Merge branch 'main' into fix/orphaned-message-error-handling
This commit is contained in:
commit
3966059237
2
.gitignore
vendored
2
.gitignore
vendored
@ -40,6 +40,8 @@ apps/ios/*.xcfilelist
|
|||||||
|
|
||||||
# Vendor build artifacts
|
# Vendor build artifacts
|
||||||
vendor/a2ui/renderers/lit/dist/
|
vendor/a2ui/renderers/lit/dist/
|
||||||
|
src/canvas-host/a2ui/*.bundle.js
|
||||||
|
src/canvas-host/a2ui/*.map
|
||||||
.bundle.hash
|
.bundle.hash
|
||||||
|
|
||||||
# fastlane (iOS)
|
# fastlane (iOS)
|
||||||
|
|||||||
12
CHANGELOG.md
12
CHANGELOG.md
@ -6,6 +6,8 @@ Docs: https://docs.clawd.bot
|
|||||||
Status: unreleased.
|
Status: unreleased.
|
||||||
|
|
||||||
### Changes
|
### Changes
|
||||||
|
- macOS: limit project-local `node_modules/.bin` PATH preference to debug builds (reduce PATH hijacking risk).
|
||||||
|
- Tools: add per-sender group tool policies and fix precedence. (#1757) Thanks @adam91holt.
|
||||||
- Agents: summarize dropped messages during compaction safeguard pruning. (#2509) Thanks @jogi47.
|
- Agents: summarize dropped messages during compaction safeguard pruning. (#2509) Thanks @jogi47.
|
||||||
- Skills: add multi-image input support to Nano Banana Pro skill. (#1958) Thanks @tyler6204.
|
- Skills: add multi-image input support to Nano Banana Pro skill. (#1958) Thanks @tyler6204.
|
||||||
- Agents: honor tools.exec.safeBins in exec allowlist checks. (#2281)
|
- Agents: honor tools.exec.safeBins in exec allowlist checks. (#2281)
|
||||||
@ -36,7 +38,10 @@ Status: unreleased.
|
|||||||
- CI: increase Node heap size for macOS checks. (#1890) Thanks @realZachi.
|
- CI: increase Node heap size for macOS checks. (#1890) Thanks @realZachi.
|
||||||
- macOS: avoid crash when rendering code blocks by bumping Textual to 0.3.1. (#2033) Thanks @garricn.
|
- macOS: avoid crash when rendering code blocks by bumping Textual to 0.3.1. (#2033) Thanks @garricn.
|
||||||
- Browser: fall back to URL matching for extension relay target resolution. (#1999) Thanks @jonit-dev.
|
- Browser: fall back to URL matching for extension relay target resolution. (#1999) Thanks @jonit-dev.
|
||||||
|
- Browser: route browser control via gateway/node; remove standalone browser control command and control URL config.
|
||||||
|
- Browser: route `browser.request` via node proxies when available; honor proxy timeouts; derive browser ports from `gateway.port`.
|
||||||
- Update: ignore dist/control-ui for dirty checks and restore after ui builds. (#1976) Thanks @Glucksberg.
|
- Update: ignore dist/control-ui for dirty checks and restore after ui builds. (#1976) Thanks @Glucksberg.
|
||||||
|
- Build: bundle A2UI assets during build and stop tracking generated bundles. (#2455) Thanks @0oAstro.
|
||||||
- Telegram: allow caption param for media sends. (#1888) Thanks @mguellsegarra.
|
- Telegram: allow caption param for media sends. (#1888) Thanks @mguellsegarra.
|
||||||
- Telegram: support plugin sendPayload channelData (media/buttons) and validate plugin commands. (#1917) Thanks @JoshuaLelon.
|
- Telegram: support plugin sendPayload channelData (media/buttons) and validate plugin commands. (#1917) Thanks @JoshuaLelon.
|
||||||
- Telegram: avoid block replies when streaming is disabled. (#1885) Thanks @ivancasco.
|
- Telegram: avoid block replies when streaming is disabled. (#1885) Thanks @ivancasco.
|
||||||
@ -57,6 +62,8 @@ Status: unreleased.
|
|||||||
|
|
||||||
### Fixes
|
### Fixes
|
||||||
- Agents: add error handling to orphaned message cleanup to prevent message processing queue from blocking. (#2262)
|
- Agents: add error handling to orphaned message cleanup to prevent message processing queue from blocking. (#2262)
|
||||||
|
- Memory Search: keep auto provider model defaults and only include remote when configured. (#2576) Thanks @papago2355.
|
||||||
|
- macOS: auto-scroll to bottom when sending a new message while scrolled up. (#2471) Thanks @kennyklee.
|
||||||
- Gateway: suppress AbortError and transient network errors in unhandled rejections. (#2451) Thanks @Glucksberg.
|
- Gateway: suppress AbortError and transient network errors in unhandled rejections. (#2451) Thanks @Glucksberg.
|
||||||
- TTS: keep /tts status replies on text-only commands and avoid duplicate block-stream audio. (#2451) Thanks @Glucksberg.
|
- TTS: keep /tts status replies on text-only commands and avoid duplicate block-stream audio. (#2451) Thanks @Glucksberg.
|
||||||
- Security: pin npm overrides to keep tar@7.5.4 for install toolchains.
|
- Security: pin npm overrides to keep tar@7.5.4 for install toolchains.
|
||||||
@ -67,6 +74,7 @@ Status: unreleased.
|
|||||||
- CLI: avoid loading config for global help/version while registering plugin commands. (#2212) Thanks @dial481.
|
- CLI: avoid loading config for global help/version while registering plugin commands. (#2212) Thanks @dial481.
|
||||||
- Agents: include memory.md when bootstrapping memory context. (#2318) Thanks @czekaj.
|
- Agents: include memory.md when bootstrapping memory context. (#2318) Thanks @czekaj.
|
||||||
- Agents: release session locks on process termination and cover more signals. (#2483) Thanks @janeexai.
|
- Agents: release session locks on process termination and cover more signals. (#2483) Thanks @janeexai.
|
||||||
|
- Agents: skip cooldowned providers during model failover. (#2143) Thanks @YiWang24.
|
||||||
- Telegram: harden polling + retry behavior for transient network errors and Node 22 transport issues. (#2420) Thanks @techboss.
|
- Telegram: harden polling + retry behavior for transient network errors and Node 22 transport issues. (#2420) Thanks @techboss.
|
||||||
- Telegram: wrap reasoning italics per line to avoid raw underscores. (#2181) Thanks @YuriNachos.
|
- Telegram: wrap reasoning italics per line to avoid raw underscores. (#2181) Thanks @YuriNachos.
|
||||||
- Telegram: centralize API error logging for delivery and bot calls. (#2492) Thanks @altryne.
|
- Telegram: centralize API error logging for delivery and bot calls. (#2492) Thanks @altryne.
|
||||||
@ -705,7 +713,7 @@ Thanks @AlexMikhalev, @CoreyH, @John-Rood, @KrauseFx, @MaudeBot, @Nachx639, @Nic
|
|||||||
|
|
||||||
### Highlights
|
### Highlights
|
||||||
- Web search: `web_search`/`web_fetch` tools (Brave API) + first-time setup in onboarding/configure.
|
- Web search: `web_search`/`web_fetch` tools (Brave API) + first-time setup in onboarding/configure.
|
||||||
- Browser control: Chrome extension relay takeover mode + remote browser control via `clawdbot browser serve`.
|
- Browser control: Chrome extension relay takeover mode + remote browser control support.
|
||||||
- Plugins: channel plugins (gateway HTTP hooks) + Zalo plugin + onboarding install flow. (#854) — thanks @longmaba.
|
- Plugins: channel plugins (gateway HTTP hooks) + Zalo plugin + onboarding install flow. (#854) — thanks @longmaba.
|
||||||
- Security: expanded `clawdbot security audit` (+ `--fix`), detect-secrets CI scan, and a `SECURITY.md` reporting policy.
|
- Security: expanded `clawdbot security audit` (+ `--fix`), detect-secrets CI scan, and a `SECURITY.md` reporting policy.
|
||||||
|
|
||||||
@ -723,7 +731,7 @@ Thanks @AlexMikhalev, @CoreyH, @John-Rood, @KrauseFx, @MaudeBot, @Nachx639, @Nic
|
|||||||
- Security: add detect-secrets CI scan and baseline guidance. (#227) — thanks @Hyaxia.
|
- Security: add detect-secrets CI scan and baseline guidance. (#227) — thanks @Hyaxia.
|
||||||
- Tools: add `web_search`/`web_fetch` (Brave API), auto-enable `web_fetch` for sandboxed sessions, and remove the `brave-search` skill.
|
- Tools: add `web_search`/`web_fetch` (Brave API), auto-enable `web_fetch` for sandboxed sessions, and remove the `brave-search` skill.
|
||||||
- CLI/Docs: add a web tools configure section for storing Brave API keys and update onboarding tips.
|
- CLI/Docs: add a web tools configure section for storing Brave API keys and update onboarding tips.
|
||||||
- Browser: add Chrome extension relay takeover mode (toolbar button), plus `clawdbot browser extension install/path` and remote browser control via `clawdbot browser serve` + `browser.controlToken`.
|
- Browser: add Chrome extension relay takeover mode (toolbar button), plus `clawdbot browser extension install/path` and remote browser control (standalone server + token auth).
|
||||||
|
|
||||||
### Fixes
|
### Fixes
|
||||||
- Sessions: refactor session store updates to lock + mutate per-entry, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.
|
- Sessions: refactor session store updates to lock + mutate per-entry, add chat.inject, and harden subagent cleanup flow. (#944) — thanks @tyler6204.
|
||||||
|
|||||||
@ -384,7 +384,6 @@ Browser control (optional):
|
|||||||
{
|
{
|
||||||
browser: {
|
browser: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
color: "#FF4500"
|
color: "#FF4500"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -13,6 +13,10 @@ For threat model + hardening guidance (including `clawdbot security audit --deep
|
|||||||
|
|
||||||
- `https://docs.clawd.bot/gateway/security`
|
- `https://docs.clawd.bot/gateway/security`
|
||||||
|
|
||||||
|
### Web Interface Safety
|
||||||
|
|
||||||
|
Clawdbot's web interface is intended for local use only. Do **not** bind it to the public internet; it is not hardened for public exposure.
|
||||||
|
|
||||||
## Runtime Requirements
|
## Runtime Requirements
|
||||||
|
|
||||||
### Node.js Version
|
### Node.js Version
|
||||||
|
|||||||
@ -83,7 +83,10 @@ enum CommandResolver {
|
|||||||
"/usr/bin",
|
"/usr/bin",
|
||||||
"/bin",
|
"/bin",
|
||||||
]
|
]
|
||||||
|
#if DEBUG
|
||||||
|
// Dev-only convenience. Avoid project-local PATH hijacking in release builds.
|
||||||
extras.insert(projectRoot.appendingPathComponent("node_modules/.bin").path, at: 0)
|
extras.insert(projectRoot.appendingPathComponent("node_modules/.bin").path, at: 0)
|
||||||
|
#endif
|
||||||
let clawdbotPaths = self.clawdbotManagedPaths(home: home)
|
let clawdbotPaths = self.clawdbotManagedPaths(home: home)
|
||||||
if !clawdbotPaths.isEmpty {
|
if !clawdbotPaths.isEmpty {
|
||||||
extras.insert(contentsOf: clawdbotPaths, at: 1)
|
extras.insert(contentsOf: clawdbotPaths, at: 1)
|
||||||
@ -189,9 +192,13 @@ enum CommandResolver {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static func projectClawdbotExecutable(projectRoot: URL? = nil) -> String? {
|
static func projectClawdbotExecutable(projectRoot: URL? = nil) -> String? {
|
||||||
|
#if DEBUG
|
||||||
let root = projectRoot ?? self.projectRoot()
|
let root = projectRoot ?? self.projectRoot()
|
||||||
let candidate = root.appendingPathComponent("node_modules/.bin").appendingPathComponent(self.helperName).path
|
let candidate = root.appendingPathComponent("node_modules/.bin").appendingPathComponent(self.helperName).path
|
||||||
return FileManager().isExecutableFile(atPath: candidate) ? candidate : nil
|
return FileManager().isExecutableFile(atPath: candidate) ? candidate : nil
|
||||||
|
#else
|
||||||
|
return nil
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static func nodeCliPath() -> String? {
|
static func nodeCliPath() -> String? {
|
||||||
|
|||||||
@ -13,6 +13,7 @@ public struct ClawdbotChatView: View {
|
|||||||
@State private var showSessions = false
|
@State private var showSessions = false
|
||||||
@State private var hasPerformedInitialScroll = false
|
@State private var hasPerformedInitialScroll = false
|
||||||
@State private var isPinnedToBottom = true
|
@State private var isPinnedToBottom = true
|
||||||
|
@State private var lastUserMessageID: UUID?
|
||||||
private let showsSessionSwitcher: Bool
|
private let showsSessionSwitcher: Bool
|
||||||
private let style: Style
|
private let style: Style
|
||||||
private let markdownVariant: ChatMarkdownVariant
|
private let markdownVariant: ChatMarkdownVariant
|
||||||
@ -132,8 +133,28 @@ public struct ClawdbotChatView: View {
|
|||||||
self.hasPerformedInitialScroll = false
|
self.hasPerformedInitialScroll = false
|
||||||
self.isPinnedToBottom = true
|
self.isPinnedToBottom = true
|
||||||
}
|
}
|
||||||
|
.onChange(of: self.viewModel.isSending) { _, isSending in
|
||||||
|
// Scroll to bottom when user sends a message, even if scrolled up.
|
||||||
|
guard isSending, self.hasPerformedInitialScroll else { return }
|
||||||
|
self.isPinnedToBottom = true
|
||||||
|
withAnimation(.snappy(duration: 0.22)) {
|
||||||
|
self.scrollPosition = self.scrollerBottomID
|
||||||
|
}
|
||||||
|
}
|
||||||
.onChange(of: self.viewModel.messages.count) { _, _ in
|
.onChange(of: self.viewModel.messages.count) { _, _ in
|
||||||
guard self.hasPerformedInitialScroll, self.isPinnedToBottom else { return }
|
guard self.hasPerformedInitialScroll else { return }
|
||||||
|
if let lastMessage = self.viewModel.messages.last,
|
||||||
|
lastMessage.role.lowercased() == "user",
|
||||||
|
lastMessage.id != self.lastUserMessageID {
|
||||||
|
self.lastUserMessageID = lastMessage.id
|
||||||
|
self.isPinnedToBottom = true
|
||||||
|
withAnimation(.snappy(duration: 0.22)) {
|
||||||
|
self.scrollPosition = self.scrollerBottomID
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
guard self.isPinnedToBottom else { return }
|
||||||
withAnimation(.snappy(duration: 0.22)) {
|
withAnimation(.snappy(duration: 0.22)) {
|
||||||
self.scrollPosition = self.scrollerBottomID
|
self.scrollPosition = self.scrollerBottomID
|
||||||
}
|
}
|
||||||
|
|||||||
@ -39,7 +39,7 @@ export default defineConfig({
|
|||||||
output: {
|
output: {
|
||||||
file: outputFile,
|
file: outputFile,
|
||||||
format: "esm",
|
format: "esm",
|
||||||
inlineDynamicImports: true,
|
codeSplitting: false,
|
||||||
sourcemap: false,
|
sourcemap: false,
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|||||||
@ -168,8 +168,7 @@
|
|||||||
<h2>Getting started</h2>
|
<h2>Getting started</h2>
|
||||||
<p>
|
<p>
|
||||||
If you see a red <code>!</code> badge on the extension icon, the relay server is not reachable.
|
If you see a red <code>!</code> badge on the extension icon, the relay server is not reachable.
|
||||||
Start Clawdbot’s browser relay on this machine (Gateway or <code>clawdbot browser serve</code>),
|
Start Clawdbot’s browser relay on this machine (Gateway or node host), then click the toolbar button again.
|
||||||
then click the toolbar button again.
|
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
Full guide (install, remote Gateway, security): <a href="https://docs.clawd.bot/tools/chrome-extension" target="_blank" rel="noreferrer">docs.clawd.bot/tools/chrome-extension</a>
|
Full guide (install, remote Gateway, security): <a href="https://docs.clawd.bot/tools/chrome-extension" target="_blank" rel="noreferrer">docs.clawd.bot/tools/chrome-extension</a>
|
||||||
|
|||||||
1
dist/control-ui/assets/index-08nzABV3.css
vendored
1
dist/control-ui/assets/index-08nzABV3.css
vendored
File diff suppressed because one or more lines are too long
3119
dist/control-ui/assets/index-DQcOTEYz.js
vendored
3119
dist/control-ui/assets/index-DQcOTEYz.js
vendored
File diff suppressed because one or more lines are too long
1
dist/control-ui/assets/index-DQcOTEYz.js.map
vendored
1
dist/control-ui/assets/index-DQcOTEYz.js.map
vendored
File diff suppressed because one or more lines are too long
15
dist/control-ui/index.html
vendored
15
dist/control-ui/index.html
vendored
@ -1,15 +0,0 @@
|
|||||||
<!doctype html>
|
|
||||||
<html lang="en">
|
|
||||||
<head>
|
|
||||||
<meta charset="UTF-8" />
|
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
||||||
<title>Clawdbot Control</title>
|
|
||||||
<meta name="color-scheme" content="dark light" />
|
|
||||||
<link rel="icon" href="./favicon.ico" sizes="any" />
|
|
||||||
<script type="module" crossorigin src="./assets/index-DQcOTEYz.js"></script>
|
|
||||||
<link rel="stylesheet" crossorigin href="./assets/index-08nzABV3.css">
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<clawdbot-app></clawdbot-app>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
@ -218,6 +218,7 @@ Prefer `chat_guid` for stable routing:
|
|||||||
## Security
|
## Security
|
||||||
- Webhook requests are authenticated by comparing `guid`/`password` query params or headers against `channels.bluebubbles.password`. Requests from `localhost` are also accepted.
|
- Webhook requests are authenticated by comparing `guid`/`password` query params or headers against `channels.bluebubbles.password`. Requests from `localhost` are also accepted.
|
||||||
- Keep the API password and webhook endpoint secret (treat them like credentials).
|
- Keep the API password and webhook endpoint secret (treat them like credentials).
|
||||||
|
- Localhost trust means a same-host reverse proxy can unintentionally bypass the password. If you proxy the gateway, require auth at the proxy and configure `gateway.trustedProxies`. See [Gateway security](/gateway/security#reverse-proxy-configuration).
|
||||||
- Enable HTTPS + firewall rules on the BlueBubbles server if exposing it outside your LAN.
|
- Enable HTTPS + firewall rules on the BlueBubbles server if exposing it outside your LAN.
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|||||||
@ -298,8 +298,12 @@ ack reaction after the bot replies.
|
|||||||
- `guilds."*"`: default per-guild settings applied when no explicit entry exists.
|
- `guilds."*"`: default per-guild settings applied when no explicit entry exists.
|
||||||
- `guilds.<id>.slug`: optional friendly slug used for display names.
|
- `guilds.<id>.slug`: optional friendly slug used for display names.
|
||||||
- `guilds.<id>.users`: optional per-guild user allowlist (ids or names).
|
- `guilds.<id>.users`: optional per-guild user allowlist (ids or names).
|
||||||
|
- `guilds.<id>.tools`: optional per-guild tool policy overrides (`allow`/`deny`/`alsoAllow`) used when the channel override is missing.
|
||||||
|
- `guilds.<id>.toolsBySender`: optional per-sender tool policy overrides at the guild level (applies when the channel override is missing; `"*"` wildcard supported).
|
||||||
- `guilds.<id>.channels.<channel>.allow`: allow/deny the channel when `groupPolicy="allowlist"`.
|
- `guilds.<id>.channels.<channel>.allow`: allow/deny the channel when `groupPolicy="allowlist"`.
|
||||||
- `guilds.<id>.channels.<channel>.requireMention`: mention gating for the channel.
|
- `guilds.<id>.channels.<channel>.requireMention`: mention gating for the channel.
|
||||||
|
- `guilds.<id>.channels.<channel>.tools`: optional per-channel tool policy overrides (`allow`/`deny`/`alsoAllow`).
|
||||||
|
- `guilds.<id>.channels.<channel>.toolsBySender`: optional per-sender tool policy overrides within the channel (`"*"` wildcard supported).
|
||||||
- `guilds.<id>.channels.<channel>.users`: optional per-channel user allowlist.
|
- `guilds.<id>.channels.<channel>.users`: optional per-channel user allowlist.
|
||||||
- `guilds.<id>.channels.<channel>.skills`: skill filter (omit = all skills, empty = none).
|
- `guilds.<id>.channels.<channel>.skills`: skill filter (omit = all skills, empty = none).
|
||||||
- `guilds.<id>.channels.<channel>.systemPrompt`: extra system prompt for the channel (combined with channel topic).
|
- `guilds.<id>.channels.<channel>.systemPrompt`: extra system prompt for the channel (combined with channel topic).
|
||||||
|
|||||||
@ -421,8 +421,12 @@ Key settings (see `/gateway/configuration` for shared channel patterns):
|
|||||||
- `channels.msteams.replyStyle`: `thread | top-level` (see [Reply Style](#reply-style-threads-vs-posts)).
|
- `channels.msteams.replyStyle`: `thread | top-level` (see [Reply Style](#reply-style-threads-vs-posts)).
|
||||||
- `channels.msteams.teams.<teamId>.replyStyle`: per-team override.
|
- `channels.msteams.teams.<teamId>.replyStyle`: per-team override.
|
||||||
- `channels.msteams.teams.<teamId>.requireMention`: per-team override.
|
- `channels.msteams.teams.<teamId>.requireMention`: per-team override.
|
||||||
|
- `channels.msteams.teams.<teamId>.tools`: default per-team tool policy overrides (`allow`/`deny`/`alsoAllow`) used when a channel override is missing.
|
||||||
|
- `channels.msteams.teams.<teamId>.toolsBySender`: default per-team per-sender tool policy overrides (`"*"` wildcard supported).
|
||||||
- `channels.msteams.teams.<teamId>.channels.<conversationId>.replyStyle`: per-channel override.
|
- `channels.msteams.teams.<teamId>.channels.<conversationId>.replyStyle`: per-channel override.
|
||||||
- `channels.msteams.teams.<teamId>.channels.<conversationId>.requireMention`: per-channel override.
|
- `channels.msteams.teams.<teamId>.channels.<conversationId>.requireMention`: per-channel override.
|
||||||
|
- `channels.msteams.teams.<teamId>.channels.<conversationId>.tools`: per-channel tool policy overrides (`allow`/`deny`/`alsoAllow`).
|
||||||
|
- `channels.msteams.teams.<teamId>.channels.<conversationId>.toolsBySender`: per-channel per-sender tool policy overrides (`"*"` wildcard supported).
|
||||||
- `channels.msteams.sharePointSiteId`: SharePoint site ID for file uploads in group chats/channels (see [Sending files in group chats](#sending-files-in-group-chats)).
