# ECP-0102: Linux Widevine NBC Worker on `ecp-forge` ## Why NBC live playback currently exists only in the desktop app: - macOS native `WKWebView` for in-app auth and playback capture - local Chrome fallback for browser-driven playback capture `ecp-forge` cannot originate an NBC live stream today because `ec-node` has no NBC source worker, no Adobe auth bootstrap flow, and no Linux browser runtime with Widevine. ## Decision Build a forge-capable NBC source worker around Linux Google Chrome plus a persistent authenticated profile. 1. Use Google Chrome on `x86_64` Linux, not bare Chromium, as the browser runtime for NBC on forge. 2. Run Chrome in a virtual display session on `ecp-forge` so DRM playback remains in a normal browser path even when no physical display is attached. Keep the forge worker on a dedicated display number and disable GPU acceleration by default under Xvfb. 3. Persist the NBC/Adobe browser profile on forge so auth warmup is amortized across runs. 4. Add an explicit bootstrap path that surfaces interactive auth only when the stored session is cold or expired. 5. Launch Chrome as an external process and attach over DevTools rather than relying on the crate-managed Chrome launcher path. 6. Publish the resulting captured stream through the existing `ec-node` relay path so archive, replay, and downstream nodes stay unchanged. 7. Expose the forge operator surface as `ec-node nbc-bootstrap` and `ec-node nbc-wt-publish`, with a persistent virtual display on `ecp-forge`. ## Consequences - NBC live origin becomes possible from forge without depending on a user’s macOS desktop session. - We keep the existing every.channel transport/archive model and only replace the source worker. - The first forge implementation should be browser-frame capture first; audio and full unattended auth renewal can follow once the Linux worker is stable. ## Rejected Alternatives - Reuse the macOS `WKWebView` path on forge: impossible on Linux. - Depend on bare Chromium only: rejected because Widevine support is the central requirement. - Require true headless-only DRM playback from the start: rejected because the safer first implementation is a normal Chrome session inside a virtual display.