LightZirconite/Microsoft-Rewards-Bot
1
1
Fork 0
mirror of https://github.com/LightZirconite/Microsoft-Rewards-Bot.git synced 2026-01-09 17:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
LightZirconite
2025-11-01 20:44:31 +01:00
commit 6d549e6590
91 changed files with 20404 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
docs/accounts.md Normal file
View File

@@ -0,0 +1,168 @@
# 👤 Accounts & 2FA Setup
**Add your Microsoft accounts with secure TOTP authentication**
---
## 📍 Quick Start
### Basic Setup (No 2FA)
**Edit** `src/accounts.json`:
```json
{
"accounts": [
{
"email": "your@email.com",
"password": "your_password",
"recoveryEmail": "backup@email.com"
}
]
}
```
> `recoveryEmail` is **mandatory**. It lets the bot verify Microsofts masked hint during login and alert you if the recovery address ever changes.
**That's it!** Run `npm start` to test.
---
## 🔐 Add 2FA/TOTP (Recommended)
### Why Use TOTP?
-**Automated login** — No manual code entry
-**More secure** — Better than SMS
-**Works 24/7** — Scheduler-friendly
### How to Get Your TOTP Secret
1. **Open** https://account.live.com/proofs/Manage/additional (Security → Advanced security options → Additional security).
2. Enable two-step verification and click **Next** until you see the setup wizard.
3. Click the blue link **"Set up a different authenticator app"**.
4. On the next screen click **"I can't scan the bar code"** to reveal the Base32 secret.
5. Scan the QR with your preferred authenticator (Google Authenticator recommended to keep data separate from Microsoft) **and** copy the secret:
- The same secret can stay in your app and be saved in this file (multiple authenticators can share it).
6. Enter the 6-digit code in Microsofts wizard to finish pairing.
7. **Add the secret to** `accounts.json`:
```json
{
"accounts": [
{
"email": "your@email.com",
"password": "your_password",
"recoveryEmail": "backup@email.com",
"totp": "JBSWY3DPEHPK3PXP"
}
]
}
```
---
## 🎯 Multiple Accounts
```json
{
"accounts": [
{
"email": "account1@email.com",
"password": "password1",
"recoveryEmail": "backup1@email.com",
"totp": "SECRET1"
},
{
"email": "account2@email.com",
"password": "password2",
"recoveryEmail": "backup2@email.com",
"totp": "SECRET2"
}
]
}
```
---
## 🌐 Per-Account Proxy (Optional)
```json
{
"accounts": [
{
"email": "your@email.com",
"password": "password",
"recoveryEmail": "backup@email.com",
"totp": "",
"proxy": {
"proxyAxios": true,
"url": "proxy.example.com",
"port": 8080,
"username": "proxyuser",
"password": "proxypass"
}
}
]
}
```
**[Full Proxy Guide](./proxy.md)**
---
## 🔒 Environment Variables (Docker/CI)
### Option 1: File Path
```bash
export ACCOUNTS_FILE=/path/to/accounts.json
```
### Option 2: Inline JSON
```bash
export ACCOUNTS_JSON='{"accounts":[{"email":"test@example.com","password":"pass"}]}'
```
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **"accounts.json not found"** | Create file or set `ACCOUNTS_FILE` env var |
| **"2FA prompt not auto-filled"** | Check TOTP secret is valid Base32 |
| **"Invalid TOTP"** | Verify system time is correct |
| **"Account locked"** | Manually unlock in Microsoft Account |
| **"Login timeout"** | Check internet connection, try proxy |
### 2FA Not Working?
1. **Check secret format** — Should be Base32 (only letters/numbers, no spaces)
2. **Verify system time** — Must be accurate (NTP sync)
3. **Test manually** — Use authenticator app to verify code works
4. **Remove backup codes** — Some security settings block TOTP
---
## 🔒 Security Tips
- 🔐 **Use strong passwords** — Unique for each account
- 🔑 **Enable TOTP** — More secure than SMS
- 📁 **Restrict file permissions**`chmod 600 accounts.json` (Linux)
- 🔄 **Rotate passwords** — Change every 90 days
- 🚫 **Never commit** — Add `accounts.json` to `.gitignore`
---
## 📚 Next Steps
**TOTP setup?**
**[Security Guide](./security.md)** for best practices
**Ready for automation?**
**[Scheduler Setup](./schedule.md)**
**Need proxies?**
**[Proxy Guide](./proxy.md)**
---
**[← Back to Hub](./index.md)** | **[Getting Started](./getting-started.md)**

108
docs/buy-mode.md Normal file
View File

@@ -0,0 +1,108 @@
# 💳 Buy Mode
**Manually redeem rewards while monitoring points**
---
## 💡 What Is It?
Launches browser and **passively monitors** your points balance while you manually shop/redeem.
**Use case:** Safely redeem gift cards without automation interference.
---
## ⚡ Quick Start
```bash
npm start -- -buy your@email.com
```
**What happens:**
1. Opens 2 browser tabs:
- **Monitor tab** — Background point tracking (auto-refresh)
- **Your tab** — Use this for manual purchases
2. Monitors points every ~10 seconds
3. Alerts you when spending detected
---
## 🎯 Example Usage
### Redeem Gift Card
```bash
npm start -- -buy myaccount@outlook.com
```
1. Script opens Microsoft Rewards in browser
2. Use the **user tab** to browse and redeem
3. **Monitor tab** tracks your balance in background
4. Get notification when points decrease
---
## ⚙️ Configuration
**Set max session time:**
**Edit** `src/config.jsonc`:
```jsonc
{
"buyMode": {
"enabled": false,
"maxMinutes": 45
}
}
```
---
## 🔔 Notifications
Buy mode sends alerts when:
- 💳 **Points spent** — Shows amount and new balance
- 📉 **Balance changes** — Tracks cumulative spending
**Example alert:**
```
💳 Spend detected (Buy Mode)
Account: user@email.com
Spent: -500 points
Current: 12,500 points
Session spent: 1,200 points
```
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **Monitor tab closes** | Script auto-reopens it |
| **No spending alerts** | Check webhook/NTFY config |
| **Session too short** | Increase `maxMinutes` in config |
---
## ⚠️ Important Notes
-**Browser visible** — Always runs in visible mode
-**No automation** — Script only monitors, never clicks
-**Safe** — Use your browsing tab normally
-**Notifications** — Uses existing webhook/NTFY settings
---
## 📚 Next Steps
**Setup notifications?**
**[Discord Webhooks](./conclusionwebhook.md)**
**[NTFY Push](./ntfy.md)**
**Back to automation?**
**[Getting Started](./getting-started.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

122
docs/conclusionwebhook.md Normal file
View File

@@ -0,0 +1,122 @@
# 📊 Discord Webhooks
**Get run summaries in Discord**
---
## 💡 What Is It?
Sends a **rich embed** to your Discord server after each run with:
- 📊 Total accounts processed
- 💎 Points earned
- ⏱️ Execution time
- ❌ Errors encountered
---
## ⚡ Quick Start
### 1. Create Webhook in Discord
1. **Open Discord** → Right-click channel
2. **Edit Channel****Integrations** tab
3. **Create Webhook**
4. **Copy webhook URL**
### 2. Configure Script
**Edit** `src/config.jsonc`:
```jsonc
{
"notifications": {
"conclusionWebhook": {
"enabled": true,
"url": "https://discord.com/api/webhooks/123456789/abcdef-your-webhook-token"