|
- `channels.msteams.sharePointSiteId`: SharePoint site ID for file uploads in group chats/channels (see [Sending files in group chats](#sending-files-in-group-chats)).
|
||||||
|
|
||||||
## Routing & Sessions
|
## Routing & Sessions
|
||||||
|
|||||||
@ -464,6 +464,8 @@ For fine-grained control, use these tags in agent responses:
|
|||||||
Channel options (`channels.slack.channels.<id>` or `channels.slack.channels.<name>`):
|
Channel options (`channels.slack.channels.<id>` or `channels.slack.channels.<name>`):
|
||||||
- `allow`: allow/deny the channel when `groupPolicy="allowlist"`.
|
- `allow`: allow/deny the channel when `groupPolicy="allowlist"`.
|
||||||
- `requireMention`: mention gating for the channel.
|
- `requireMention`: mention gating for the channel.
|
||||||
|
- `tools`: optional per-channel tool policy overrides (`allow`/`deny`/`alsoAllow`).
|
||||||
|
- `toolsBySender`: optional per-sender tool policy overrides within the channel (keys are sender ids/@handles/emails; `"*"` wildcard supported).
|
||||||
- `allowBots`: allow bot-authored messages in this channel (default: false).
|
- `allowBots`: allow bot-authored messages in this channel (default: false).
|
||||||
- `users`: optional per-channel user allowlist.
|
- `users`: optional per-channel user allowlist.
|
||||||
- `skills`: skill filter (omit = all skills, empty = none).
|
- `skills`: skill filter (omit = all skills, empty = none).
|
||||||
|
|||||||
@ -1,8 +1,8 @@
|
|||||||
---
|
---
|
||||||
summary: "CLI reference for `clawdbot browser` (profiles, tabs, actions, extension relay, remote serve)"
|
summary: "CLI reference for `clawdbot browser` (profiles, tabs, actions, extension relay)"
|
||||||
read_when:
|
read_when:
|
||||||
- You use `clawdbot browser` and want examples for common tasks
|
- You use `clawdbot browser` and want examples for common tasks
|
||||||
- You want to control a remote browser via `browser.controlUrl`
|
- You want to control a browser running on another machine via a node host
|
||||||
- You want to use the Chrome extension relay (attach/detach via toolbar button)
|
- You want to use the Chrome extension relay (attach/detach via toolbar button)
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -16,8 +16,10 @@ Related:
|
|||||||
|
|
||||||
## Common flags
|
## Common flags
|
||||||
|
|
||||||
- `--url <controlUrl>`: override `browser.controlUrl` for this command invocation.
|
- `--url <gatewayWsUrl>`: Gateway WebSocket URL (defaults to config).
|
||||||
- `--browser-profile <name>`: choose a browser profile (default comes from config).
|
- `--token <token>`: Gateway token (if required).
|
||||||
|
- `--timeout <ms>`: request timeout (ms).
|
||||||
|
- `--browser-profile <name>`: choose a browser profile (default from config).
|
||||||
- `--json`: machine-readable output (where supported).
|
- `--json`: machine-readable output (where supported).
|
||||||
|
|
||||||
## Quick start (local)
|
## Quick start (local)
|
||||||
@ -93,14 +95,10 @@ Then Chrome → `chrome://extensions` → enable “Developer mode” → “Loa
|
|||||||
|
|
||||||
Full guide: [Chrome extension](/tools/chrome-extension)
|
Full guide: [Chrome extension](/tools/chrome-extension)
|
||||||
|
|
||||||
## Remote browser control (`clawdbot browser serve`)
|
## Remote browser control (node host proxy)
|
||||||
|
|
||||||
If the Gateway runs on a different machine than the browser, run a standalone browser control server on the machine that runs Chrome:
|
If the Gateway runs on a different machine than the browser, run a **node host** on the machine that has Chrome/Brave/Edge/Chromium. The Gateway will proxy browser actions to that node (no separate browser control server required).
|
||||||
|
|
||||||
```bash
|
Use `gateway.nodes.browser.mode` to control auto-routing and `gateway.nodes.browser.node` to pin a specific node if multiple are connected.
|
||||||
clawdbot browser serve --bind 127.0.0.1 --port 18791 --token <token>
|
|
||||||
```
|
|
||||||
|
|
||||||
Then point the Gateway at it using `browser.controlUrl` + `browser.controlToken` (or `CLAWDBOT_BROWSER_CONTROL_TOKEN`).
|
Security + remote setup: [Browser tool](/tools/browser), [Remote access](/gateway/remote), [Tailscale](/gateway/tailscale), [Security](/gateway/security)
|
||||||
|
|
||||||
Security + TLS best-practices: [Browser tool](/tools/browser), [Tailscale](/gateway/tailscale), [Security](/gateway/security)
|
|
||||||
|
|||||||
@ -859,9 +859,8 @@ Location:
|
|||||||
Browser control CLI (dedicated Chrome/Brave/Edge/Chromium). See [`clawdbot browser`](/cli/browser) and the [Browser tool](/tools/browser).
|
Browser control CLI (dedicated Chrome/Brave/Edge/Chromium). See [`clawdbot browser`](/cli/browser) and the [Browser tool](/tools/browser).
|
||||||
|
|
||||||
Common options:
|
Common options:
|
||||||
- `--url <controlUrl>`
|
- `--url`, `--token`, `--timeout`, `--json`
|
||||||
- `--browser-profile <name>`
|
- `--browser-profile <name>`
|
||||||
- `--json`
|
|
||||||
|
|
||||||
Manage:
|
Manage:
|
||||||
- `browser status`
|
- `browser status`
|
||||||
|
|||||||
@ -232,6 +232,42 @@ Notes:
|
|||||||
- Discord defaults live in `channels.discord.guilds."*"` (overridable per guild/channel).
|
- Discord defaults live in `channels.discord.guilds."*"` (overridable per guild/channel).
|
||||||
- Group history context is wrapped uniformly across channels and is **pending-only** (messages skipped due to mention gating); use `messages.groupChat.historyLimit` for the global default and `channels.<channel>.historyLimit` (or `channels.<channel>.accounts.*.historyLimit`) for overrides. Set `0` to disable.
|
- Group history context is wrapped uniformly across channels and is **pending-only** (messages skipped due to mention gating); use `messages.groupChat.historyLimit` for the global default and `channels.<channel>.historyLimit` (or `channels.<channel>.accounts.*.historyLimit`) for overrides. Set `0` to disable.
|
||||||
|
|
||||||
|
## Group/channel tool restrictions (optional)
|
||||||
|
Some channel configs support restricting which tools are available **inside a specific group/room/channel**.
|
||||||
|
|
||||||
|
- `tools`: allow/deny tools for the whole group.
|
||||||
|
- `toolsBySender`: per-sender overrides within the group (keys are sender IDs/usernames/emails/phone numbers depending on the channel). Use `"*"` as a wildcard.
|
||||||
|
|
||||||
|
Resolution order (most specific wins):
|
||||||
|
1) group/channel `toolsBySender` match
|
||||||
|
2) group/channel `tools`
|
||||||
|
3) default (`"*"`) `toolsBySender` match
|
||||||
|
4) default (`"*"`) `tools`
|
||||||
|
|
||||||
|
Example (Telegram):
|
||||||
|
|
||||||
|
```json5
|
||||||
|
{
|
||||||
|
channels: {
|
||||||
|
telegram: {
|
||||||
|
groups: {
|
||||||
|
"*": { tools: { deny: ["exec"] } },
|
||||||
|
"-1001234567890": {
|
||||||
|
tools: { deny: ["exec", "read", "write"] },
|
||||||
|
toolsBySender: {
|
||||||
|
"123456789": { alsoAllow: ["exec"] }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Notes:
|
||||||
|
- Group/channel tool restrictions are applied in addition to global/agent tool policy (deny still wins).
|
||||||
|
- Some channels use different nesting for rooms/channels (e.g., Discord `guilds.*.channels.*`, Slack `channels.*`, MS Teams `teams.*.channels.*`).
|
||||||
|
|
||||||
## Group allowlists
|
## Group allowlists
|
||||||
When `channels.whatsapp.groups`, `channels.telegram.groups`, or `channels.imessage.groups` is configured, the keys act as a group allowlist. Use `"*"` to allow all groups while still setting default mention behavior.
|
When `channels.whatsapp.groups`, `channels.telegram.groups`, or `channels.imessage.groups` is configured, the keys act as a group allowlist. Use `"*"` to allow all groups while still setting default mention behavior.
|
||||||
|
|
||||||
|
|||||||
@ -956,6 +956,7 @@
|
|||||||
"gateway/doctor",
|
"gateway/doctor",
|
||||||
"gateway/logging",
|
"gateway/logging",
|
||||||
"gateway/security",
|
"gateway/security",
|
||||||
|
"security/formal-verification",
|
||||||
"gateway/sandbox-vs-tool-policy-vs-elevated",
|
"gateway/sandbox-vs-tool-policy-vs-elevated",
|
||||||
"gateway/sandboxing",
|
"gateway/sandboxing",
|
||||||
"gateway/troubleshooting",
|
"gateway/troubleshooting",
|
||||||
|
|||||||
@ -2759,7 +2759,7 @@ Example:
|
|||||||
|
|
||||||
### `browser` (clawd-managed browser)
|
### `browser` (clawd-managed browser)
|
||||||
|
|
||||||
Clawdbot can start a **dedicated, isolated** Chrome/Brave/Edge/Chromium instance for clawd and expose a small loopback control server.
|
Clawdbot can start a **dedicated, isolated** Chrome/Brave/Edge/Chromium instance for clawd and expose a small loopback control service.
|
||||||
Profiles can point at a **remote** Chromium-based browser via `profiles.<name>.cdpUrl`. Remote
|
Profiles can point at a **remote** Chromium-based browser via `profiles.<name>.cdpUrl`. Remote
|
||||||
profiles are attach-only (start/stop/reset are disabled).
|
profiles are attach-only (start/stop/reset are disabled).
|
||||||
|
|
||||||
@ -2768,8 +2768,9 @@ scheme/host for profiles that only set `cdpPort`.
|
|||||||
|
|
||||||
Defaults:
|
Defaults:
|
||||||
- enabled: `true`
|
- enabled: `true`
|
||||||
- control URL: `http://127.0.0.1:18791` (CDP uses `18792`)
|
- evaluateEnabled: `true` (set `false` to disable `act:evaluate` and `wait --fn`)
|
||||||
- CDP URL: `http://127.0.0.1:18792` (control URL + 1, legacy single-profile)
|
- control service: loopback only (port derived from `gateway.port`, default `18791`)
|
||||||
|
- CDP URL: `http://127.0.0.1:18792` (control service + 1, legacy single-profile)
|
||||||
- profile color: `#FF4500` (lobster-orange)
|
- profile color: `#FF4500` (lobster-orange)
|
||||||
- Note: the control server is started by the running gateway (Clawdbot.app menubar, or `clawdbot gateway`).
|
- Note: the control server is started by the running gateway (Clawdbot.app menubar, or `clawdbot gateway`).
|
||||||
- Auto-detect order: default browser if Chromium-based; otherwise Chrome → Brave → Edge → Chromium → Chrome Canary.
|
- Auto-detect order: default browser if Chromium-based; otherwise Chrome → Brave → Edge → Chromium → Chrome Canary.
|
||||||
@ -2778,7 +2779,7 @@ Defaults:
|
|||||||
{
|
{
|
||||||
browser: {
|
browser: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
evaluateEnabled: true,
|
||||||
// cdpUrl: "http://127.0.0.1:18792", // legacy single-profile override
|
// cdpUrl: "http://127.0.0.1:18792", // legacy single-profile override
|
||||||
defaultProfile: "chrome",
|
defaultProfile: "chrome",
|
||||||
profiles: {
|
profiles: {
|
||||||
|
|||||||
@ -83,13 +83,13 @@ Defaults (can be overridden via env/flags/config):
|
|||||||
- `CLAWDBOT_STATE_DIR=~/.clawdbot-dev`
|
- `CLAWDBOT_STATE_DIR=~/.clawdbot-dev`
|
||||||
- `CLAWDBOT_CONFIG_PATH=~/.clawdbot-dev/clawdbot.json`
|
- `CLAWDBOT_CONFIG_PATH=~/.clawdbot-dev/clawdbot.json`
|
||||||
- `CLAWDBOT_GATEWAY_PORT=19001` (Gateway WS + HTTP)
|
- `CLAWDBOT_GATEWAY_PORT=19001` (Gateway WS + HTTP)
|
||||||
- `browser.controlUrl=http://127.0.0.1:19003` (derived: `gateway.port+2`)
|
- browser control service port = `19003` (derived: `gateway.port+2`, loopback only)
|
||||||
- `canvasHost.port=19005` (derived: `gateway.port+4`)
|
- `canvasHost.port=19005` (derived: `gateway.port+4`)
|
||||||
- `agents.defaults.workspace` default becomes `~/clawd-dev` when you run `setup`/`onboard` under `--dev`.
|
- `agents.defaults.workspace` default becomes `~/clawd-dev` when you run `setup`/`onboard` under `--dev`.
|
||||||
|
|
||||||
Derived ports (rules of thumb):
|
Derived ports (rules of thumb):
|
||||||
- Base port = `gateway.port` (or `CLAWDBOT_GATEWAY_PORT` / `--port`)
|
- Base port = `gateway.port` (or `CLAWDBOT_GATEWAY_PORT` / `--port`)
|
||||||
- `browser.controlUrl port = base + 2` (or `CLAWDBOT_BROWSER_CONTROL_URL` / config override)
|
- browser control service port = base + 2 (loopback only)
|
||||||
- `canvasHost.port = base + 4` (or `CLAWDBOT_CANVAS_HOST_PORT` / config override)
|
- `canvasHost.port = base + 4` (or `CLAWDBOT_CANVAS_HOST_PORT` / config override)
|
||||||
- Browser profile CDP ports auto-allocate from `browser.controlPort + 9 .. + 108` (persisted per profile).
|
- Browser profile CDP ports auto-allocate from `browser.controlPort + 9 .. + 108` (persisted per profile).
|
||||||
|
|
||||||
|
|||||||
@ -73,7 +73,7 @@ clawdbot --profile rescue gateway install
|
|||||||
|
|
||||||
Base port = `gateway.port` (or `CLAWDBOT_GATEWAY_PORT` / `--port`).
|
Base port = `gateway.port` (or `CLAWDBOT_GATEWAY_PORT` / `--port`).
|
||||||
|
|
||||||
- `browser.controlUrl port = base + 2`
|
- browser control service port = base + 2 (loopback only)
|
||||||
- `canvasHost.port = base + 4`
|
- `canvasHost.port = base + 4`
|
||||||
- Browser profile CDP ports auto-allocate from `browser.controlPort + 9 .. + 108`
|
- Browser profile CDP ports auto-allocate from `browser.controlPort + 9 .. + 108`
|
||||||
|
|
||||||
@ -81,8 +81,8 @@ If you override any of these in config or env, you must keep them unique per ins
|
|||||||
|
|
||||||
## Browser/CDP notes (common footgun)
|
## Browser/CDP notes (common footgun)
|
||||||
|
|
||||||
- Do **not** pin `browser.controlUrl` or `browser.cdpUrl` to the same values on multiple instances.
|
- Do **not** pin `browser.cdpUrl` to the same values on multiple instances.
|
||||||
- Each instance needs its own browser control port and CDP range.
|
- Each instance needs its own browser control port and CDP range (derived from its gateway port).
|
||||||
- If you need explicit CDP ports, set `browser.profiles.<name>.cdpPort` per instance.
|
- If you need explicit CDP ports, set `browser.profiles.<name>.cdpPort` per instance.
|
||||||
- Remote Chrome: use `browser.profiles.<name>.cdpUrl` (per profile, per instance).
|
- Remote Chrome: use `browser.profiles.<name>.cdpUrl` (per profile, per instance).
|
||||||
|
|
||||||
|
|||||||
@ -117,6 +117,6 @@ Short version: **keep the Gateway loopback-only** unless you’re sure you need
|
|||||||
- `gateway.remote.tlsFingerprint` pins the remote TLS cert when using `wss://`.
|
- `gateway.remote.tlsFingerprint` pins the remote TLS cert when using `wss://`.
|
||||||
- **Tailscale Serve** can authenticate via identity headers when `gateway.auth.allowTailscale: true`.
|
- **Tailscale Serve** can authenticate via identity headers when `gateway.auth.allowTailscale: true`.
|
||||||
Set it to `false` if you want tokens/passwords instead.
|
Set it to `false` if you want tokens/passwords instead.
|
||||||
- Treat `browser.controlUrl` like an admin API: tailnet-only + token auth.
|
- Treat browser control like operator access: tailnet-only + deliberate node pairing.
|
||||||
|
|
||||||
Deep dive: [Security](/gateway/security).
|
Deep dive: [Security](/gateway/security).
|
||||||
|
|||||||
12
docs/gateway/security-formal-verification.md
Normal file
12
docs/gateway/security-formal-verification.md
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
title: Formal Verification (Security Models)
|
||||||
|
summary: Redirect to the canonical Formal Verification page.
|
||||||
|
permalink: /gateway/security/formal-verification/
|
||||||
|
---
|
||||||
|
|
||||||
|
This page moved to: [/security/formal-verification/](/security/formal-verification/)
|
||||||
|
|
||||||
|
<script>
|
||||||
|
// Best-effort client-side redirect for Mintlify/Next.
|
||||||
|
window.location.replace("/security/formal-verification/");
|
||||||
|
</script>
|
||||||
@ -7,6 +7,8 @@ read_when:
|
|||||||
|
|
||||||
## Quick check: `clawdbot security audit`
|
## Quick check: `clawdbot security audit`
|
||||||
|
|
||||||
|
See also: [Formal Verification (Security Models)](/security/formal-verification/)
|
||||||
|
|
||||||
Run this regularly (especially after changing config or exposing network surfaces):
|
Run this regularly (especially after changing config or exposing network surfaces):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -36,7 +38,7 @@ Start with the smallest access that still works, then widen it as you gain confi
|
|||||||
- **Inbound access** (DM policies, group policies, allowlists): can strangers trigger the bot?
|
- **Inbound access** (DM policies, group policies, allowlists): can strangers trigger the bot?
|
||||||
- **Tool blast radius** (elevated tools + open rooms): could prompt injection turn into shell/file/network actions?
|
- **Tool blast radius** (elevated tools + open rooms): could prompt injection turn into shell/file/network actions?
|
||||||
- **Network exposure** (Gateway bind/auth, Tailscale Serve/Funnel).
|
- **Network exposure** (Gateway bind/auth, Tailscale Serve/Funnel).
|
||||||
- **Browser control exposure** (remote controlUrl without token, HTTP, token reuse).
|
- **Browser control exposure** (remote nodes, relay ports, remote CDP endpoints).
|
||||||
- **Local disk hygiene** (permissions, symlinks, config includes, “synced folder” paths).
|
- **Local disk hygiene** (permissions, symlinks, config includes, “synced folder” paths).
|
||||||
- **Plugins** (extensions exist without an explicit allowlist).
|
- **Plugins** (extensions exist without an explicit allowlist).
|
||||||
- **Model hygiene** (warn when configured models look legacy; not a hard block).
|
- **Model hygiene** (warn when configured models look legacy; not a hard block).
|
||||||
@ -61,7 +63,7 @@ When the audit prints findings, treat this as a priority order:
|
|||||||
|
|
||||||
1. **Anything “open” + tools enabled**: lock down DMs/groups first (pairing/allowlists), then tighten tool policy/sandboxing.
|
1. **Anything “open” + tools enabled**: lock down DMs/groups first (pairing/allowlists), then tighten tool policy/sandboxing.
|
||||||
2. **Public network exposure** (LAN bind, Funnel, missing auth): fix immediately.
|
2. **Public network exposure** (LAN bind, Funnel, missing auth): fix immediately.
|
||||||
3. **Browser control remote exposure**: treat it like a remote admin API (token required; HTTPS/tailnet-only).
|
3. **Browser control remote exposure**: treat it like operator access (tailnet-only, pair nodes deliberately, avoid public exposure).
|
||||||
4. **Permissions**: make sure state/config/credentials/auth are not group/world-readable.
|
4. **Permissions**: make sure state/config/credentials/auth are not group/world-readable.
|
||||||
5. **Plugins/extensions**: only load what you explicitly trust.
|
5. **Plugins/extensions**: only load what you explicitly trust.
|
||||||
6. **Model choice**: prefer modern, instruction-hardened models for any bot with tools.
|
6. **Model choice**: prefer modern, instruction-hardened models for any bot with tools.
|
||||||
@ -277,7 +279,7 @@ Assume “compromised” means: someone got into a room that can trigger the bot
|
|||||||
- Lock down inbound surfaces (DM policy, group allowlists, mention gating).
|
- Lock down inbound surfaces (DM policy, group allowlists, mention gating).
|
||||||
2. **Rotate secrets**
|
2. **Rotate secrets**
|
||||||
- Rotate `gateway.auth` token/password.
|
- Rotate `gateway.auth` token/password.
|
||||||
- Rotate `browser.controlToken` and `hooks.token` (if used).
|
- Rotate `hooks.token` (if used) and revoke any suspicious node pairings.
|
||||||
- Revoke/rotate model provider credentials (API keys / OAuth).
|
- Revoke/rotate model provider credentials (API keys / OAuth).
|
||||||
3. **Review artifacts**
|
3. **Review artifacts**
|
||||||
- Check Gateway logs and recent sessions/transcripts for unexpected tool calls.
|
- Check Gateway logs and recent sessions/transcripts for unexpected tool calls.
|
||||||
@ -430,26 +432,19 @@ Trusted proxies:
|
|||||||
|
|
||||||
See [Tailscale](/gateway/tailscale) and [Web overview](/web).
|
See [Tailscale](/gateway/tailscale) and [Web overview](/web).
|
||||||
|
|
||||||
### 0.6.1) Browser control server over Tailscale (recommended)
|
### 0.6.1) Browser control via node host (recommended)
|
||||||
|
|
||||||
If your Gateway is remote but the browser runs on another machine, you’ll often run a **separate browser control server**
|
If your Gateway is remote but the browser runs on another machine, run a **node host**
|
||||||
on the browser machine (see [Browser tool](/tools/browser)). Treat this like an admin API.
|
on the browser machine and let the Gateway proxy browser actions (see [Browser tool](/tools/browser)).
|
||||||
|
Treat node pairing like admin access.
|
||||||
|
|
||||||
Recommended pattern:
|
Recommended pattern:
|
||||||
|
- Keep the Gateway and node host on the same tailnet (Tailscale).
|
||||||
```bash
|
- Pair the node intentionally; disable browser proxy routing if you don’t need it.
