LightZirconite/Microsoft-Rewards-Bot
1
1
Fork 0
mirror of https://github.com/LightZirconite/Microsoft-Rewards-Bot.git synced 2026-01-09 17:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove outdated documentation files: dashboard-quickstart.md, diagnostics.md, docker.md, humanization.md, jobstate.md, ntfy.md, proxy.md, schedule.md, security.md, update.md

Browse Source
This commit is contained in:
LightZirconite
2025-11-09 13:44:22 +01:00
parent 9e166c0959
commit 8c94ce5b87
14 changed files with 0 additions and 2299 deletions
Download Patch File Download Diff File Expand all files Collapse all files

315
docs/FAQ.md
View File

@@ -1,315 +0,0 @@
# ❓ Frequently Asked Questions (FAQ)
<div align="center">
**Quick answers to common questions**
[📚 Back to Documentation Hub](index.md)
</div>
---
## 📋 Table of Contents
- [General Questions](#general-questions)
- [Installation & Setup](#installation--setup)
- [Configuration](#configuration)
- [Troubleshooting](#troubleshooting)
- [Safety & Security](#safety--security)
- [Features & Functionality](#features--functionality)
---
## General Questions
### What is this project?
This is an automated script that completes Microsoft Rewards tasks to earn points. It uses Playwright to control a browser and perform searches, quizzes, and other activities automatically.
### Is this legal?
The script itself is legal software. However, using automation tools may violate Microsoft's Terms of Service, which could result in account suspension or ban. **Use at your own risk.**
### Will I get banned?
There's always a risk when using automation. The script includes humanization features and anti-detection measures to reduce risk, but we cannot guarantee account safety. Many users have used it successfully for extended periods, but results vary.
### How many points can I earn per day?
Typically 150-300 points per day per account, depending on available activities and your region. This varies by country and account type.
### How long does a run take?
Usually 5-15 minutes per account, depending on:
- Number of searches required
- Available daily activities
- Humanization delay settings
- Internet speed
---
## Installation & Setup
### What are the system requirements?
- **Node.js 20+** (version 22 recommended)
- **2 GB RAM minimum** (4 GB recommended)
- **Windows, macOS, or Linux**
- **Stable internet connection**
### Do I need to install a browser?
No! Playwright downloads Chromium automatically during setup. You don't need Chrome or Edge installed.
### Can I use this on a Raspberry Pi?
Yes, but performance may be limited. Headless mode is recommended for resource-constrained devices.
### How do I update to the latest version?
```bash
# Using Git
git pull origin main
npm install
npm run build
# Or run the update script
npm run setup
```
### Can I run this on a server 24/7?
Yes! Use Docker with your preferred scheduler (cron, Kubernetes CronJob, etc.) or enable the image's optional cron mode. See the [Docker Guide](docker.md).
---
## Configuration
### Where do I put my Microsoft credentials?
In `src/accounts.jsonc`. Copy `src/accounts.example.jsonc` as a template.
⚠️ **Never commit this file to Git!** It should be in `.gitignore`.
### Do I need to enable 2FA/TOTP?
Not required, but **highly recommended** for:
- Automated login without manual code entry
- Better security
- 24/7 automation compatibility
See the [Accounts & 2FA Guide](accounts.md).
### How do I schedule automatic runs?
Use your operating system's scheduler. For example, Task Scheduler on Windows or `cron`/systemd timers on Linux:
```bash
# Windows Task Scheduler action (PowerShell)
powershell.exe -NoProfile -Command "cd 'C:\\Path\\To\\Microsoft-Rewards-Script'; npm run start"
# Linux cron example (daily at 09:15)
15 9 * * * cd /home/you/Microsoft-Rewards-Script && /usr/bin/env npm run start >> /home/you/rewards.log 2>&1
```
See the [External Scheduling Guide](schedule.md) for detailed steps.
### Can I run multiple accounts?
Yes! Add multiple entries to `accounts.jsonc` and adjust the `clusters` setting:
```jsonc
{
"execution": {
"clusters": 2 // Run 2 accounts in parallel
}
}
```
### Should I use headless mode?
- **Headless (`true`):** Background operation, required for Docker, lower resource usage
- **Non-headless (`false`):** See what the bot is doing, easier debugging
For production/automated runs, use headless mode.
---
## Troubleshooting
### The script won't start
1. **Check Node.js version:** `node --version` (must be 20+)
2. **Rebuild:** `npm run build`
3. **Check accounts.jsonc:** Valid JSON format?
4. **Review logs:** Look for error messages
### Login fails constantly
- **Wrong credentials:** Double-check email/password
- **2FA issues:** Verify TOTP secret is correct
- **Account locked:** Check Microsoft account security page
- **Recovery email mismatch:** Ensure recovery email matches account settings
See [Accounts Troubleshooting](accounts.md#troubleshooting).
### No points are earned
- **Already completed:** Tasks may be done for the day
- **Region restrictions:** Some activities vary by country
- **Account level:** New accounts may have limited activities
- **Ban/suspension:** Check account status on Microsoft Rewards
### Browser crashes or freezes
- **Increase timeout:** Adjust `browser.globalTimeout` in config
- **Reduce load:** Lower `clusters` value
- **Update dependencies:** `npm install`
- **Check system resources:** Ensure adequate RAM
### Docker container exits immediately
1. **Check logs:** `docker logs microsoft-rewards-bot`
2. **Verify mounts:** Ensure `accounts.jsonc` exists and is mounted
3. **Check config:** `headless` must be `true` for Docker
4. **Review environment variables:** Timezone, cron settings
See [Docker Troubleshooting](docker.md#troubleshooting).
### "Command not found" errors
Ensure you're in the project directory and have run `npm install`.
---
## Safety & Security
### How can I minimize ban risk?
1. **Enable humanization:** Keep `humanization.enabled: true`
2. **Use reasonable delays:** Don't make searches too fast
3. **Run consistently:** Daily runs at similar times
4. **Start with one account:** Test before scaling
5. **Monitor for warnings:** Check logs regularly
6. **Use vacation mode:** Enable random off-days
See [Humanization Guide](humanization.md).
### Is my data safe?
- **No telemetry:** The script doesn't send data anywhere except Microsoft
- **Local storage:** Credentials stay on your machine
- **Open source:** You can audit the code
See [Security Policy](../SECURITY.md).
### Can Microsoft detect this?
The script uses advanced anti-detection techniques:
- Browser fingerprinting management
- Human-like mouse movements and delays
- Natural search patterns
- Randomized timing
However, **no detection evasion is foolproof**. Always use at your own risk.
### Should I use a proxy?
Not required for most users. Consider a proxy if:
- Running many accounts from one IP
- Want extra privacy layer
- Your IP is rate-limited
See [Proxy Guide](proxy.md).
---
## Features & Functionality
### What tasks does the script complete?
- ✅ Desktop searches (30+)
- ✅ Mobile searches (20+)
- ✅ Daily set activities (quizzes, polls)
- ✅ More activities (promotional offers)
- ✅ Punch cards (multi-day challenges)
- ✅ Daily check-in
- ✅ Read to Earn articles
Configure in `config.jsonc` under `workers`.
### Can I disable specific activities?
Yes! In `config.jsonc`:
```jsonc
{
"workers": {
"doDesktopSearch": true,
"doMobileSearch": false, // Disable mobile searches
"doDailySet": true,
"doMorePromotions": false // Disable promotions
}
}
```
### How does the query generation work?
The script uses multiple sources for search queries:
- **Google Trends:** Current trending topics
- **Reddit:** Popular posts from various subreddits
- **Local fallback:** Pre-defined queries
This creates diverse, natural-looking search patterns.
See [Query Diversity Engine](config.md#query-diversity-engine).
### Can I get notifications?
Yes! The script supports:
- **Discord Webhooks:** Summary messages in Discord
- **NTFY:** Push notifications to mobile
See [Notifications Guide](conclusionwebhook.md) and [NTFY Guide](ntfy.md).
### What are "clusters"?
Clusters allow running multiple accounts in parallel using separate processes. Higher values = more accounts simultaneously (but more resource usage).
```jsonc
{
"execution": {
"clusters": 3 // Run 3 accounts at once
}
}
```
### How does the risk management system work?
The script includes:
- **Ban detection:** Monitors for suspension indicators
- **Risk prediction:** ML-based ban probability scoring
- **Adaptive delays:** Automatically adjusts timing based on risk
- **Emergency stop:** Halts execution on critical risk
See [Configuration Guide](config.md#risk-management--security).
---
## Still Have Questions?
- 💬 **[Join our Discord](https://discord.gg/k5uHkx9mne)** — Ask the community
- 📖 **[Documentation Hub](index.md)** — Browse all guides
- 🐛 **[GitHub Issues](https://github.com/Obsidian-wtf/Microsoft-Rewards-Bot/issues)** — Report problems
- 📧 **[Troubleshooting Guide](diagnostics.md)** — Debug common issues
---
<div align="center">
**Didn't find your answer?** [Ask on Discord](https://discord.gg/k5uHkx9mne) or [open an issue](https://github.com/Obsidian-wtf/Microsoft-Rewards-Bot/issues)!
[← Back to Documentation](index.md)
</div>

