Preserve cookie security attributes in updateCookies round-trip

Chromium's Cookies() API can lose or normalize Secure, SameSite, and
HttpOnly attributes during the AddCookies → navigate → Cookies()
round-trip. This caused cookies like cf_clearance (set with
Secure=true, SameSite=None) to be overwritten with Chromium's defaults
(Secure=false, SameSite=Lax).

Now updateCookies() looks up existing cookies in the jar first. For
cookies that already exist, only Value and Expires are updated —
security attributes are preserved from the original. New cookies from
the server are still written with all their attributes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

browser_init.go

@@ -52,6 +52,16 @@ func initBrowser(opt BrowserOptions) (*browserInitResult, error) {
 		return nil, ErrInvalidBrowserSelection
 	}
 
+	// Auto-select a User-Agent matching the browser engine when the caller hasn't set one.
+	if opt.UserAgent == "" {
+		switch opt.Browser {
+		case BrowserChromium:
+			opt.UserAgent = DefaultChromiumUserAgent
+		default:
+			opt.UserAgent = DefaultFirefoxUserAgent
+		}
+	}
+
 	// Collect launch args and init scripts, starting with any stealth-mode presets.
 	stealth := opt.Stealth == nil || *opt.Stealth
 	var launchArgs []string
@@ -61,7 +71,13 @@ func initBrowser(opt BrowserOptions) (*browserInitResult, error) {
 		if opt.Browser == BrowserChromium {
 			launchArgs = append(launchArgs, stealthChromiumArgs...)
 		}
-		initScripts = append(initScripts, stealthInitScripts...)
+		initScripts = append(initScripts, stealthCommonScripts...)
+		switch opt.Browser {
+		case BrowserChromium:
+			initScripts = append(initScripts, buildChromiumStealthScripts(randomChromiumProfile())...)
+		case BrowserFirefox:
+			initScripts = append(initScripts, buildFirefoxStealthScripts(randomFirefoxProfile())...)
+		}
 	}
 
 	launchArgs = append(launchArgs, opt.LaunchArgs...)
@@ -136,12 +152,11 @@ func initBrowser(opt BrowserOptions) (*browserInitResult, error) {
 		if err != nil {
 			return nil, fmt.Errorf("error getting cookies from cookie jar: %w", err)
 		}
-		pwCookies := make([]playwright.OptionalCookie, len(cookies))
-		for i, c := range cookies {
-			pwCookies[i] = cookieToPlaywrightOptionalCookie(c)
+		for _, c := range cookies {
+			oc := cookieToPlaywrightOptionalCookie(c)
+			if err := bctx.AddCookies([]playwright.OptionalCookie{oc}); err != nil {
+				slog.Warn("skipping invalid cookie", "name", c.Name, "host", c.Host, "error", err)
 			}
-		if err := bctx.AddCookies(pwCookies); err != nil {
-			return nil, fmt.Errorf("error adding cookies to browser: %w", err)
 		}
 	}
 

document.go

@@ -25,6 +25,7 @@ type document struct {
 	pw       *playwright.Playwright
 	browser  playwright.Browser
 	page     playwright.Page
+	detached bool
 }
 
 func newDocument(pw *playwright.Playwright, browser playwright.Browser, page playwright.Page) (Document, error) {
@@ -44,6 +45,9 @@ func newDocument(pw *playwright.Playwright, browser playwright.Browser, page pla
 	return res, nil
 }
 func (d *document) Close() error {
+	if d.detached {
+		return nil
+	}
 	return d.page.Close()
 }
 

interactive.go

@@ -23,8 +23,13 @@ type InteractiveBrowser interface {
 
 	// MouseClick clicks at the given coordinates with the specified button ("left", "middle", "right").
 	MouseClick(x, y float64, button string) error
-	// MouseMove moves the mouse to the given coordinates.
-	MouseMove(x, y float64) error
+	// MouseDown presses the mouse button at the given coordinates without releasing.
+	MouseDown(x, y float64, button string) error
+	// MouseUp releases the mouse button at the given coordinates.
+	MouseUp(x, y float64, button string) error
+	// MouseMove moves the mouse to the given coordinates. An optional steps parameter
+	// controls how many intermediate mousemove events are generated (default 1).
+	MouseMove(x, y float64, steps ...int) error
 	// MouseWheel scrolls by the given delta.
 	MouseWheel(deltaX, deltaY float64) error
 
@@ -43,6 +48,16 @@ type InteractiveBrowser interface {
 	// Cookies returns all cookies from the browser context.
 	Cookies() ([]Cookie, error)
 
+	// SetDefaultTimeout sets the default timeout for all Playwright operations
+	// (navigation, clicks, screenshots, cookie extraction, etc.). A value of 0
+	// disables timeouts. By default, Playwright uses a 30-second timeout.
+	//
+	// This is the primary mechanism for preventing hung sessions: callers can
+	// set a timeout so that any Playwright call returns an error instead of
+	// blocking forever if the browser process crashes or the remote server
+	// becomes unresponsive.
+	SetDefaultTimeout(timeout time.Duration)
+
 	// Close tears down the browser.
 	Close() error
 }
@@ -52,6 +67,8 @@ type interactiveBrowser struct {
 	browser            playwright.Browser
 	ctx                playwright.BrowserContext
 	page               playwright.Page
+	ownsInfrastructure bool
+	detached           bool
 }
 
 // NewInteractiveBrowser creates a headless browser with a page ready for interactive control.
@@ -59,7 +76,6 @@ type interactiveBrowser struct {
 func NewInteractiveBrowser(ctx context.Context, opts ...BrowserOptions) (InteractiveBrowser, error) {
 	var thirtySeconds = 30 * time.Second
 	opt := mergeOptions(BrowserOptions{
-		UserAgent: DefaultUserAgent,
 		Browser: BrowserFirefox,
 		Timeout: &thirtySeconds,
 		Stealth: Bool(true),
@@ -89,6 +105,9 @@ func NewInteractiveBrowser(ctx context.Context, opts ...BrowserOptions) (Interac
 
 		page, err := res.bctx.NewPage()
 		if err != nil {
+			_ = res.bctx.Close()
+			_ = res.browser.Close()
+			_ = res.pw.Stop()
 			ch <- result{nil, fmt.Errorf("failed to create page: %w", err)}
 			return
 		}
@@ -99,12 +118,19 @@ func NewInteractiveBrowser(ctx context.Context, opts ...BrowserOptions) (Interac
 				browser:            res.browser,
 				ctx:                res.bctx,
 				page:               page,
+				ownsInfrastructure: true,
 			},
 		}
 	}()
 
 	select {
 	case <-ctx.Done():
+		go func() {
+			r := <-ch
+			if r.err == nil && r.ib != nil {
+				_ = r.ib.Close()
+			}
+		}()
 		return nil, ctx.Err()
 	case r := <-ch:
 		return r.ib, r.err
@@ -154,8 +180,44 @@ func (ib *interactiveBrowser) MouseClick(x, y float64, button string) error {
 	return ib.page.Mouse().Click(x, y, playwright.MouseClickOptions{Button: btn})
 }
 
-func (ib *interactiveBrowser) MouseMove(x, y float64) error {
-	return ib.page.Mouse().Move(x, y)
+func (ib *interactiveBrowser) MouseDown(x, y float64, button string) error {
+	if err := ib.page.Mouse().Move(x, y); err != nil {
+		return err
+	}
+	var btn *playwright.MouseButton
+	switch button {
+	case "right":
+		btn = playwright.MouseButtonRight
+	case "middle":
+		btn = playwright.MouseButtonMiddle
+	default:
+		btn = playwright.MouseButtonLeft
+	}
+	return ib.page.Mouse().Down(playwright.MouseDownOptions{Button: btn})
+}
+
+func (ib *interactiveBrowser) MouseUp(x, y float64, button string) error {
+	if err := ib.page.Mouse().Move(x, y); err != nil {
+		return err
+	}
+	var btn *playwright.MouseButton
+	switch button {
+	case "right":
+		btn = playwright.MouseButtonRight
+	case "middle":
+		btn = playwright.MouseButtonMiddle
+	default:
+		btn = playwright.MouseButtonLeft
+	}
+	return ib.page.Mouse().Up(playwright.MouseUpOptions{Button: btn})
+}
+
+func (ib *interactiveBrowser) MouseMove(x, y float64, steps ...int) error {
+	var opts playwright.MouseMoveOptions
+	if len(steps) > 0 && steps[0] > 1 {
+		opts.Steps = playwright.Int(steps[0])
+	}
+	return ib.page.Mouse().Move(x, y, opts)
 }
 
 func (ib *interactiveBrowser) MouseWheel(deltaX, deltaY float64) error {
@@ -194,13 +256,26 @@ func (ib *interactiveBrowser) Cookies() ([]Cookie, error) {
 	return cookies, nil
 }
 
+func (ib *interactiveBrowser) SetDefaultTimeout(timeout time.Duration) {
+	ms := float64(timeout.Milliseconds())
+	ib.page.SetDefaultTimeout(ms)
+	ib.page.SetDefaultNavigationTimeout(ms)
+	ib.ctx.SetDefaultTimeout(ms)
+	ib.ctx.SetDefaultNavigationTimeout(ms)
+}
+
 func (ib *interactiveBrowser) Close() error {
+	if ib.detached {
+		return nil
+	}
+
 	var errs []error
 	if ib.page != nil {
 		if err := ib.page.Close(); err != nil {
 			errs = append(errs, err)
 		}
 	}
+	if ib.ownsInfrastructure {
 		if ib.ctx != nil {
 			if err := ib.ctx.Close(); err != nil {
 				errs = append(errs, err)
@@ -216,6 +291,7 @@ func (ib *interactiveBrowser) Close() error {
 				errs = append(errs, err)
 			}
 		}
+	}
 	if len(errs) > 0 {
 		return fmt.Errorf("errors during close: %v", errs)
 	}

node.go

@@ -29,7 +29,7 @@ type node struct {
 }
 
 func (n node) Type(input string) error {
-	return n.locator.Type(input)
+	return n.locator.PressSequentially(input)
 }
 
 func (n node) Click() error {

playwright.go

@@ -36,8 +36,14 @@ const (
 	BrowserWebKit   BrowserSelection = "webkit"
 )
 
-// DefaultUserAgent is the user-agent string used by all browser instances.
-const DefaultUserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:147.0) Gecko/20100101 Firefox/147.0"
+// DefaultFirefoxUserAgent is the user-agent string used for Firefox browser instances.
+const DefaultFirefoxUserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:147.0) Gecko/20100101 Firefox/147.0"
+
+// DefaultChromiumUserAgent is the user-agent string used for Chromium browser instances.
+const DefaultChromiumUserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
+
+// DefaultUserAgent is an alias for DefaultFirefoxUserAgent, retained for backward compatibility.
+const DefaultUserAgent = DefaultFirefoxUserAgent
 
