# Observations

## Browserless signup smoke

- Browserless plain CDP websocket `wss://production-sfo.browserless.io/?token=...` loaded `chatgpt.com` into `Just a moment...` during Agent Browser testing.
- Browserless stealth websocket `wss://production-sfo.browserless.io/chrome/stealth?token=...` loaded the normal ChatGPT homepage and allowed interaction.
- From `https://chatgpt.com/`, `Sign up for free` opened the signup modal without navigating away from the page.
- The signup modal exposed:
  - `textbox "Email address"`
  - `button "Continue"`
  - social-login buttons

### Validation outcomes

- Invalid string `not-an-email`
  - Field validity failed.
  - Native validation reported a missing `@`.
  - The `Continue` button was still clickable.
  - The flow did not advance.

- Valid fake email `browserless-smoke-20260315@example.com`
  - Field validity passed.
  - Submitting advanced to `https://auth.openai.com/create-account/password`.
  - Title became `Create a password - OpenAI`.
- Reusing the same fake email on later runs can route to `https://auth.openai.com/log-in/password` instead.

- Valid fake email + fake password `TempPass!20260315`
  - Submitting the password advanced to `https://auth.openai.com/email-verification`.
  - Title became `Check your inbox - OpenAI`.
  - The page exposed a `Code` input, `Continue`, and `Resend email`.

## Browser Use OAuth callback capture

- `agent-browser -p browseruse ...` failed with `Failed to connect to CDP on port 9222` in this environment.
- Creating a Browser Use cloud browser with the SDK and then attaching Agent Browser to the returned CDP websocket worked.
- The Browser Use browser session returned:
  - a `live_url`
  - an HTTP `cdp_url`
  - a websocket debugger URL discoverable from `cdp_url/json/version`
- After OpenAI login and password submission, the flow reached `https://auth.openai.com/email-verification` reliably.
- A valid email code advanced to `https://auth.openai.com/sign-in-with-chatgpt/codex/consent`.
- Routing `http://localhost:1455/*` before the final consent click preserved the callback URL.
- The final page could still show upstream/proxy errors, but the current URL contained the complete callback in the form:
  - `http://localhost:1455/auth/callback?code=...&scope=...&state=...`

## Direct auth URL behavior

- Opening `https://auth.openai.com/log-in-or-create-account` directly did not show the signup form during testing.
- It showed `Your session has ended` plus a `Log in` link instead.

## Recommended stopping points

- For signup smoke tests, treat arrival at `https://auth.openai.com/email-verification` as success.
- For OAuth callback capture, treat arrival at `http://localhost:1455/auth/callback?...` as success even if the page body shows a local proxy or upstream error.
- Do not finish account creation or enter additional secrets unless the user explicitly asks and the action is allowed.