122
docs/conclusionwebhook.md
View File

@@ -1,122 +0,0 @@
# 📊 Discord Webhooks
**Get run summaries in Discord**
---
## 💡 What Is It?
Sends a **rich embed** to your Discord server after each run with:
- 📊 Total accounts processed
- 💎 Points earned
- ⏱️ Execution time
- ❌ Errors encountered
---
## ⚡ Quick Start
### 1. Create Webhook in Discord
1. **Open Discord** → Right-click channel
2. **Edit Channel****Integrations** tab
3. **Create Webhook**
4. **Copy webhook URL**
### 2. Configure Script
**Edit** `src/config.jsonc`:
```jsonc
{
"notifications": {
"conclusionWebhook": {
"enabled": true,
"url": "https://discord.com/api/webhooks/123456789/abcdef-your-webhook-token"
}
}
}
```
**That's it!** You'll get a summary after each run.
---
## 📋 Example Summary
```
🎯 Microsoft Rewards Summary
📊 Accounts: 3 • 0 with issues
💎 Points: 15,230 → 16,890 (+1,660)
⏱️ Average Duration: 8m 32s
📈 Cumulative Runtime: 25m 36s
👤 user1@example.com
Points: 5,420 → 6,140 (+720)
Duration: 7m 23s
Status: ✅ Completed successfully
👤 user2@example.com
Points: 4,810 → 5,750 (+940)
Duration: 9m 41s
Status: ✅ Completed successfully
👤 user3@example.com
Points: 5,000 → 5,000 (+0)
Duration: 8m 32s
Status: ✅ Completed successfully
```
---
## 🎯 Advanced: Separate Channels
Use different webhooks for different notifications:
```jsonc
{
"notifications": {
"webhook": {
"enabled": true,
"url": "https://discord.com/api/webhooks/.../errors-channel"
},
"conclusionWebhook": {
"enabled": true,
"url": "https://discord.com/api/webhooks/.../summary-channel"
}
}
}
```
- **`webhook`** — Real-time errors during execution
- **`conclusionWebhook`** — End-of-run summary
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **No message received** | Check webhook URL is complete |
| **"Invalid webhook"** | Regenerate webhook in Discord |
| **Partial data** | Ensure script completed fully |
### Test Webhook Manually
```bash
curl -X POST -H "Content-Type: application/json" -d '{"content":"Test message"}' "YOUR_WEBHOOK_URL"
```
---
## 📚 Next Steps
**Want mobile alerts?**
**[NTFY Push Notifications](./ntfy.md)**
**Need detailed logs?**
**[Troubleshooting Guide](./diagnostics.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

145
docs/config-reference.md
View File

@@ -1,145 +0,0 @@
# Configuration Reference
This page mirrors the defaults that ship in `src/config.jsonc` and explains what each field does. Use it as a companion after trimming comments from the JSONC file.
---
## General
| Key | Default | Notes |
| --- | --- | --- |
| `baseURL` | `https://rewards.bing.com` | Microsoft Rewards dashboard root. |
| `sessionPath` | `sessions` | Folder for cookies, fingerprints, and job-state. |
| `dryRun` | `false` | Log actions without executing tasks.
---
## Browser & Fingerprinting
| Key | Default | Notes |
| --- | --- | --- |
| `browser.headless` | `false` | Use `true` for CI or servers. |
| `browser.globalTimeout` | `"30s"` | Accepts milliseconds or readable strings (e.g. `"2min"`). |
| `fingerprinting.saveFingerprint.desktop` | `true` | Persist desktop fingerprint between runs. |
| `fingerprinting.saveFingerprint.mobile` | `true` | Persist mobile fingerprint.
---
## Execution & Job State
| Key | Default | Notes |
| --- | --- | --- |
| `execution.parallel` | `false` | Run desktop and mobile simultaneously. |
| `execution.runOnZeroPoints` | `false` | Skip account when no points remain. |
| `execution.clusters` | `1` | Worker processes. Increase for parallel accounts. |
| `execution.passesPerRun` | `1` | Extra full passes. Keep at `1` to allow job-state skipping. |
| `jobState.enabled` | `true` | Persist daily completion markers. |
| `jobState.dir` | `""` | Custom job-state directory (defaults under `sessionPath`).
> Raising `passesPerRun` intentionally prevents job-state from skipping finished accounts.
---
## Workers
| Key | Default | Notes |
| --- | --- | --- |
| `workers.doDailySet` | `true` | Daily set. |
| `workers.doMorePromotions` | `true` | Extra promotions. |
| `workers.doPunchCards` | `true` | Punch cards. |
| `workers.doDesktopSearch` | `true` | Desktop search tasks. |
| `workers.doMobileSearch` | `true` | Mobile search tasks. |
| `workers.doDailyCheckIn` | `true` | Mobile check-in. |
| `workers.doReadToEarn` | `true` | Read-to-earn. |
| `workers.bundleDailySetWithSearch` | `true` | Launch desktop search immediately after the daily set.
---
## Search & Diversity
| Key | Default | Notes |
| --- | --- | --- |
| `search.useLocalQueries` | `false` | **Recommended**: Forces Google Trends as primary source. Local `queries.json` used only as emergency fallback. |
| `search.settings.useGeoLocaleQueries` | `true` | Use account's country for Google Trends API (e.g., FR, DE, JP). Critical for localized queries. |
| `search.settings.scrollRandomResults` | `true` | Random scrolls for realism. |
| `search.settings.clickRandomResults` | `true` | Occasional safe click-through. |
| `search.settings.retryMobileSearchAmount` | `2` | Retries for mobile search failures. |
| `search.settings.delay.min/max` | `3min` / `5min` | Delay between searches. |
| `queryDiversity.enabled` | `true` | Combine multiple content sources. |
| `queryDiversity.sources` | `["google-trends", "reddit", "local-fallback"]` | **Recommended sources**. `news` requires API key (not included). `wikipedia` can be added optionally. |
| `queryDiversity.maxQueriesPerSource` | `10` | Cap per source. |
| `queryDiversity.cacheMinutes` | `30` | Cache lifetime in minutes.
> **Priority Order**: Google Trends (country-specific) → Reddit → Wikipedia → Local fallback (`queries.json`)
> **Supported Languages in `queries.json`**: English, French, German, Spanish, Italian, Portuguese, Dutch, Japanese
---
## Humanization & Vacation
| Key | Default | Notes |
| --- | --- | --- |
| `humanization.enabled` | `true` | Master toggle. |
| `humanization.stopOnBan` | `true` | Halt remaining accounts after a ban. |
| `humanization.immediateBanAlert` | `true` | Send alert instantly on ban. |
| `humanization.actionDelay.min/max` | `500` / `2200` | Extra wait between steps (ms). |
| `humanization.gestureMoveProb` | `0.65` | Chance of micro mouse move. |
| `humanization.gestureScrollProb` | `0.4` | Chance of small scroll. |
| `humanization.allowedWindows` | `[]` | Optional `HH:mm-HH:mm` windows. |
| `vacation.enabled` | `true` | Random monthly break. |
| `vacation.minDays` / `maxDays` | `2` / `4` | Range for skipped days.
---
## Risk Management & Retries
| Key | Default | Notes |
| --- | --- | --- |
| `riskManagement.enabled` | `true` | Adaptive risk scoring. |
| `riskManagement.autoAdjustDelays` | `true` | Increase delays on high risk. |
| `riskManagement.stopOnCritical` | `false` | Stop automation at critical risk. |
| `riskManagement.banPrediction` | `true` | Estimate ban likelihood. |
| `riskManagement.riskThreshold` | `75` | Alert threshold (0-100). |
| `retryPolicy.maxAttempts` | `3` | Generic retry attempts. |
| `retryPolicy.baseDelay` | `1000` | Initial backoff delay (ms or string). |
| `retryPolicy.maxDelay` | `"30s"` | Maximum backoff delay. |
| `retryPolicy.multiplier` | `2` | Backoff multiplier. |
| `retryPolicy.jitter` | `0.2` | Adds randomness to delays.
---
## Networking & Notifications
| Key | Default | Notes |
| --- | --- | --- |
| `proxy.proxyGoogleTrends` | `true` | Route Google Trends calls through the proxy. |
| `proxy.proxyBingTerms` | `true` | Route Bing requests through the proxy. |
| `webhook.enabled` | `false` | Live logs webhook. |
| `conclusionWebhook.enabled` | `false` | Summary webhook. |
| `ntfy.enabled` | `false` | Push notifications via NTFY. |
| `logging.excludeFunc` | `["SEARCH-CLOSE-TABS", "LOGIN-NO-PROMPT", "FLOW"]` | Buckets skipped locally. |
| `logging.webhookExcludeFunc` | same | Buckets skipped in webhook payloads. |
| `logging.redactEmails` | `true` | Mask email addresses in logs. |
---
## Updates
| Key | Default | Notes |
| --- | --- | --- |
| `update.git` | `true` | Run git updater after completion. |
| `update.docker` | `false` | Use Docker updater instead. |
| `update.scriptPath` | `setup/update/update.mjs` | Update script path. |
| `update.autoUpdateConfig` | `true` | Merge upstream config changes with backups. |
| `update.autoUpdateAccounts` | `false` | Skip account template merges unless you opt in.
---
### Recommended Workflow
1. Start from the default config and copy it if you need a local override.
2. Leave `passesPerRun` at `1` so job-state can skip accounts automatically.
3. Configure your external scheduler after validating manual runs.
4. Document any changes you make (without storing credentials in git).
Related docs: [`accounts.md`](./accounts.md), [`schedule.md`](./schedule.md), [`proxy.md`](./proxy.md), [`humanization.md`](./humanization.md), [`security.md`](./security.md).