}
}
}
```
**That's it!** You'll get a summary after each run.
---
## 📋 Example Summary
```
🎯 Microsoft Rewards Summary
📊 Accounts: 3 • 0 with issues
💎 Points: 15,230 → 16,890 (+1,660)
⏱️ Average Duration: 8m 32s
📈 Cumulative Runtime: 25m 36s
👤 user1@example.com
Points: 5,420 → 6,140 (+720)
Duration: 7m 23s
Status: ✅ Completed successfully
👤 user2@example.com
Points: 4,810 → 5,750 (+940)
Duration: 9m 41s
Status: ✅ Completed successfully
👤 user3@example.com
Points: 5,000 → 5,000 (+0)
Duration: 8m 32s
Status: ✅ Completed successfully
```
---
## 🎯 Advanced: Separate Channels
Use different webhooks for different notifications:
```jsonc
{
"notifications": {
"webhook": {
"enabled": true,
"url": "https://discord.com/api/webhooks/.../errors-channel"
},
"conclusionWebhook": {
"enabled": true,
"url": "https://discord.com/api/webhooks/.../summary-channel"
}
}
}
```
- **`webhook`** — Real-time errors during execution
- **`conclusionWebhook`** — End-of-run summary
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **No message received** | Check webhook URL is complete |
| **"Invalid webhook"** | Regenerate webhook in Discord |
| **Partial data** | Ensure script completed fully |
### Test Webhook Manually
```bash
curl -X POST -H "Content-Type: application/json" -d '{"content":"Test message"}' "YOUR_WEBHOOK_URL"
```
---
## 📚 Next Steps
**Want mobile alerts?**
**[NTFY Push Notifications](./ntfy.md)**
**Need detailed logs?**
**[Diagnostics Guide](./diagnostics.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

605
docs/config.md Normal file
View File

@@ -0,0 +1,605 @@
# ⚙️ Configuration Guide# ⚙️ Configuration Guide
**Customize script behavior in `src/config.jsonc`**This page documents every field in the configuration file. The default ships as `src/config.jsonc` so you get inline `//` guidance without editor warnings, and the loader still accepts traditional `config.json` files if you prefer plain JSON.
---Looking for ready-to-use presets? Check `docs/config-presets/` for curated examples such as `balanced.jsonc` (full automation with humanization) and `minimal.jsonc` (lean runs with quick scheduling).
## ⚡ Quick Start (Essentials)> NOTE: Previous versions had `logging.live` (live streaming webhook); it was removed and replaced by a simple `logging.redactEmails` flag.
### Minimal Working Config---
## Top-Level Fields
```jsonc
{### baseURL
"humanization": {Internal Microsoft Rewards base. Leave it unless you know what you are doing.
"enabled": true // Natural behavior (recommended)
},### sessionPath
"workers": {Directory where session data (cookies / fingerprints / job-state) is stored.
"doDailySet": true,
"doDesktopSearch": true,---
"doMobileSearch": true## browser
}| Key | Type | Default | Description |
}|-----|------|---------|-------------|
```| headless | boolean | false | Run browser UI-less. Set to `false` to keep the browser visible (default). |
| globalTimeout | string/number | "30s" | Max time for common Playwright operations. Accepts ms number or time string (e.g. `"45s"`, `"2min"`). |
**That's all you need!** Everything else has good defaults.
---
---## execution
| Key | Type | Default | Description |
## 🎯 Popular Configurations|-----|------|---------|-------------|
| parallel | boolean | false | Run desktop + mobile simultaneously (higher resource usage). |
### 1. Daily Automation| runOnZeroPoints | boolean | false | Skip full run early if there are zero points available (saves time). |
| clusters | number | 1 | Number of process clusters (multi-process concurrency). |
```jsonc| passesPerRun | number | 1 | Advanced: extra full passes per started run. |
{
"humanization": { "enabled": true },---
"schedule": {## buyMode
"enabled": true,Manual redeem / purchase assistance.
"time": "09:00",| Key | Type | Default | Description |
"timeZone": "America/New_York"|-----|------|---------|-------------|
}| enabled (CLI `-buy`) | boolean | false | Enable buy mode (usually via CLI argument). |
}| maxMinutes | number | 45 | Max session length for buy mode. |
```
---
**[Full Scheduler Guide](./schedule.md)**## fingerprinting.saveFingerprint
Persist browser fingerprints per device type for consistency.
---| Key | Type | Default | Description |
|-----|------|---------|-------------|
### 2. With Notifications| mobile | boolean | false | Save/reuse a consistent mobile fingerprint. |
| desktop | boolean | false | Save/reuse a consistent desktop fingerprint. |
```jsonc
{---
"humanization": { "enabled": true },## search
"conclusionWebhook": {| Key | Type | Default | Description |
"enabled": true,|-----|------|---------|-------------|
"url": "https://discord.com/api/webhooks/YOUR_WEBHOOK"| useLocalQueries | boolean | false | Use locale-specific query sources instead of global ones. |
}
}### search.settings
```| Key | Type | Default | Description |
|-----|------|---------|-------------|
**[Discord Setup](./conclusionwebhook.md)** | **[NTFY Setup](./ntfy.md)**| useGeoLocaleQueries | boolean | false | Blend geo / locale into chosen queries. |
| scrollRandomResults | boolean | true | Random scroll during search pages to look natural. |
---| clickRandomResults | boolean | true | Occasionally click safe results. |
| retryMobileSearchAmount | number | 2 | Retries if mobile searches didnt yield points. |
### 3. Background Mode (Headless)| delay.min / delay.max | string/number | 35min | Delay between searches (ms or time string). |
```jsonc---
{## humanization
"browser": {Humanlike behavior simulation.
"headless": true| Key | Type | Default | Description |
},|-----|------|---------|-------------|
"humanization": { "enabled": true }| enabled | boolean | true | Global on/off. |
}| stopOnBan | boolean | true | Stop processing further accounts if a ban is detected. |
```| immediateBanAlert | boolean | true | Fire notification immediately upon ban detection. |
| actionDelay.min/max | number/string | 150450ms | Random micro-delay per action. |
**Note:** Set `headless: false` to see the browser during development.| gestureMoveProb | number | 0.4 | Probability of a small mouse move gesture. |
| gestureScrollProb | number | 0.2 | Probability of a small scroll gesture. |
---| allowedWindows | string[] | [] | Local time windows (e.g. `["08:30-11:00","19:00-22:00"]`). Outside windows, run waits. |
### 4. Skip When No Points---
## vacation
```jsoncRandom contiguous block of days off per month.
{| Key | Type | Default | Description |
"execution": {|-----|------|---------|-------------|
"runOnZeroPoints": false| enabled | boolean | false | Activate monthly break behavior. |
}| minDays | number | 3 | Minimum skipped days per month. |
}| maxDays | number | 5 | Maximum skipped days per month. |
```
---
Saves time by skipping accounts with 0 available points.## retryPolicy
Generic transient retry/backoff.
---| Key | Type | Default | Description |
|-----|------|---------|-------------|
### 5. Multiple Accounts Faster| maxAttempts | number | 3 | Max tries for retryable blocks. |
| baseDelay | number | 1000 | Initial delay in ms. |
```jsonc| maxDelay | number/string | 30s | Max backoff delay. |
{| multiplier | number | 2 | Exponential backoff multiplier. |
"execution": {| jitter | number | 0.2 | Randomization factor (0..1). |
"parallel": false, // Desktop + mobile simultaneously
"clusters": 1 // Process multiple accounts in parallel---
}## workers
}Enable/disable scripted task categories.
```| Key | Default | Description |
|-----|---------|-------------|
⚠️ **Higher detection risk** with parallel execution.| doDailySet | true | Daily set activities. |
| doMorePromotions | true | Promotional tasks. |
---| doPunchCards | true | Punch card flows. |
| doDesktopSearch | true | Desktop searches. |
## 🛡️ Anti-Ban Settings| doMobileSearch | true | Mobile searches. |
| doDailyCheckIn | true | Daily check-in. |
### Humanization (Recommended)| doReadToEarn | true | Reading tasks. |
| bundleDailySetWithSearch | false | Immediately start desktop search bundle after daily set. |
```jsonc
{---
"humanization": {## proxy
"enabled": true,| Key | Default | Description |
"actionDelay": { "min": 150, "max": 450 },|-----|---------|-------------|
"gestureMoveProb": 0.4,| proxyGoogleTrends | true | Route Google Trends fetch through proxy if set. |
"gestureScrollProb": 0.2,| proxyBingTerms | true | Route Bing query source fetch through proxy if set. |
"randomOffDaysPerWeek": 1
}---
}## notifications
```Manages notification channels (Discord webhooks, NTFY, etc.).