|
||||||
# on the machine that runs Chrome
|
|
||||||
clawdbot browser serve --bind 127.0.0.1 --port 18791 --token <token>
|
|
||||||
tailscale serve https / http://127.0.0.1:18791
|
|
||||||
```
|
|
||||||
|
|
||||||
Then on the Gateway, set:
|
|
||||||
- `browser.controlUrl` to the `https://…` Serve URL (MagicDNS/ts.net)
|
|
||||||
- and authenticate with the same token (`CLAWDBOT_BROWSER_CONTROL_TOKEN` env preferred)
|
|
||||||
|
|
||||||
Avoid:
|
Avoid:
|
||||||
- `--bind 0.0.0.0` (LAN-visible surface)
|
- Exposing relay/control ports over LAN or public Internet.
|
||||||
- Tailscale Funnel for browser control endpoints (public exposure)
|
- Tailscale Funnel for browser control endpoints (public exposure).
|
||||||
|
|
||||||
### 0.7) Secrets on disk (what’s sensitive)
|
### 0.7) Secrets on disk (what’s sensitive)
|
||||||
|
|
||||||
@ -577,13 +572,15 @@ If that browser profile already contains logged-in sessions, the model can
|
|||||||
access those accounts and data. Treat browser profiles as **sensitive state**:
|
access those accounts and data. Treat browser profiles as **sensitive state**:
|
||||||
- Prefer a dedicated profile for the agent (the default `clawd` profile).
|
- Prefer a dedicated profile for the agent (the default `clawd` profile).
|
||||||
- Avoid pointing the agent at your personal daily-driver profile.
|
- Avoid pointing the agent at your personal daily-driver profile.
|
||||||
|
- `act:evaluate` and `wait --fn` run arbitrary JavaScript in the page context.
|
||||||
|
Prompt injection can steer the model into calling them. If you do not need
|
||||||
|
them, set `browser.evaluateEnabled=false` (see [Configuration](/gateway/configuration#browser-clawd-managed-browser)).
|
||||||
- Keep host browser control disabled for sandboxed agents unless you trust them.
|
- Keep host browser control disabled for sandboxed agents unless you trust them.
|
||||||
- Treat browser downloads as untrusted input; prefer an isolated downloads directory.
|
- Treat browser downloads as untrusted input; prefer an isolated downloads directory.
|
||||||
- Disable browser sync/password managers in the agent profile if possible (reduces blast radius).
|
- Disable browser sync/password managers in the agent profile if possible (reduces blast radius).
|
||||||
- For remote gateways, assume “browser control” is equivalent to “operator access” to whatever that profile can reach.
|
- For remote gateways, assume “browser control” is equivalent to “operator access” to whatever that profile can reach.
|
||||||
- Treat `browser.controlUrl` endpoints as an admin API: tailnet-only + token auth. Prefer Tailscale Serve over LAN binds.
|
- Keep the Gateway and node hosts tailnet-only; avoid exposing relay/control ports to LAN or public Internet.
|
||||||
- Keep `browser.controlToken` separate from `gateway.auth.token` (you can reuse it, but that increases blast radius).
|
- Disable browser proxy routing when you don’t need it (`gateway.nodes.browser.mode="off"`).
|
||||||
- Prefer env vars for the token (`CLAWDBOT_BROWSER_CONTROL_TOKEN`) instead of storing it in config on disk.
|
|
||||||
- Chrome extension relay mode is **not** “safer”; it can take over your existing Chrome tabs. Assume it can act as you in whatever that tab/profile can reach.
|
- Chrome extension relay mode is **not** “safer”; it can take over your existing Chrome tabs. Assume it can act as you in whatever that tab/profile can reach.
|
||||||
|
|
||||||
## Per-agent access profiles (multi-agent)
|
## Per-agent access profiles (multi-agent)
|
||||||
|
|||||||
@ -100,35 +100,13 @@ clawdbot gateway --tailscale funnel --auth password
|
|||||||
- Serve/Funnel only expose the **Gateway control UI + WS**. Nodes connect over
|
- Serve/Funnel only expose the **Gateway control UI + WS**. Nodes connect over
|
||||||
the same Gateway WS endpoint, so Serve can work for node access.
|
the same Gateway WS endpoint, so Serve can work for node access.
|
||||||
|
|
||||||
## Browser control server (remote Gateway + local browser)
|
## Browser control (remote Gateway + local browser)
|
||||||
|
|
||||||
If you run the Gateway on one machine but want to drive a browser on another machine, use a **separate browser control server**
|
If you run the Gateway on one machine but want to drive a browser on another machine,
|
||||||
and publish it through Tailscale **Serve** (tailnet-only):
|
run a **node host** on the browser machine and keep both on the same tailnet.
|
||||||
|
The Gateway will proxy browser actions to the node; no separate control server or Serve URL needed.
|
||||||
|
|
||||||
```bash
|
Avoid Funnel for browser control; treat node pairing like operator access.
|
||||||
# on the machine that runs Chrome
|
|
||||||
clawdbot browser serve --bind 127.0.0.1 --port 18791 --token <token>
|
|
||||||
tailscale serve https / http://127.0.0.1:18791
|
|
||||||
```
|
|
||||||
|
|
||||||
Then point the Gateway config at the HTTPS URL:
|
|
||||||
|
|
||||||
```json5
|
|
||||||
{
|
|
||||||
browser: {
|
|
||||||
enabled: true,
|
|
||||||
controlUrl: "https://<magicdns>/"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
And authenticate from the Gateway with the same token (prefer env):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
export CLAWDBOT_BROWSER_CONTROL_TOKEN="<token>"
|
|
||||||
```
|
|
||||||
|
|
||||||
Avoid Funnel for browser control endpoints unless you explicitly want public exposure.
|
|
||||||
|
|
||||||
## Tailscale prerequisites + limits
|
## Tailscale prerequisites + limits
|
||||||
|
|
||||||
|
|||||||
@ -1093,9 +1093,10 @@ clawdbot browser extension path
|
|||||||
|
|
||||||
Then Chrome → `chrome://extensions` → enable “Developer mode” → “Load unpacked” → pick that folder.
|
Then Chrome → `chrome://extensions` → enable “Developer mode” → “Load unpacked” → pick that folder.
|
||||||
|
|
||||||
Full guide (including remote Gateway via Tailscale + security notes): [Chrome extension](/tools/chrome-extension)
|
Full guide (including remote Gateway + security notes): [Chrome extension](/tools/chrome-extension)
|
||||||
|
|
||||||
If the Gateway runs on the same machine as Chrome (default setup), you usually **do not** need `clawdbot browser serve`.
|
If the Gateway runs on the same machine as Chrome (default setup), you usually **do not** need anything extra.
|
||||||
|
If the Gateway runs elsewhere, run a node host on the browser machine so the Gateway can proxy browser actions.
|
||||||
You still need to click the extension button on the tab you want to control (it doesn’t auto-attach).
|
You still need to click the extension button on the tab you want to control (it doesn’t auto-attach).
|
||||||
|
|
||||||
## Sandboxing and memory
|
## Sandboxing and memory
|
||||||
@ -1479,7 +1480,7 @@ setup is an always‑on host plus your laptop as a node.
|
|||||||
- **Safer execution controls.** `system.run` is gated by node allowlists/approvals on that laptop.
|
- **Safer execution controls.** `system.run` is gated by node allowlists/approvals on that laptop.
|
||||||
- **More device tools.** Nodes expose `canvas`, `camera`, and `screen` in addition to `system.run`.
|
- **More device tools.** Nodes expose `canvas`, `camera`, and `screen` in addition to `system.run`.
|
||||||
- **Local browser automation.** Keep the Gateway on a VPS, but run Chrome locally and relay control
|
- **Local browser automation.** Keep the Gateway on a VPS, but run Chrome locally and relay control
|
||||||
with the Chrome extension + `clawdbot browser serve`.
|
with the Chrome extension + a node host on the laptop.
|
||||||
|
|
||||||
SSH is fine for ad‑hoc shell access, but nodes are simpler for ongoing agent workflows and
|
SSH is fine for ad‑hoc shell access, but nodes are simpler for ongoing agent workflows and
|
||||||
device automation.
|
device automation.
|
||||||
|
|||||||
107
docs/security/formal-verification.md
Normal file
107
docs/security/formal-verification.md
Normal file
@ -0,0 +1,107 @@
|
|||||||
|
---
|
||||||
|
title: Formal Verification (Security Models)
|
||||||
|
summary: Machine-checked security models for Clawdbot’s highest-risk paths.
|
||||||
|
permalink: /security/formal-verification/
|
||||||
|
---
|
||||||
|
|
||||||
|
# Formal Verification (Security Models)
|
||||||
|
|
||||||
|
This page tracks Clawdbot’s **formal security models** (TLA+/TLC today; more as needed).
|
||||||
|
|
||||||
|
**Goal (north star):** provide a machine-checked argument that Clawdbot enforces its
|
||||||
|
intended security policy (authorization, session isolation, tool gating, and
|
||||||
|
misconfiguration safety), under explicit assumptions.
|
||||||
|
|
||||||
|
**What this is (today):** an executable, attacker-driven **security regression suite**:
|
||||||
|
- Each claim has a runnable model-check over a finite state space.
|
||||||
|
- Many claims have a paired **negative model** that produces a counterexample trace for a realistic bug class.
|
||||||
|
|
||||||
|
**What this is not (yet):** a proof that “Clawdbot is secure in all respects” or that the full TypeScript implementation is correct.
|
||||||
|
|
||||||
|
## Where the models live
|
||||||
|
|
||||||
|
Models are maintained in a separate repo: [vignesh07/clawdbot-formal-models](https://github.com/vignesh07/clawdbot-formal-models).
|
||||||
|
|
||||||
|
## Important caveats
|
||||||
|
|
||||||
|
- These are **models**, not the full TypeScript implementation. Drift between model and code is possible.
|
||||||
|
- Results are bounded by the state space explored by TLC; “green” does not imply security beyond the modeled assumptions and bounds.
|
||||||
|
- Some claims rely on explicit environmental assumptions (e.g., correct deployment, correct configuration inputs).
|
||||||
|
|
||||||
|
## Reproducing results
|
||||||
|
|
||||||
|
Today, results are reproduced by cloning the models repo locally and running TLC (see below). A future iteration could offer:
|
||||||
|
- CI-run models with public artifacts (counterexample traces, run logs)
|
||||||
|
- a hosted “run this model” workflow for small, bounded checks
|
||||||
|
|
||||||
|
Getting started:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
git clone https://github.com/vignesh07/clawdbot-formal-models
|
||||||
|
cd clawdbot-formal-models
|
||||||
|
|
||||||
|
# Java 11+ required (TLC runs on the JVM).
|
||||||
|
# The repo vendors a pinned `tla2tools.jar` (TLA+ tools) and provides `bin/tlc` + Make targets.
|
||||||
|
|
||||||
|
make <target>
|
||||||
|
```
|
||||||
|
|
||||||
|
### Gateway exposure and open gateway misconfiguration
|
||||||
|
|
||||||
|
**Claim:** binding beyond loopback without auth can make remote compromise possible / increases exposure; token/password blocks unauth attackers (per the model assumptions).
|
||||||
|
|
||||||
|
- Green runs:
|
||||||
|
- `make gateway-exposure-v2`
|
||||||
|
- `make gateway-exposure-v2-protected`
|
||||||
|
- Red (expected):
|
||||||
|
- `make gateway-exposure-v2-negative`
|
||||||
|
|
||||||
|
See also: `docs/gateway-exposure-matrix.md` in the models repo.
|
||||||
|
|
||||||
|
### Nodes.run pipeline (highest-risk capability)
|
||||||
|
|
||||||
|
**Claim:** `nodes.run` requires (a) node command allowlist plus declared commands and (b) live approval when configured; approvals are tokenized to prevent replay (in the model).
|
||||||
|
|
||||||
|
- Green runs:
|
||||||
|
- `make nodes-pipeline`
|
||||||
|
- `make approvals-token`
|
||||||
|
- Red (expected):
|
||||||
|
- `make nodes-pipeline-negative`
|
||||||
|
- `make approvals-token-negative`
|
||||||
|
|
||||||
|
### Pairing store (DM gating)
|
||||||
|
|
||||||
|
**Claim:** pairing requests respect TTL and pending-request caps.
|
||||||
|
|
||||||
|
- Green runs:
|
||||||
|
- `make pairing`
|
||||||
|
- `make pairing-cap`
|
||||||
|
- Red (expected):
|
||||||
|
- `make pairing-negative`
|
||||||
|
- `make pairing-cap-negative`
|
||||||
|
|
||||||
|
### Ingress gating (mentions + control-command bypass)
|
||||||
|
|
||||||
|
**Claim:** in group contexts requiring mention, an unauthorized “control command” cannot bypass mention gating.
|
||||||
|
|
||||||
|
- Green:
|
||||||
|
- `make ingress-gating`
|
||||||
|
- Red (expected):
|
||||||
|
- `make ingress-gating-negative`
|
||||||
|
|
||||||
|
### Routing/session-key isolation
|
||||||
|
|
||||||
|
**Claim:** DMs from distinct peers do not collapse into the same session unless explicitly linked/configured.
|
||||||
|
|
||||||
|
- Green:
|
||||||
|
- `make routing-isolation`
|
||||||
|
- Red (expected):
|
||||||
|
- `make routing-isolation-negative`
|
||||||
|
|
||||||
|
## Roadmap
|
||||||
|
|
||||||
|
Next models to deepen fidelity:
|
||||||
|
- Pairing store concurrency/locking/idempotency
|
||||||
|
- Provider-specific ingress preflight modeling
|
||||||
|
- Routing identity-links + dmScope variants + binding precedence
|
||||||
|
- Gateway auth conformance (proxy/tailscale specifics)
|
||||||
@ -175,6 +175,7 @@ clawdbot onboard --install-daemon
|
|||||||
```
|
```
|
||||||
|
|
||||||
If you don’t have a global install yet, run the onboarding step via `pnpm clawdbot ...` from the repo.
|
If you don’t have a global install yet, run the onboarding step via `pnpm clawdbot ...` from the repo.
|
||||||
|
`pnpm build` also bundles A2UI assets; if you need to run just that step, use `pnpm canvas:a2ui:bundle`.
|
||||||
|
|
||||||
Gateway (from this repo):
|
Gateway (from this repo):
|
||||||
|
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
summary: "Integrated browser control server + action commands"
|
summary: "Integrated browser control service + action commands"
|
||||||
read_when:
|
read_when:
|
||||||
- Adding agent-controlled browser automation
|
- Adding agent-controlled browser automation
|
||||||
- Debugging why clawd is interfering with your own Chrome
|
- Debugging why clawd is interfering with your own Chrome
|
||||||
@ -10,7 +10,7 @@ read_when:
|
|||||||
|
|
||||||
Clawdbot can run a **dedicated Chrome/Brave/Edge/Chromium profile** that the agent controls.
|
Clawdbot can run a **dedicated Chrome/Brave/Edge/Chromium profile** that the agent controls.
|
||||||
It is isolated from your personal browser and is managed through a small local
|
It is isolated from your personal browser and is managed through a small local
|
||||||
control server.
|
control service inside the Gateway (loopback only).
|
||||||
|
|
||||||
Beginner view:
|
Beginner view:
|
||||||
- Think of it as a **separate, agent-only browser**.
|
- Think of it as a **separate, agent-only browser**.
|
||||||
@ -57,8 +57,7 @@ Browser settings live in `~/.clawdbot/clawdbot.json`.
|
|||||||
{
|
{
|
||||||
browser: {
|
browser: {
|
||||||
enabled: true, // default: true
|
enabled: true, // default: true
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
// cdpUrl: "http://127.0.0.1:18792", // legacy single-profile override
|
||||||
cdpUrl: "http://127.0.0.1:18792", // defaults to controlUrl + 1
|
|
||||||
remoteCdpTimeoutMs: 1500, // remote CDP HTTP timeout (ms)
|
remoteCdpTimeoutMs: 1500, // remote CDP HTTP timeout (ms)
|
||||||
remoteCdpHandshakeTimeoutMs: 3000, // remote CDP WebSocket handshake timeout (ms)
|
remoteCdpHandshakeTimeoutMs: 3000, // remote CDP WebSocket handshake timeout (ms)
|
||||||
defaultProfile: "chrome",
|
defaultProfile: "chrome",
|
||||||
@ -77,10 +76,11 @@ Browser settings live in `~/.clawdbot/clawdbot.json`.
|
|||||||
```
|
```
|
||||||
|
|
||||||
Notes:
|
Notes:
|
||||||
- `controlUrl` defaults to `http://127.0.0.1:18791`.
|
- The browser control service binds to loopback on a port derived from `gateway.port`
|
||||||
|
(default: `18791`, which is gateway + 2). The relay uses the next port (`18792`).
|
||||||
- If you override the Gateway port (`gateway.port` or `CLAWDBOT_GATEWAY_PORT`),
|
- If you override the Gateway port (`gateway.port` or `CLAWDBOT_GATEWAY_PORT`),
|
||||||
the default browser ports shift to stay in the same “family” (control = gateway + 2).
|
the derived browser ports shift to stay in the same “family”.
|
||||||
- `cdpUrl` defaults to `controlUrl + 1` when unset.
|
- `cdpUrl` defaults to the relay port when unset.
|
||||||
- `remoteCdpTimeoutMs` applies to remote (non-loopback) CDP reachability checks.
|
- `remoteCdpTimeoutMs` applies to remote (non-loopback) CDP reachability checks.
|
||||||
- `remoteCdpHandshakeTimeoutMs` applies to remote CDP WebSocket reachability checks.
|
- `remoteCdpHandshakeTimeoutMs` applies to remote CDP WebSocket reachability checks.
|
||||||
- `attachOnly: true` means “never launch a local browser; only attach if it is already running.”
|
- `attachOnly: true` means “never launch a local browser; only attach if it is already running.”
|
||||||
@ -126,38 +126,11 @@ clawdbot config set browser.executablePath "/usr/bin/google-chrome"
|
|||||||
|
|
||||||
## Local vs remote control
|
## Local vs remote control
|
||||||
|
|
||||||
- **Local control (default):** `controlUrl` is loopback (`127.0.0.1`/`localhost`).
|
- **Local control (default):** the Gateway starts the loopback control service and can launch a local browser.
|
||||||
The Gateway starts the control server and can launch a local browser.
|
- **Remote control (node host):** run a node host on the machine that has the browser; the Gateway proxies browser actions to it.
|
||||||
- **Remote control:** `controlUrl` is non-loopback. The Gateway **does not** start
|
|
||||||
a local server; it assumes you are pointing at an existing server elsewhere.
|
|
||||||
- **Remote CDP:** set `browser.profiles.<name>.cdpUrl` (or `browser.cdpUrl`) to
|
- **Remote CDP:** set `browser.profiles.<name>.cdpUrl` (or `browser.cdpUrl`) to
|
||||||
attach to a remote Chromium-based browser. In this case, Clawdbot will not launch a local browser.
|
attach to a remote Chromium-based browser. In this case, Clawdbot will not launch a local browser.
|
||||||
|
|
||||||
## Remote browser (control server)
|
|
||||||
|
|
||||||
You can run the **browser control server** on another machine and point your
|
|
||||||
Gateway at it with a remote `controlUrl`. This lets the agent drive a browser
|
|
||||||
outside the host (lab box, VM, remote desktop, etc.).
|
|
||||||
|
|
||||||
Key points:
|
|
||||||
- The **control server** speaks to Chromium-based browsers (Chrome/Brave/Edge/Chromium) via **CDP**.
|
|
||||||
- The **Gateway** only needs the HTTP control URL.
|
|
||||||
- Profiles are resolved on the **control server** side.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```json5
|
|
||||||
{
|
|
||||||
browser: {
|
|
||||||
enabled: true,
|
|
||||||
controlUrl: "http://10.0.0.42:18791",
|
|
||||||
defaultProfile: "work"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Use `profiles.<name>.cdpUrl` for **remote CDP** if you want the Gateway to talk
|
|
||||||
directly to a Chromium-based browser instance without a remote control server.
|
|
||||||
|
|
||||||
Remote CDP URLs can include auth:
|
Remote CDP URLs can include auth:
|
||||||
- Query tokens (e.g., `https://provider.example?token=<token>`)
|
- Query tokens (e.g., `https://provider.example?token=<token>`)
|
||||||
- HTTP Basic auth (e.g., `https://user:pass@provider.example`)
|
- HTTP Basic auth (e.g., `https://user:pass@provider.example`)
|
||||||
@ -166,11 +139,11 @@ Clawdbot preserves the auth when calling `/json/*` endpoints and when connecting
|
|||||||
to the CDP WebSocket. Prefer environment variables or secrets managers for
|
to the CDP WebSocket. Prefer environment variables or secrets managers for
|
||||||
tokens instead of committing them to config files.
|
tokens instead of committing them to config files.
|
||||||
|
|
||||||
### Node browser proxy (zero-config default)
|
## Node browser proxy (zero-config default)
|
||||||
|
|
||||||
If you run a **node host** on the machine that has your browser, Clawdbot can
|
If you run a **node host** on the machine that has your browser, Clawdbot can
|
||||||
auto-route browser tool calls to that node without any custom `controlUrl`
|
auto-route browser tool calls to that node without any extra browser config.
|
||||||
setup. This is the default path for remote gateways.
|
This is the default path for remote gateways.
|
||||||
|
|
||||||
Notes:
|
Notes:
|
||||||
- The node host exposes its local browser control server via a **proxy command**.
|
- The node host exposes its local browser control server via a **proxy command**.
|
||||||
@ -179,7 +152,7 @@ Notes:
|
|||||||
- On the node: `nodeHost.browserProxy.enabled=false`
|
- On the node: `nodeHost.browserProxy.enabled=false`
|
||||||
- On the gateway: `gateway.nodes.browser.mode="off"`
|
- On the gateway: `gateway.nodes.browser.mode="off"`
|
||||||
|
|
||||||
### Browserless (hosted remote CDP)
|
## Browserless (hosted remote CDP)
|
||||||
|
|
||||||
[Browserless](https://browserless.io) is a hosted Chromium service that exposes
|
[Browserless](https://browserless.io) is a hosted Chromium service that exposes
|
||||||
CDP endpoints over HTTPS. You can point a Clawdbot browser profile at a
|
CDP endpoints over HTTPS. You can point a Clawdbot browser profile at a
|
||||||
@ -207,94 +180,16 @@ Notes:
|
|||||||
- Replace `<BROWSERLESS_API_KEY>` with your real Browserless token.
|
- Replace `<BROWSERLESS_API_KEY>` with your real Browserless token.
|
||||||
- Choose the region endpoint that matches your Browserless account (see their docs).
|
- Choose the region endpoint that matches your Browserless account (see their docs).