77
docs/config.md
View File

@@ -1,77 +0,0 @@
# ⚙️ Configuration Guide
This guide explains **how to adjust `src/config.jsonc` safely** and when to touch each section. If you just need a field-by-field table, jump to [`config-reference.md`](./config-reference.md).
---
## 1. Recommended Editing Workflow
1. Keep the committed `src/config.jsonc` as your baseline. It already contains sane defaults.
2. Copy it next to the executable (project root) only when you need local overrides.
3. Edit with a JSONC-aware editor (VS Code works out of the box).
4. After major changes, run `npm run typecheck` or at least start the bot once to trigger the startup validator.
> The loader also accepts plain `config.json` (no comments) if you prefer standard JSON.
---
## 2. Essential Toggles (Review First)
| Section | Keys to check | Why it matters |
| --- | --- | --- |
| `execution` | `parallel`, `runOnZeroPoints`, `clusters`, `passesPerRun` | Determines concurrency and whether accounts repeat during the same day. Leave `passesPerRun` at `1` unless you knowingly want additional passes (job-state skip is disabled otherwise). |
| `workers` | `doDesktopSearch`, `doMobileSearch`, `doDailySet`, etc. | Disable tasks you never want to run to shorten execution time. |
| `humanization` | `enabled`, `stopOnBan`, `actionDelay` | Keep enabled for safer automation. Tweaks here influence ban resilience. |
| `proxy` | `proxyGoogleTrends`, `proxyBingTerms` | Tell the bot whether to route outbound API calls through your proxy. |
Once these are set, most users can leave the rest alone.
---
## 3. Handling Updates Safely
The `update` block defines how the post-run updater behaves:
- `git: true` keeps your checkout current by calling the bundled script.
- Backups live under `.update-backup/` before merges apply.
- Set `autoUpdateConfig` or `autoUpdateAccounts` to `false` if you prefer to keep local versions untouched (you will then need to merge new fields manually).
When running inside Docker, you can instead rely on `update.docker: true` so the container refresh is handled for you.
---
## 4. Logging and Notifications
- `logging`: adjust `excludeFunc` and `webhookExcludeFunc` if certain log buckets are too noisy. Keeping `redactEmails: true` prevents leaks when sharing logs.
- `notifications`: use `webhook`, `conclusionWebhook`, or `ntfy` for live updates. All three share the same `{ enabled, url }` structure.
- The validator flags unknown keys automatically, so old sections can be trimmed safely.
---
## 5. Advanced Tips
- **Risk management**: Leave `riskManagement.enabled` and `banPrediction` on unless you have a reason to reduce telemetry. Raising `riskThreshold` (>75) makes alerts rarer.
- **Search pacing**: The delay window (`search.settings.delay.min` / `max`) accepts either numbers (ms) or strings like `"2min"`. Keep the range wide enough for natural behaviour.
- **Dry run**: Set `dryRun: true` to test account rotation without performing tasks. Useful for validating login flow after configuration changes.
---
## 6. Validation & Troubleshooting
- The startup validator (`StartupValidator`) emits warnings/errors when config or accounts look suspicious. It never blocks execution but should be read carefully.
- For syntax issues, run `npm run typecheck` or open the JSONC file in VS Code to surface parsing errors immediately.
- Keep `logging` focused on the buckets you care about and rely on external log storage if you need long-term retention.
---
## 7. Reference
For complete field defaults and descriptions, open [`config-reference.md`](./config-reference.md). Additional topic-specific guides:
- [`accounts.md`](./accounts.md)
- [`schedule.md`](./schedule.md)
- [`proxy.md`](./proxy.md)
- [`humanization.md`](./humanization.md)
- [`security.md`](./security.md)
Happy tuning! 🎯

