- Input normalization maps common spreadsheet headings to a canonical item schema.
- URL discovery starts with user-supplied product URLs and can add public search results.
- Policy checks apply allowlists, denylists,
robots.txt, and per-domain rate limits. - Fetching uses
requestsfirst and optionally starts a headless Chrome session for JavaScript-rendered pages. - Candidate extraction reads JSON-LD, product metadata, and price-like DOM elements.
- Candidate validation uses a local score, an optional Random Forest, or a configured cloud provider.
- Post-processing marks extreme prices using a median-absolute-deviation rule and selects the highest-confidence non-outlier per item.
- Reporting writes input snapshots, URL-level results, selected prices, summary metrics, and safe run metadata.
- Input workbooks are untrusted data.
- Downloaded HTML is untrusted data and is parsed as text; it is never executed by the application.
- Browser pages can execute their own JavaScript inside the isolated Selenium browser process.
- API credentials and proxy passwords are secrets and are never written to reports or logs.
- Cloud providers receive only the requested item, candidate list, URL, and a bounded page-text excerpt.
Implement CandidateProvider to add another candidate validator. Keep provider modules optional so the local pipeline remains usable without cloud services.