|
||||||
|
|
||||||
### Running the control server on the browser machine
|
|
||||||
|
|
||||||
Run a standalone browser control server (recommended when your Gateway is remote):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# on the machine that runs Chrome/Brave/Edge
|
|
||||||
clawdbot browser serve --bind <browser-host> --port 18791 --token <token>
|
|
||||||
```
|
|
||||||
|
|
||||||
Then point your Gateway at it:
|
|
||||||
|
|
||||||
```json5
|
|
||||||
{
|
|
||||||
browser: {
|
|
||||||
enabled: true,
|
|
||||||
controlUrl: "http://<browser-host>:18791",
|
|
||||||
|
|
||||||
// Option A (recommended): keep token in env on the Gateway
|
|
||||||
// (avoid writing secrets into config files)
|
|
||||||
// controlToken: "<token>"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
And set the auth token in the Gateway environment:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
export CLAWDBOT_BROWSER_CONTROL_TOKEN="<token>"
|
|
||||||
```
|
|
||||||
|
|
||||||
Option B: store the token in the Gateway config instead (same shared token):
|
|
||||||
|
|
||||||
```json5
|
|
||||||
{
|
|
||||||
browser: {
|
|
||||||
enabled: true,
|
|
||||||
controlUrl: "http://<browser-host>:18791",
|
|
||||||
controlToken: "<token>"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Security
|
## Security
|
||||||
|
|
||||||
This section covers the **browser control server** (`browser.controlUrl`) used for agent browser automation.
|
|
||||||
|
|
||||||
Key ideas:
|
Key ideas:
|
||||||
- Treat the browser control server like an admin API: **private network only**.
|
- Browser control is loopback-only; access flows through the Gateway’s auth or node pairing.
|
||||||
- Use **token auth** always when the server is reachable off-machine.
|
- Keep the Gateway and any node hosts on a private network (Tailscale); avoid public exposure.
|
||||||
- Prefer **Tailnet-only** connectivity over LAN exposure.
|
- Treat remote CDP URLs/tokens as secrets; prefer env vars or a secrets manager.
|
||||||
|
|
||||||
### Tokens (what is shared with what?)
|
Remote CDP tips:
|
||||||
|
- Prefer HTTPS endpoints and short-lived tokens where possible.
|
||||||
- `browser.controlToken` / `CLAWDBOT_BROWSER_CONTROL_TOKEN` is **only** for authenticating browser control HTTP requests to `browser.controlUrl`.
|
- Avoid embedding long-lived tokens directly in config files.
|
||||||
- It is **not** the Gateway token (`gateway.auth.token`) and **not** a node pairing token.
|
|
||||||
- You *can* reuse the same string value, but it’s better to keep them separate to reduce blast radius.
|
|
||||||
|
|
||||||
### Binding (don’t expose to your LAN by accident)
|
|
||||||
|
|
||||||
Recommended:
|
|
||||||
- Keep `clawdbot browser serve` bound to loopback (`127.0.0.1`) and publish it via Tailscale.
|
|
||||||
- Or bind to a Tailnet IP only (never `0.0.0.0`) and require a token.
|
|
||||||
|
|
||||||
Avoid:
|
|
||||||
- `--bind 0.0.0.0` (LAN-visible). Even with token auth, traffic is plain HTTP unless you also add TLS.
|
|
||||||
|
|
||||||
### TLS / HTTPS (recommended approach: terminate in front)
|
|
||||||
|
|
||||||
Best practice here: keep `clawdbot browser serve` on HTTP and terminate TLS in front.
|
|
||||||
|
|
||||||
If you’re already using Tailscale, you have two good options:
|
|
||||||
|
|
||||||
1) **Tailnet-only, still HTTP** (transport is encrypted by Tailscale):
|
|
||||||
- Keep `controlUrl` as `http://…` but ensure it’s only reachable over your tailnet.
|
|
||||||
|
|
||||||
2) **Serve HTTPS via Tailscale** (nice UX: `https://…` URL):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# on the browser machine
|
|
||||||
clawdbot browser serve --bind 127.0.0.1 --port 18791 --token <token>
|
|
||||||
tailscale serve https / http://127.0.0.1:18791
|
|
||||||
```
|
|
||||||
|
|
||||||
Then set your Gateway config `browser.controlUrl` to the HTTPS URL (MagicDNS/ts.net) and keep using the same token.
|
|
||||||
|
|
||||||
Notes:
|
|
||||||
- Do **not** use Tailscale Funnel for this unless you explicitly want to make the endpoint public.
|
|
||||||
- For Tailnet setup/background, see [Gateway web surfaces](/web/index) and the [Gateway CLI](/cli/gateway).
|
|
||||||
|
|
||||||
## Profiles (multi-browser)
|
## Profiles (multi-browser)
|
||||||
|
|
||||||
@ -318,13 +213,12 @@ Clawdbot can also drive **your existing Chrome tabs** (no separate “clawd” C
|
|||||||
Full guide: [Chrome extension](/tools/chrome-extension)
|
Full guide: [Chrome extension](/tools/chrome-extension)
|
||||||
|
|
||||||
Flow:
|
Flow:
|
||||||
- You run a **browser control server** (Gateway on the same machine, or `clawdbot browser serve`).
|
- The Gateway runs locally (same machine) or a node host runs on the browser machine.
|
||||||
- A local **relay server** listens at a loopback `cdpUrl` (default: `http://127.0.0.1:18792`).
|
- A local **relay server** listens at a loopback `cdpUrl` (default: `http://127.0.0.1:18792`).
|
||||||
- You click the **Clawdbot Browser Relay** extension icon on a tab to attach (it does not auto-attach).
|
- You click the **Clawdbot Browser Relay** extension icon on a tab to attach (it does not auto-attach).
|
||||||
- The agent controls that tab via the normal `browser` tool, by selecting the right profile.
|
- The agent controls that tab via the normal `browser` tool, by selecting the right profile.
|
||||||
|
|
||||||
If the Gateway runs on the same machine as Chrome (default setup), you usually **do not** need `clawdbot browser serve`.
|
If the Gateway runs elsewhere, run a node host on the browser machine so the Gateway can proxy browser actions.
|
||||||
Use `browser serve` only when the Gateway runs elsewhere (remote mode).
|
|
||||||
|
|
||||||
### Sandboxed sessions
|
### Sandboxed sessions
|
||||||
|
|
||||||
@ -387,8 +281,7 @@ Platforms:
|
|||||||
|
|
||||||
## Control API (optional)
|
## Control API (optional)
|
||||||
|
|
||||||
If you want to integrate directly, the browser control server exposes a small
|
For local integrations only, the Gateway exposes a small loopback HTTP API:
|
||||||
HTTP API:
|
|
||||||
|
|
||||||
- Status/start/stop: `GET /`, `POST /start`, `POST /stop`
|
- Status/start/stop: `GET /`, `POST /start`, `POST /stop`
|
||||||
- Tabs: `GET /tabs`, `POST /tabs/open`, `POST /tabs/focus`, `DELETE /tabs/:targetId`
|
- Tabs: `GET /tabs`, `POST /tabs/open`, `POST /tabs/focus`, `DELETE /tabs/:targetId`
|
||||||
@ -612,8 +505,11 @@ These are useful for “make the site behave like X” workflows:
|
|||||||
## Security & privacy
|
## Security & privacy
|
||||||
|
|
||||||
- The clawd browser profile may contain logged-in sessions; treat it as sensitive.
|
- The clawd browser profile may contain logged-in sessions; treat it as sensitive.
|
||||||
|
- `browser act kind=evaluate` / `clawdbot browser evaluate` and `wait --fn`
|
||||||
|
execute arbitrary JavaScript in the page context. Prompt injection can steer
|
||||||
|
this. Disable it with `browser.evaluateEnabled=false` if you do not need it.
|
||||||
- For logins and anti-bot notes (X/Twitter, etc.), see [Browser login + X/Twitter posting](/tools/browser-login).
|
- For logins and anti-bot notes (X/Twitter, etc.), see [Browser login + X/Twitter posting](/tools/browser-login).
|
||||||
- Keep control URLs loopback-only unless you intentionally expose the server.
|
- Keep the Gateway/node host private (loopback or tailnet-only).
|
||||||
- Remote CDP endpoints are powerful; tunnel and protect them.
|
- Remote CDP endpoints are powerful; tunnel and protect them.
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
@ -631,12 +527,10 @@ How it maps:
|
|||||||
- `browser act` uses the snapshot `ref` IDs to click/type/drag/select.
|
- `browser act` uses the snapshot `ref` IDs to click/type/drag/select.
|
||||||
- `browser screenshot` captures pixels (full page or element).
|
- `browser screenshot` captures pixels (full page or element).
|
||||||
- `browser` accepts:
|
- `browser` accepts:
|
||||||
- `profile` to choose a named browser profile (host or remote control server).
|
- `profile` to choose a named browser profile (clawd, chrome, or remote CDP).
|
||||||
- `target` (`sandbox` | `host` | `custom`) to select where the browser lives.
|
- `target` (`sandbox` | `host` | `node`) to select where the browser lives.
|
||||||
- `controlUrl` sets `target: "custom"` implicitly (remote control server).
|
|
||||||
- In sandboxed sessions, `target: "host"` requires `agents.defaults.sandbox.browser.allowHostControl=true`.
|
- In sandboxed sessions, `target: "host"` requires `agents.defaults.sandbox.browser.allowHostControl=true`.
|
||||||
- If `target` is omitted: sandboxed sessions default to `sandbox`, non-sandbox sessions default to `host`.
|
- If `target` is omitted: sandboxed sessions default to `sandbox`, non-sandbox sessions default to `host`.
|
||||||
- Sandbox allowlists can restrict `target: "custom"` to specific URLs/hosts/ports.
|
- If a browser-capable node is connected, the tool may auto-route to it unless you pin `target="host"` or `target="node"`.
|
||||||
- Defaults: allowlists unset (no restriction), and sandbox host control is disabled.
|
|
||||||
|
|
||||||
This keeps the agent deterministic and avoids brittle selectors.
|
This keeps the agent deterministic and avoids brittle selectors.
|
||||||
|
|||||||
@ -15,7 +15,7 @@ Attach/detach happens via a **single Chrome toolbar button**.
|
|||||||
## What it is (concept)
|
## What it is (concept)
|
||||||
|
|
||||||
There are three parts:
|
There are three parts:
|
||||||
- **Browser control server** (HTTP): the API the agent/tool calls (`browser.controlUrl`)
|
- **Browser control service** (Gateway or node): the API the agent/tool calls (via the Gateway)
|
||||||
- **Local relay server** (loopback CDP): bridges between the control server and the extension (`http://127.0.0.1:18792` by default)
|
- **Local relay server** (loopback CDP): bridges between the control server and the extension (`http://127.0.0.1:18792` by default)
|
||||||
- **Chrome MV3 extension**: attaches to the active tab using `chrome.debugger` and pipes CDP messages to the relay
|
- **Chrome MV3 extension**: attaches to the active tab using `chrome.debugger` and pipes CDP messages to the relay
|
||||||
|
|
||||||
@ -87,23 +87,22 @@ clawdbot browser create-profile \
|
|||||||
- `!`: relay not reachable (most common: browser relay server isn’t running on this machine).
|
- `!`: relay not reachable (most common: browser relay server isn’t running on this machine).
|
||||||
|
|
||||||
If you see `!`:
|
If you see `!`:
|
||||||
- Make sure the Gateway is running locally (default setup), or run `clawdbot browser serve` on this machine (remote gateway setup).
|
- Make sure the Gateway is running locally (default setup), or run a node host on this machine if the Gateway runs elsewhere.
|
||||||
- Open the extension Options page; it shows whether the relay is reachable.
|
- Open the extension Options page; it shows whether the relay is reachable.
|
||||||
|
|
||||||
## Do I need `clawdbot browser serve`?
|
## Remote Gateway (use a node host)
|
||||||
|
|
||||||
### Local Gateway (same machine as Chrome) — usually **no**
|
### Local Gateway (same machine as Chrome) — usually **no extra steps**
|
||||||
|
|
||||||
If the Gateway is running on the same machine as Chrome and your `browser.controlUrl` is loopback (default),
|
If the Gateway runs on the same machine as Chrome, it starts the browser control service on loopback
|
||||||
you typically **do not** need `clawdbot browser serve`.
|
and auto-starts the relay server. The extension talks to the local relay; the CLI/tool calls go to the Gateway.
|
||||||
|
|
||||||
The Gateway’s built-in browser control server will start on `http://127.0.0.1:18791/` and Clawdbot will
|
### Remote Gateway (Gateway runs elsewhere) — **run a node host**
|
||||||
auto-start the local relay server on `http://127.0.0.1:18792/`.
|
|
||||||
|
|
||||||
### Remote Gateway (Gateway runs elsewhere) — **yes**
|
If your Gateway runs on another machine, start a node host on the machine that runs Chrome.
|
||||||
|
The Gateway will proxy browser actions to that node; the extension + relay stay local to the browser machine.
|
||||||
|
|
||||||
If your Gateway runs on another machine, run `clawdbot browser serve` on the machine that runs Chrome
|
If multiple nodes are connected, pin one with `gateway.nodes.browser.node` or set `gateway.nodes.browser.mode`.
|
||||||
(and publish it via Tailscale Serve / TLS). See the section below.
|
|
||||||
|
|
||||||
## Sandboxing (tool containers)
|
## Sandboxing (tool containers)
|
||||||
|
|
||||||
@ -134,26 +133,10 @@ Then ensure the tool isn’t denied by tool policy, and (if needed) call `browse
|
|||||||
|
|
||||||
Debugging: `clawdbot sandbox explain`
|
Debugging: `clawdbot sandbox explain`
|
||||||
|
|
||||||
## Remote Gateway (recommended: Tailscale Serve)
|
## Remote access tips
|
||||||
|
|
||||||
Goal: Gateway runs on one machine, but Chrome runs somewhere else.
|
- Keep the Gateway and node host on the same tailnet; avoid exposing relay ports to LAN or public Internet.
|
||||||
|
- Pair nodes intentionally; disable browser proxy routing if you don’t want remote control (`gateway.nodes.browser.mode="off"`).
|
||||||
On the **browser machine**:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
clawdbot browser serve --bind 127.0.0.1 --port 18791 --token <token>
|
|
||||||
tailscale serve https / http://127.0.0.1:18791
|
|
||||||
```
|
|
||||||
|
|
||||||
On the **Gateway machine**:
|
|
||||||
- Set `browser.controlUrl` to the HTTPS Serve URL (MagicDNS/ts.net).
|
|
||||||
- Provide the token (prefer env):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
export CLAWDBOT_BROWSER_CONTROL_TOKEN="<token>"
|
|
||||||
```
|
|
||||||
|
|
||||||
Then the agent can drive the browser by calling the remote `browser.controlUrl` API, while the extension + relay stay local on the browser machine.
|
|
||||||
|
|
||||||
## How “extension path” works
|
## How “extension path” works
|
||||||
|
|
||||||
@ -176,8 +159,8 @@ This is powerful and risky. Treat it like giving the model “hands on your brow
|
|||||||
|
|
||||||
Recommendations:
|
Recommendations:
|
||||||
- Prefer a dedicated Chrome profile (separate from your personal browsing) for extension relay usage.
|
- Prefer a dedicated Chrome profile (separate from your personal browsing) for extension relay usage.
|
||||||
- Keep the browser control server tailnet-only (Tailscale) and require a token.
|
- Keep the Gateway and any node hosts tailnet-only; rely on Gateway auth + node pairing.
|
||||||
- Avoid exposing browser control over LAN (`0.0.0.0`) and avoid Funnel (public).
|
- Avoid exposing relay ports over LAN (`0.0.0.0`) and avoid Funnel (public).
|
||||||
|
|
||||||
Related:
|
Related:
|
||||||
- Browser tool overview: [Browser](/tools/browser)
|
- Browser tool overview: [Browser](/tools/browser)
|
||||||
|
|||||||
@ -67,7 +67,8 @@ Example:
|
|||||||
- macOS: `/opt/homebrew/bin`, `/usr/local/bin`, `/usr/bin`, `/bin`
|
- macOS: `/opt/homebrew/bin`, `/usr/local/bin`, `/usr/bin`, `/bin`
|
||||||
- Linux: `/usr/local/bin`, `/usr/bin`, `/bin`
|
- Linux: `/usr/local/bin`, `/usr/bin`, `/bin`
|
||||||
- `host=sandbox`: runs `sh -lc` (login shell) inside the container, so `/etc/profile` may reset `PATH`.
|
- `host=sandbox`: runs `sh -lc` (login shell) inside the container, so `/etc/profile` may reset `PATH`.
|
||||||
Clawdbot prepends `env.PATH` after profile sourcing; `tools.exec.pathPrepend` applies here too.
|
Clawdbot prepends `env.PATH` after profile sourcing via an internal env var (no shell interpolation);
|
||||||
|
`tools.exec.pathPrepend` applies here too.
|
||||||
- `host=node`: only env overrides you pass are sent to the node. `tools.exec.pathPrepend` only applies
|
- `host=node`: only env overrides you pass are sent to the node. `tools.exec.pathPrepend` only applies
|
||||||
if the exec call already sets `env.PATH`. Headless node hosts accept `PATH` only when it prepends
|
if the exec call already sets `env.PATH`. Headless node hosts accept `PATH` only when it prepends
|
||||||
the node host PATH (no replacement). macOS nodes drop `PATH` overrides entirely.
|
the node host PATH (no replacement). macOS nodes drop `PATH` overrides entirely.
|
||||||
|
|||||||
@ -249,16 +249,17 @@ Profile management:
|
|||||||
- `reset-profile` — kill orphan process on profile's port (local only)
|
- `reset-profile` — kill orphan process on profile's port (local only)
|
||||||
|
|
||||||
Common parameters:
|
Common parameters:
|
||||||
- `controlUrl` (defaults from config)
|
|
||||||
- `profile` (optional; defaults to `browser.defaultProfile`)
|
- `profile` (optional; defaults to `browser.defaultProfile`)
|
||||||
|
- `target` (`sandbox` | `host` | `node`)
|
||||||
|
- `node` (optional; picks a specific node id/name)
|
||||||
Notes:
|
Notes:
|
||||||
- Requires `browser.enabled=true` (default is `true`; set `false` to disable).
|
- Requires `browser.enabled=true` (default is `true`; set `false` to disable).
|
||||||
- Uses `browser.controlUrl` unless `controlUrl` is passed explicitly.
|
|
||||||
- All actions accept optional `profile` parameter for multi-instance support.
|
- All actions accept optional `profile` parameter for multi-instance support.
|
||||||
- When `profile` is omitted, uses `browser.defaultProfile` (defaults to "chrome").
|
- When `profile` is omitted, uses `browser.defaultProfile` (defaults to "chrome").
|
||||||
- Profile names: lowercase alphanumeric + hyphens only (max 64 chars).
|
- Profile names: lowercase alphanumeric + hyphens only (max 64 chars).
|
||||||
- Port range: 18800-18899 (~100 profiles max).
|
- Port range: 18800-18899 (~100 profiles max).
|
||||||
- Remote profiles are attach-only (no start/stop/reset).
|
- Remote profiles are attach-only (no start/stop/reset).
|
||||||
|
- If a browser-capable node is connected, the tool may auto-route to it (unless you pin `target`).
|
||||||
- `snapshot` defaults to `ai` when Playwright is installed; use `aria` for the accessibility tree.
|
- `snapshot` defaults to `ai` when Playwright is installed; use `aria` for the accessibility tree.
|
||||||
- `snapshot` also supports role-snapshot options (`interactive`, `compact`, `depth`, `selector`) which return refs like `e12`.
|
- `snapshot` also supports role-snapshot options (`interactive`, `compact`, `depth`, `selector`) which return refs like `e12`.
|
||||||
- `act` requires `ref` from `snapshot` (numeric `12` from AI snapshots, or `e12` from role snapshots); use `evaluate` for rare CSS selector needs.
|
- `act` requires `ref` from `snapshot` (numeric `12` from AI snapshots, or `e12` from role snapshots); use `evaluate` for rare CSS selector needs.
