,
+    });
+    await jitterDelay(60, 180);
+  }
+  await locator.click({ timeout: 5_000 }).catch(() => {});
+  await locator.pressSequentially(value, {
+    delay: 60 + Math.floor(Math.random() * 60),
+  });
+}
+
+// Dismiss a cookie-consent banner if one is present. Common EU-compliant
+// text variants. Short per-selector timeout — if none match, no banner is
+// shown and the function returns fast.
+export async function dismissCookieBanner(page: Page): Promise<void> {
+  const texts = [
+    "Accept All Cookies",
+    "Accept all cookies",
+    "Accept cookies",
+    "Accept All",
+    "Accept",
+    "Agree",
+    "OK",
+    "Got it",
+  ];
+  for (const t of texts) {
+    const candidate = page
+      .locator("button")
+      .filter({ hasText: new RegExp(`^${t}$`, "i") })
+      .first();
+    if (await candidate.isVisible({ timeout: 800 }).catch(() => false)) {
+      await candidate.click({ timeout: 3_000 }).catch(() => {});
+      await page.waitForTimeout(400);
+      return;
+    }
+  }
+}
+
+// Generic dialog probe — returns true if a `[role="dialog"]` whose visible
+// textContent matches `textRegex` is currently open. Caller composes dismiss
+// logic around this primitive (service-specific: click the right button, or
+// the right radio, or Escape, etc).
+export async function isDialogOpenByText(
+  page: Page,
+  textRegex: RegExp,
+): Promise<boolean> {
+  const pattern = textRegex.source;
+  const flags = textRegex.flags;
+  return await page
+    .evaluate(
+      ({ pattern, flags }) => {
+        const re = new RegExp(pattern, flags);
+        const dialogs = Array.from(document.querySelectorAll('[role="dialog"]'));
+        return dialogs.some((d) => {
+          const t = d.textContent || "";
+          const visible = !!(
+            (d as HTMLElement).offsetWidth || (d as HTMLElement).offsetHeight
+          );
+          return visible && re.test(t);
+        });
+      },
+      { pattern, flags },
+    )
+    .catch(() => false);
+}
+
+// Composes `isDialogOpenByText` with a caller-provided `dismissFn`, looping
+// for chained modals (some services show 2+ in sequence). Returns true if at
+// least one matching dialog was detected and dismissFn was invoked.
+export interface ProbeAndDismissOpts {
+  page: Page;
+  textRegex: RegExp;
+  dismissFn: (page: Page) => Promise<void>;
+  detectTimeoutMs?: number;
+  maxRounds?: number;
+  settleMs?: number;
+}
+export async function probeAndDismissDialog(
+  opts: ProbeAndDismissOpts,
+): Promise<boolean> {
+  const { page, textRegex, dismissFn } = opts;
+  const detectTimeoutMs = opts.detectTimeoutMs ?? 500;
+  const maxRounds = opts.maxRounds ?? 4;
+  const settleMs = opts.settleMs ?? 300;
+  const start = Date.now();
+  let dismissedAny = false;
+  for (let i = 0; i < maxRounds; i++) {
+    const pollDeadline = i === 0 ? detectTimeoutMs : 500;
+    let found = false;
+    const pollStart = Date.now();
+    while (Date.now() - pollStart < pollDeadline) {
+      if (await isDialogOpenByText(page, textRegex)) {
+        found = true;
+        break;
+      }
+      if (Date.now() - start >= detectTimeoutMs) break;
+      await page.waitForTimeout(200);
+    }
+    if (!found) break;
+    dismissedAny = true;
+    await dismissFn(page);
+    await page.waitForTimeout(settleMs);
+  }
+  return dismissedAny;
+}
+
+// Click the "Create (API) Key" button that opens the form dialog. Success =
+// EITHER a form-dialog with a Name input appears (OpenRouter/Brave/Clerk
+// style) OR a fully-revealed `sk-*` value of long-key shape appears on the
+// page (OpenAI-style instant-mint UI with no Name prompt).
+//
+// `onBeforeIteration` is a per-iteration hook where the caller can run
+// service-specific cleanup (e.g. dismiss the OpenRouter onboarding modal
+// before retrying the Create click).
+export interface ClickOuterCreateOpts {
+  deadlineMs?: number;
+  onBeforeIteration?: (page: Page) => Promise<void>;
+}
+export async function clickOuterCreate(
+  page: Page,
+  opts: ClickOuterCreateOpts = {},
+): Promise<string | null> {
+  // OpenAI's /api-keys SPA takes 10-15s to hydrate on first visit. OpenRouter's
+  // onboarding+welcome modal chain can take 25-40s to render after keys-page
+  // hydrates. 40s default lets the per-iter dismiss callback catch the modals
+  // as they appear and still leaves time to click Create.
+  const deadline = Date.now() + (opts.deadlineMs ?? 40_000);
+  const preferences = [
+    { label: '"Create"', filter: /^Create$/i },
+    { label: '"Create Key"', filter: /^Create Key$/i },
+    { label: '"Create API Key"', filter: /^Create API Key$/i },
+    { label: '"Create new secret key"', filter: /^Create new secret key$/i },
+    { label: '"New secret key"', filter: /^New secret key$/i },
+    { label: '"Generate API Key"', filter: /^Generate API Key$/i },
+    { label: '"New API Key"', filter: /^New API Key$/i },
+    // Looser fallbacks — match variations with leading/trailing whitespace
+    // or icon text nodes that break anchored filters.
+    { label: 'substring "Create new secret key"', filter: /Create new secret key/i },
+    { label: 'substring "Create secret key"', filter: /Create secret key/i },
+  ];
+
+  const NAME_INPUT_SEL =
+    'input#name, input[id*="name" i]:not([type="email"]):not([type="password"])';
+  const longKeyCount = async () =>
+    page
+      .evaluate(() => {
+        let n = 0;
+        const re = /sk-[A-Za-z0-9_-]{20,}/;
+        document.querySelectorAll("code, pre, input").forEach((el) => {
+          const v = (el as HTMLInputElement).value ?? el.textContent ?? "";
+          if (re.test(v)) n++;
+        });
+        return n;
+      })
+      .catch(() => 0);
+  const baselineKeyCount = await longKeyCount();
+  const clickWorked = async (timeoutMs: number): Promise<boolean> => {
+    const dialogPromise = page
+      .locator(NAME_INPUT_SEL)
+      .first()
+      .waitFor({ state: "visible", timeout: timeoutMs })
+      .then(() => true)
+      .catch(() => false);
+    const keyDeadline = Date.now() + timeoutMs;
+    while (Date.now() < keyDeadline) {
+      if (await Promise.race([dialogPromise, Promise.resolve(false)])) return true;
+      const c = await longKeyCount();
+      if (c > baselineKeyCount) return true;
+      await page.waitForTimeout(250);
+    }
+    return await dialogPromise;
+  };
+
+  while (Date.now() < deadline) {
+    // Per-iteration hook: caller dismisses any service-specific modal that
+    // may be covering the Create button. The recorder wraps its onboarding
+    // dismiss here; each production scraper passes its service-specific dismiss.
+    if (opts.onBeforeIteration) {
+      try {
+        await opts.onBeforeIteration(page);
+      } catch {
+        // callback failures never break clickOuterCreate
+      }
+    }
+
+    const testid = page.locator('[data-testid="create-key-btn"]').first();
+    if (
+      (await testid.isVisible().catch(() => false)) &&
+      (await testid.isEnabled().catch(() => true))
+    ) {
+      await testid.click({ timeout: 5_000 });
+      if (await clickWorked(5_000)) {
+        return '[data-testid="create-key-btn"]';
+      }
+    }
+    for (const pref of preferences) {
+      const candidates = await page
+        .locator("button")
+        .filter({ hasText: pref.filter })
+        .all();
+      for (const c of candidates) {
+        const visible = await c.isVisible().catch(() => false);
+        const enabled = await c.isEnabled().catch(() => true);
+        if (!visible || !enabled) continue;
+        try {
+          const box = await c.boundingBox();
+          if (box) {
+            await page.mouse.move(box.x + box.width / 2, box.y + box.height / 2, {
+              steps: 8,
+            });
+            await jitterDelay(100, 220);
+          }
+          // force:true bypasses overlay-intercept errors when an onboarding
+          // modal is mid-fade-in over our target button.
+          await c.click({ timeout: 5_000, force: true });
+          // Form-dialog OR key-reveal within 10s → click was meaningful.
+          if (await clickWorked(10_000)) {
+            return `button:has-text(${pref.label})`;
+          }
+        } catch {
+          // next candidate / preference
+        }
+      }
+    }
+    await page.waitForTimeout(500);
+  }
+  return null;
+}
+
+// Re-export so callers don't need to reach for playwright types separately.
+export type { Locator, Page };
diff --git a/provisioner-scripts/src/scrapers/openai-cdp.ts b/provisioner-scripts/src/scrapers/openai-cdp.ts
new file mode 100644
index 0000000..cb96bf9
--- /dev/null
+++ b/provisioner-scripts/src/scrapers/openai-cdp.ts
@@ -0,0 +1,298 @@
+// Production scraper — OpenAI signup → API-key mint.
+//
+// Contract:
+//   stdout: newline-delimited JSON events, terminal {"type":"success","api_key":"sk-proj-..."}
+//           or {"type":"error","code":"...","details":"..."}
+//   stderr: timestamped progress logs
+//   exit:   0 on success, 1 on failure
+//
+// Shell / direct:
+//   node --import tsx/esm src/scrapers/openai-cdp.ts | jq -r 'select(.type=="success") | .api_key'
+//
+// Prereq: Chrome listening on CDP_URL (default http://localhost:9222).
+//
+// Required env:
+//   AGENTKEYS_SIGNUP_EMAIL         fresh local-part
+//   AGENTKEYS_SIGNUP_PASSWORD      strong password
+//   AGENTKEYS_EMAIL_BACKEND        "gmail" | "ses-s3" | "mock-inbox" (default gmail)
+//   (+ backend-specific vars: see src/lib/email.ts)
+//
+// Optional env:
+//   CDP_URL                        default http://localhost:9222
+//
+// Flow length: ~90s (signup → password page → OTP email → /about-you profile
+// → OAuth callback → keys page → instant-mint click → key extracted).
+
+import { chromium, type Browser, type Page } from "playwright";
+import { fetchAndAnalyzeSesEmail } from "../lib/email-analyzer.js";
+import {
+  clickFirstVisible,
+  clickOuterCreate,
+  humanType,
+  jitterDelay,
+} from "../lib/playwright-patterns.js";
+
+const CDP_URL = process.env.CDP_URL ?? "http://localhost:9222";
+const SIGNUP_EMAIL = process.env.AGENTKEYS_SIGNUP_EMAIL ?? "";
+const SIGNUP_PASSWORD = process.env.AGENTKEYS_SIGNUP_PASSWORD ?? "";
+
+// Start at platform; it redirects to auth.openai.com with a fresh session
+// token. Navigating directly to /create-account breaks the session flow.
+const SIGNUP_URL = "https://platform.openai.com/signup";
+const KEYS_URL = "https://platform.openai.com/api-keys";
+
+const FROM_REGEX = /@openai\.com|noreply|no-reply/i;
+const SUBJECT_REGEX = /verify|verification|sign[-\s]?in|log[-\s]?in|code|one[-\s]?time|otp/i;
+// AGENTKEYS_SES_BUCKET is set by scripts/stage6-demo-env.sh. The scraper
+// uses the ses-s3 backend + full analyzeEmail pipeline so HTML-only content
+// (like CSS hex colors near "141415") doesn't false-positive as the OTP.
+const SES_BUCKET = process.env.AGENTKEYS_SES_BUCKET ?? "";
+
+type Event =
+  | { type: "progress"; step: string }
+  | { type: "success"; api_key: string }
+  | { type: "error"; code: string; details: string };
+
+function emit(e: Event): void {
+  process.stdout.write(JSON.stringify(e) + "\n");
+}
+const progress = (step: string): void => emit({ type: "progress", step });
+const log = (msg: string): void => {
+  process.stderr.write(`[openai] ${new Date().toISOString().slice(11, 19)} ${msg}\n`);
+};
+
+// Service-specific: OpenAI's /about-you post-verify profile form requires
+// a name that LOOKS human (no digits) plus an age. Clicking "Finish creating
+// account" without filling both (or with an invalid name like "Bot 7061")
+// returns "Hmm, that doesn't look right." Name+age are the only required
+// fields; birthday is hidden and computed from age via React.
+async function completeOpenAIPostVerifyProfile(page: Page): Promise<boolean> {
+  const NAME_SEL =
+    'input[autocomplete="name"], input[id*="name" i][type="text"]:not([name*="company" i])';
+  const AGE_SEL = 'input[id*="age" i][inputmode="numeric"], input[placeholder="Age"], input[name="age"]';
+
+  const nameVisible = await page
+    .locator(NAME_SEL)
+    .first()
+    .isVisible({ timeout: 2_000 })
+    .catch(() => false);
+  if (!nameVisible) return false;
+
+  const firsts = ["Alex", "Jamie", "Taylor", "Morgan", "Casey", "Jordan", "Riley", "Avery"];
+  const lasts = ["Parker", "Reed", "Hayes", "Bennett", "Foster", "Cole", "Quinn", "Shaw"];
+  const pick = (arr: string[]): string => arr[Math.floor(Math.random() * arr.length)]!;
+  await humanType(page, NAME_SEL, `${pick(firsts)} ${pick(lasts)}`);
+  await jitterDelay(200, 500);
+
+  const ageVisible = await page
+    .locator(AGE_SEL)
+    .first()
+    .isVisible({ timeout: 500 })
+    .catch(() => false);
+  if (ageVisible) {
+    await humanType(page, AGE_SEL, "28");
+    // React-controlled hidden birthday field recomputes from age on input.
+    // Give the reactive cycle a beat + Tab blur before submit.
+    await jitterDelay(600, 1_000);
+    await page.keyboard.press("Tab").catch(() => {});
+    await jitterDelay(200, 400);
+  }
+
+  const clicked = await clickFirstVisible(page, [
+    'button:text-is("Finish creating account")',
+    'button:has-text("Finish")',
+    'button:text-is("Continue")',
+    'form button[type="submit"]',
+  ]);
+  if (!clicked) return false;
+
+  await page
+    .waitForURL((u) => !/\/about-you|\/create-account|\/email-verification/i.test(u.toString()), {
+      timeout: 30_000,
+    })
+    .catch(() => {});
+  return true;
+}
+
+// Fill OTP digits using pressSequentially + explicit input/change event
+// dispatch. Some variants render as 1 input, some as 6 separate inputs.
+async function fillOtp(page: Page, code: string): Promise<void> {
+  const OTP_SEL =
+    'input[name="code"], input[name="otp"], input[inputmode="numeric"], input[autocomplete="one-time-code"]';
+  const inputs = await page.locator(OTP_SEL).all();
+  const type = async (el: (typeof inputs)[number], v: string): Promise<void> => {
+    await el.click();
+    await el.pressSequentially(v, { delay: 80 });
+    await el.dispatchEvent("input");
+    await el.dispatchEvent("change");
+  };
+  if (inputs.length === 1) {
+    await type(inputs[0]!, code);
+  } else if (inputs.length === 6) {
+    for (let i = 0; i < 6; i++) await type(inputs[i]!, code[i]!);
+  } else {
+    throw new Error(`unexpected OTP input count: ${inputs.length}`);
+  }
+  await jitterDelay(300, 700);
+  // Wait for submit button to enable (React form validation may debounce).
+  const submitBtn = page.getByRole("button", { name: /verify|submit|continue|confirm/i }).first();
+  for (let i = 0; i < 20; i++) {
+    if (await submitBtn.isEnabled().catch(() => false)) break;
+    await page.waitForTimeout(250);
+  }
+  if (await submitBtn.isVisible({ timeout: 2_000 }).catch(() => false)) {
+    await submitBtn.click({ timeout: 10_000 }).catch(() => {});
+  }
+}
+
+async function main(): Promise<void> {
+  if (!SIGNUP_EMAIL || !SIGNUP_PASSWORD) {
+    emit({
+      type: "error",
+      code: "missing-env",
+      details: "AGENTKEYS_SIGNUP_EMAIL and AGENTKEYS_SIGNUP_PASSWORD required",
+    });
+    process.exit(1);
+  }
+
+  progress("cdp-connect");
+  log(`connecting to CDP at ${CDP_URL}`);
+  const browser: Browser = await chromium.connectOverCDP(CDP_URL);
+  const ctx = browser.contexts()[0] ?? (await browser.newContext());
+  await ctx.clearCookies().catch(() => {});
+  const page: Page = ctx.pages()[0] ?? (await ctx.newPage());
+
+  try {
+    progress("goto-signup");
+    log("navigating to signup (platform → auth redirect)");
+    await page.goto(SIGNUP_URL, { waitUntil: "load", timeout: 30_000 });
+
+    progress("signup-email");
+    const EMAIL_SEL = 'input[type="email"], input[name*="email" i]';
+    await page.locator(EMAIL_SEL).first().waitFor({ timeout: 15_000 });
+    await humanType(page, EMAIL_SEL, SIGNUP_EMAIL);
+    await jitterDelay(250, 550);
+
+    // Multi-step: click Continue, wait for password page.
+    progress("click-continue-1");
+    const clickedEmail = await clickFirstVisible(page, [
+      'button:text-is("Continue")',
+      'form button[type="submit"]:not(:has-text("Google")):not(:has-text("Apple")):not(:has-text("Microsoft")):not(:has-text("GitHub"))',
+    ]);
+    if (!clickedEmail) {
+      emit({ type: "error", code: "selector-missing", details: "no Continue after email" });
+      process.exit(1);
+    }
+
+    progress("signup-password");
+    const PW_SEL = 'input[type="password"], input[name*="password" i]';
+    await page.locator(PW_SEL).first().waitFor({ state: "visible", timeout: 20_000 });
+    await humanType(page, PW_SEL, SIGNUP_PASSWORD);
+    await jitterDelay(300, 700);
+
+    progress("click-continue-2");
+    const clickedPw = await clickFirstVisible(page, [
+      'button:text-is("Continue")',
+      'form button[type="submit"]:not(:has-text("Google")):not(:has-text("Apple")):not(:has-text("Microsoft")):not(:has-text("GitHub"))',
+    ]);
+    if (!clickedPw) {
+      emit({ type: "error", code: "selector-missing", details: "no Continue after password" });
+      process.exit(1);
+    }
+
+    progress("fetch-otp-email");
+    log("polling SES S3 for OpenAI OTP email (HTML-strip + label-aware)");
+    if (!SES_BUCKET) {
+      emit({ type: "error", code: "missing-env", details: "AGENTKEYS_SES_BUCKET required (source scripts/stage6-demo-env.sh)" });
+      process.exit(1);
+    }
+    const analysis = await fetchAndAnalyzeSesEmail({
+      bucket: SES_BUCKET,
+      fromPattern: FROM_REGEX,
+      subjectPattern: SUBJECT_REGEX,
+      timeoutMs: 120_000,
+    });
+    if (analysis.verifyType !== "otp") {
+      emit({
+        type: "error",
+        code: "otp-not-found",
+        details: `analyzer returned verifyType=${analysis.verifyType} for post-signup email; expected OTP`,
+      });
+      process.exit(1);
+    }
+    const otpCode = analysis.code;
+    log(`OTP received (label-aware): ${otpCode.slice(0, 2)}****`);
+
+    progress("fill-otp");
+    await fillOtp(page, otpCode);
+
+    // Wait for URL to leave /email-verification (OpenAI redirects to /about-you).
+    await page
+      .waitForURL((u) => !/\/email-verification\b/.test(u.toString()), { timeout: 30_000 })
+      .catch(() => {});
+
+    progress("complete-profile");
+    log("filling /about-you profile (name + age)");
+    const profileDone = await completeOpenAIPostVerifyProfile(page);
+    if (!profileDone) {
+      log("profile form not present (already logged in?) — continuing");
+    }
+
+    // OAuth callback from auth.openai.com → platform.openai.com/auth/callback?code=...
+    // Router needs ~3s to settle before keys page renders cleanly.
+    if (/\/(auth\/callback|about-you|email-verification|create-account)/i.test(page.url())) {
+      await page
+        .waitForURL(
+          (u) => !/\/(auth\/callback|about-you|email-verification|create-account)/i.test(u.toString()),
+          { timeout: 15_000 },
+        )
+        .catch(() => {});
+      await page.waitForTimeout(3_000);
+    }
+
+    progress("goto-keys");
+    log("navigating to platform keys page");
+    await page.goto(KEYS_URL, { waitUntil: "load", timeout: 20_000 });
+
+    progress("click-create");
+    log("clicking Create new secret key (instant-mint UI)");
+    const clickedCreate = await clickOuterCreate(page);
+    if (!clickedCreate) {
+      emit({ type: "error", code: "selector-missing", details: "no visible Create Key button on keys page" });
+      process.exit(1);
+    }
+
+    progress("extract-key");
+    // OpenAI instant-mints — the revealed `sk-proj-*` appears immediately on
+    // the page, no Name dialog. Extraction matches long-shape keys only so
+    // masked table-row previews (`sk-...xyz`) don't false-positive.
+    const keyEl = page
+      .locator('code:has-text("sk-"), pre:has-text("sk-"), input[value^="sk-"]')
+      .first();
+    await keyEl.waitFor({ state: "visible", timeout: 15_000 });
+    const tag = await keyEl.evaluate((n) => n.tagName.toLowerCase());
+    const raw =
+      tag === "input"
+        ? await keyEl.inputValue()
+        : ((await keyEl.textContent()) ?? "");
+    const key = raw.trim();
+    if (!/^sk-[a-zA-Z0-9_-]{20,}$/.test(key)) {
+      emit({ type: "error", code: "key-format", details: `extracted value didn't match sk-*: ${key.slice(0, 40)}` });
+      process.exit(1);
+    }
+
+    log(`minted key: ${key.slice(0, 10)}****${key.slice(-4)}`);
+    emit({ type: "success", api_key: key });
+  } finally {
+    await page.close().catch(() => {});
+    await browser.close().catch(() => {});
+  }
+  process.exit(0);
+}
+
+main().catch((err: unknown) => {
+  const msg = err instanceof Error ? err.message : String(err);
+  emit({ type: "error", code: "fatal", details: msg });
+  log(`FATAL: ${msg}`);
+  process.exit(1);
+});
diff --git a/provisioner-scripts/src/scrapers/openrouter-cdp.ts b/provisioner-scripts/src/scrapers/openrouter-cdp.ts
new file mode 100644
index 0000000..57f81d4
--- /dev/null
+++ b/provisioner-scripts/src/scrapers/openrouter-cdp.ts
@@ -0,0 +1,315 @@
+// Production scraper — OpenRouter signup → API-key mint.
+//
+// Contract:
+//   stdin:  —
+//   stdout: newline-delimited JSON events, terminal {"type":"success","api_key":"sk-or-v1-..."}
+//           or {"type":"error","code":"...","details":"..."} on failure
+//   stderr: timestamped progress logs (for humans reading live)
+//   exit:   0 on success, 1 on failure
+//
+// Shell / direct use:
+//   node --import tsx/esm src/scrapers/openrouter-cdp.ts | jq -r 'select(.type=="success") | .api_key'
+//
+// Rust provisioner use: the daemon's `spawn_and_collect` already consumes
+// this JSON-event contract — drops in with no wrapper.
+//
+// Why CDP-to-real-Chrome and not Playwright-launched Chromium:
+//   Cloudflare Turnstile detects --enable-automation (baked into Playwright's
+//   bundled Chromium) and refuses to issue tokens. Connecting via CDP to a
+//   user-launched real Chrome avoids the flag entirely.
+//
+// Prereq: Chrome listening on CDP_URL (default http://localhost:9222). The
+// `scripts/reset-chrome-for-recording.sh` script in the repo root launches
+// the expected throwaway profile. Alternatively:
+//   /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
+//     --remote-debugging-port=9222 \
+//     --user-data-dir=/tmp/agentkeys-chrome-profile &
+//
+// Required env:
+//   AGENTKEYS_SIGNUP_EMAIL         fresh local-part (Clerk rejects plus-alias reuse)
+//   AGENTKEYS_SIGNUP_PASSWORD      strong password
+//   AGENTKEYS_EMAIL_BACKEND        "gmail" | "ses-s3" | "mock-inbox" (default gmail)
+//   (+ backend-specific vars: see src/lib/email.ts)
+//
+// Optional env:
+//   CDP_URL                        default http://localhost:9222
+
+import { chromium, type Browser, type Page } from "playwright";
+import { fetchVerificationCode } from "../lib/email.js";
+import {
+  clickFirstVisible,
+  clickOuterCreate,
+  dismissCookieBanner,
+  humanType,
+  jitterDelay,
+  probeAndDismissDialog,
+} from "../lib/playwright-patterns.js";
+import { handleTurnstile } from "../lib/captcha/turnstile.js";
+
+const CDP_URL = process.env.CDP_URL ?? "http://localhost:9222";
+const SIGNUP_EMAIL = process.env.AGENTKEYS_SIGNUP_EMAIL ?? "";
+const SIGNUP_PASSWORD = process.env.AGENTKEYS_SIGNUP_PASSWORD ?? "";
+
+const SIGNUP_URL = "https://openrouter.ai/auth";
+const KEYS_URL = "https://openrouter.ai/workspaces/default/keys";
+
+// Real sender observed: "OpenRouter <notifications@openrouter.ai>".
+const FROM_REGEX = /@openrouter\.ai|clerk/i;
+// Subjects observed: "Your sign up link", "Verify your email for OpenRouter".
+const SUBJECT_REGEX = /sign[\s-]?up.*link|sign[\s-]?in.*link|magic.*link|verify|verification|confirm/i;
+// Clerk magic-link URL shape.
+const URL_REGEX = /(https:\/\/[^\s<>"'\)]*(?:clerk|\/verify|ticket=|verification)[^\s<>"'\)]*)/i;
+
+// JSON-line event emitter — contract shared with the Rust provisioner's
+// `spawn_and_collect` parser. Progress events are informational; exactly
+// one terminal event (success | error) MUST be emitted per run.
+type Event =
+  | { type: "progress"; step: string }
+  | { type: "success"; api_key: string }
+  | { type: "error"; code: string; details: string };
+
+function emit(e: Event): void {
+  process.stdout.write(JSON.stringify(e) + "\n");
+}
+const progress = (step: string): void => emit({ type: "progress", step });
+const log = (msg: string): void => {
+  process.stderr.write(`[openrouter] ${new Date().toISOString().slice(11, 19)} ${msg}\n`);
+};
+
+// Service-specific: OpenRouter chains TWO modals after signup that each
+// block the keys page:
+//   1. Survey: "Where did you first hear about OpenRouter?" — select an
+//      option button (we use "Other / Not sure") then click Continue.
+//   2. Welcome: "You're all set!" — click Close (X).
+// Either or both may render; both may render sequentially.
+async function dismissOpenRouterOnboardingModals(
+  page: Page,
+  detectTimeoutMs = 500,
+): Promise<boolean> {
+  return probeAndDismissDialog({
+    page,
+    textRegex:
+      /where did you first hear|you'?re all set|welcome to|get started by buying/i,
+    detectTimeoutMs,
+    maxRounds: 4,
+    dismissFn: async (p) => {
+      // Decide branch by peeking at dialog textContent.
+      const text = await p
+        .evaluate(() => {
+          const d = Array.from(document.querySelectorAll('[role="dialog"]')).find(
+            (el) => !!((el as HTMLElement).offsetWidth || (el as HTMLElement).offsetHeight),
+          );
+          return (d?.textContent ?? "").toLowerCase();
+        })
+        .catch(() => "");
+      if (text.includes("where did you first hear")) {
+        // Survey branch: click "Other / Not sure" then Continue.
+        const optionLabels = [
+          /^other\s*\/\s*not sure$/i,
+          /^other.*not sure$/i,
+          /^skip$/i,
+          /^not now$/i,
+          /^other$/i,
+        ];
+        for (const lbl of optionLabels) {
+          const btn = p.getByRole("button", { name: lbl }).first();
+          if (!(await btn.isVisible({ timeout: 300 }).catch(() => false))) continue;
+          await btn.click({ timeout: 3_000, force: true }).catch(() => {});
+          break;
+        }
+        await p.waitForTimeout(250);
+        await p
+          .getByRole("button", { name: /^continue$/i })
+          .first()
+          .click({ timeout: 5_000, force: true })
+          .catch(() => {});
+      } else {
+        // Welcome banner: click Close (X).
+        const closeBtn = p.getByRole("button", { name: /^close$/i }).first();
+        if (await closeBtn.isVisible({ timeout: 500 }).catch(() => false)) {
+          await closeBtn.click({ timeout: 3_000, force: true }).catch(() => {});
+        } else {
+          await p.keyboard.press("Escape").catch(() => {});
+        }
+      }
+    },
+  });
+}
+
+async function main(): Promise<void> {
+  if (!SIGNUP_EMAIL || !SIGNUP_PASSWORD) {
+    emit({
+      type: "error",
+      code: "missing-env",
+      details: "AGENTKEYS_SIGNUP_EMAIL and AGENTKEYS_SIGNUP_PASSWORD required",
+    });
+    process.exit(1);
+  }
+
+  progress("cdp-connect");
+  log(`connecting to CDP at ${CDP_URL}`);
+  const browser: Browser = await chromium.connectOverCDP(CDP_URL);
+  const ctx = browser.contexts()[0] ?? (await browser.newContext());
+  // Wipe cookies so Clerk doesn't short-circuit us into a stale session.