213
docs/dashboard-quickstart.md
View File

@@ -1,213 +0,0 @@
# 🚀 Dashboard Quick Start Guide
## What's New?
The dashboard has been completely redesigned with:
- ✨ Modern, beautiful interface with gradients and animations
- 🔄 Real-time updates via WebSocket
- 📊 Enhanced statistics and metrics
- 🎮 Better control panel
- 📱 Fully responsive design
- 🎨 Professional UI/UX
## Getting Started
### Option 1: Standalone Dashboard (Recommended for Testing)
Start only the dashboard to see the interface:
```bash
npm run build
npm run dashboard
```
Then open: **http://localhost:3000**
### Option 2: Enable with Bot
1. Edit `src/config.jsonc`:
```jsonc
{
"dashboard": {
"enabled": true,
"port": 3000,
"host": "127.0.0.1"
}
}
```
2. Start the bot:
```bash
npm start
```
Dashboard will be available at: **http://localhost:3000**
## What You'll See
### 📊 Header
- Bot logo and title
- Real-time status badge (RUNNING/STOPPED with animated indicator)
- Last run timestamp
### 📈 Statistics Cards
- **Total Accounts** - Number of configured accounts
- **Total Points** - Sum of all points across accounts
- **Completed** - Successfully processed accounts
- **Errors** - Accounts with issues
### 🎮 Control Panel
- **Start Bot** - Begin automation (shows when stopped)
- **Stop Bot** - Halt execution (shows when running)
- **Refresh** - Update all data manually
- **Clear Logs** - Remove log history
### 👥 Accounts Section
- List of all accounts with masked emails
- Current points for each account
- Status badge (idle, running, completed, error)
- Last sync timestamp
### 📋 Live Logs
- Real-time streaming logs
- Color-coded by level:
- 🟢 Green = Info
- 🟡 Yellow = Warning
- 🔴 Red = Error
- Platform indicators (MAIN, DESKTOP, MOBILE)
- Timestamps for each entry
- Auto-scrolling to latest
## Features to Try
### 1. Real-Time Updates
- Open dashboard while bot is running
- Watch logs appear instantly
- See account status change in real-time
- Notice points increment live
### 2. Control Bot
- Click "Start Bot" to begin automation
- Watch status badge change to RUNNING
- See logs stream in
- Click "Stop Bot" to halt
### 3. View Account Details
- Each account shows current points
- Status badge shows current state
- Last sync shows when it was processed
### 4. Manage Logs
- Logs auto-update as they happen
- Scroll through history
- Click "Clear Logs" to start fresh
- Logs persist in memory (up to 500 entries)
## API Access
You can also use the API directly:
### Get Status
```bash
curl http://localhost:3000/api/status
```
### Get All Accounts
```bash
curl http://localhost:3000/api/accounts
```
### Get Logs
```bash
curl http://localhost:3000/api/logs?limit=50
```
### Get Metrics
```bash
curl http://localhost:3000/api/metrics
```
### Control Bot
```bash
# Start
curl -X POST http://localhost:3000/api/start
# Stop
curl -X POST http://localhost:3000/api/stop
```
## WebSocket Testing
Test real-time WebSocket connection:
```javascript
// Open browser console at http://localhost:3000
const ws = new WebSocket('ws://localhost:3000');
ws.onopen = () => console.log('✓ Connected');
ws.onmessage = (event) => {
const data = JSON.parse(event.data);
console.log('Received:', data);
};
```
## Troubleshooting
### "Cannot GET /"
- Run `npm run build` first
- Check `public/index.html` exists
- Try `npm run dashboard-dev` instead
### No Accounts Showing
- Ensure `src/accounts.jsonc` is configured
- Check file exists and has valid JSON
- Refresh the page
### WebSocket Not Connected
- Check dashboard server is running
- Look for "WebSocket connected" in browser console
- Try refreshing the page
### Port Already in Use
Change the port:
```bash
# In config.jsonc
"dashboard": {
"port": 3001 // Use different port
}
```
Or use environment variable:
```bash
DASHBOARD_PORT=3001 npm run dashboard
```
## Next Steps
1. **Customize Theme** - Edit colors in `public/index.html`
2. **Add Features** - Extend API in `src/dashboard/routes.ts`
3. **Monitor Bot** - Leave dashboard open while bot runs
4. **Use API** - Build custom integrations
5. **Deploy** - Set up reverse proxy for remote access
## Tips
- 💡 Keep dashboard open in a browser tab while bot runs
- 💡 Use Refresh button if data seems stale
- 💡 Clear logs periodically for better performance
- 💡 Check browser console for WebSocket status
- 💡 Use API for automated monitoring scripts
## Need Help?
- 📖 Read full documentation in `src/dashboard/DASHBOARD.md`
- 🔍 Check API reference in `src/dashboard/README.md`
- 🐛 Report issues on GitHub
- 💬 Ask in community Discord
---
**Enjoy your new dashboard! 🎉**

81
docs/diagnostics.md
View File

@@ -1,81 +0,0 @@
# 🛠️ Troubleshooting Guide
Keep runs healthy by watching logs, catching alerts early, and validating your setup before enabling automation on a schedule.
---
## Quick Checklist
- ✅ Run `npm run start` manually after every configuration change.
- ✅ Confirm Node.js 20+ with `node -v` (22 LTS recommended).
- ✅ Keep dependencies current: `npm install` then `npm run build`.
- ✅ Double-check credentials, TOTP secrets, and recovery email values.
- ✅ Review external scheduler logs (Task Scheduler, cron, etc.).
---
## Capture Logs Reliably
### Terminal sessions
- **PowerShell**
```powershell
npm run start *>&1 | Tee-Object -FilePath logs/rewards.txt
```
- **Bash / Linux / macOS**
```bash
mkdir -p logs
npm run start >> logs/rewards.log 2>&1
```
### Verbose output
Set `DEBUG_REWARDS_VERBOSE=1` for additional context around worker progress and risk scoring.
```powershell
$env:DEBUG_REWARDS_VERBOSE = "1"
npm run start
```
Clear the variable afterwards (`Remove-Item Env:DEBUG_REWARDS_VERBOSE`).
### Structured alerts
- Enable `conclusionWebhook` to receive a summary on completion.
- Turn on `ntfy` for lightweight push alerts.
- Pipe logs into observability tools (ELK, Loki, etc.) if you self-host them.
---
## Common Issues & Fixes
| Symptom | Checks | Fix |
|---------|--------|-----|
| **Login loops or MFA prompts** | Ensure `totp` secret is correct, recovery email matches your Microsoft profile. | Regenerate TOTP from Microsoft Account, update `recoveryEmail`, retry manually. |
| **Points not increasing** | Review `workers` section; confirm searches complete in logs. | Enable missing workers, increase `passesPerRun`, verify network connectivity. |
| **Script stops early** | Look for `SECURITY` or `RISK` warnings. | Address ban alerts, adjust `riskManagement` thresholds, or pause for 24h. |
| **Scheduler runs but nothing happens** | Confirm working directory, environment variables, file paths. | Use absolute paths in cron/Task Scheduler, ensure `npm` is available on PATH. |
| **Proxy failures** | Check proxy URL/port/auth in logs. | Test with `curl`/`Invoke-WebRequest`, update credentials, or disable proxy temporarily. |
---
## Manual Investigation Tips
- **Single account test:** `npm run start -- --account email@example.com`
- **Playwright Inspector:** set `PWDEBUG=1` to pause the browser for step-by-step review.
- **Job state reset:** delete `sessions/job-state/` for a clean pass.
- **Session reset:** remove `sessions/` to force fresh logins.
- **Network tracing:** use the bundled Chromium DevTools (`--devtools`) when running locally.
---
## When to Revisit Config
- After Microsoft introduces new activities or login flows.
- When risk alerts become frequent (tune delays, enable vacation mode).
- If external schedulers overlap and cause concurrent runs.
- When scaling to more accounts (consider proxies, increase `clusters`).
---
**Related guides:** [Configuration](./config.md) · [Notifications](./conclusionwebhook.md) · [Security](./security.md)