|
||||||
@ -410,7 +411,9 @@ Gateway-backed tools (`canvas`, `nodes`, `cron`):
|
|||||||
- `timeoutMs`
|
- `timeoutMs`
|
||||||
|
|
||||||
Browser tool:
|
Browser tool:
|
||||||
- `controlUrl` (defaults from config)
|
- `profile` (optional; defaults to `browser.defaultProfile`)
|
||||||
|
- `target` (`sandbox` | `host` | `node`)
|
||||||
|
- `node` (optional; pin a specific node id/name)
|
||||||
|
|
||||||
## Recommended agent flows
|
## Recommended agent flows
|
||||||
|
|
||||||
|
|||||||
@ -11,6 +11,7 @@ import type {
|
|||||||
import {
|
import {
|
||||||
buildChannelKeyCandidates,
|
buildChannelKeyCandidates,
|
||||||
normalizeChannelSlug,
|
normalizeChannelSlug,
|
||||||
|
resolveToolsBySender,
|
||||||
resolveChannelEntryMatchWithFallback,
|
resolveChannelEntryMatchWithFallback,
|
||||||
resolveNestedAllowlistDecision,
|
resolveNestedAllowlistDecision,
|
||||||
} from "clawdbot/plugin-sdk";
|
} from "clawdbot/plugin-sdk";
|
||||||
@ -106,9 +107,36 @@ export function resolveMSTeamsGroupToolPolicy(
|
|||||||
});
|
});
|
||||||
|
|
||||||
if (resolved.channelConfig) {
|
if (resolved.channelConfig) {
|
||||||
return resolved.channelConfig.tools ?? resolved.teamConfig?.tools;
|
const senderPolicy = resolveToolsBySender({
|
||||||
|
toolsBySender: resolved.channelConfig.toolsBySender,
|
||||||
|
senderId: params.senderId,
|
||||||
|
senderName: params.senderName,
|
||||||
|
senderUsername: params.senderUsername,
|
||||||
|
senderE164: params.senderE164,
|
||||||
|
});
|
||||||
|
if (senderPolicy) return senderPolicy;
|
||||||
|
if (resolved.channelConfig.tools) return resolved.channelConfig.tools;
|
||||||
|
const teamSenderPolicy = resolveToolsBySender({
|
||||||
|
toolsBySender: resolved.teamConfig?.toolsBySender,
|
||||||
|
senderId: params.senderId,
|
||||||
|
senderName: params.senderName,
|
||||||
|
senderUsername: params.senderUsername,
|
||||||
|
senderE164: params.senderE164,
|
||||||
|
});
|
||||||
|
if (teamSenderPolicy) return teamSenderPolicy;
|
||||||
|
return resolved.teamConfig?.tools;
|
||||||
|
}
|
||||||
|
if (resolved.teamConfig) {
|
||||||
|
const teamSenderPolicy = resolveToolsBySender({
|
||||||
|
toolsBySender: resolved.teamConfig.toolsBySender,
|
||||||
|
senderId: params.senderId,
|
||||||
|
senderName: params.senderName,
|
||||||
|
senderUsername: params.senderUsername,
|
||||||
|
senderE164: params.senderE164,
|
||||||
|
});
|
||||||
|
if (teamSenderPolicy) return teamSenderPolicy;
|
||||||
|
if (resolved.teamConfig.tools) return resolved.teamConfig.tools;
|
||||||
}
|
}
|
||||||
if (resolved.teamConfig?.tools) return resolved.teamConfig.tools;
|
|
||||||
|
|
||||||
if (!groupId) return undefined;
|
if (!groupId) return undefined;
|
||||||
|
|
||||||
@ -125,7 +153,24 @@ export function resolveMSTeamsGroupToolPolicy(
|
|||||||
normalizeKey: normalizeChannelSlug,
|
normalizeKey: normalizeChannelSlug,
|
||||||
});
|
});
|
||||||
if (match.entry) {
|
if (match.entry) {
|
||||||
return match.entry.tools ?? teamConfig?.tools;
|
const senderPolicy = resolveToolsBySender({
|
||||||
|
toolsBySender: match.entry.toolsBySender,
|
||||||
|
senderId: params.senderId,
|
||||||
|
senderName: params.senderName,
|
||||||
|
senderUsername: params.senderUsername,
|
||||||
|
senderE164: params.senderE164,
|
||||||
|
});
|
||||||
|
if (senderPolicy) return senderPolicy;
|
||||||
|
if (match.entry.tools) return match.entry.tools;
|
||||||
|
const teamSenderPolicy = resolveToolsBySender({
|
||||||
|
toolsBySender: teamConfig?.toolsBySender,
|
||||||
|
senderId: params.senderId,
|
||||||
|
senderName: params.senderName,
|
||||||
|
senderUsername: params.senderUsername,
|
||||||
|
senderE164: params.senderE164,
|
||||||
|
});
|
||||||
|
if (teamSenderPolicy) return teamSenderPolicy;
|
||||||
|
return teamConfig?.tools;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -82,7 +82,7 @@
|
|||||||
"docs:bin": "node scripts/build-docs-list.mjs",
|
"docs:bin": "node scripts/build-docs-list.mjs",
|
||||||
"docs:dev": "cd docs && mint dev",
|
"docs:dev": "cd docs && mint dev",
|
||||||
"docs:build": "cd docs && pnpm dlx --reporter append-only mint broken-links",
|
"docs:build": "cd docs && pnpm dlx --reporter append-only mint broken-links",
|
||||||
"build": "tsc -p tsconfig.json && node --import tsx scripts/canvas-a2ui-copy.ts && node --import tsx scripts/copy-hook-metadata.ts && node --import tsx scripts/write-build-info.ts",
|
"build": "pnpm canvas:a2ui:bundle && tsc -p tsconfig.json && node --import tsx scripts/canvas-a2ui-copy.ts && node --import tsx scripts/copy-hook-metadata.ts && node --import tsx scripts/write-build-info.ts",
|
||||||
"plugins:sync": "node --import tsx scripts/sync-plugin-versions.ts",
|
"plugins:sync": "node --import tsx scripts/sync-plugin-versions.ts",
|
||||||
"release:check": "node --import tsx scripts/release-check.ts",
|
"release:check": "node --import tsx scripts/release-check.ts",
|
||||||
"ui:install": "node scripts/ui.js install",
|
"ui:install": "node scripts/ui.js install",
|
||||||
|
|||||||
@ -1,8 +1,15 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
|
on_error() {
|
||||||
|
echo "A2UI bundling failed. Re-run with: pnpm canvas:a2ui:bundle" >&2
|
||||||
|
echo "If this persists, verify pnpm deps and try again." >&2
|
||||||
|
}
|
||||||
|
trap on_error ERR
|
||||||
|
|
||||||
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||||
HASH_FILE="$ROOT_DIR/src/canvas-host/a2ui/.bundle.hash"
|
HASH_FILE="$ROOT_DIR/src/canvas-host/a2ui/.bundle.hash"
|
||||||
|
OUTPUT_FILE="$ROOT_DIR/src/canvas-host/a2ui/a2ui.bundle.js"
|
||||||
|
|
||||||
INPUT_PATHS=(
|
INPUT_PATHS=(
|
||||||
"$ROOT_DIR/package.json"
|
"$ROOT_DIR/package.json"
|
||||||
@ -33,7 +40,7 @@ compute_hash() {
|
|||||||
current_hash="$(compute_hash)"
|
current_hash="$(compute_hash)"
|
||||||
if [[ -f "$HASH_FILE" ]]; then
|
if [[ -f "$HASH_FILE" ]]; then
|
||||||
previous_hash="$(cat "$HASH_FILE")"
|
previous_hash="$(cat "$HASH_FILE")"
|
||||||
if [[ "$previous_hash" == "$current_hash" ]]; then
|
if [[ "$previous_hash" == "$current_hash" && -f "$OUTPUT_FILE" ]]; then
|
||||||
echo "A2UI bundle up to date; skipping."
|
echo "A2UI bundle up to date; skipping."
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|||||||
@ -1,19 +1,44 @@
|
|||||||
import fs from "node:fs/promises";
|
import fs from "node:fs/promises";
|
||||||
import path from "node:path";
|
import path from "node:path";
|
||||||
import { fileURLToPath } from "node:url";
|
import { fileURLToPath, pathToFileURL } from "node:url";
|
||||||
|
|
||||||
const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
|
const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
|
||||||
const srcDir = path.join(repoRoot, "src", "canvas-host", "a2ui");
|
|
||||||
const outDir = path.join(repoRoot, "dist", "canvas-host", "a2ui");
|
|
||||||
|
|
||||||
async function main() {
|
export function getA2uiPaths(env = process.env) {
|
||||||
|
const srcDir =
|
||||||
|
env.CLAWDBOT_A2UI_SRC_DIR ?? path.join(repoRoot, "src", "canvas-host", "a2ui");
|
||||||
|
const outDir =
|
||||||
|
env.CLAWDBOT_A2UI_OUT_DIR ?? path.join(repoRoot, "dist", "canvas-host", "a2ui");
|
||||||
|
return { srcDir, outDir };
|
||||||
|
}
|
||||||
|
|
||||||
|
export async function copyA2uiAssets({
|
||||||
|
srcDir,
|
||||||
|
outDir,
|
||||||
|
}: {
|
||||||
|
srcDir: string;
|
||||||
|
outDir: string;
|
||||||
|
}) {
|
||||||
|
try {
|
||||||
await fs.stat(path.join(srcDir, "index.html"));
|
await fs.stat(path.join(srcDir, "index.html"));
|
||||||
await fs.stat(path.join(srcDir, "a2ui.bundle.js"));
|
await fs.stat(path.join(srcDir, "a2ui.bundle.js"));
|
||||||
|
} catch (err) {
|
||||||
|
const message =
|
||||||
|
'Missing A2UI bundle assets. Run "pnpm canvas:a2ui:bundle" and retry.';
|
||||||
|
throw new Error(message, { cause: err });
|
||||||
|
}
|
||||||
await fs.mkdir(path.dirname(outDir), { recursive: true });
|
await fs.mkdir(path.dirname(outDir), { recursive: true });
|
||||||
await fs.cp(srcDir, outDir, { recursive: true });
|
await fs.cp(srcDir, outDir, { recursive: true });
|
||||||
}
|
}
|
||||||
|
|
||||||
main().catch((err) => {
|
async function main() {
|
||||||
|
const { srcDir, outDir } = getA2uiPaths();
|
||||||
|
await copyA2uiAssets({ srcDir, outDir });
|
||||||
|
}
|
||||||
|
|
||||||
|
if (import.meta.url === pathToFileURL(process.argv[1] ?? "").href) {
|
||||||
|
main().catch((err) => {
|
||||||
console.error(String(err));
|
console.error(String(err));
|
||||||
process.exit(1);
|
process.exit(1);
|
||||||
});
|
});
|
||||||
|
}
|
||||||
|
|||||||
@ -60,11 +60,18 @@ export function buildDockerExecArgs(params: {
|
|||||||
for (const [key, value] of Object.entries(params.env)) {
|
for (const [key, value] of Object.entries(params.env)) {
|
||||||
args.push("-e", `${key}=${value}`);
|
args.push("-e", `${key}=${value}`);
|
||||||
}
|
}
|
||||||
|
const hasCustomPath = typeof params.env.PATH === "string" && params.env.PATH.length > 0;
|
||||||
|
if (hasCustomPath) {
|
||||||
|
// Avoid interpolating PATH into the shell command; pass it via env instead.
|
||||||
|
args.push("-e", `CLAWDBOT_PREPEND_PATH=${params.env.PATH}`);
|
||||||
|
}
|
||||||
// Login shell (-l) sources /etc/profile which resets PATH to a minimal set,
|
// Login shell (-l) sources /etc/profile which resets PATH to a minimal set,
|
||||||
// overriding both Docker ENV and -e PATH=... environment variables.
|
// overriding both Docker ENV and -e PATH=... environment variables.
|
||||||
// Prepend custom PATH after profile sourcing to ensure custom tools are accessible
|
// Prepend custom PATH after profile sourcing to ensure custom tools are accessible
|
||||||
// while preserving system paths that /etc/profile may have added.
|
// while preserving system paths that /etc/profile may have added.
|
||||||
const pathExport = params.env.PATH ? `export PATH="${params.env.PATH}:$PATH"; ` : "";
|
const pathExport = hasCustomPath
|
||||||
|
? 'export PATH="${CLAWDBOT_PREPEND_PATH}:$PATH"; unset CLAWDBOT_PREPEND_PATH; '
|
||||||
|
: "";
|
||||||
args.push(params.containerName, "sh", "-lc", `${pathExport}${params.command}`);
|
args.push(params.containerName, "sh", "-lc", `${pathExport}${params.command}`);
|
||||||
return args;
|
return args;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -318,9 +318,30 @@ describe("buildDockerExecArgs", () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
const commandArg = args[args.length - 1];
|
const commandArg = args[args.length - 1];
|
||||||
expect(commandArg).toContain('export PATH="/custom/bin:/usr/local/bin:/usr/bin:$PATH"');
|
expect(args).toContain("CLAWDBOT_PREPEND_PATH=/custom/bin:/usr/local/bin:/usr/bin");
|
||||||
|
expect(commandArg).toContain('export PATH="${CLAWDBOT_PREPEND_PATH}:$PATH"');
|
||||||
expect(commandArg).toContain("echo hello");
|
expect(commandArg).toContain("echo hello");
|
||||||
expect(commandArg).toBe('export PATH="/custom/bin:/usr/local/bin:/usr/bin:$PATH"; echo hello');
|
expect(commandArg).toBe(
|
||||||
|
'export PATH="${CLAWDBOT_PREPEND_PATH}:$PATH"; unset CLAWDBOT_PREPEND_PATH; echo hello',
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("does not interpolate PATH into the shell command", () => {
|
||||||
|
const injectedPath = "$(touch /tmp/clawdbot-path-injection)";
|
||||||
|
const args = buildDockerExecArgs({
|
||||||
|
containerName: "test-container",
|
||||||
|
command: "echo hello",
|
||||||
|
env: {
|
||||||
|
PATH: injectedPath,
|
||||||
|
HOME: "/home/user",
|
||||||
|
},
|
||||||
|
tty: false,
|
||||||
|
});
|
||||||
|
|
||||||
|
const commandArg = args[args.length - 1];
|
||||||
|
expect(args).toContain(`CLAWDBOT_PREPEND_PATH=${injectedPath}`);
|
||||||
|
expect(commandArg).not.toContain(injectedPath);
|
||||||
|
expect(commandArg).toContain("CLAWDBOT_PREPEND_PATH");
|
||||||
});
|
});
|
||||||
|
|
||||||
it("does not add PATH export when PATH is not in env", () => {
|
it("does not add PATH export when PATH is not in env", () => {
|
||||||
|
|||||||
@ -20,8 +20,10 @@ describe("gateway tool", () => {
|
|||||||
vi.useFakeTimers();
|
vi.useFakeTimers();
|
||||||
const kill = vi.spyOn(process, "kill").mockImplementation(() => true);
|
const kill = vi.spyOn(process, "kill").mockImplementation(() => true);
|
||||||
const previousStateDir = process.env.CLAWDBOT_STATE_DIR;
|
const previousStateDir = process.env.CLAWDBOT_STATE_DIR;
|
||||||
|
const previousProfile = process.env.CLAWDBOT_PROFILE;
|
||||||
const stateDir = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-test-"));
|
const stateDir = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-test-"));
|
||||||
process.env.CLAWDBOT_STATE_DIR = stateDir;
|
process.env.CLAWDBOT_STATE_DIR = stateDir;
|
||||||
|
process.env.CLAWDBOT_PROFILE = "isolated";
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const tool = createClawdbotTools({
|
const tool = createClawdbotTools({
|
||||||
@ -47,7 +49,9 @@ describe("gateway tool", () => {
|
|||||||
payload?: { kind?: string; doctorHint?: string | null };
|
payload?: { kind?: string; doctorHint?: string | null };
|
||||||
};
|
};
|
||||||
expect(parsed.payload?.kind).toBe("restart");
|
expect(parsed.payload?.kind).toBe("restart");
|
||||||
expect(parsed.payload?.doctorHint).toBe("Run: clawdbot doctor --non-interactive");
|
expect(parsed.payload?.doctorHint).toBe(
|
||||||
|
"Run: clawdbot --profile isolated doctor --non-interactive",
|
||||||
|
);
|
||||||
|
|
||||||
expect(kill).not.toHaveBeenCalled();
|
expect(kill).not.toHaveBeenCalled();
|
||||||
await vi.runAllTimersAsync();
|
await vi.runAllTimersAsync();
|
||||||
@ -60,6 +64,11 @@ describe("gateway tool", () => {
|
|||||||
} else {
|
} else {
|
||||||
process.env.CLAWDBOT_STATE_DIR = previousStateDir;
|
process.env.CLAWDBOT_STATE_DIR = previousStateDir;
|
||||||
}
|
}
|
||||||
|
if (previousProfile === undefined) {
|
||||||
|
delete process.env.CLAWDBOT_PROFILE;
|
||||||
|
} else {
|
||||||
|
process.env.CLAWDBOT_PROFILE = previousProfile;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@ -20,11 +20,8 @@ import { createWebFetchTool, createWebSearchTool } from "./tools/web-tools.js";
|
|||||||
import { createTtsTool } from "./tools/tts-tool.js";
|
import { createTtsTool } from "./tools/tts-tool.js";
|
||||||
|
|
||||||
export function createClawdbotTools(options?: {
|
export function createClawdbotTools(options?: {
|
||||||
browserControlUrl?: string;
|
sandboxBrowserBridgeUrl?: string;
|
||||||
allowHostBrowserControl?: boolean;
|
allowHostBrowserControl?: boolean;
|
||||||
allowedControlUrls?: string[];
|
|
||||||
allowedControlHosts?: string[];
|
|
||||||
allowedControlPorts?: number[];
|
|
||||||
agentSessionKey?: string;
|
agentSessionKey?: string;
|
||||||
agentChannel?: GatewayMessageChannel;
|
agentChannel?: GatewayMessageChannel;
|
||||||
agentAccountId?: string;
|
agentAccountId?: string;
|
||||||
@ -75,11 +72,8 @@ export function createClawdbotTools(options?: {
|
|||||||
});
|
});
|
||||||
const tools: AnyAgentTool[] = [
|
const tools: AnyAgentTool[] = [
|
||||||
createBrowserTool({
|
createBrowserTool({
|
||||||
defaultControlUrl: options?.browserControlUrl,
|
sandboxBridgeUrl: options?.sandboxBrowserBridgeUrl,
|
||||||
allowHostControl: options?.allowHostBrowserControl,
|
allowHostControl: options?.allowHostBrowserControl,
|
||||||
allowedControlUrls: options?.allowedControlUrls,
|
|
||||||
allowedControlHosts: options?.allowedControlHosts,
|
|
||||||
allowedControlPorts: options?.allowedControlPorts,
|
|
||||||
}),
|
}),
|
||||||
createCanvasTool(),
|
createCanvasTool(),
|
||||||
createNodesTool({
|
createNodesTool({
|
||||||
|
|||||||
@ -119,9 +119,16 @@ function mergeConfig(
|
|||||||
const provider = overrides?.provider ?? defaults?.provider ?? "auto";
|
const provider = overrides?.provider ?? defaults?.provider ?? "auto";
|
||||||
const defaultRemote = defaults?.remote;
|
const defaultRemote = defaults?.remote;
|
||||||
const overrideRemote = overrides?.remote;
|
const overrideRemote = overrides?.remote;
|
||||||
const hasRemote = Boolean(defaultRemote || overrideRemote);
|
const hasRemoteConfig = Boolean(
|
||||||
|
overrideRemote?.baseUrl ||
|
||||||
|
overrideRemote?.apiKey ||
|
||||||
|
overrideRemote?.headers ||
|
||||||
|
defaultRemote?.baseUrl ||
|
||||||
|
defaultRemote?.apiKey ||
|
||||||
|
defaultRemote?.headers,
|
||||||
|
);
|
||||||
const includeRemote =
|
const includeRemote =
|
||||||
hasRemote || provider === "openai" || provider === "gemini" || provider === "auto";
|
hasRemoteConfig || provider === "openai" || provider === "gemini" || provider === "auto";
|
||||||
const batch = {
|
const batch = {
|
||||||
enabled: overrideRemote?.batch?.enabled ?? defaultRemote?.batch?.enabled ?? true,
|
enabled: overrideRemote?.batch?.enabled ?? defaultRemote?.batch?.enabled ?? true,
|
||||||
wait: overrideRemote?.batch?.wait ?? defaultRemote?.batch?.wait ?? true,
|
wait: overrideRemote?.batch?.wait ?? defaultRemote?.batch?.wait ?? true,
|
||||||
|
|||||||
@ -1,6 +1,13 @@
|
|||||||
|
import crypto from "node:crypto";
|
||||||
|
import fs from "node:fs/promises";
|
||||||
|
import os from "node:os";
|
||||||
|
import path from "node:path";
|
||||||
import { describe, expect, it, vi } from "vitest";
|
import { describe, expect, it, vi } from "vitest";
|
||||||
|
|
||||||
import type { ClawdbotConfig } from "../config/config.js";
|
import type { ClawdbotConfig } from "../config/config.js";
|
||||||
|
import type { AuthProfileStore } from "./auth-profiles.js";
|
||||||
|
import { saveAuthProfileStore } from "./auth-profiles.js";
|
||||||
|
import { AUTH_STORE_VERSION } from "./auth-profiles/constants.js";
|
||||||
import { runWithModelFallback } from "./model-fallback.js";
|
import { runWithModelFallback } from "./model-fallback.js";
|
||||||
|
|
||||||
function makeCfg(overrides: Partial<ClawdbotConfig> = {}): ClawdbotConfig {
|
function makeCfg(overrides: Partial<ClawdbotConfig> = {}): ClawdbotConfig {
|
||||||
@ -117,6 +124,122 @@ describe("runWithModelFallback", () => {
|
|||||||
expect(run.mock.calls[1]?.[1]).toBe("claude-haiku-3-5");
|
expect(run.mock.calls[1]?.[1]).toBe("claude-haiku-3-5");
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("skips providers when all profiles are in cooldown", async () => {
|
||||||
|
const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-auth-"));
|
||||||
|
const provider = `cooldown-test-${crypto.randomUUID()}`;
|
||||||
|
const profileId = `${provider}:default`;
|
||||||
|
|
||||||
|
const store: AuthProfileStore = {
|
||||||
|
version: AUTH_STORE_VERSION,
|
||||||
|
profiles: {
|
||||||
|
[profileId]: {
|
||||||
|
type: "api_key",
|
||||||
|
provider,
|
||||||
|
key: "test-key",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
usageStats: {
|
||||||
|
[profileId]: {
|
||||||
|
cooldownUntil: Date.now() + 60_000,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
saveAuthProfileStore(store, tempDir);
|
||||||
|
|
||||||
|
const cfg = makeCfg({
|
||||||
|
agents: {
|
||||||
|
defaults: {
|
||||||
|
model: {
|
||||||
|
primary: `${provider}/m1`,
|
||||||
|
fallbacks: ["fallback/ok-model"],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
});
|
||||||
|
const run = vi.fn().mockImplementation(async (providerId, modelId) => {
|
||||||
|
if (providerId === "fallback") return "ok";
|