+  await ctx.clearCookies().catch(() => {});
+  const page: Page = ctx.pages()[0] ?? (await ctx.newPage());
+
+  try {
+    progress("goto-signup");
+    log("navigating to signup");
+    await page.goto(SIGNUP_URL, { waitUntil: "load", timeout: 30_000 });
+    await dismissCookieBanner(page);
+
+    progress("signup-form");
+    log(`filling credentials (email=${SIGNUP_EMAIL})`);
+    const EMAIL_SEL = 'input[type="email"], input[name*="email" i]';
+    const PW_SEL = 'input[type="password"], input[name*="password" i]';
+    await page.locator(EMAIL_SEL).first().waitFor({ timeout: 15_000 });
+    await humanType(page, EMAIL_SEL, SIGNUP_EMAIL);
+    await jitterDelay(250, 550);
+    await humanType(page, PW_SEL, SIGNUP_PASSWORD);
+    await jitterDelay(300, 700);
+
+    // Check TOS checkbox with label-click fallback (Clerk hides the real
+    // input and styles the label as the visible toggle).
+    const TOS_SEL =
+      'input[type="checkbox"][id*="legal" i], input[type="checkbox"][name*="terms" i], input[type="checkbox"][id*="tos" i]';
+    const tos = page.locator(TOS_SEL).first();
+    if (await tos.count()) {
+      await tos.check({ force: true, timeout: 3_000 }).catch(() => {});
+      if (!(await tos.isChecked().catch(() => false))) {
+        const id = await tos.evaluate((el: HTMLInputElement) => el.id || "");
+        if (id) {
+          await page.locator(`label[for="${id}"]`).first().click({ timeout: 2_000 }).catch(() => {});
+        }
+      }
+      await jitterDelay(200, 500);
+    }
+
+    progress("click-continue");
+    const clickedContinue = await clickFirstVisible(page, [
+      'button[data-localization-key="formButtonPrimary"]',
+      'button:text-is("Sign up")',
+      'button:text-is("Continue")',
+      'button:text-is("Register")',
+      'form button[type="submit"]:not(:has-text("Google")):not(:has-text("GitHub")):not(:has-text("Apple"))',
+    ]);
+    if (!clickedContinue) {
+      emit({ type: "error", code: "selector-missing", details: "no visible Continue button after fill" });
+      process.exit(1);
+    }
+
+    progress("turnstile");
+    const turnstile = await handleTurnstile(page);
+    log(`turnstile: ${turnstile}`);
+
+    progress("fetch-verification-email");
+    log("polling email backend for verification email");
+    const verifyUrl = (
+      await fetchVerificationCode({
+        from: FROM_REGEX,
+        subject: SUBJECT_REGEX,
+        codeRegex: URL_REGEX,
+        timeoutMs: 120_000,
+      })
+    )
+      .replace(/&amp;/g, "&")
+      .replace(/&lt;/g, "<")
+      .replace(/&gt;/g, ">");
+
+    progress("goto-verify-url");
+    log("following magic link");
+    await page.goto(verifyUrl, { waitUntil: "load", timeout: 30_000 });
+    // Clerk magic links land on /sign-up/verify-email-address?__clerk_status=verified.
+    // URL still contains "/sign-up" but session IS established. Accept as done.
+    await page
+      .waitForURL(
+        (u) => {
+          const s = u.toString();
+          return (
+            /[?&]__clerk_status=verified|__clerk_created_session=/.test(s) ||
+            (!s.includes("/sign-up") && !s.includes("/sign-in"))
+          );
+        },
+        { timeout: 30_000 },
+      )
+      .catch(() => {});
+
+    progress("goto-keys");
+    log("navigating to keys page");
+    await page.goto(KEYS_URL, { waitUntil: "load", timeout: 20_000 });
+
+    // OpenRouter's onboarding + welcome modal chain renders 15-40s after
+    // keys-page hydration. Short initial probe so fast-loading sessions
+    // don't stall; the per-iteration dismiss inside clickOuterCreate catches
+    // late-rendering modals.
+    await dismissOpenRouterOnboardingModals(page, 1_500);
+
+    progress("click-create");
+    log("clicking Create (up to 40s, dismissing onboarding each iter)");
+    const clickedCreate = await clickOuterCreate(page, {
+      onBeforeIteration: (p) => dismissOpenRouterOnboardingModals(p, 200).then(() => {}),
+    });
+    if (!clickedCreate) {
+      emit({ type: "error", code: "selector-missing", details: "no visible Create Key button on keys page" });
+      process.exit(1);
+    }
+
+    // Defensive re-dismiss in case the onboarding modal popped up over the
+    // freshly-opened Create Key form dialog.
+    await dismissOpenRouterOnboardingModals(page, 500);
+
+    progress("fill-key-name");
+    const NAME_SEL =
+      'input#name, input[id*="name" i]:not([type="email"]):not([type="password"])';
+    await page.locator(NAME_SEL).first().waitFor({ state: "visible", timeout: 10_000 }).catch(() => {});
+    const nameInput = page.locator(NAME_SEL).first();
+    if (await nameInput.count()) {
+      await nameInput.fill("").catch(() => {});
+      await humanType(page, NAME_SEL, `agentkeys-${Date.now()}`);
+      await jitterDelay(300, 600);
+    }
+
+    await dismissOpenRouterOnboardingModals(page, 300);
+    progress("click-confirm");
+    const clickedConfirm = await clickFirstVisible(page, [
+      '[role="dialog"]:has(input#name) button:text-is("Create API Key")',
+      '[role="dialog"]:has(input#name) button:text-is("Create")',
+      '[role="dialog"]:has(input#name) button:has-text("Create")',
+    ]);
+    if (!clickedConfirm) {
+      emit({ type: "error", code: "selector-missing", details: "no visible Create/Submit in dialog" });
+      process.exit(1);
+    }
+
+    progress("extract-key");
+    const keyEl = page
+      .locator('code:has-text("sk-"), pre:has-text("sk-"), input[value^="sk-"]')
+      .first();
+    await keyEl.waitFor({ state: "visible", timeout: 15_000 });
+    const tag = await keyEl.evaluate((n) => n.tagName.toLowerCase());
+    const raw =
+      tag === "input"
+        ? await keyEl.inputValue()
+        : ((await keyEl.textContent()) ?? "");
+    const key = raw.trim();
+    if (!/^sk-[a-zA-Z0-9_-]{20,}$/.test(key)) {
+      emit({ type: "error", code: "key-format", details: `extracted value didn't match sk-*: ${key.slice(0, 40)}` });
+      process.exit(1);
+    }
+
+    log(`minted key: ${key.slice(0, 8)}****${key.slice(-4)}`);
+    emit({ type: "success", api_key: key });
+  } finally {
+    await page.close().catch(() => {});
+    await browser.close().catch(() => {});
+  }
+  process.exit(0);
+}
+
+main().catch((err: unknown) => {
+  const msg = err instanceof Error ? err.message : String(err);
+  emit({ type: "error", code: "fatal", details: msg });
+  log(`FATAL: ${msg}`);
+  process.exit(1);
+});
diff --git a/provisioner-scripts/src/scrapers/openrouter.ts b/provisioner-scripts/src/scrapers/openrouter.ts
index d3df2ae..ce9dab7 100644
--- a/provisioner-scripts/src/scrapers/openrouter.ts
+++ b/provisioner-scripts/src/scrapers/openrouter.ts
@@ -1,5 +1,6 @@
+import { fileURLToPath } from "url";
 import type { Browser } from "playwright";
-import { emit } from "../types.js";
+import { emit, type ProvisionEvent } from "../types.js";
 import type { VerifyResult } from "../lib/verify.js";
 import { signupEmailOtp } from "../patterns/signup_email_otp.js";
 
@@ -35,7 +36,13 @@ const EMAIL_SUBJECT_REGEX = /openrouter/i;
 const EMAIL_CODE_REGEX = /(\d{6})/;
 const EMAIL_TIMEOUT_MS = 60_000;
 
-const OPENROUTER_EMAIL = process.env["AGENTKEYS_EMAIL_USER"] ?? "user@example.com";
+// IMAP login — must be the canonical Gmail address (plus-addressing aliases
+// are not valid IMAP logins).
+const IMAP_LOGIN_EMAIL = process.env["AGENTKEYS_EMAIL_USER"] ?? "user@example.com";
+// What we type into the service's signup form. Defaults to the IMAP login but
+// can be overridden (e.g. plus-addressed `you+or-<ts>@gmail.com`) so returning
+// users can mint a fresh account per run while reusing one real inbox.
+const SIGNUP_EMAIL = process.env["AGENTKEYS_SIGNUP_EMAIL"] ?? IMAP_LOGIN_EMAIL;
 
 export async function runOpenRouterScraper(opts: OpenRouterScraperOpts): Promise<void> {
   const signupUrl =
@@ -62,7 +69,7 @@ export async function runOpenRouterScraper(opts: OpenRouterScraperOpts): Promise
         createKeyButtonSelector: CREATE_KEY_BUTTON_SELECTOR,
         keyRevealSelector: KEY_REVEAL_SELECTOR,
         emailFetcher: opts.emailFetcher,
-        emailAddress: OPENROUTER_EMAIL,
+        emailAddress: SIGNUP_EMAIL,
         emailFromRegex: EMAIL_FROM_REGEX,
         emailSubjectRegex: EMAIL_SUBJECT_REGEX,
         emailCodeRegex: EMAIL_CODE_REGEX,
@@ -108,25 +115,59 @@ export async function runOpenRouterScraper(opts: OpenRouterScraperOpts): Promise
   }
 }
 
-export default async function main(): Promise<void> {
-  const { chromium } = await import("playwright");
-  const { fetchVerificationCode } = await import("../lib/email.js");
-  const { verify } = await import("../lib/verify.js");
+// Emit a terminal event and wait for stdout to flush before exiting. Using a
+// bare `process.exit` can drop buffered writes to the parent's pipe — which is
+// exactly how the orchestrator ends up reporting "subprocess ended without
+// terminal event" when something upstream of the scraper's try/catch throws.
+function emitAndExit(event: ProvisionEvent, exitCode: number): void {
+  process.stdout.write(JSON.stringify(event) + "\n", () => process.exit(exitCode));
+}
 
-  const browser = await chromium.launch({ headless: true });
+export default async function main(): Promise<void> {
   try {
-    await runOpenRouterScraper({
-      browser,
-      emailFetcher: (from, subject, codeRegex, timeoutMs) =>
-        fetchVerificationCode({ from, subject, codeRegex, timeoutMs }),
-      verifier: verify,
-    });
+    const { chromium } = await import("playwright");
+    const { fetchVerificationCode } = await import("../lib/email.js");
+    const { verify } = await import("../lib/verify.js");
+
+    const browser = await chromium.launch({ headless: true });
+    try {
+      await runOpenRouterScraper({
+        browser,
+        emailFetcher: (from, subject, codeRegex, timeoutMs) =>
+          fetchVerificationCode({ from, subject, codeRegex, timeoutMs }),
+        verifier: verify,
+      });
+    } finally {
+      await browser.close();
+    }
   } catch (err) {
     if (err instanceof ScraperAbortError) {
-      process.exit(1);
+      // Tripwire / expected-error path: the scraper already emitted a terminal
+      // event (tripwire or error) before throwing. Just propagate the exit.
+      emitAndExit(
+        { type: "error", code: "internal", details: `abort: ${err.message}` },
+        1,
+      );
+      return;
     }
-    throw err;
-  } finally {
-    await browser.close();
+    // Unhandled path: a throw that escaped the scraper's try/catch — e.g.
+    // Playwright browser-launch failure, IMAP connection refused, dynamic
+    // import failure, unhandled rejection in the pattern. Without this
+    // catch-all the orchestrator sees a naked process exit and reports
+    // "subprocess ended without terminal event" with no cause.
+    const msg = err instanceof Error ? (err.stack ?? err.message) : String(err);
+    emitAndExit({ type: "error", code: "internal", details: `unhandled: ${msg}` }, 2);
   }
 }
+
+// Entry-point guard. Invoke main() only when this file is the direct script
+// target (e.g. `npx tsx src/scrapers/openrouter.ts`). When the module is
+// imported by test files that only use named exports like
+// `runOpenRouterScraper`, main() must NOT run — otherwise tests would launch
+// a real browser and hit real OpenRouter. Without this block, the provisioner
+// subprocess just loads the module, reaches EOF, and exits 0 with no events —
+// exactly the "exit_code: Some(0) / events_emitted: 0" failure mode.
+const isEntry = fileURLToPath(import.meta.url) === process.argv[1];
+if (isEntry) {
+  void main();
+}
diff --git a/provisioner-scripts/src/workflow-recorder/artifacts.ts b/provisioner-scripts/src/workflow-recorder/artifacts.ts
new file mode 100644
index 0000000..f93e9fc
--- /dev/null
+++ b/provisioner-scripts/src/workflow-recorder/artifacts.ts
@@ -0,0 +1,567 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import type { Page } from "playwright";
+
+export interface SessionCtx {
+  outDir: string;
+  service: string;
+  flow: "signup" | "login";
+  signupEmail?: string;
+  startedAt: string;
+}
+
+export interface StepArtifacts {
+  index: number;
+  label: string;
+  ts: string;
+  url: string;
+  stepDir: string;
+  metadata?: Record<string, unknown>;
+}
+
+export interface ManifestOutcomes {
+  signupCompleted?: boolean;
+  loginCompleted?: boolean;
+  loginSkipped?: boolean;
+  verifyType?: "magic-link" | "otp" | "skipped" | "unknown";
+  turnstileMode?: "not-present" | "auto-passive" | "auto-click" | "human" | "timeout";
+  hCaptchaMode?: "not-present" | "auto-passive" | "capsolver" | "human" | "timeout";
+  onboardingModalSeen?: boolean;
+  postLoginOtp?: boolean;
+  postVerifyProfile?: boolean;
+  apiKeyExtracted?: boolean;
+  apiKeyMasked?: string;
+}
+
+export interface DetectedRegexes {
+  emailFrom?: string;
+  emailSubject?: string;
+  verifyUrlHost?: string;
+  urlHasHtmlEntities?: boolean;
+}
+
+export interface DetectedSelectors {
+  signupUrl?: string;
+  emailField?: string;
+  passwordField?: string;
+  tosCheckbox?: string;
+  continueBtn?: string;
+  onboardingDismiss?: string;
+  keysPath?: string;
+  createKeyBtn?: string;
+  keyReveal?: string;
+}
+
+export interface Manifest {
+  service: string;
+  flow: "signup" | "login";
+  state: "in-progress" | "completed" | "failed" | "aborted";
+  startedAt: string;
+  finishedAt?: string;
+  signupEmail?: string;
+  outcomes: ManifestOutcomes;
+  detectedRegexes: DetectedRegexes;
+  detectedSelectors: DetectedSelectors;
+  steps: StepArtifacts[];
+}
+
+function writeAtomic(filePath: string, content: string): void {
+  const tmp = `${filePath}.tmp`;
+  fs.writeFileSync(tmp, content);
+  fs.renameSync(tmp, filePath);
+}
+
+function writeManifest(outDir: string, manifest: Manifest, partial: boolean): void {
+  const fname = partial ? "manifest.partial.json" : "manifest.json";
+  writeAtomic(path.join(outDir, fname), JSON.stringify(manifest, null, 2));
+}
+
+export function initManifest(ctx: SessionCtx): Manifest {
+  fs.mkdirSync(path.join(ctx.outDir, "steps"), { recursive: true });
+  fs.mkdirSync(path.join(ctx.outDir, "emails"), { recursive: true });
+  const manifest: Manifest = {
+    service: ctx.service,
+    flow: ctx.flow,
+    state: "in-progress",
+    startedAt: ctx.startedAt,
+    signupEmail: ctx.signupEmail,
+    outcomes: {},
+    detectedRegexes: {},
+    detectedSelectors: {},
+    steps: [],
+  };
+  writeManifest(ctx.outDir, manifest, true);
+  fs.writeFileSync(path.join(ctx.outDir, "steps.jsonl"), "");
+  fs.writeFileSync(path.join(ctx.outDir, "action-log.jsonl"), "");
+  return manifest;
+}
+
+function slug(label: string): string {
+  return label.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "");
+}
+
+interface DigestElement {
+  tag: string;
+  role: string | null;
+  id?: string;
+  name?: string;
+  type?: string;
+  text: string;
+}
+
+interface StepDigest {
+  url: string;
+  title: string;
+  visibleText: string;
+  interactiveElements: DigestElement[];
+  errors: string[];
+}
+
+export async function snap(
+  page: Page,
+  label: string,
+  ctx: SessionCtx,
+  manifest: Manifest,
+  metadata?: Record<string, unknown>
+): Promise<StepArtifacts> {
+  const index = manifest.steps.length + 1;
+  const paddedIdx = String(index).padStart(3, "0");
+  const stepDirName = `${paddedIdx}-${slug(label)}`;
+  const stepDir = path.join(ctx.outDir, "steps", stepDirName);
+  fs.mkdirSync(stepDir, { recursive: true });
+
+  const [, domHtml] = await Promise.all([
+    page.screenshot({ path: path.join(stepDir, "screenshot.png"), fullPage: true }).catch(() => null),
+    page.content().catch(() => ""),
+  ]);
+
+  fs.writeFileSync(path.join(stepDir, "dom.html"), domHtml);
+
+  const url = page.url();
+  const title = await page.title().catch(() => "");
+  const visibleText = await page
+    .locator("body")
+    .innerText({ timeout: 1000 })
+    .catch(() => "");
+  const interactiveElements: DigestElement[] = await page
+    .$$eval(
+      "input, button, a[role='button'], [role='link'], select, textarea, [role='radio'], [role='checkbox']",
+      (nodes: Element[]) =>
+        nodes
+          .map((n) => {
+            const el = n as HTMLElement & { name?: string; value?: string; type?: string };
+            const rect = el.getBoundingClientRect();
+            if (rect.width === 0 || rect.height === 0) return null;
+            return {
+              tag: el.tagName.toLowerCase(),
+              role: el.getAttribute("role"),
+              id: el.id || undefined,
+              name: el.name || undefined,
+              type: el.type || undefined,
+              text: (el.innerText || el.value || "").slice(0, 80),
+            };
+          })
+          .filter((x): x is NonNullable<typeof x> => x !== null)
+    )
+    .catch(() => []);
+  const errors = await page
+    .locator('[role="alert"], .cl-formFieldError, .cl-alertText')
+    .allInnerTexts()
+    .catch(() => []);
+
+  const digest: StepDigest = {
+    url,
+    title,
+    visibleText: visibleText.slice(0, 200).replace(/\s+/g, " ").trim(),
+    interactiveElements,
+    errors,
+  };
+  fs.writeFileSync(path.join(stepDir, "digest.json"), JSON.stringify(digest, null, 2));
+
+  const step: StepArtifacts = {
+    index,
+    label,
+    ts: new Date().toISOString(),
+    url,
+    stepDir: stepDirName,
+    metadata,
+  };
+
+  fs.appendFileSync(path.join(ctx.outDir, "steps.jsonl"), JSON.stringify(step) + "\n");
+  manifest.steps.push(step);
+  writeManifest(ctx.outDir, manifest, true);
+
+  return step;
+}
+
+export function logAction(outDir: string, entry: Record<string, unknown>): void {
+  const line = JSON.stringify({ ts: new Date().toISOString(), ...entry });
+  fs.appendFileSync(path.join(outDir, "action-log.jsonl"), line + "\n");
+}
+
+export function finalizeManifest(
+  ctx: SessionCtx,
+  manifest: Manifest,
+  status: "completed" | "failed" | "aborted"
+): void {
+  manifest.state = status;
+  manifest.finishedAt = new Date().toISOString();
+  writeManifest(ctx.outDir, manifest, false);
+  try {
+    fs.unlinkSync(path.join(ctx.outDir, "manifest.partial.json"));
+  } catch {}
+  writeSummaryMd(ctx.outDir, manifest);
+  if (status === "completed") {
+    emitDraftScraper(ctx.outDir, manifest);
+  }
+}
+
+function writeSummaryMd(outDir: string, m: Manifest): void {
+  const dr = m.detectedRegexes;
+  const ds = m.detectedSelectors;
+  const outcomeLines = Object.entries(m.outcomes)
+    .filter(([, v]) => v !== undefined)
+    .map(([k, v]) => `- ${k}: ${v}`);
+  const selectorLines = Object.entries(ds)
+    .filter(([, v]) => v)
+    .map(([k, v]) => `- ${k}: \`${v}\``);
+
+  const md = [
+    `# ${m.service} / ${m.flow} recording — ${m.startedAt}`,
+    ``,
+    `## Outcomes`,
+    ...outcomeLines,
+    ``,
+    `## Verification email (what a scraper needs)`,
+    dr.emailFrom ? `- From: \`${dr.emailFrom}\`` : `- From: (not captured)`,
+    dr.emailSubject ? `- Subject: \`${dr.emailSubject}\`` : `- Subject: (not captured)`,
+    dr.verifyUrlHost ? `- URL host: \`${dr.verifyUrlHost}\`` : `- URL host: (not captured)`,
+    `- URL contains HTML entities: ${dr.urlHasHtmlEntities ? "**yes** — decode `&amp;` before page.goto()" : "no"}`,
+    ``,
+    `## Key selectors observed`,
+    ...selectorLines,
+    ``,
+    `## Steps recorded`,
+    ...m.steps.map((s) => `- \`${s.stepDir}\` (${s.label})`),
+    ``,
+    `## Next`,
+    `- Fill in \`TODO(human):\` markers in \`draft-scraper.ts\` to finish.`,
+    `- Drill into per-step \`digest.json\` if a selector looks suspicious.`,
+    `- Open \`trace.zip\` in Playwright Trace Viewer for full interaction replay.`,
+    ``,
+  ].join("\n");
+
+  fs.writeFileSync(path.join(outDir, "summary.md"), md);
+}
+
+function regexSourceOrPlaceholder(s: string | undefined, placeholder: string): string {
+  if (!s) return placeholder;
+  return s.replace(/[.*+?^${}()|[\]\\/]/g, "\\$&");
+}
+
+// Emit a self-contained scraper with inlined helpers. Zero `TODO(human):` in
+// the runtime path — the recorder's logic is serialized directly. Generated
+// code uses template literals; we build it as a string array joined with
+// newlines to avoid nested-backtick escaping hell.
+function emitDraftScraper(outDir: string, m: Manifest): void {
+  const dr = m.detectedRegexes;
+  const ds = m.detectedSelectors;
+
+  const fromRegex = dr.emailFrom
+    ? "/" + regexSourceOrPlaceholder(dr.emailFrom.split("<")[1]?.replace(">", "") ?? dr.emailFrom, "openrouter\\.ai|clerk") + "/i"
+    : "/@openrouter\\.ai|clerk/i";
+  const subjectRegex = dr.emailSubject
+    ? "/" + regexSourceOrPlaceholder(dr.emailSubject, "verify|confirm|sign.up|magic") + "/i"
+    : "/sign[\\s-]?up.*link|verify|magic.*link|confirm/i";
+  const urlRegex = dr.verifyUrlHost
+    ? '/(https:\\/\\/[^\\s<>"\'\\)]*' + regexSourceOrPlaceholder(dr.verifyUrlHost, "clerk") + '[^\\s<>"\'\\)]*)/i'
+    : '/(https:\\/\\/[^\\s<>"\'\\)]*(?:clerk|\\/verify|ticket=|verification)[^\\s<>"\'\\)]*)/i';
+
+  const signupUrl = ds.signupUrl ?? "";
+  const keysPath = ds.keysPath ?? "/keys";
+
+  // Build as array of literal-string lines; no outer template literal → no
+  // nested-backtick escaping. Any `${...}` below is a real interpolation we
+  // WANT resolved at emit time; the ones that should appear literally in
+  // the generated file use backslash escaping.
