🔐 Implement robust session persistence to avoid 'are you human' captcha checks

- Add comprehensive session persistence with cookies, localStorage, and sessionStorage
- Implement stealth browser features to reduce bot detection
- Add smartLogin() method that prioritizes saved sessions over fresh logins
- Create session management utilities (refresh, clear, test validity)
- Update enhanced screenshot service to use session persistence
- Add comprehensive documentation and test script
- Support manual login fallback when captcha is encountered
- Sessions stored in .tradingview-session/ directory for Docker compatibility

This solves the captcha problem by avoiding repeated logins through persistent sessions.

SESSION_PERSISTENCE.md

@@ -0,0 +1,217 @@
+# TradingView Session Persistence & Captcha Avoidance
+
+## Problem
+
+TradingView implements "Are you human?" captcha checks that block automated login attempts. This prevents our trading bot from automatically logging in and capturing screenshots for analysis.
+
+## Solution
+
+We've implemented **session persistence** that saves login sessions and reuses them across runs, effectively avoiding captcha challenges.
+
+## How It Works
+
+### 1. Session Data Storage
+
+The system saves three types of session data:
+
+- **Cookies**: Authentication tokens and session identifiers
+- **localStorage**: User preferences and settings
+- **sessionStorage**: Temporary session data
+
+Session data is stored in `.tradingview-session/` directory:
+```
+.tradingview-session/
+├── cookies.json         # Authentication cookies
+└── session-storage.json # Browser storage data
+```
+
+### 2. Stealth Features
+
+To reduce bot detection, the browser is configured with:
+
+- Custom user agent strings
+- Disabled automation indicators
+- Realistic browser headers
+- Plugin and language mocking
+
+### 3. Smart Login Process
+
+The `smartLogin()` method follows this priority:
+
+1. **Check existing session**: If already logged in, continue
+2. **Test saved session**: Load and validate saved session data
+3. **Manual intervention**: If needed, prompt for manual login
+4. **Save new session**: Store successful login for future use
+
+## Usage
+
+### First Time Setup
+
+```javascript
+import { TradingViewAutomation } from './lib/tradingview-automation.js'
+
+const automation = new TradingViewAutomation()
+await automation.init()
+
+// First run - manual login required
+const success = await automation.smartLogin()
+// This will open TradingView and wait for manual login
+// Once you log in manually, the session is saved
+```
+
+### Subsequent Runs
+
+```javascript
+// Future runs automatically use saved session
+const automation = new TradingViewAutomation()
+await automation.init()
+
+const success = await automation.smartLogin()
+// This will use saved session - no captcha!
+```
+
+### Testing Session Persistence
+
+```bash
+# Run the test script
+node test-session-avoid-captcha.js
+```
+
+## API Integration
+
+The analysis API automatically uses session persistence:
+
+```bash
+curl -X POST http://localhost:3000/api/analyze \\
+  -H "Content-Type: application/json" \\
+  -d '{
+    "symbol": "SOLUSD",
+    "timeframe": "5"
+  }'
+```
+
+The API will:
+1. Check for saved session
+2. Use it if valid (no captcha)
+3. Return analysis results
+
+## Session Management
+
+### Check Session Status
+
+```javascript
+const info = await automation.getSessionInfo()
+console.log(info)
+// {
+//   isAuthenticated: true,
+//   hasSavedCookies: true,
+//   hasSavedStorage: true,
+//   cookiesCount: 15,
+//   currentUrl: "https://www.tradingview.com"
+// }
+```
+
+### Refresh Session
+
+```javascript
+// Keep session alive
+const refreshed = await automation.refreshSession()
+```
+
+### Clear Session
+
+```javascript
+// Clear expired or invalid session
+await automation.clearSession()
+```
+
+### Test Session Validity
+
+```javascript
+const test = await automation.testSessionPersistence()
+// {
+//   hasSessionData: true,
+//   isValid: true,
+//   sessionInfo: {...}
+// }
+```
+
+## Manual Setup Process
+
+1. **Run the bot for the first time**
+2. **Browser opens automatically** (in Docker, this happens in headless mode)
+3. **Manual login required**: Log in through the browser interface
+4. **Session saved**: Once logged in, session data is automatically saved
+5. **Future runs**: No more captcha challenges!
+
+## Docker Integration
+
+In Docker environment:
+
+```bash
+# Start the container
+docker-compose up -d
+
+# Run session setup (manual login required once)
+docker exec -it trading_bot_v3 node test-session-avoid-captcha.js
+
+# After setup, API calls work without captcha
+curl -X POST http://localhost:3000/api/analyze \\
+  -H "Content-Type: application/json" \\
+  -d '{"symbol": "SOLUSD", "timeframe": "5"}'
+```
+
+## Session Persistence Benefits
+
+✅ **No more captcha challenges** after initial setup  
+✅ **Faster login process** (reuses existing session)  
+✅ **Automatic session refresh** to keep sessions alive  
+✅ **Docker compatible** session storage  
+✅ **Fallback to manual login** when needed  
+
+## Troubleshooting
+
+### Session Expired
+
+If you get login failures:
+
+```javascript
+// Clear expired session and start fresh
+await automation.clearSession()
+await automation.smartLogin() // Will prompt for manual login
+```
+
+### No Manual Browser Available
+
+For servers without display:
+
+1. Run initial setup on local machine
+2. Copy `.tradingview-session/` to server
+3. Server uses saved session data
+
+### Session Not Working
+
+Check session status:
+
+```javascript
+const info = await automation.getSessionInfo()
+if (!info.isAuthenticated || !info.hasSavedCookies) {
+  // Need fresh login
+  await automation.clearSession()
+  await automation.smartLogin()
+}
+```
+
+## Files Modified
+
+- `lib/tradingview-automation.ts`: Core session persistence logic
+- `lib/enhanced-screenshot.ts`: Updated to use smart login
+- `test-session-avoid-captcha.js`: Test script for session setup
+- `.tradingview-session/`: Session data storage directory (auto-created)
+
+## Security
+
+- Session data is stored locally only
+- No credentials are permanently stored
+- Session files can be manually deleted if needed
+- Works with environment variables for credentials