 // Bool returns a pointer to the given bool value.
 func Bool(v bool) *bool { return &v }
@@ -47,7 +53,7 @@ type Size struct {
 	Height int
 }
 type BrowserOptions struct {
-	UserAgent string                     // If empty, defaults to DefaultUserAgent
+	UserAgent string                     // If empty, auto-selected based on Browser engine
 	Browser   BrowserSelection // If unset defaults to Firefox.
 	Timeout   *time.Duration             // If unset defaults to 30 seconds timeout.  If set to 0, no timeout
 
@@ -116,12 +122,18 @@ func playwrightSameSiteToSameSite(s *playwright.SameSiteAttribute) SameSite {
 }
 
 func cookieToPlaywrightOptionalCookie(cookie Cookie) playwright.OptionalCookie {
+	expires := float64(cookie.Expires.Unix())
+	if cookie.Expires.IsZero() || expires <= 0 {
+		expires = -1
+	}
+
 	oc := playwright.OptionalCookie{
 		Name:     cookie.Name,
 		Value:    cookie.Value,
 		Domain:   playwright.String(cookie.Host),
 		Path:     playwright.String(cookie.Path),
-		Expires:  playwright.Float(float64(cookie.Expires.Unix())),
+		Expires:  playwright.Float(expires),
+		Secure:   playwright.Bool(cookie.Secure),
 		HttpOnly: playwright.Bool(cookie.HttpOnly),
 	}
 	if cookie.SameSite != "" {
@@ -137,6 +149,7 @@ func playwrightCookieToCookie(cookie playwright.Cookie) Cookie {
 		Host:     cookie.Domain,
 		Path:     cookie.Path,
 		Expires:  time.Unix(int64(cookie.Expires), 0),
+		Secure:   cookie.Secure,
 		HttpOnly: cookie.HttpOnly,
 		SameSite: playwrightSameSiteToSameSite(cookie.SameSite),
 	}
@@ -145,10 +158,13 @@ func playwrightCookieToCookie(cookie playwright.Cookie) Cookie {
 func NewBrowser(ctx context.Context, opts ...BrowserOptions) (Browser, error) {
 	var thirtySeconds = 30 * time.Second
 	opt := mergeOptions(BrowserOptions{
-		UserAgent: DefaultUserAgent,
 		Browser: BrowserFirefox,
 		Timeout: &thirtySeconds,
 		Stealth: Bool(true),
+		Dimensions: Size{
+			Width:  1920,
+			Height: 1080,
+		},
 	}, opts)
 
 	if err := ctx.Err(); err != nil {
@@ -184,6 +200,12 @@ func NewBrowser(ctx context.Context, opts ...BrowserOptions) (Browser, error) {
 
 	select {
 	case <-ctx.Done():
+		go func() {
+			r := <-resultCh
+			if r.err == nil && r.browser != nil {
+				_ = r.browser.Close()
+			}
+		}()
 		return nil, ctx.Err()
 	case result := <-resultCh:
 		return result.browser, result.err
@@ -197,11 +219,35 @@ func (b playWrightBrowser) updateCookies(_ context.Context, page playwright.Page
 			return fmt.Errorf("error getting cookies from browser: %w", err)
 		}
 
+		// Build a lookup of existing cookies so we can preserve their security
+		// attributes. Chromium's Cookies() API can lose or normalize Secure,
+		// SameSite, and HttpOnly during the AddCookies → navigate → Cookies()
+		// round-trip, so we only update Value and Expires for cookies that
+		// already exist in the jar.
+		existing, err := b.cookieJar.Get(page.URL())
+		if err != nil {
+			return fmt.Errorf("error getting existing cookies from jar: %w", err)
+		}
+		type cookieKey struct{ Name, Path string }
+		existingMap := make(map[cookieKey]Cookie, len(existing))
+		for _, c := range existing {
+			existingMap[cookieKey{c.Name, c.Path}] = c
+		}
+
 		for _, cookie := range cookies {
 			// TODO: add support for deleting cookies from the jar which are deleted in the browser
-			err = b.cookieJar.Set(playwrightCookieToCookie(cookie))
+			c := playwrightCookieToCookie(cookie)
 
-			if err != nil {
+			if prev, ok := existingMap[cookieKey{c.Name, c.Path}]; ok {
+				// Preserve the original security attributes; only update
+				// Value and Expires which are the fields that legitimately
+				// change during navigation.
+				c.Secure = prev.Secure
+				c.HttpOnly = prev.HttpOnly
+				c.SameSite = prev.SameSite
+			}
+
+			if err = b.cookieJar.Set(c); err != nil {
 				return fmt.Errorf("error setting cookie in cookie jar: %w", err)
 			}
 		}
@@ -231,6 +277,7 @@ func (b playWrightBrowser) openPage(_ context.Context, target string, opts OpenP
 
 	resp, err := page.Goto(target, pwOpts)
 	if err != nil {
+		_ = page.Close()
 		return nil, err
 	}
 
@@ -266,8 +313,8 @@ func (b playWrightBrowser) Open(ctx context.Context, url string, opts OpenPageOp
 
 func (b playWrightBrowser) Close() error {
 	return errors.Join(
-		b.browser.Close(),
 		b.ctx.Close(),
+		b.browser.Close(),
 		b.pw.Stop(),
 	)
 }

playwright_test.go

@@ -0,0 +1,138 @@
+package extractor
+
+import (
+	"testing"
+	"time"
+
+	"github.com/playwright-community/playwright-go"
+)
+
+func TestPlaywrightCookieToCookie_AllFields(t *testing.T) {
+	pwCookie := playwright.Cookie{
+		Name:     "session",
+		Value:    "abc123",
+		Domain:   ".example.com",
+		Path:     "/app",
+		Expires:  1700000000,
+		Secure:   true,
+		HttpOnly: true,
+		SameSite: playwright.SameSiteAttributeStrict,
+	}
+
+	c := playwrightCookieToCookie(pwCookie)
+
+	if c.Name != "session" {
+		t.Errorf("Name = %q, want %q", c.Name, "session")
+	}
+	if c.Value != "abc123" {
+		t.Errorf("Value = %q, want %q", c.Value, "abc123")
+	}
+	if c.Host != ".example.com" {
+		t.Errorf("Host = %q, want %q", c.Host, ".example.com")
+	}
+	if c.Path != "/app" {
+		t.Errorf("Path = %q, want %q", c.Path, "/app")
+	}
+	if c.Expires != time.Unix(1700000000, 0) {
+		t.Errorf("Expires = %v, want %v", c.Expires, time.Unix(1700000000, 0))
+	}
+	if !c.Secure {
+		t.Error("Secure = false, want true")
+	}
+	if !c.HttpOnly {
+		t.Error("HttpOnly = false, want true")
+	}
+	if c.SameSite != SameSiteStrict {
+		t.Errorf("SameSite = %q, want %q", c.SameSite, SameSiteStrict)
+	}
+}
+
+func TestPlaywrightCookieToCookie_SecureFalse(t *testing.T) {
+	pwCookie := playwright.Cookie{
+		Name:   "tracking",
+		Value:  "xyz",
+		Domain: "example.com",
+		Path:   "/",
+		Secure: false,
+	}
+
+	c := playwrightCookieToCookie(pwCookie)
+
+	if c.Secure {
+		t.Error("Secure = true, want false")
+	}
+}
+
+func TestCookieToPlaywrightOptionalCookie_AllFields(t *testing.T) {
+	c := Cookie{
+		Name:     "__Secure-ID",
+		Value:    "token123",
+		Host:     ".example.com",
+		Path:     "/secure",
+		Expires:  time.Unix(1700000000, 0),
+		Secure:   true,
+		HttpOnly: true,
+		SameSite: SameSiteLax,
+	}
+
+	oc := cookieToPlaywrightOptionalCookie(c)
+
+	if oc.Name != "__Secure-ID" {
+		t.Errorf("Name = %q, want %q", oc.Name, "__Secure-ID")
+	}
+	if oc.Value != "token123" {
+		t.Errorf("Value = %q, want %q", oc.Value, "token123")
+	}
+	if oc.Domain == nil || *oc.Domain != ".example.com" {
+		t.Errorf("Domain = %v, want %q", oc.Domain, ".example.com")
+	}
+	if oc.Path == nil || *oc.Path != "/secure" {
+		t.Errorf("Path = %v, want %q", oc.Path, "/secure")
+	}
+	if oc.Expires == nil || *oc.Expires != 1700000000 {
+		t.Errorf("Expires = %v, want %v", oc.Expires, 1700000000)
+	}
+	if oc.Secure == nil || !*oc.Secure {
+		t.Error("Secure = nil or false, want *true")
+	}
+	if oc.HttpOnly == nil || !*oc.HttpOnly {
+		t.Error("HttpOnly = nil or false, want *true")
+	}
+	if oc.SameSite == nil || *oc.SameSite != *playwright.SameSiteAttributeLax {
+		t.Errorf("SameSite = %v, want Lax", oc.SameSite)
+	}
+}
+
+func TestCookieToPlaywrightOptionalCookie_SecureFalse(t *testing.T) {
+	c := Cookie{
+		Name:   "tracker",
+		Value:  "v",
+		Host:   "example.com",
+		Path:   "/",
+		Secure: false,
+	}
+
+	oc := cookieToPlaywrightOptionalCookie(c)
+
+	if oc.Secure == nil {
+		t.Fatal("Secure = nil, want *false")
+	}
+	if *oc.Secure {
+		t.Error("Secure = *true, want *false")
+	}
+}
+
+func TestCookieToPlaywrightOptionalCookie_NoSameSite(t *testing.T) {
+	c := Cookie{
+		Name:  "basic",
+		Value: "val",
+		Host:  "example.com",
+		Path:  "/",
+	}
+
+	oc := cookieToPlaywrightOptionalCookie(c)
+
+	if oc.SameSite != nil {
+		t.Errorf("SameSite = %v, want nil", oc.SameSite)
+	}
+}