+  const LINE = (s: string) => s;
+
+  const BT = "`"; // backtick for use inside strings without escaping hell
+  const DOLLAR = "$";
+
+  const L: string[] = [];
+  L.push(LINE("// Auto-generated scraper from recording: " + m.service + " / " + m.flow));
+  L.push(LINE("// Started: " + m.startedAt));
+  L.push(LINE("// Finished: " + (m.finishedAt ?? "(incomplete)")));
+  L.push(LINE("//"));
+  L.push(LINE("// Self-contained: helpers inlined, no manual edits required to run."));
+  L.push(LINE("// Prereqs: AGENTKEYS_SIGNUP_EMAIL + AGENTKEYS_SIGNUP_PASSWORD in env,"));
+  L.push(LINE("//          Chrome listening on CDP_URL (default http://localhost:9222)."));
+  L.push(LINE(""));
+  L.push(LINE('import { chromium, type Browser, type BrowserContext, type Page } from "playwright";'));
+  L.push(LINE('import { fetchVerificationCode } from "../../src/lib/email.js";'));
+  L.push(LINE(""));
+  L.push(LINE('const CDP_URL = process.env.CDP_URL ?? "http://localhost:9222";'));
+  L.push(LINE('const SIGNUP_EMAIL = process.env.AGENTKEYS_SIGNUP_EMAIL ?? "";'));
+  L.push(LINE('const SIGNUP_PASSWORD = process.env.AGENTKEYS_SIGNUP_PASSWORD ?? "";'));
+  L.push(LINE(""));
+  L.push(LINE("// === Detected at recording time ==="));
+  L.push(LINE('const SIGNUP_URL = "' + signupUrl + '";'));
+  L.push(LINE('const KEYS_PATH = "' + keysPath + '";'));
+  L.push(LINE("const FROM_REGEX = " + fromRegex + ";"));
+  L.push(LINE("const SUBJECT_REGEX = " + subjectRegex + ";"));
+  L.push(LINE("const URL_REGEX = " + urlRegex + ";"));
+  L.push(LINE(""));
+  L.push(LINE("const log = (msg: string) => process.stderr.write(" + BT + "[scraper] " + DOLLAR + "{new Date().toISOString().slice(11, 19)} " + DOLLAR + "{msg}\\n" + BT + ");"));
+  L.push(LINE(""));
+  L.push(LINE("// === Inlined helpers (from workflow-recorder/flows.ts) ==="));
+  L.push(LINE(""));
+  L.push(LINE("function jitter(min: number, max: number): Promise<void> {"));
+  L.push(LINE("  const ms = Math.floor(min + Math.random() * (max - min));"));
+  L.push(LINE("  return new Promise((r) => setTimeout(r, ms));"));
+  L.push(LINE("}"));
+  L.push(LINE(""));
+  L.push(LINE("async function humanType(page: Page, selector: string, value: string): Promise<void> {"));
+  L.push(LINE("  const loc = page.locator(selector).first();"));
+  L.push(LINE("  const box = await loc.boundingBox();"));
+  L.push(LINE("  if (box) {"));
+  L.push(LINE("    await page.mouse.move(box.x + box.width / 2, box.y + box.height / 2, { steps: 8 });"));
+  L.push(LINE("    await jitter(60, 180);"));
+  L.push(LINE("  }"));
+  L.push(LINE("  await loc.click({ timeout: 5_000 }).catch(() => {});"));
+  L.push(LINE("  await loc.pressSequentially(value, { delay: 60 + Math.floor(Math.random() * 60) });"));
+  L.push(LINE("}"));
+  L.push(LINE(""));
+  L.push(LINE("async function clickFirstVisible(page: Page, selectors: string[]): Promise<string | null> {"));
+  L.push(LINE("  for (const sel of selectors) {"));
+  L.push(LINE("    const candidates = await page.locator(sel).all();"));
+  L.push(LINE("    for (const c of candidates) {"));
+  L.push(LINE("      if (!(await c.isVisible().catch(() => false))) continue;"));
+  L.push(LINE("      if (!(await c.isEnabled().catch(() => true))) continue;"));
+  L.push(LINE("      try {"));
+  L.push(LINE("        const box = await c.boundingBox();"));
+  L.push(LINE("        if (box) {"));
+  L.push(LINE("          await page.mouse.move(box.x + box.width / 2, box.y + box.height / 2, { steps: 10 });"));
+  L.push(LINE("          await jitter(120, 280);"));
+  L.push(LINE("        }"));
+  L.push(LINE("        await c.click({ timeout: 5_000 });"));
+  L.push(LINE("        return sel;"));
+  L.push(LINE("      } catch { /* next candidate */ }"));
+  L.push(LINE("    }"));
+  L.push(LINE("  }"));
+  L.push(LINE("  return null;"));
+  L.push(LINE("}"));
+  L.push(LINE(""));
+  L.push(LINE("async function dismissCookieBanner(page: Page): Promise<void> {"));
+  L.push(LINE('  const texts = ["Accept All Cookies", "Accept cookies", "Accept All", "Accept", "Agree", "OK", "Got it"];'));
+  L.push(LINE("  for (const t of texts) {"));
+  L.push(LINE("    const c = page.locator(\"button\").filter({ hasText: new RegExp(" + BT + "^" + DOLLAR + "{t}" + DOLLAR + "{\"\"}" + BT + ", \"i\") }).first();"));
+  L.push(LINE("    if (await c.isVisible({ timeout: 800 }).catch(() => false)) {"));
+  L.push(LINE("      await c.click({ timeout: 3_000 }).catch(() => {});"));
+  L.push(LINE("      await page.waitForTimeout(400);"));
+  L.push(LINE("      return;"));
+  L.push(LINE("    }"));
+  L.push(LINE("  }"));
+  L.push(LINE("}"));
+  L.push(LINE(""));
+  L.push(LINE("async function handleTurnstile(page: Page): Promise<string> {"));
+  L.push(LINE('  const iframeSel = \'iframe[src*="challenges.cloudflare.com"]\';'));
+  L.push(LINE('  const inputSel = \'input[name="cf-turnstile-response"]\';'));
+  L.push(LINE("  const present = await page.locator(" + BT + DOLLAR + "{iframeSel}, " + DOLLAR + "{inputSel}" + BT + ").first().isVisible({ timeout: 8_000 }).catch(() => false);"));
+  L.push(LINE('  if (!present) return "not-present";'));
+  L.push(LINE("  const isResolved = async () => {"));
+  L.push(LINE("    try {"));
+  L.push(LINE("      const val = await page.locator(inputSel).first().inputValue({ timeout: 500 });"));
+  L.push(LINE("      return Boolean(val && val.length > 0);"));
+  L.push(LINE("    } catch { return false; }"));
+  L.push(LINE("  };"));
+  L.push(LINE("  const start = Date.now();"));
+  L.push(LINE("  while (Date.now() - start < 10_000) {"));
+  L.push(LINE('    if (await isResolved()) return "auto-passive";'));
+  L.push(LINE("    await page.waitForTimeout(500);"));
+  L.push(LINE("  }"));
+  L.push(LINE("  try {"));
+  L.push(LINE("    const box = await page.locator(iframeSel).first().boundingBox({ timeout: 2_000 });"));
+  L.push(LINE("    if (box) {"));
+  L.push(LINE("      const x = box.x + 25, y = box.y + box.height / 2;"));
+  L.push(LINE("      await page.mouse.move(x - 30, y + 10, { steps: 8 });"));
+  L.push(LINE("      await page.waitForTimeout(150);"));
+  L.push(LINE("      await page.mouse.move(x, y, { steps: 6 });"));
+  L.push(LINE("      await page.waitForTimeout(80);"));
+  L.push(LINE("      await page.mouse.click(x, y);"));
+  L.push(LINE("      const clickEnd = Date.now() + 15_000;"));
+  L.push(LINE("      while (Date.now() < clickEnd) {"));
+  L.push(LINE('        if (await isResolved()) return "auto-click";'));
+  L.push(LINE("        await page.waitForTimeout(500);"));
+  L.push(LINE("      }"));
+  L.push(LINE("    }"));
+  L.push(LINE("  } catch { /* fall through to human */ }"));
+  L.push(LINE('  process.stderr.write("[scraper] Turnstile detected — click checkbox in Chrome within 180s\\n\\x07\\n");'));
+  L.push(LINE("  while (Date.now() - start < 180_000) {"));
+  L.push(LINE('    if (await isResolved()) return "human";'));
+  L.push(LINE("    await page.waitForTimeout(1_000);"));
+  L.push(LINE("  }"));
+  L.push(LINE('  throw new Error("Turnstile did not resolve within 180s");'));
+  L.push(LINE("}"));
+  L.push(LINE(""));
+  L.push(LINE("async function openCreateKeyDialog(page: Page): Promise<void> {"));
+  L.push(LINE('  const nameInputSel = \'input#name, input[id*="name" i]:not([type="email"]):not([type="password"])\';'));
+  L.push(LINE("  const deadline = Date.now() + 15_000;"));
+  L.push(LINE("  // Priority: welcome-banner 'Create API Key' link FIRST — it opens the"));
+  L.push(LINE("  // form dialog directly AND dismisses the banner overlay whose portal"));
+  L.push(LINE("  // would otherwise intercept clicks on the empty-state 'Create' button."));
+  L.push(LINE("  // Fall back to outer 'Create'/'Create Key'. Use force:true to bypass"));
+  L.push(LINE("  // the portal-root pointer-event interceptor if normal click fails."));
+  L.push(LINE("  while (Date.now() < deadline) {"));
+  L.push(LINE("    for (const filter of [/^Create API Key$/i, /^Create Key$/i, /^Create$/i]) {"));
+  L.push(LINE('      const candidates = await page.locator("button").filter({ hasText: filter }).all();'));
+  L.push(LINE("      for (const c of candidates) {"));
+  L.push(LINE("        if (!(await c.isVisible().catch(() => false))) continue;"));
+  L.push(LINE("        if (!(await c.isEnabled().catch(() => true))) continue;"));
+  L.push(LINE("        for (const force of [false, true]) {"));
+  L.push(LINE("          try {"));
+  L.push(LINE("            if (!force) {"));
+  L.push(LINE("              const box = await c.boundingBox();"));
+  L.push(LINE("              if (box) {"));
+  L.push(LINE("                await page.mouse.move(box.x + box.width / 2, box.y + box.height / 2, { steps: 8 });"));
+  L.push(LINE("                await jitter(100, 220);"));
+  L.push(LINE("              }"));
+  L.push(LINE("            }"));
+  L.push(LINE("            await c.click({ timeout: 3_000, force });"));
+  L.push(LINE("            if (await page.locator(nameInputSel).first().isVisible({ timeout: 5_000 }).catch(() => false)) return;"));
+  L.push(LINE("          } catch { /* next force / next candidate */ }"));
+  L.push(LINE("        }"));
+  L.push(LINE("      }"));
+  L.push(LINE("    }"));
+  L.push(LINE("    await page.waitForTimeout(500);"));
+  L.push(LINE("  }"));
+  L.push(LINE('  throw new Error("openCreateKeyDialog: no Create button opened the form dialog after 15s");'));
+  L.push(LINE("}"));
+  L.push(LINE(""));
+  L.push(LINE("// === Main flow ==="));
+  L.push(LINE(""));
+  L.push(LINE("async function main(): Promise<void> {"));
+  L.push(LINE("  if (!SIGNUP_EMAIL || !SIGNUP_PASSWORD) {"));
+  L.push(LINE('    throw new Error("AGENTKEYS_SIGNUP_EMAIL + AGENTKEYS_SIGNUP_PASSWORD required");'));
+  L.push(LINE("  }"));
+  L.push(LINE("  log(" + BT + "connecting to CDP " + DOLLAR + "{CDP_URL}" + BT + ");"));
+  L.push(LINE("  const browser: Browser = await chromium.connectOverCDP(CDP_URL);"));
+  L.push(LINE("  const ctx: BrowserContext = browser.contexts()[0] ?? (await browser.newContext());"));
+  L.push(LINE("  await ctx.clearCookies().catch(() => {});"));
+  L.push(LINE("  const page: Page = ctx.pages()[0] ?? (await ctx.newPage());"));
+  L.push(LINE('  await page.goto("about:blank").catch(() => {});'));
+  L.push(LINE(""));
+  L.push(LINE('  log("navigating to signup");'));
+  L.push(LINE('  await page.goto(SIGNUP_URL, { waitUntil: "networkidle", timeout: 30_000 });'));
+  L.push(LINE("  await dismissCookieBanner(page);"));
+  L.push(LINE(""));
+  L.push(LINE('  log("filling credentials");'));
+  L.push(LINE('  await humanType(page, \'input[type="email"], input[name*="email" i], input[id*="email" i]\', SIGNUP_EMAIL);'));
+  L.push(LINE("  await jitter(250, 550);"));
+  L.push(LINE('  await humanType(page, \'input[type="password"], input[name*="password" i]\', SIGNUP_PASSWORD);'));
+  L.push(LINE("  await jitter(300, 700);"));
+  L.push(LINE(""));
+  L.push(LINE('  // TOS checkbox: try direct check, fall back to label click.'));
+  L.push(LINE('  const tosSel = \'input[type="checkbox"][id*="legal" i], input[type="checkbox"][name*="terms" i], input[type="checkbox"][id*="tos" i]\';'));
+  L.push(LINE("  const tos = page.locator(tosSel).first();"));
+  L.push(LINE("  if (await tos.count()) {"));
+  L.push(LINE("    await tos.check({ force: true, timeout: 3_000 }).catch(() => {});"));
+  L.push(LINE("    if (!(await tos.isChecked().catch(() => false))) {"));
+  L.push(LINE("      const id = await tos.evaluate((el: HTMLInputElement) => el.id || \"\");"));
+  L.push(LINE("      if (id) await page.locator(" + BT + "label[for=\"" + DOLLAR + "{id}\"]" + BT + ").first().click({ timeout: 2_000 }).catch(() => {});"));
+  L.push(LINE("    }"));
+  L.push(LINE("    await jitter(200, 500);"));
+  L.push(LINE("  }"));
+  L.push(LINE(""));
+  L.push(LINE('  log("clicking continue");'));
+  L.push(LINE("  await clickFirstVisible(page, ["));
+  L.push(LINE('    \'button[data-localization-key="formButtonPrimary"]\','));
+  L.push(LINE('    \'button:text-is("Continue")\','));
+  L.push(LINE('    \'button:text-is("Sign up")\','));
+  L.push(LINE('    \'button:text-is("Register")\','));
+  L.push(LINE('    \'button:text-is("Create account")\','));
+  L.push(LINE('    \'form button[type="submit"]:not([aria-label="Open AI Assistant"]):not([aria-label="Close"]):not(:has-text("Google")):not(:has-text("GitHub")):not(:has-text("Apple"))\','));
+  L.push(LINE("  ]);"));
+  L.push(LINE(""));
+  L.push(LINE('  log("handling Turnstile (if present)");'));
+  L.push(LINE("  const turnstileMode = await handleTurnstile(page);"));
+  L.push(LINE("  log(" + BT + "turnstile: " + DOLLAR + "{turnstileMode}" + BT + ");"));
+  L.push(LINE(""));
+  L.push(LINE('  log("fetching verification email");'));
+  L.push(LINE("  const verifyUrlRaw = await fetchVerificationCode({"));
+  L.push(LINE("    from: FROM_REGEX, subject: SUBJECT_REGEX, codeRegex: URL_REGEX, timeoutMs: 90_000,"));
+  L.push(LINE("  });"));
+  L.push(LINE('  const verifyUrl = verifyUrlRaw.replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">");'));
+  L.push(LINE("  log(" + BT + "got verify URL: " + DOLLAR + "{verifyUrl.slice(0, 80)}..." + BT + ");"));
+  L.push(LINE('  await page.goto(verifyUrl, { waitUntil: "networkidle", timeout: 30_000 });'));
+  L.push(LINE('  await page.waitForURL((u) => !u.toString().includes("/sign-up"), { timeout: 30_000 }).catch(() => {});'));
+  L.push(LINE(""));
+  L.push(LINE('  log("navigating to keys page");'));
+  L.push(LINE("  const keysUrl = new URL(KEYS_PATH, page.url()).toString();"));
+  L.push(LINE('  await page.goto(keysUrl, { waitUntil: "networkidle", timeout: 20_000 });'));
+  L.push(LINE(""));
+  L.push(LINE("  // Dismiss onboarding modal if present (OpenRouter: 'Where did you first hear')."));
+  L.push(LINE("  // Retry in a loop until the modal's header text is gone — single-shot clicks"));
+  L.push(LINE("  // silently fail when portal overlays intercept or elements lag rendering."));
+  L.push(LINE('  const onboardHeader = page.locator("text=/where did you first hear|welcome|get started/i").first();'));
+  L.push(LINE("  if (await onboardHeader.isVisible({ timeout: 3_000 }).catch(() => false)) {"));
+  L.push(LINE('    log("dismissing onboarding modal");'));
+  L.push(LINE("    const dismissDeadline = Date.now() + 15_000;"));
+  L.push(LINE("    while (Date.now() < dismissDeadline) {"));
+  L.push(LINE("      // Select a radio option — try multiple strategies."));
+  L.push(LINE("      const radio = page.getByRole(\"radio\", { name: /other.*not sure|skip|not now/i }).or(page.getByLabel(/other.*not sure/i)).or(page.getByText(/^other.*not sure$/i)).first();"));
+  L.push(LINE("      await radio.click({ timeout: 2_000, force: true }).catch(() => {});"));
+  L.push(LINE("      await jitter(200, 400);"));
+  L.push(LINE("      // Click Continue — force:true bypasses portal overlay hit-testing."));
+  L.push(LINE("      const cont = page.getByRole(\"button\", { name: /^continue$/i }).or(page.locator(\"button\").filter({ hasText: /^Continue$/i })).first();"));
+  L.push(LINE("      await cont.click({ timeout: 2_000, force: true }).catch(() => {});"));
+  L.push(LINE("      await page.waitForTimeout(800);"));
+  L.push(LINE("      if (!(await onboardHeader.isVisible({ timeout: 500 }).catch(() => false))) break;"));
+  L.push(LINE("    }"));
+  L.push(LINE("  }"));
+  L.push(LINE(""));
+  L.push(LINE('  log("opening create-key dialog");'));
+  L.push(LINE("  await openCreateKeyDialog(page);"));
+  L.push(LINE(""));
+  L.push(LINE('  log("filling key name + confirming");'));
+  L.push(LINE("  await humanType(page, "));
+  L.push(LINE('    \'[role="dialog"] input#name, [role="dialog"] input[id*="name" i]:not([type="email"]):not([type="password"])\','));
+  L.push(LINE("    " + BT + "scraper-" + DOLLAR + "{Date.now()}" + BT));
+  L.push(LINE("  );"));
+  L.push(LINE("  await jitter(400, 700);"));
+  L.push(LINE("  await clickFirstVisible(page, ["));
+  L.push(LINE('    \'[role="dialog"]:has(input#name) button:text-is("Create API Key")\','));
+  L.push(LINE('    \'[role="dialog"]:has(input#name) button:text-is("Create")\','));
+  L.push(LINE('    \'[role="dialog"]:has(input#name) button:has-text("Create")\','));
+  L.push(LINE("  ]);"));
+  L.push(LINE(""));
+  L.push(LINE('  log("waiting for key reveal");'));
+  L.push(LINE('  const keyEl = page.locator(\'code:has-text("sk-"), pre:has-text("sk-"), input[value^="sk-"]\').first();'));
+  L.push(LINE("  await keyEl.waitFor({ timeout: 15_000 });"));
+  L.push(LINE("  const tag = await keyEl.evaluate((n) => n.tagName.toLowerCase());"));
+  L.push(LINE('  const raw = tag === "input" ? await keyEl.inputValue() : ((await keyEl.textContent()) ?? "");'));
+  L.push(LINE("  const key = raw.trim();"));
+  L.push(LINE("  if (!/^sk-[a-zA-Z0-9_-]{20,}$/.test(key)) {"));
+  L.push(LINE("    throw new Error(" + BT + "extracted value doesn't match sk-* format: " + DOLLAR + "{key.slice(0, 40)}" + BT + ");"));
+  L.push(LINE("  }"));
+  L.push(LINE("  log(" + BT + "extracted: " + DOLLAR + "{key.slice(0, 8)}****" + DOLLAR + "{key.slice(-4)}" + BT + ");"));
+  L.push(LINE('  process.stdout.write(key + "\\n");'));
+  L.push(LINE(""));
+  L.push(LINE("  // Close the tab so the revealed key isn't left visible in Chrome."));
+  L.push(LINE("  // browser.close() in CDP mode only disconnects us — it doesn't close"));
+  L.push(LINE("  // tabs (user owns Chrome). page.close() is the right primitive."));
+  L.push(LINE("  await page.close().catch(() => {});"));
+  L.push(LINE("  await browser.close().catch(() => {}); // disconnects WebSocket"));
+  L.push(LINE("  process.exit(0);"));
+  L.push(LINE("}"));
+  L.push(LINE(""));
+  L.push(LINE("main().catch((err) => {"));
+  L.push(LINE("  const msg = err?.message ?? String(err);"));
+  L.push(LINE("  process.stderr.write(" + BT + "[scraper] FATAL: " + DOLLAR + "{msg}\\n" + BT + ");"));
+  L.push(LINE("  if (err?.stack) process.stderr.write(err.stack + \"\\n\");"));
+  L.push(LINE("  process.exit(1);"));
+  L.push(LINE("});"));
+  L.push(LINE(""));
+
+  fs.writeFileSync(path.join(outDir, "draft-scraper.ts"), L.join("\n"));
+}
diff --git a/provisioner-scripts/src/workflow-recorder/credential-resolver.ts b/provisioner-scripts/src/workflow-recorder/credential-resolver.ts
new file mode 100644
index 0000000..0643dd2
--- /dev/null
+++ b/provisioner-scripts/src/workflow-recorder/credential-resolver.ts
@@ -0,0 +1,79 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+
+export interface ResolvedLoginCreds {
+  email: string;
+  password: string;
+  source: "cli-flags" | "env" | "env+recording" | "recording+env";
+}
+
+export interface ResolveOpts {
+  service: string;
+  recordingsRoot: string;
+  emailFlag?: string;
+  passwordFlag?: string;
+}
+
+// Priority chain:
+//   1. CLI flags (--login-email / --login-password)
+//   2. env AGENTKEYS_LOGIN_EMAIL / AGENTKEYS_LOGIN_PASSWORD
+//   3. fallback: reuse signupEmail from the latest `<service>-signup-*`
+//      recording's manifest.json (password must still come from flags or env).
+export function resolveLoginCreds(opts: ResolveOpts): ResolvedLoginCreds {
+  const envEmail = process.env["AGENTKEYS_LOGIN_EMAIL"];
+  const envPassword = process.env["AGENTKEYS_LOGIN_PASSWORD"];
+
+  const email = opts.emailFlag ?? envEmail ?? findLatestRecordingEmail(opts);
+  const password = opts.passwordFlag ?? envPassword;
+
+  if (!email) {
+    throw new Error(
+      `Could not resolve login email for ${opts.service}. ` +
+      `Pass --login-email, set AGENTKEYS_LOGIN_EMAIL, or ensure a prior ` +
+      `${opts.service}-signup-* recording exists in ${opts.recordingsRoot}.`
+    );
+  }
+  if (!password) {
+    throw new Error(
+      `Could not resolve login password for ${opts.service}. ` +
+      `Pass --login-password or set AGENTKEYS_LOGIN_PASSWORD. ` +
+      `(Recordings intentionally do not persist passwords.)`
+    );
+  }
+
+  const source: ResolvedLoginCreds["source"] = opts.emailFlag && opts.passwordFlag
+    ? "cli-flags"
+    : (opts.emailFlag ?? envEmail) && (opts.passwordFlag ?? envPassword)
+      ? "env"
+      : opts.emailFlag
+        ? "cli-flags"
+        : "env+recording";
+
+  return { email, password, source };
+}
+
+function findLatestRecordingEmail(opts: ResolveOpts): string | undefined {
+  if (!fs.existsSync(opts.recordingsRoot)) return undefined;
+  const prefix = `${opts.service}-signup-`;
+  const entries = fs
+    .readdirSync(opts.recordingsRoot, { withFileTypes: true })
+    .filter((e) => e.isDirectory() && e.name.startsWith(prefix))
+    .map((e) => e.name)
+    .sort()
+    .reverse();
+
+  for (const dirName of entries) {
+    const manifestPath = path.join(opts.recordingsRoot, dirName, "manifest.json");
+    if (!fs.existsSync(manifestPath)) continue;
+    try {
+      const raw = fs.readFileSync(manifestPath, "utf8");
+      const parsed = JSON.parse(raw) as { signupEmail?: string; state?: string };
+      if (parsed.state === "completed" && parsed.signupEmail) {
+        return parsed.signupEmail;
+      }
+    } catch {
+      continue;
+    }
+  }
+  return undefined;
+}
diff --git a/provisioner-scripts/src/workflow-recorder/flows.ts b/provisioner-scripts/src/workflow-recorder/flows.ts
new file mode 100644
index 0000000..46f21ee
--- /dev/null
+++ b/provisioner-scripts/src/workflow-recorder/flows.ts
@@ -0,0 +1,925 @@
+import * as path from "node:path";
+import type { Page } from "playwright";
+import {
+  finalizeManifest,
+  logAction,
+  snap,
+  type Manifest,
+  type SessionCtx,
+} from "./artifacts.js";
+import { dumpEmailToRecording, pollFreshRawEmail } from "../lib/email-analyzer.js";
+import { handleTurnstile } from "../lib/captcha/turnstile.js";
+import { handleHCaptcha } from "../lib/captcha/hcaptcha.js";
+import { escalateAndThrow } from "../lib/human-assist.js";
+import {
+  clickFirstVisible,
+  clickOuterCreate,
+  dismissCookieBanner,
+  humanType,
+  jitterDelay,
+} from "../lib/playwright-patterns.js";
+
+export interface FlowCtx {
+  session: SessionCtx;
+  manifest: Manifest;
+  page: Page;
+  signupEmail: string;
+  signupPassword: string;
+  signupUrl: string;
+  loginUrl?: string;
+  keysPath: string;
+  bucket: string;
+}
+
+const MAGIC_LINK_TEXT_SELECTOR = 'text=/verification link|use the link|sign up link|magic link/i';
+const OTP_SELECTOR = 'input[name="code"], input[inputmode="numeric"], input[autocomplete="one-time-code"]';
+
+// clickFirstVisible, jitterDelay, humanType, dismissCookieBanner,
+// clickOuterCreate moved to ../lib/playwright-patterns.ts (shared with
+// production scrapers). Recorder-specific wrappers below still reference
+// them via the named imports at the top of this file.
+
+// OpenRouter's onboarding modal ("Where did you first hear...") may pop up
+// after the keys page hydrates AND can re-open mid-form-fill if dismissed
+// late. This helper is idempotent — call it whenever a layered Radix modal
+// might be intercepting clicks.
+// Probe the page DOM directly — Playwright's locator filter+waitFor sometimes
+// fails to detect Radix modals that are mid-mount. Returns true if we found
+// (and dismissed via DOM removal as a hard fallback) at least one onboarding
+// modal during the polling window.
+async function dismissOnboardingModalDom(page: Page, detectTimeoutMs = 500): Promise<boolean> {
+  const start = Date.now();
+  let dismissed = false;
+  while (Date.now() - start < detectTimeoutMs + 100) {
+    const found = await page.evaluate(() => {
+      const dialogs = Array.from(document.querySelectorAll('[role="dialog"]'));
+      const result = { surveyOpen: false, welcomeOpen: false };
+      for (const d of dialogs) {
+        const t = (d.textContent || "").toLowerCase();
+        const visible = !!((d as HTMLElement).offsetWidth || (d as HTMLElement).offsetHeight);
+        if (!visible) continue;
+        if (t.includes("where did you first hear")) result.surveyOpen = true;
+        if (t.includes("you're all set") || t.includes("youre all set") || t.includes("get started by buying")) result.welcomeOpen = true;
+      }
+      return result;
+    });
+
+    if (!found.surveyOpen && !found.welcomeOpen) {
+      if (dismissed) return true;
+      // Modal not visible; short wait then re-poll, until detect timeout.
+      if (Date.now() - start >= detectTimeoutMs) return false;
+      await page.waitForTimeout(200);
+      continue;
+    }
+
+    dismissed = true;
+
+    if (found.surveyOpen) {
+      // Click "Other / Not sure" then Continue
+      for (const lbl of [/^other\s*\/\s*not sure$/i, /^skip$/i, /^not now$/i, /^other$/i]) {
+        const btn = page.getByRole("button", { name: lbl }).first();
+        if (await btn.isVisible().catch(() => false)) {
+          await btn.click({ timeout: 3_000, force: true }).catch(() => {});
+          break;
+        }
+      }
+      await page.waitForTimeout(300);
+      await page
+        .getByRole("button", { name: /^continue$/i })
+        .first()
+        .click({ timeout: 3_000, force: true })
+        .catch(() => {});
+      await page.waitForTimeout(700);
+    }
+
+    if (found.welcomeOpen) {
+      // Click Close (X) on the welcome banner.
+      await page
+        .getByRole("button", { name: /^close$/i })
+        .first()
+        .click({ timeout: 3_000, force: true })
+        .catch(() => {});
+      await page.waitForTimeout(700);
+    }
+  }
+  return dismissed;
+}
+
+// `dismissCookieBanner` now imported from ../lib/playwright-patterns.js
+// The legacy `dismissOnboardingModal` (locator-based variant) was removed —
+// `dismissOnboardingModalDom` above is the active, DOM-probe-based dismisser.
+
+async function detectAlreadyLoggedIn(page: Page): Promise<boolean> {
+  const url = page.url();
+  if (/\/(dashboard|home|keys|workspaces|account)/.test(url)) return true;
+  const signOutVisible = await page
+    .getByRole("button", { name: /sign out|log out|logout/i })
+    .first()
+    .isVisible({ timeout: 1_500 })
+    .catch(() => false);
+  return signOutVisible;
+}
+
+async function trySignOut(page: Page): Promise<void> {
+  const accountMenu = page
+    .getByRole("button", { name: /account|profile|menu/i })
+    .first();
+  await accountMenu.click({ timeout: 2_000 }).catch(() => {});
+  await page
+    .getByRole("menuitem", { name: /sign out|log out|logout/i })
+    .first()
+    .click({ timeout: 2_000 })
+    .catch(async () => {
+      await page
+        .getByRole("button", { name: /sign out|log out|logout/i })
+        .first()
+        .click({ timeout: 2_000 })
+        .catch(() => {});
+    });
+  await page.waitForTimeout(1_000);
+}
+
+export async function runSignupFlow(ctx: FlowCtx): Promise<void> {
+  const { page, session, manifest } = ctx;
+
+  await snap(page, "pre-signup-open", session, manifest);
+  logAction(session.outDir, { kind: "goto", url: ctx.signupUrl });
+  await page.goto(ctx.signupUrl, { waitUntil: "load", timeout: 30_000 });
+
+  // Cookie consent banner (ElevenLabs, many EU-compliant sites): click away
+  // before it blocks form interactions. No-op if no banner shows.
+  await dismissCookieBanner(page);
+
+  if (await detectAlreadyLoggedIn(page)) {
+    await snap(page, "already-logged-in-pre-signup", session, manifest);
+    await trySignOut(page);
+    await page.goto(ctx.signupUrl, { waitUntil: "load", timeout: 30_000 });
+    await dismissCookieBanner(page);
+    await snap(page, "post-logout", session, manifest);
+  }
+
+  await snap(page, "signup-form", session, manifest);
+  manifest.detectedSelectors.signupUrl = ctx.signupUrl;
+
+  const EMAIL_SEL = 'input[type="email"], input[name*="email" i], input[id*="email" i]';
+  await page.locator(EMAIL_SEL).first().waitFor({ timeout: 15_000 });
+  await humanType(page, EMAIL_SEL, ctx.signupEmail);
+  manifest.detectedSelectors.emailField = EMAIL_SEL;
+  await jitterDelay(250, 550);
+
+  const PW_SEL = 'input[type="password"], input[name*="password" i]';
+  // Multi-step signup detection (OpenAI Auth0, Auth0-style flows): if password
+  // input isn't on the same page as email, advance with Continue and wait.
+  const pwImmediate = await page
+    .locator(PW_SEL)
+    .first()
+    .isVisible({ timeout: 1_500 })
+    .catch(() => false);
+  if (!pwImmediate) {
+    await clickFirstVisible(page, [
+      'button:text-is("Continue")',
+      'button[type="submit"]:not(:has-text("Google")):not(:has-text("Apple")):not(:has-text("Microsoft")):not(:has-text("GitHub"))',
+    ]);
+    await jitterDelay(500, 900);
+    await page.locator(PW_SEL).first().waitFor({ timeout: 20_000 });
+    await snap(page, "password-step", session, manifest);
+  }
+  await humanType(page, PW_SEL, ctx.signupPassword);
+  manifest.detectedSelectors.passwordField = PW_SEL;
+  await jitterDelay(300, 700);
+
+  // Password-confirm field (Brave, many services): fill with same password.
+  const PW_CONFIRM_SEL =
+    'input[type="password"][name*="verif" i], input[type="password"][name*="confirm" i], input[type="password"][id*="verif" i], input[type="password"][id*="confirm" i], input[type="password"]:nth-of-type(2)';
+  const pwConfirm = page.locator(PW_CONFIRM_SEL).first();
+  if (await pwConfirm.count()) {
+    await humanType(page, PW_CONFIRM_SEL, ctx.signupPassword);
+    await jitterDelay(250, 500);
+  }
+
+  // "Full name" field (Brave): some services require it to enable submit.