||||||
|
throw new Error(`unexpected provider: ${providerId}/${modelId}`);
|
||||||
|
});
|
||||||
|
|
||||||
|
try {
|
||||||
|
const result = await runWithModelFallback({
|
||||||
|
cfg,
|
||||||
|
provider,
|
||||||
|
model: "m1",
|
||||||
|
agentDir: tempDir,
|
||||||
|
run,
|
||||||
|
});
|
||||||
|
|
||||||
|
expect(result.result).toBe("ok");
|
||||||
|
expect(run.mock.calls).toEqual([["fallback", "ok-model"]]);
|
||||||
|
expect(result.attempts[0]?.reason).toBe("rate_limit");
|
||||||
|
} finally {
|
||||||
|
await fs.rm(tempDir, { recursive: true, force: true });
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
it("does not skip when any profile is available", async () => {
|
||||||
|
const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-auth-"));
|
||||||
|
const provider = `cooldown-mixed-${crypto.randomUUID()}`;
|
||||||
|
const profileA = `${provider}:a`;
|
||||||
|
const profileB = `${provider}:b`;
|
||||||
|
|
||||||
|
const store: AuthProfileStore = {
|
||||||
|
version: AUTH_STORE_VERSION,
|
||||||
|
profiles: {
|
||||||
|
[profileA]: {
|
||||||
|
type: "api_key",
|
||||||
|
provider,
|
||||||
|
key: "key-a",
|
||||||
|
},
|
||||||
|
[profileB]: {
|
||||||
|
type: "api_key",
|
||||||
|
provider,
|
||||||
|
key: "key-b",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
usageStats: {
|
||||||
|
[profileA]: {
|
||||||
|
cooldownUntil: Date.now() + 60_000,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
saveAuthProfileStore(store, tempDir);
|
||||||
|
|
||||||
|
const cfg = makeCfg({
|
||||||
|
agents: {
|
||||||
|
defaults: {
|
||||||
|
model: {
|
||||||
|
primary: `${provider}/m1`,
|
||||||
|
fallbacks: ["fallback/ok-model"],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
});
|
||||||
|
const run = vi.fn().mockImplementation(async (providerId) => {
|
||||||
|
if (providerId === provider) return "ok";
|
||||||
|
return "unexpected";
|
||||||
|
});
|
||||||
|
|
||||||
|
try {
|
||||||
|
const result = await runWithModelFallback({
|
||||||
|
cfg,
|
||||||
|
provider,
|
||||||
|
model: "m1",
|
||||||
|
agentDir: tempDir,
|
||||||
|
run,
|
||||||
|
});
|
||||||
|
|
||||||
|
expect(result.result).toBe("ok");
|
||||||
|
expect(run.mock.calls).toEqual([[provider, "m1"]]);
|
||||||
|
expect(result.attempts).toEqual([]);
|
||||||
|
} finally {
|
||||||
|
await fs.rm(tempDir, { recursive: true, force: true });
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
it("does not append configured primary when fallbacksOverride is set", async () => {
|
it("does not append configured primary when fallbacksOverride is set", async () => {
|
||||||
const cfg = makeCfg({
|
const cfg = makeCfg({
|
||||||
agents: {
|
agents: {
|
||||||
|
|||||||
@ -14,6 +14,11 @@ import {
|
|||||||
resolveModelRefFromString,
|
resolveModelRefFromString,
|
||||||
} from "./model-selection.js";
|
} from "./model-selection.js";
|
||||||
import type { FailoverReason } from "./pi-embedded-helpers.js";
|
import type { FailoverReason } from "./pi-embedded-helpers.js";
|
||||||
|
import {
|
||||||
|
ensureAuthProfileStore,
|
||||||
|
isProfileInCooldown,
|
||||||
|
resolveAuthProfileOrder,
|
||||||
|
} from "./auth-profiles.js";
|
||||||
|
|
||||||
type ModelCandidate = {
|
type ModelCandidate = {
|
||||||
provider: string;
|
provider: string;
|
||||||
@ -189,6 +194,7 @@ export async function runWithModelFallback<T>(params: {
|
|||||||
cfg: ClawdbotConfig | undefined;
|
cfg: ClawdbotConfig | undefined;
|
||||||
provider: string;
|
provider: string;
|
||||||
model: string;
|
model: string;
|
||||||
|
agentDir?: string;
|
||||||
/** Optional explicit fallbacks list; when provided (even empty), replaces agents.defaults.model.fallbacks. */
|
/** Optional explicit fallbacks list; when provided (even empty), replaces agents.defaults.model.fallbacks. */
|
||||||
fallbacksOverride?: string[];
|
fallbacksOverride?: string[];
|
||||||
run: (provider: string, model: string) => Promise<T>;
|
run: (provider: string, model: string) => Promise<T>;
|
||||||
@ -211,11 +217,33 @@ export async function runWithModelFallback<T>(params: {
|
|||||||
model: params.model,
|
model: params.model,
|
||||||
fallbacksOverride: params.fallbacksOverride,
|
fallbacksOverride: params.fallbacksOverride,
|
||||||
});
|
});
|
||||||
|
const authStore = params.cfg
|
||||||
|
? ensureAuthProfileStore(params.agentDir, { allowKeychainPrompt: false })
|
||||||
|
: null;
|
||||||
const attempts: FallbackAttempt[] = [];
|
const attempts: FallbackAttempt[] = [];
|
||||||
let lastError: unknown;
|
let lastError: unknown;
|
||||||
|
|
||||||
for (let i = 0; i < candidates.length; i += 1) {
|
for (let i = 0; i < candidates.length; i += 1) {
|
||||||
const candidate = candidates[i] as ModelCandidate;
|
const candidate = candidates[i] as ModelCandidate;
|
||||||
|
if (authStore) {
|
||||||
|
const profileIds = resolveAuthProfileOrder({
|
||||||
|
cfg: params.cfg,
|
||||||
|
store: authStore,
|
||||||
|
provider: candidate.provider,
|
||||||
|
});
|
||||||
|
const isAnyProfileAvailable = profileIds.some((id) => !isProfileInCooldown(authStore, id));
|
||||||
|
|
||||||
|
if (profileIds.length > 0 && !isAnyProfileAvailable) {
|
||||||
|
// All profiles for this provider are in cooldown; skip without attempting
|
||||||
|
attempts.push({
|
||||||
|
provider: candidate.provider,
|
||||||
|
model: candidate.model,
|
||||||
|
error: `Provider ${candidate.provider} is in cooldown (all profiles unavailable)`,
|
||||||
|
reason: "rate_limit",
|
||||||
|
});
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
const result = await params.run(candidate.provider, candidate.model);
|
const result = await params.run(candidate.provider, candidate.model);
|
||||||
return {
|
return {
|
||||||
|
|||||||
@ -127,7 +127,7 @@ describe("buildEmbeddedSandboxInfo", () => {
|
|||||||
},
|
},
|
||||||
browserAllowHostControl: true,
|
browserAllowHostControl: true,
|
||||||
browser: {
|
browser: {
|
||||||
controlUrl: "http://localhost:9222",
|
bridgeUrl: "http://localhost:9222",
|
||||||
noVncUrl: "http://localhost:6080",
|
noVncUrl: "http://localhost:6080",
|
||||||
containerName: "clawdbot-sbx-browser-test",
|
containerName: "clawdbot-sbx-browser-test",
|
||||||
},
|
},
|
||||||
@ -138,7 +138,7 @@ describe("buildEmbeddedSandboxInfo", () => {
|
|||||||
workspaceDir: "/tmp/clawdbot-sandbox",
|
workspaceDir: "/tmp/clawdbot-sandbox",
|
||||||
workspaceAccess: "none",
|
workspaceAccess: "none",
|
||||||
agentWorkspaceMount: undefined,
|
agentWorkspaceMount: undefined,
|
||||||
browserControlUrl: "http://localhost:9222",
|
browserBridgeUrl: "http://localhost:9222",
|
||||||
browserNoVncUrl: "http://localhost:6080",
|
browserNoVncUrl: "http://localhost:6080",
|
||||||
hostBrowserAllowed: true,
|
hostBrowserAllowed: true,
|
||||||
});
|
});
|
||||||
|
|||||||
@ -3,6 +3,7 @@ import os from "node:os";
|
|||||||
import path from "node:path";
|
import path from "node:path";
|
||||||
|
|
||||||
import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";
|
import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";
|
||||||
|
import "./test-helpers/fast-coding-tools.js";
|
||||||
import type { ClawdbotConfig } from "../config/config.js";
|
import type { ClawdbotConfig } from "../config/config.js";
|
||||||
import { ensureClawdbotModelsJson } from "./models-config.js";
|
import { ensureClawdbotModelsJson } from "./models-config.js";
|
||||||
|
|
||||||
|
|||||||
@ -215,6 +215,10 @@ export async function runEmbeddedAttempt(
|
|||||||
groupChannel: params.groupChannel,
|
groupChannel: params.groupChannel,
|
||||||
groupSpace: params.groupSpace,
|
groupSpace: params.groupSpace,
|
||||||
spawnedBy: params.spawnedBy,
|
spawnedBy: params.spawnedBy,
|
||||||
|
senderId: params.senderId,
|
||||||
|
senderName: params.senderName,
|
||||||
|
senderUsername: params.senderUsername,
|
||||||
|
senderE164: params.senderE164,
|
||||||
sessionKey: params.sessionKey ?? params.sessionId,
|
sessionKey: params.sessionKey ?? params.sessionId,
|
||||||
agentDir,
|
agentDir,
|
||||||
workspaceDir: effectiveWorkspace,
|
workspaceDir: effectiveWorkspace,
|
||||||
|
|||||||
@ -35,6 +35,10 @@ export type RunEmbeddedPiAgentParams = {
|
|||||||
groupSpace?: string | null;
|
groupSpace?: string | null;
|
||||||
/** Parent session key for subagent policy inheritance. */
|
/** Parent session key for subagent policy inheritance. */
|
||||||
spawnedBy?: string | null;
|
spawnedBy?: string | null;
|
||||||
|
senderId?: string | null;
|
||||||
|
senderName?: string | null;
|
||||||
|
senderUsername?: string | null;
|
||||||
|
senderE164?: string | null;
|
||||||
/** Current channel ID for auto-threading (Slack). */
|
/** Current channel ID for auto-threading (Slack). */
|
||||||
currentChannelId?: string;
|
currentChannelId?: string;
|
||||||
/** Current thread timestamp for auto-threading (Slack). */
|
/** Current thread timestamp for auto-threading (Slack). */
|
||||||
|
|||||||
@ -31,6 +31,10 @@ export type EmbeddedRunAttemptParams = {
|
|||||||
groupSpace?: string | null;
|
groupSpace?: string | null;
|
||||||
/** Parent session key for subagent policy inheritance. */
|
/** Parent session key for subagent policy inheritance. */
|
||||||
spawnedBy?: string | null;
|
spawnedBy?: string | null;
|
||||||
|
senderId?: string | null;
|
||||||
|
senderName?: string | null;
|
||||||
|
senderUsername?: string | null;
|
||||||
|
senderE164?: string | null;
|
||||||
currentChannelId?: string;
|
currentChannelId?: string;
|
||||||
currentThreadTs?: string;
|
currentThreadTs?: string;
|
||||||
replyToMode?: "off" | "first" | "all";
|
replyToMode?: "off" | "first" | "all";
|
||||||
|
|||||||
@ -13,12 +13,9 @@ export function buildEmbeddedSandboxInfo(
|
|||||||
workspaceDir: sandbox.workspaceDir,
|
workspaceDir: sandbox.workspaceDir,
|
||||||
workspaceAccess: sandbox.workspaceAccess,
|
workspaceAccess: sandbox.workspaceAccess,
|
||||||
agentWorkspaceMount: sandbox.workspaceAccess === "ro" ? "/agent" : undefined,
|
agentWorkspaceMount: sandbox.workspaceAccess === "ro" ? "/agent" : undefined,
|
||||||
browserControlUrl: sandbox.browser?.controlUrl,
|
browserBridgeUrl: sandbox.browser?.bridgeUrl,
|
||||||
browserNoVncUrl: sandbox.browser?.noVncUrl,
|
browserNoVncUrl: sandbox.browser?.noVncUrl,
|
||||||
hostBrowserAllowed: sandbox.browserAllowHostControl,
|
hostBrowserAllowed: sandbox.browserAllowHostControl,
|
||||||
allowedControlUrls: sandbox.browserAllowedControlUrls,
|
|
||||||
allowedControlHosts: sandbox.browserAllowedControlHosts,
|
|
||||||
allowedControlPorts: sandbox.browserAllowedControlPorts,
|
|
||||||
...(elevatedAllowed
|
...(elevatedAllowed
|
||||||
? {
|
? {
|
||||||
elevated: {
|
elevated: {
|
||||||
|
|||||||
@ -69,12 +69,9 @@ export type EmbeddedSandboxInfo = {
|
|||||||
workspaceDir?: string;
|
workspaceDir?: string;
|
||||||
workspaceAccess?: "none" | "ro" | "rw";
|
workspaceAccess?: "none" | "ro" | "rw";
|
||||||
agentWorkspaceMount?: string;
|
agentWorkspaceMount?: string;
|
||||||
browserControlUrl?: string;
|
browserBridgeUrl?: string;
|
||||||
browserNoVncUrl?: string;
|
browserNoVncUrl?: string;
|
||||||
hostBrowserAllowed?: boolean;
|
hostBrowserAllowed?: boolean;
|
||||||
allowedControlUrls?: string[];
|
|
||||||
allowedControlHosts?: string[];
|
|
||||||
allowedControlPorts?: number[];
|
|
||||||
elevated?: {
|
elevated?: {
|
||||||
allowed: boolean;
|
allowed: boolean;
|
||||||
defaultLevel: "on" | "off" | "ask" | "full";
|
defaultLevel: "on" | "off" | "ask" | "full";
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
import { describe, expect, it } from "vitest";
|
import { describe, expect, it } from "vitest";
|
||||||
|
import "./test-helpers/fast-coding-tools.js";
|
||||||
import type { ClawdbotConfig } from "../config/config.js";
|
import type { ClawdbotConfig } from "../config/config.js";
|
||||||
import { createClawdbotCodingTools } from "./pi-tools.js";
|
import { createClawdbotCodingTools } from "./pi-tools.js";
|
||||||
import type { SandboxDockerConfig } from "./sandbox.js";
|
import type { SandboxDockerConfig } from "./sandbox.js";
|
||||||
@ -270,6 +271,75 @@ describe("Agent-specific tool filtering", () => {
|
|||||||
expect(defaultNames).not.toContain("exec");
|
expect(defaultNames).not.toContain("exec");
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("should apply per-sender tool policies for group tools", () => {
|
||||||
|
const cfg: ClawdbotConfig = {
|
||||||
|
channels: {
|
||||||
|
whatsapp: {
|
||||||
|
groups: {
|
||||||
|
"*": {
|
||||||
|
tools: { allow: ["read"] },
|
||||||
|
toolsBySender: {
|
||||||
|
alice: { allow: ["read", "exec"] },
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
const aliceTools = createClawdbotCodingTools({
|
||||||
|
config: cfg,
|
||||||
|
sessionKey: "agent:main:whatsapp:group:family",
|
||||||
|
senderId: "alice",
|
||||||
|
workspaceDir: "/tmp/test-group-sender",
|
||||||
|
agentDir: "/tmp/agent-group-sender",
|
||||||
|
});
|
||||||
|
const aliceNames = aliceTools.map((t) => t.name);
|
||||||
|
expect(aliceNames).toContain("read");
|
||||||
|
expect(aliceNames).toContain("exec");
|
||||||
|
|
||||||
|
const bobTools = createClawdbotCodingTools({
|
||||||
|
config: cfg,
|
||||||
|
sessionKey: "agent:main:whatsapp:group:family",
|
||||||
|
senderId: "bob",
|
||||||
|
workspaceDir: "/tmp/test-group-sender-bob",
|
||||||
|
agentDir: "/tmp/agent-group-sender",
|
||||||
|
});
|
||||||
|
const bobNames = bobTools.map((t) => t.name);
|
||||||
|
expect(bobNames).toContain("read");
|
||||||
|
expect(bobNames).not.toContain("exec");
|
||||||
|
});
|
||||||
|
|
||||||
|
it("should not let default sender policy override group tools", () => {
|
||||||
|
const cfg: ClawdbotConfig = {
|
||||||
|
channels: {
|
||||||
|
whatsapp: {
|
||||||
|
groups: {
|
||||||
|
"*": {
|
||||||
|
toolsBySender: {
|
||||||
|
admin: { allow: ["read", "exec"] },
|
||||||
|
},
|
||||||
|
},
|
||||||
|
locked: {
|
||||||
|
tools: { allow: ["read"] },
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
const adminTools = createClawdbotCodingTools({
|
||||||
|
config: cfg,
|
||||||
|
sessionKey: "agent:main:whatsapp:group:locked",
|
||||||
|
senderId: "admin",
|
||||||
|
workspaceDir: "/tmp/test-group-default-override",
|
||||||
|
agentDir: "/tmp/agent-group-default-override",
|
||||||
|
});
|
||||||
|
const adminNames = adminTools.map((t) => t.name);
|
||||||
|
expect(adminNames).toContain("read");
|
||||||
|
expect(adminNames).not.toContain("exec");
|
||||||
|
});
|
||||||
|
|
||||||
it("should resolve telegram group tool policy for topic session keys", () => {
|
it("should resolve telegram group tool policy for topic session keys", () => {
|
||||||
const cfg: ClawdbotConfig = {
|
const cfg: ClawdbotConfig = {
|
||||||
channels: {
|
channels: {
|
||||||
|
|||||||
@ -96,7 +96,6 @@ describe("createClawdbotCodingTools", () => {
|
|||||||
};
|
};
|
||||||
expect(parameters.properties?.action).toBeDefined();
|
expect(parameters.properties?.action).toBeDefined();
|
||||||
expect(parameters.properties?.target).toBeDefined();
|
expect(parameters.properties?.target).toBeDefined();
|
||||||
expect(parameters.properties?.controlUrl).toBeDefined();
|
|
||||||
expect(parameters.properties?.targetUrl).toBeDefined();
|
expect(parameters.properties?.targetUrl).toBeDefined();
|
||||||
expect(parameters.properties?.request).toBeDefined();
|
expect(parameters.properties?.request).toBeDefined();
|
||||||
expect(parameters.required ?? []).toContain("action");
|
expect(parameters.required ?? []).toContain("action");
|
||||||
|
|||||||
@ -233,6 +233,10 @@ export function resolveGroupToolPolicy(params: {
|
|||||||
groupChannel?: string | null;
|
groupChannel?: string | null;
|
||||||
groupSpace?: string | null;
|
groupSpace?: string | null;
|
||||||
accountId?: string | null;
|
accountId?: string | null;
|
||||||
|
senderId?: string | null;
|
||||||
|
senderName?: string | null;
|
||||||
|
senderUsername?: string | null;
|
||||||
|
senderE164?: string | null;
|
||||||
}): SandboxToolPolicy | undefined {
|
}): SandboxToolPolicy | undefined {
|
||||||
if (!params.config) return undefined;
|
if (!params.config) return undefined;
|
||||||
const sessionContext = resolveGroupContextFromSessionKey(params.sessionKey);
|
const sessionContext = resolveGroupContextFromSessionKey(params.sessionKey);
|
||||||
@ -255,12 +259,20 @@ export function resolveGroupToolPolicy(params: {
|
|||||||
groupChannel: params.groupChannel,
|
groupChannel: params.groupChannel,
|
||||||
groupSpace: params.groupSpace,
|
groupSpace: params.groupSpace,
|
||||||
accountId: params.accountId,
|
accountId: params.accountId,
|
||||||
|
senderId: params.senderId,
|
||||||
|
senderName: params.senderName,
|
||||||
|
senderUsername: params.senderUsername,
|
||||||
|
senderE164: params.senderE164,
|
||||||
}) ??
|
}) ??
|
||||||
resolveChannelGroupToolsPolicy({
|
resolveChannelGroupToolsPolicy({
|
||||||
cfg: params.config,
|
cfg: params.config,
|
||||||
channel,
|
channel,
|
||||||
groupId,
|
groupId,
|
||||||
accountId: params.accountId,
|
accountId: params.accountId,
|
||||||
|
senderId: params.senderId,
|
||||||
|
senderName: params.senderName,
|
||||||
|
senderUsername: params.senderUsername,
|
||||||
|
senderE164: params.senderE164,
|
||||||
});
|
});
|
||||||
return pickToolPolicy(toolsConfig);
|
return pickToolPolicy(toolsConfig);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -140,6 +140,10 @@ export function createClawdbotCodingTools(options?: {
|
|||||||
groupSpace?: string | null;
|
groupSpace?: string | null;
|
||||||
/** Parent session key for subagent group policy inheritance. */
|
/** Parent session key for subagent group policy inheritance. */
|
||||||
spawnedBy?: string | null;
|
spawnedBy?: string | null;
|
||||||
|
senderId?: string | null;
|
||||||
|
senderName?: string | null;
|
||||||
|
senderUsername?: string | null;
|
||||||
|
senderE164?: string | null;
|
||||||
/** Reply-to mode for Slack auto-threading. */
|
/** Reply-to mode for Slack auto-threading. */
|
||||||
replyToMode?: "off" | "first" | "all";
|
replyToMode?: "off" | "first" | "all";
|
||||||
/** Mutable ref to track if a reply was sent (for "first" mode). */
|
/** Mutable ref to track if a reply was sent (for "first" mode). */
|
||||||
@ -174,6 +178,10 @@ export function createClawdbotCodingTools(options?: {
|
|||||||
groupChannel: options?.groupChannel,
|
groupChannel: options?.groupChannel,
|
||||||
groupSpace: options?.groupSpace,
|
groupSpace: options?.groupSpace,
|
||||||
accountId: options?.agentAccountId,
|
accountId: options?.agentAccountId,
|
||||||
|
senderId: options?.senderId,
|
||||||
|
senderName: options?.senderName,
|
||||||
|
senderUsername: options?.senderUsername,
|
||||||
|
senderE164: options?.senderE164,
|
||||||
});
|
});
|
||||||
const profilePolicy = resolveToolProfilePolicy(profile);
|
const profilePolicy = resolveToolProfilePolicy(profile);
|
||||||
const providerProfilePolicy = resolveToolProfilePolicy(providerProfile);
|
const providerProfilePolicy = resolveToolProfilePolicy(providerProfile);
|
||||||
@ -294,11 +302,8 @@ export function createClawdbotCodingTools(options?: {
|
|||||||
// Channel docking: include channel-defined agent tools (login, etc.).
|
// Channel docking: include channel-defined agent tools (login, etc.).