promote.go

@@ -0,0 +1,65 @@
+package extractor
+
+import "errors"
+
+// ErrNotPromotable is returned when a Document cannot be promoted to an InteractiveBrowser.
+// This happens when the Document is not backed by a Playwright page (e.g. a mock or custom implementation).
+var ErrNotPromotable = errors.New("document is not promotable to InteractiveBrowser")
+
+// ErrNotDemotable is returned when an InteractiveBrowser cannot be demoted to a Document.
+// This happens when the InteractiveBrowser is not backed by a Playwright page.
+var ErrNotDemotable = errors.New("interactive browser is not demotable to Document")
+
+// ErrAlreadyDetached is returned when attempting to promote or demote an object that has
+// already been transferred. Each Document or InteractiveBrowser can only be promoted/demoted once.
+var ErrAlreadyDetached = errors.New("already detached")
+
+// PromoteToInteractive transfers ownership of the underlying Playwright page from a Document
+// to a new InteractiveBrowser. After promotion, the Document's Close method becomes a no-op
+// (the page is now owned by the returned InteractiveBrowser).
+//
+// The caller must keep the original Browser alive while the promoted InteractiveBrowser is in use,
+// since the Browser still owns the Playwright process and browser instance.
+//
+// Returns ErrNotPromotable if the Document is not backed by a Playwright page,
+// or ErrAlreadyDetached if the Document was already promoted.
+func PromoteToInteractive(doc Document) (InteractiveBrowser, error) {
+	d, ok := doc.(*document)
+	if !ok {
+		return nil, ErrNotPromotable
+	}
+
+	if d.detached {
+		return nil, ErrAlreadyDetached
+	}
+
+	d.detached = true
+
+	return &interactiveBrowser{
+		pw:      d.pw,
+		browser: d.browser,
+		ctx:     d.page.Context(),
+		page:    d.page,
+	}, nil
+}
+
+// DemoteToDocument transfers ownership of the underlying Playwright page from an
+// InteractiveBrowser back to a new Document. After demotion, the InteractiveBrowser's
+// Close method becomes a no-op (the page is now owned by the returned Document).
+//
+// Returns ErrNotDemotable if the InteractiveBrowser is not backed by a Playwright page,
+// or ErrAlreadyDetached if the InteractiveBrowser was already demoted.
+func DemoteToDocument(ib InteractiveBrowser) (Document, error) {
+	b, ok := ib.(*interactiveBrowser)
+	if !ok {
+		return nil, ErrNotDemotable
+	}
+
+	if b.detached {
+		return nil, ErrAlreadyDetached
+	}
+
+	b.detached = true
+
+	return newDocument(b.pw, b.browser, b.page)
+}

promote_test.go

@@ -0,0 +1,59 @@
+package extractor
+
+import (
+	"errors"
+	"testing"
+	"time"
+)
+
+// mockInteractiveBrowser implements InteractiveBrowser for testing without Playwright.
+type mockInteractiveBrowser struct{}
+
+func (m mockInteractiveBrowser) Navigate(string) (string, error)        { return "", nil }
+func (m mockInteractiveBrowser) GoBack() (string, error)                { return "", nil }
+func (m mockInteractiveBrowser) GoForward() (string, error)             { return "", nil }
+func (m mockInteractiveBrowser) URL() string                            { return "" }
+func (m mockInteractiveBrowser) MouseClick(float64, float64, string) error { return nil }
+func (m mockInteractiveBrowser) MouseDown(float64, float64, string) error  { return nil }
+func (m mockInteractiveBrowser) MouseUp(float64, float64, string) error    { return nil }
+func (m mockInteractiveBrowser) MouseMove(float64, float64, ...int) error  { return nil }
+func (m mockInteractiveBrowser) MouseWheel(float64, float64) error      { return nil }
+func (m mockInteractiveBrowser) KeyboardType(string) error              { return nil }
+func (m mockInteractiveBrowser) KeyboardPress(string) error             { return nil }
+func (m mockInteractiveBrowser) KeyboardInsertText(string) error        { return nil }
+func (m mockInteractiveBrowser) Screenshot(int) ([]byte, error)         { return nil, nil }
+func (m mockInteractiveBrowser) Cookies() ([]Cookie, error)             { return nil, nil }
+func (m mockInteractiveBrowser) SetDefaultTimeout(time.Duration)        {}
+func (m mockInteractiveBrowser) Close() error                           { return nil }
+
+func TestPromoteToInteractive_NonPromotable(t *testing.T) {
+	doc := &mockDocument{}
+	_, err := PromoteToInteractive(doc)
+	if !errors.Is(err, ErrNotPromotable) {
+		t.Fatalf("expected ErrNotPromotable, got: %v", err)
+	}
+}
+
+func TestPromoteToInteractive_AlreadyDetached(t *testing.T) {
+	d := &document{detached: true}
+	_, err := PromoteToInteractive(d)
+	if !errors.Is(err, ErrAlreadyDetached) {
+		t.Fatalf("expected ErrAlreadyDetached, got: %v", err)
+	}
+}
+
+func TestDemoteToDocument_NonDemotable(t *testing.T) {
+	ib := &mockInteractiveBrowser{}
+	_, err := DemoteToDocument(ib)
+	if !errors.Is(err, ErrNotDemotable) {
+		t.Fatalf("expected ErrNotDemotable, got: %v", err)
+	}
+}
+
+func TestDemoteToDocument_AlreadyDetached(t *testing.T) {
+	ib := &interactiveBrowser{detached: true}
+	_, err := DemoteToDocument(ib)
+	if !errors.Is(err, ErrAlreadyDetached) {
+		t.Fatalf("expected ErrAlreadyDetached, got: %v", err)
+	}
+}

sites/pizzint/cmd/pizzint/main.go

@@ -0,0 +1,205 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log/slog"
+	"net/http"
+	"os"
+	"sync"
+	"time"
+
+	"github.com/urfave/cli/v3"
+
+	"gitea.stevedudenhoeffer.com/steve/go-extractor"
+	"gitea.stevedudenhoeffer.com/steve/go-extractor/cmd/browser/pkg/browser"
+	"gitea.stevedudenhoeffer.com/steve/go-extractor/sites/pizzint"
+)
+
+func main() {
+	var flags []cli.Flag
+	flags = append(flags, browser.Flags...)
+	flags = append(flags,
+		&cli.BoolFlag{
+			Name:  "serve",
+			Usage: "Start an HTTP server instead of printing once",
+		},
+		&cli.StringFlag{
+			Name:        "port",
+			Aliases:     []string{"p"},
+			Usage:       "Port for the HTTP server",
+			DefaultText: "8080",
+		},
+		&cli.StringFlag{
+			Name:        "cache-ttl",
+			Usage:       "How long to cache results (e.g. 5m, 1h)",
+			DefaultText: "5m",
+		},
+	)
+
+	app := &cli.Command{
+		Name:  "pizzint",
+		Usage: "Pentagon Pizza Index — DOUGHCON status tracker",
+		Flags: flags,
+		Action: func(ctx context.Context, cmd *cli.Command) error {
+			if cmd.Bool("serve") {
+				return runServer(ctx, cmd)
+			}
+			return runOnce(ctx, cmd)
+		},
+	}
+
+	if err := app.Run(context.Background(), os.Args); err != nil {
+		fmt.Fprintf(os.Stderr, "error: %v\n", err)
+		os.Exit(1)
+	}
+}
+
+func runOnce(ctx context.Context, cmd *cli.Command) error {
+	b, err := browser.FromCommand(ctx, cmd)
+	if err != nil {
+		return fmt.Errorf("failed to create browser: %w", err)
+	}
+	defer extractor.DeferClose(b)
+
+	status, err := pizzint.GetStatus(ctx, b)
+	if err != nil {
+		return fmt.Errorf("failed to get pizza status: %w", err)
+	}
+
+	out, err := json.MarshalIndent(status, "", "  ")
+	if err != nil {
+		return fmt.Errorf("failed to marshal status: %w", err)
+	}
+
+	fmt.Println(string(out))
+	return nil
+}
+
+func runServer(ctx context.Context, cmd *cli.Command) error {
+	port := cmd.String("port")
+	if port == "" {
+		port = "8080"
+	}
+
+	cacheTTL := 5 * time.Minute
+	if ttlStr := cmd.String("cache-ttl"); ttlStr != "" {
+		d, err := time.ParseDuration(ttlStr)
+		if err != nil {
+			return fmt.Errorf("invalid cache-ttl %q: %w", ttlStr, err)
+		}
+		cacheTTL = d
+	}
+
+	srv := &statusServer{
+		cmd:      cmd,
+		cacheTTL: cacheTTL,
+	}
+
+	mux := http.NewServeMux()
+	mux.HandleFunc("GET /status", srv.handleStatus)
+	mux.HandleFunc("GET /", srv.handleIndex)
+
+	addr := ":" + port
+	slog.Info("starting pizza status server", "addr", addr, "cache_ttl", cacheTTL)
+	fmt.Fprintf(os.Stderr, "Pizza status server listening on http://localhost%s\n", addr)
+	fmt.Fprintf(os.Stderr, "  GET /status  — JSON pizza status\n")
+	fmt.Fprintf(os.Stderr, "  GET /        — human-readable status\n")
+
+	httpSrv := &http.Server{Addr: addr, Handler: mux}
+
+	go func() {
+		<-ctx.Done()
+		shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+		defer cancel()
+		_ = httpSrv.Shutdown(shutdownCtx)
+	}()
+
+	if err := httpSrv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+		return fmt.Errorf("server error: %w", err)
+	}
+	return nil
+}
+
+type statusServer struct {
+	cmd      *cli.Command
+	cacheTTL time.Duration
+
+	mu     sync.Mutex
+	cached *pizzint.PizzaStatus
+}
+
+func (s *statusServer) fetch(ctx context.Context) (*pizzint.PizzaStatus, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	if s.cached != nil && time.Since(s.cached.FetchedAt) < s.cacheTTL {
+		return s.cached, nil
+	}
+
+	b, err := browser.FromCommand(ctx, s.cmd)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create browser: %w", err)
+	}
+	defer extractor.DeferClose(b)
+
+	status, err := pizzint.GetStatus(ctx, b)
+	if err != nil {
+		return nil, err
+	}
+
+	s.cached = status
+	return status, nil
+}
+
+func (s *statusServer) handleStatus(w http.ResponseWriter, r *http.Request) {
+	status, err := s.fetch(r.Context())
+	if err != nil {
+		slog.Error("failed to fetch pizza status", "err", err)
+		http.Error(w, `{"error": "failed to fetch pizza status"}`, http.StatusServiceUnavailable)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.Header().Set("Cache-Control", fmt.Sprintf("public, max-age=%d", int(s.cacheTTL.Seconds())))
+
+	enc := json.NewEncoder(w)
+	enc.SetIndent("", "  ")
+	if err := enc.Encode(status); err != nil {
+		slog.Error("failed to encode response", "err", err)
+	}
+}
+
+func (s *statusServer) handleIndex(w http.ResponseWriter, r *http.Request) {
+	status, err := s.fetch(r.Context())
+	if err != nil {
+		slog.Error("failed to fetch pizza status", "err", err)
+		http.Error(w, "Failed to fetch pizza status", http.StatusServiceUnavailable)
+		return
+	}
+
+	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+
+	fmt.Fprintf(w, "=== PENTAGON PIZZA INDEX ===\n\n")
+	fmt.Fprintf(w, "  %s\n", status.DoughconLevel)
+	fmt.Fprintf(w, "  Overall Index: %d/100\n\n", status.OverallIndex)
+
+	fmt.Fprintf(w, "--- Monitored Locations ---\n\n")
+	for _, r := range status.Restaurants {
+		fmt.Fprintf(w, "  %-30s  %s", r.Name, r.Status())
+		if r.CurrentPopularity > 0 {
+			fmt.Fprintf(w, "  (popularity: %d)", r.CurrentPopularity)
+		}
+		fmt.Fprintln(w)
+	}
+
+	if len(status.Events) > 0 {
+		fmt.Fprintf(w, "\n--- Active Events ---\n\n")
+		for _, e := range status.Events {
+			fmt.Fprintf(w, "  %s (%d min ago)\n", e.Name, e.MinutesAgo)
+		}
+	}
+
+	fmt.Fprintf(w, "\nFetched: %s\n", status.FetchedAt.Format(time.RFC3339))
+}