+  const FULLNAME_SEL =
+    'input[type="text"][id="name"], input[type="text"][name="name"], input[type="text"][id*="fullname" i], input[type="text"][placeholder*="full name" i]';
+  const fullnameInput = page.locator(FULLNAME_SEL).first();
+  if (await fullnameInput.count()) {
+    await humanType(page, FULLNAME_SEL, `AgentKeys Bot ${Date.now().toString().slice(-4)}`);
+    await jitterDelay(250, 500);
+  }
+
+  // Company field (Brave, optional on most forms — fill defensively).
+  const COMPANY_SEL =
+    'input[type="text"][id*="company" i], input[type="text"][name*="company" i], input[type="text"][placeholder*="company" i]';
+  const companyInput = page.locator(COMPANY_SEL).first();
+  if (await companyInput.count()) {
+    await humanType(page, COMPANY_SEL, "AgentKeys Recording");
+    await jitterDelay(250, 500);
+  }
+
+  const TOS_SEL = 'input[type="checkbox"][id*="legal" i], input[type="checkbox"][name*="terms" i], input[type="checkbox"][id*="tos" i]';
+  const tosCheckbox = page.locator(TOS_SEL).first();
+  if (await tosCheckbox.count()) {
+    // Try direct check first; many custom-styled checkboxes hide the input
+    // behind a label. If still unchecked after that, click the label.
+    await tosCheckbox.check({ force: true, timeout: 3_000 }).catch(() => {});
+    const isChecked = await tosCheckbox.isChecked().catch(() => false);
+    if (!isChecked) {
+      // Click the label associated with the checkbox via for= attr, OR the
+      // parent label, OR the first clickable ancestor.
+      const labelFor = await tosCheckbox.evaluate((el: HTMLInputElement) => el.id || "");
+      if (labelFor) {
+        await page.locator(`label[for="${labelFor}"]`).first().click({ timeout: 2_000 }).catch(() => {});
+      }
+      // Still not checked? Click parent label.
+      if (!(await tosCheckbox.isChecked().catch(() => false))) {
+        await tosCheckbox.evaluateHandle((el: HTMLInputElement) => {
+          const lbl = el.closest("label");
+          if (lbl) (lbl as HTMLLabelElement).click();
+        }).catch(() => {});
+      }
+    }
+    manifest.detectedSelectors.tosCheckbox = TOS_SEL;
+    await jitterDelay(200, 500);
+  }
+
+  // Clerk renders TWO `data-localization-key="formButtonPrimary"` buttons on
+  // some pages: a template/SSR placeholder with aria-hidden="true", and the
+  // real visible one. `.first()` grabs the aria-hidden dup and the click
+  // times out on invisible. Iterate and pick the first VISIBLE candidate.
+  // Text-based selectors FIRST — avoids the blanket `button[type="submit"]`
+  // that would match cookie-banner closes, Google-sign-up buttons, etc.
+  // Exclude the "Sign up with Google" OAuth button (text contains "Google").
+  const clickedContinue = await clickFirstVisible(page, [
+    'button[data-localization-key="formButtonPrimary"]',
+    'button:text-is("Sign up")',
+    'button:text-is("Register")',
+    'button:text-is("Continue")',
+    'button:text-is("Create account")',
+    'button:has-text("Create account")',
+    'form button[type="submit"]:not([aria-label="Open AI Assistant"]):not([aria-label="Close"]):not(:has-text("Google")):not(:has-text("GitHub")):not(:has-text("Apple"))',
+  ]);
+  if (!clickedContinue) {
+    escalateAndThrow({
+      reason: "selector-missing",
+      hint: "No visible Continue button found after fill. Clerk widget may have changed — inspect via Chrome DevTools.",
+      url: page.url(),
+      screenshotPath: path.join(session.outDir, "steps"),
+      lastActionLog: [],
+    });
+  }
+  manifest.detectedSelectors.continueBtn = clickedContinue;
+  await snap(page, "after-continue", session, manifest);
+
+  const turnstileMode = await handleTurnstile(page);
+  manifest.outcomes.turnstileMode = turnstileMode;
+  await snap(page, "turnstile-resolved", session, manifest, { turnstileMode });
+
+  // hCaptcha (ElevenLabs, Discord-style signups): invoked ON submit. If the
+  // fingerprint looks human, invisible hCaptcha passes passively and the
+  // token auto-populates. If a challenge shows up, we fall back to
+  // human-in-loop or CapSolver (when the account supports hCaptcha).
+  const hcaptchaMode = await handleHCaptcha(page, {
+    screenshotPathOnEscalate: path.join(session.outDir, "steps"),
+  });
+  manifest.outcomes.hCaptchaMode = hcaptchaMode;
+  await snap(page, "hcaptcha-resolved", session, manifest, { hcaptchaMode });
+
+  await resolveVerification(ctx);
+  await completePostVerifyProfile(ctx);
+
+  manifest.outcomes.signupCompleted = true;
+  await mintApiKey(ctx);
+}
+
+// If the URL is /login|/sign-in after resolveVerification, fill the login
+// form with the just-used signup credentials and submit. No-op if not on
+// login page.
+async function maybeAutoLoginAfterSignup(ctx: FlowCtx): Promise<void> {
+  const { page, session, manifest } = ctx;
+  if (!/\/(log[-_]?in|sign[-_]?in)\b/i.test(page.url())) return;
+
+  await snap(page, "post-signup-login-form", session, manifest);
+
+  const emailSel = 'input[type="email"], input[name*="email" i], input[id*="email" i]';
+  const pwSel = 'input[type="password"]';
+  const emailInput = page.locator(emailSel).first();
+  if (await emailInput.count()) {
+    await humanType(page, emailSel, ctx.signupEmail);
+    await jitterDelay(200, 500);
+  }
+  const pwInput = page.locator(pwSel).first();
+  if (await pwInput.count()) {
+    await humanType(page, pwSel, ctx.signupPassword);
+    await jitterDelay(200, 500);
+  }
+
+  const loginSubmitAtMs = Date.now();
+  await clickFirstVisible(page, [
+    'button:text-is("Login")',
+    'button:text-is("Log in")',
+    'button:text-is("Sign in")',
+    'form button[type="submit"]:not([aria-label="Open AI Assistant"]):not([aria-label="Close"])',
+  ]);
+
+  await page
+    .waitForURL((u) => !/\/(log[-_]?in|sign[-_]?in)\b/i.test(u.toString()), { timeout: 30_000 })
+    .catch(() => {});
+  await snap(page, "post-signup-login-done", session, manifest);
+
+  // Brave 2FA: after password login, URL lands on /verify-otp and a new email
+  // arrives with a 6-digit code. Poll S3 and fill it in before mintApiKey
+  // re-navigates to the keys page.
+  if (/\/(verify-otp|otp|2fa|mfa)\b/i.test(page.url())) {
+    await resolvePostLoginOtp(ctx, loginSubmitAtMs);
+  }
+}
+
+async function resolvePostLoginOtp(ctx: FlowCtx, startedAtMs: number): Promise<void> {
+  const { page, session, manifest } = ctx;
+  await snap(page, "post-login-otp-page", session, manifest);
+  logAction(session.outDir, { kind: "poll-s3-email", bucket: ctx.bucket, startedAt: new Date(startedAtMs).toISOString(), phase: "post-login-otp" });
+
+  // Filter to login/verify-coded emails so we don't pick up welcome emails
+  // that arrive between registration and the actual OTP.
+  const { key, rawMime } = await pollFreshRawEmail({
+    bucket: ctx.bucket,
+    startedAtMs,
+    timeoutMs: 120_000,
+    subjectPattern: /login|sign[-\s]?in|verify|verification|one[-\s]?time|otp|code|2fa|mfa/i,
+  });
+  logAction(session.outDir, { kind: "email-matched", key, phase: "post-login-otp" });
+
+  const analysis = dumpEmailToRecording(
+    path.join(session.outDir, "emails"),
+    key,
+    rawMime
+  );
+
+  // The analyzer prefers magic-link when it sees a verification-flavored URL
+  // in the body. But Brave's "Brave Search API login attempt" email contains
+  // BOTH a 6-digit OTP AND helper URLs — so it gets misclassified. Fall
+  // back to direct OTP extraction from the raw body so the post-login flow
+  // still completes.
+  let otpCode: string | undefined =
+    analysis.verifyType === "otp" ? analysis.code : undefined;
+  if (!otpCode) {
+    const stripped = rawMime
+      .replace(/<style\b[^>]*>[\s\S]*?<\/style>/gi, " ")
+      .replace(/<script\b[^>]*>[\s\S]*?<\/script>/gi, " ")
+      .replace(/<[^>]+>/g, " ")
+      .replace(/&nbsp;/g, " ")
+      .replace(/=\r?\n/g, "")
+      .replace(/\s+/g, " ");
+    const labeled = stripped.match(
+      /(?:verification|security|login|sign[-\s]?in|one[-\s]?time|auth(?:entication)?|access)\s*code[^0-9]{0,40}(\d{6})/i,
+    );
+    const before = stripped.match(/(\d{6})[^0-9]{0,40}(?:is\s+your|to\s+(?:verify|sign|log))/i);
+    otpCode = labeled?.[1] ?? before?.[1] ?? stripped.match(/\b(\d{6})\b/)?.[1];
+  }
+  if (!otpCode) {
+    escalateAndThrow({
+      reason: "verification-blocked",
+      hint: `post-login 2FA email had no extractable 6-digit code (analyzer verifyType=${analysis.verifyType})`,
+      url: page.url(),
+      screenshotPath: path.join(session.outDir, "steps"),
+      lastActionLog: [],
+    });
+  }
+  // Bind for downstream code that previously read analysis.code.
+  const analysisOtp = otpCode!;
+
+  // React/Svelte-controlled OTP inputs: `.fill()` sets DOM value but doesn't
+  // fire onChange. Use pressSequentially + explicit input/change events.
+  // Svelte components often validate on `input` event; React on `change`.
+  const inputs = await page.locator(OTP_SELECTOR).all();
+  const typeWithEvents = async (el: (typeof inputs)[number], code: string) => {
+    await el.click();
+    await el.pressSequentially(code, { delay: 80 });
+    // Fire input+change to force frameworks to revalidate form state.
+    await el.dispatchEvent("input");
+    await el.dispatchEvent("change");
+  };
+  if (inputs.length === 1) {
+    await typeWithEvents(inputs[0], analysisOtp);
+  } else if (inputs.length === 6) {
+    for (let i = 0; i < 6; i++) {
+      await typeWithEvents(inputs[i], analysisOtp[i]);
+    }
+  } else {
+    escalateAndThrow({
+      reason: "verification-blocked",
+      hint: `unexpected post-login OTP input count: ${inputs.length}`,
+      url: page.url(),
+      screenshotPath: path.join(session.outDir, "steps"),
+      lastActionLog: [],
+    });
+  }
+  await jitterDelay(300, 700);
+  const submitBtn = page.getByRole("button", { name: /verify|submit|continue|confirm/i }).first();
+  // Wait for button to become enabled (React validation may take a tick).
+  await submitBtn.waitFor({ state: "visible", timeout: 5_000 }).catch(() => {});
+  for (let i = 0; i < 20; i++) {
+    if (await submitBtn.isEnabled().catch(() => false)) break;
+    await page.waitForTimeout(250);
+  }
+  if (await submitBtn.isVisible({ timeout: 2_000 }).catch(() => false)) {
+    await submitBtn.click({ timeout: 10_000 });
+  }
+  await page
+    .waitForURL((u) => !/\/(verify-otp|otp|2fa|mfa)\b/i.test(u.toString()), { timeout: 30_000 })
+    .catch(() => {});
+  manifest.outcomes.postLoginOtp = true;
+  await snap(page, "post-login-otp-done", session, manifest);
+}
+
+export async function runLoginFlow(ctx: FlowCtx): Promise<void> {
+  const { page, session, manifest } = ctx;
+  const url = ctx.loginUrl ?? ctx.signupUrl;
+
+  await snap(page, "pre-login-open", session, manifest);
+  await page.goto(url, { waitUntil: "load", timeout: 30_000 });
+
+  if (await detectAlreadyLoggedIn(page)) {
+    await snap(page, "already-logged-in", session, manifest);
+    manifest.outcomes.loginSkipped = true;
+    await mintApiKey(ctx);
+    return;
+  }
+
+  await snap(page, "login-form", session, manifest);
+
+  const LOGIN_EMAIL_SEL = 'input[type="email"], input[name*="email" i]';
+  await page.locator(LOGIN_EMAIL_SEL).first().waitFor({ timeout: 15_000 });
+  await humanType(page, LOGIN_EMAIL_SEL, ctx.signupEmail);
+  manifest.detectedSelectors.emailField = LOGIN_EMAIL_SEL;
+  await jitterDelay(250, 550);
+
+  const LOGIN_PW_SEL = 'input[type="password"]';
+  const passwordInput = page.locator(LOGIN_PW_SEL).first();
+  if (await passwordInput.count()) {
+    await humanType(page, LOGIN_PW_SEL, ctx.signupPassword);
+    manifest.detectedSelectors.passwordField = LOGIN_PW_SEL;
+    await jitterDelay(300, 700);
+  }
+
+  const clickedLoginContinue = await clickFirstVisible(page, [
+    'button[data-localization-key="formButtonPrimary"]',
+    'form button[type="submit"]',
+    'button:has-text("Continue")',
+    'button:has-text("Sign in")',
+    'button:has-text("Log in")',
+  ]);
+  if (!clickedLoginContinue) {
+    escalateAndThrow({
+      reason: "selector-missing",
+      hint: "No visible login Continue button found after fill.",
+      url: page.url(),
+      screenshotPath: path.join(session.outDir, "steps"),
+      lastActionLog: [],
+    });
+  }
+  manifest.detectedSelectors.continueBtn = clickedLoginContinue;
+  await snap(page, "after-continue", session, manifest);
+
+  const turnstileMode = await handleTurnstile(page);
+  manifest.outcomes.turnstileMode = turnstileMode;
+  await snap(page, "turnstile-resolved", session, manifest, { turnstileMode });
+
+  const needsVerify = await page
+    .locator(OTP_SELECTOR)
+    .first()
+    .isVisible({ timeout: 2_000 })
+    .catch(() => false);
+  if (needsVerify) {
+    await resolveVerification(ctx);
+  }
+
+  await page
+    .waitForURL((u) => !u.toString().includes("/sign-in") && !u.toString().includes("/log-in"), {
+      timeout: 30_000,
+    })
+    .catch(() => {});
+  await snap(page, "post-login", session, manifest);
+
+  manifest.outcomes.loginCompleted = true;
+  await mintApiKey(ctx);
+}
+
+// Post-email-verification profile page (OpenAI's /about-you, etc.): some
+// services gate session-cookie issuance behind a final "Full name + Age"
+// form. Fill and submit so the account is fully provisioned before we try
+// to mint an API key on the product domain. No-op if no profile fields
+// visible.
+async function completePostVerifyProfile(ctx: FlowCtx): Promise<void> {
+  const { page, session, manifest } = ctx;
+
+  const NAME_SEL =
+    'input[autocomplete="name"], input[id*="name" i][type="text"]:not([name*="company" i]), input[placeholder*="full name" i], input[placeholder*="your name" i]';
+  const AGE_SEL =
+    'input[id*="age" i][inputmode="numeric"], input[placeholder="Age"], input[name="age"]';
+
+  const nameVisible = await page
+    .locator(NAME_SEL)
+    .first()
+    .isVisible({ timeout: 2_000 })
+    .catch(() => false);
+  const ageVisible = await page
+    .locator(AGE_SEL)
+    .first()
+    .isVisible({ timeout: 500 })
+    .catch(() => false);
+  if (!nameVisible && !ageVisible) return;
+
+  await snap(page, "post-verify-profile-form", session, manifest);
+
+  if (nameVisible) {
+    // OpenAI rejects names containing digits or anything that doesn't look
+    // person-name-shaped. Use plausible human-looking names (no numbers).
+    const firsts = ["Alex", "Jamie", "Taylor", "Morgan", "Casey", "Jordan", "Riley", "Avery"];
+    const lasts = ["Parker", "Reed", "Hayes", "Bennett", "Foster", "Cole", "Quinn", "Shaw"];
+    const pick = (arr: string[]) => arr[Math.floor(Math.random() * arr.length)]!;
+    await humanType(page, NAME_SEL, `${pick(firsts)} ${pick(lasts)}`);
+    await jitterDelay(200, 500);
+  }
+  if (ageVisible) {
+    await humanType(page, AGE_SEL, "28");
+    // React-controlled hidden birthday field recomputes from age on input.
+    // Give the reactive cycle a beat before clicking submit.
+    await jitterDelay(600, 1_000);
+    // Blur the age field (Tab) — some forms only compute birthday on blur.
+    await page.keyboard.press("Tab").catch(() => {});
+    await jitterDelay(200, 400);
+  }
+
+  const clicked = await clickFirstVisible(page, [
+    'button:text-is("Finish creating account")',
+    'button:has-text("Finish")',
+    'button:text-is("Continue")',
+    'button:has-text("Get started")',
+    'form button[type="submit"]',
+  ]);
+  if (!clicked) return;
+
+  // Wait for the session-cookie redirect away from auth.openai.com's profile
+  // page toward the product domain (platform.openai.com/*).
+  await page
+    .waitForURL((u) => !/\/about-you|\/create-account|\/email-verification/i.test(u.toString()), {
+      timeout: 30_000,
+    })
+    .catch(() => {});
+  await snap(page, "post-verify-profile-done", session, manifest);
+  manifest.outcomes.postVerifyProfile = true;
+}
+
+async function resolveVerification(ctx: FlowCtx): Promise<void> {
+  const { page, session, manifest } = ctx;
+
+  // Wait up to 60s for ONE OF: OTP input, magic-link copy, verify-pending URL,
+  // or URL-leaves-all-auth. Polling loop because Clerk renders the verify
+  // screen 1–5s after submit + Turnstile. Previous naive 3s check fired too
+  // early and returned false-false, then wasted 120s polling S3 for an email
+  // the user never triggered.
+  let otpPresent = false;
+  let magicLinkPresent = false;
+  let urlAdvanced = false;
+  let onVerifyPage = false;
+  const waitDeadline = Date.now() + 60_000;
+  while (Date.now() < waitDeadline) {
+    otpPresent = await page
+      .locator(OTP_SELECTOR)
+      .first()
+      .isVisible({ timeout: 500 })
+      .catch(() => false);
+    magicLinkPresent = await page
+      .locator(MAGIC_LINK_TEXT_SELECTOR)
+      .first()
+      .isVisible({ timeout: 500 })
+      .catch(() => false);
+    const url = page.url();
+    // `/verify*` = "we sent you an email" pending state (Brave's /verify-account).
+    // Treat as verify-pending, not as advanced.
+    onVerifyPage = /\/verify(?:[\/?-]|$)/.test(url);
+    // Include all auth paths: sign-up/sign-in/register/login/auth/verify. Brave
+    // uses /register and /login instead of /sign-up; OpenRouter uses /auth.
+    urlAdvanced = !/\/sign-up|\/sign-in|\/auth|\/verify|\/register|\/log[-_]?in/.test(url);
+    if (otpPresent || magicLinkPresent || urlAdvanced || onVerifyPage) break;
+    await page.waitForTimeout(1_500);
+  }
+
+  await snap(page, "verify-screen", session, manifest, {
+    otpPresent,
+    magicLinkPresent,
+    urlAdvanced,
+    onVerifyPage,
+    finalUrl: page.url(),
+  });
+
+  // If URL already advanced past all known auth flows (Clerk sometimes auto-
+  // verifies or lands straight on dashboard for SSO), skip email polling.
+  if (urlAdvanced && !otpPresent && !magicLinkPresent && !onVerifyPage) {
+    manifest.outcomes.verifyType = "skipped";
+    return;
+  }
+
+  // Not on verify screen AND URL still on sign-up → submit failed or flow
+  // genuinely stuck. Escalate rather than burn 120s polling S3.
+  if (!otpPresent && !magicLinkPresent && !onVerifyPage) {
+    manifest.outcomes.verifyType = "unknown";
+    escalateAndThrow({
+      reason: "verification-blocked",
+      hint: "No verify screen appeared within 60s and URL still on sign-up path. Form submit likely failed (wrong Continue button clicked?).",
+      url: page.url(),
+      screenshotPath: path.join(session.outDir, "steps"),
+      lastActionLog: [],
+    });
+  }
+
+  const startedAtMs = Date.now();
+  const pollStart = new Date(startedAtMs).toISOString();
+  logAction(session.outDir, { kind: "poll-s3-email", bucket: ctx.bucket, startedAt: pollStart });
+
+  const { key, rawMime } = await pollFreshRawEmail({
+    bucket: ctx.bucket,
+    startedAtMs,
+    timeoutMs: 120_000,
+  });
+  logAction(session.outDir, { kind: "email-matched", key });
+
+  const analysis = dumpEmailToRecording(
+    path.join(session.outDir, "emails"),
+    key,
+    rawMime
+  );
+
+  manifest.detectedRegexes.emailFrom = analysis.from;
+  manifest.detectedRegexes.emailSubject = analysis.subject;
+
+  if (analysis.verifyType === "magic-link") {
+    manifest.outcomes.verifyType = "magic-link";
+    const urlObj = new URL(analysis.url);
+    manifest.detectedRegexes.verifyUrlHost = urlObj.host;
+    manifest.detectedRegexes.urlHasHtmlEntities = analysis.urlHasHtmlEntities;
+    const decoded = analysis.url
+      .replace(/&amp;/g, "&")
+      .replace(/&lt;/g, "<")
+      .replace(/&gt;/g, ">");
+    logAction(session.outDir, { kind: "goto-verify-url", host: urlObj.host });
+    await page.goto(decoded, { waitUntil: "load", timeout: 30_000 });
+    // Clerk magic links land on /sign-up/verify-email-address?__clerk_status=verified
+    // — the URL still contains "/sign-up" but the session IS established.
+    // Treat verified-session query params as advancement so we don't burn
+    // 30s waiting for a redirect that never comes (mintApiKey can navigate
+    // to the keys URL itself once the session cookie is set).
+    const verifyDone = (u: { toString(): string }): boolean => {
+      const s = u.toString();
+      const verifiedSession = /[?&]__clerk_status=verified|__clerk_created_session=/.test(s);
+      const leftAuth = !s.includes("/sign-up") && !s.includes("/sign-in");
+      return verifiedSession || leftAuth;
+    };
+    await page.waitForURL(verifyDone, { timeout: 30_000 }).catch(() => {});
+    await snap(page, "post-verify-redirect", session, manifest);
+    return;
+  }
+
+  if (analysis.verifyType === "otp") {
+    manifest.outcomes.verifyType = "otp";
+    // React/Svelte-controlled OTP inputs: `.fill()` sets DOM value but doesn't
+    // fire onChange, leaving Submit disabled. Use pressSequentially +
+    // dispatched input/change events.
+    const inputs = await page.locator(OTP_SELECTOR).all();
+    const typeWithEvents = async (el: (typeof inputs)[number], code: string) => {
+      await el.click();
+      await el.pressSequentially(code, { delay: 80 });
+      await el.dispatchEvent("input");
+      await el.dispatchEvent("change");
+    };
+    if (inputs.length === 1) {
+      await typeWithEvents(inputs[0], analysis.code);
+    } else if (inputs.length === 6) {
+      for (let i = 0; i < 6; i++) await typeWithEvents(inputs[i], analysis.code[i]);
+    } else {
+      escalateAndThrow({
+        reason: "verification-blocked",
+        hint: `unexpected OTP input count: ${inputs.length}`,
+        url: page.url(),
+        screenshotPath: path.join(session.outDir, "steps"),
+        lastActionLog: [],
+      });
+    }
+    await jitterDelay(300, 700);
+    const submitBtn = page.getByRole("button", { name: /verify|submit|continue|confirm/i }).first();
+    // Wait for button to become enabled (form validation may debounce).
+    for (let i = 0; i < 20; i++) {
+      if (await submitBtn.isEnabled().catch(() => false)) break;
+      await page.waitForTimeout(250);
+    }
+    if (await submitBtn.isVisible({ timeout: 2_000 }).catch(() => false)) {
+      await submitBtn.click({ timeout: 10_000 }).catch(() => {});
+    }
+    await page
+      .waitForURL((u) => !/\/(sign-up|sign-in|verify|email-verification)\b/i.test(u.toString()), {
+        timeout: 30_000,
+      })
+      .catch(() => {});
+    await snap(page, "post-verify-redirect", session, manifest);
+    return;
+  }
+
+  manifest.outcomes.verifyType = "unknown";
+  escalateAndThrow({
+    reason: "verification-blocked",
+    hint: `email-analyzer could not classify the verification email: ${analysis.reason}`,
+    url: page.url(),
+    screenshotPath: path.join(session.outDir, "steps"),
+    lastActionLog: [],
+  });
+}
+
+export async function mintApiKey(ctx: FlowCtx): Promise<void> {
+  const { page, session, manifest } = ctx;
+
+  // If we're mid-OAuth callback (e.g. `/auth/callback?code=...`), let the
+  // client-side router finish before forcing our own navigation — goto during
+  // a callback drops the exchanged session cookie. Wait up to 15s for URL to
+  // leave `/auth/callback`, `/about-you`, `/email-verification`.
+  if (/\/(auth\/callback|about-you|email-verification|create-account)/i.test(page.url())) {
+    await page
+      .waitForURL(
+        (u) => !/\/(auth\/callback|about-you|email-verification|create-account)/i.test(u.toString()),
+        { timeout: 15_000 },
+      )
+      .catch(() => {});
+    // OpenAI: after callback lands on /home (or similar), the onboarding
+    // backend may need a few seconds to ensure a default project exists
+    // before /api-keys routes render correctly. Without this, the SPA
+    // races "Organization already has a default project" errors.
+    await page.waitForTimeout(3_000);
+  }
+
+  const keysUrl = new URL(ctx.keysPath, page.url()).toString();
+  logAction(session.outDir, { kind: "goto-keys", url: keysUrl });
+  await page.goto(keysUrl, { waitUntil: "load", timeout: 20_000 });
+
+  // If goto-keys got redirected to a /login page (Brave, etc.), auto-login
+  // with the signup credentials we just created, then re-goto keys.
+  await maybeAutoLoginAfterSignup(ctx);
+  if (/\/(log[-_]?in|sign[-_]?in)\b/i.test(page.url())) {
+    // Still stuck on login; escalate.
+    escalateAndThrow({
+      reason: "auth-challenge",
+      hint: "Stuck on /login after navigating to keys. Auto-login either didn't fill or didn't advance. Credentials may not be valid yet, or there's a second auth step.",
+      url: page.url(),
+      screenshotPath: path.join(session.outDir, "steps"),
+      lastActionLog: [],
+    });
+  }
+
+  // Re-navigate to keys in case auto-login landed us on dashboard root.
+  if (!page.url().includes(ctx.keysPath)) {
+    await page.goto(keysUrl, { waitUntil: "load", timeout: 20_000 });
+  }
+  await snap(page, "keys-page", session, manifest);
+  manifest.detectedSelectors.keysPath = ctx.keysPath;
+
+  // OpenRouter's modal chain can render 25-60s+ post-hydration — too long
+  // to wait synchronously. Strategy: do a very short initial probe (so
+  // services where the modal IS already present don't skip it), then race
+  // ahead into clickOuterCreate where the per-iteration inline dismiss
+  // catches the modal if/when it appears.
+  if (await dismissOnboardingModalDom(page, 1_500)) {
+    manifest.outcomes.onboardingModalSeen = true;
+    await snap(page, "onboarding-dismissed", session, manifest);
+  } else {
+    manifest.outcomes.onboardingModalSeen = false;
+  }
+
+  await snap(page, "keys-empty-state", session, manifest);
+
+  // Outer "Create ... Key" button (empty-state or list-header). If the
+  // dialog is already open (stale from a prior failed run), skip this.
+  const dlgAlreadyOpen = await page.locator('[role="dialog"]').first().isVisible({ timeout: 500 }).catch(() => false);
+  let clickedCreateKey: string | null = "dialog-already-open";
+  if (!dlgAlreadyOpen) {
+    clickedCreateKey = await clickOuterCreate(page, {
+      onBeforeIteration: (p) => dismissOnboardingModalDom(p, 200).then(() => {}),
+    });
+  }
+  if (!clickedCreateKey) {
+    escalateAndThrow({
+      reason: "selector-missing",
+      hint: "No visible Create Key button on the keys page.",
+      url: page.url(),
+      screenshotPath: path.join(session.outDir, "steps"),
+      lastActionLog: [],
+    });
+  }
+  manifest.detectedSelectors.createKeyBtn = clickedCreateKey;
+  await snap(page, "create-dialog", session, manifest);
+
+  // Defensive re-dismiss: OpenRouter's onboarding modal sometimes pops up
+  // (or re-pops) on top of the freshly-opened Create Key form dialog,
+  // intercepting all subsequent name-fill and confirm clicks.
+  await dismissOnboardingModalDom(page);
+
+  // OpenAI instant-mint UI: after clicking "Create new secret key" the key
+  // reveals immediately without a Name prompt. Detect and skip the
+  // name+confirm flow when the count of sk-* elements INCREASED above the
+  // baseline (don't be fooled by tutorial text containing example keys).