→ **[Full Humanization Guide](./humanization.md)**### notifications.webhook
Primary webhook (can be used for summary or generic messages).
---| Key | Default | Description |
|-----|---------|-------------|
### Vacation Mode| enabled | false | Allow sending webhook-based notifications and live log streaming. |
| url | "" | Webhook endpoint. |
```jsonc
{### notifications.conclusionWebhook
"vacation": {Rich end-of-run summary (if enabled separately).
"enabled": true,| Key | Default | Description |
"minDays": 3,|-----|---------|-------------|
"maxDays": 5| enabled | false | Enable run summary posting. |
}| url | "" | Webhook endpoint. |
}
```### notifications.ntfy
Lightweight push notifications.
Skips 3-5 random consecutive days per month.| Key | Default | Description |
|-----|---------|-------------|
---| enabled | false | Enable NTFY push. |
| url | "" | Base NTFY server URL (e.g. https://ntfy.sh). |
## 🔧 Advanced Options| topic | rewards | Topic/channel name. |
| authToken | "" | Bearer token if your server requires auth. |
<details>
<summary><strong>Click to expand all options</strong></summary>---
## logging
### Browser| Key | Type | Description |
|-----|------|-------------|
```jsonc| excludeFunc | string[] | Log buckets suppressed in console + any webhook usage. |
{| webhookExcludeFunc | string[] | Buckets suppressed specifically for webhook output. |
"browser": {| redactEmails | boolean | If true, email addresses are partially masked in logs. |
"headless": false,| liveWebhookUrl | string | Optional override URL for live log streaming (falls back to `notifications.webhook.url`). |
"globalTimeout": "30s"
}_Removed fields_: `live.enabled`, `live.url`, `live.redactEmails` — replaced by `redactEmails` only.
}
```---
## diagnostics
### Workers (Tasks)Capture evidence when something fails.
| Key | Default | Description |
```jsonc|-----|---------|-------------|
{| enabled | true | Master switch for diagnostics. |
"workers": {| saveScreenshot | true | Save screenshot on failure. |
"doDailySet": true,| saveHtml | true | Save HTML snapshot on failure. |
"doMorePromotions": true,| maxPerRun | 2 | Cap artifacts per run per failure type. |
"doPunchCards": true,| retentionDays | 7 | Old run artifacts pruned after this many days. |
"doDesktopSearch": true,
"doMobileSearch": true,---
"doDailyCheckIn": true,## jobState
"doReadToEarn": trueCheckpoint system to avoid duplicate work.
}| Key | Default | Description |
}|-----|---------|-------------|
```| enabled | true | Enable job state tracking. |
| dir | "" | Custom directory (default: `<sessionPath>/job-state`). |
### Search Behavior
---
```jsonc## schedule
{Built-in scheduler (avoids external cron inside container or host).
"search": {| Key | Default | Description |
"useLocalQueries": false,|-----|---------|-------------|
"settings": {| enabled | false | Enable scheduling loop. |
"useGeoLocaleQueries": false,| useAmPm | false | If true, parse `time12`; else use `time24`. |
"scrollRandomResults": true,| time12 | 9:00 AM | 12hour format time (only if useAmPm=true). |
"clickRandomResults": true| time24 | 09:00 | 24hour format time (only if useAmPm=false). |
}| timeZone | America/New_York | IANA zone string (e.g. Europe/Paris). |
}| runImmediatelyOnStart | false | Run one pass instantly in addition to daily schedule. |
}
```_Legacy_: If both `time12` and `time24` are empty, a legacy `time` (HH:mm) may still be read.
### Diagnostics---
## update
```jsoncAuto-update behavior after a run.
{| Key | Default | Description |
"diagnostics": {|-----|---------|-------------|
"enabled": true,| git | true | Pull latest git changes after run. |
"saveScreenshot": true,| docker | false | Recreate container (if running in Docker orchestration). |
"saveHtml": true,| scriptPath | setup/update/update.mjs | Custom script executed for update flow. |
"maxPerRun": 2,
"retentionDays": 7---
}## Security / Best Practices
}- Keep `redactEmails` true if you share logs publicly.
```- Use a private NTFY instance or secure Discord webhooks (do not leak URLs).
- Avoid setting `headless` false on untrusted remote servers.
### Job State
---
```jsonc## Minimal Example
{```jsonc
"jobState": {{
"enabled": true, "browser": { "headless": true },
"dir": "" // Empty = use default location "execution": { "parallel": false },
} "workers": { "doDailySet": true, "doDesktopSearch": true, "doMobileSearch": true },
} "logging": { "redactEmails": true }
```}
```
### Auto-Update
## Common Tweaks
```jsonc| Goal | Change |
{|------|--------|
"update": {| Faster dev feedback | Set `browser.headless` to false and shorten search delays. |
"git": true,| Reduce detection risk | Keep humanization enabled, add vacation window. |
"docker": false,| Silent mode | Add more buckets to `excludeFunc`. |
"scriptPath": "setup/update/update.mjs"| Skip mobile searches | Set `workers.doMobileSearch=false`. |
}| Use daily schedule | Set `schedule.enabled=true` and adjust `time24` + `timeZone`. |
}
```---
## NEW INTELLIGENT FEATURES
</details>
### riskManagement
---Dynamic risk assessment and ban prediction.
## 🎛️ Intelligent Features (v2.2+)| Key | Type | Default | Description |
|-----|------|---------|-------------|
### Risk Management| enabled | boolean | true | Enable risk-aware throttling. |
| autoAdjustDelays | boolean | true | Automatically increase delays when captchas/errors are detected. |
```jsonc| stopOnCritical | boolean | false | Stop execution if risk score exceeds threshold. |
{| banPrediction | boolean | true | Enable ML-style pattern analysis to predict ban risk. |
"riskManagement": {| riskThreshold | number | 75 | Risk score (0-100) above which bot pauses or alerts. |
"enabled": true,
"autoAdjustDelays": true,**How it works:** Monitors captchas, errors, timeouts, and account patterns. Dynamically adjusts delays (e.g., 1x → 2.5x) and warns you before bans happen.
"banPrediction": true,
"riskThreshold": 75---
}### analytics
}Performance dashboard and metrics tracking.
```
| Key | Type | Default | Description |
Dynamically adjusts delays when detecting captchas/errors.|-----|------|---------|-------------|
| enabled | boolean | true | Track points earned, success rates, execution times. |
---| retentionDays | number | 30 | How long to keep analytics data. |
| exportMarkdown | boolean | true | Generate human-readable markdown reports. |
### Query Diversity| webhookSummary | boolean | false | Send analytics summary via webhook. |
```jsonc**Output location:** `analytics/` folder (JSON files per account per day).
{
"queryDiversity": {---
"enabled": true,### queryDiversity
"sources": ["google-trends", "reddit", "local-fallback"],Multi-source search query generation.
"maxQueriesPerSource": 10
}| Key | Type | Default | Description |
}|-----|------|---------|-------------|
```| enabled | boolean | true | Use diverse sources instead of just Google Trends. |
| sources | array | `["google-trends", "reddit", "local-fallback"]` | Which sources to query (google-trends, reddit, news, wikipedia, local-fallback). |
Uses multiple search sources to avoid patterns.| maxQueriesPerSource | number | 10 | Max queries to fetch per source. |
| cacheMinutes | number | 30 | Cache duration to avoid hammering APIs. |
---
**Why?** Reduces patterns by mixing Reddit posts, news headlines, Wikipedia topics instead of predictable Google Trends.
### Analytics
---
```jsonc### dryRun
{Test mode: simulate execution without actually running tasks.