sites/pizzint/pizzint.go

@@ -0,0 +1,273 @@
+package pizzint
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log/slog"
+	"strings"
+	"time"
+
+	"gitea.stevedudenhoeffer.com/steve/go-extractor"
+)
+
+const dashboardAPIURL = "https://www.pizzint.watch/api/dashboard-data"
+
+// DoughconLevel represents the DOUGHCON threat level (modeled after DEFCON).
+// Lower numbers indicate higher activity.
+type DoughconLevel int
+
+const (
+	DoughconMaximum  DoughconLevel = 1 // Maximum Alert
+	DoughconHigh     DoughconLevel = 2 // High Activity
+	DoughconElevated DoughconLevel = 3 // Elevated Activity
+	DoughconWatch    DoughconLevel = 4 // Increased Intelligence Watch
+	DoughconQuiet    DoughconLevel = 5 // All Quiet
+)
+
+func (d DoughconLevel) String() string {
+	switch d {
+	case DoughconQuiet:
+		return "DOUGHCON 5 - ALL QUIET"
+	case DoughconWatch:
+		return "DOUGHCON 4 - DOUBLE TAKE"
+	case DoughconElevated:
+		return "DOUGHCON 3 - ELEVATED"
+	case DoughconHigh:
+		return "DOUGHCON 2 - HIGH ACTIVITY"
+	case DoughconMaximum:
+		return "DOUGHCON 1 - MAXIMUM ALERT"
+	default:
+		return fmt.Sprintf("DOUGHCON %d", d)
+	}
+}
+
+// Label returns a short label for the DOUGHCON level.
+func (d DoughconLevel) Label() string {
+	switch d {
+	case DoughconQuiet:
+		return "ALL QUIET"
+	case DoughconWatch:
+		return "DOUBLE TAKE"
+	case DoughconElevated:
+		return "ELEVATED"
+	case DoughconHigh:
+		return "HIGH ACTIVITY"
+	case DoughconMaximum:
+		return "MAXIMUM ALERT"
+	default:
+		return "UNKNOWN"
+	}
+}
+
+// Restaurant represents a monitored pizza restaurant near the Pentagon.
+type Restaurant struct {
+	Name              string  `json:"name"`
+	CurrentPopularity int     `json:"current_popularity"`
+	PercentOfUsual    *int    `json:"percent_of_usual,omitempty"`
+	IsSpike           bool    `json:"is_spike"`
+	SpikeMagnitude    string  `json:"spike_magnitude,omitempty"`
+	IsClosed          bool    `json:"is_closed"`
+	DataFreshness     string  `json:"data_freshness"`
+}
+
+// Status returns a human-readable status string like "QUIET", "CLOSED", or "139% SPIKE".
+func (r Restaurant) Status() string {
+	if r.IsClosed {
+		return "CLOSED"
+	}
+	if r.IsSpike && r.PercentOfUsual != nil {
+		return fmt.Sprintf("%d%% SPIKE", *r.PercentOfUsual)
+	}
+	if r.IsSpike {
+		return "SPIKE"
+	}
+	return "QUIET"
+}
+
+// Event represents a detected spike event at a monitored location.
+type Event struct {
+	Name       string `json:"name"`
+	MinutesAgo int    `json:"minutes_ago"`
+}
+
+// PizzaStatus is the top-level result from the PizzINT dashboard.
+type PizzaStatus struct {
+	DoughconLevel DoughconLevel `json:"doughcon_level"`
+	DoughconLabel string        `json:"doughcon_label"`
+	OverallIndex  int           `json:"overall_index"`
+	Restaurants   []Restaurant  `json:"restaurants"`
+	Events        []Event       `json:"events,omitempty"`
+	FetchedAt     time.Time     `json:"fetched_at"`
+}
+
+// Config holds configuration for the PizzINT extractor.
+type Config struct{}
+
+// DefaultConfig is the default PizzINT configuration.
+var DefaultConfig = Config{}
+
+func (c Config) validate() Config {
+	return c
+}
+
+// GetStatus fetches the current pizza activity status from the PizzINT dashboard.
+func (c Config) GetStatus(ctx context.Context, b extractor.Browser) (*PizzaStatus, error) {
+	c = c.validate()
+
+	slog.Info("fetching pizza status", "url", dashboardAPIURL)
+	doc, err := b.Open(ctx, dashboardAPIURL, extractor.OpenPageOptions{})
+	if err != nil {
+		return nil, fmt.Errorf("failed to open pizzint API: %w", err)
+	}
+	defer extractor.DeferClose(doc)
+
+	return extractStatus(doc)
+}
+
+// GetStatus is a convenience function using DefaultConfig.
+func GetStatus(ctx context.Context, b extractor.Browser) (*PizzaStatus, error) {
+	return DefaultConfig.GetStatus(ctx, b)
+}
+
+func extractStatus(doc extractor.Document) (*PizzaStatus, error) {
+	// The browser renders the JSON API response as text in the page body.
+	// doc.Text() returns InnerText of the html element, which should
+	// contain the raw JSON (possibly with extra browser UI text).
+	body, err := doc.Text()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get page text: %w", err)
+	}
+
+	jsonStr, err := findJSON(body)
+	if err != nil {
+		// Fall back to Content() which returns the full HTML — the JSON
+		// will be embedded in it (e.g. inside a <pre> tag in Chromium).
+		html, herr := doc.Content()
+		if herr != nil {
+			return nil, fmt.Errorf("failed to extract JSON from text (%w) and failed to get HTML: %w", err, herr)
+		}
+		jsonStr, err = findJSON(html)
+		if err != nil {
+			return nil, fmt.Errorf("no valid JSON found in API response: %w", err)
+		}
+	}
+
+	var resp dashboardResponse
+	if err := json.Unmarshal([]byte(jsonStr), &resp); err != nil {
+		return nil, fmt.Errorf("failed to parse dashboard response: %w", err)
+	}
+
+	if !resp.Success {
+		return nil, fmt.Errorf("API returned success=false")
+	}
+
+	return resp.toPizzaStatus(), nil
+}
+
+// findJSON extracts a JSON object from a string by matching braces.
+func findJSON(s string) (string, error) {
+	start := strings.Index(s, "{")
+	if start == -1 {
+		return "", fmt.Errorf("no opening brace found")
+	}
+
+	depth := 0
+	inString := false
+	escape := false
+
+	for i := start; i < len(s); i++ {
+		ch := s[i]
+
+		if escape {
+			escape = false
+			continue
+		}
+
+		if ch == '\\' && inString {
+			escape = true
+			continue
+		}
+
+		if ch == '"' {
+			inString = !inString
+			continue
+		}
+
+		if inString {
+			continue
+		}
+
+		switch ch {
+		case '{':
+			depth++
+		case '}':
+			depth--
+			if depth == 0 {
+				return s[start : i+1], nil
+			}
+		}
+	}
+
+	return "", fmt.Errorf("no matching closing brace found")
+}
+
+// dashboardResponse is the raw API response from /api/dashboard-data.
+type dashboardResponse struct {
+	Success      bool                  `json:"success"`
+	OverallIndex int                   `json:"overall_index"`
+	DefconLevel  int                   `json:"defcon_level"`
+	Data         []dashboardRestaurant `json:"data"`
+	Events       []dashboardEvent      `json:"events"`
+}
+
+type dashboardRestaurant struct {
+	PlaceID           string  `json:"place_id"`
+	Name              string  `json:"name"`
+	Address           string  `json:"address"`
+	CurrentPopularity int     `json:"current_popularity"`
+	PercentageOfUsual *int    `json:"percentage_of_usual"`
+	IsSpike           bool    `json:"is_spike"`
+	SpikeMagnitude    *string `json:"spike_magnitude"`
+	DataSource        string  `json:"data_source"`
+	DataFreshness     string  `json:"data_freshness"`
+	IsClosedNow       bool    `json:"is_closed_now"`
+}
+
+type dashboardEvent struct {
+	Name       string `json:"name"`
+	MinutesAgo int    `json:"minutes_ago"`
+}
+
+func (r dashboardResponse) toPizzaStatus() *PizzaStatus {
+	status := &PizzaStatus{
+		DoughconLevel: DoughconLevel(r.DefconLevel),
+		OverallIndex:  r.OverallIndex,
+		FetchedAt:     time.Now(),
+	}
+	status.DoughconLabel = status.DoughconLevel.Label()
+
+	for _, d := range r.Data {
+		rest := Restaurant{
+			Name:              d.Name,
+			CurrentPopularity: d.CurrentPopularity,
+			PercentOfUsual:    d.PercentageOfUsual,
+			IsSpike:           d.IsSpike,
+			IsClosed:          d.IsClosedNow,
+			DataFreshness:     d.DataFreshness,
+		}
+		if d.SpikeMagnitude != nil {
+			rest.SpikeMagnitude = *d.SpikeMagnitude
+		}
+		status.Restaurants = append(status.Restaurants, rest)
+	}
+
+	for _, e := range r.Events {
+		status.Events = append(status.Events, Event{
+			Name:       e.Name,
+			MinutesAgo: e.MinutesAgo,
+		})
+	}
+
+	return status
+}