+  const SK_REVEAL_SEL = 'code:has-text("sk-"), pre:has-text("sk-"), input[value^="sk-"]';
+  const skRevealCount = await page.locator(SK_REVEAL_SEL).count().catch(() => 0);
+  // We don't have an independent baseline here; if a fresh form dialog opened
+  // input#name will be visible → instantRevealed should stay false. Treat
+  // instant reveal as ONLY when a Name input is NOT also visible.
+  const nameInputVisible = await page
+    .locator('input#name, input[id*="name" i]:not([type="email"]):not([type="password"])')
+    .first()
+    .isVisible({ timeout: 500 })
+    .catch(() => false);
+  const instantRevealed = skRevealCount > 0 && !nameInputVisible;
+
+  if (!instantRevealed) {
+    // Traditional flow: wait for Name input dialog, fill, confirm.
+    const NAME_SEL =
+      'input#name, input[id*="name" i]:not([type="email"]):not([type="password"])';
+    await page.locator(NAME_SEL).first().waitFor({ state: "visible", timeout: 10_000 }).catch(() => {});
+
+    // Defensive re-dismiss in case the onboarding modal is now ON TOP of
+    // the form dialog (it pops asynchronously after keys-page hydrates and
+    // can race ahead of clickOuterCreate's success check).
+    await dismissOnboardingModalDom(page);
+
+    const nameInput = page.locator(NAME_SEL).first();
+    if (await nameInput.count()) {
+      // Clear any partial value left by a prior interrupted humanType
+      // (onboarding-modal-induced focus loss).
+      await nameInput.fill("").catch(() => {});
+      await humanType(page, NAME_SEL, `agentkeys-recording-${Date.now()}`);
+      await jitterDelay(300, 600);
+    }
+
+    // Scope confirm to the dialog that contains the name input. `:has()`
+    // picks only the matching container, not the welcome-banner dialog.
+    const formDialog = page.locator('[role="dialog"]:has(input#name)').first();
+    await formDialog
+      .locator('button:not([disabled])')
+      .filter({ hasText: /create/i })
+      .first()
+      .waitFor({ state: "visible", timeout: 10_000 })
+      .catch(() => {});
+
+    // One more defensive dismissal right before the confirm click.
+    await dismissOnboardingModalDom(page);
+    await jitterDelay(250, 550);
+    const clickedConfirm = await clickFirstVisible(page, [
+      '[role="dialog"]:has(input#name) button:text-is("Create API Key")',
+      '[role="dialog"]:has(input#name) button:text-is("Create")',
+      '[role="dialog"]:has(input#name) button:has-text("Create")',
+    ]);
+    if (!clickedConfirm) {
+      escalateAndThrow({
+        reason: "selector-missing",
+        hint: "No visible Create/Submit button inside the Create Key dialog. Dialog may have extra required fields (credit limit, expiration) blocking submit.",
+        url: page.url(),
+        screenshotPath: path.join(session.outDir, "steps"),
+        lastActionLog: [],
+      });
+    }
+    manifest.detectedSelectors.createKeyBtn = `${clickedCreateKey} → confirm via ${clickedConfirm}`;
+  } else {
+    manifest.detectedSelectors.createKeyBtn = `${clickedCreateKey} → instant-mint (no Name prompt)`;
+  }
+
+  const keyEl = page
+    .locator(
+      'code:has-text("sk-"), pre:has-text("sk-"), input[value^="sk-"]'
+    )
+    .first();
+  await keyEl.waitFor({ timeout: 15_000 });
+  manifest.detectedSelectors.keyReveal =
+    'code:has-text("sk-"), pre:has-text("sk-"), input[value^="sk-"]';
+  await snap(page, "key-revealed", session, manifest);
+
+  const tag = await keyEl.evaluate((n) => n.tagName.toLowerCase());
+  const raw =
+    tag === "input"
+      ? await keyEl.inputValue()
+      : (await keyEl.textContent()) ?? "";
+  const key = raw.trim();
+  if (!/^sk-[a-zA-Z0-9_-]{20,}$/.test(key)) {
+    escalateAndThrow({
+      reason: "selector-missing",
+      hint: `extracted value doesn't match sk-* format: ${key.slice(0, 40)}`,
+      url: page.url(),
+      screenshotPath: path.join(session.outDir, "steps"),
+      lastActionLog: [],
+    });
+  }
+
+  manifest.outcomes.apiKeyExtracted = true;
+  manifest.outcomes.apiKeyMasked = `${key.slice(0, 8)}****${key.slice(-4)}`;
+  logAction(session.outDir, {
+    kind: "key-minted",
+    masked: manifest.outcomes.apiKeyMasked,
+  });
+}
+
+export { finalizeManifest };
diff --git a/provisioner-scripts/src/workflow-recorder/record-service.ts b/provisioner-scripts/src/workflow-recorder/record-service.ts
new file mode 100644
index 0000000..6bff5c5
--- /dev/null
+++ b/provisioner-scripts/src/workflow-recorder/record-service.ts
@@ -0,0 +1,300 @@
+#!/usr/bin/env -S node --import tsx/esm
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { chromium, type Browser, type BrowserContext, type Page } from "playwright";
+import { initManifest, type SessionCtx } from "./artifacts.js";
+import { finalizeManifest, runLoginFlow, runSignupFlow, type FlowCtx } from "./flows.js";
+import { resolveLoginCreds } from "./credential-resolver.js";
+
+interface CliArgs {
+  service: string;
+  flow: "signup" | "login";
+  signupUrl: string;
+  loginUrl?: string;
+  emailDomain: string;
+  keysPath: string;
+  outputDir?: string;
+  loginEmail?: string;
+  loginPassword?: string;
+}
+
+function parseArgs(argv: string[]): CliArgs {
+  const args: Partial<CliArgs> = { keysPath: "/keys" };
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    const next = (): string => {
+      const v = argv[++i];
+      if (v === undefined) throw new Error(`flag ${a} requires a value`);
+      return v;
+    };
+    switch (a) {
+      case "--service": args.service = next(); break;
+      case "--flow": {
+        const v = next();
+        if (v !== "signup" && v !== "login") throw new Error(`--flow must be signup|login, got ${v}`);
+        args.flow = v;
+        break;
+      }
+      case "--signup-url": args.signupUrl = next(); break;
+      case "--login-url": args.loginUrl = next(); break;
+      case "--email-domain": args.emailDomain = next(); break;
+      case "--keys-path": args.keysPath = next(); break;
+      case "--output-dir": args.outputDir = next(); break;
+      case "--login-email": args.loginEmail = next(); break;
+      case "--login-password": args.loginPassword = next(); break;
+      case "-h":
+      case "--help":
+        process.stdout.write(usageText());
+        process.exit(0);
+        break;
+      default:
+        throw new Error(`unknown flag: ${a}`);
+    }
+  }
+  if (!args.service) throw new Error("--service is required");
+  if (!args.flow) throw new Error("--flow is required (signup|login)");
+  if (!args.signupUrl) throw new Error("--signup-url is required");
+  if (!args.emailDomain) throw new Error("--email-domain is required");
+  return args as CliArgs;
+}
+
+function usageText(): string {
+  return [
+    "record-service — capture signup/login flow into provisioner-scripts/recordings/",
+    "",
+    "Usage:",
+    "  npx tsx src/workflow-recorder/record-service.ts \\",
+    "    --service <slug> --flow signup|login \\",
+    "    --signup-url <url> [--login-url <url>] \\",
+    "    --email-domain <domain> [--keys-path /keys] \\",
+    "    [--output-dir <dir>] \\",
+    "    [--login-email <email> --login-password <pw>]",
+    "",
+    "Env:",
+    "  CDP_URL                        default http://localhost:9222",
+    "  AGENTKEYS_SES_BUCKET           required",
+    "  AWS_REGION                     default us-east-1",
+    "  AGENTKEYS_SIGNUP_PASSWORD      required for signup flow",
+    "  AGENTKEYS_LOGIN_EMAIL/PASSWORD fallback for login flow",
+    "",
+  ].join("\n");
+}
+
+function defaultOutputDir(repoRoot: string, service: string, flow: string): string {
+  const ts = new Date().toISOString().replace(/[-:]/g, "").replace(/\..+/, "").replace("T", "-");
+  return path.join(repoRoot, "provisioner-scripts", "recordings", `${service}-${flow}-${ts}`);
+}
+
+// Walk up looking for `.git` (the TRUE repo root). Earlier version returned
+// the first dir with `package.json`, which matched provisioner-scripts/ and
+// doubled the path on output (provisioner-scripts/provisioner-scripts/...).
+function findRepoRoot(startDir: string): string {
+  let dir = startDir;
+  while (dir !== "/") {
+    if (fs.existsSync(path.join(dir, ".git"))) return dir;
+    dir = path.dirname(dir);
+  }
+  // Fallback: first package.json if no .git found (unlikely in this repo).
+  dir = startDir;
+  while (dir !== "/") {
+    if (fs.existsSync(path.join(dir, "package.json"))) return dir;
+    dir = path.dirname(dir);
+  }
+  return process.cwd();
+}
+
+async function withTimeout<T>(label: string, ms: number, fn: () => Promise<T>): Promise<T> {
+  let timer: NodeJS.Timeout | undefined;
+  try {
+    return await Promise.race([
+      fn(),
+      new Promise<never>((_, reject) => {
+        timer = setTimeout(
+          () => reject(new Error(`timeout after ${ms}ms at: ${label}`)),
+          ms
+        );
+      }),
+    ]);
+  } finally {
+    if (timer) clearTimeout(timer);
+  }
+}
+
+function writeAssistRequest(outDir: string, payload: Record<string, unknown>): void {
+  try {
+    fs.writeFileSync(
+      path.join(outDir, "assist-request.json"),
+      JSON.stringify({ ts: new Date().toISOString(), ...payload }, null, 2)
+    );
+  } catch {
+    // best-effort
+  }
+}
+
+const log = (msg: string) =>
+  process.stderr.write(`[recorder] ${new Date().toISOString().slice(11, 19)} ${msg}\n`);
+
+async function main(): Promise<void> {
+  const args = parseArgs(process.argv.slice(2));
+  const repoRoot = findRepoRoot(process.cwd());
+  const outDir = args.outputDir ?? defaultOutputDir(repoRoot, args.service, args.flow);
+  fs.mkdirSync(outDir, { recursive: true });
+
+  const signupEmail =
+    args.flow === "signup"
+      ? `bot-${Date.now()}@${args.emailDomain}`
+      : resolveLoginCreds({
+          service: args.service,
+          recordingsRoot: path.join(repoRoot, "provisioner-scripts", "recordings"),
+          emailFlag: args.loginEmail,
+          passwordFlag: args.loginPassword,
+        }).email;
+
+  const signupPassword =
+    args.flow === "signup"
+      ? process.env["AGENTKEYS_SIGNUP_PASSWORD"] ??
+        (() => {
+          throw new Error("AGENTKEYS_SIGNUP_PASSWORD required for signup flow");
+        })()
+      : resolveLoginCreds({
+          service: args.service,
+          recordingsRoot: path.join(repoRoot, "provisioner-scripts", "recordings"),
+          emailFlag: args.loginEmail,
+          passwordFlag: args.loginPassword,
+        }).password;
+
+  const bucket = process.env["AGENTKEYS_SES_BUCKET"];
+  if (!bucket) throw new Error("AGENTKEYS_SES_BUCKET env var required");
+
+  const session: SessionCtx = {
+    outDir,
+    service: args.service,
+    flow: args.flow,
+    signupEmail,
+    startedAt: new Date().toISOString(),
+  };
+
+  const manifest = initManifest(session);
+  log(`recording → ${outDir}`);
+  log(`service=${args.service} flow=${args.flow} signupEmail=${signupEmail}`);
+
+  const cdpUrl = process.env["CDP_URL"] ?? "http://localhost:9222";
+  log(`connecting to CDP at ${cdpUrl}`);
+  let browser: Browser;
+  try {
+    browser = await withTimeout("chromium.connectOverCDP", 15_000, () =>
+      chromium.connectOverCDP(cdpUrl)
+    );
+  } catch (err) {
+    writeAssistRequest(outDir, {
+      reason: "cdp-connect-timeout",
+      cdpUrl,
+      hint: "Chrome not running on this port, or firewall blocked. Relaunch Chrome with --remote-debugging-port=9222.",
+      error: err instanceof Error ? err.message : String(err),
+    });
+    throw err;
+  }
+  log(`CDP connected; contexts=${browser.contexts().length}`);
+
+  const existingContext = browser.contexts()[0];
+  const ctx: BrowserContext = existingContext ?? (await browser.newContext());
+  log(`using ${existingContext ? "existing" : "new"} context; pages=${ctx.pages().length}`);
+
+  // Defensive: prior crashed run may have left tracing on for this context.
+  // Stop first, ignore errors. Then start fresh.
+  await ctx.tracing.stop().catch(() => {});
+  log("starting tracing (screenshots + snapshots + sources)");
+  try {
+    await withTimeout("tracing.start", 15_000, () =>
+      ctx.tracing.start({
+        screenshots: true,
+        snapshots: true,
+        sources: true,
+        title: `${args.service}-${args.flow}`,
+      })
+    );
+  } catch (err) {
+    writeAssistRequest(outDir, {
+      reason: "tracing-start-timeout",
+      hint: "tracing.start hung. Try: close all Chrome tabs except about:blank, or restart Chrome with --remote-debugging-port=9222.",
+      error: err instanceof Error ? err.message : String(err),
+    });
+    throw err;
+  }
+  log("tracing started");
+
+  // Clean slate: close all existing pages (they may have stale dialogs /
+  // logged-in state from prior failed runs), clear ALL cookies in this
+  // throwaway profile, and open one fresh tab on about:blank.
+  // (Per-domain clearing left Clerk's subdomain session cookies intact and
+  // auto-redirected /auth → dashboard. Full wipe is safe because the Chrome
+  // profile at /tmp/agentkeys-chrome-profile is recording-only.)
+  log(`cleaning slate (${ctx.pages().length} stale pages, wiping all cookies)`);
+  try {
+    await ctx.clearCookies();
+    await ctx.clearPermissions().catch(() => {});
+  } catch (err) {
+    log(`cookie clear failed (non-fatal): ${err instanceof Error ? err.message : err}`);
+  }
+
+  // Close extras, keep one page for the fresh run.
+  const existingPages = ctx.pages();
+  for (let i = 1; i < existingPages.length; i++) {
+    await existingPages[i].close().catch(() => {});
+  }
+
+  let page: Page =
+    ctx.pages()[0] ?? (await withTimeout("ctx.newPage", 10_000, () => ctx.newPage()));
+  // Reset the page to about:blank — if it had a modal/dialog open, this
+  // discards it. Cheaper than closing-and-recreating.
+  await page.goto("about:blank").catch(() => {});
+  log(`page ready (${ctx.pages().length} pages in context, cookies cleared for ${new URL(args.signupUrl).hostname})`);
+
+  const flowCtx: FlowCtx = {
+    session,
+    manifest,
+    page,
+    signupEmail,
+    signupPassword,
+    signupUrl: args.signupUrl,
+    loginUrl: args.loginUrl,
+    keysPath: args.keysPath,
+    bucket,
+  };
+
+  let status: "completed" | "failed" | "aborted" = "failed";
+  try {
+    if (args.flow === "signup") {
+      await runSignupFlow(flowCtx);
+    } else {
+      await runLoginFlow(flowCtx);
+    }
+    status = "completed";
+    log("flow completed successfully");
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    log(`FATAL: ${msg}`);
+    status = "failed";
+  } finally {
+    try {
+      await ctx.tracing.stop({ path: path.join(outDir, "trace.zip") });
+    } catch (err) {
+      log(`tracing.stop failed: ${err instanceof Error ? err.message : err}`);
+    }
+    finalizeManifest(session, manifest, status);
+    log(`finalized manifest (state=${status}) at ${outDir}/manifest.json`);
+    log(`summary → ${outDir}/summary.md`);
+    if (status === "completed") {
+      log(`draft scraper → ${outDir}/draft-scraper.ts`);
+    }
+  }
+
+  if (status !== "completed") process.exit(1);
+}
+
+main().catch((err) => {
+  const msg = err instanceof Error ? err.message : String(err);
+  process.stderr.write(`[recorder] FATAL (outside flow): ${msg}\n`);
+  if (err instanceof Error && err.stack) process.stderr.write(err.stack + "\n");
+  process.exit(1);
+});
diff --git a/provisioner-scripts/tests/lib/email-backends/mock-inbox.test.ts b/provisioner-scripts/tests/lib/email-backends/mock-inbox.test.ts
new file mode 100644
index 0000000..3c81a25
--- /dev/null
+++ b/provisioner-scripts/tests/lib/email-backends/mock-inbox.test.ts
@@ -0,0 +1,191 @@
+import { describe, it, expect, vi, afterEach, beforeEach } from "vitest";
+import { fetchViaMockInbox } from "../../../src/lib/email-backends/mock-inbox.js";
+
+const FIXED_ADDRESS = "bot-test@agentkeys-email.io";
+const FIXED_TOKEN = "test-session-token";
+
+function makeMessage(overrides: {
+  from?: string;
+  subject?: string;
+  body?: string;
+  msg_id?: string;
+  received_at?: number;
+}) {
+  return {
+    msg_id: overrides.msg_id ?? "msg-1",
+    from: overrides.from ?? "noreply@example.com",
+    subject: overrides.subject ?? "Your code",
+    body: overrides.body ?? "Your code is 123456",
+    received_at: overrides.received_at ?? 1000,
+  };
+}
+
+function setupEnv() {
+  process.env["AGENTKEYS_SIGNUP_EMAIL"] = FIXED_ADDRESS;
+  process.env["AGENTKEYS_SESSION_TOKEN"] = FIXED_TOKEN;
+  process.env["AGENTKEYS_BACKEND_URL"] = "http://127.0.0.1:8090";
+}
+
+function clearEnv() {
+  delete process.env["AGENTKEYS_SIGNUP_EMAIL"];
+  delete process.env["AGENTKEYS_SESSION_TOKEN"];
+  delete process.env["AGENTKEYS_BACKEND_URL"];
+}
+
+describe("mock-inbox backend", () => {
+  beforeEach(() => {
+    setupEnv();
+  });
+
+  afterEach(() => {
+    clearEnv();
+    vi.restoreAllMocks();
+  });
+
+  it("returns code on first poll when matching message present", async () => {
+    const fetchMock = vi.fn().mockResolvedValue({
+      ok: true,
+      json: async () => [makeMessage({ body: "Your code is 654321" })],
+    });
+    vi.stubGlobal("fetch", fetchMock);
+
+    const code = await fetchViaMockInbox({
+      from: /noreply@example\.com/,
+      subject: /Your code/i,
+      codeRegex: /(\d{6})/,
+      timeoutMs: 5000,
+    });
+
+    expect(code).toBe("654321");
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+    const calledUrl: string = fetchMock.mock.calls[0][0] as string;
+    expect(calledUrl).toContain("/mock/inbox/messages");
+    expect(calledUrl).toContain(encodeURIComponent(FIXED_ADDRESS));
+  });
+
+  it("uses Authorization: Bearer header with session token", async () => {
+    const fetchMock = vi.fn().mockResolvedValue({
+      ok: true,
+      json: async () => [makeMessage({})],
+    });
+    vi.stubGlobal("fetch", fetchMock);
+
+    await fetchViaMockInbox({
+      from: /noreply@example\.com/,
+      subject: /Your code/i,
+      codeRegex: /(\d{6})/,
+      timeoutMs: 5000,
+    });
+
+    const calledInit = fetchMock.mock.calls[0][1] as RequestInit;
+    expect((calledInit.headers as Record<string, string>)["Authorization"]).toBe(
+      `Bearer ${FIXED_TOKEN}`
+    );
+  });
+
+  it("polls until matching message arrives", async () => {
+    let callCount = 0;
+    const fetchMock = vi.fn().mockImplementation(async () => {
+      callCount++;
+      const messages =
+        callCount < 3
+          ? []
+          : [makeMessage({ body: "Code: 999888" })];
+      return { ok: true, json: async () => messages };
+    });
+    vi.stubGlobal("fetch", fetchMock);
+
+    const code = await fetchViaMockInbox({
+      from: /noreply@example\.com/,
+      subject: /Your code/i,
+      codeRegex: /(\d{6})/,
+      timeoutMs: 5000,
+      pollIntervalMs: 10,
+    });
+
+    expect(code).toBe("999888");
+    expect(fetchMock.mock.calls.length).toBeGreaterThanOrEqual(3);
+  });
+
+  it("times out when no matching message arrives", async () => {
+    const fetchMock = vi.fn().mockResolvedValue({
+      ok: true,
+      json: async () => [],
+    });
+    vi.stubGlobal("fetch", fetchMock);
+
+    await expect(
+      fetchViaMockInbox({
+        from: /noreply@example\.com/,
+        subject: /Your code/i,
+        codeRegex: /(\d{6})/,
+        timeoutMs: 80,
+        pollIntervalMs: 20,
+      })
+    ).rejects.toMatchObject({ code: "EMAIL_TIMEOUT" });
+  });
+
+  it("skips messages that don't match from filter", async () => {
+    const fetchMock = vi.fn().mockResolvedValue({
+      ok: true,
+      json: async () => [makeMessage({ from: "spam@wrong.com", body: "Code: 111111" })],
+    });
+    vi.stubGlobal("fetch", fetchMock);
+
+    await expect(
+      fetchViaMockInbox({
+        from: /noreply@example\.com/,
+        subject: /Your code/i,
+        codeRegex: /(\d{6})/,
+        timeoutMs: 80,
+        pollIntervalMs: 20,
+      })
+    ).rejects.toMatchObject({ code: "EMAIL_TIMEOUT" });
+  });
+
+  it("throws clear error when AGENTKEYS_SESSION_TOKEN is missing", async () => {
+    delete process.env["AGENTKEYS_SESSION_TOKEN"];
+
+    await expect(
+      fetchViaMockInbox({
+        from: /./,
+        subject: /./,
+        codeRegex: /(\d{6})/,
+        timeoutMs: 5000,
+      })
+    ).rejects.toThrow("AGENTKEYS_SESSION_TOKEN");
+  });
+
+  it("throws clear error when AGENTKEYS_SIGNUP_EMAIL is missing", async () => {
+    delete process.env["AGENTKEYS_SIGNUP_EMAIL"];
+
+    await expect(
+      fetchViaMockInbox({
+        from: /./,
+        subject: /./,
+        codeRegex: /(\d{6})/,
+        timeoutMs: 5000,
+      })
+    ).rejects.toThrow("AGENTKEYS_SIGNUP_EMAIL");
+  });
+
+  it("uses default backend URL when AGENTKEYS_BACKEND_URL is not set", async () => {
+    delete process.env["AGENTKEYS_BACKEND_URL"];
+
+    const fetchMock = vi.fn().mockResolvedValue({
+      ok: true,
+      json: async () => [makeMessage({})],
+    });
+    vi.stubGlobal("fetch", fetchMock);
+
+    await fetchViaMockInbox({
+      from: /noreply@example\.com/,
+      subject: /Your code/i,
+      codeRegex: /(\d{6})/,
+      timeoutMs: 5000,
+    });
+
+    const calledUrl: string = fetchMock.mock.calls[0][0] as string;
+    expect(calledUrl).toContain("http://127.0.0.1:8090");
+  });
+});
diff --git a/provisioner-scripts/tests/lib/email-backends/ses-s3.test.ts b/provisioner-scripts/tests/lib/email-backends/ses-s3.test.ts
new file mode 100644
index 0000000..cd391df
--- /dev/null
+++ b/provisioner-scripts/tests/lib/email-backends/ses-s3.test.ts
@@ -0,0 +1,422 @@
+import { describe, it, expect, vi, afterEach, beforeEach } from "vitest";
+import { fetchViaSesS3 } from "../../../src/lib/email-backends/ses-s3.js";
+import { S3Client } from "@aws-sdk/client-s3";
+
+function makeMockS3(emlContents: string[], lastModified?: Array<Date | undefined>): S3Client {
+  const s3 = new S3Client({ region: "us-east-1" });
+
+  const objects = emlContents.map((_, i) => ({
+    Key: `inbound/msg-${i}.eml`,
+    LastModified: lastModified?.[i],
+  }));
+
+  vi.spyOn(s3, "send").mockImplementation(async (command: unknown) => {
+    const cmd = command as { constructor: { name: string } };
+    if (cmd.constructor.name === "ListObjectsV2Command") {
+      return { Contents: objects };
+    }
+    if (cmd.constructor.name === "GetObjectCommand") {
+      const getCmd = command as { input: { Key: string } };
+      const idx = objects.findIndex((o) => o.Key === getCmd.input.Key);
+      if (idx === -1 || !emlContents[idx]) return { Body: null };
+      const content = emlContents[idx];
+      const readable = new ReadableStream({
+        start(controller) {
+          controller.enqueue(new TextEncoder().encode(content));
+          controller.close();
+        },
+      }) as unknown as NodeJS.ReadableStream;
+      return { Body: readable };
+    }
+    return {};
+  });
+
+  return s3;
+}
+
+function buildEml(from: string, subject: string, body: string): string {
+  return [
+    `From: ${from}`,
+    `Subject: ${subject}`,
+    `Content-Type: text/plain`,
+    ``,
+    body,
+  ].join("\r\n");
+}
+
+describe("ses-s3 backend", () => {
+  beforeEach(() => {
+    process.env["AGENTKEYS_SES_BUCKET"] = "test-ses-bucket";
+  });
+
+  afterEach(() => {
+    delete process.env["AGENTKEYS_SES_BUCKET"];
+    vi.restoreAllMocks();
+  });
+
+  it("extracts code from a matching .eml object", async () => {
+    const eml = buildEml(
+      "noreply@example.com",
+      "Your verification code",
+      "Your code is 789012. Do not share."
+    );
+    const s3 = makeMockS3([eml]);
+
+    const code = await fetchViaSesS3(
+      {
+        from: /noreply@example\.com/,
+        subject: /verification code/i,
+        codeRegex: /(\d{6})/,
+        timeoutMs: 5000,
+      },
+      s3
+    );
+
+    expect(code).toBe("789012");
+  });
+
+  it("skips objects with non-matching from header", async () => {
+    const eml = buildEml(
+      "spam@wrong.com",
+      "Your verification code",
+      "Code: 111111"
+    );
+    const s3 = makeMockS3([eml]);
+
+    await expect(
+      fetchViaSesS3(
+        {
+          from: /noreply@example\.com/,
+          subject: /verification code/i,
+          codeRegex: /(\d{6})/,
+          timeoutMs: 80,
+          pollIntervalMs: 20,
+        },
+        s3
+      )
+    ).rejects.toMatchObject({ code: "EMAIL_TIMEOUT" });
+  });
+
+  it("skips objects with non-matching subject header", async () => {
+    const eml = buildEml(
+      "noreply@example.com",
+      "Newsletter",
+      "Code: 222222"
+    );
+    const s3 = makeMockS3([eml]);
+
+    await expect(
+      fetchViaSesS3(
+        {
+          from: /noreply@example\.com/,
+          subject: /verification code/i,
+          codeRegex: /(\d{6})/,
+          timeoutMs: 80,
+          pollIntervalMs: 20,
+        },
+        s3
+      )
+    ).rejects.toMatchObject({ code: "EMAIL_TIMEOUT" });
+  });
+
+  it("times out when bucket is empty", async () => {
+    const s3 = new S3Client({ region: "us-east-1" });
+    vi.spyOn(s3, "send").mockResolvedValue({ Contents: [] } as never);
+
+    await expect(
+      fetchViaSesS3(
+        {
+          from: /noreply@example\.com/,
+          subject: /verification code/i,
+          codeRegex: /(\d{6})/,
+          timeoutMs: 80,
+          pollIntervalMs: 20,
+        },
+        s3
+      )
+    ).rejects.toMatchObject({ code: "EMAIL_TIMEOUT" });
+  });
+
+  it("throws clear error when AGENTKEYS_SES_BUCKET is missing", async () => {
+    delete process.env["AGENTKEYS_SES_BUCKET"];
+    const s3 = new S3Client({ region: "us-east-1" });
+
+    await expect(
+      fetchViaSesS3(
+        {
+          from: /./,
+          subject: /./,
+          codeRegex: /(\d{6})/,
+          timeoutMs: 5000,
+        },
+        s3
+      )
+    ).rejects.toThrow("AGENTKEYS_SES_BUCKET");
+  });
+
+  it("handles multiple objects and returns first code match", async () => {
+    const emls = [
+      buildEml("spam@wrong.com", "Promo", "nothing here"),
+      buildEml("noreply@example.com", "Your verification code", "Code: 345678"),
+    ];
+    const s3 = makeMockS3(emls);
+
+    const code = await fetchViaSesS3(
+      {
+        from: /noreply@example\.com/,
+        subject: /verification code/i,
+        codeRegex: /(\d{6})/,
+        timeoutMs: 5000,
+      },
+      s3
+    );
+
+    expect(code).toBe("345678");
+  });
+
+  // Regression guard: Stage 6 demo (2026-04-21) discovered OpenRouter/Clerk
+  // verification emails arrive From "OpenRouter <notifications@openrouter.ai>",
+  // not from a clerk.* or noreply@ sender. The scraper's magic-link branch must
+  // accept this sender AND correctly extract a quoted-printable-encoded URL.