"analytics": {
"enabled": true,| Key | Type | Default | Description |
"retentionDays": 30,|-----|------|---------|-------------|
"exportMarkdown": true| dryRun | boolean | false | When true, logs actions but doesn't execute (useful for testing config). |
}
}**Use case:** Validate new config changes, estimate execution time, debug issues without touching accounts.
```
---
Tracks points earned, success rates, execution times.## Changelog Notes
- **v2.2.0**: Added risk-aware throttling, analytics dashboard, query diversity, ban prediction, dry-run mode.
---- Removed live webhook streaming complexity; now simpler logging.
- Centralized redaction logic under `logging.redactEmails`.
### Dry Run (Test Mode)
If something feels undocumented or unclear, open a documentation issue or extend this page.
```jsonc
{
"dryRun": true
}
```
**Or via CLI:**
```bash
npm start -- --dry-run
```
Simulates execution without actually running tasks.
---
## 🛠️ Troubleshooting
| Issue | Solution |
|-------|----------|
| **Config not loading** | Check JSON syntax (trailing commas OK in `.jsonc`) |
| **Script ignoring config** | Verify file is `src/config.jsonc` |
| **Errors after update** | Compare with example config |
---
## 📚 Next Steps
**Setup scheduler?**
**[Scheduler Guide](./schedule.md)**
**Want notifications?**
**[Discord Webhooks](./conclusionwebhook.md)**
**Need proxies?**
**[Proxy Guide](./proxy.md)**
---
**[← Back to Hub](./index.md)** | **[Getting Started](./getting-started.md)**

103
docs/diagnostics.md Normal file
View File

@@ -0,0 +1,103 @@
# 🔍 Diagnostics
**Auto-capture errors with screenshots and HTML**
---
## 💡 What Is It?
When errors occur, the script automatically saves:
- 📸 **Screenshots** — Visual error capture
- 📄 **HTML snapshots** — Page source
Helps you debug issues without re-running the script.
---
## ⚡ Quick Start
**Already enabled by default!**
```jsonc
{
"diagnostics": {
"enabled": true,
"saveScreenshot": true,
"saveHtml": true,
"maxPerRun": 2,
"retentionDays": 7
}
}
```
---
## 📁 Where Are Files Saved?
```
reports/
├── 2025-10-16/
│ ├── error_abc123_001.png
│ ├── error_abc123_001.html
│ └── error_def456_002.png
└── 2025-10-17/
└── ...
```
**Auto-cleanup:** Files older than 7 days are deleted automatically.
---
## 🎯 When It Captures
- ⏱️ **Timeouts** — Page navigation failures
- 🎯 **Element not found** — Selector errors
- 🔐 **Login failures** — Authentication issues
- 🌐 **Network errors** — Request failures
---
## 🔧 Configuration Options
| Setting | Default | Description |
|---------|---------|-------------|
| `enabled` | `true` | Enable diagnostics |
| `saveScreenshot` | `true` | Capture PNG screenshots |
| `saveHtml` | `true` | Save page HTML |
| `maxPerRun` | `2` | Max captures per run |
| `retentionDays` | `7` | Auto-delete after N days |
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **No captures despite errors** | Check `enabled: true` |
| **Too many files** | Reduce `retentionDays` |
| **Permission denied** | Check `reports/` write access |
### Manual Cleanup
```powershell
# Delete all diagnostic reports
Remove-Item -Recurse -Force reports/
# Keep last 3 days only
Get-ChildItem reports/ | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(-3)} | Remove-Item -Recurse
```
---
## 📚 Next Steps
**Need live notifications?**
**[Discord Webhooks](./conclusionwebhook.md)**
**[NTFY Push](./ntfy.md)**
**Security issues?**
**[Security Guide](./security.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

277
docs/docker.md Normal file
View File

@@ -0,0 +1,277 @@
# 🐳 Docker Guide
**Run the script in a container**
---
## ⚡ Quick Start
### 1. Create Required Files
Ensure you have:
- `src/accounts.jsonc` with your credentials
- `src/config.jsonc` (uses defaults if missing)
### 2. Start Container
```bash
docker compose up -d
```
### 3. View Logs
```bash
docker logs -f microsoft-rewards-script
```
**That's it!** Script runs automatically.
---
## 🎯 What's Included
The Docker setup:
-**Chromium Headless Shell** — Lightweight browser
-**Scheduler enabled** — Daily automation
-**Volume mounts** — Persistent sessions
-**Force headless** — Required for containers
---
## 📁 Mounted Volumes
| Host Path | Container Path | Purpose |
|-----------|----------------|---------|
| `./src/accounts.jsonc` | `/usr/src/.../src/accounts.jsonc` | Account credentials (read-only) |
| `./src/config.jsonc` | `/usr/src/.../src/config.jsonc` | Configuration (read-only) |
| `./sessions` | `/usr/src/.../sessions` | Cookies & fingerprints |
---
## 🌍 Environment Variables
### Set Timezone
```yaml
services:
rewards:
environment:
TZ: Europe/Paris
```
### Use Inline JSON
```bash
docker run -e ACCOUNTS_JSON='{"accounts":[...]}' ...
```
### Custom Config Path
```bash
docker run -e ACCOUNTS_FILE=/custom/path/accounts.json ...
```
---
## 🔧 Common Commands
```bash
# Start container
docker compose up -d
# View logs
docker logs -f microsoft-rewards-script
# Stop container
docker compose down
# Rebuild image
docker compose build --no-cache
# Restart container
docker compose restart
```
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **"accounts.json not found"** | Ensure `./src/accounts.jsonc` exists and is mounted in compose.yaml |
| **"Browser launch failed"** | Ensure `FORCE_HEADLESS=1` is set |
| **"Permission denied"** | Check file permissions (`chmod 644 accounts.jsonc config.jsonc`) |
| **Scheduler not running** | Verify `schedule.enabled: true` in config |
| **Cron not working** | See [Cron Troubleshooting](#-cron-troubleshooting) above |
### Debug Container
```bash
# Enter container shell
docker exec -it microsoft-rewards-script /bin/bash
# Check Node.js version
docker exec -it microsoft-rewards-script node --version
# View config (mounted in /src/)
docker exec -it microsoft-rewards-script cat src/config.jsonc
# Check if cron is enabled
docker exec -it microsoft-rewards-script printenv | grep USE_CRON
```
---
## 🎛️ Custom Configuration
### Option 1: Built-in Scheduler (Default, Recommended)
**Pros:**
- ✅ Lighter resource usage
- ✅ Better integration with config.jsonc
- ✅ No additional setup needed
- ✅ Automatic jitter for natural timing
**Default** `docker-compose.yml`:
```yaml
services:
rewards:
build: .
environment:
TZ: "Europe/Paris"
command: ["npm", "run", "start:schedule"]
```
Configure schedule in `src/config.jsonc`:
```jsonc
{
"schedule": {
"enabled": true,
"useAmPm": false,
"time24": "09:00",
"timeZone": "Europe/Paris"
}
}
```
### Option 2: Native Cron (For Traditional Cron Users)
**Pros:**
- ✅ Familiar cron syntax
- ✅ Multiple daily runs with standard crontab
- ✅ Native Linux scheduling
**Setup:**
1. **Enable cron in `docker-compose.yml`:**
```yaml
services:
rewards:
build: .
environment:
TZ: "Europe/Paris"
USE_CRON: "true"
CRON_SCHEDULE: "0 9,16,21 * * *" # 9 AM, 4 PM, 9 PM daily
RUN_ON_START: "true" # Optional: run once on start
```
2. **Cron Schedule Examples:**
| Schedule | Description | Cron Expression |
|----------|-------------|-----------------|
| Daily at 9 AM | Once per day | `0 9 * * *` |
| Twice daily | 9 AM and 9 PM | `0 9,21 * * *` |
| Three times | 9 AM, 4 PM, 9 PM | `0 9,16,21 * * *` |
| Every 6 hours | 4 times daily | `0 */6 * * *` |
| Weekdays only | Mon-Fri at 8 AM | `0 8 * * 1-5` |
**Use [crontab.guru](https://crontab.guru) to validate your cron expressions.**
3. **Rebuild and restart:**
```bash
docker compose down
docker compose build --no-cache
docker compose up -d
```
4. **Verify cron is running:**
```bash
# Check container logs
docker logs -f microsoft-rewards-script
# Should see: "==> Cron mode enabled"
# View cron logs inside container
docker exec microsoft-rewards-script tail -f /var/log/cron.log
```
### Option 3: Single Run (Manual)
```yaml
services:
rewards:
build: .
