Add --ensure-auth flag to goto action

[avifenesh]

Problem

When navigating to an authenticated page headlessly, there is no way to tell the skill "if this hits an auth redirect, handle it automatically." The agent must inspect the returned snapshot, determine if it landed on a login page, and then manually invoke checkpoint as a separate step.

Proposal

Add a --ensure-auth flag to the goto action:

node web-ctl.js run session goto https://mail.google.com --ensure-auth

Behavior:

• Navigate to the URL headlessly as normal
• If the final URL is an auth redirect (detected via URL patterns or page content), automatically open a headed checkpoint for the user to complete authentication
• After the user completes auth in the checkpoint, re-navigate to the original target URL
• Return the final authenticated page snapshot

Without This Flag

goto https://mail.google.com
  -> returns account-chooser snapshot (agent reads, diagnoses)
checkpoint
  -> user logs in (180s wait)
goto https://mail.google.com
  -> finally returns inbox snapshot

3 round-trips, significant token and time waste.

With This Flag

goto https://mail.google.com --ensure-auth
  -> detects auth wall, opens checkpoint, user logs in, re-navigates
  -> returns inbox snapshot

1 round-trip.

Impact

Eliminates a full agent diagnostic cycle when navigating to authenticated pages.