+  // A prior regex only matched /noreply|clerk|accounts/ and silently timed out
+  // for 90s on every run. This test uses the exact observed From header plus a
+  // realistic Clerk-style QP-encoded HTML body so regex drift can't slip past.
+  describe("regression — OpenRouter magic-link verification (real-world From + QP body)", () => {
+    // Exact regexes as used in openrouter-cdp.ts magic-link branch. If those
+    // diverge, this test catches it.
+    const MAGIC_LINK_FROM = /@openrouter\.ai|clerk/i;
+    const MAGIC_LINK_SUBJECT =
+      /sign[\s-]?up.*link|sign[\s-]?in.*link|magic.*link|verify|verification|confirm/i;
+    const MAGIC_LINK_URL =
+      /(https:\/\/[^\s<>"'\)]*(?:clerk|\/verify|ticket=|verification)[^\s<>"'\)]*)/i;
+
+    const REAL_FROM = "OpenRouter <notifications@openrouter.ai>";
+    // Real subject observed on 2026-04-21; NOT "Verify..." — must match anyway.
+    const REAL_SUBJECT = "Your sign up link";
+    // Quoted-printable HTML body as Clerk/SendGrid actually emits: soft-wrap at
+    // 76 chars (=\n), =3D for "=", =2F for "/", etc.
+    const REAL_QP_BODY = [
+      "Content-Type: text/html; charset=utf-8",
+      "Content-Transfer-Encoding: quoted-printable",
+      "",
+      "<html><body><p>Click to verify:</p>",
+      "<a href=3D\"https=3A=2F=2Fclerk=2Eopenrouter=2Eai=2Fv1=2Fverify=3F__clerk_=",
+      "ticket=3Dabc123def456ghi789jkl&__clerk_redirect=3Dhttps=253A=252F=252Fope=",
+      "nrouter=2Eai=2F\">Verify email</a>",
+      "</body></html>",
+    ].join("\r\n");
+
+    const realVerifyEml = [
+      `From: ${REAL_FROM}`,
+      `Subject: ${REAL_SUBJECT}`,
+      `MIME-Version: 1.0`,
+      REAL_QP_BODY,
+    ].join("\r\n");
+
+    it("accepts notifications@openrouter.ai and extracts the Clerk URL", async () => {
+      const s3 = makeMockS3([realVerifyEml]);
+
+      const url = await fetchViaSesS3(
+        {
+          from: MAGIC_LINK_FROM,
+          subject: MAGIC_LINK_SUBJECT,
+          codeRegex: MAGIC_LINK_URL,
+          timeoutMs: 5000,
+        },
+        s3
+      );
+
+      expect(url).toMatch(/^https:\/\/clerk\.openrouter\.ai\/v1\/verify\?/);
+      expect(url).toContain("__clerk_ticket=abc123def456ghi789jkl");
+      expect(() => new URL(url)).not.toThrow();
+    });
+
+    it("skips non-verify emails from the same sender", async () => {
+      const marketingEml = buildEml(
+        REAL_FROM,
+        "Weekly credit summary from OpenRouter",
+        "You used 1,234 credits this week."
+      );
+      const s3 = makeMockS3([marketingEml]);
+
+      await expect(
+        fetchViaSesS3(
+          {
+            from: MAGIC_LINK_FROM,
+            subject: MAGIC_LINK_SUBJECT,
+            codeRegex: MAGIC_LINK_URL,
+            timeoutMs: 80,
+            pollIntervalMs: 20,
+          },
+          s3
+        )
+      ).rejects.toMatchObject({ code: "EMAIL_TIMEOUT" });
+    });
+
+    // Subjects seen across Stage 6 runs — all must match MAGIC_LINK_SUBJECT.
+    // If OpenRouter/Clerk changes subject copy again, add to this list and
+    // the regex stays honest.
+    const OBSERVED_VERIFY_SUBJECTS = [
+      "Your sign up link",
+      "Your sign-up link",
+      "Your sign in link",
+      "Verify your email for OpenRouter",
+      "Verify your email address",
+      "Confirm your email",
+      "Your magic link",
+    ];
+
+    it.each(OBSERVED_VERIFY_SUBJECTS)("matches observed subject %j", (subject) => {
+      expect(MAGIC_LINK_SUBJECT.test(subject)).toBe(true);
+    });
+
+    // Non-verify subjects from same sender — MUST be rejected.
+    const NON_VERIFY_SUBJECTS = [
+      "Weekly credit summary from OpenRouter",
+      "Your account usage report",
+      "New model available on OpenRouter",
+    ];
+
+    it.each(NON_VERIFY_SUBJECTS)("rejects non-verify subject %j", (subject) => {
+      expect(MAGIC_LINK_SUBJECT.test(subject)).toBe(false);
+    });
+
+    // Stage 6 demo (2026-04-21): bucket accumulated verification emails across
+    // runs. Clerk tokens expire in ~10 min; matching an old email makes
+    // page.goto() land on an "expired link" page and the scraper times out on
+    // waitForURL. Backend must prefer fresh emails and reject stale ones.
+    it("rejects verification emails older than freshnessGraceMs (prior-run leftovers)", async () => {
+      const staleEml = [
+        `From: OpenRouter <notifications@openrouter.ai>`,
+        `Subject: Your sign up link`,
+        ``,
+        `Sign up: https://clerk.openrouter.ai/v1/verify?token=STALE_TOKEN_OLD`,
+      ].join("\r\n");
+
+      const now = new Date();
+      const oneHourAgo = new Date(now.getTime() - 60 * 60 * 1000);
+      const s3 = makeMockS3([staleEml], [oneHourAgo]);
+
+      await expect(
+        fetchViaSesS3(
+          {
+            from: MAGIC_LINK_FROM,
+            subject: MAGIC_LINK_SUBJECT,
+            codeRegex: MAGIC_LINK_URL,
+            timeoutMs: 150,
+            pollIntervalMs: 30,
+            freshnessGraceMs: 60_000, // 60s window
+          },
+          s3
+        )
+      ).rejects.toMatchObject({ code: "EMAIL_TIMEOUT" });
+    });
+
+    it("picks the fresh verification email when bucket has both stale + fresh", async () => {
+      const staleEml = [
+        `From: OpenRouter <notifications@openrouter.ai>`,
+        `Subject: Your sign up link`,
+        ``,
+        `Link: https://clerk.openrouter.ai/v1/verify?token=STALE_OLD_TOKEN`,
+      ].join("\r\n");
+
+      const freshEml = [
+        `From: OpenRouter <notifications@openrouter.ai>`,
+        `Subject: Your sign up link`,
+        ``,
+        `Link: https://clerk.openrouter.ai/v1/verify?token=FRESH_NEW_TOKEN`,
+      ].join("\r\n");
+
+      const now = new Date();
+      const oneHourAgo = new Date(now.getTime() - 60 * 60 * 1000);
+      const s3 = makeMockS3([staleEml, freshEml], [oneHourAgo, now]);
+
+      const url = await fetchViaSesS3(
+        {
+          from: MAGIC_LINK_FROM,
+          subject: MAGIC_LINK_SUBJECT,
+          codeRegex: MAGIC_LINK_URL,
+          timeoutMs: 2000,
+          freshnessGraceMs: 60_000,
+        },
+        s3
+      );
+
+      expect(url).toContain("token=FRESH_NEW_TOKEN");
+      expect(url).not.toContain("STALE_OLD_TOKEN");
+    });
+
+    // Real body captured from a live OpenRouter verification email (2026-04-21):
+    // the plain-text multipart part HTML-encodes `&` as `&amp;` inside the URL.
+    // This test verifies the backend extracts the full raw URL including `&amp;`;
+    // the scraper is responsible for decoding entities before page.goto().
+    it("extracts URLs that contain &amp; (HTML-entity-encoded) from plain-text body", async () => {
+      const realWorldBody = [
+        "Content-Type: text/plain; charset=us-ascii",
+        "",
+        "Use the following link to sign up to OpenRouter: https://clerk.openrouter.ai/v1/verify?_clerk_js_version=5.125.9&amp;token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3NzY3NjIyMjR9.abc123",
+        "",
+        "This link will expire in 10 minutes.",
+      ].join("\r\n");
+
+      const eml = [
+        `From: OpenRouter <notifications@openrouter.ai>`,
+        `Subject: Your sign up link`,
+        `MIME-Version: 1.0`,
+        realWorldBody,
+      ].join("\r\n");
+
+      const s3 = makeMockS3([eml]);
+
+      const url = await fetchViaSesS3(
+        {
+          from: MAGIC_LINK_FROM,
+          subject: MAGIC_LINK_SUBJECT,
+          codeRegex: MAGIC_LINK_URL,
+          timeoutMs: 5000,
+        },
+        s3
+      );
+
+      expect(url).toContain("https://clerk.openrouter.ai/v1/verify");
+      expect(url).toContain("_clerk_js_version=5.125.9");
+      // Must capture past the &amp; boundary — this is the bug-regression guard.
+      expect(url).toContain("token=eyJ");
+      expect(url).toContain("abc123");
+    });
+
+    it("ignores mixed bucket noise and returns only the real verify URL", async () => {
+      const emls = [
+        buildEml(
+          "Amazon Web Services <no-reply-aws@amazon.com>",
+          "Amazon SES Setup",
+          "ses notification"
+        ),
+        buildEml(
+          "Admin Wildmeta <agent@wildmeta.ai>",
+          "Internal note",
+          "unrelated"
+        ),
+        buildEml(
+          REAL_FROM,
+          "Weekly credit summary",
+          "Not a verify email."
+        ),
+        realVerifyEml,
+      ];
+      const s3 = makeMockS3(emls);
+
+      const url = await fetchViaSesS3(
+        {
+          from: MAGIC_LINK_FROM,
+          subject: MAGIC_LINK_SUBJECT,
+          codeRegex: MAGIC_LINK_URL,
+          timeoutMs: 5000,
+        },
+        s3
+      );
+
+      expect(url).toContain("clerk.openrouter.ai/v1/verify");
+    });
+  });
+});
diff --git a/scripts/reset-chrome-for-recording.sh b/scripts/reset-chrome-for-recording.sh
new file mode 100755
index 0000000..33e6255
--- /dev/null
+++ b/scripts/reset-chrome-for-recording.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+# Reset Chrome for a clean workflow-recorder run: kill any Chrome on port
+# 9222, wipe the throwaway profile, relaunch Chrome fresh, wait for CDP.
+#
+# Usage: ./scripts/reset-chrome-for-recording.sh
+#
+# Idempotent — safe to re-run.
+
+set -eu
+
+PORT=9222
+PROFILE_DIR=/tmp/agentkeys-chrome-profile
+CHROME=/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome
+
+# Kill whatever's listening on $PORT (only the recorder Chrome; user's
+# normal Chrome binds to a different port, so safe).
+if lsof -ti :"$PORT" >/dev/null 2>&1; then
+  echo "[reset] killing PIDs on port $PORT: $(lsof -ti :$PORT | tr '\n' ' ')"
+  lsof -ti :"$PORT" | xargs kill -9 2>/dev/null || true
+  # Wait for port to actually free
+  for _ in $(seq 1 20); do
+    lsof -ti :"$PORT" >/dev/null 2>&1 || break
+    sleep 0.2
+  done
+fi
+
+# Wipe profile
+if [ -d "$PROFILE_DIR" ]; then
+  echo "[reset] wiping profile dir $PROFILE_DIR"
+  rm -rf "$PROFILE_DIR"
+fi
+mkdir -p "$PROFILE_DIR"
+
+# Relaunch Chrome in background
+echo "[reset] launching fresh Chrome with port=$PORT profile=$PROFILE_DIR"
+"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
+  --remote-debugging-port="$PORT" \
+  --user-data-dir="$PROFILE_DIR" \
+  --no-first-run \
+  --no-default-browser-check \
+  --disable-background-networking \
+  >/tmp/chrome-recorder.log 2>&1 &
+CHROME_PID=$!
+echo "[reset] chrome PID=$CHROME_PID"
+
+# Wait for CDP endpoint
+echo "[reset] waiting for CDP on port $PORT..."
+for i in $(seq 1 60); do
+  if curl -sS "http://localhost:$PORT/json/version" >/dev/null 2>&1; then
+    echo "[reset] CDP ready (waited ${i}x 0.5s)"
+    exit 0
+  fi
+  sleep 0.5
+done
+
+echo "[reset] ERROR: CDP never became available on port $PORT after 30s" >&2
+exit 1
diff --git a/scripts/stage6-demo-env.sh b/scripts/stage6-demo-env.sh
new file mode 100644
index 0000000..0f9b10a
--- /dev/null
+++ b/scripts/stage6-demo-env.sh
@@ -0,0 +1,45 @@
+# Stage 6 demo — source this (don't execute) to set env + mint 1h STS creds.
+#
+#   source scripts/stage6-demo-env.sh
+#
+# Prereqs: DAEMON_ACCESS_KEY_ID + DAEMON_SECRET_ACCESS_KEY already in your
+# shell (long-lived daemon user keys, stashed in 1Password). Everything else
+# is populated here.
+
+: "${DAEMON_ACCESS_KEY_ID:?DAEMON_ACCESS_KEY_ID is empty. Load daemon creds into this shell before sourcing.}"
+: "${DAEMON_SECRET_ACCESS_KEY:?DAEMON_SECRET_ACCESS_KEY is empty. Load daemon creds into this shell before sourcing.}"
+
+export REGION=us-east-1
+export AWS_REGION="$REGION"
+export DOMAIN=bots.litentry.org
+export ACCOUNT_ID=429071895007
+export BUCKET="agentkeys-mail-${ACCOUNT_ID}"
+export AGENTKEYS_EMAIL_BACKEND=ses-s3
+export AGENTKEYS_SES_BUCKET="$BUCKET"
+export AGENTKEYS_SIGNUP_EMAIL="bot-$(date +%s)@${DOMAIN}"
+export AGENTKEYS_SIGNUP_PASSWORD="Stg6-$(date +%s)-xZq9okFg"
+export CDP_URL="http://localhost:9222"
+
+unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
+
+CREDS=$(AWS_ACCESS_KEY_ID="$DAEMON_ACCESS_KEY_ID" \
+        AWS_SECRET_ACCESS_KEY="$DAEMON_SECRET_ACCESS_KEY" \
+  aws sts assume-role \
+    --role-arn "arn:aws:iam::${ACCOUNT_ID}:role/agentkeys-agent" \
+    --role-session-name "stage6-demo-$(date +%s)" 2>&1)
+
+if ! echo "$CREDS" | jq -e .Credentials >/dev/null 2>&1; then
+  echo "AssumeRole failed:"
+  echo "$CREDS"
+  return 1 2>/dev/null || exit 1
+fi
+
+export AWS_ACCESS_KEY_ID=$(echo "$CREDS" | jq -r '.Credentials.AccessKeyId')
+export AWS_SECRET_ACCESS_KEY=$(echo "$CREDS" | jq -r '.Credentials.SecretAccessKey')
+export AWS_SESSION_TOKEN=$(echo "$CREDS" | jq -r '.Credentials.SessionToken')
+
+echo "--- stage 6 demo env loaded ---"
+echo "signup email:  $AGENTKEYS_SIGNUP_EMAIL"
+echo "bucket:        s3://$BUCKET/"
+aws sts get-caller-identity --output text --query 'Arn'
+aws s3 ls "s3://$BUCKET/inbound/" >/dev/null && echo "s3 access:     OK" || echo "s3 access:     FAILED"
diff --git a/scripts/stage6-demo-run.sh b/scripts/stage6-demo-run.sh
new file mode 100755
index 0000000..127d73d
--- /dev/null
+++ b/scripts/stage6-demo-run.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+# Stage 6 demo — one run of the CDP scraper. Assumes env is loaded (source
+# scripts/stage6-demo-env.sh first). Refreshes signup email each call so you
+# can loop this against a single env session until STS creds expire.
+#
+#   ./scripts/stage6-demo-run.sh
+#
+# Prints the extracted sk-or-v1-* key on success, tails /tmp/cdp.log on failure.
+
+set -euo pipefail
+
+: "${AGENTKEYS_SES_BUCKET:?env not loaded — run 'source scripts/stage6-demo-env.sh' first}"
+: "${AWS_ACCESS_KEY_ID:?env not loaded — run 'source scripts/stage6-demo-env.sh' first}"
+: "${DOMAIN:?env not loaded — run 'source scripts/stage6-demo-env.sh' first}"
+
+export AGENTKEYS_SIGNUP_EMAIL="bot-$(date +%s)@${DOMAIN}"
+export AGENTKEYS_SIGNUP_PASSWORD="Stg6-$(date +%s)-xZq9okFg"
+
+REPO_ROOT=$(cd "$(dirname "$0")/.." && pwd)
+cd "$REPO_ROOT/provisioner-scripts"
+
+echo "signup email: $AGENTKEYS_SIGNUP_EMAIL"
+echo "running scraper (log: /tmp/cdp.log)..."
+
+set +e
+KEY=$(npx tsx src/scrapers/openrouter-cdp.ts 2>/tmp/cdp.log | tail -1)
+STATUS=$?
+set -e
+
+if [[ $STATUS -ne 0 || -z "$KEY" || ! "$KEY" =~ ^sk-or-v1- ]]; then
+  echo "--- FAILED (exit $STATUS) ---"
+  tail -25 /tmp/cdp.log
+  exit 1
+fi
+
+echo "--- SUCCESS ---"
+echo "extracted key: ${KEY:0:12}****...${KEY: -4}"
+echo "$KEY"
diff --git a/scripts/stage6-inspect-email.sh b/scripts/stage6-inspect-email.sh
new file mode 100755
index 0000000..d9c3224
--- /dev/null
+++ b/scripts/stage6-inspect-email.sh
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+# Dump the most recent inbound email from s3://$BUCKET/inbound/ so you can
+# see the actual From / Subject / Body without guessing. Applies the SAME
+# quoted-printable normalization that ses-s3.ts does, so the URLs you see
+# here are exactly what the scraper sees.
+#
+#   source scripts/stage6-demo-env.sh
+#   ./scripts/stage6-inspect-email.sh                 # latest email
+#   ./scripts/stage6-inspect-email.sh <key>           # specific key
+#   ./scripts/stage6-inspect-email.sh --all           # list keys + headers
+
+set -euo pipefail
+
+: "${AGENTKEYS_SES_BUCKET:?env not loaded — run 'source scripts/stage6-demo-env.sh' first}"
+: "${AWS_ACCESS_KEY_ID:?env not loaded — run 'source scripts/stage6-demo-env.sh' first}"
+
+BUCKET="$AGENTKEYS_SES_BUCKET"
+
+# Mirror ses-s3.ts normalizeQuotedPrintable(): strip QP soft-wraps then
+# decode the common reserved chars that split URLs.
+normalize_qp() {
+  # 1. Strip CRs (SES mails use CRLF; makes later regexes sane)
+  # 2. Strip QP soft-wrap sequence "=\n"
+  # 3. Decode =3D =2E =2F =3A =3F =26 to = . / : ? &
+  tr -d '\r' | perl -0777 -pe 's/=\n//g; s/=3D/=/gi; s/=2E/./gi; s/=2F/\//gi; s/=3A/:/gi; s/=3F/?/gi; s/=26/&/gi'
+}
+
+if [[ "${1:-}" == "--all" ]]; then
+  echo "=== All inbound/* keys with From+Subject headers ==="
+  aws s3api list-objects-v2 --bucket "$BUCKET" --prefix inbound/ \
+    --query "sort_by(Contents,&LastModified)[*].[Key,LastModified]" \
+    --output text | while read -r key ts; do
+    [[ "$key" == "inbound/AMAZON_SES_SETUP_NOTIFICATION" ]] && continue
+    headers=$(aws s3 cp "s3://$BUCKET/$key" - 2>/dev/null | tr -d '\r' | head -40 | grep -iE '^(From|Subject):' | head -2)
+    echo "--- $key ($ts) ---"
+    echo "$headers"
+  done
+  exit 0
+fi
+
+KEY="${1:-}"
+if [[ -z "$KEY" ]]; then
+  KEY=$(aws s3api list-objects-v2 --bucket "$BUCKET" --prefix inbound/ \
+    --query "sort_by(Contents[?Key!=\`inbound/AMAZON_SES_SETUP_NOTIFICATION\`], &LastModified)[-1].Key" \
+    --output text)
+  [[ "$KEY" == "None" || -z "$KEY" ]] && { echo "No inbound emails found."; exit 1; }
+  echo "Latest: $KEY"
+fi
+
+RAW="/tmp/stage6-email-${KEY##*/}.eml"
+NORM="/tmp/stage6-email-${KEY##*/}.normalized.txt"
+aws s3 cp "s3://$BUCKET/$KEY" "$RAW" >/dev/null
+cat "$RAW" | normalize_qp > "$NORM"
+echo "Saved raw: $RAW"
+echo "Saved normalized (what scraper sees): $NORM"
+echo ""
+
+echo "=== Headers (normalized) ==="
+head -40 "$NORM" | grep -iE '^(From|To|Subject|Content-Type|Content-Transfer-Encoding):' || true
+echo ""
+
+echo "=== Body after first blank line, first 120 lines (normalized) ==="
+awk 'BEGIN{b=0} b{print} /^$/{b=1}' "$NORM" | head -120
+echo ""
+
+echo "=== All hrefs (normalized) ==="
+grep -oE 'href="[^"]+"' "$NORM" | head -10 || echo "(none)"
+echo ""
+
+echo "=== All https:// URLs (normalized, deduped) ==="
+grep -oE 'https://[^ \t\n<>"'"'"']*' "$NORM" | sort -u | head -20 || echo "(none)"
+echo ""
+
+echo "=== URLs that would match scraper's codeRegex ==="
+grep -oE 'https://[^ \t\n<>"'"'"']*(clerk|/verify|ticket=|verification)[^ \t\n<>"'"'"']*' "$NORM" | sort -u | head -10 || echo "(NONE — regex would miss this email!)"
diff --git a/services/oidc-stub/.gitignore b/services/oidc-stub/.gitignore
new file mode 100644
index 0000000..0df331d
--- /dev/null
+++ b/services/oidc-stub/.gitignore
@@ -0,0 +1,5 @@
+node_modules/
+dist/
+keys/
+*.keypair.json
+keypair.json
diff --git a/services/oidc-stub/README.md b/services/oidc-stub/README.md
new file mode 100644
index 0000000..c763933
--- /dev/null
+++ b/services/oidc-stub/README.md
@@ -0,0 +1,92 @@
+# agentkeys-oidc-stub
+
+> **THIS IS A TEE-INTERIM STUB.**
+> Production Stage 6 replaces the signer with a TEE-derived `oidc/issuer/v1` key
+> per `wiki/oidc-federation.md` §Architecture (heima-gaps §3).
+> **Do NOT deploy this to production without an audit.**
+
+Minimal OIDC discovery + JWKS service for `oidc.agentkeys.dev`. Used in Stage 5b
+scraper testing and Stage 6 AWS IAM federation setup — before the real TEE signer
+is wired in.
+
+## Endpoints
+
+| Method | Path | Description |
+|--------|------|-------------|
+| `GET` | `/.well-known/openid-configuration` | OIDC discovery document (AWS IAM compatible) |
+| `GET` | `/.well-known/jwks.json` | JWK Set with the ES256 public key |
+| `POST` | `/internal/sign` | Dev-only: sign arbitrary claims, returns JWT |
+
+## Running locally
+
+```bash
+cd services/oidc-stub
+npm install
+npm start
+```
+
+Server listens on `http://localhost:34568` by default. Override with env vars:
+
+```bash
+OIDC_STUB_PORT=8080 OIDC_STUB_ISSUER=https://oidc.agentkeys.dev npm start
+```
+
+Test the endpoints:
+
+```bash
+curl http://localhost:34568/.well-known/openid-configuration | jq .
+curl http://localhost:34568/.well-known/jwks.json | jq .
+curl -X POST http://localhost:34568/internal/sign \
+  -H 'content-type: application/json' \
+  -d '{"sub":"enclave:test:agent:0xabc","aud":"sts.amazonaws.com"}' | jq .
+```
+
+## Key persistence
+
+On first startup a fresh P-256 keypair is generated and cached at
+`~/.agentkeys/oidc-stub/keypair.json` (mode 0600). Subsequent restarts reuse this
+keypair so the JWKS stays stable for AWS/GCP OIDC provider registrations.
+
+The `keys/` directory in this repo and all `*.keypair.json` / `keypair.json` files
+are `.gitignore`-d — never commit a private key.
+
+## TLS / HTTPS
+
+For local dev, plain HTTP on localhost is fine. In staging/production, run this
+service behind a reverse proxy (nginx, Caddy, AWS ALB) that terminates TLS with a
+public-CA certificate. AWS IAM requires the issuer URL to start with `https://`;
+see `wiki/oidc-federation.md` §"Key requirements".
+
+## Environment variables
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `OIDC_STUB_PORT` | `34568` | Port to listen on |
+| `OIDC_STUB_ISSUER` | `https://oidc.agentkeys.dev` | Issuer URL emitted in discovery doc + JWTs |
+| `AGENTKEYS_OIDC_KMS_KEY_ID` | unset | If set, stub errors immediately — KMS path not implemented (reserved for Stage 6 production path) |
+
+## Running tests
+
+```bash
+npm test
+```
+
+## Security caveats
+
+1. **Private key on disk.** The dev keypair lives unencrypted in
+   `~/.agentkeys/oidc-stub/keypair.json`. Protect your home directory.
+2. **`/internal/sign` is unauthenticated.** Any process that can reach the port
+   can mint arbitrary JWTs. Firewall this endpoint; do not expose it on 0.0.0.0 in
+   any shared environment.
+3. **Not a TEE.** This stub generates the key in userspace. The production
+   architecture (Stage 6) derives the key inside the TEE enclave so it never
+   leaves hardware. This stub is solely for dev/test workflows.
+4. **KMS stub.** If `AGENTKEYS_OIDC_KMS_KEY_ID` is set the server refuses to
+   start. The KMS path is documented with a TODO in `src/keys.ts` but not
+   implemented — it is superseded by the TEE path before it would ever be needed.
