# DIA Autonomy Runbook (v2 — HTTP cookie bridge) **Last updated:** 2026-03-05 **Status:** WORKING ✓ — 18 orders fetched successfully with this approach. --- ## Architecture ``` Human touch (once): Ignacio's Chrome (logged in) → OpenClaw Relay WS → dia_export_cookies.js → data/dia/session-cookies.json Autonomous recurring runs (no human, no browser): dia_fetch_orders_http.js ← session-cookies.json → orders API → data/dia/orders-latest.json ``` The key insight: **DIA's orders endpoint is a plain REST API**. Once we have the auth cookies from the real Chrome session, we can call it with `https` — no browser, no Flutter, no relay. --- ## Why the old Flutter login approach failed The DIA login is at `auth.diadigital.app` — a Flutter web app. Flutter renders everything to a `` with a semantic overlay (`flt-semantics`). Headless CDP automation of Flutter forms is unreliable: the password step (`#password-login-page`) found textareas and filled them, but form submission silently redirected back to step 1 without triggering the `POST /login` network call. This is a known hard problem with Flutter web headless automation. --- ## Cookie relay mechanism The Chrome relay (OpenClaw extension at port 18792) exposes a CDP WebSocket: ``` ws://127.0.0.1:18792/cdp Auth header: x-openclaw-relay-token: ``` `Network.getAllCookies` via raw CDP returns all cookies from Ignacio's live Chrome tab, including `VtexIdclientAutCookie_diaio` (the VTEX auth cookie). --- ## Commands ### Step 1: Export cookies (requires relay active + DIA logged in in Chrome) ```bash cd ~/.openclaw/workspace node scripts/dia_export_cookies.js ``` Saves to: `data/dia/session-cookies.json` Also verifies auth against the orders endpoint before saving. ### Step 2: Fetch orders (fully autonomous — no browser, no relay needed) ```bash cd ~/.openclaw/workspace node scripts/dia_fetch_orders_http.js ``` Outputs: - `data/dia/orders-latest.json` - `data/dia/orders-latest.csv` - `data/dia/archive/orders-.json` ### Cron setup (every 6h) ```cron 0 */6 * * * cd /home/ubuntu/.openclaw/workspace && node scripts/dia_fetch_orders_http.js >> data/dia/fetch.log 2>&1 ``` --- ## Session lifetime VTEX auth cookies typically last **weeks to months**. Re-export is only needed when: - `dia_fetch_orders_http.js` exits with `ERROR: DIA session expired (HTTP 401)` - Or Ignacio explicitly logs out from DIA in Chrome When that happens: 1. Make sure DIA is open and logged in in Chrome 2. Attach OpenClaw relay to that tab 3. Run `dia_export_cookies.js` again --- ## Failure modes ### dia_fetch_orders_http.js exit codes | Code | Meaning | Fix | |------|---------|-----| | 2 | Cookie file missing | Run `dia_export_cookies.js` | | 4/5 | File empty or no auth cookie | Run `dia_export_cookies.js` | | 7 | HTTP 401/403 — session expired | Log into DIA in Chrome, re-export | | 8 | Other HTTP error | Check DIA site status | ### dia_export_cookies.js exit codes | Code | Meaning | Fix | |------|---------|-----| | 2 | Relay not accessible | Open DIA tab, click OpenClaw extension (turn ON) | | 4 | No VtexIdclientAutCookie | Log into DIA in Chrome first | | 6 | HTTP 401 even with cookies | Refresh DIA in Chrome, re-export | --- ## Security notes - `session-cookies.json` contains live auth cookies — treat like a password - File stays local to VPS, not committed to git - Scripts only log cookie names and counts, never values - Cookies are filtered to DIA domains only on export