sites/pizzint/pizzint_test.go

@@ -0,0 +1,306 @@
+package pizzint
+
+import (
+	"context"
+	"testing"
+
+	"gitea.stevedudenhoeffer.com/steve/go-extractor/extractortest"
+)
+
+const sampleAPIResponse = `{
+  "success": true,
+  "overall_index": 42,
+  "defcon_level": 3,
+  "data": [
+    {
+      "place_id": "abc123",
+      "name": "DOMINO'S PIZZA",
+      "address": "https://maps.google.com/test",
+      "current_popularity": 15,
+      "percentage_of_usual": null,
+      "is_spike": false,
+      "spike_magnitude": null,
+      "data_source": "live",
+      "data_freshness": "fresh",
+      "is_closed_now": false
+    },
+    {
+      "place_id": "def456",
+      "name": "EXTREME PIZZA",
+      "address": "https://maps.google.com/test2",
+      "current_popularity": 0,
+      "percentage_of_usual": null,
+      "is_spike": false,
+      "spike_magnitude": null,
+      "data_source": "live",
+      "data_freshness": "stale",
+      "is_closed_now": true
+    },
+    {
+      "place_id": "ghi789",
+      "name": "PIZZATO PIZZA",
+      "address": "https://maps.google.com/test3",
+      "current_popularity": 85,
+      "percentage_of_usual": 239,
+      "is_spike": true,
+      "spike_magnitude": "EXTREME",
+      "data_source": "live",
+      "data_freshness": "fresh",
+      "is_closed_now": false
+    }
+  ],
+  "events": [
+    {
+      "name": "PIZZATO PIZZA",
+      "minutes_ago": 5
+    }
+  ]
+}`
+
+func TestExtractStatus(t *testing.T) {
+	doc := &extractortest.MockDocument{
+		URLValue: dashboardAPIURL,
+		MockNode: extractortest.MockNode{
+			TextValue: sampleAPIResponse,
+		},
+	}
+
+	status, err := extractStatus(doc)
+	if err != nil {
+		t.Fatalf("extractStatus returned error: %v", err)
+	}
+
+	if status.DoughconLevel != DoughconElevated {
+		t.Errorf("DoughconLevel = %d, want %d", status.DoughconLevel, DoughconElevated)
+	}
+
+	if status.OverallIndex != 42 {
+		t.Errorf("OverallIndex = %d, want 42", status.OverallIndex)
+	}
+
+	if status.DoughconLabel != "ELEVATED" {
+		t.Errorf("DoughconLabel = %q, want %q", status.DoughconLabel, "ELEVATED")
+	}
+
+	if len(status.Restaurants) != 3 {
+		t.Fatalf("len(Restaurants) = %d, want 3", len(status.Restaurants))
+	}
+
+	// First restaurant: quiet
+	r0 := status.Restaurants[0]
+	if r0.Name != "DOMINO'S PIZZA" {
+		t.Errorf("Restaurants[0].Name = %q, want %q", r0.Name, "DOMINO'S PIZZA")
+	}
+	if r0.Status() != "QUIET" {
+		t.Errorf("Restaurants[0].Status() = %q, want %q", r0.Status(), "QUIET")
+	}
+	if r0.CurrentPopularity != 15 {
+		t.Errorf("Restaurants[0].CurrentPopularity = %d, want 15", r0.CurrentPopularity)
+	}
+
+	// Second restaurant: closed
+	r1 := status.Restaurants[1]
+	if r1.Status() != "CLOSED" {
+		t.Errorf("Restaurants[1].Status() = %q, want %q", r1.Status(), "CLOSED")
+	}
+	if !r1.IsClosed {
+		t.Error("Restaurants[1].IsClosed = false, want true")
+	}
+
+	// Third restaurant: spike
+	r2 := status.Restaurants[2]
+	if r2.Status() != "239% SPIKE" {
+		t.Errorf("Restaurants[2].Status() = %q, want %q", r2.Status(), "239% SPIKE")
+	}
+	if r2.SpikeMagnitude != "EXTREME" {
+		t.Errorf("Restaurants[2].SpikeMagnitude = %q, want %q", r2.SpikeMagnitude, "EXTREME")
+	}
+	if r2.CurrentPopularity != 85 {
+		t.Errorf("Restaurants[2].CurrentPopularity = %d, want 85", r2.CurrentPopularity)
+	}
+
+	// Events
+	if len(status.Events) != 1 {
+		t.Fatalf("len(Events) = %d, want 1", len(status.Events))
+	}
+	if status.Events[0].Name != "PIZZATO PIZZA" {
+		t.Errorf("Events[0].Name = %q, want %q", status.Events[0].Name, "PIZZATO PIZZA")
+	}
+	if status.Events[0].MinutesAgo != 5 {
+		t.Errorf("Events[0].MinutesAgo = %d, want 5", status.Events[0].MinutesAgo)
+	}
+}
+
+func TestExtractStatusFromHTML(t *testing.T) {
+	// Simulate Chromium wrapping JSON in a <pre> tag. doc.Text() returns
+	// the InnerText which may include the JSON, but Content() returns the
+	// raw HTML with the JSON inside <pre>.
+	htmlWrapped := `<html><head></head><body><pre style="word-wrap: break-word;">` + sampleAPIResponse + `</pre></body></html>`
+
+	doc := &extractortest.MockDocument{
+		URLValue: dashboardAPIURL,
+		MockNode: extractortest.MockNode{
+			// Text() might fail or return garbage
+			TextValue: "",
+			// Content() returns the HTML
+			ContentValue: htmlWrapped,
+		},
+	}
+
+	status, err := extractStatus(doc)
+	if err != nil {
+		t.Fatalf("extractStatus returned error: %v", err)
+	}
+
+	if status.DoughconLevel != DoughconElevated {
+		t.Errorf("DoughconLevel = %d, want %d", status.DoughconLevel, DoughconElevated)
+	}
+
+	if len(status.Restaurants) != 3 {
+		t.Errorf("len(Restaurants) = %d, want 3", len(status.Restaurants))
+	}
+}
+
+func TestExtractStatusFailure(t *testing.T) {
+	doc := &extractortest.MockDocument{
+		URLValue: dashboardAPIURL,
+		MockNode: extractortest.MockNode{
+			TextValue:    `{"success": false}`,
+			ContentValue: `{"success": false}`,
+		},
+	}
+
+	_, err := extractStatus(doc)
+	if err == nil {
+		t.Fatal("expected error for success=false response")
+	}
+}
+
+func TestGetStatus(t *testing.T) {
+	mock := &extractortest.MockBrowser{
+		Documents: map[string]*extractortest.MockDocument{
+			dashboardAPIURL: {
+				URLValue: dashboardAPIURL,
+				MockNode: extractortest.MockNode{
+					TextValue: sampleAPIResponse,
+				},
+			},
+		},
+	}
+
+	status, err := GetStatus(context.Background(), mock)
+	if err != nil {
+		t.Fatalf("GetStatus returned error: %v", err)
+	}
+
+	if status.OverallIndex != 42 {
+		t.Errorf("OverallIndex = %d, want 42", status.OverallIndex)
+	}
+}
+
+func TestFindJSON(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   string
+		want    string
+		wantErr bool
+	}{
+		{
+			name:  "plain JSON",
+			input: `{"key": "value"}`,
+			want:  `{"key": "value"}`,
+		},
+		{
+			name:  "JSON in HTML",
+			input: `<html><pre>{"key": "value"}</pre></html>`,
+			want:  `{"key": "value"}`,
+		},
+		{
+			name:  "nested braces",
+			input: `{"a": {"b": "c"}}`,
+			want:  `{"a": {"b": "c"}}`,
+		},
+		{
+			name:  "braces in strings",
+			input: `{"a": "hello {world}"}`,
+			want:  `{"a": "hello {world}"}`,
+		},
+		{
+			name:  "escaped quotes",
+			input: `{"a": "he said \"hi\""}`,
+			want:  `{"a": "he said \"hi\""}`,
+		},
+		{
+			name:    "no JSON",
+			input:   "just some text",
+			wantErr: true,
+		},
+		{
+			name:    "empty string",
+			input:   "",
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := findJSON(tt.input)
+			if tt.wantErr {
+				if err == nil {
+					t.Error("expected error, got nil")
+				}
+				return
+			}
+			if err != nil {
+				t.Fatalf("unexpected error: %v", err)
+			}
+			if got != tt.want {
+				t.Errorf("findJSON() = %q, want %q", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestDoughconLevelString(t *testing.T) {
+	tests := []struct {
+		level DoughconLevel
+		want  string
+	}{
+		{DoughconQuiet, "DOUGHCON 5 - ALL QUIET"},
+		{DoughconWatch, "DOUGHCON 4 - DOUBLE TAKE"},
+		{DoughconElevated, "DOUGHCON 3 - ELEVATED"},
+		{DoughconHigh, "DOUGHCON 2 - HIGH ACTIVITY"},
+		{DoughconMaximum, "DOUGHCON 1 - MAXIMUM ALERT"},
+		{DoughconLevel(99), "DOUGHCON 99"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.want, func(t *testing.T) {
+			if got := tt.level.String(); got != tt.want {
+				t.Errorf("String() = %q, want %q", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestRestaurantStatus(t *testing.T) {
+	pct := 150
+	tests := []struct {
+		name string
+		r    Restaurant
+		want string
+	}{
+		{"quiet", Restaurant{Name: "Test"}, "QUIET"},
+		{"closed", Restaurant{IsClosed: true}, "CLOSED"},
+		{"spike with percent", Restaurant{IsSpike: true, PercentOfUsual: &pct}, "150% SPIKE"},
+		{"spike without percent", Restaurant{IsSpike: true}, "SPIKE"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := tt.r.Status(); got != tt.want {
+				t.Errorf("Status() = %q, want %q", got, tt.want)
+			}
+		})
+	}
+}

stealth.go

@@ -1,85 +1,26 @@
 package extractor
 
+import (
+	"fmt"
+	"math/rand/v2"
+)
+
 // stealthChromiumArgs are launch arguments that reduce automation detection for Chromium-based browsers.
 var stealthChromiumArgs = []string{
 	"--disable-blink-features=AutomationControlled",
 }
 
-// stealthInitScripts are JavaScript snippets injected before page scripts to mask automation signals.
-var stealthInitScripts = []string{
+// stealthCommonScripts are JavaScript snippets injected before page scripts on all browser engines.
+var stealthCommonScripts = []string{
 	// Override navigator.webdriver to return undefined (the real-browser value).
 	`Object.defineProperty(navigator, 'webdriver', {get: () => undefined})`,
 
-	// Populate navigator.plugins with a realistic entry so plugins.length > 0.
-	`Object.defineProperty(navigator, 'plugins', {
-		get: () => {
-			const arr = [
-				{ name: 'PDF Viewer', filename: 'internal-pdf-viewer', description: 'Portable Document Format' },
-				{ name: 'Chrome PDF Plugin', filename: 'internal-pdf-viewer', description: '' },
-				{ name: 'Chromium PDF Viewer', filename: 'internal-pdf-viewer', description: '' },
-			];
-			arr.item = (i) => arr[i] || null;
-			arr.namedItem = (n) => arr.find(p => p.name === n) || null;
-			arr.refresh = () => {};
-			return arr;
-		},
-	})`,
-
-	// Populate navigator.mimeTypes to match the fake plugins above.
-	`Object.defineProperty(navigator, 'mimeTypes', {
-		get: () => {
-			const arr = [
-				{ type: 'application/pdf', suffixes: 'pdf', description: 'Portable Document Format' },
-			];
-			arr.item = (i) => arr[i] || null;
-			arr.namedItem = (n) => arr.find(m => m.type === n) || null;
-			return arr;
-		},
-	})`,
-
-	// Provide window.chrome runtime stub (Chromium-only signal; harmless on other engines).
-	`if (!window.chrome) {
-		window.chrome = { runtime: {} };
-	}`,
-
 	// Fix outerWidth/outerHeight which are 0 in headless mode.
 	`if (window.outerWidth === 0) {
 		Object.defineProperty(window, 'outerWidth',  { get: () => window.innerWidth  });
 		Object.defineProperty(window, 'outerHeight', { get: () => window.innerHeight });
 	}`,
 