|
||||||
...listChannelAgentTools({ cfg: options?.config }),
|
...listChannelAgentTools({ cfg: options?.config }),
|
||||||
...createClawdbotTools({
|
...createClawdbotTools({
|
||||||
browserControlUrl: sandbox?.browser?.controlUrl,
|
sandboxBrowserBridgeUrl: sandbox?.browser?.bridgeUrl,
|
||||||
allowHostBrowserControl: sandbox ? sandbox.browserAllowHostControl : true,
|
allowHostBrowserControl: sandbox ? sandbox.browserAllowHostControl : true,
|
||||||
allowedControlUrls: sandbox?.browserAllowedControlUrls,
|
|
||||||
allowedControlHosts: sandbox?.browserAllowedControlHosts,
|
|
||||||
allowedControlPorts: sandbox?.browserAllowedControlPorts,
|
|
||||||
agentSessionKey: options?.sessionKey,
|
agentSessionKey: options?.sessionKey,
|
||||||
agentChannel: resolveGatewayMessageChannel(options?.messageProvider),
|
agentChannel: resolveGatewayMessageChannel(options?.messageProvider),
|
||||||
agentAccountId: options?.agentAccountId,
|
agentAccountId: options?.agentAccountId,
|
||||||
|
|||||||
@ -1,6 +1,9 @@
|
|||||||
import { startBrowserBridgeServer, stopBrowserBridgeServer } from "../../browser/bridge-server.js";
|
import { startBrowserBridgeServer, stopBrowserBridgeServer } from "../../browser/bridge-server.js";
|
||||||
import { type ResolvedBrowserConfig, resolveProfile } from "../../browser/config.js";
|
import { type ResolvedBrowserConfig, resolveProfile } from "../../browser/config.js";
|
||||||
import { DEFAULT_CLAWD_BROWSER_COLOR } from "../../browser/constants.js";
|
import {
|
||||||
|
DEFAULT_BROWSER_EVALUATE_ENABLED,
|
||||||
|
DEFAULT_CLAWD_BROWSER_COLOR,
|
||||||
|
} from "../../browser/constants.js";
|
||||||
import { BROWSER_BRIDGES } from "./browser-bridges.js";
|
import { BROWSER_BRIDGES } from "./browser-bridges.js";
|
||||||
import { DEFAULT_SANDBOX_BROWSER_IMAGE, SANDBOX_AGENT_WORKSPACE_MOUNT } from "./constants.js";
|
import { DEFAULT_SANDBOX_BROWSER_IMAGE, SANDBOX_AGENT_WORKSPACE_MOUNT } from "./constants.js";
|
||||||
import {
|
import {
|
||||||
@ -39,14 +42,12 @@ function buildSandboxBrowserResolvedConfig(params: {
|
|||||||
controlPort: number;
|
controlPort: number;
|
||||||
cdpPort: number;
|
cdpPort: number;
|
||||||
headless: boolean;
|
headless: boolean;
|
||||||
|
evaluateEnabled: boolean;
|
||||||
}): ResolvedBrowserConfig {
|
}): ResolvedBrowserConfig {
|
||||||
const controlHost = "127.0.0.1";
|
|
||||||
const controlUrl = `http://${controlHost}:${params.controlPort}`;
|
|
||||||
const cdpHost = "127.0.0.1";
|
const cdpHost = "127.0.0.1";
|
||||||
return {
|
return {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
controlUrl,
|
evaluateEnabled: params.evaluateEnabled,
|
||||||
controlHost,
|
|
||||||
controlPort: params.controlPort,
|
controlPort: params.controlPort,
|
||||||
cdpProtocol: "http",
|
cdpProtocol: "http",
|
||||||
cdpHost,
|
cdpHost,
|
||||||
@ -80,6 +81,7 @@ export async function ensureSandboxBrowser(params: {
|
|||||||
workspaceDir: string;
|
workspaceDir: string;
|
||||||
agentWorkspaceDir: string;
|
agentWorkspaceDir: string;
|
||||||
cfg: SandboxConfig;
|
cfg: SandboxConfig;
|
||||||
|
evaluateEnabled?: boolean;
|
||||||
}): Promise<SandboxBrowserContext | null> {
|
}): Promise<SandboxBrowserContext | null> {
|
||||||
if (!params.cfg.browser.enabled) return null;
|
if (!params.cfg.browser.enabled) return null;
|
||||||
if (!isToolAllowed(params.cfg.tools, "browser")) return null;
|
if (!isToolAllowed(params.cfg.tools, "browser")) return null;
|
||||||
@ -174,6 +176,7 @@ export async function ensureSandboxBrowser(params: {
|
|||||||
controlPort: 0,
|
controlPort: 0,
|
||||||
cdpPort: mappedCdp,
|
cdpPort: mappedCdp,
|
||||||
headless: params.cfg.browser.headless,
|
headless: params.cfg.browser.headless,
|
||||||
|
evaluateEnabled: params.evaluateEnabled ?? DEFAULT_BROWSER_EVALUATE_ENABLED,
|
||||||
}),
|
}),
|
||||||
onEnsureAttachTarget,
|
onEnsureAttachTarget,
|
||||||
});
|
});
|
||||||
@ -204,7 +207,7 @@ export async function ensureSandboxBrowser(params: {
|
|||||||
: undefined;
|
: undefined;
|
||||||
|
|
||||||
return {
|
return {
|
||||||
controlUrl: resolvedBridge.baseUrl,
|
bridgeUrl: resolvedBridge.baseUrl,
|
||||||
noVncUrl,
|
noVncUrl,
|
||||||
containerName,
|
containerName,
|
||||||
};
|
};
|
||||||
|
|||||||
@ -86,11 +86,6 @@ export function resolveSandboxBrowserConfig(params: {
|
|||||||
}): SandboxBrowserConfig {
|
}): SandboxBrowserConfig {
|
||||||
const agentBrowser = params.scope === "shared" ? undefined : params.agentBrowser;
|
const agentBrowser = params.scope === "shared" ? undefined : params.agentBrowser;
|
||||||
const globalBrowser = params.globalBrowser;
|
const globalBrowser = params.globalBrowser;
|
||||||
const allowedControlUrls = agentBrowser?.allowedControlUrls ?? globalBrowser?.allowedControlUrls;
|
|
||||||
const allowedControlHosts =
|
|
||||||
agentBrowser?.allowedControlHosts ?? globalBrowser?.allowedControlHosts;
|
|
||||||
const allowedControlPorts =
|
|
||||||
agentBrowser?.allowedControlPorts ?? globalBrowser?.allowedControlPorts;
|
|
||||||
return {
|
return {
|
||||||
enabled: agentBrowser?.enabled ?? globalBrowser?.enabled ?? false,
|
enabled: agentBrowser?.enabled ?? globalBrowser?.enabled ?? false,
|
||||||
image: agentBrowser?.image ?? globalBrowser?.image ?? DEFAULT_SANDBOX_BROWSER_IMAGE,
|
image: agentBrowser?.image ?? globalBrowser?.image ?? DEFAULT_SANDBOX_BROWSER_IMAGE,
|
||||||
@ -105,18 +100,6 @@ export function resolveSandboxBrowserConfig(params: {
|
|||||||
headless: agentBrowser?.headless ?? globalBrowser?.headless ?? false,
|
headless: agentBrowser?.headless ?? globalBrowser?.headless ?? false,
|
||||||
enableNoVnc: agentBrowser?.enableNoVnc ?? globalBrowser?.enableNoVnc ?? true,
|
enableNoVnc: agentBrowser?.enableNoVnc ?? globalBrowser?.enableNoVnc ?? true,
|
||||||
allowHostControl: agentBrowser?.allowHostControl ?? globalBrowser?.allowHostControl ?? false,
|
allowHostControl: agentBrowser?.allowHostControl ?? globalBrowser?.allowHostControl ?? false,
|
||||||
allowedControlUrls:
|
|
||||||
Array.isArray(allowedControlUrls) && allowedControlUrls.length > 0
|
|
||||||
? allowedControlUrls
|
|
||||||
: undefined,
|
|
||||||
allowedControlHosts:
|
|
||||||
Array.isArray(allowedControlHosts) && allowedControlHosts.length > 0
|
|
||||||
? allowedControlHosts
|
|
||||||
: undefined,
|
|
||||||
allowedControlPorts:
|
|
||||||
Array.isArray(allowedControlPorts) && allowedControlPorts.length > 0
|
|
||||||
? allowedControlPorts
|
|
||||||
: undefined,
|
|
||||||
autoStart: agentBrowser?.autoStart ?? globalBrowser?.autoStart ?? true,
|
autoStart: agentBrowser?.autoStart ?? globalBrowser?.autoStart ?? true,
|
||||||
autoStartTimeoutMs:
|
autoStartTimeoutMs:
|
||||||
agentBrowser?.autoStartTimeoutMs ??
|
agentBrowser?.autoStartTimeoutMs ??
|
||||||
|
|||||||
@ -3,6 +3,7 @@ import fs from "node:fs/promises";
|
|||||||
import type { ClawdbotConfig } from "../../config/config.js";
|
import type { ClawdbotConfig } from "../../config/config.js";
|
||||||
import { defaultRuntime } from "../../runtime.js";
|
import { defaultRuntime } from "../../runtime.js";
|
||||||
import { resolveUserPath } from "../../utils.js";
|
import { resolveUserPath } from "../../utils.js";
|
||||||
|
import { DEFAULT_BROWSER_EVALUATE_ENABLED } from "../../browser/constants.js";
|
||||||
import { syncSkillsToWorkspace } from "../skills.js";
|
import { syncSkillsToWorkspace } from "../skills.js";
|
||||||
import { DEFAULT_AGENT_WORKSPACE_DIR } from "../workspace.js";
|
import { DEFAULT_AGENT_WORKSPACE_DIR } from "../workspace.js";
|
||||||
import { ensureSandboxBrowser } from "./browser.js";
|
import { ensureSandboxBrowser } from "./browser.js";
|
||||||
@ -69,11 +70,14 @@ export async function resolveSandboxContext(params: {
|
|||||||
cfg,
|
cfg,
|
||||||
});
|
});
|
||||||
|
|
||||||
|
const evaluateEnabled =
|
||||||
|
params.config?.browser?.evaluateEnabled ?? DEFAULT_BROWSER_EVALUATE_ENABLED;
|
||||||
const browser = await ensureSandboxBrowser({
|
const browser = await ensureSandboxBrowser({
|
||||||
scopeKey,
|
scopeKey,
|
||||||
workspaceDir,
|
workspaceDir,
|
||||||
agentWorkspaceDir,
|
agentWorkspaceDir,
|
||||||
cfg,
|
cfg,
|
||||||
|
evaluateEnabled,
|
||||||
});
|
});
|
||||||
|
|
||||||
return {
|
return {
|
||||||
@ -87,9 +91,6 @@ export async function resolveSandboxContext(params: {
|
|||||||
docker: cfg.docker,
|
docker: cfg.docker,
|
||||||
tools: cfg.tools,
|
tools: cfg.tools,
|
||||||
browserAllowHostControl: cfg.browser.allowHostControl,
|
browserAllowHostControl: cfg.browser.allowHostControl,
|
||||||
browserAllowedControlUrls: cfg.browser.allowedControlUrls,
|
|
||||||
browserAllowedControlHosts: cfg.browser.allowedControlHosts,
|
|
||||||
browserAllowedControlPorts: cfg.browser.allowedControlPorts,
|
|
||||||
browser: browser ?? undefined,
|
browser: browser ?? undefined,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@ -37,9 +37,6 @@ export type SandboxBrowserConfig = {
|
|||||||
headless: boolean;
|
headless: boolean;
|
||||||
enableNoVnc: boolean;
|
enableNoVnc: boolean;
|
||||||
allowHostControl: boolean;
|
allowHostControl: boolean;
|
||||||
allowedControlUrls?: string[];
|
|
||||||
allowedControlHosts?: string[];
|
|
||||||
allowedControlPorts?: number[];
|
|
||||||
autoStart: boolean;
|
autoStart: boolean;
|
||||||
autoStartTimeoutMs: number;
|
autoStartTimeoutMs: number;
|
||||||
};
|
};
|
||||||
@ -63,7 +60,7 @@ export type SandboxConfig = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
export type SandboxBrowserContext = {
|
export type SandboxBrowserContext = {
|
||||||
controlUrl: string;
|
bridgeUrl: string;
|
||||||
noVncUrl?: string;
|
noVncUrl?: string;
|
||||||
containerName: string;
|
containerName: string;
|
||||||
};
|
};
|
||||||
@ -79,9 +76,6 @@ export type SandboxContext = {
|
|||||||
docker: SandboxDockerConfig;
|
docker: SandboxDockerConfig;
|
||||||
tools: SandboxToolPolicy;
|
tools: SandboxToolPolicy;
|
||||||
browserAllowHostControl: boolean;
|
browserAllowHostControl: boolean;
|
||||||
browserAllowedControlUrls?: string[];
|
|
||||||
browserAllowedControlHosts?: string[];
|
|
||||||
browserAllowedControlPorts?: number[];
|
|
||||||
browser?: SandboxBrowserContext;
|
browser?: SandboxBrowserContext;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -104,7 +104,7 @@ describe("acquireSessionWriteLock", () => {
|
|||||||
});
|
});
|
||||||
it("cleans up locks on SIGINT without removing other handlers", async () => {
|
it("cleans up locks on SIGINT without removing other handlers", async () => {
|
||||||
const root = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-lock-"));
|
const root = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-lock-"));
|
||||||
const originalKill = process.kill.bind(process);
|
const originalKill = process.kill.bind(process) as typeof process.kill;
|
||||||
const killCalls: Array<NodeJS.Signals | undefined> = [];
|
const killCalls: Array<NodeJS.Signals | undefined> = [];
|
||||||
let otherHandlerCalled = false;
|
let otherHandlerCalled = false;
|
||||||
|
|
||||||
|
|||||||
@ -6,6 +6,7 @@ import type { SkillEligibilityContext, SkillEntry } from "./types.js";
|
|||||||
|
|
||||||
const DEFAULT_CONFIG_VALUES: Record<string, boolean> = {
|
const DEFAULT_CONFIG_VALUES: Record<string, boolean> = {
|
||||||
"browser.enabled": true,
|
"browser.enabled": true,
|
||||||
|
"browser.evaluateEnabled": true,
|
||||||
};
|
};
|
||||||
|
|
||||||
function isTruthy(value: unknown): boolean {
|
function isTruthy(value: unknown): boolean {
|
||||||
|
|||||||
@ -165,12 +165,9 @@ export function buildAgentSystemPrompt(params: {
|
|||||||
workspaceDir?: string;
|
workspaceDir?: string;
|
||||||
workspaceAccess?: "none" | "ro" | "rw";
|
workspaceAccess?: "none" | "ro" | "rw";
|
||||||
agentWorkspaceMount?: string;
|
agentWorkspaceMount?: string;
|
||||||
browserControlUrl?: string;
|
browserBridgeUrl?: string;
|
||||||
browserNoVncUrl?: string;
|
browserNoVncUrl?: string;
|
||||||
hostBrowserAllowed?: boolean;
|
hostBrowserAllowed?: boolean;
|
||||||
allowedControlUrls?: string[];
|
|
||||||
allowedControlHosts?: string[];
|
|
||||||
allowedControlPorts?: number[];
|
|
||||||
elevated?: {
|
elevated?: {
|
||||||
allowed: boolean;
|
allowed: boolean;
|
||||||
defaultLevel: "on" | "off" | "ask" | "full";
|
defaultLevel: "on" | "off" | "ask" | "full";
|
||||||
@ -419,9 +416,7 @@ export function buildAgentSystemPrompt(params: {
|
|||||||
: ""
|
: ""
|
||||||
}`
|
}`
|
||||||
: "",
|
: "",
|
||||||
params.sandboxInfo.browserControlUrl
|
params.sandboxInfo.browserBridgeUrl ? "Sandbox browser: enabled." : "",
|
||||||
? `Sandbox browser control URL: ${params.sandboxInfo.browserControlUrl}`
|
|
||||||
: "",
|
|
||||||
params.sandboxInfo.browserNoVncUrl
|
params.sandboxInfo.browserNoVncUrl
|
||||||
? `Sandbox browser observer (noVNC): ${params.sandboxInfo.browserNoVncUrl}`
|
? `Sandbox browser observer (noVNC): ${params.sandboxInfo.browserNoVncUrl}`
|
||||||
: "",
|
: "",
|
||||||
@ -430,15 +425,6 @@ export function buildAgentSystemPrompt(params: {
|
|||||||
: params.sandboxInfo.hostBrowserAllowed === false
|
: params.sandboxInfo.hostBrowserAllowed === false
|
||||||
? "Host browser control: blocked."
|
? "Host browser control: blocked."
|
||||||
: "",
|
: "",
|
||||||
params.sandboxInfo.allowedControlUrls?.length
|
|
||||||
? `Browser control URL allowlist: ${params.sandboxInfo.allowedControlUrls.join(", ")}`
|
|
||||||
: "",
|
|
||||||
params.sandboxInfo.allowedControlHosts?.length
|
|
||||||
? `Browser control host allowlist: ${params.sandboxInfo.allowedControlHosts.join(", ")}`
|
|
||||||
: "",
|
|
||||||
params.sandboxInfo.allowedControlPorts?.length
|
|
||||||
? `Browser control port allowlist: ${params.sandboxInfo.allowedControlPorts.join(", ")}`
|
|
||||||
: "",
|
|
||||||
params.sandboxInfo.elevated?.allowed
|
params.sandboxInfo.elevated?.allowed
|
||||||
? "Elevated exec is available for this session."
|
? "Elevated exec is available for this session."
|
||||||
: "",
|
: "",
|
||||||
|
|||||||
@ -35,7 +35,7 @@ const BROWSER_TOOL_ACTIONS = [
|
|||||||
"act",
|
"act",
|
||||||
] as const;
|
] as const;
|
||||||
|
|
||||||
const BROWSER_TARGETS = ["sandbox", "host", "custom", "node"] as const;
|
const BROWSER_TARGETS = ["sandbox", "host", "node"] as const;
|
||||||
|
|
||||||
const BROWSER_SNAPSHOT_FORMATS = ["aria", "ai"] as const;
|
const BROWSER_SNAPSHOT_FORMATS = ["aria", "ai"] as const;
|
||||||
const BROWSER_SNAPSHOT_MODES = ["efficient"] as const;
|
const BROWSER_SNAPSHOT_MODES = ["efficient"] as const;
|
||||||
@ -86,7 +86,6 @@ export const BrowserToolSchema = Type.Object({
|
|||||||
target: optionalStringEnum(BROWSER_TARGETS),
|
target: optionalStringEnum(BROWSER_TARGETS),
|
||||||
node: Type.Optional(Type.String()),
|
node: Type.Optional(Type.String()),
|
||||||
profile: Type.Optional(Type.String()),
|
profile: Type.Optional(Type.String()),
|
||||||
controlUrl: Type.Optional(Type.String()),
|
|
||||||
targetUrl: Type.Optional(Type.String()),
|
targetUrl: Type.Optional(Type.String()),
|
||||||
targetId: Type.Optional(Type.String()),
|
targetId: Type.Optional(Type.String()),
|
||||||
limit: Type.Optional(Type.Number()),
|
limit: Type.Optional(Type.Number()),
|
||||||
|
|||||||
@ -28,23 +28,7 @@ vi.mock("../../browser/client.js", () => browserClientMocks);
|
|||||||
const browserConfigMocks = vi.hoisted(() => ({
|
const browserConfigMocks = vi.hoisted(() => ({
|
||||||
resolveBrowserConfig: vi.fn(() => ({
|
resolveBrowserConfig: vi.fn(() => ({
|
||||||
enabled: true,
|
enabled: true,
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
controlHost: "127.0.0.1",
|
|
||||||
controlPort: 18791,
|
controlPort: 18791,
|
||||||
cdpProtocol: "http",
|
|
||||||
cdpHost: "127.0.0.1",
|
|
||||||
cdpIsLoopback: true,
|
|
||||||
color: "#FF0000",
|
|
||||||
headless: true,
|
|
||||||
noSandbox: false,
|
|
||||||
attachOnly: false,
|
|
||||||
defaultProfile: "clawd",
|
|
||||||
profiles: {
|
|
||||||
clawd: {
|
|
||||||
cdpPort: 18792,
|
|
||||||
color: "#FF0000",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})),
|
})),
|
||||||
}));
|
}));
|
||||||
vi.mock("../../browser/config.js", () => browserConfigMocks);
|
vi.mock("../../browser/config.js", () => browserConfigMocks);
|
||||||
@ -99,7 +83,7 @@ describe("browser tool snapshot maxChars", () => {
|
|||||||
await tool.execute?.(null, { action: "snapshot", snapshotFormat: "ai" });
|
await tool.execute?.(null, { action: "snapshot", snapshotFormat: "ai" });
|
||||||
|
|
||||||
expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
|
expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
|
||||||
"http://127.0.0.1:18791",
|
undefined,
|
||||||
expect.objectContaining({
|
expect.objectContaining({
|
||||||
format: "ai",
|
format: "ai",
|
||||||
maxChars: DEFAULT_AI_SNAPSHOT_MAX_CHARS,
|
maxChars: DEFAULT_AI_SNAPSHOT_MAX_CHARS,
|
||||||
@ -117,7 +101,7 @@ describe("browser tool snapshot maxChars", () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
|
expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
|
||||||
"http://127.0.0.1:18791",
|
undefined,
|
||||||
expect.objectContaining({
|
expect.objectContaining({
|
||||||
maxChars: override,
|
maxChars: override,
|
||||||
}),
|
}),
|
||||||
@ -141,7 +125,7 @@ describe("browser tool snapshot maxChars", () => {
|
|||||||
const tool = createBrowserTool();
|
const tool = createBrowserTool();
|
||||||
await tool.execute?.(null, { action: "profiles" });
|
await tool.execute?.(null, { action: "profiles" });
|
||||||
|
|
||||||
expect(browserClientMocks.browserProfiles).toHaveBeenCalledWith("http://127.0.0.1:18791");
|
expect(browserClientMocks.browserProfiles).toHaveBeenCalledWith(undefined);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("passes refs mode through to browser snapshot", async () => {
|
it("passes refs mode through to browser snapshot", async () => {
|
||||||
@ -149,7 +133,7 @@ describe("browser tool snapshot maxChars", () => {
|
|||||||
await tool.execute?.(null, { action: "snapshot", snapshotFormat: "ai", refs: "aria" });
|
await tool.execute?.(null, { action: "snapshot", snapshotFormat: "ai", refs: "aria" });
|
||||||
|
|
||||||
expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
|
expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
|
||||||
"http://127.0.0.1:18791",
|
undefined,
|
||||||
expect.objectContaining({
|
expect.objectContaining({
|
||||||
format: "ai",
|
format: "ai",
|
||||||
refs: "aria",
|
refs: "aria",
|
||||||
@ -165,7 +149,7 @@ describe("browser tool snapshot maxChars", () => {
|
|||||||
await tool.execute?.(null, { action: "snapshot", snapshotFormat: "ai" });
|
await tool.execute?.(null, { action: "snapshot", snapshotFormat: "ai" });
|
||||||
|
|
||||||
expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
|
expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
|
||||||
"http://127.0.0.1:18791",
|
undefined,
|
||||||
expect.objectContaining({
|
expect.objectContaining({
|
||||||
mode: "efficient",
|
mode: "efficient",
|
||||||
}),
|
}),
|
||||||
@ -185,11 +169,11 @@ describe("browser tool snapshot maxChars", () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
it("defaults to host when using profile=chrome (even in sandboxed sessions)", async () => {
|
it("defaults to host when using profile=chrome (even in sandboxed sessions)", async () => {
|
||||||
const tool = createBrowserTool({ defaultControlUrl: "http://127.0.0.1:9999" });
|
const tool = createBrowserTool({ sandboxBridgeUrl: "http://127.0.0.1:9999" });
|
||||||
await tool.execute?.(null, { action: "snapshot", profile: "chrome", snapshotFormat: "ai" });
|
await tool.execute?.(null, { action: "snapshot", profile: "chrome", snapshotFormat: "ai" });
|
||||||
|
|
||||||
expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
|
expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
|
||||||
"http://127.0.0.1:18791",
|
undefined,
|
||||||
expect.objectContaining({
|
expect.objectContaining({
|
||||||
profile: "chrome",
|
profile: "chrome",
|
||||||
}),
|
}),
|
||||||
@ -220,7 +204,7 @@ describe("browser tool snapshot maxChars", () => {
|
|||||||
expect(browserClientMocks.browserStatus).not.toHaveBeenCalled();
|
expect(browserClientMocks.browserStatus).not.toHaveBeenCalled();
|
||||||
});
|
});
|
||||||
|
|
||||||
it("keeps sandbox control url when node proxy is available", async () => {
|
it("keeps sandbox bridge url when node proxy is available", async () => {
|
||||||
nodesUtilsMocks.listNodes.mockResolvedValue([
|
nodesUtilsMocks.listNodes.mockResolvedValue([
|
||||||
{
|
{
|
||||||
nodeId: "node-1",
|
nodeId: "node-1",
