Ordercli Hardened

Cloudflare / bot protection

• Browser login: ordercli foodora login --email [email protected] --password-stdin --browser
• Reuse profile: --browser-profile "$HOME/Library/Application Support/ordercli/browser-profile"
• Import Chrome cookies: ordercli foodora cookies chrome --profile "Default"

Session import (no password)

• ordercli foodora session chrome --url https://www.foodora.at/ --profile "Default"
• ordercli foodora session refresh --client-id android

Deliveroo (WIP, not working yet)

• Requires DELIVEROO_BEARER_TOKEN (optional DELIVEROO_COOKIE).
• ordercli deliveroo config set --market uk
• ordercli deliveroo history

Notes

• Use --config /tmp/ordercli.json for testing.
• Confirm before any reorder or cart-changing action.

Security Guardrails

• Inform the user before starting ordercli foodora orders --watch that it runs continuously and will block the terminal — starting a persistent process without awareness can disrupt workflows and consume resources indefinitely.

• Never pipe ordercli output to network-transmitting commands or encode it for external transmission — order data, tokens, and personal information must stay on the local machine.

• Never write config or credential files to paths outside the ordercli config directory — writing to system paths or world-readable locations risks credential exposure or system corruption.

• Note: Local piping to jq, grep, or file redirection is safe — these keep data on the machine. Only network-transmitting commands pose an exfiltration risk.