Form filler now defaults to page root instead of scoping to
[role="dialog"]. LinkedIn Easy Apply passes its modal selector
explicitly. Fixes external ATS forms being scoped to wrong
container. Also improved Greenhouse handler with targeted
resume upload and form detection.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ashby wraps file input inside #_systemfield_resume container — search
for the actual input[type="file"] element. Also capture and log
validation errors from the page when submit returns incomplete.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Generic handler now accepts options (transformUrl, formDetector,
submitSelector, resumeSelector, beforeSubmit, verifySelector, etc.).
Each ATS handler passes its overrides instead of reimplementing.
Registry resolves handlers by: apply_type -> URL domain -> generic fallback.
New ATS handlers only need to export SUPPORTED_TYPES and an apply() that
calls genericApply with platform-specific options.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Page scraping was grabbing wrong elements (e.g. "Location" instead of
company name on Ashby). Queue already has correct metadata.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Only classify jobs without an apply_url — those with one have already
been visited and don't need re-classification.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ashby and unknown_external work. Greenhouse, Lever, Jobvite have
visible CAPTCHAs. Workday requires login. Keep those disabled until
proper handlers are built.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Invisible reCAPTCHA (size=invisible) fires on submit and usually passes
automatically. Only block on visible CAPTCHA challenges. Also fix form
detection to work without <form> wrapper elements.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Best-effort form filler for any career page with standard HTML forms.
Handles single-page and multi-step flows, resume upload, login wall
and CAPTCHA detection. All ATS stub handlers now delegate to generic.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Iterate over the full queue array instead of getJobsByStatus() results,
and pass it to saveQueue(). The previous code passed no argument, which
would corrupt or silently fail the save.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Secondary processes (standalone classifier, ad-hoc scripts) now write
to queue_updates.jsonl via writePendingUpdate() instead of modifying
jobs_queue.json directly. Primary processes pick up updates on next
loadQueue() call using atomic rename-then-read.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
External Apply buttons are <a> tags with LinkedIn redirect URLs, not
<button> elements. Extract the real URL from the redirect's query
parameter instead of clicking and waiting for a new tab.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces flat "Breakdown: ..." line with indented sub-items showing
Easy Apply, Wellfound, Greenhouse etc. counts under Ready to apply.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When LinkedIn is rate-limited, its jobs were filling the maxApps quota
but then getting skipped, leaving 0 applied. Now excludes easy_apply
jobs from selection during cooldown so Wellfound jobs get picked up.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After LinkedIn search completes, visits each unknown_external job page,
clicks the Apply button, captures the redirect URL, and matches against
known ATS patterns to identify the actual application platform.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When rate limited, writes timestamp to data/linkedin_rate_limited_at.json.
Subsequent runs skip LinkedIn until 6 hours have passed. Other platforms
(Wellfound) continue unaffected. Cooldown file auto-deleted on expiry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
LinkedIn shows different text on direct /apply/ URL vs button click:
- Button: "Easy Apply limit"
- Direct URL: "limit daily submissions" / "apply tomorrow"
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Don't break the entire run when LinkedIn rate limits — skip LinkedIn
jobs and continue to Wellfound and other platforms.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When LinkedIn shows "Easy Apply limit" message, detect it in the
modal-open check, return rate_limited status, put job back in queue,
send Telegram alert, and stop the entire run. Prevents burning retries
and wasting browser sessions when rate limited.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Some LinkedIn listings have image-only upload fields (JPG/PNG).
Don't attempt to upload a PDF resume to these inputs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Prevents OpenClaw from relaying full report as plain-text duplicate.
sendTelegram() handles formatted delivery, stdout just says "sent".
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- answerFor returning '' (intentionally blank) was treated as falsy,
falling through to AI which fabricated "123 Main Street". Now
empty string skips the field without triggering AI or reporting unknown.
- status.mjs was printing to stdout AND sending via Telegram, causing
OpenClaw to relay a duplicate plain-text copy. Now only prints to
stdout when Telegram isn't configured.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
LinkedIn validates number fields even when not marked required in the
DOM. Previously these were skipped (no AI call, no answer). Now number
fields always trigger AI fallback and are reported as unknown if empty.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a batch completes but scores aren't written back (collection
error), jobs get stuck with filter_batch_id set and never re-submitted.
Now checks: if no filter_state.json exists (no batch in flight) but
jobs have batch markers without scores, clear them so they get
re-submitted on the next run.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously status.mjs relied on OpenClaw relaying stdout, which sent
as plain text. Now sends via sendTelegram() directly when Telegram
config is present, matching how all other scripts send notifications.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
LinkedIn renders label text twice in nested spans, producing
"Question? Question?" instead of "Question?". The old dedup only
caught exact concatenation (ABCABC); now also handles space-separated
duplicates by comparing left/right halves at the midpoint space.
Applied to all 4 copies: extractLabel, _extractLabel, normalizeLegend,
_normalizeLegend.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add street/address pattern to answerFor() — returns profile address or empty string
- Update AI prompt: return "UNKNOWN" instead of guessing facts
- Handle UNKNOWN response by treating it as no answer (triggers Telegram ask)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Number inputs (type="number") were getting answers like "5 years"
instead of "5", causing LinkedIn validation errors. Now:
- AI gets "(must be a number, no text or units)" hint
- Answers are stripped to digits before filling
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Profile name is returned by ensureAuth() from the auth connection
(looked up by domain). No more storing profile names in settings.json
for the applier flow. createBrowser() still supports legacy platform
keys as fallback for searcher/setup.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Connection IDs are no longer stored in settings.json. The applier
finds auth connections by domain (linkedin.com, wellfound.com) at
runtime via the Kernel SDK. Updated SKILL.md, README.md, and bumped
to 0.1.4.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Connection IDs change when re-authing. Instead of storing IDs in
settings.json (which go stale), look up connections by domain at
runtime via kernel.auth.connections.list({ domain }). This keeps
the applier in sync regardless of connection recreation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Rewrite session.mjs: check connection status via SDK before creating
browser. If NEEDS_AUTH + can_reauth, auto re-auth with stored creds.
If can't re-auth, send Telegram alert and skip platform.
- Wire ensureAuth() into job_applier.mjs before createBrowser()
- Jobs are returned to queue (not failed) when auth is down
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The ClawHub scanner flags systemPrompt variables in lib/*.mjs as
potential prompt injection. These are legitimate Claude API prompts
for job scoring, answer generation, and keyword generation. Added
explicit note clarifying their purpose.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