+
+## Stage 6 follow-up
+
+Replace `src/keys.ts` `loadKeypair()` with a call to the TEE `oidc/issuer/v1`
+signing oracle. The three HTTP endpoints stay identical; only the signing
+backend changes. See `wiki/oidc-federation.md` for the full architecture.
diff --git a/services/oidc-stub/package-lock.json b/services/oidc-stub/package-lock.json
new file mode 100644
index 0000000..2f4cec5
--- /dev/null
+++ b/services/oidc-stub/package-lock.json
@@ -0,0 +1,2921 @@
+{
+  "name": "agentkeys-oidc-stub",
+  "version": "0.1.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "agentkeys-oidc-stub",
+      "version": "0.1.0",
+      "dependencies": {
+        "express": "^4.21.0",
+        "jose": "^5.9.0"
+      },
+      "devDependencies": {
+        "@types/express": "^5.0.0",
+        "@types/node": "^20.0.0",
+        "tsx": "^4.19.0",
+        "typescript": "^5.5.0",
+        "vitest": "^2.1.0"
+      }
+    },
+    "node_modules/@esbuild/aix-ppc64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.7.tgz",
+      "integrity": "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "aix"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.7.tgz",
+      "integrity": "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.7.tgz",
+      "integrity": "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.7.tgz",
+      "integrity": "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.7.tgz",
+      "integrity": "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.7.tgz",
+      "integrity": "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.7.tgz",
+      "integrity": "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.7.tgz",
+      "integrity": "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.7.tgz",
+      "integrity": "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ia32": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.7.tgz",
+      "integrity": "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-loong64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.7.tgz",
+      "integrity": "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-mips64el": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.7.tgz",
+      "integrity": "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw==",
+      "cpu": [
+        "mips64el"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ppc64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.7.tgz",
+      "integrity": "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-riscv64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.7.tgz",
+      "integrity": "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-s390x": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.7.tgz",
+      "integrity": "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.7.tgz",
+      "integrity": "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.7.tgz",
+      "integrity": "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.7.tgz",
+      "integrity": "sha512-+A1NJmfM8WNDv5CLVQYJ5PshuRm/4cI6WMZRg1by1GwPIQPCTs1GLEUHwiiQGT5zDdyLiRM/l1G0Pv54gvtKIg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openharmony-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.7.tgz",
+      "integrity": "sha512-+KrvYb/C8zA9CU/g0sR6w2RBw7IGc5J2BPnc3dYc5VJxHCSF1yNMxTV5LQ7GuKteQXZtspjFbiuW5/dOj7H4Yw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/sunos-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.7.tgz",
+      "integrity": "sha512-ikktIhFBzQNt/QDyOL580ti9+5mL/YZeUPKU2ivGtGjdTYoqz6jObj6nOMfhASpS4GU4Q/Clh1QtxWAvcYKamA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "sunos"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.7.tgz",
+      "integrity": "sha512-7yRhbHvPqSpRUV7Q20VuDwbjW5kIMwTHpptuUzV+AA46kiPze5Z7qgt6CLCK3pWFrHeNfDd1VKgyP4O+ng17CA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-ia32": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.7.tgz",
+      "integrity": "sha512-SmwKXe6VHIyZYbBLJrhOoCJRB/Z1tckzmgTLfFYOfpMAx63BJEaL9ExI8x7v0oAO3Zh6D/Oi1gVxEYr5oUCFhw==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.7.tgz",
+      "integrity": "sha512-56hiAJPhwQ1R4i+21FVF7V8kSD5zZTdHcVuRFMW0hn753vVfQN8xlx4uOPT4xoGH0Z/oVATuR82AiqSTDIpaHg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.5.5",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz",
+      "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@rollup/rollup-android-arm-eabi": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.2.tgz",
+      "integrity": "sha512-dnlp69efPPg6Uaw2dVqzWRfAWRnYVb1XJ8CyyhIbZeaq4CA5/mLeZ1IEt9QqQxmbdvagjLIm2ZL8BxXv5lH4Yw==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ]
+    },
+    "node_modules/@rollup/rollup-android-arm64": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.2.tgz",
+      "integrity": "sha512-OqZTwDRDchGRHHm/hwLOL7uVPB9aUvI0am/eQuWMNyFHf5PSEQmyEeYYheA0EPPKUO/l0uigCp+iaTjoLjVoHg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ]
+    },
+    "node_modules/@rollup/rollup-darwin-arm64": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.2.tgz",
+      "integrity": "sha512-UwRE7CGpvSVEQS8gUMBe1uADWjNnVgP3Iusyda1nSRwNDCsRjnGc7w6El6WLQsXmZTbLZx9cecegumcitNfpmA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ]
+    },
+    "node_modules/@rollup/rollup-darwin-x64": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.2.tgz",
+      "integrity": "sha512-gjEtURKLCC5VXm1I+2i1u9OhxFsKAQJKTVB8WvDAHF+oZlq0GTVFOlTlO1q3AlCTE/DF32c16ESvfgqR7343/g==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ]
+    },
+    "node_modules/@rollup/rollup-freebsd-arm64": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.2.tgz",
+      "integrity": "sha512-Bcl6CYDeAgE70cqZaMojOi/eK63h5Me97ZqAQoh77VPjMysA/4ORQBRGo3rRy45x4MzVlU9uZxs8Uwy7ZaKnBw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-freebsd-x64": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.2.tgz",
+      "integrity": "sha512-LU+TPda3mAE2QB0/Hp5VyeKJivpC6+tlOXd1VMoXV/YFMvk/MNk5iXeBfB4MQGRWyOYVJ01625vjkr0Az98OJQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.2.tgz",
+      "integrity": "sha512-2QxQrM+KQ7DAW4o22j+XZ6RKdxjLD7BOWTP0Bv0tmjdyhXSsr2Ul1oJDQqh9Zf5qOwTuTc7Ek83mOFaKnodPjg==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm-musleabihf": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.2.tgz",
+      "integrity": "sha512-TbziEu2DVsTEOPif2mKWkMeDMLoYjx95oESa9fkQQK7r/Orta0gnkcDpzwufEcAO2BLBsD7mZkXGFqEdMRRwfw==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm64-gnu": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.2.tgz",
+      "integrity": "sha512-bO/rVDiDUuM2YfuCUwZ1t1cP+/yqjqz+Xf2VtkdppefuOFS2OSeAfgafaHNkFn0t02hEyXngZkxtGqXcXwO8Rg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm64-musl": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.2.tgz",
+      "integrity": "sha512-hr26p7e93Rl0Za+JwW7EAnwAvKkehh12BU1Llm9Ykiibg4uIr2rbpxG9WCf56GuvidlTG9KiiQT/TXT1yAWxTA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-gnu": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.2.tgz",
+      "integrity": "sha512-pOjB/uSIyDt+ow3k/RcLvUAOGpysT2phDn7TTUB3n75SlIgZzM6NKAqlErPhoFU+npgY3/n+2HYIQVbF70P9/A==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-musl": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.2.tgz",
+      "integrity": "sha512-2/w+q8jszv9Ww1c+6uJT3OwqhdmGP2/4T17cu8WuwyUuuaCDDJ2ojdyYwZzCxx0GcsZBhzi3HmH+J5pZNXnd+Q==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-gnu": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.2.tgz",
+      "integrity": "sha512-11+aL5vKheYgczxtPVVRhdptAM2H7fcDR5Gw4/bTcteuZBlH4oP9f5s9zYO9aGZvoGeBpqXI/9TZZihZ609wKw==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-musl": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.2.tgz",
+      "integrity": "sha512-i16fokAGK46IVZuV8LIIwMdtqhin9hfYkCh8pf8iC3QU3LpwL+1FSFGej+O7l3E/AoknL6Dclh2oTdnRMpTzFQ==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-gnu": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.2.tgz",
+      "integrity": "sha512-49FkKS6RGQoriDSK/6E2GkAsAuU5kETFCh7pG4yD/ylj9rKhTmO3elsnmBvRD4PgJPds5W2PkhC82aVwmUcJ7A==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-musl": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.2.tgz",
+      "integrity": "sha512-mjYNkHPfGpUR00DuM1ZZIgs64Hpf4bWcz9Z41+4Q+pgDx73UwWdAYyf6EG/lRFldmdHHzgrYyge5akFUW0D3mQ==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-s390x-gnu": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.2.tgz",
+      "integrity": "sha512-ALyvJz965BQk8E9Al/JDKKDLH2kfKFLTGMlgkAbbYtZuJt9LU8DW3ZoDMCtQpXAltZxwBHevXz5u+gf0yA0YoA==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-gnu": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.2.tgz",
+      "integrity": "sha512-UQjrkIdWrKI626Du8lCQ6MJp/6V1LAo2bOK9OTu4mSn8GGXIkPXk/Vsp4bLHCd9Z9Iz2OTEaokUE90VweJgIYQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-musl": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.2.tgz",
+      "integrity": "sha512-bTsRGj6VlSdn/XD4CGyzMnzaBs9bsRxy79eTqTCBsA8TMIEky7qg48aPkvJvFe1HyzQ5oMZdg7AnVlWQSKLTnw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-openbsd-x64": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.2.tgz",
+      "integrity": "sha512-6d4Z3534xitaA1FcMWP7mQPq5zGwBmGbhphh2DwaA1aNIXUu3KTOfwrWpbwI4/Gr0uANo7NTtaykFyO2hPuFLg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-openharmony-arm64": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.2.tgz",
+      "integrity": "sha512-NetAg5iO2uN7eB8zE5qrZ3CSil+7IJt4WDFLcC75Ymywq1VZVD6qJ6EvNLjZ3rEm6gB7XW5JdT60c6MN35Z85Q==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-arm64-msvc": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.2.tgz",
+      "integrity": "sha512-NCYhOotpgWZ5kdxCZsv6Iudx0wX8980Q/oW4pNFNihpBKsDbEA1zpkfxJGC0yugsUuyDZ7gL37dbzwhR0VI7pQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-ia32-msvc": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.2.tgz",
+      "integrity": "sha512-RXsaOqXxfoUBQoOgvmmijVxJnW2IGB0eoMO7F8FAjaj0UTywUO/luSqimWBJn04WNgUkeNhh7fs7pESXajWmkg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-gnu": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.2.tgz",
+      "integrity": "sha512-qdAzEULD+/hzObedtmV6iBpdL5TIbKVztGiK7O3/KYSf+HIzU257+MX1EXJcyIiDbMAqmbwaufcYPvyRryeZtA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-msvc": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.2.tgz",
+      "integrity": "sha512-Nd/SgG27WoA9e+/TdK74KnHz852TLa94ovOYySo/yMPuTmpckK/jIF2jSwS3g7ELSKXK13/cVdmg1Z/DaCWKxA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@types/body-parser": {
+      "version": "1.19.6",
+      "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.6.tgz",
+      "integrity": "sha512-HLFeCYgz89uk22N5Qg3dvGvsv46B8GLvKKo1zKG4NybA8U2DiEO3w9lqGg29t/tfLRJpJ6iQxnVw4OnB7MoM9g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/connect": "*",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/connect": {
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz",
+      "integrity": "sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/estree": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
+      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/express": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/@types/express/-/express-5.0.6.tgz",
+      "integrity": "sha512-sKYVuV7Sv9fbPIt/442koC7+IIwK5olP1KWeD88e/idgoJqDm3JV/YUiPwkoKK92ylff2MGxSz1CSjsXelx0YA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/body-parser": "*",
+        "@types/express-serve-static-core": "^5.0.0",
+        "@types/serve-static": "^2"
+      }
+    },
+    "node_modules/@types/express-serve-static-core": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-5.1.1.tgz",
+      "integrity": "sha512-v4zIMr/cX7/d2BpAEX3KNKL/JrT1s43s96lLvvdTmza1oEvDudCqK9aF/djc/SWgy8Yh0h30TZx5VpzqFCxk5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*",
+        "@types/qs": "*",
+        "@types/range-parser": "*",
+        "@types/send": "*"
+      }
+    },
+    "node_modules/@types/http-errors": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.5.tgz",
+      "integrity": "sha512-r8Tayk8HJnX0FztbZN7oVqGccWgw98T/0neJphO91KkmOzug1KkofZURD4UaD5uH8AqcFLfdPErnBod0u71/qg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/node": {
+      "version": "20.19.39",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.39.tgz",
+      "integrity": "sha512-orrrD74MBUyK8jOAD/r0+lfa1I2MO6I+vAkmAWzMYbCcgrN4lCrmK52gRFQq/JRxfYPfonkr4b0jcY7Olqdqbw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~6.21.0"
+      }
+    },
+    "node_modules/@types/qs": {
+      "version": "6.15.0",
+      "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.15.0.tgz",
+      "integrity": "sha512-JawvT8iBVWpzTrz3EGw9BTQFg3BQNmwERdKE22vlTxawwtbyUSlMppvZYKLZzB5zgACXdXxbD3m1bXaMqP/9ow==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/range-parser": {
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz",
+      "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/send": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@types/send/-/send-1.2.1.tgz",
+      "integrity": "sha512-arsCikDvlU99zl1g69TcAB3mzZPpxgw0UQnaHeC1Nwb015xp8bknZv5rIfri9xTOcMuaVgvabfIRA7PSZVuZIQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/serve-static": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-2.2.0.tgz",
+      "integrity": "sha512-8mam4H1NHLtu7nmtalF7eyBH14QyOASmcxHhSfEoRyr0nP/YdoesEtU+uSRvMe96TW/HPTtkoKqQLl53N7UXMQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/http-errors": "*",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@vitest/expect": {
+      "version": "2.1.9",
+      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-2.1.9.tgz",
+      "integrity": "sha512-UJCIkTBenHeKT1TTlKMJWy1laZewsRIzYighyYiJKZreqtdxSos/S1t+ktRMQWu2CKqaarrkeszJx1cgC5tGZw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/spy": "2.1.9",
+        "@vitest/utils": "2.1.9",
+        "chai": "^5.1.2",
+        "tinyrainbow": "^1.2.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/mocker": {
+      "version": "2.1.9",
+      "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-2.1.9.tgz",
+      "integrity": "sha512-tVL6uJgoUdi6icpxmdrn5YNo3g3Dxv+IHJBr0GXHaEdTcw3F+cPKnsXFhli6nO+f/6SDKPHEK1UN+k+TQv0Ehg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/spy": "2.1.9",
+        "estree-walker": "^3.0.3",
+        "magic-string": "^0.30.12"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      },
+      "peerDependencies": {
+        "msw": "^2.4.9",
+        "vite": "^5.0.0"
+      },
+      "peerDependenciesMeta": {
+        "msw": {
+          "optional": true
+        },
+        "vite": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@vitest/pretty-format": {
+      "version": "2.1.9",
+      "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-2.1.9.tgz",
+      "integrity": "sha512-KhRIdGV2U9HOUzxfiHmY8IFHTdqtOhIzCpd8WRdJiE7D/HUcZVD0EgQCVjm+Q9gkUXWgBvMmTtZgIG48wq7sOQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tinyrainbow": "^1.2.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/runner": {
+      "version": "2.1.9",
+      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-2.1.9.tgz",
+      "integrity": "sha512-ZXSSqTFIrzduD63btIfEyOmNcBmQvgOVsPNPe0jYtESiXkhd8u2erDLnMxmGrDCwHCCHE7hxwRDCT3pt0esT4g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/utils": "2.1.9",
+        "pathe": "^1.1.2"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/snapshot": {
+      "version": "2.1.9",
+      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-2.1.9.tgz",
+      "integrity": "sha512-oBO82rEjsxLNJincVhLhaxxZdEtV0EFHMK5Kmx5sJ6H9L183dHECjiefOAdnqpIgT5eZwT04PoggUnW88vOBNQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/pretty-format": "2.1.9",
+        "magic-string": "^0.30.12",
+        "pathe": "^1.1.2"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/spy": {
+      "version": "2.1.9",
+      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-2.1.9.tgz",
+      "integrity": "sha512-E1B35FwzXXTs9FHNK6bDszs7mtydNi5MIfUWpceJ8Xbfb1gBMscAnwLbEu+B44ed6W3XjL9/ehLPHR1fkf1KLQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tinyspy": "^3.0.2"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/utils": {
+      "version": "2.1.9",
+      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-2.1.9.tgz",
+      "integrity": "sha512-v0psaMSkNJ3A2NMrUEHFRzJtDPFn+/VWZ5WxImB21T9fjucJRmS7xCS3ppEnARb9y11OAzaD+P2Ps+b+BGX5iQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/pretty-format": "2.1.9",
+        "loupe": "^3.1.2",
+        "tinyrainbow": "^1.2.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/array-flatten": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==",
+      "license": "MIT"
+    },
+    "node_modules/assertion-error": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-2.0.1.tgz",
+      "integrity": "sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/body-parser": {
+      "version": "1.20.4",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz",
+      "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==",
+      "license": "MIT",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "content-type": "~1.0.5",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "~1.2.0",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "on-finished": "~2.4.1",
+        "qs": "~6.14.0",
+        "raw-body": "~2.5.3",
+        "type-is": "~1.6.18",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/cac": {
+      "version": "6.7.14",
+      "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz",
+      "integrity": "sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/call-bind-apply-helpers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/call-bound": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "get-intrinsic": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/chai": {
+      "version": "5.3.3",
+      "resolved": "https://registry.npmjs.org/chai/-/chai-5.3.3.tgz",
+      "integrity": "sha512-4zNhdJD/iOjSH0A05ea+Ke6MU5mmpQcbQsSOkgdaUMJ9zTlDTD/GYlwohmIE2u0gaxHYiVHEn1Fw9mZ/ktJWgw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "assertion-error": "^2.0.1",
+        "check-error": "^2.1.1",
+        "deep-eql": "^5.0.1",
+        "loupe": "^3.1.0",
+        "pathval": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/check-error": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/check-error/-/check-error-2.1.3.tgz",
+      "integrity": "sha512-PAJdDJusoxnwm1VwW07VWwUN1sl7smmC3OKggvndJFadxxDRyFJBX/ggnu/KE4kQAB7a3Dp8f/YXC1FlUprWmA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 16"
+      }
+    },
+    "node_modules/content-disposition": {
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+      "license": "MIT",
+      "dependencies": {
+        "safe-buffer": "5.2.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/content-type": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie-signature": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz",
+      "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==",
+      "license": "MIT"
+    },
+    "node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "license": "MIT",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/deep-eql": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-5.0.2.tgz",
+      "integrity": "sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/depd": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/destroy": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz",
+      "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==",
+      "license": "MIT"
+    },
+    "node_modules/encodeurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/es-define-property": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-module-lexer": {
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.7.0.tgz",
+      "integrity": "sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/es-object-atoms": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/esbuild": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.7.tgz",
+      "integrity": "sha512-IxpibTjyVnmrIQo5aqNpCgoACA/dTKLTlhMHihVHhdkxKyPO1uBBthumT0rdHmcsk9uMonIWS0m4FljWzILh3w==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "@esbuild/aix-ppc64": "0.27.7",
+        "@esbuild/android-arm": "0.27.7",
+        "@esbuild/android-arm64": "0.27.7",
+        "@esbuild/android-x64": "0.27.7",
+        "@esbuild/darwin-arm64": "0.27.7",
+        "@esbuild/darwin-x64": "0.27.7",
+        "@esbuild/freebsd-arm64": "0.27.7",
+        "@esbuild/freebsd-x64": "0.27.7",
+        "@esbuild/linux-arm": "0.27.7",
+        "@esbuild/linux-arm64": "0.27.7",
+        "@esbuild/linux-ia32": "0.27.7",
+        "@esbuild/linux-loong64": "0.27.7",
+        "@esbuild/linux-mips64el": "0.27.7",
+        "@esbuild/linux-ppc64": "0.27.7",
+        "@esbuild/linux-riscv64": "0.27.7",
+        "@esbuild/linux-s390x": "0.27.7",
+        "@esbuild/linux-x64": "0.27.7",
+        "@esbuild/netbsd-arm64": "0.27.7",
+        "@esbuild/netbsd-x64": "0.27.7",
+        "@esbuild/openbsd-arm64": "0.27.7",
+        "@esbuild/openbsd-x64": "0.27.7",
+        "@esbuild/openharmony-arm64": "0.27.7",
+        "@esbuild/sunos-x64": "0.27.7",
+        "@esbuild/win32-arm64": "0.27.7",
+        "@esbuild/win32-ia32": "0.27.7",
+        "@esbuild/win32-x64": "0.27.7"
+      }
+    },
+    "node_modules/escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==",
+      "license": "MIT"
+    },
+    "node_modules/estree-walker": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz",
+      "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "^1.0.0"
+      }
+    },
+    "node_modules/etag": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/expect-type": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz",
+      "integrity": "sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/express": {
+      "version": "4.22.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
+      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
+      "license": "MIT",
+      "dependencies": {
+        "accepts": "~1.3.8",
+        "array-flatten": "1.1.1",
+        "body-parser": "~1.20.3",
+        "content-disposition": "~0.5.4",
+        "content-type": "~1.0.4",
+        "cookie": "~0.7.1",
+        "cookie-signature": "~1.0.6",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "finalhandler": "~1.3.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.0",
+        "merge-descriptors": "1.0.3",
+        "methods": "~1.1.2",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "path-to-regexp": "~0.1.12",
+        "proxy-addr": "~2.0.7",
+        "qs": "~6.14.0",
+        "range-parser": "~1.2.1",
+        "safe-buffer": "5.2.1",
+        "send": "~0.19.0",
+        "serve-static": "~1.16.2",
+        "setprototypeof": "1.2.0",
+        "statuses": "~2.0.1",
+        "type-is": "~1.6.18",
+        "utils-merge": "1.0.1",
+        "vary": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/finalhandler": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz",
+      "integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "2.6.9",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "statuses": "~2.0.2",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/forwarded": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fresh": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-intrinsic": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
+        "function-bind": "^1.1.2",
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "license": "MIT",
+      "dependencies": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/get-tsconfig": {
+      "version": "4.14.0",
+      "resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.14.0.tgz",
+      "integrity": "sha512-yTb+8DXzDREzgvYmh6s9vHsSVCHeC0G3PI5bEXNBHtmshPnO+S5O7qgLEOn0I5QvMy6kpZN8K1NKGyilLb93wA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "resolve-pkg-maps": "^1.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/privatenumber/get-tsconfig?sponsor=1"
+      }
+    },
+    "node_modules/gopd": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-symbols": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/hasown": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz",
+      "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==",
+      "license": "MIT",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/http-errors": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
+      "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
+      "license": "MIT",
+      "dependencies": {
+        "depd": "~2.0.0",
+        "inherits": "~2.0.4",
+        "setprototypeof": "~1.2.0",
+        "statuses": "~2.0.2",
+        "toidentifier": "~1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+      "license": "ISC"
+    },
+    "node_modules/ipaddr.js": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/jose": {
+      "version": "5.10.0",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-5.10.0.tgz",
+      "integrity": "sha512-s+3Al/p9g32Iq+oqXxkW//7jk2Vig6FF1CFqzVXoTUXt2qz89YWbL+OwS17NFYEvxC35n0FKeGO2LGYSxeM2Gg==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
+    "node_modules/loupe": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/loupe/-/loupe-3.2.1.tgz",
+      "integrity": "sha512-CdzqowRJCeLU72bHvWqwRBBlLcMEtIvGrlvef74kMnV2AolS9Y8xUv1I0U/MNAWMhBlKIoyuEgoJ0t/bbwHbLQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/magic-string": {
+      "version": "0.30.21",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz",
+      "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/sourcemap-codec": "^1.5.5"
+      }
+    },
+    "node_modules/math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/merge-descriptors": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+      "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/methods": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "license": "MIT",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==",
+      "license": "MIT"
+    },
+    "node_modules/nanoid": {
+      "version": "3.3.11",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz",
+      "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "bin": {
+        "nanoid": "bin/nanoid.cjs"
+      },
+      "engines": {
+        "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1"
+      }
+    },
+    "node_modules/negotiator": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/object-inspect": {
+      "version": "1.13.4",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "license": "MIT",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/parseurl": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/path-to-regexp": {
+      "version": "0.1.13",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz",
+      "integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==",
+      "license": "MIT"
+    },
+    "node_modules/pathe": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/pathe/-/pathe-1.1.2.tgz",
+      "integrity": "sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/pathval": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/pathval/-/pathval-2.0.1.tgz",
+      "integrity": "sha512-//nshmD55c46FuFw26xV/xFAaB5HF9Xdap7HJBBnrKdAd6/GxDBaNA1870O79+9ueg61cZLSVc+OaFlfmObYVQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14.16"
+      }
+    },
+    "node_modules/picocolors": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
+      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/postcss": {
+      "version": "8.5.10",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.10.tgz",
+      "integrity": "sha512-pMMHxBOZKFU6HgAZ4eyGnwXF/EvPGGqUr0MnZ5+99485wwW41kW91A4LOGxSHhgugZmSChL5AlElNdwlNgcnLQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/postcss"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "nanoid": "^3.3.11",
+        "picocolors": "^1.1.1",
+        "source-map-js": "^1.2.1"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14"
+      }
+    },
+    "node_modules/proxy-addr": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+      "license": "MIT",
+      "dependencies": {
+        "forwarded": "0.2.0",
+        "ipaddr.js": "1.9.1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/qs": {
+      "version": "6.14.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/range-parser": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/raw-body": {
+      "version": "2.5.3",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz",
+      "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==",
+      "license": "MIT",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/resolve-pkg-maps": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-pkg-maps/-/resolve-pkg-maps-1.0.0.tgz",
+      "integrity": "sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/privatenumber/resolve-pkg-maps?sponsor=1"
+      }
+    },
+    "node_modules/rollup": {
+      "version": "4.60.2",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.60.2.tgz",
+      "integrity": "sha512-J9qZyW++QK/09NyN/zeO0dG/1GdGfyp9lV8ajHnRVLfo/uFsbji5mHnDgn/qYdUHyCkM2N+8VyspgZclfAh0eQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "1.0.8"
+      },
+      "bin": {
+        "rollup": "dist/bin/rollup"
+      },
+      "engines": {
+        "node": ">=18.0.0",
+        "npm": ">=8.0.0"
+      },
+      "optionalDependencies": {
+        "@rollup/rollup-android-arm-eabi": "4.60.2",
+        "@rollup/rollup-android-arm64": "4.60.2",
+        "@rollup/rollup-darwin-arm64": "4.60.2",
+        "@rollup/rollup-darwin-x64": "4.60.2",
+        "@rollup/rollup-freebsd-arm64": "4.60.2",
+        "@rollup/rollup-freebsd-x64": "4.60.2",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.60.2",
+        "@rollup/rollup-linux-arm-musleabihf": "4.60.2",
+        "@rollup/rollup-linux-arm64-gnu": "4.60.2",
+        "@rollup/rollup-linux-arm64-musl": "4.60.2",
+        "@rollup/rollup-linux-loong64-gnu": "4.60.2",
+        "@rollup/rollup-linux-loong64-musl": "4.60.2",
+        "@rollup/rollup-linux-ppc64-gnu": "4.60.2",
+        "@rollup/rollup-linux-ppc64-musl": "4.60.2",
+        "@rollup/rollup-linux-riscv64-gnu": "4.60.2",
+        "@rollup/rollup-linux-riscv64-musl": "4.60.2",
+        "@rollup/rollup-linux-s390x-gnu": "4.60.2",
+        "@rollup/rollup-linux-x64-gnu": "4.60.2",
+        "@rollup/rollup-linux-x64-musl": "4.60.2",
+        "@rollup/rollup-openbsd-x64": "4.60.2",
+        "@rollup/rollup-openharmony-arm64": "4.60.2",
+        "@rollup/rollup-win32-arm64-msvc": "4.60.2",
+        "@rollup/rollup-win32-ia32-msvc": "4.60.2",
+        "@rollup/rollup-win32-x64-gnu": "4.60.2",
+        "@rollup/rollup-win32-x64-msvc": "4.60.2",
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+      "license": "MIT"
+    },
+    "node_modules/send": {
+      "version": "0.19.2",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.19.2.tgz",
+      "integrity": "sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "1.2.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.1",
+        "mime": "1.6.0",
+        "ms": "2.1.3",
+        "on-finished": "~2.4.1",
+        "range-parser": "~1.2.1",
+        "statuses": "~2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/send/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
+    },
+    "node_modules/serve-static": {
+      "version": "1.16.3",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz",
+      "integrity": "sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==",
+      "license": "MIT",
+      "dependencies": {
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "parseurl": "~1.3.3",
+        "send": "~0.19.1"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/setprototypeof": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==",
+      "license": "ISC"
+    },
+    "node_modules/side-channel": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
+      "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3",
+        "side-channel-list": "^1.0.0",
+        "side-channel-map": "^1.0.1",
+        "side-channel-weakmap": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-list": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz",
+      "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-map": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
+      "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-weakmap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