-	// Spoof WebGL renderer to hide SwiftShader (headless GPU) fingerprint.
-	`(function() {
-		const getParam = WebGLRenderingContext.prototype.getParameter;
-		WebGLRenderingContext.prototype.getParameter = function(param) {
-			if (param === 37445) return 'Google Inc. (Intel)';
-			if (param === 37446) return 'ANGLE (Intel, Intel(R) UHD Graphics 630, OpenGL 4.5)';
-			return getParam.call(this, param);
-		};
-		if (typeof WebGL2RenderingContext !== 'undefined') {
-			const getParam2 = WebGL2RenderingContext.prototype.getParameter;
-			WebGL2RenderingContext.prototype.getParameter = function(param) {
-				if (param === 37445) return 'Google Inc. (Intel)';
-				if (param === 37446) return 'ANGLE (Intel, Intel(R) UHD Graphics 630, OpenGL 4.5)';
-				return getParam2.call(this, param);
-			};
-		}
-	})()`,
-
-	// Add chrome.app, chrome.csi, and chrome.loadTimes stubs missing in headless.
-	`(function() {
-		if (!window.chrome) window.chrome = {};
-		if (!window.chrome.app) {
-			window.chrome.app = { isInstalled: false, InstallState: { DISABLED: 'disabled', INSTALLED: 'installed', NOT_INSTALLED: 'not_installed' }, RunningState: { CANNOT_RUN: 'cannot_run', READY_TO_RUN: 'ready_to_run', RUNNING: 'running' } };
-		}
-		if (!window.chrome.csi) {
-			window.chrome.csi = function() { return { startE: Date.now(), onloadT: Date.now(), pageT: 0, tran: 15 }; };
-		}
-		if (!window.chrome.loadTimes) {
-			window.chrome.loadTimes = function() { return { commitLoadTime: Date.now() / 1000, connectionInfo: 'h2', finishDocumentLoadTime: Date.now() / 1000, finishLoadTime: Date.now() / 1000, firstPaintAfterLoadTime: 0, firstPaintTime: Date.now() / 1000, navigationType: 'Other', npnNegotiatedProtocol: 'h2', requestTime: Date.now() / 1000, startLoadTime: Date.now() / 1000, wasAlternateProtocolAvailable: false, wasFetchedViaSpdy: true, wasNpnNegotiated: true }; };
-		}
-	})()`,
-
 	// Override navigator.permissions.query to return "denied" for notifications.
 	`(function() {
 		if (navigator.permissions && navigator.permissions.query) {
@@ -101,17 +42,121 @@ var stealthInitScripts = []string{
 			Notification.requestPermission = function() { return Promise.resolve('denied'); };
 		}
 	})()`,
+}
 
-	// Stub navigator.connection (Network Information API) if missing.
+// chromiumHWProfile holds hardware fingerprint values for a Chromium browser session.
+type chromiumHWProfile struct {
+	WebGLVendor   string
+	WebGLRenderer string
+	ConnRTT       int     // base RTT in ms (jittered ±20 per session)
+	ConnDownlink  float64 // base downlink in Mbps (jittered ±2 per session)
+}
+
+// chromiumHWProfiles is a pool of realistic Chromium hardware profiles.
+// Index 0 matches the original hardcoded values.
+var chromiumHWProfiles = []chromiumHWProfile{
+	{"Google Inc. (Intel)", "ANGLE (Intel, Intel(R) UHD Graphics 630, OpenGL 4.5)", 50, 10},
+	{"Google Inc. (NVIDIA)", "ANGLE (NVIDIA, NVIDIA GeForce GTX 1660 SUPER, D3D11)", 30, 25},
+	{"Google Inc. (AMD)", "ANGLE (AMD, AMD Radeon RX 580, D3D11)", 100, 5},
+	{"Google Inc. (Intel)", "ANGLE (Intel, Intel(R) UHD Graphics 770, OpenGL 4.5)", 50, 10},
+	{"Google Inc. (NVIDIA)", "ANGLE (NVIDIA, NVIDIA GeForce RTX 3060, D3D11)", 25, 50},
+	{"Google Inc. (Intel)", "ANGLE (Intel, Intel(R) Iris Xe Graphics, D3D11)", 75, 8},
+}
+
+// randomChromiumProfile returns a randomly selected Chromium hardware profile.
+func randomChromiumProfile() chromiumHWProfile {
+	return chromiumHWProfiles[rand.IntN(len(chromiumHWProfiles))]
+}
+
+// buildChromiumStealthScripts returns Chromium stealth init scripts with the given hardware profile
+// values templated into the WebGL and connection spoofing scripts. Connection RTT and downlink
+// receive per-session jitter (±20ms RTT, ±2 Mbps downlink).
+func buildChromiumStealthScripts(p chromiumHWProfile) []string {
+	// Apply jitter to connection stats.
+	rtt := p.ConnRTT + rand.IntN(41) - 20 // ±20ms
+	if rtt < 0 {
+		rtt = 0
+	}
+	downlink := p.ConnDownlink + (rand.Float64()*4 - 2) // ±2 Mbps
+	if downlink < 0.5 {
+		downlink = 0.5
+	}
+
+	return []string{
+		// Populate navigator.plugins with realistic Chromium entries so plugins.length > 0.
+		`Object.defineProperty(navigator, 'plugins', {
+		get: () => {
+			const arr = [
+				{ name: 'PDF Viewer', filename: 'internal-pdf-viewer', description: 'Portable Document Format' },
+				{ name: 'Chrome PDF Plugin', filename: 'internal-pdf-viewer', description: '' },
+				{ name: 'Chromium PDF Viewer', filename: 'internal-pdf-viewer', description: '' },
+			];
+			arr.item = (i) => arr[i] || null;
+			arr.namedItem = (n) => arr.find(p => p.name === n) || null;
+			arr.refresh = () => {};
+			return arr;
+		},
+	})`,
+
+		// Populate navigator.mimeTypes to match the fake Chromium plugins above.
+		`Object.defineProperty(navigator, 'mimeTypes', {
+		get: () => {
+			const arr = [
+				{ type: 'application/pdf', suffixes: 'pdf', description: 'Portable Document Format' },
+			];
+			arr.item = (i) => arr[i] || null;
+			arr.namedItem = (n) => arr.find(m => m.type === n) || null;
+			return arr;
+		},
+	})`,
+
+		// Provide window.chrome runtime stub (Chromium-only signal).
+		`if (!window.chrome) {
+		window.chrome = { runtime: {} };
+	}`,
+
+		// Add chrome.app, chrome.csi, and chrome.loadTimes stubs missing in headless.
 		`(function() {
+		if (!window.chrome) window.chrome = {};
+		if (!window.chrome.app) {
+			window.chrome.app = { isInstalled: false, InstallState: { DISABLED: 'disabled', INSTALLED: 'installed', NOT_INSTALLED: 'not_installed' }, RunningState: { CANNOT_RUN: 'cannot_run', READY_TO_RUN: 'ready_to_run', RUNNING: 'running' } };
+		}
+		if (!window.chrome.csi) {
+			window.chrome.csi = function() { return { startE: Date.now(), onloadT: Date.now(), pageT: 0, tran: 15 }; };
+		}
+		if (!window.chrome.loadTimes) {
+			window.chrome.loadTimes = function() { return { commitLoadTime: Date.now() / 1000, connectionInfo: 'h2', finishDocumentLoadTime: Date.now() / 1000, finishLoadTime: Date.now() / 1000, firstPaintAfterLoadTime: 0, firstPaintTime: Date.now() / 1000, navigationType: 'Other', npnNegotiatedProtocol: 'h2', requestTime: Date.now() / 1000, startLoadTime: Date.now() / 1000, wasAlternateProtocolAvailable: false, wasFetchedViaSpdy: true, wasNpnNegotiated: true }; };
+		}
+	})()`,
+
+		// Spoof WebGL renderer to hide SwiftShader (headless GPU) fingerprint with Chromium ANGLE strings.
+		fmt.Sprintf(`(function() {
+		const getParam = WebGLRenderingContext.prototype.getParameter;
+		WebGLRenderingContext.prototype.getParameter = function(param) {
+			if (param === 37445) return '%s';
+			if (param === 37446) return '%s';
+			return getParam.call(this, param);
+		};
+		if (typeof WebGL2RenderingContext !== 'undefined') {
+			const getParam2 = WebGL2RenderingContext.prototype.getParameter;
+			WebGL2RenderingContext.prototype.getParameter = function(param) {
+				if (param === 37445) return '%s';
+				if (param === 37446) return '%s';
+				return getParam2.call(this, param);
+			};
+		}
+	})()`, p.WebGLVendor, p.WebGLRenderer, p.WebGLVendor, p.WebGLRenderer),
+
+		// Stub navigator.connection (Network Information API) if missing (Chrome-only API).
+		fmt.Sprintf(`(function() {
 		if (!navigator.connection) {
 			Object.defineProperty(navigator, 'connection', {
 				get: function() {
-					return { effectiveType: '4g', rtt: 50, downlink: 10, saveData: false, onchange: null };
+					return { effectiveType: '4g', rtt: %d, downlink: %.1f, saveData: false, onchange: null };
 				},
 			});
 		}
-	})()`,
+	})()`, rtt, downlink),
 
