Add Brave CDP automation, replace Oracle browser mode

Connects to user's running Brave via Chrome DevTools Protocol
to automate ChatGPT interaction. Uses puppeteer-core to open a
tab, send the prompt, wait for response, and extract the result.

No cookies, no separate profiles, no copy/paste. Just connects
to the browser where the user is already logged in.

One-time setup: relaunch Brave with --remote-debugging-port=9222

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

node_modules/devtools-protocol/pdl/domains/Security.pdl

@@ -0,0 +1,196 @@
+# Copyright 2017 The Chromium Authors
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+#
+# Contributing to Chrome DevTools Protocol: https://goo.gle/devtools-contribution-guide-cdp
+
+domain Security
+
+  # An internal certificate ID value.
+  type CertificateId extends integer
+
+  # A description of mixed content (HTTP resources on HTTPS pages), as defined by
+  # https://www.w3.org/TR/mixed-content/#categories
+  type MixedContentType extends string
+    enum
+      blockable
+      optionally-blockable
+      none
+
+  # The security level of a page or resource.
+  type SecurityState extends string
+    enum
+      unknown
+      neutral
+      insecure
+      secure
+      info
+      insecure-broken
+
+  # Details about the security state of the page certificate.
+  experimental type CertificateSecurityState extends object
+    properties
+      # Protocol name (e.g. "TLS 1.2" or "QUIC").
+      string protocol
+      # Key Exchange used by the connection, or the empty string if not applicable.
+      string keyExchange
+      # (EC)DH group used by the connection, if applicable.
+      optional string keyExchangeGroup
+      # Cipher name.
+      string cipher
+      # TLS MAC. Note that AEAD ciphers do not have separate MACs.
+      optional string mac
+      # Page certificate.
+      array of string certificate
+      # Certificate subject name.
+      string subjectName
+      # Name of the issuing CA.
+      string issuer
+      # Certificate valid from date.
+      Network.TimeSinceEpoch validFrom
+      # Certificate valid to (expiration) date
+      Network.TimeSinceEpoch validTo
+      # The highest priority network error code, if the certificate has an error.
+      optional string certificateNetworkError
+      # True if the certificate uses a weak signature algorithm.
+      boolean certificateHasWeakSignature
+      # True if the certificate has a SHA1 signature in the chain.
+      boolean certificateHasSha1Signature
+      # True if modern SSL
+      boolean modernSSL
+      # True if the connection is using an obsolete SSL protocol.
+      boolean obsoleteSslProtocol
+      # True if the connection is using an obsolete SSL key exchange.
+      boolean obsoleteSslKeyExchange
+      # True if the connection is using an obsolete SSL cipher.
+      boolean obsoleteSslCipher
+      # True if the connection is using an obsolete SSL signature.
+      boolean obsoleteSslSignature
+
+  experimental type SafetyTipStatus extends string
+    enum
+      badReputation
+      lookalike
+
+  experimental type SafetyTipInfo extends object
+    properties
+      # Describes whether the page triggers any safety tips or reputation warnings. Default is unknown.
+      SafetyTipStatus safetyTipStatus
+      # The URL the safety tip suggested ("Did you mean?"). Only filled in for lookalike matches.
+      optional string safeUrl
+
+  # Security state information about the page.
+  experimental type VisibleSecurityState extends object
+    properties
+      # The security level of the page.
+      SecurityState securityState
+      # Security state details about the page certificate.
+      optional CertificateSecurityState certificateSecurityState
+      # The type of Safety Tip triggered on the page. Note that this field will be set even if the Safety Tip UI was not actually shown.
+      optional SafetyTipInfo safetyTipInfo
+      # Array of security state issues ids.
+      array of string securityStateIssueIds
+
+  # An explanation of an factor contributing to the security state.
+  type SecurityStateExplanation extends object
+    properties
+      # Security state representing the severity of the factor being explained.
+      SecurityState securityState
+      # Title describing the type of factor.
+      string title
+      # Short phrase describing the type of factor.
+      string summary
+      # Full text explanation of the factor.
+      string description
+      # The type of mixed content described by the explanation.
+      MixedContentType mixedContentType
+      # Page certificate.
+      array of string certificate
+      # Recommendations to fix any issues.
+      optional array of string recommendations
+
+  # Information about insecure content on the page.
+  deprecated type InsecureContentStatus extends object
+    properties
+      # Always false.
+      boolean ranMixedContent
+      # Always false.
+      boolean displayedMixedContent
+      # Always false.
+      boolean containedMixedForm
+      # Always false.
+      boolean ranContentWithCertErrors
+      # Always false.
+      boolean displayedContentWithCertErrors
+      # Always set to unknown.
+      SecurityState ranInsecureContentStyle
+      # Always set to unknown.
+      SecurityState displayedInsecureContentStyle
+
+  # The action to take when a certificate error occurs. continue will continue processing the
+  # request and cancel will cancel the request.
+  type CertificateErrorAction extends string
+    enum
+      continue
+      cancel
+
+  # Disables tracking security state changes.
+  command disable
+
+  # Enables tracking security state changes.
+  command enable
+
+  # Enable/disable whether all certificate errors should be ignored.
+  command setIgnoreCertificateErrors
+    parameters
+      # If true, all certificate errors will be ignored.
+      boolean ignore
+
+  # Handles a certificate error that fired a certificateError event.
+  deprecated command handleCertificateError
+    parameters
+      # The ID of the event.
+      integer eventId
+      # The action to take on the certificate error.
+      CertificateErrorAction action
+
+  # Enable/disable overriding certificate errors. If enabled, all certificate error events need to
+  # be handled by the DevTools client and should be answered with `handleCertificateError` commands.
+  deprecated command setOverrideCertificateErrors
+    parameters
+      # If true, certificate errors will be overridden.
+      boolean override
+
+  # There is a certificate error. If overriding certificate errors is enabled, then it should be
+  # handled with the `handleCertificateError` command. Note: this event does not fire if the
+  # certificate error has been allowed internally. Only one client per target should override
+  # certificate errors at the same time.
+  deprecated event certificateError
+    parameters
+      # The ID of the event.
+      integer eventId
+      # The type of the error.
+      string errorType
+      # The url that was requested.
+      string requestURL
+
+  # The security state of the page changed.
+  experimental event visibleSecurityStateChanged
+    parameters
+      # Security state information about the page.
+      VisibleSecurityState visibleSecurityState
+
+  # The security state of the page changed. No longer being sent.
+  deprecated event securityStateChanged
+    parameters
+      # Security state.
+      SecurityState securityState
+      # True if the page was loaded over cryptographic transport such as HTTPS.
+      deprecated boolean schemeIsCryptographic
+      # Previously a list of explanations for the security state. Now always
+      # empty.
+      deprecated array of SecurityStateExplanation explanations
+      # Information about insecure content on the page.
+      deprecated InsecureContentStatus insecureContentStatus
+      # Overrides user-visible description of the state. Always omitted.
+      deprecated optional string summary