command: ["node", "./dist/index.js"]
```
---
## 🔄 Switching Between Scheduler and Cron
**From Built-in → Cron:**
1. Add `USE_CRON: "true"` to environment
2. Add `CRON_SCHEDULE` with desired timing
3. Rebuild: `docker compose up -d --build`
**From Cron → Built-in:**
1. Remove or comment `USE_CRON` variable
2. Configure `schedule` in `src/config.jsonc`
3. Rebuild: `docker compose up -d --build`
---
## 🐛 Cron Troubleshooting
| Problem | Solution |
|---------|----------|
| **Cron not executing** | Check `docker logs` for "Cron mode enabled" message |
| **Wrong timezone** | Verify `TZ` environment variable matches your location |
| **Syntax error** | Validate cron expression at [crontab.guru](https://crontab.guru) |
| **No logs** | Use `docker exec <container> tail -f /var/log/cron.log` |
| **Multiple executions** | Check for duplicate cron entries |
### Debug Cron Inside Container
```bash
# Enter container
docker exec -it microsoft-rewards-script /bin/bash
# Check cron is running
ps aux | grep cron
# View installed cron jobs
crontab -l
# Check cron logs
tail -100 /var/log/cron.log
# Test environment variables
printenv | grep -E 'TZ|NODE_ENV'
```
---
## 📚 Next Steps
**Need 2FA?**
**[Accounts & TOTP Setup](./accounts.md)**
**Want notifications?**
**[Discord Webhooks](./conclusionwebhook.md)**
**Scheduler config?**
**[Scheduler Guide](./schedule.md)**
---
**[← Back to Hub](./index.md)** | **[Getting Started](./getting-started.md)**

136
docs/getting-started.md Normal file
View File

@@ -0,0 +1,136 @@
# 🚀 Getting Started
<div align="center">
**🎯 From zero to earning Microsoft Rewards points in minutes**
*Complete setup guide for beginners*
</div>
---
## ✅ Requirements
- **Node.js 18+** (22 recommended) — [Download here](https://nodejs.org/)
- **Microsoft accounts** with email + password
- **Optional:** Docker for containerized deployment
---
## ⚡ Quick Setup (Recommended)
<div align="center">
### **🎬 One Command, Total Automation**
</div>
```bash
# 🪟 Windows
setup/setup.bat
# 🐧 Linux/macOS/WSL
bash setup/setup.sh
# 🌍 Any platform
npm run setup
```
**That's it!** The wizard will:
- ✅ Help you create `src/accounts.json` with your Microsoft credentials
- ✅ Install all dependencies automatically
- ✅ Build the TypeScript project
- ✅ Start earning points immediately
---
## 🛠️ Manual Setup
<details>
<summary><strong>📖 Prefer step-by-step? Click here</strong></summary>
### 1⃣ **Configure Your Accounts**
```bash
cp src/accounts.example.json src/accounts.json
# Edit accounts.json with your Microsoft credentials
```
### 2⃣ **Install Dependencies & Build**
```bash
npm install
npm run build
```
### 3⃣ **Choose Your Mode**
```bash
# Single run (test it works)
npm start
# Automated daily scheduler (set and forget)
npm run start:schedule
```
</details>
---
## 🎯 What Happens Next?
The script will automatically:
- 🔍 **Search Bing** for points (desktop + mobile)
- 📅 **Complete daily sets** (quizzes, polls, activities)
- 🎁 **Grab promotions** and bonus opportunities
- 🃏 **Work on punch cards** (multi-day challenges)
-**Daily check-ins** for easy points
- 📚 **Read articles** for additional rewards
**All while looking completely natural to Microsoft!** 🤖
---
## 🐳 Docker Alternative
If you prefer containers:
```bash
# Ensure accounts.json and config.json exist
docker compose up -d
# Follow logs
docker logs -f microsoft-rewards-script
```
**[Full Docker Guide →](./docker.md)**
---
## 🔧 Next Steps
Once running, explore these guides:
| Priority | Guide | Why Important |
|----------|-------|---------------|
| **High** | **[Accounts & 2FA](./accounts.md)** | Set up TOTP for secure automation |
| **High** | **[Scheduling](./schedule.md)** | Configure automated daily runs |
| **Medium** | **[Notifications](./ntfy.md)** | Get alerts on your phone |
| **Low** | **[Humanization](./humanization.md)** | Advanced anti-detection |
---
## 🆘 Need Help?
**Script not starting?** → [Troubleshooting Guide](./diagnostics.md)
**Login issues?** → [Accounts & 2FA Setup](./accounts.md)
**Want Docker?** → [Container Guide](./docker.md)
**Found a bug?** [Report it here](https://github.com/TheNetsky/Microsoft-Rewards-Script/issues)
**Need support?** [Join our Discord](https://discord.gg/KRBFxxsU)
---
## 🔗 Related Guides
- **[Accounts & 2FA](./accounts.md)** — Add Microsoft accounts with TOTP
- **[Docker](./docker.md)** — Deploy with containers
- **[Scheduler](./schedule.md)** — Automate daily execution
- **[Discord Webhooks](./conclusionwebhook.md)** — Get run summaries

193
docs/git-conflict-resolution.md Normal file
View File

@@ -0,0 +1,193 @@
# Git Conflict Resolution Guide
## Problem: "Pulling is not possible because you have unmerged files"
This error occurs when Git has conflicting changes between your local repository and the remote repository.
## Quick Fix (Recommended)
### Option 1: Keep Remote Changes (Safest for updates)
```bash
# Abort any ongoing operations
git merge --abort
git rebase --abort
# Reset to remote version (discards local changes)
git fetch --all
git reset --hard origin/main
# Reinstall and rebuild
npm ci
npm run build
```
### Option 2: Keep Local Changes
```bash
# Save your changes
git stash push -m "My local changes"
# Get remote changes
git fetch --all
git reset --hard origin/main
# Reapply your changes (may cause conflicts again)
git stash pop
```
## Automatic Conflict Prevention
The update script (`setup/update/update.mjs`) now automatically:
1. **Detects conflicts** before attempting updates
2. **Aborts** failed merge/rebase operations
3. **Preserves** your stashed changes
4. **Reports** exactly what went wrong
### Update Script Features
- ✅ Pre-flight conflict detection
- ✅ Automatic abort of failed operations
- ✅ Smart backup of config.jsonc and accounts.json
- ✅ User-configurable auto-update preferences
- ✅ Detailed error reporting with recovery instructions
## Config Options
In `config.jsonc`, set these to control what gets auto-updated:
```jsonc
{
"update": {
"autoUpdateConfig": false, // Keep your local config.jsonc
"autoUpdateAccounts": false, // Keep your local accounts.json
"git": true, // Enable Git updates
"docker": false // Enable Docker updates
}
}
```
## Manual Conflict Resolution
If you need to manually resolve conflicts:
### 1. Check Status
```bash
git status
```
### 2. View Conflicted Files
```bash
git ls-files -u
```
### 3. For Each Conflicted File
**Option A: Keep Remote Version**
```bash
git checkout --theirs <file>
git add <file>
```
**Option B: Keep Local Version**
```bash
git checkout --ours <file>
git add <file>
```
**Option C: Manual Edit**
- Open the file
- Look for `<<<<<<<`, `=======`, `>>>>>>>` markers
- Edit to keep what you want
- Remove the markers
- Save the file
```bash
git add <file>
```
### 4. Complete the Merge
```bash
git commit -m "Resolved conflicts"
```
## Prevention Tips
1. **Don't edit code files directly** - they're meant to be updated from Git
2. **Only customize** `config.jsonc` and `accounts.json`
3. **Use the auto-update feature** with proper config flags
4. **Commit your config changes** if you want version control
5. **Use branches** for custom modifications
## Troubleshooting
### "detached HEAD state"
```bash
git checkout main
git pull
```
### "Your branch has diverged"
```bash
git fetch origin
git reset --hard origin/main
```
### "Permission denied" or file locks
On Windows:
```powershell
# Close all Node/VS Code instances
taskkill /F /IM node.exe
git clean -fd
git reset --hard origin/main
```
On Linux/macOS:
```bash
sudo chown -R $USER:$USER .git
git clean -fd
git reset --hard origin/main
```
## Emergency Recovery
If everything is broken:
```bash
# Backup your config and accounts
cp src/config.jsonc ~/backup-config.jsonc
cp src/accounts.json ~/backup-accounts.json
# Nuclear option: fresh clone
cd ..