262
docs/docker.md
View File

@@ -1,262 +0,0 @@
# 🐳 Docker Guide
Run the bot in a containerized environment with built-in cron scheduling.
---
## ⚡ Quick Start
1. **Create required files**
- `src/accounts.jsonc` with your credentials
- `src/config.jsonc` (optional, defaults apply if missing)
2. **Start the container**
```bash
docker compose up -d
```
3. **Watch logs**
```bash
docker logs -f microsoft-rewards-script
```
The container runs with cron scheduling enabled by default. Configure schedule via environment variables.
---
## 🎯 What's Included
- ✅ **Chromium Headless Shell** — Lightweight browser runtime
- ✅ **Built-in Cron** — Automated scheduling inside container
- ✅ **Volume Mounts** — Persistent sessions and configs
- ✅ **Forced Headless Mode** — Optimized for container stability
- ✅ **Health Checks** — Monitors cron daemon status
- ✅ **Random Sleep** — Spreads execution to avoid patterns
---
## 📁 Mounted Volumes
| Host Path | Container Path | Purpose |
|-----------|----------------|---------|
| `./src/accounts.jsonc` | `/usr/src/microsoft-rewards-script/dist/accounts.jsonc` | Account credentials (read-only) |
| `./src/config.jsonc` | `/usr/src/microsoft-rewards-script/dist/config.jsonc` | Configuration (read-only) |
| `./sessions` | `/usr/src/microsoft-rewards-script/sessions` | Cookies, fingerprints, and job-state |
| `./reports` | `/usr/src/microsoft-rewards-script/reports` | Run summaries and metrics |
Edit `compose.yaml` to adjust paths or add additional mounts.
---
## 🌍 Environment Variables
Configure via `compose.yaml`:
```yaml
services:
microsoft-rewards-script:
environment:
# Required
TZ: "America/Toronto" # Container timezone
CRON_SCHEDULE: "0 7,16,20 * * *" # When to run (crontab format)
# Optional
RUN_ON_START: "true" # Run immediately on startup
NODE_ENV: "production" # Node environment
# Randomization (spreads execution time)
MIN_SLEEP_MINUTES: "5" # Min random delay (default: 5)
MAX_SLEEP_MINUTES: "50" # Max random delay (default: 50)
SKIP_RANDOM_SLEEP: "false" # Set to "true" to disable
# Safety
STUCK_PROCESS_TIMEOUT_HOURS: "8" # Kill stuck runs (default: 8h)
```
### Key Variables
| Variable | Default | Description |
|----------|---------|-------------|
| `TZ` | `UTC` | Container timezone for logs and scheduling |
| `CRON_SCHEDULE` | Required | Cron expression (use [crontab.guru](https://crontab.guru)) |
| `RUN_ON_START` | `false` | Run once immediately when container starts |
| `MIN_SLEEP_MINUTES` | `5` | Minimum random delay before execution |
| `MAX_SLEEP_MINUTES` | `50` | Maximum random delay before execution |
| `SKIP_RANDOM_SLEEP` | `false` | Disable randomization (not recommended) |
| `STUCK_PROCESS_TIMEOUT_HOURS` | `8` | Timeout for stuck processes |
---
## 🕐 Cron Schedule Examples
| Schedule | Description | Cron Expression |
|----------|-------------|-----------------|
| Daily at 09:00 | Single daily run | `0 9 * * *` |
| Three times daily | 07:00, 16:00, 20:00 | `0 7,16,20 * * *` |
| Every 6 hours | Four runs per day | `0 */6 * * *` |
| Weekdays at 08:00 | MondayFriday only | `0 8 * * 1-5` |
| Twice daily | 09:00 and 21:00 | `0 9,21 * * *` |
**Validate expressions:** [crontab.guru](https://crontab.guru)
---
## 🔧 Common Commands
```bash
# Start container
docker compose up -d
# View logs (follow)
docker logs -f microsoft-rewards-script
# View last 100 lines
docker logs --tail 100 microsoft-rewards-script
# Stop container
docker compose down
# Rebuild image (after code changes)
docker compose build --no-cache
docker compose up -d
# Restart container
docker compose restart
# Check container status
docker compose ps
```
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **"accounts.jsonc not found"** | Ensure file exists at `./src/accounts.jsonc` |
| **"Browser launch failed"** | Verify `FORCE_HEADLESS=1` is set (automatic in Dockerfile) |
| **"Permission denied"** | Fix file permissions: `chmod 644 src/*.jsonc` |
| **Cron not running** | Check logs for "Cron configured" message |
| **Wrong timezone** | Update `TZ` in `compose.yaml` and restart |
| **No output in logs** | Wait for cron schedule or set `RUN_ON_START=true` |
### Debug Container
```bash
# Enter container shell
docker exec -it microsoft-rewards-script /bin/bash
# Check Node.js version
docker exec -it microsoft-rewards-script node --version
# Inspect mounted config
docker exec -it microsoft-rewards-script cat /usr/src/microsoft-rewards-script/dist/config.jsonc
# Check environment variables
docker exec -it microsoft-rewards-script printenv | grep -E "TZ|CRON"
# View cron configuration
docker exec -it microsoft-rewards-script crontab -l
# Check if cron is running
docker exec -it microsoft-rewards-script ps aux | grep cron
```
---
## <20> Health Check
The container includes a health check that monitors the cron daemon:
```yaml
healthcheck:
test: ["CMD", "sh", "-c", "pgrep cron > /dev/null || exit 1"]
interval: 60s
timeout: 10s
retries: 3
start_period: 30s
```
Check health status:
```bash
docker inspect --format='{{.State.Health.Status}}' microsoft-rewards-script
```
---
## ⚠️ Important Notes
### Platform Compatibility
The Docker build **automatically generates platform-specific dependencies** for the target architecture:
- ✅ **Windows (x86_64)** — Fully supported
- ✅ **Linux (x86_64)** — Fully supported
- ✅ **Raspberry Pi (ARM64)** — Fully supported
- ✅ **macOS (ARM64/Apple Silicon)** — Fully supported
The build process regenerates `package-lock.json` inside the container to ensure native dependencies (Playwright, etc.) match the target platform. This means:
- **No cross-platform compatibility issues**
- **Native performance on all architectures**
- **Raspberry Pi users won't encounter binary mismatch errors**
### Headless Mode Required
Docker containers **must run in headless mode**. The Dockerfile automatically sets `FORCE_HEADLESS=1`. Do not disable this.
### Random Sleep Behavior
- **Enabled by default** to avoid detection patterns
- Adds 5-50 minutes random delay before each run
- Disable only for testing: `SKIP_RANDOM_SLEEP=true`
- First run (when `RUN_ON_START=true`) skips random sleep
---
## <20> Resource Limits
Recommended settings in `compose.yaml`:
```yaml
services:
microsoft-rewards-script:
mem_limit: 4g # Maximum RAM
cpus: 2 # CPU cores
```
Adjust based on your system and number of accounts.
---
## 🔒 Security Hardening
The compose file includes security measures:
```yaml
security_opt:
- no-new-privileges:true # Prevents privilege escalation
```
Volumes are mounted **read-only** (`:ro`) for credentials to prevent tampering.
---
## 📚 Next Steps
**Need 2FA setup?**
**[Accounts & TOTP Guide](./accounts.md)**
**Want notifications?**
**[Discord Webhooks](./conclusionwebhook.md)**
**[NTFY Push Alerts](./ntfy.md)**
**Need proxy configuration?**
**[Proxy Setup](./proxy.md)**
**External scheduling?**
**[Scheduling Guide](./schedule.md)**
---
**[← Back to Hub](./index.md)** | **[Getting Started](./getting-started.md)**