+      "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3",
+        "side-channel-map": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/siginfo": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz",
+      "integrity": "sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/source-map-js": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
+      "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/stackback": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/stackback/-/stackback-0.0.2.tgz",
+      "integrity": "sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/statuses": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
+      "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/std-env": {
+      "version": "3.10.0",
+      "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.10.0.tgz",
+      "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/tinybench": {
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.9.0.tgz",
+      "integrity": "sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/tinyexec": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-0.3.2.tgz",
+      "integrity": "sha512-KQQR9yN7R5+OSwaK0XQoj22pwHoTlgYqmUscPYoknOoWCWfj/5/ABTMRi69FrKU5ffPVh5QcFikpWJI/P1ocHA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/tinypool": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-1.1.1.tgz",
+      "integrity": "sha512-Zba82s87IFq9A9XmjiX5uZA/ARWDrB03OHlq+Vw1fSdt0I+4/Kutwy8BP4Y/y/aORMo61FQ0vIb5j44vSo5Pkg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.0.0 || >=20.0.0"
+      }
+    },
+    "node_modules/tinyrainbow": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-1.2.0.tgz",
+      "integrity": "sha512-weEDEq7Z5eTHPDh4xjX789+fHfF+P8boiFB+0vbWzpbnbsEr/GRaohi/uMKxg8RZMXnl1ItAi/IUHWMsjDV7kQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/tinyspy": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-3.0.2.tgz",
+      "integrity": "sha512-n1cw8k1k0x4pgA2+9XrOkFydTerNcJ1zWCO5Nn9scWHTD+5tp8dghT2x1uduQePZTZgd3Tupf+x9BxJjeJi77Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/toidentifier": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.6"
+      }
+    },
+    "node_modules/tsx": {
+      "version": "4.21.0",
+      "resolved": "https://registry.npmjs.org/tsx/-/tsx-4.21.0.tgz",
+      "integrity": "sha512-5C1sg4USs1lfG0GFb2RLXsdpXqBSEhAaA/0kPL01wxzpMqLILNxIxIOKiILz+cdg/pLnOUxFYOR5yhHU666wbw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "esbuild": "~0.27.0",
+        "get-tsconfig": "^4.7.5"
+      },
+      "bin": {
+        "tsx": "dist/cli.mjs"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      }
+    },
+    "node_modules/type-is": {
+      "version": "1.6.18",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+      "license": "MIT",
+      "dependencies": {
+        "media-typer": "0.3.0",
+        "mime-types": "~2.1.24"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "5.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
+      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/undici-types": {
+      "version": "6.21.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
+      "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/vite": {
+      "version": "5.4.21",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-5.4.21.tgz",
+      "integrity": "sha512-o5a9xKjbtuhY6Bi5S3+HvbRERmouabWbyUcpXXUA1u+GNUKoROi9byOJ8M0nHbHYHkYICiMlqxkg1KkYmm25Sw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "esbuild": "^0.21.3",
+        "postcss": "^8.4.43",
+        "rollup": "^4.20.0"
+      },
+      "bin": {
+        "vite": "bin/vite.js"
+      },
+      "engines": {
+        "node": "^18.0.0 || >=20.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/vitejs/vite?sponsor=1"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      },
+      "peerDependencies": {
+        "@types/node": "^18.0.0 || >=20.0.0",
+        "less": "*",
+        "lightningcss": "^1.21.0",
+        "sass": "*",
+        "sass-embedded": "*",
+        "stylus": "*",
+        "sugarss": "*",
+        "terser": "^5.4.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        },
+        "less": {
+          "optional": true
+        },
+        "lightningcss": {
+          "optional": true
+        },
+        "sass": {
+          "optional": true
+        },
+        "sass-embedded": {
+          "optional": true
+        },
+        "stylus": {
+          "optional": true
+        },
+        "sugarss": {
+          "optional": true
+        },
+        "terser": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vite-node": {
+      "version": "2.1.9",
+      "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-2.1.9.tgz",
+      "integrity": "sha512-AM9aQ/IPrW/6ENLQg3AGY4K1N2TGZdR5e4gu/MmmR2xR3Ll1+dib+nook92g4TV3PXVyeyxdWwtaCAiUL0hMxA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cac": "^6.7.14",
+        "debug": "^4.3.7",
+        "es-module-lexer": "^1.5.4",
+        "pathe": "^1.1.2",
+        "vite": "^5.0.0"
+      },
+      "bin": {
+        "vite-node": "vite-node.mjs"
+      },
+      "engines": {
+        "node": "^18.0.0 || >=20.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/vite-node/node_modules/debug": {
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vite-node/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/vite/node_modules/@esbuild/aix-ppc64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.21.5.tgz",
+      "integrity": "sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "aix"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/android-arm": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.21.5.tgz",
+      "integrity": "sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/android-arm64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.21.5.tgz",
+      "integrity": "sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/android-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.21.5.tgz",
+      "integrity": "sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/darwin-arm64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.21.5.tgz",
+      "integrity": "sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/darwin-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.21.5.tgz",
+      "integrity": "sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/freebsd-arm64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.21.5.tgz",
+      "integrity": "sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/freebsd-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.21.5.tgz",
+      "integrity": "sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-arm": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.21.5.tgz",
+      "integrity": "sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-arm64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.21.5.tgz",
+      "integrity": "sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-ia32": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.21.5.tgz",
+      "integrity": "sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-loong64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.21.5.tgz",
+      "integrity": "sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-mips64el": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.21.5.tgz",
+      "integrity": "sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==",
+      "cpu": [
+        "mips64el"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-ppc64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.21.5.tgz",
+      "integrity": "sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-riscv64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.21.5.tgz",
+      "integrity": "sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-s390x": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.21.5.tgz",
+      "integrity": "sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.21.5.tgz",
+      "integrity": "sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/netbsd-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.21.5.tgz",
+      "integrity": "sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/openbsd-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.21.5.tgz",
+      "integrity": "sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/sunos-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.21.5.tgz",
+      "integrity": "sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "sunos"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/win32-arm64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.21.5.tgz",
+      "integrity": "sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/win32-ia32": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.21.5.tgz",
+      "integrity": "sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/win32-x64": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.21.5.tgz",
+      "integrity": "sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/vite/node_modules/esbuild": {
+      "version": "0.21.5",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.21.5.tgz",
+      "integrity": "sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "optionalDependencies": {
+        "@esbuild/aix-ppc64": "0.21.5",
+        "@esbuild/android-arm": "0.21.5",
+        "@esbuild/android-arm64": "0.21.5",
+        "@esbuild/android-x64": "0.21.5",
+        "@esbuild/darwin-arm64": "0.21.5",
+        "@esbuild/darwin-x64": "0.21.5",
+        "@esbuild/freebsd-arm64": "0.21.5",
+        "@esbuild/freebsd-x64": "0.21.5",
+        "@esbuild/linux-arm": "0.21.5",
+        "@esbuild/linux-arm64": "0.21.5",
+        "@esbuild/linux-ia32": "0.21.5",
+        "@esbuild/linux-loong64": "0.21.5",
+        "@esbuild/linux-mips64el": "0.21.5",
+        "@esbuild/linux-ppc64": "0.21.5",
+        "@esbuild/linux-riscv64": "0.21.5",
+        "@esbuild/linux-s390x": "0.21.5",
+        "@esbuild/linux-x64": "0.21.5",
+        "@esbuild/netbsd-x64": "0.21.5",
+        "@esbuild/openbsd-x64": "0.21.5",
+        "@esbuild/sunos-x64": "0.21.5",
+        "@esbuild/win32-arm64": "0.21.5",
+        "@esbuild/win32-ia32": "0.21.5",
+        "@esbuild/win32-x64": "0.21.5"
+      }
+    },
+    "node_modules/vitest": {
+      "version": "2.1.9",
+      "resolved": "https://registry.npmjs.org/vitest/-/vitest-2.1.9.tgz",
+      "integrity": "sha512-MSmPM9REYqDGBI8439mA4mWhV5sKmDlBKWIYbA3lRb2PTHACE0mgKwA8yQ2xq9vxDTuk4iPrECBAEW2aoFXY0Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/expect": "2.1.9",
+        "@vitest/mocker": "2.1.9",
+        "@vitest/pretty-format": "^2.1.9",
+        "@vitest/runner": "2.1.9",
+        "@vitest/snapshot": "2.1.9",
+        "@vitest/spy": "2.1.9",
+        "@vitest/utils": "2.1.9",
+        "chai": "^5.1.2",
+        "debug": "^4.3.7",
+        "expect-type": "^1.1.0",
+        "magic-string": "^0.30.12",
+        "pathe": "^1.1.2",
+        "std-env": "^3.8.0",
+        "tinybench": "^2.9.0",
+        "tinyexec": "^0.3.1",
+        "tinypool": "^1.0.1",
+        "tinyrainbow": "^1.2.0",
+        "vite": "^5.0.0",
+        "vite-node": "2.1.9",
+        "why-is-node-running": "^2.3.0"
+      },
+      "bin": {
+        "vitest": "vitest.mjs"
+      },
+      "engines": {
+        "node": "^18.0.0 || >=20.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      },
+      "peerDependencies": {
+        "@edge-runtime/vm": "*",
+        "@types/node": "^18.0.0 || >=20.0.0",
+        "@vitest/browser": "2.1.9",
+        "@vitest/ui": "2.1.9",
+        "happy-dom": "*",
+        "jsdom": "*"
+      },
+      "peerDependenciesMeta": {
+        "@edge-runtime/vm": {
+          "optional": true
+        },
+        "@types/node": {
+          "optional": true
+        },
+        "@vitest/browser": {
+          "optional": true
+        },
+        "@vitest/ui": {
+          "optional": true
+        },
+        "happy-dom": {
+          "optional": true
+        },
+        "jsdom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vitest/node_modules/debug": {
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vitest/node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/why-is-node-running": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.3.0.tgz",
+      "integrity": "sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "siginfo": "^2.0.0",
+        "stackback": "0.0.2"
+      },
+      "bin": {
+        "why-is-node-running": "cli.js"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    }
+  }
+}
diff --git a/services/oidc-stub/package.json b/services/oidc-stub/package.json
new file mode 100644
index 0000000..5aeb127
--- /dev/null
+++ b/services/oidc-stub/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "agentkeys-oidc-stub",
+  "version": "0.1.0",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "start": "tsx src/server.ts",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "express": "^4.21.0",
+    "jose": "^5.9.0"
+  },
+  "devDependencies": {
+    "@types/express": "^5.0.0",
+    "@types/node": "^20.0.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.5.0",
+    "vitest": "^2.1.0"
+  }
+}
diff --git a/services/oidc-stub/src/keys.ts b/services/oidc-stub/src/keys.ts
new file mode 100644
index 0000000..801d53f
--- /dev/null
+++ b/services/oidc-stub/src/keys.ts
@@ -0,0 +1,108 @@
+import { generateKeyPair, exportJWK, importJWK, type KeyLike, type JWK } from "jose";
+import { readFile, writeFile, mkdir, chmod } from "node:fs/promises";
+import { existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+
+const KEYPAIR_DIR = join(homedir(), ".agentkeys", "oidc-stub");
+const KEYPAIR_PATH = join(KEYPAIR_DIR, "keypair.json");
+
+export interface LoadedKeypair {
+  privateKey: KeyLike;
+  publicKey: KeyLike;
+  publicJwk: JWK;
+  kid: string;
+}
+
+interface PersistedKeypair {
+  kid: string;
+  privateJwk: JWK;
+  publicJwk: JWK;
+}
+
+async function generateAndPersistKeypair(): Promise<LoadedKeypair> {
+  const { privateKey, publicKey } = await generateKeyPair("ES256", {
+    extractable: true,
+  });
+
+  const privateJwk = await exportJWK(privateKey);
+  const publicJwk = await exportJWK(publicKey);
+  const kid = `v1-${Date.now()}`;
+  privateJwk.kid = kid;
+  publicJwk.kid = kid;
+  publicJwk.alg = "ES256";
+  publicJwk.use = "sig";
+
+  const persisted: PersistedKeypair = { kid, privateJwk, publicJwk };
+
+  await mkdir(KEYPAIR_DIR, { recursive: true });
+  await writeFile(KEYPAIR_PATH, JSON.stringify(persisted, null, 2), {
+    mode: 0o600,
+  });
+  await chmod(KEYPAIR_PATH, 0o600);
+
+  console.log(`[oidc-stub] Generated new ES256 keypair (kid=${kid}), cached at ${KEYPAIR_PATH}`);
+
+  return {
+    privateKey,
+    publicKey,
+    publicJwk,
+    kid,
+  };
+}
+
+async function loadPersistedKeypair(): Promise<LoadedKeypair> {
+  const raw = await readFile(KEYPAIR_PATH, "utf-8");
+  const persisted: PersistedKeypair = JSON.parse(raw);
+
+  const privateKey = (await importJWK(persisted.privateJwk, "ES256")) as KeyLike;
+  const publicKey = (await importJWK(persisted.publicJwk, "ES256")) as KeyLike;
+
+  console.log(`[oidc-stub] Loaded persisted ES256 keypair (kid=${persisted.kid}) from ${KEYPAIR_PATH}`);
+
+  return {
+    privateKey,
+    publicKey,
+    publicJwk: persisted.publicJwk,
+    kid: persisted.kid,
+  };
+}
+
+/**
+ * Load the ES256 keypair for this stub instance.
+ *
+ * Dev path: generates a fresh P-256 keypair at startup, caches it to
+ * ~/.agentkeys/oidc-stub/keypair.json (mode 0600) for persistence across restarts.
+ *
+ * Prod placeholder (TODO): when AGENTKEYS_OIDC_KMS_KEY_ID is set, delegate signing
+ * to AWS KMS using the AsymmetricSign API. See the TODO block below. This stub
+ * intentionally does NOT implement KMS signing — the TEE-derived key path
+ * (oidc/issuer/v1) described in wiki/oidc-federation.md §Architecture replaces
+ * both this dev keypair and the KMS placeholder in Stage 6 production.
+ *
+ * SECURITY NOTICE: See README.md — this is a TEE-INTERIM STUB only.
+ */
+export async function loadKeypair(): Promise<LoadedKeypair> {
+  const kmsKeyId = process.env["AGENTKEYS_OIDC_KMS_KEY_ID"];
+  if (kmsKeyId) {
+    // TODO: Production Stage 6 — use AWS KMS AsymmetricSign with the key referenced
+    // by AGENTKEYS_OIDC_KMS_KEY_ID. The KMS key must be an ECC_NIST_P256 key with
+    // SIGN_VERIFY usage. Signing via KMS: call kms.sign({ KeyId, Message, MessageType,
+    // SigningAlgorithm: "ECDSA_SHA_256" }) and assemble the JWT manually. Public key
+    // can be fetched once via kms.getPublicKey({ KeyId }) and cached.
+    //
+    // IMPORTANT: Production Stage 6 replaces this entire stub with a TEE-derived
+    // oidc/issuer/v1 key per wiki/oidc-federation.md §Architecture. Do NOT treat
+    // KMS as the final architecture — it is only a stepping stone.
+    throw new Error(
+      `[oidc-stub] AGENTKEYS_OIDC_KMS_KEY_ID is set (${kmsKeyId}) but KMS signing is not ` +
+        `implemented in this stub. This path is reserved for the production Stage 6 TEE signer. ` +
+        `Unset the env var to use the local dev keypair.`
+    );
+  }
+
+  if (existsSync(KEYPAIR_PATH)) {
+    return loadPersistedKeypair();
+  }
+  return generateAndPersistKeypair();
+}
diff --git a/services/oidc-stub/src/server.ts b/services/oidc-stub/src/server.ts
new file mode 100644
index 0000000..86b9bff
--- /dev/null
+++ b/services/oidc-stub/src/server.ts
@@ -0,0 +1,93 @@
+import express, { type Request, type Response } from "express";
+import { SignJWT } from "jose";
+import { loadKeypair, type LoadedKeypair } from "./keys.js";
+
+const ISSUER = process.env["OIDC_STUB_ISSUER"] ?? "https://oidc.agentkeys.dev";
+const PORT = parseInt(process.env["OIDC_STUB_PORT"] ?? "34568", 10);
+
+export function buildApp(keypair: LoadedKeypair): express.Application {
+  const app = express();
+  app.use(express.json());
+
+  app.get("/.well-known/openid-configuration", (_req: Request, res: Response) => {
+    res.json({
+      issuer: ISSUER,
+      jwks_uri: `${ISSUER}/.well-known/jwks.json`,
+      response_types_supported: ["id_token"],
+      subject_types_supported: ["public"],
+      id_token_signing_alg_values_supported: ["ES256"],
+      scopes_supported: ["openid"],
+      token_endpoint_auth_methods_supported: ["none"],
+      claims_supported: [
+        "iss",
+        "sub",
+        "aud",
+        "iat",
+        "exp",
+        "nbf",
+        "agentkeys_attested_at",
+        "agentkeys_enclave_tier",
+        "agentkeys_child_wallet",
+        "agentkeys_grant_id",
+        "agentkeys_operation",
+        "agentkeys_user_wallet",
+      ],
+    });
+  });
+
+  app.get("/.well-known/jwks.json", (_req: Request, res: Response) => {
+    res.json({
+      keys: [keypair.publicJwk],
+    });
+  });
+
+  app.post("/internal/sign", async (req: Request, res: Response) => {
+    const claims = req.body as Record<string, unknown>;
+    if (!claims || typeof claims !== "object") {
+      res.status(400).json({ error: "Request body must be a JSON object of claims" });
+      return;
+    }
+
+    const nowSec = Math.floor(Date.now() / 1000);
+    const expSec = typeof claims["exp"] === "number" ? claims["exp"] : nowSec + 300;
+
+    const jwtBuilder = new SignJWT({ ...claims })
+      .setProtectedHeader({ alg: "ES256", kid: keypair.kid })
+      .setIssuedAt(nowSec)
+      .setExpirationTime(expSec)
+      .setIssuer((claims["iss"] as string | undefined) ?? ISSUER);
+
+    if (claims["sub"] !== undefined) {
+      jwtBuilder.setSubject(claims["sub"] as string);
+    }
+    if (claims["aud"] !== undefined) {
+      jwtBuilder.setAudience(claims["aud"] as string | string[]);
+    }
+    if (claims["nbf"] !== undefined) {
+      jwtBuilder.setNotBefore(claims["nbf"] as number);
+    }
+
+    const jwt = await jwtBuilder.sign(keypair.privateKey);
+    res.json({ jwt });
+  });
+
+  return app;
+}
+
+async function main(): Promise<void> {
+  const keypair = await loadKeypair();
+  const app = buildApp(keypair);
+
+  app.listen(PORT, () => {
+    console.log(`[oidc-stub] Listening on http://localhost:${PORT}`);
+    console.log(`[oidc-stub] Discovery: http://localhost:${PORT}/.well-known/openid-configuration`);
+    console.log(`[oidc-stub] JWKS:      http://localhost:${PORT}/.well-known/jwks.json`);
+    console.log(`[oidc-stub] Sign:      POST http://localhost:${PORT}/internal/sign`);
+    console.log(`[oidc-stub] Issuer:    ${ISSUER}`);
+  });
+}
+
+main().catch((err) => {
+  console.error("[oidc-stub] Fatal startup error:", err);
+  process.exit(1);
+});
diff --git a/services/oidc-stub/tests/server.test.ts b/services/oidc-stub/tests/server.test.ts
new file mode 100644
index 0000000..e4888bd
--- /dev/null
+++ b/services/oidc-stub/tests/server.test.ts
@@ -0,0 +1,170 @@
+import { describe, it, expect, beforeAll } from "vitest";
+import { generateKeyPair, exportJWK, jwtVerify, createRemoteJWKSet, importJWK, type KeyLike, type JWK } from "jose";
+import express from "express";
+import type { Server } from "node:http";
+import { buildApp } from "../src/server.js";
+import type { LoadedKeypair } from "../src/keys.js";
+
+let server: Server;
+let baseUrl: string;
+let keypair: LoadedKeypair;
+
+beforeAll(async () => {
+  const { privateKey, publicKey } = await generateKeyPair("ES256", { extractable: true });
+  const publicJwk = await exportJWK(publicKey);
+  publicJwk.kid = "test-v1";
+  publicJwk.alg = "ES256";
+  publicJwk.use = "sig";
+
+  keypair = {
+    privateKey: privateKey as KeyLike,
+    publicKey: publicKey as KeyLike,
+    publicJwk,
+    kid: "test-v1",
+  };
+
+  const app = buildApp(keypair);
+
+  await new Promise<void>((resolve) => {
+    server = app.listen(0, () => {
+      const addr = server.address();
+      const port = typeof addr === "object" && addr ? addr.port : 0;
+      baseUrl = `http://localhost:${port}`;
+      resolve();
+    });
+  });
+
+  return () => {
+    server.close();
+  };
+});
+
+describe("GET /.well-known/openid-configuration", () => {
+  it("returns 200 with valid JSON", async () => {
+    const response = await fetch(`${baseUrl}/.well-known/openid-configuration`);
+    expect(response.status).toBe(200);
+    expect(response.headers.get("content-type")).toMatch(/application\/json/);
+  });
+
+  it("contains all required OIDC fields", async () => {
+    const response = await fetch(`${baseUrl}/.well-known/openid-configuration`);
+    const doc = (await response.json()) as Record<string, unknown>;
+
+    expect(typeof doc["issuer"]).toBe("string");
+    expect(typeof doc["jwks_uri"]).toBe("string");
+    expect(doc["id_token_signing_alg_values_supported"]).toEqual(["ES256"]);
+    expect(doc["response_types_supported"]).toContain("id_token");
+    expect(doc["subject_types_supported"]).toContain("public");
+  });
+
+  it("jwks_uri points to the jwks endpoint", async () => {
+    const response = await fetch(`${baseUrl}/.well-known/openid-configuration`);
+    const doc = (await response.json()) as Record<string, unknown>;
+
+    expect(typeof doc["jwks_uri"]).toBe("string");
+    expect((doc["jwks_uri"] as string).endsWith("/.well-known/jwks.json")).toBe(true);
+  });
+});
+
+describe("GET /.well-known/jwks.json", () => {
+  it("returns 200 with valid JSON", async () => {
+    const response = await fetch(`${baseUrl}/.well-known/jwks.json`);
+    expect(response.status).toBe(200);
+    expect(response.headers.get("content-type")).toMatch(/application\/json/);
+  });
+
+  it("contains exactly one ES256 JWK", async () => {
+    const response = await fetch(`${baseUrl}/.well-known/jwks.json`);
+    const jwks = (await response.json()) as Record<string, unknown>;
+
+    expect(Array.isArray(jwks["keys"])).toBe(true);
+    const keys = jwks["keys"] as Record<string, unknown>[];
+    expect(keys).toHaveLength(1);
+
+    const key = keys[0];
+    expect(key["kty"]).toBe("EC");
+    expect(key["crv"]).toBe("P-256");
+    expect(key["alg"]).toBe("ES256");
+    expect(key["use"]).toBe("sig");
+    expect(typeof key["x"]).toBe("string");
+    expect(typeof key["y"]).toBe("string");
+    expect(key["d"]).toBeUndefined();
+  });
+});
+
+describe("POST /internal/sign", () => {
+  it("returns 400 when body is missing", async () => {
+    const response = await fetch(`${baseUrl}/internal/sign`, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: "null",
+    });
+    expect(response.status).toBe(400);
+  });
+
+  it("produces a JWT that verifies against the JWKS endpoint", async () => {
+    const claims = {
+      sub: "enclave:mrenclave123:mrsigner456:agent:0xabc",
+      aud: "sts.amazonaws.com",
+      agentkeys_operation: "ses.send",
+      agentkeys_enclave_tier: "dev",
+    };
+
+    const signResponse = await fetch(`${baseUrl}/internal/sign`, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify(claims),
+    });
+    expect(signResponse.status).toBe(200);
+
+    const body = (await signResponse.json()) as { jwt: string };
+    expect(typeof body["jwt"]).toBe("string");
+
+    const jwksUri = new URL(`${baseUrl}/.well-known/jwks.json`);
+    const remoteJwks = createRemoteJWKSet(jwksUri);
+
+    const { payload } = await jwtVerify(body.jwt, remoteJwks, {
+      audience: "sts.amazonaws.com",
+    });
+
+    expect(payload["sub"]).toBe(claims.sub);
+    expect(payload["agentkeys_operation"]).toBe("ses.send");
+    expect(payload["agentkeys_enclave_tier"]).toBe("dev");
+    expect(typeof payload["iat"]).toBe("number");
+    expect(typeof payload["exp"]).toBe("number");
+  });
+
+  it("JWT header contains alg=ES256 and kid matching the JWKS key", async () => {
+    const signResponse = await fetch(`${baseUrl}/internal/sign`, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ sub: "test-sub", aud: "test-aud" }),
+    });
+    const { jwt } = (await signResponse.json()) as { jwt: string };
+
+    const headerB64 = jwt.split(".")[0];
+    const headerJson = Buffer.from(headerB64, "base64url").toString("utf-8");
+    const header = JSON.parse(headerJson) as Record<string, unknown>;
+
+    expect(header["alg"]).toBe("ES256");
+    expect(header["kid"]).toBe("test-v1");
+  });
+
+  it("JWT verifies against the public key from JWKS by importing directly", async () => {
+    const signResponse = await fetch(`${baseUrl}/internal/sign`, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ sub: "direct-verify-sub", aud: "sts.amazonaws.com" }),
+    });
+    const { jwt } = (await signResponse.json()) as { jwt: string };
+
+    const jwksResponse = await fetch(`${baseUrl}/.well-known/jwks.json`);
+    const jwks = (await jwksResponse.json()) as { keys: JWK[] };
+    const publicKey = await importJWK(jwks.keys[0]!, "ES256");
+
+    const { payload } = await jwtVerify(jwt, publicKey, {
+      audience: "sts.amazonaws.com",
+    });
+    expect(payload["sub"]).toBe("direct-verify-sub");
+  });
+});
diff --git a/services/oidc-stub/tsconfig.json b/services/oidc-stub/tsconfig.json
new file mode 100644
index 0000000..eba3e0a
--- /dev/null
+++ b/services/oidc-stub/tsconfig.json
@@ -0,0 +1,14 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "rootDir": ".",
+    "outDir": "dist",
+    "resolveJsonModule": true
+  },
+  "include": ["src/**/*", "tests/**/*", "vitest.config.ts"]
+}
diff --git a/services/oidc-stub/vitest.config.ts b/services/oidc-stub/vitest.config.ts
new file mode 100644
index 0000000..3fc8364
--- /dev/null
+++ b/services/oidc-stub/vitest.config.ts
@@ -0,0 +1,8 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  test: {
+    include: ["tests/**/*.test.ts", "src/**/*.test.ts"],
+    testTimeout: 15000,
+  },
+});
diff --git a/wiki/email-system.md b/wiki/email-system.md
index 9441976..c42160c 100644
--- a/wiki/email-system.md
+++ b/wiki/email-system.md
@@ -160,6 +160,96 @@ Minimal broker-not-proxy shape. Our infrastructure handles only credential minti
 
 ---
 
+## Architecture topology — singleton scaling model
+
+The SES email stack uses **singleton AWS resources** with logical or cryptographic per-user isolation, not per-user AWS resources. This is what makes it scale to millions of AgentKeys users without hitting IAM quotas.
+
+### Resource graph
+
+```mermaid
+graph TB
+    subgraph EXT[" External "]
+        Sender[Sender MTA, e.g. Gmail]
+        Recip[Recipient MTA]
+    end
+    subgraph DNS[" Route 53 "]
+        Records["MX → SES inbound<br/>3× DKIM CNAMEs<br/>SPF + DMARC TXT"]
+    end
+    subgraph SES[" AWS SES "]
+        Inbound["Inbound endpoint<br/>+ wildcard receipt rule on *@&lt;domain&gt;"]
+        Outbound["ses:SendRawEmail<br/>+ AWS-managed DKIM signing"]
+    end
+    subgraph S3[" S3 "]
+        Bucket["Singleton bucket<br/>+ bucket policy<br/>+ 30d inbound/* lifecycle"]
+    end
+    subgraph IAM[" IAM "]
+        User["Singleton user 'agentkeys-daemon'<br/>+ inline policy: only sts:AssumeRole"]
+        Role["Singleton role 'agentkeys-agent'<br/>+ inline policy: s3:Get/List + ses:SendRawEmail"]
+    end
+    subgraph APP[" Our code "]
+        Daemon[Daemon process]
+    end
+    Sender -->|1 MX lookup| Records
+    Records -.->|returns SES MX| Sender
+    Sender -->|2 SMTP| Inbound
+    Inbound -->|3 PutObject| Bucket
+    Daemon -->|4 long-lived access keys| User
+    User -->|5 sts:AssumeRole| Role
+    Role -.->|6 1h temp creds| Daemon
+    Daemon -->|7 GetObject| Bucket
+    Daemon -->|8 SendRawEmail| Outbound
+    Outbound -->|9 DKIM-signed| Recip
+```
+
+### Singleton vs per-user — what scales how
+
+| Singleton — one per AWS account regardless of user count | Per-user — logical, no AWS resource per user |
+|---|---|
+| 1 IAM user `agentkeys-daemon` | N throwaway addresses `bot-<random>@<domain>` (DB / on-chain) |
+| 1 IAM role `agentkeys-agent` | N S3 objects under `inbound/<msg-id>.eml` (lifecycle-capped) |
+| 1 S3 bucket | (no other AWS resources scale per user) |
+| 1 SES domain identity | |
+| 1 SES wildcard receipt rule on `*@<domain>` | |
+
+### Why singleton — AWS quotas would cap per-user IAM
+
+| Resource | AWS default quota | Implication if used per AgentKeys user |
+|---|---|---|
+| IAM users | 5,000 / account | Total user count capped at 5k |
+| IAM roles | 1,000 / account | Total user count capped at 1k |
+| S3 buckets | 100 (raisable to 1,000) | Capped at ~1k |
+| SES verified identities | 10,000 / account | Plenty, but ops debt to manage |
+
+Our design moves the bottleneck from IAM (hard cap) to SES inbound rate (60 msg/sec/region default, raisable on request). Storage math at 10k users × 5 throwaway inboxes × 2 verification mails: ~100k S3 objects steady-state with 30d TTL = ~500MB = ~$0.01/month.
+
+### Trust chain
+
+```
+operator's long-lived AWS access keys (stored in 1Password)
+  ↓ injected to daemon as AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY env
+IAM user (agentkeys-daemon)
+  ↓ sts:AssumeRole — only action this user can perform
+IAM role (agentkeys-agent)
+  ↓ returns 1h temp creds (auto-refreshed)
+S3 GetObject + ses:SendRawEmail API calls
+```
+
+Compromise of the long-lived access keys is bounded to "attacker can assume the role." Rotating the keys is one CLI call (`aws iam create-access-key` + delete the old one); the role and its permissions are untouched.
+
+### Per-user isolation — Stage 6 vs Stage 7
+
+| | Stage 6 interim (shipped today) | Stage 7 target |
+|---|---|---|
+| Bucket policy | `agentkeys-agent` reads whole bucket | `agentkeys-agent` only reads prefix matching `${aws:PrincipalTag/agentkeys_user_wallet}` |
+| Per-user separation | App-side — daemon filters by `To:` header | Cloud-side — bucket policy denies cross-prefix reads |
+| Failure mode if our app has a bug | User A could read user B's mail | `AccessDenied` from S3 |
+| Auth flow | Long-lived IAM user → `sts:AssumeRole` | OIDC JWT (with `agentkeys_user_wallet` claim) → `sts:AssumeRoleWithWebIdentity` |
+| AWS resources | Same singletons | Same singletons (no new IAM per user) |
+
+Stage 7 is documented in [oidc-federation](oidc-federation) and [tag-based-access](tag-based-access). The migration from Stage 6 → 7 swaps the auth flow but keeps the singleton design — same one bucket, same one role, both paths.
+
+---
+
 ## How we differ from AgentMail
 
 AgentMail is a SaaS running on AWS SES. They proxy per-operation: agents call their API, their servers parse MIME, compute threads, manage drafts/labels/webhooks on the client's behalf. Their compute cost scales with user operation frequency.