rm -rf Microsoft-Rewards-Rewi
git clone https://github.com/Light60-1/Microsoft-Rewards-Rewi.git
cd Microsoft-Rewards-Rewi
# Restore your files
cp ~/backup-config.jsonc src/config.jsonc
cp ~/backup-accounts.json src/accounts.json
# Reinstall
npm ci
npm run build
```
## Support
If conflicts persist:
1. Check GitHub Issues
2. Create a new issue with the output of `git status`
3. Include your update configuration settings
4. Mention your OS and Git version
---
**Remember**: The safest approach is to let Git updates manage code files, and only customize config and accounts files.

160
docs/humanization.md Normal file
View File

@@ -0,0 +1,160 @@
# 🤖 Humanization
**Make automation look natural to avoid detection**
---
## 💡 What Is It?
Humanization adds **random delays** and **subtle gestures** to mimic real human behavior.
### Why Use It?
-**Lower detection risk** — Looks less like a bot
-**Natural patterns** — Random timing, mouse moves
-**Built-in** — No configuration needed
---
## ⚡ Quick Start
**Edit** `src/config.jsonc`:
```jsonc
{
"humanization": {
"enabled": true
}
}
```
**That's it!** Default settings work for most users.
---
## 🎯 What It Does
### Random Delays
- **150-450ms pauses** between actions
- Mimics human decision-making time
- Prevents robotic patterns
### Subtle Gestures
- **Mouse movements** — Small cursor adjustments (40% chance)
- **Scrolling** — Minor page movements (20% chance)
- **Never clicks** random elements (safe by design)
### Temporal Patterns
- **Random off days** — Skip 1 day per week by default
- **Time windows** — Run only during certain hours (optional)
---
## 🎛️ Presets
### Default (Recommended)
```jsonc
{
"humanization": {
"enabled": true
}
}
```
Balanced safety and speed.
---
### Conservative (More Natural)
```jsonc
{
"humanization": {
"enabled": true,
"actionDelay": { "min": 300, "max": 800 },
"gestureMoveProb": 0.6,
"gestureScrollProb": 0.4,
"randomOffDaysPerWeek": 2
}
}
```
Slower but safer.
---
### Fast (Less Natural)
```jsonc
{
"humanization": {
"enabled": true,
"actionDelay": { "min": 100, "max": 250 },
"gestureMoveProb": 0.2,
"gestureScrollProb": 0.1,
"randomOffDaysPerWeek": 0
}
}
```
Faster execution, higher risk.
---
## ⏰ Time Windows (Optional)
Run only during specific hours:
```jsonc
{
"humanization": {
"enabled": true,
"allowedWindows": ["08:00-10:30", "20:00-22:30"]
}
}
```
Script **waits** until next allowed window if started outside.
---
## 📅 Random Off Days
Skip random days per week:
```jsonc
{
"humanization": {
"enabled": true,
"randomOffDaysPerWeek": 1 // Skip 1 random day/week
}
}
```
**Options:**
- `0` — Never skip days
- `1` — Skip 1 day/week (default)
- `2` — Skip 2 days/week
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **Too slow** | Lower `actionDelay`, reduce probabilities |
| **Too fast/robotic** | Increase delays, higher probabilities |
| **Not running at all** | Check `allowedWindows` time format |
---
## 📚 Next Steps
**Need vacation mode?**
→ See [Scheduler Vacation](./schedule.md#vacation-mode)
**Want scheduling?**
**[Scheduler Guide](./schedule.md)**
**More security?**
**[Security Guide](./security.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

78
docs/index.md Normal file
View File

@@ -0,0 +1,78 @@
# 📚 Documentation Hub
**Complete guide to automate Microsoft Rewards**
---
## 🚀 Start Here (In Order)
### For Complete Beginners
1. **[Accounts & 2FA](./accounts.md)** — Add your Microsoft accounts
2. **[Basic Config](./config.md#quick-start)** — 5 essential options
3. **[Scheduler](./schedule.md#quick-start)** — Automate daily runs
**You're all set! 🎉**
---
## 🔥 Popular Features
### Notifications & Monitoring
- **[Discord Webhooks](./conclusionwebhook.md)** — Get run summaries
- **[NTFY Push](./ntfy.md)** — Mobile alerts
### Anti-Ban & Privacy
- **[Humanization](./humanization.md)** — Natural behavior simulation
- **[Proxy Setup](./proxy.md)** — Change your IP (optional)
### Deployment
- **[Docker](./docker.md)** — Container deployment
- **[Diagnostics](./diagnostics.md)** — Troubleshooting
---
## 📖 All Documentation
### Configuration & Setup
- [Complete Configuration Reference](./config.md) — All options explained
- [Scheduler Setup](./schedule.md) — Automated timing
- [Job State](./jobstate.md) — Progress tracking
- [Auto-Update](./update.md) — Keep script current
### Advanced Features
- [Buy Mode](./buy-mode.md) — Manual purchase monitoring
- [Security Guide](./security.md) — Privacy & incident response
---
## 🆘 Need Help?
**Technical issue?** → [Diagnostics Guide](./diagnostics.md)
**Login problem?** → [Accounts & 2FA](./accounts.md#troubleshooting)
**Banned?** → [Security Guide](./security.md)
**Join Discord** → [Support Server](https://discord.gg/kn3695Kx32)
---
## 🎯 Quick Links by Use Case
### "I just installed the script"
→ [Getting Started](./getting-started.md) → [Accounts](./accounts.md) → [Scheduler](./schedule.md)
### "I want daily automation"
→ [Scheduler Guide](./schedule.md) → [Humanization](./humanization.md)
### "I need notifications"
→ [Discord Webhooks](./conclusionwebhook.md) or [NTFY](./ntfy.md)
### "I want to use Docker"
→ [Docker Guide](./docker.md)
### "Something's broken"
→ [Diagnostics](./diagnostics.md) → [Security](./security.md)
---
**[← Back to README](../README.md)**

118
docs/jobstate.md Normal file
View File

@@ -0,0 +1,118 @@
# 💾 Job State
**Resume interrupted tasks automatically**
---
## 💡 What Is It?
Saves progress after each completed task. If script crashes or stops, it resumes exactly where it left off.
🔁 **New:** Completed accounts are tracked per day. When you restart the bot after a failure, it skips accounts already finished and jumps directly to the remaining ones.
**Already enabled by default!**
---
## ⚡ How It Works
### Progress Tracking
```
sessions/job-state/
├── account1@email.com/
│ ├── daily-set-2025-10-16.json
│ ├── desktop-search-2025-10-16.json
│ └── mobile-search-2025-10-16.json
└── account2@email.com/
└── ...