 		// Remove CDP artifacts (window.cdc_* globals injected by Chrome DevTools Protocol).
 		`(function() {
@@ -131,4 +176,96 @@ var stealthInitScripts = []string{
 			});
 		}
 	})()`,
+	}
+}
+
+// firefoxHWProfile holds hardware fingerprint values for a Firefox browser session.
+type firefoxHWProfile struct {
+	WebGLVendor         string
+	WebGLRenderer       string
+	MozInnerScreenX     int
+	MozInnerScreenY     int
+	HardwareConcurrency int
+}
+
+// firefoxHWProfiles is a pool of realistic Firefox hardware profiles.
+// Index 0 matches the original hardcoded values.
+var firefoxHWProfiles = []firefoxHWProfile{
+	{"Intel Open Source Technology Center", "Mesa DRI Intel(R) UHD Graphics 630", 8, 51, 4},
+	{"Intel Open Source Technology Center", "Mesa DRI Intel(R) HD Graphics 530", 0, 71, 8},
+	{"X.Org", "AMD Radeon RX 580 (polaris10, LLVM 15.0.7, DRM 3.49, 6.1.0-18-amd64)", 8, 51, 8},
+	{"Intel Open Source Technology Center", "Mesa DRI Intel(R) UHD Graphics 770", 0, 51, 16},
+	{"nouveau", "NV167", 8, 71, 4},
+	{"Intel", "Mesa Intel(R) Iris(R) Xe Graphics", 0, 51, 8},
+}
+
+// randomFirefoxProfile returns a randomly selected Firefox hardware profile.
+func randomFirefoxProfile() firefoxHWProfile {
+	return firefoxHWProfiles[rand.IntN(len(firefoxHWProfiles))]
+}
+
+// buildFirefoxStealthScripts returns Firefox stealth init scripts with the given hardware profile
+// values templated into the WebGL, mozInnerScreen, and hardwareConcurrency spoofing scripts.
+func buildFirefoxStealthScripts(p firefoxHWProfile) []string {
+	return []string{
+		// Harden navigator.webdriver for Firefox: ensure Object.getOwnPropertyDescriptor also returns undefined.
+		`(function() {
+		const proto = Object.getPrototypeOf(navigator);
+		const origGetOwnPropDesc = Object.getOwnPropertyDescriptor;
+		Object.getOwnPropertyDescriptor = function(obj, prop) {
+			if ((obj === navigator || obj === proto) && prop === 'webdriver') {
+				return undefined;
+			}
+			return origGetOwnPropDesc.call(this, obj, prop);
+		};
+	})()`,
+
+		// Spoof WebGL renderer with Firefox-appropriate Mesa/driver strings.
+		fmt.Sprintf(`(function() {
+		const getParam = WebGLRenderingContext.prototype.getParameter;
+		WebGLRenderingContext.prototype.getParameter = function(param) {
+			if (param === 37445) return '%s';
+			if (param === 37446) return '%s';
+			return getParam.call(this, param);
+		};
+		if (typeof WebGL2RenderingContext !== 'undefined') {
+			const getParam2 = WebGL2RenderingContext.prototype.getParameter;
+			WebGL2RenderingContext.prototype.getParameter = function(param) {
+				if (param === 37445) return '%s';
+				if (param === 37446) return '%s';
+				return getParam2.call(this, param);
+			};
+		}
+	})()`, p.WebGLVendor, p.WebGLRenderer, p.WebGLVendor, p.WebGLRenderer),
+
+		// Spoof mozInnerScreenX/mozInnerScreenY which are 0 in headless Firefox.
+		fmt.Sprintf(`(function() {
+		if (window.mozInnerScreenX === 0) {
+			Object.defineProperty(window, 'mozInnerScreenX', { get: () => %d });
+		}
+		if (window.mozInnerScreenY === 0) {
+			Object.defineProperty(window, 'mozInnerScreenY', { get: () => %d });
+		}
+	})()`, p.MozInnerScreenX, p.MozInnerScreenY),
+
+		// Normalize navigator.hardwareConcurrency (Firefox headless sometimes reports 2).
+		fmt.Sprintf(`(function() {
+		if (navigator.hardwareConcurrency <= 2) {
+			Object.defineProperty(navigator, 'hardwareConcurrency', { get: () => %d });
+		}
+	})()`, p.HardwareConcurrency),
+
+		// Override navigator.plugins with Firefox-appropriate PDF.js entry.
+		`Object.defineProperty(navigator, 'plugins', {
+		get: () => {
+			const arr = [
+				{ name: 'PDF.js', filename: 'internal-pdf-viewer', description: 'Portable Document Format' },
+			];
+			arr.item = (i) => arr[i] || null;
+			arr.namedItem = (n) => arr.find(p => p.name === n) || null;
+			arr.refresh = () => {};
+			return arr;
+		},
+	})`,
+	}
 }

stealth_test.go

@@ -66,105 +66,468 @@ func TestStealthChromiumArgs(t *testing.T) {
 	}
 }
 
-func TestStealthInitScripts(t *testing.T) {
-	if len(stealthInitScripts) == 0 {
-		t.Fatal("expected at least one stealth init script")
+// --- Common scripts ---
+
+func TestStealthCommonScripts_Count(t *testing.T) {
+	if len(stealthCommonScripts) != 4 {
+		t.Fatalf("expected 4 common stealth scripts, got %d", len(stealthCommonScripts))
 	}
 }
 
-func TestStealthInitScripts_Count(t *testing.T) {
-	if len(stealthInitScripts) != 12 {
-		t.Fatalf("expected 12 stealth init scripts, got %d", len(stealthInitScripts))
-	}
-}
-
-func TestStealthInitScripts_WebGLSpoof(t *testing.T) {
+func TestStealthCommonScripts_WebdriverOverride(t *testing.T) {
 	found := false
-	for _, s := range stealthInitScripts {
-		if strings.Contains(s, "SwiftShader") || strings.Contains(s, "UNMASKED_RENDERER") || strings.Contains(s, "37446") {
+	for _, s := range stealthCommonScripts {
+		if strings.Contains(s, "navigator") && strings.Contains(s, "webdriver") {
 			found = true
 			break
 		}
 	}
 	if !found {
-		t.Fatal("expected a stealth script that spoofs WebGL renderer")
+		t.Fatal("expected a common script that overrides navigator.webdriver")
 	}
 }
 
-func TestStealthInitScripts_ChromeApp(t *testing.T) {
+func TestStealthCommonScripts_OuterDimensions(t *testing.T) {
 	found := false
-	for _, s := range stealthInitScripts {
-		if strings.Contains(s, "chrome.app") && strings.Contains(s, "chrome.csi") && strings.Contains(s, "chrome.loadTimes") {
+	for _, s := range stealthCommonScripts {
+		if strings.Contains(s, "outerWidth") && strings.Contains(s, "outerHeight") {
 			found = true
 			break
 		}
 	}
 	if !found {
-		t.Fatal("expected a stealth script that stubs chrome.app, chrome.csi, and chrome.loadTimes")
+		t.Fatal("expected a common script that fixes outerWidth/outerHeight")
 	}
 }
 
-func TestStealthInitScripts_PermissionsQuery(t *testing.T) {
+func TestStealthCommonScripts_PermissionsQuery(t *testing.T) {
 	found := false
-	for _, s := range stealthInitScripts {
+	for _, s := range stealthCommonScripts {
 		if strings.Contains(s, "permissions.query") && strings.Contains(s, "notifications") {
 			found = true
 			break
 		}
 	}
 	if !found {
-		t.Fatal("expected a stealth script that overrides permissions.query for notifications")
+		t.Fatal("expected a common script that overrides permissions.query for notifications")
 	}
 }
 
-func TestStealthInitScripts_Notification(t *testing.T) {
+func TestStealthCommonScripts_Notification(t *testing.T) {
 	found := false
-	for _, s := range stealthInitScripts {
+	for _, s := range stealthCommonScripts {
 		if strings.Contains(s, "Notification") && strings.Contains(s, "requestPermission") {
 			found = true
 			break
 		}
 	}
 	if !found {
-		t.Fatal("expected a stealth script that stubs Notification constructor")
+		t.Fatal("expected a common script that stubs Notification constructor")
 	}
 }
 
-func TestStealthInitScripts_NavigatorConnection(t *testing.T) {
+// --- Chromium scripts ---
+
+func TestStealthChromiumScripts_Count(t *testing.T) {
+	scripts := buildChromiumStealthScripts(chromiumHWProfiles[0])
+	if len(scripts) != 8 {
+		t.Fatalf("expected 8 chromium stealth scripts, got %d", len(scripts))
+	}
+}
+
+func TestStealthChromiumScripts_Plugins(t *testing.T) {
+	scripts := buildChromiumStealthScripts(chromiumHWProfiles[0])
 	found := false
-	for _, s := range stealthInitScripts {
+	for _, s := range scripts {
+		if strings.Contains(s, "Chrome PDF Plugin") && strings.Contains(s, "navigator") && strings.Contains(s, "plugins") {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatal("expected a chromium script that populates navigator.plugins with Chrome entries")
+	}
+}
+
+func TestStealthChromiumScripts_MimeTypes(t *testing.T) {
+	scripts := buildChromiumStealthScripts(chromiumHWProfiles[0])
+	found := false
+	for _, s := range scripts {
+		if strings.Contains(s, "mimeTypes") && strings.Contains(s, "application/pdf") {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatal("expected a chromium script that populates navigator.mimeTypes")
+	}
+}
+
+func TestStealthChromiumScripts_WindowChrome(t *testing.T) {
+	scripts := buildChromiumStealthScripts(chromiumHWProfiles[0])
+	found := false
+	for _, s := range scripts {
+		if strings.Contains(s, "window.chrome") && strings.Contains(s, "runtime") {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatal("expected a chromium script that stubs window.chrome")
+	}
+}
+
+func TestStealthChromiumScripts_ChromeApp(t *testing.T) {
+	scripts := buildChromiumStealthScripts(chromiumHWProfiles[0])
+	found := false
+	for _, s := range scripts {
+		if strings.Contains(s, "chrome.app") && strings.Contains(s, "chrome.csi") && strings.Contains(s, "chrome.loadTimes") {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatal("expected a chromium script that stubs chrome.app, chrome.csi, and chrome.loadTimes")
+	}
+}
+
+func TestStealthChromiumScripts_WebGLSpoof(t *testing.T) {
+	scripts := buildChromiumStealthScripts(chromiumHWProfiles[0])
+	found := false
+	for _, s := range scripts {
+		if strings.Contains(s, "37446") && strings.Contains(s, "ANGLE") {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatal("expected a chromium script that spoofs WebGL renderer with ANGLE strings")
+	}
+}
+
+func TestStealthChromiumScripts_NavigatorConnection(t *testing.T) {
+	scripts := buildChromiumStealthScripts(chromiumHWProfiles[0])
+	found := false
+	for _, s := range scripts {
 		if strings.Contains(s, "connection") && strings.Contains(s, "effectiveType") {
 			found = true
 			break
 		}
 	}
 	if !found {
-		t.Fatal("expected a stealth script that stubs navigator.connection")
+		t.Fatal("expected a chromium script that stubs navigator.connection")
 	}
 }
 
-func TestStealthInitScripts_CDPCleanup(t *testing.T) {
+func TestStealthChromiumScripts_CDPCleanup(t *testing.T) {
+	scripts := buildChromiumStealthScripts(chromiumHWProfiles[0])
 	found := false
-	for _, s := range stealthInitScripts {
+	for _, s := range scripts {
 		if strings.Contains(s, "cdc_") && strings.Contains(s, "delete") {
 			found = true
 			break
 		}
 	}
 	if !found {
-		t.Fatal("expected a stealth script that cleans up CDP artifacts")
+		t.Fatal("expected a chromium script that cleans up CDP artifacts")
 	}
 }
 