160
docs/humanization.md
View File

@@ -1,160 +0,0 @@
# 🤖 Humanization
**Make automation look natural to avoid detection**
---
## 💡 What Is It?
Humanization adds **random delays** and **subtle gestures** to mimic real human behavior.
### Why Use It?
-**Lower detection risk** — Looks less like a bot
-**Natural patterns** — Random timing, mouse moves
-**Built-in** — No configuration needed
---
## ⚡ Quick Start
**Edit** `src/config.jsonc`:
```jsonc
{
"humanization": {
"enabled": true
}
}
```
**That's it!** Default settings work for most users.
---
## 🎯 What It Does
### Random Delays
- **150-450ms pauses** between actions
- Mimics human decision-making time
- Prevents robotic patterns
### Subtle Gestures
- **Mouse movements** — Small cursor adjustments (40% chance)
- **Scrolling** — Minor page movements (20% chance)
- **Never clicks** random elements (safe by design)
### Temporal Patterns
- **Random off days** — Skip 1 day per week by default
- **Time windows** — Run only during certain hours (optional)
---
## 🎛️ Presets
### Default (Recommended)
```jsonc
{
"humanization": {
"enabled": true
}
}
```
Balanced safety and speed.
---
### Conservative (More Natural)
```jsonc
{
"humanization": {
"enabled": true,
"actionDelay": { "min": 300, "max": 800 },
"gestureMoveProb": 0.6,
"gestureScrollProb": 0.4,
"randomOffDaysPerWeek": 2
}
}
```
Slower but safer.
---
### Fast (Less Natural)
```jsonc
{
"humanization": {
"enabled": true,
"actionDelay": { "min": 100, "max": 250 },
"gestureMoveProb": 0.2,
"gestureScrollProb": 0.1,
"randomOffDaysPerWeek": 0
}
}
```
Faster execution, higher risk.
---
## ⏰ Time Windows (Optional)
Run only during specific hours:
```jsonc
{
"humanization": {
"enabled": true,
"allowedWindows": ["08:00-10:30", "20:00-22:30"]
}
}
```
Script **waits** until next allowed window if started outside.
---
## 📅 Random Off Days
Skip random days per week:
```jsonc
{
"humanization": {
"enabled": true,
"randomOffDaysPerWeek": 1 // Skip 1 random day/week
}
}
```
**Options:**
- `0` — Never skip days
- `1` — Skip 1 day/week (default)
- `2` — Skip 2 days/week
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **Too slow** | Lower `actionDelay`, reduce probabilities |
| **Too fast/robotic** | Increase delays, higher probabilities |
| **Not running at all** | Check `allowedWindows` time format |
---
## 📚 Next Steps
**Need vacation mode?**
→ See [Vacation settings](./config.md#vacation)
**Want scheduling?**
**[External Scheduling](./schedule.md)**
**More security?**
**[Security Guide](./security.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

118
docs/jobstate.md
View File

@@ -1,118 +0,0 @@
# 💾 Job State
**Resume interrupted tasks automatically**
---
## 💡 What Is It?
Saves progress after each completed task. If script crashes or stops, it resumes exactly where it left off.
🔁 **New:** Completed accounts are tracked per day. When you restart the bot after a failure, it skips accounts already finished and jumps directly to the remaining ones.
**Already enabled by default!**
---
## ⚡ How It Works
### Progress Tracking
```
sessions/job-state/
├── account1@email.com/
│ ├── daily-set-2025-10-16.json
│ ├── desktop-search-2025-10-16.json
│ └── mobile-search-2025-10-16.json
└── account2@email.com/
└── ...
```
-**Per-account** — Independent progress
-**Date-specific** — Fresh start each day
-**Auto-cleanup** — Old files remain for history
---
## 🎯 Benefits
### Interrupted Runs
| Scenario | Without Job State | With Job State |
|----------|-------------------|----------------|
| **Power outage** | Start from beginning | Resume from last task |
| **Manual stop** | Lose all progress | Pick up where left off |
| **Network failure** | Redo everything | Continue remaining tasks |
---
## ⚙️ Configuration
**Already enabled:**
```jsonc
{
"jobState": {
"enabled": true,
"skipCompletedAccounts": true, // Skip accounts already finished today
"dir": "" // Empty = use default location
}
}
```
**Custom location:**
```jsonc
{
"jobState": {
"enabled": true,
"skipCompletedAccounts": true,
"dir": "/custom/path/job-state"
}
}
```
> Set `skipCompletedAccounts` to `false` (or export `REWARDS_DISABLE_ACCOUNT_SKIP=1`/`true`) if you need to force every pass to run all accounts—for example when using `passesPerRun` > 1 or when intentionally repeating the whole rotation in the same day.
---
## 🧹 Maintenance
### Reset Progress (Fresh Start)
```powershell
# Reset all accounts
Remove-Item -Recurse -Force sessions/job-state/
# Reset one account
Remove-Item -Recurse -Force sessions/job-state/user@email.com/
```
### Cleanup Old Files
```powershell
# Keep last 7 days only
Get-ChildItem sessions/job-state -Recurse -Filter "*.json" | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(-7)} | Remove-Item
```
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **Tasks not resuming** | Check file permissions |
| **Duplicate execution** | Ensure system time is accurate |
| **Excessive files** | Implement cleanup schedule |
---
## 📚 Next Steps
**Need automation?**
**[External Scheduling](./schedule.md)**
**Need troubleshooting tips?**
**[Troubleshooting Guide](./diagnostics.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

117
docs/ntfy.md
View File

@@ -1,117 +0,0 @@
# 📱 NTFY Push Notifications
**Get alerts on your phone instantly**
---
## 💡 What Is NTFY?
Simple push notification service that sends alerts to your phone/desktop.
**Free to use:** No account required for basic features.
---
## ⚡ Quick Start
### 1. Install NTFY App
- **Android:** [Google Play](https://play.google.com/store/apps/details?id=io.heckel.ntfy)
- **iOS:** [App Store](https://apps.apple.com/app/ntfy/id1625396347)
### 2. Choose a Topic Name
Pick any unique name (e.g., `rewards-myname-2025`)
### 3. Subscribe in App
Open NTFY app → Add subscription → Enter your topic name
### 4. Configure Script
**Edit** `src/config.jsonc`:
```jsonc
{
"notifications": {
"ntfy": {
"enabled": true,
"url": "https://ntfy.sh",
"topic": "rewards-myname-2025"
}
}
}
```
**That's it!** You'll get push notifications on your phone.
---
## 🔔 What Notifications You Get
- 🚨 **Errors** — Script crashes, login failures
- ⚠️ **Warnings** — Missing points, suspicious activity
- 🏆 **Milestones** — Account completed successfully
- **Summary** — End-of-run report
---
## 🔒 Use Private Server (Optional)
### Self-Host NTFY
**Docker:**
```yaml
services:
ntfy:
image: binwiederhier/ntfy
ports:
- "80:80"
volumes:
- ./ntfy-data:/var/lib/ntfy
command: serve
```
**Then configure:**
```jsonc
{
"notifications": {
"ntfy": {
"enabled": true,
"url": "https://ntfy.yourdomain.com",
"topic": "rewards",
"authToken": "tk_your_token_here"
}
}
}
```
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **No notifications** | Check topic name matches exactly |
| **Wrong server** | Verify URL includes `https://` |
| **Auth failures** | Token must start with `tk_` |
### Test Manually
```bash
# Send test message
curl -d "Test from rewards script" https://ntfy.sh/your-topic
```
---
## 📚 Next Steps
**Want Discord too?**
**[Discord Webhooks](./conclusionwebhook.md)**
**Need troubleshooting tips?**
**[Troubleshooting Guide](./diagnostics.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

