updated task 1.8.7

pm/tasks.org

@@ -276,6 +276,35 @@
 - commit: `7789c2e` on branch `cx`
 - tests: `./venv/bin/python -m unittest discover -s tests`; `./venv/bin/python scrape_giant.py --help`; `./venv/bin/python scrape_costco.py --help`; verified Firefox storage token extraction and locked-db copy behavior in unit tests
 - date: 2026-03-16
+* [ ] t1.8.7: simplify costco session bootstrap and remove over-abstraction (2-4 commits)
+
+** acceptance criteria
+- make `scrape_costco.py` readable end-to-end without tracing through multiple partial bootstrap layers
+- keep `browser_session.py` limited to low-level browser data access only:
+  - firefox profile discovery
+  - cookie loading
+  - storage reads
+  - sqlite copy/read helpers
+- remove or sharply reduce `retailer_sessions.py` so retailer-specific header extraction lives with the retailer scraper or in a very small retailer-specific helper
+- make session bootstrap flow explicit and linear:
+  - load browser context
+  - extract costco auth values
+  - build request headers
+  - build requests session
+- eliminate inconsistent/obsolete function signatures and dead call paths (e.g. mixed `build_session(...)` calling conventions, stale fallback branches, mismatched `build_headers(...)` args)
+- add one focused bootstrap debug print showing whether cookies, authorization, client id, and client identifier were found
+- preserve current working behavior where available; this is a refactor/clarification task, not a feature expansion task
+
+** notes
+- goal is to restore concern separation and debuggability
+- prefer obvious retailer-specific code over “generic” helpers that guess and obscure control flow
+- browser access can stay shared; retailer auth mapping should be explicit
+- no new heuristics in this task
+
+** evidence
+- commit:
+- tests:
+- date:  
 * [ ] t1.9: compute normalized comparison metrics (2-4 commits)
 
 ** acceptance criteria