every-channel/every.channel
1
0
Fork 0
Code Releases Activity Actions 2

Automate Forge NBC Verizon auth
Some checks are pending
ci-gates / checks (push) Waiting to run
Details
deploy-cloudflare / checks (push) Waiting to run
Details
deploy-cloudflare / deploy (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
every.channel 2026-05-03 21:20:26 -07:00
parent 7c9980667a
commit 340e2346ba
No known key found for this signature in database
3 changed files with 671 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

46
evolution/proposals/ECP-0107-forge-nbc-popup-aware-verizon-auth-automation.md Normal file
View file

@ -0,0 +1,46 @@
# ECP-0107: Forge NBC Popup-Aware Verizon Auth Automation
## Why
The forge NBC worker now reaches the MVPD picker and can select `Verizon Fios`, but the next step
opens a separate `Verizon FiOS - sign in` popup window.
The Linux browser worker was still treating auth as a single-tab flow, so it kept retrying the MVPD
picker instead of entering credentials in the popup and returning to the main NBC watch surface.
## Decision
1. Treat forge NBC auth as a browser-wide flow, not a single-tab flow.
2. Detect and interact with popup tabs whose title or URL indicate MVPD sign-in.
3. Support operational-only Verizon credentials via environment variables or `*_FILE` paths:
- `EVERY_CHANNEL_NBC_MVPD_USERNAME`
- `EVERY_CHANNEL_NBC_MVPD_PASSWORD`
- `EVERY_CHANNEL_NBC_MVPD_USERNAME_FILE`
- `EVERY_CHANNEL_NBC_MVPD_PASSWORD_FILE`
4. After Adobe background-login completion, close auxiliary auth tabs and resume the primary NBC tab.
5. Suppress Chrome crash-restore UI in the forge browser worker so popup automation reaches the
actual MVPD login form instead of browser chrome.
6. Allow the Linux NixOS module to point the NBC worker at root-managed MVPD credential files
without committing secret values.
7. Treat post-auth NBC profile sign-in as optional when live media requests are already in flight;
do not force-navigate away from that surface while CSSOTT/CMAF playback activity is active.
## Consequences
- Forge NBC bootstrap can complete the Verizon popup without manual browser typing when credentials
are provided operationally.
- The credential path stays outside committed repo configuration and can be supplied differently per
host or per session.
- Hosts that want unattended recovery can reference root-managed credential files declaratively
without placing the credentials themselves in git.
- The worker avoids aborting its own live-session startup by bouncing away from an optional NBC
profile screen after Verizon auth has already unlocked media delivery.
- Future MVPD integrations can extend the same popup-aware browser model instead of adding more
picker-only retries.
## Rejected Alternatives
- Keep forcing the MVPD picker tab until the popup resolves itself: rejected because the Verizon
popup is the actual login surface.
- Store MVPD credentials in committed Nix or repo files: rejected because the secret is operator
material and does not belong in versioned configuration.