126
docs/proxy.md
View File

@@ -1,126 +0,0 @@
# 🌐 Proxy Setup
**Route traffic through proxy servers**
---
## 💡 Do You Need a Proxy?
**Most users DON'T need proxies.** Only use if:
- ✅ You run many accounts from same IP
- ✅ You want geographic flexibility
- ✅ Your IP is already flagged
**Otherwise, skip this guide.**
---
## ⚡ Quick Start
### Per-Account Proxy
**Edit** `src/accounts.json`:
```json
{
"accounts": [
{
"email": "your@email.com",
"password": "password",
"proxy": {
"proxyAxios": true,
"url": "proxy.example.com",
"port": 8080,
"username": "proxyuser",
"password": "proxypass"
}
}
]
}
```
**That's it!** Script uses proxy for this account only.
---
## 🎯 Proxy Types
### HTTP Proxy (Most Common)
```json
{
"proxy": {
"proxyAxios": true,
"url": "http://proxy.example.com",
"port": 8080,
"username": "user",
"password": "pass"
}
}
```
### SOCKS5 Proxy
```json
{
"proxy": {
"proxyAxios": true,
"url": "socks5://proxy.example.com",
"port": 1080,
"username": "user",
"password": "pass"
}
}
```
---
## 🏢 Recommended Providers
### Residential Proxies (Best)
- **Bright Data** — Premium quality, expensive
- **Smartproxy** — User-friendly
- **Oxylabs** — Enterprise-grade
### Datacenter Proxies (Cheaper)
- **SquidProxies** — Reliable
- **MyPrivateProxy** — Dedicated IPs
⚠️ **Avoid free proxies** — Unreliable and often blocked.
---
## 🛠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **"Connection refused"** | Check proxy URL and port |
| **"407 Auth required"** | Verify username/password |
| **"Timeout"** | Try different proxy server |
| **"SSL error"** | Use HTTP instead of HTTPS |
### Test Proxy Manually
```bash
# Windows (PowerShell)
curl --proxy http://user:pass@proxy.com:8080 http://httpbin.org/ip
# Linux/macOS
curl --proxy http://user:pass@proxy.com:8080 http://httpbin.org/ip
```
---
## 📚 Next Steps
**Proxy working?**
**[Schedule Runs](./schedule.md)**
**Need humanization?**
**[Humanization Guide](./humanization.md)**
**Multiple accounts?**
**[Accounts Guide](./accounts.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

266
docs/schedule.md
View File

@@ -1,266 +0,0 @@
# Automatic Task Scheduling
The bot can **automatically configure** your system's task scheduler when you run it for the first time. This works on:
-**Windows** → Windows Task Scheduler
-**Linux/Raspberry Pi** → cron
-**macOS** → cron
---
## Quick Setup (Recommended)
### 1. Edit your configuration
Open `src/config.jsonc` and find the `scheduling` section:
```jsonc
{
"scheduling": {
"enabled": true, // ← Change this to true
"type": "auto", // ← Leave as "auto" for automatic detection
// For Linux/Raspberry Pi/macOS:
"cron": {
"schedule": "0 9 * * *" // ← Daily at 9 AM (customize if needed)
},
// For Windows:
"taskScheduler": {
"schedule": "09:00", // ← Daily at 9:00 AM (customize if needed)
"frequency": "daily"
}
}
}
```
### 2. Run the bot once
```bash
npm run start
```
**That's it!** The bot will automatically:
- Detect your operating system
- Configure the appropriate scheduler (cron or Task Scheduler)
- Set it up to run at your specified time
- Show you a confirmation message
### 3. Verify it worked
**Linux/Raspberry Pi/macOS:**
```bash
crontab -l
```
You should see a line with `# Microsoft-Rewards-Bot`
**Windows:**
- Open Task Scheduler
- Look for "Microsoft-Rewards-Bot" in the task list
---
## Configuration Examples
### Example 1: Raspberry Pi - Run daily at 9 AM
```jsonc
{
"scheduling": {
"enabled": true,
"type": "auto",
"cron": {
"schedule": "0 9 * * *",
"logFile": "/home/pi/rewards.log" // Optional: save logs here
}
}
}
```
### Example 2: Windows - Run twice daily
```jsonc
{
"scheduling": {
"enabled": true,
"type": "auto",
"taskScheduler": {
"schedule": "09:00", // First run at 9 AM
"frequency": "daily"
}
}
}
```
For multiple times per day on Windows, you'll need to manually create additional tasks.
### Example 3: Linux - Run on weekdays only at 2:30 PM
```jsonc
{
"scheduling": {
"enabled": true,
"type": "cron",
"cron": {
"schedule": "30 14 * * 1-5" // 2:30 PM, Monday-Friday
}
}
}
```
### Cron Schedule Examples
Use [crontab.guru](https://crontab.guru) to create custom schedules:
| Schedule | Description |
|----------|-------------|
| `0 9 * * *` | Every day at 9:00 AM |
| `30 14 * * *` | Every day at 2:30 PM |
| `0 9,21 * * *` | Every day at 9:00 AM and 9:00 PM |
| `0 9 * * 1-5` | Weekdays at 9:00 AM (Monday-Friday) |
| `0 */6 * * *` | Every 6 hours |
| `0 8 * * 0` | Every Sunday at 8:00 AM |
---
## Disabling Automatic Scheduling
To remove the scheduled task:
1. Set `"enabled": false` in your config
2. Run the bot once: `npm run start`
3. The scheduler will be automatically removed
Or manually remove it:
**Linux/Raspberry Pi/macOS:**
```bash
crontab -e
# Delete the line with "# Microsoft-Rewards-Bot"
```
**Windows:**
- Open Task Scheduler
- Find "Microsoft-Rewards-Bot"
- Right-click → Delete
---
## Manual Configuration (Advanced)
If you prefer manual setup or need more control, follow these platform-specific guides:
### Windows Task Scheduler (Manual)
1. Open Task Scheduler, choose **Create Basic Task...**, and name it `Microsoft Rewards Bot`.
2. Pick a trigger (daily, weekly, at startup, etc.).
3. Choose **Start a Program** and configure:
- Program/script: `powershell.exe`
- Arguments: `-NoProfile -ExecutionPolicy Bypass -Command "cd 'C:\Users\YourUser\Microsoft-Rewards-Script'; npm run start"`
- Start in (optional): `C:\Users\YourUser\Microsoft-Rewards-Script`
4. Finish the wizard, edit the task on the **General** tab, and enable **Run whether user is logged on or not**. Grant highest privileges if required.
5. Test with **Run**. Append `| Tee-Object -FilePath C:\Logs\rewards.log` to capture output in a file.
> Tip: prefer a batch file? Create `run-rewards.bat` with `cd /d C:\Users\YourUser\Microsoft-Rewards-Script` and `npm run start`, then point Task Scheduler to that file.
---
## Linux / macOS (cron - Manual)
1. Run `npm run start` once to confirm the project completes successfully.
2. Edit the crontab: `crontab -e`.
3. Add an entry (example: 09:15 daily):
```cron
15 9 * * * cd /home/you/Microsoft-Rewards-Script && /usr/bin/env npm run start >> /home/you/rewards.log 2>&1
```
4. Save the file and verify the log after the next trigger.
Need multiple runs? Add more cron lines with different times (for example `0 9 * * *` and `30 18 * * *`).
---
## Systemd Timer (Linux alternative - Manual)
1. Create `/etc/systemd/system/rewards-bot.service`:
```ini
[Unit]
Description=Microsoft Rewards Bot
WorkingDirectory=/home/you/Microsoft-Rewards-Script
[Service]
Type=oneshot
Environment=NODE_ENV=production
ExecStart=/usr/bin/env npm run start
```
2. Create `/etc/systemd/system/rewards-bot.timer`:
```ini
[Unit]
Description=Run Microsoft Rewards Bot daily
[Timer]
OnCalendar=*-*-* 09:00:00
Persistent=true
[Install]
WantedBy=timers.target
```
3. Reload and enable:
```bash
sudo systemctl daemon-reload
sudo systemctl enable --now rewards-bot.timer
```
4. Inspect status via `systemctl status rewards-bot.timer` and recent runs with `journalctl -u rewards-bot.service`.
---
## Docker & Containers
- The container now runs a single pass. Restart it on your schedule (cron, Kubernetes CronJob, Task Scheduler, etc.).
- To schedule inside the container, set:
```yaml
USE_CRON: "true"
CRON_SCHEDULE: "0 9 * * *"
RUN_ON_START: "true"
```
The entrypoint installs cron, runs according to `CRON_SCHEDULE`, and tails `/var/log/cron.log`.
- Mount `accounts.jsonc`, `config.jsonc`, and `sessions/` so each run shares state.
---
## Troubleshooting
**"cron is not installed"** (Linux/Raspberry Pi)
```bash
sudo apt-get update
sudo apt-get install cron
```
**"Permission denied"** (Linux/Raspberry Pi)
- The bot needs write access to crontab
- Make sure you're running as the correct user
**"Access denied"** (Windows)
- Right-click PowerShell or Command Prompt
- Choose "Run as Administrator"
- Run `npm run start` again
**Task not running at scheduled time:**
1. Check your system's time and timezone
2. Verify the schedule format is correct
3. For cron: use [crontab.guru](https://crontab.guru) to validate
4. Check logs to see if there are any errors
**Manually check if scheduler is active:**
**Linux/Raspberry Pi:**
```bash
crontab -l | grep "Microsoft-Rewards"
```
**Windows:**
```powershell
schtasks /Query /TN "Microsoft-Rewards-Bot" /FO LIST
```
---
**Next steps:** [Configuration](./config.md) · [Docker](./docker.md) · [Humanization](./humanization.md)

