Fixed
nlm doctor auth-replayfalsebrowser_bound_replayverdict on merely expired cookies (#248) — The diagnostic previously compared stale on-disk cookies (httpx_saved,httpx_after_rotate) against an always-fresh live browser session (cdp_in_page). Since a live session's cookies are fresh by construction, that comparison could not distinguish ordinary cookie expiry from genuine device-bound replay — both produce the exact same pass/fail pattern. The diagnostic now re-extracts cookies from the same live browser session used for the CDP probe and replays them through plain httpx (newhttpx_freshlane) before drawing a conclusion. If fresh cookies succeed over httpx, the verdict is now the newstale_cookies(runnlm login, no transport needed);browser_bound_replayis only reported when even freshly re-extracted cookies fail outside the browser. Thanks to @leomesheti-crypto for the detailed controlled-comparison report that caught this.
Changed
nlm doctor auth-replaynow reports four lanes instead of three: saved-cookie httpx replay, httpx after forced cookie rotation, fresh-cookie httpx replay, and the in-page CDP fetch.--no-cdpskips the two browser-backed lanes together.- Updated
docs/AUTHENTICATION.mdto describe the corrected four-lane diagnostic and clarify when the experimentalNOTEBOOKLM_RPC_TRANSPORT=cdptransport is actually justified.
Other
- README: moved the "Buy Me a Coffee" call-out from a low-visibility badge in the top badge row to a prominent, centered block near the top of the page.