```
-**Per-account** — Independent progress
-**Date-specific** — Fresh start each day
-**Auto-cleanup** — Old files remain for history
---
## 🎯 Benefits
### Interrupted Runs
| Scenario | Without Job State | With Job State |
|----------|-------------------|----------------|
| **Power outage** | Start from beginning | Resume from last task |
| **Manual stop** | Lose all progress | Pick up where left off |
| **Network failure** | Redo everything | Continue remaining tasks |
---
## ⚙️ Configuration
**Already enabled:**
```jsonc
{
"jobState": {
"enabled": true,
"skipCompletedAccounts": true, // Skip accounts already finished today
"dir": "" // Empty = use default location
}
}
```
**Custom location:**
```jsonc
{
"jobState": {
"enabled": true,
"skipCompletedAccounts": true,
"dir": "/custom/path/job-state"
}
}
```
> Set `skipCompletedAccounts` to `false` (or export `REWARDS_DISABLE_ACCOUNT_SKIP=1`/`true`) if you need to force every pass to run all accounts—for example when using `passesPerRun` > 1 or when intentionally repeating the whole rotation in the same day.
---
## 🧹 Maintenance
### Reset Progress (Fresh Start)
```powershell
# Reset all accounts
Remove-Item -Recurse -Force sessions/job-state/
# Reset one account
Remove-Item -Recurse -Force sessions/job-state/user@email.com/
```
### Cleanup Old Files
```powershell
# Keep last 7 days only
Get-ChildItem sessions/job-state -Recurse -Filter "*.json" | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(-7)} | Remove-Item
```
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **Tasks not resuming** | Check file permissions |
| **Duplicate execution** | Ensure system time is accurate |
| **Excessive files** | Implement cleanup schedule |
---
## 📚 Next Steps
**Need scheduler?**
**[Scheduler Guide](./schedule.md)**
**Want diagnostics?**
**[Diagnostics Guide](./diagnostics.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

118
docs/ntfy.md Normal file
View File

@@ -0,0 +1,118 @@
# 📱 NTFY Push Notifications
**Get alerts on your phone instantly**
---
## 💡 What Is NTFY?
Simple push notification service that sends alerts to your phone/desktop.
**Free to use:** No account required for basic features.
---
## ⚡ Quick Start
### 1. Install NTFY App
- **Android:** [Google Play](https://play.google.com/store/apps/details?id=io.heckel.ntfy)
- **iOS:** [App Store](https://apps.apple.com/app/ntfy/id1625396347)
### 2. Choose a Topic Name
Pick any unique name (e.g., `rewards-myname-2025`)
### 3. Subscribe in App
Open NTFY app → Add subscription → Enter your topic name
### 4. Configure Script
**Edit** `src/config.jsonc`:
```jsonc
{
"notifications": {
"ntfy": {
"enabled": true,
"url": "https://ntfy.sh",
"topic": "rewards-myname-2025"
}
}
}
```
**That's it!** You'll get push notifications on your phone.
---
## 🔔 What Notifications You Get
- 🚨 **Errors** — Script crashes, login failures
- ⚠️ **Warnings** — Missing points, suspicious activity
- 🏆 **Milestones** — Account completed successfully
- 💳 **Buy mode** — Point spending detected
- 📊 **Summary** — End-of-run report
---
## 🔒 Use Private Server (Optional)
### Self-Host NTFY
**Docker:**
```yaml
services:
ntfy:
image: binwiederhier/ntfy
ports:
- "80:80"
volumes:
- ./ntfy-data:/var/lib/ntfy
command: serve
```
**Then configure:**
```jsonc
{
"notifications": {
"ntfy": {
"enabled": true,
"url": "https://ntfy.yourdomain.com",
"topic": "rewards",
"authToken": "tk_your_token_here"
}
}
}
```
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **No notifications** | Check topic name matches exactly |
| **Wrong server** | Verify URL includes `https://` |
| **Auth failures** | Token must start with `tk_` |
### Test Manually
```bash
# Send test message
curl -d "Test from rewards script" https://ntfy.sh/your-topic
```
---
## 📚 Next Steps
**Want Discord too?**
**[Discord Webhooks](./conclusionwebhook.md)**
**Need detailed logs?**
**[Diagnostics Guide](./diagnostics.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

126
docs/proxy.md Normal file
View File

@@ -0,0 +1,126 @@
# 🌐 Proxy Setup
**Route traffic through proxy servers**
---
## 💡 Do You Need a Proxy?
**Most users DON'T need proxies.** Only use if:
- ✅ You run many accounts from same IP
- ✅ You want geographic flexibility
- ✅ Your IP is already flagged
**Otherwise, skip this guide.**
---
## ⚡ Quick Start
### Per-Account Proxy
**Edit** `src/accounts.json`:
```json
{
"accounts": [
{
"email": "your@email.com",
"password": "password",
"proxy": {
"proxyAxios": true,
"url": "proxy.example.com",
"port": 8080,
"username": "proxyuser",
"password": "proxypass"
}
}
]
}
```
**That's it!** Script uses proxy for this account only.
---
## 🎯 Proxy Types
### HTTP Proxy (Most Common)
```json
{
"proxy": {
"proxyAxios": true,
"url": "http://proxy.example.com",
"port": 8080,
"username": "user",
"password": "pass"
}
}
```
### SOCKS5 Proxy
```json
{
"proxy": {
"proxyAxios": true,
"url": "socks5://proxy.example.com",
"port": 1080,
"username": "user",
"password": "pass"
}
}
```
---
## 🏢 Recommended Providers
### Residential Proxies (Best)
- **Bright Data** — Premium quality, expensive
- **Smartproxy** — User-friendly
- **Oxylabs** — Enterprise-grade
### Datacenter Proxies (Cheaper)
- **SquidProxies** — Reliable
- **MyPrivateProxy** — Dedicated IPs
⚠️ **Avoid free proxies** — Unreliable and often blocked.
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **"Connection refused"** | Check proxy URL and port |
| **"407 Auth required"** | Verify username/password |
| **"Timeout"** | Try different proxy server |
| **"SSL error"** | Use HTTP instead of HTTPS |
### Test Proxy Manually
```bash
# Windows (PowerShell)
curl --proxy http://user:pass@proxy.com:8080 http://httpbin.org/ip
# Linux/macOS
curl --proxy http://user:pass@proxy.com:8080 http://httpbin.org/ip
```
---
## 📚 Next Steps
**Proxy working?**
**[Setup Scheduler](./schedule.md)**
**Need humanization?**
**[Humanization Guide](./humanization.md)**
**Multiple accounts?**
**[Accounts Guide](./accounts.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

179
docs/schedule.md Normal file
View File

@@ -0,0 +1,179 @@
# ⏰ Scheduler
**Automate daily script execution**
---
## ⚡ Quick Start
### Basic Setup
**Edit** `src/config.jsonc`:
```jsonc
{
"schedule": {
"enabled": true,
"time": "09:00",
"timeZone": "America/New_York"
}
}
```
**Start scheduler:**
```bash
npm run start:schedule
```
**That's it!** Script runs automatically at 9 AM daily.
---
## 🎯 Common Configurations
### Morning Run
```jsonc
{
"schedule": {
"enabled": true,
"time": "08:00",
"timeZone": "America/New_York"
}
}
```
### Evening Run
```jsonc
{
"schedule": {
"enabled": true,
"time": "20:00",
"timeZone": "Europe/Paris"
}
}
```
### Multiple Passes Per Day
```jsonc
{
"schedule": {
"enabled": true,
"time": "10:00",
"timeZone": "America/Los_Angeles"
},
"passesPerRun": 2
}
```
---
## 🌍 Common Timezones
| Region | Timezone |
|--------|----------|
| **US East** | `America/New_York` |
| **US West** | `America/Los_Angeles` |
| **UK** | `Europe/London` |
| **France** | `Europe/Paris` |
| **Germany** | `Europe/Berlin` |
[All timezones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
---
## 🎲 Advanced: Cron Expressions
Want more control? Use cron:
```jsonc
{
"schedule": {
"enabled": true,
"cron": "0 9 * * *", // Every day at 9 AM
"timeZone": "America/New_York"
}
}
```
### Cron Examples
```bash
"0 7 * * *" # Every day at 7:00 AM
"30 20 * * *" # Every day at 8:30 PM
"0 9,21 * * *" # Twice daily: 9 AM and 9 PM
"0 10 * * 1-5" # Weekdays only at 10 AM
```
[Cron syntax helper](https://crontab.guru/)
---
## 🏖️ Vacation Mode (Optional)
Skip random days each month to look more natural:
```jsonc
{
"vacation": {
"enabled": true,
"minDays": 3,
"maxDays": 5
}
}
```
**Example:** Script will randomly skip 3-5 consecutive days per month.
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **Scheduler not running** | Check `enabled: true` in config |
| **Wrong execution time** | Verify timezone spelling |
| **Runs multiple times** | Only use ONE scheduler instance |
| **Missed run** | Check if computer was off/sleeping |
### Debug Commands
**Check timezone:**
```powershell
node -e "console.log(new Date().toLocaleString('en-US', {timeZone: 'America/New_York'}))"
```
**Validate config:**
```powershell
npm run typecheck
```
---
## 🐳 Docker Integration
### Built-in Scheduler (Recommended)
```yaml
services:
rewards:
build: .
command: ["npm", "run", "start:schedule"]
environment:
TZ: Europe/Paris
```
Uses config from `src/config.jsonc`.
---
## 📚 Next Steps
**Want natural behavior?**
**[Humanization Guide](./humanization.md)**
**Need notifications?**
**[Discord Webhooks](./conclusionwebhook.md)**
**Docker setup?**
**[Docker Guide](./docker.md)**
---
**[← Back to Hub](./index.md)** | **[Getting Started](./getting-started.md)**

207
docs/security.md Normal file
View File

@@ -0,0 +1,207 @@
# 🔒 Security Guide
**Protect your accounts and handle security incidents**
---
## ⚠️ Important Disclaimer
**Using automation violates Microsoft's Terms of Service.**
Your accounts **may be banned**. Use at your own risk.
---
## 🛡️ Best Practices
### ✅ DO
- **Enable humanization** — Natural behavior reduces detection
- **Use 2FA/TOTP** — More secure authentication
- **Run 1-2x daily max** — Don't be greedy
- **Test on secondary accounts** — Never risk your main account
- **Enable vacation mode** — Random off days look natural
- **Monitor regularly** — Check diagnostics and logs
### ❌ DON'T
- **Run on main account** — Too risky
- **Schedule hourly** — Obvious bot pattern
- **Ignore warnings** — Security alerts matter
- **Use shared proxies** — Higher detection risk
- **Skip humanization** — Robotic behavior gets caught
---
## 🚨 Security Incidents
### Recovery Email Mismatch
**What:** Login shows unfamiliar recovery email (e.g., `ko*****@hacker.net`)
**Action:**
1. **Stop immediately** — Script halts automatically
2. **Check Microsoft Account** → Security settings
3. **Update config** if you changed email yourself:
```json
{
"recoveryEmail": "ko*****@hacker.net"
}
```
4. **Change password** if compromise suspected
---
### "We Can't Sign You In" (Blocked)
**What:** Microsoft blocks login attempt
**Action:**
1. **Wait 24-48 hours** — Temporary locks usually lift
2. **Complete any challenges** — SMS, authenticator, etc.
3. **Reduce frequency** — Run less often
4. **Enable humanization** — If not already enabled
5. **Check proxy** — Ensure consistent IP/location
---
## 🔐 Account Security
### Strong Credentials
```json
{
"accounts": [
{
"email": "your@email.com",
"password": "strong-unique-password",
"totp": "JBSWY3DPEHPK3PXP"
}
]
}
```
- ✅ **Unique passwords** per account
- ✅ **TOTP enabled** for all accounts (see below)
- ✅ **Strong passwords** (16+ characters)
- 🔄 **Rotate every 90 days**
**How to enable TOTP:**
- Go to https://account.live.com/proofs/Manage/additional and turn on two-step verification.
- Choose **"Set up a different authenticator app"**, then click **"I can't scan the bar code"** to reveal the Base32 secret.
- Scan the QR with an authenticator you control (Google Authenticator recommended) and copy the secret into `totp`.
- Enter the app-generated code once to finish pairing. The same secret powers both your app and the bot.
### File Permissions
```bash
# Linux/macOS - Restrict access
chmod 600 src/accounts.json
# Windows - Right-click → Properties → Security
# Remove all users except yourself
```
---
## 🌐 Network Security
### Use Proxies (Optional)
```json
{
"proxy": {
"proxyAxios": true,
"url": "proxy.example.com",
"port": 8080,
"username": "user",
"password": "pass"
}
}
```
**Benefits:**
- IP masking
- Geographic flexibility
- Reduces pattern detection
→ **[Full Proxy Guide](./proxy.md)**
---
## 📊 Monitoring
### Enable Diagnostics
```jsonc
{
"diagnostics": {
"enabled": true,
"saveScreenshot": true,
"saveHtml": true
}
}
```
→ **[Diagnostics Guide](./diagnostics.md)**
### Enable Notifications
```jsonc
{
"conclusionWebhook": {
"enabled": true,
"url": "https://discord.com/api/webhooks/..."
}
}
```
**[Webhook Setup](./conclusionwebhook.md)**
---
## 🛠️ Incident Response
### Account Compromised
1. **Stop all automation**
2. **Change password immediately**
3. **Check sign-in activity** in Microsoft Account
4. **Enable 2FA** if not already
5. **Review security info** (recovery email, phone)
6. **Contact Microsoft** if unauthorized access
### Temporary Ban
1. **Pause automation** for 48-72 hours
2. **Reduce frequency** when resuming
3. **Increase delays** in humanization
4. **Use proxy** from your region
5. **Monitor closely** after resuming
---
## 🔗 Privacy Tips
- 🔐 **Local-only** — All data stays on your machine
- 🚫 **No telemetry** — Script doesn't phone home
- 📁 **File security** — Restrict permissions
- 🔄 **Regular backups** — Keep config backups
- 🗑️ **Clean logs** — Delete old diagnostics
---
## 📚 Next Steps
**Setup humanization?**
**[Humanization Guide](./humanization.md)**
**Need proxies?**
**[Proxy Guide](./proxy.md)**
**Want monitoring?**
**[Diagnostics](./diagnostics.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

104
docs/update.md Normal file
View File

@@ -0,0 +1,104 @@
# 🔄 Auto-Update
**Keep script up to date automatically**
---
## 💡 What Is It?
After each run, script checks for updates and installs them automatically.
**Already enabled by default!**
---
## ⚡ How It Works
### After Each Run
1. **Fetch latest** from GitHub
2. **Pull changes** (safe fast-forward only)
3. **Install dependencies** (`npm ci`)
4. **Rebuild** (`npm run build`)
**No action needed from you!**
---
## ⚙️ Configuration
```jsonc
{
"update": {
"git": true, // Auto-update from Git
"docker": false // Docker container updates (if using Docker)
}
}
```
---
## 🐳 Docker Updates
If using Docker:
```jsonc
{
"update": {
"git": false,
"docker": true
}
}
```
Pulls latest Docker image and restarts container.
---
## 🛠️ Manual Update
### Git
```bash
git pull
npm ci
npm run build
```
### Docker
```bash
docker compose pull
docker compose up -d
```
---
## ⚠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **"Not a git repository"** | Clone repo (don't download ZIP) |
| **"Local changes"** | Commit or stash your changes |
| **"Update failed"** | Check internet connection |
### Reset to Remote
```bash
git fetch origin
git reset --hard origin/v2
npm ci
npm run build
```
---
## 📚 Next Steps
**Need security tips?**
**[Security Guide](./security.md)**
**Setup scheduler?**
**[Scheduler Guide](./schedule.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**