193
docs/security.md
View File

@@ -1,193 +0,0 @@
# 🔒 Security Guide
**Protect your accounts and handle security incidents**
---
## ⚠️ Important Disclaimer
**Using automation violates Microsoft's Terms of Service.**
Your accounts **may be banned**. Use at your own risk.
---
## 🛡️ Best Practices
### ✅ DO
- **Enable humanization** — Natural behavior reduces detection
- **Use 2FA/TOTP** — More secure authentication
- **Run 1-2x daily max** — Don't be greedy
- **Test on secondary accounts** — Never risk your main account
- **Enable vacation mode** — Random off days look natural
- **Monitor regularly** — Check logs and webhook alerts
### ❌ DON'T
- **Run on main account** — Too risky
- **Schedule hourly** — Obvious bot pattern
- **Ignore warnings** — Security alerts matter
- **Use shared proxies** — Higher detection risk
- **Skip humanization** — Robotic behavior gets caught
---
## 🚨 Security Incidents
### Recovery Email Mismatch
**What:** Login shows unfamiliar recovery email (e.g., `ko*****@hacker.net`)
**Action:**
1. **Stop immediately** — Script halts automatically
2. **Check Microsoft Account** → Security settings
3. **Update config** if you changed email yourself:
```json
{
"recoveryEmail": "ko*****@hacker.net"
}
```
4. **Change password** if compromise suspected
---
### "We Can't Sign You In" (Blocked)
**What:** Microsoft blocks login attempt
**Action:**
1. **Wait 24-48 hours** — Temporary locks usually lift
2. **Complete any challenges** — SMS, authenticator, etc.
3. **Reduce frequency** — Run less often
4. **Enable humanization** — If not already enabled
5. **Check proxy** — Ensure consistent IP/location
---
## 🔐 Account Security
### Strong Credentials
```json
{
"accounts": [
{
"email": "your@email.com",
"password": "strong-unique-password",
"totp": "JBSWY3DPEHPK3PXP"
}
]
}
```
- ✅ **Unique passwords** per account
- ✅ **TOTP enabled** for all accounts (see below)
- ✅ **Strong passwords** (16+ characters)
- 🔄 **Rotate every 90 days**
**How to enable TOTP:**
- Go to https://account.live.com/proofs/Manage/additional and turn on two-step verification.
- Choose **"Set up a different authenticator app"**, then click **"I can't scan the bar code"** to reveal the Base32 secret.
- Scan the QR with an authenticator you control (Google Authenticator recommended) and copy the secret into `totp`.
- Enter the app-generated code once to finish pairing. The same secret powers both your app and the bot.
### File Permissions
```bash
# Linux/macOS - Restrict access
chmod 600 src/accounts.json
# Windows - Right-click → Properties → Security
# Remove all users except yourself
```
---
## 🌐 Network Security
### Use Proxies (Optional)
```json
{
"proxy": {
"proxyAxios": true,
"url": "proxy.example.com",
"port": 8080,
"username": "user",
"password": "pass"
}
}
```
**Benefits:**
- IP masking
- Geographic flexibility
- Reduces pattern detection
→ **[Full Proxy Guide](./proxy.md)**
---
## 📊 Monitoring
### Enable Notifications
```jsonc
{
"conclusionWebhook": {
"enabled": true,
"url": "https://discord.com/api/webhooks/..."
}
}
```
**[Webhook Setup](./conclusionwebhook.md)**
---
## 🛠️ Incident Response
### Account Compromised
1. **Stop all automation**
2. **Change password immediately**
3. **Check sign-in activity** in Microsoft Account
4. **Enable 2FA** if not already
5. **Review security info** (recovery email, phone)
6. **Contact Microsoft** if unauthorized access
### Temporary Ban
1. **Pause automation** for 48-72 hours
2. **Reduce frequency** when resuming
3. **Increase delays** in humanization
4. **Use proxy** from your region
5. **Monitor closely** after resuming
---
## 🔗 Privacy Tips
- 🔐 **Local-only** — All data stays on your machine
- 🚫 **No telemetry** — Script doesn't phone home
- 📁 **File security** — Restrict permissions
- 🔄 **Regular backups** — Keep config backups
- 🗑️ **Clean logs** — Rotate or delete old log files
---
## 📚 Next Steps
**Setup humanization?**
**[Humanization Guide](./humanization.md)**
**Need proxies?**
**[Proxy Guide](./proxy.md)**
**Want monitoring?**
**[Notifications Guide](./conclusionwebhook.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**

104
docs/update.md
View File

@@ -1,104 +0,0 @@
# 🔄 Auto-Update
**Keep script up to date automatically**
---
## 💡 What Is It?
After each run, script checks for updates and installs them automatically.
**Already enabled by default!**
---
## ⚡ How It Works
### After Each Run
1. **Fetch latest** from GitHub
2. **Pull changes** (safe fast-forward only)
3. **Install dependencies** (`npm ci`)
4. **Rebuild** (`npm run build`)
**No action needed from you!**
---
## ⚙️ Configuration
```jsonc
{
"update": {
"git": true, // Auto-update from Git
"docker": false // Docker container updates (if using Docker)
}
}
```
---
## 🐳 Docker Updates
If using Docker:
```jsonc
{
"update": {
"git": false,
"docker": true
}
}
```
Pulls latest Docker image and restarts container.
---
## 🛠️ Manual Update
### Git
```bash
git pull
npm ci
npm run build
```
### Docker
```bash
docker compose pull
docker compose up -d
```
---
## ⚠️ Troubleshooting
| Problem | Solution |
|---------|----------|
| **"Not a git repository"** | Clone repo (don't download ZIP) |
| **"Local changes"** | Commit or stash your changes |
| **"Update failed"** | Check internet connection |
### Reset to Remote
```bash
git fetch origin
git reset --hard origin/v2
npm ci
npm run build
```
---
## 📚 Next Steps
**Need security tips?**
**[Security Guide](./security.md)**
**Need automation?**
**[External Scheduling](./schedule.md)**
---
**[← Back to Hub](./index.md)** | **[Config Guide](./config.md)**