-func TestStealthInitScripts_UserAgentStrip(t *testing.T) {
+func TestStealthChromiumScripts_UserAgentStrip(t *testing.T) {
+	scripts := buildChromiumStealthScripts(chromiumHWProfiles[0])
 	found := false
-	for _, s := range stealthInitScripts {
+	for _, s := range scripts {
 		if strings.Contains(s, "HeadlessChrome") && strings.Contains(s, "userAgent") {
 			found = true
 			break
 		}
 	}
 	if !found {
-		t.Fatal("expected a stealth script that strips HeadlessChrome from user agent")
+		t.Fatal("expected a chromium script that strips HeadlessChrome from user agent")
+	}
+}
+
+// --- Firefox scripts ---
+
+func TestStealthFirefoxScripts_Count(t *testing.T) {
+	scripts := buildFirefoxStealthScripts(firefoxHWProfiles[0])
+	if len(scripts) != 5 {
+		t.Fatalf("expected 5 firefox stealth scripts, got %d", len(scripts))
+	}
+}
+
+func TestStealthFirefoxScripts_WebdriverHardening(t *testing.T) {
+	scripts := buildFirefoxStealthScripts(firefoxHWProfiles[0])
+	found := false
+	for _, s := range scripts {
+		if strings.Contains(s, "getOwnPropertyDescriptor") && strings.Contains(s, "webdriver") {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatal("expected a firefox script that hardens navigator.webdriver via getOwnPropertyDescriptor")
+	}
+}
+
+func TestStealthFirefoxScripts_WebGLSpoof(t *testing.T) {
+	scripts := buildFirefoxStealthScripts(firefoxHWProfiles[0])
+	found := false
+	for _, s := range scripts {
+		if strings.Contains(s, "37446") && strings.Contains(s, "Mesa DRI") {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatal("expected a firefox script that spoofs WebGL renderer with Mesa strings")
+	}
+}
+
+func TestStealthFirefoxScripts_MozInnerScreen(t *testing.T) {
+	scripts := buildFirefoxStealthScripts(firefoxHWProfiles[0])
+	found := false
+	for _, s := range scripts {
+		if strings.Contains(s, "mozInnerScreenX") && strings.Contains(s, "mozInnerScreenY") {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatal("expected a firefox script that spoofs mozInnerScreenX/mozInnerScreenY")
+	}
+}
+
+func TestStealthFirefoxScripts_HardwareConcurrency(t *testing.T) {
+	scripts := buildFirefoxStealthScripts(firefoxHWProfiles[0])
+	found := false
+	for _, s := range scripts {
+		if strings.Contains(s, "hardwareConcurrency") {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatal("expected a firefox script that normalizes navigator.hardwareConcurrency")
+	}
+}
+
+func TestStealthFirefoxScripts_PDFjsPlugins(t *testing.T) {
+	scripts := buildFirefoxStealthScripts(firefoxHWProfiles[0])
+	found := false
+	for _, s := range scripts {
+		if strings.Contains(s, "PDF.js") && strings.Contains(s, "plugins") {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Fatal("expected a firefox script that provides PDF.js plugin entry")
+	}
+}
+
+// --- Cross-category validation ---
+
+func TestStealthScripts_NoOverlap(t *testing.T) {
+	chromiumScripts := buildChromiumStealthScripts(chromiumHWProfiles[0])
+	firefoxScripts := buildFirefoxStealthScripts(firefoxHWProfiles[0])
+	all := make(map[string]string) // script -> category
+	for _, s := range stealthCommonScripts {
+		all[s] = "common"
+	}
+	for _, s := range chromiumScripts {
+		if cat, ok := all[s]; ok {
+			t.Fatalf("chromium script also appears in %s category", cat)
+		}
+		all[s] = "chromium"
+	}
+	for _, s := range firefoxScripts {
+		if cat, ok := all[s]; ok {
+			t.Fatalf("firefox script also appears in %s category", cat)
+		}
+	}
+}
+
+func TestStealthCommonScripts_NoChromiumMarkers(t *testing.T) {
+	chromiumMarkers := []string{"window.chrome", "chrome.app", "chrome.csi", "chrome.loadTimes", "HeadlessChrome", "cdc_", "Chrome PDF Plugin", "ANGLE"}
+	for _, s := range stealthCommonScripts {
+		for _, marker := range chromiumMarkers {
+			if strings.Contains(s, marker) {
+				t.Fatalf("common script contains Chromium-specific marker %q", marker)
+			}
+		}
+	}
+}
+
+func TestStealthCommonScripts_NoFirefoxMarkers(t *testing.T) {
+	firefoxMarkers := []string{"mozInnerScreen", "Mesa DRI", "PDF.js"}
+	for _, s := range stealthCommonScripts {
+		for _, marker := range firefoxMarkers {
+			if strings.Contains(s, marker) {
+				t.Fatalf("common script contains Firefox-specific marker %q", marker)
+			}
+		}
+	}
+}
+
+func TestStealthChromiumScripts_NoFirefoxMarkers(t *testing.T) {
+	scripts := buildChromiumStealthScripts(chromiumHWProfiles[0])
+	firefoxMarkers := []string{"mozInnerScreen", "Mesa DRI", "PDF.js"}
+	for _, s := range scripts {
+		for _, marker := range firefoxMarkers {
+			if strings.Contains(s, marker) {
+				t.Fatalf("chromium script contains Firefox-specific marker %q", marker)
+			}
+		}
+	}
+}
+
+func TestStealthFirefoxScripts_NoChromiumMarkers(t *testing.T) {
+	scripts := buildFirefoxStealthScripts(firefoxHWProfiles[0])
+	chromiumMarkers := []string{"window.chrome", "chrome.app", "chrome.csi", "chrome.loadTimes", "HeadlessChrome", "cdc_", "Chrome PDF Plugin", "ANGLE"}
+	for _, s := range scripts {
+		for _, marker := range chromiumMarkers {
+			if strings.Contains(s, marker) {
+				t.Fatalf("firefox script contains Chromium-specific marker %q", marker)
+			}
+		}
+	}
+}
+
+// --- User-Agent constants ---
+
+func TestDefaultUserAgent_BackwardCompat(t *testing.T) {
+	if DefaultUserAgent != DefaultFirefoxUserAgent {
+		t.Fatal("DefaultUserAgent must equal DefaultFirefoxUserAgent for backward compatibility")
+	}
+}
+
+func TestDefaultFirefoxUserAgent_Content(t *testing.T) {
+	if !strings.Contains(DefaultFirefoxUserAgent, "Firefox") {
+		t.Fatal("DefaultFirefoxUserAgent must contain 'Firefox'")
+	}
+	if strings.Contains(DefaultFirefoxUserAgent, "Chrome") {
+		t.Fatal("DefaultFirefoxUserAgent must not contain 'Chrome'")
+	}
+}
+
+func TestDefaultChromiumUserAgent_Content(t *testing.T) {
+	if !strings.Contains(DefaultChromiumUserAgent, "Chrome") {
+		t.Fatal("DefaultChromiumUserAgent must contain 'Chrome'")
+	}
+	if strings.Contains(DefaultChromiumUserAgent, "Firefox") {
+		t.Fatal("DefaultChromiumUserAgent must not contain 'Firefox'")
+	}
+}
+
+// --- Viewport and UA defaults via mergeOptions ---
+
+func TestMergeOptions_DefaultViewport(t *testing.T) {
+	base := BrowserOptions{
+		Dimensions: Size{Width: 1920, Height: 1080},
+	}
+	got := mergeOptions(base, nil)
+	if got.Dimensions.Width != 1920 || got.Dimensions.Height != 1080 {
+		t.Fatalf("expected default viewport 1920x1080, got %dx%d", got.Dimensions.Width, got.Dimensions.Height)
+	}
+}
+
+func TestMergeOptions_ViewportOverride(t *testing.T) {
+	base := BrowserOptions{
+		Dimensions: Size{Width: 1920, Height: 1080},
+	}
+	got := mergeOptions(base, []BrowserOptions{{Dimensions: Size{Width: 1280, Height: 720}}})
+	if got.Dimensions.Width != 1280 || got.Dimensions.Height != 720 {
+		t.Fatalf("expected overridden viewport 1280x720, got %dx%d", got.Dimensions.Width, got.Dimensions.Height)
+	}
+}
+
+func TestMergeOptions_EmptyUANotOverridden(t *testing.T) {
+	base := BrowserOptions{}
+	got := mergeOptions(base, []BrowserOptions{{Browser: BrowserChromium}})
+	if got.UserAgent != "" {
+		t.Fatalf("expected empty UserAgent after merge with no explicit UA, got %q", got.UserAgent)
+	}
+}
+
+func TestMergeOptions_ExplicitUAPreserved(t *testing.T) {
+	base := BrowserOptions{}
+	customUA := "MyCustomAgent/1.0"
+	got := mergeOptions(base, []BrowserOptions{{UserAgent: customUA}})
+	if got.UserAgent != customUA {
+		t.Fatalf("expected explicit UA %q preserved, got %q", customUA, got.UserAgent)
+	}
+}
+
+// --- Hardware profile pools ---
+
+func TestChromiumHWProfiles_NotEmpty(t *testing.T) {
+	if len(chromiumHWProfiles) < 2 {
+		t.Fatalf("expected at least 2 chromium hardware profiles, got %d", len(chromiumHWProfiles))
+	}
+}
+
+func TestFirefoxHWProfiles_NotEmpty(t *testing.T) {
+	if len(firefoxHWProfiles) < 2 {
+		t.Fatalf("expected at least 2 firefox hardware profiles, got %d", len(firefoxHWProfiles))
+	}
+}
+
+func TestBuildChromiumStealthScripts_ProfileValues(t *testing.T) {
+	p := chromiumHWProfiles[1] // NVIDIA profile
+	scripts := buildChromiumStealthScripts(p)
+	joined := strings.Join(scripts, "\n")
+	if !strings.Contains(joined, p.WebGLVendor) {
+		t.Fatalf("expected chromium scripts to contain vendor %q", p.WebGLVendor)
+	}
+	if !strings.Contains(joined, p.WebGLRenderer) {
+		t.Fatalf("expected chromium scripts to contain renderer %q", p.WebGLRenderer)
+	}
+}
+
+func TestBuildFirefoxStealthScripts_ProfileValues(t *testing.T) {
+	p := firefoxHWProfiles[2] // AMD profile
+	scripts := buildFirefoxStealthScripts(p)
+	joined := strings.Join(scripts, "\n")
+	if !strings.Contains(joined, p.WebGLVendor) {
+		t.Fatalf("expected firefox scripts to contain vendor %q", p.WebGLVendor)
+	}
+	if !strings.Contains(joined, p.WebGLRenderer) {
+		t.Fatalf("expected firefox scripts to contain renderer %q", p.WebGLRenderer)
+	}
+}
+
+func TestBuildChromiumStealthScripts_ConnectionJitter(t *testing.T) {
+	p := chromiumHWProfiles[0]
+	seen := make(map[string]bool)
+	for range 50 {
+		scripts := buildChromiumStealthScripts(p)
+		// The connection script is at index 5.
+		seen[scripts[5]] = true
+	}
+	if len(seen) < 2 {
+		t.Fatal("expected connection script to vary across calls due to jitter, but all 50 were identical")
+	}
+}
+
+func TestChromiumHWProfiles_NoSingleQuotes(t *testing.T) {
+	for i, p := range chromiumHWProfiles {
+		if strings.Contains(p.WebGLVendor, "'") {
+			t.Fatalf("chromium profile %d vendor contains single quote (breaks JS)", i)
+		}
+		if strings.Contains(p.WebGLRenderer, "'") {
+			t.Fatalf("chromium profile %d renderer contains single quote (breaks JS)", i)
+		}
+	}
+}
+
+func TestFirefoxHWProfiles_NoSingleQuotes(t *testing.T) {
+	for i, p := range firefoxHWProfiles {
+		if strings.Contains(p.WebGLVendor, "'") {
+			t.Fatalf("firefox profile %d vendor contains single quote (breaks JS)", i)
+		}
+		if strings.Contains(p.WebGLRenderer, "'") {
+			t.Fatalf("firefox profile %d renderer contains single quote (breaks JS)", i)
+		}
 	}
 }