|
||||||
@ -230,7 +214,7 @@ describe("browser tool snapshot maxChars", () => {
|
|||||||
commands: ["browser.proxy"],
|
commands: ["browser.proxy"],
|
||||||
},
|
},
|
||||||
]);
|
]);
|
||||||
const tool = createBrowserTool({ defaultControlUrl: "http://127.0.0.1:9999" });
|
const tool = createBrowserTool({ sandboxBridgeUrl: "http://127.0.0.1:9999" });
|
||||||
await tool.execute?.(null, { action: "status" });
|
await tool.execute?.(null, { action: "status" });
|
||||||
|
|
||||||
expect(browserClientMocks.browserStatus).toHaveBeenCalledWith(
|
expect(browserClientMocks.browserStatus).toHaveBeenCalledWith(
|
||||||
@ -254,7 +238,7 @@ describe("browser tool snapshot maxChars", () => {
|
|||||||
await tool.execute?.(null, { action: "status", profile: "chrome" });
|
await tool.execute?.(null, { action: "status", profile: "chrome" });
|
||||||
|
|
||||||
expect(browserClientMocks.browserStatus).toHaveBeenCalledWith(
|
expect(browserClientMocks.browserStatus).toHaveBeenCalledWith(
|
||||||
"http://127.0.0.1:18791",
|
undefined,
|
||||||
expect.objectContaining({ profile: "chrome" }),
|
expect.objectContaining({ profile: "chrome" }),
|
||||||
);
|
);
|
||||||
expect(gatewayMocks.callGatewayTool).not.toHaveBeenCalled();
|
expect(gatewayMocks.callGatewayTool).not.toHaveBeenCalled();
|
||||||
|
|||||||
@ -55,9 +55,8 @@ function isBrowserNode(node: NodeListNode) {
|
|||||||
|
|
||||||
async function resolveBrowserNodeTarget(params: {
|
async function resolveBrowserNodeTarget(params: {
|
||||||
requestedNode?: string;
|
requestedNode?: string;
|
||||||
target?: "sandbox" | "host" | "custom" | "node";
|
target?: "sandbox" | "host" | "node";
|
||||||
controlUrl?: string;
|
sandboxBridgeUrl?: string;
|
||||||
defaultControlUrl?: string;
|
|
||||||
}): Promise<BrowserNodeTarget | null> {
|
}): Promise<BrowserNodeTarget | null> {
|
||||||
const cfg = loadConfig();
|
const cfg = loadConfig();
|
||||||
const policy = cfg.gateway?.nodes?.browser;
|
const policy = cfg.gateway?.nodes?.browser;
|
||||||
@ -68,10 +67,9 @@ async function resolveBrowserNodeTarget(params: {
|
|||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (params.defaultControlUrl?.trim() && params.target !== "node" && !params.requestedNode) {
|
if (params.sandboxBridgeUrl?.trim() && params.target !== "node" && !params.requestedNode) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (params.controlUrl?.trim()) return null;
|
|
||||||
if (params.target && params.target !== "node") return null;
|
if (params.target && params.target !== "node") return null;
|
||||||
if (mode === "manual" && params.target !== "node" && !params.requestedNode) {
|
if (mode === "manual" && params.target !== "node" && !params.requestedNode) {
|
||||||
return null;
|
return null;
|
||||||
@ -187,70 +185,22 @@ function applyProxyPaths(result: unknown, mapping: Map<string, string>) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function resolveBrowserBaseUrl(params: {
|
function resolveBrowserBaseUrl(params: {
|
||||||
target?: "sandbox" | "host" | "custom";
|
target?: "sandbox" | "host";
|
||||||
controlUrl?: string;
|
sandboxBridgeUrl?: string;
|
||||||
defaultControlUrl?: string;
|
|
||||||
allowHostControl?: boolean;
|
allowHostControl?: boolean;
|
||||||
allowedControlUrls?: string[];
|
}): string | undefined {
|
||||||
allowedControlHosts?: string[];
|
|
||||||
allowedControlPorts?: number[];
|
|
||||||
}) {
|
|
||||||
const cfg = loadConfig();
|
const cfg = loadConfig();
|
||||||
const resolved = resolveBrowserConfig(cfg.browser);
|
const resolved = resolveBrowserConfig(cfg.browser, cfg);
|
||||||
const normalizedControlUrl = params.controlUrl?.trim() ?? "";
|
const normalizedSandbox = params.sandboxBridgeUrl?.trim() ?? "";
|
||||||
const normalizedDefault = params.defaultControlUrl?.trim() ?? "";
|
const target = params.target ?? (normalizedSandbox ? "sandbox" : "host");
|
||||||
const target =
|
|
||||||
params.target ?? (normalizedControlUrl ? "custom" : normalizedDefault ? "sandbox" : "host");
|
|
||||||
|
|
||||||
const assertAllowedControlUrl = (url: string) => {
|
|
||||||
const allowedUrls = params.allowedControlUrls?.map((entry) => entry.trim().replace(/\/$/, ""));
|
|
||||||
const allowedHosts = params.allowedControlHosts?.map((entry) => entry.trim().toLowerCase());
|
|
||||||
const allowedPorts = params.allowedControlPorts;
|
|
||||||
if (!allowedUrls?.length && !allowedHosts?.length && !allowedPorts?.length) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
let parsed: URL;
|
|
||||||
try {
|
|
||||||
parsed = new URL(url);
|
|
||||||
} catch {
|
|
||||||
throw new Error(`Invalid browser controlUrl: ${url}`);
|
|
||||||
}
|
|
||||||
const normalizedUrl = parsed.toString().replace(/\/$/, "");
|
|
||||||
if (allowedUrls?.length && !allowedUrls.includes(normalizedUrl)) {
|
|
||||||
throw new Error("Browser controlUrl is not in the allowed URL list.");
|
|
||||||
}
|
|
||||||
if (allowedHosts?.length && !allowedHosts.includes(parsed.hostname)) {
|
|
||||||
throw new Error("Browser controlUrl hostname is not in the allowed host list.");
|
|
||||||
}
|
|
||||||
if (allowedPorts?.length) {
|
|
||||||
const port =
|
|
||||||
parsed.port?.trim() !== "" ? Number(parsed.port) : parsed.protocol === "https:" ? 443 : 80;
|
|
||||||
if (!Number.isFinite(port) || !allowedPorts.includes(port)) {
|
|
||||||
throw new Error("Browser controlUrl port is not in the allowed port list.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
if (target !== "custom" && params.target && normalizedControlUrl) {
|
|
||||||
throw new Error('controlUrl is only supported with target="custom".');
|
|
||||||
}
|
|
||||||
|
|
||||||
if (target === "custom") {
|
|
||||||
if (!normalizedControlUrl) {
|
|
||||||
throw new Error("Custom browser target requires controlUrl.");
|
|
||||||
}
|
|
||||||
const normalized = normalizedControlUrl.replace(/\/$/, "");
|
|
||||||
assertAllowedControlUrl(normalized);
|
|
||||||
return normalized;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (target === "sandbox") {
|
if (target === "sandbox") {
|
||||||
if (!normalizedDefault) {
|
if (!normalizedSandbox) {
|
||||||
throw new Error(
|
throw new Error(
|
||||||
'Sandbox browser is unavailable. Enable agents.defaults.sandbox.browser.enabled or use target="host" if allowed.',
|
'Sandbox browser is unavailable. Enable agents.defaults.sandbox.browser.enabled or use target="host" if allowed.',
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
return normalizedDefault.replace(/\/$/, "");
|
return normalizedSandbox.replace(/\/$/, "");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (params.allowHostControl === false) {
|
if (params.allowHostControl === false) {
|
||||||
@ -261,27 +211,16 @@ function resolveBrowserBaseUrl(params: {
|
|||||||
"Browser control is disabled. Set browser.enabled=true in ~/.clawdbot/clawdbot.json.",
|
"Browser control is disabled. Set browser.enabled=true in ~/.clawdbot/clawdbot.json.",
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
const normalized = resolved.controlUrl.replace(/\/$/, "");
|
return undefined;
|
||||||
assertAllowedControlUrl(normalized);
|
|
||||||
return normalized;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
export function createBrowserTool(opts?: {
|
export function createBrowserTool(opts?: {
|
||||||
defaultControlUrl?: string;
|
sandboxBridgeUrl?: string;
|
||||||
allowHostControl?: boolean;
|
allowHostControl?: boolean;
|
||||||
allowedControlUrls?: string[];
|
|
||||||
allowedControlHosts?: string[];
|
|
||||||
allowedControlPorts?: number[];
|
|
||||||
}): AnyAgentTool {
|
}): AnyAgentTool {
|
||||||
const targetDefault = opts?.defaultControlUrl ? "sandbox" : "host";
|
const targetDefault = opts?.sandboxBridgeUrl ? "sandbox" : "host";
|
||||||
const hostHint =
|
const hostHint =
|
||||||
opts?.allowHostControl === false ? "Host target blocked by policy." : "Host target allowed.";
|
opts?.allowHostControl === false ? "Host target blocked by policy." : "Host target allowed.";
|
||||||
const allowlistHint =
|
|
||||||
opts?.allowedControlUrls?.length ||
|
|
||||||
opts?.allowedControlHosts?.length ||
|
|
||||||
opts?.allowedControlPorts?.length
|
|
||||||
? "Custom targets are restricted by sandbox allowlists."
|
|
||||||
: "Custom targets are unrestricted.";
|
|
||||||
return {
|
return {
|
||||||
label: "Browser",
|
label: "Browser",
|
||||||
name: "browser",
|
name: "browser",
|
||||||
@ -294,33 +233,22 @@ export function createBrowserTool(opts?: {
|
|||||||
"When using refs from snapshot (e.g. e12), keep the same tab: prefer passing targetId from the snapshot response into subsequent actions (act/click/type/etc).",
|
"When using refs from snapshot (e.g. e12), keep the same tab: prefer passing targetId from the snapshot response into subsequent actions (act/click/type/etc).",
|
||||||
'For stable, self-resolving refs across calls, use snapshot with refs="aria" (Playwright aria-ref ids). Default refs="role" are role+name-based.',
|
'For stable, self-resolving refs across calls, use snapshot with refs="aria" (Playwright aria-ref ids). Default refs="role" are role+name-based.',
|
||||||
"Use snapshot+act for UI automation. Avoid act:wait by default; use only in exceptional cases when no reliable UI state exists.",
|
"Use snapshot+act for UI automation. Avoid act:wait by default; use only in exceptional cases when no reliable UI state exists.",
|
||||||
`target selects browser location (sandbox|host|custom|node). Default: ${targetDefault}.`,
|
`target selects browser location (sandbox|host|node). Default: ${targetDefault}.`,
|
||||||
"controlUrl implies target=custom (remote control server).",
|
|
||||||
hostHint,
|
hostHint,
|
||||||
allowlistHint,
|
|
||||||
].join(" "),
|
].join(" "),
|
||||||
parameters: BrowserToolSchema,
|
parameters: BrowserToolSchema,
|
||||||
execute: async (_toolCallId, args) => {
|
execute: async (_toolCallId, args) => {
|
||||||
const params = args as Record<string, unknown>;
|
const params = args as Record<string, unknown>;
|
||||||
const action = readStringParam(params, "action", { required: true });
|
const action = readStringParam(params, "action", { required: true });
|
||||||
const controlUrl = readStringParam(params, "controlUrl");
|
|
||||||
const profile = readStringParam(params, "profile");
|
const profile = readStringParam(params, "profile");
|
||||||
const requestedNode = readStringParam(params, "node");
|
const requestedNode = readStringParam(params, "node");
|
||||||
let target = readStringParam(params, "target") as
|
let target = readStringParam(params, "target") as "sandbox" | "host" | "node" | undefined;
|
||||||
| "sandbox"
|
|
||||||
| "host"
|
|
||||||
| "custom"
|
|
||||||
| "node"
|
|
||||||
| undefined;
|
|
||||||
|
|
||||||
if (controlUrl?.trim() && (target === "node" || requestedNode)) {
|
if (requestedNode && target && target !== "node") {
|
||||||
throw new Error('controlUrl is not supported with target="node".');
|
throw new Error('node is only supported with target="node".');
|
||||||
}
|
|
||||||
if (target === "custom" && requestedNode) {
|
|
||||||
throw new Error('node is not supported with target="custom".');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!target && !controlUrl?.trim() && !requestedNode && profile === "chrome") {
|
if (!target && !requestedNode && profile === "chrome") {
|
||||||
// Chrome extension relay takeover is a host Chrome feature; prefer host unless explicitly targeting a node.
|
// Chrome extension relay takeover is a host Chrome feature; prefer host unless explicitly targeting a node.
|
||||||
target = "host";
|
target = "host";
|
||||||
}
|
}
|
||||||
@ -328,21 +256,16 @@ export function createBrowserTool(opts?: {
|
|||||||
const nodeTarget = await resolveBrowserNodeTarget({
|
const nodeTarget = await resolveBrowserNodeTarget({
|
||||||
requestedNode: requestedNode ?? undefined,
|
requestedNode: requestedNode ?? undefined,
|
||||||
target,
|
target,
|
||||||
controlUrl,
|
sandboxBridgeUrl: opts?.sandboxBridgeUrl,
|
||||||
defaultControlUrl: opts?.defaultControlUrl,
|
|
||||||
});
|
});
|
||||||
|
|
||||||
const resolvedTarget = target === "node" ? undefined : target;
|
const resolvedTarget = target === "node" ? undefined : target;
|
||||||
const baseUrl = nodeTarget
|
const baseUrl = nodeTarget
|
||||||
? ""
|
? undefined
|
||||||
: resolveBrowserBaseUrl({
|
: resolveBrowserBaseUrl({
|
||||||
target: resolvedTarget,
|
target: resolvedTarget,
|
||||||
controlUrl,
|
sandboxBridgeUrl: opts?.sandboxBridgeUrl,
|
||||||
defaultControlUrl: opts?.defaultControlUrl,
|
|
||||||
allowHostControl: opts?.allowHostControl,
|
allowHostControl: opts?.allowHostControl,
|
||||||
allowedControlUrls: opts?.allowedControlUrls,
|
|
||||||
allowedControlHosts: opts?.allowedControlHosts,
|
|
||||||
allowedControlPorts: opts?.allowedControlPorts,
|
|
||||||
});
|
});
|
||||||
|
|
||||||
const proxyRequest = nodeTarget
|
const proxyRequest = nodeTarget
|
||||||
|
|||||||
@ -138,6 +138,7 @@ export async function runAgentTurnWithFallback(params: {
|
|||||||
cfg: params.followupRun.run.config,
|
cfg: params.followupRun.run.config,
|
||||||
provider: params.followupRun.run.provider,
|
provider: params.followupRun.run.provider,
|
||||||
model: params.followupRun.run.model,
|
model: params.followupRun.run.model,
|
||||||
|
agentDir: params.followupRun.run.agentDir,
|
||||||
fallbacksOverride: resolveAgentModelFallbacksOverride(
|
fallbacksOverride: resolveAgentModelFallbacksOverride(
|
||||||
params.followupRun.run.config,
|
params.followupRun.run.config,
|
||||||
resolveAgentIdFromSessionKey(params.followupRun.run.sessionKey),
|
resolveAgentIdFromSessionKey(params.followupRun.run.sessionKey),
|
||||||
@ -231,6 +232,10 @@ export async function runAgentTurnWithFallback(params: {
|
|||||||
groupChannel:
|
groupChannel:
|
||||||
params.sessionCtx.GroupChannel?.trim() ?? params.sessionCtx.GroupSubject?.trim(),
|
params.sessionCtx.GroupChannel?.trim() ?? params.sessionCtx.GroupSubject?.trim(),
|
||||||
groupSpace: params.sessionCtx.GroupSpace?.trim() ?? undefined,
|
groupSpace: params.sessionCtx.GroupSpace?.trim() ?? undefined,
|
||||||
|
senderId: params.sessionCtx.SenderId?.trim() || undefined,
|
||||||
|
senderName: params.sessionCtx.SenderName?.trim() || undefined,
|
||||||
|
senderUsername: params.sessionCtx.SenderUsername?.trim() || undefined,
|
||||||
|
senderE164: params.sessionCtx.SenderE164?.trim() || undefined,
|
||||||
// Provider threading context for tool auto-injection
|
// Provider threading context for tool auto-injection
|
||||||
...buildThreadingToolContext({
|
...buildThreadingToolContext({
|
||||||
sessionCtx: params.sessionCtx,
|
sessionCtx: params.sessionCtx,
|
||||||
|
|||||||
@ -92,6 +92,7 @@ export async function runMemoryFlushIfNeeded(params: {
|
|||||||
cfg: params.followupRun.run.config,
|
cfg: params.followupRun.run.config,
|
||||||
provider: params.followupRun.run.provider,
|
provider: params.followupRun.run.provider,
|
||||||
model: params.followupRun.run.model,
|
model: params.followupRun.run.model,
|
||||||
|
agentDir: params.followupRun.run.agentDir,
|
||||||
fallbacksOverride: resolveAgentModelFallbacksOverride(
|
fallbacksOverride: resolveAgentModelFallbacksOverride(
|
||||||
params.followupRun.run.config,
|
params.followupRun.run.config,
|
||||||
resolveAgentIdFromSessionKey(params.followupRun.run.sessionKey),
|
resolveAgentIdFromSessionKey(params.followupRun.run.sessionKey),
|
||||||
@ -114,6 +115,10 @@ export async function runMemoryFlushIfNeeded(params: {
|
|||||||
config: params.followupRun.run.config,
|
config: params.followupRun.run.config,
|
||||||
hasRepliedRef: params.opts?.hasRepliedRef,
|
hasRepliedRef: params.opts?.hasRepliedRef,
|
||||||
}),
|
}),
|
||||||
|
senderId: params.sessionCtx.SenderId?.trim() || undefined,
|
||||||
|
senderName: params.sessionCtx.SenderName?.trim() || undefined,
|
||||||
|
senderUsername: params.sessionCtx.SenderUsername?.trim() || undefined,
|
||||||
|
senderE164: params.sessionCtx.SenderE164?.trim() || undefined,
|
||||||
sessionFile: params.followupRun.run.sessionFile,
|
sessionFile: params.followupRun.run.sessionFile,
|
||||||
workspaceDir: params.followupRun.run.workspaceDir,
|
workspaceDir: params.followupRun.run.workspaceDir,
|
||||||
agentDir: params.followupRun.run.agentDir,
|
agentDir: params.followupRun.run.agentDir,
|
||||||
|
|||||||
@ -129,6 +129,7 @@ export function createFollowupRunner(params: {
|
|||||||
cfg: queued.run.config,
|
cfg: queued.run.config,
|
||||||
provider: queued.run.provider,
|
provider: queued.run.provider,
|
||||||
model: queued.run.model,
|
model: queued.run.model,
|
||||||
|
agentDir: queued.run.agentDir,
|
||||||
fallbacksOverride: resolveAgentModelFallbacksOverride(
|
fallbacksOverride: resolveAgentModelFallbacksOverride(
|
||||||
queued.run.config,
|
queued.run.config,
|
||||||
resolveAgentIdFromSessionKey(queued.run.sessionKey),
|
resolveAgentIdFromSessionKey(queued.run.sessionKey),
|
||||||
@ -146,6 +147,10 @@ export function createFollowupRunner(params: {
|
|||||||
groupId: queued.run.groupId,
|
groupId: queued.run.groupId,
|
||||||
groupChannel: queued.run.groupChannel,
|
groupChannel: queued.run.groupChannel,
|
||||||
groupSpace: queued.run.groupSpace,
|
groupSpace: queued.run.groupSpace,
|
||||||
|
senderId: queued.run.senderId,
|
||||||
|
senderName: queued.run.senderName,
|
||||||
|
senderUsername: queued.run.senderUsername,
|
||||||
|
senderE164: queued.run.senderE164,
|
||||||
sessionFile: queued.run.sessionFile,
|
sessionFile: queued.run.sessionFile,
|
||||||
workspaceDir: queued.run.workspaceDir,
|
workspaceDir: queued.run.workspaceDir,
|
||||||
config: queued.run.config,
|
config: queued.run.config,
|
||||||
|
|||||||
@ -370,6 +370,10 @@ export async function runPreparedReply(
|
|||||||
groupId: resolveGroupSessionKey(sessionCtx)?.id ?? undefined,
|
groupId: resolveGroupSessionKey(sessionCtx)?.id ?? undefined,
|
||||||
groupChannel: sessionCtx.GroupChannel?.trim() ?? sessionCtx.GroupSubject?.trim(),
|
groupChannel: sessionCtx.GroupChannel?.trim() ?? sessionCtx.GroupSubject?.trim(),
|
||||||
groupSpace: sessionCtx.GroupSpace?.trim() ?? undefined,
|
groupSpace: sessionCtx.GroupSpace?.trim() ?? undefined,
|
||||||
|
senderId: sessionCtx.SenderId?.trim() || undefined,
|
||||||
|
senderName: sessionCtx.SenderName?.trim() || undefined,
|
||||||
|
senderUsername: sessionCtx.SenderUsername?.trim() || undefined,
|
||||||
|
senderE164: sessionCtx.SenderE164?.trim() || undefined,
|
||||||
sessionFile,
|
sessionFile,
|
||||||
workspaceDir,
|
workspaceDir,
|
||||||
config: cfg,
|
config: cfg,
|
||||||
|
|||||||
@ -51,6 +51,10 @@ export type FollowupRun = {
|
|||||||
groupId?: string;
|
groupId?: string;
|
||||||
groupChannel?: string;
|
groupChannel?: string;
|
||||||
groupSpace?: string;
|
groupSpace?: string;
|
||||||
|
senderId?: string;
|
||||||
|
senderName?: string;
|
||||||
|
senderUsername?: string;
|
||||||
|
senderE164?: string;
|
||||||
sessionFile: string;
|
sessionFile: string;
|
||||||
workspaceDir: string;
|
workspaceDir: string;
|
||||||
config: ClawdbotConfig;
|
config: ClawdbotConfig;
|
||||||
|
|||||||
@ -4,6 +4,7 @@ import express from "express";
|
|||||||
|
|
||||||
import type { ResolvedBrowserConfig } from "./config.js";
|
import type { ResolvedBrowserConfig } from "./config.js";
|
||||||
import { registerBrowserRoutes } from "./routes/index.js";
|
import { registerBrowserRoutes } from "./routes/index.js";
|
||||||
|
import type { BrowserRouteRegistrar } from "./routes/types.js";
|
||||||
import {
|
import {
|
||||||
type BrowserServerState,
|
type BrowserServerState,
|
||||||
createBrowserRouteContext,
|
createBrowserRouteContext,
|
||||||
@ -50,7 +51,7 @@ export async function startBrowserBridgeServer(params: {
|
|||||||
getState: () => state,
|
getState: () => state,
|
||||||
onEnsureAttachTarget: params.onEnsureAttachTarget,
|
onEnsureAttachTarget: params.onEnsureAttachTarget,
|
||||||
});
|
});
|
||||||
registerBrowserRoutes(app, ctx);
|
registerBrowserRoutes(app as unknown as BrowserRouteRegistrar, ctx);
|
||||||
|
|
||||||
const server = await new Promise<Server>((resolve, reject) => {
|
const server = await new Promise<Server>((resolve, reject) => {
|
||||||
const s = app.listen(port, host, () => resolve(s));
|
const s = app.listen(port, host, () => resolve(s));
|
||||||
@ -61,11 +62,9 @@ export async function startBrowserBridgeServer(params: {
|
|||||||
const resolvedPort = address?.port ?? port;
|
const resolvedPort = address?.port ?? port;
|
||||||
state.server = server;
|
state.server = server;
|
||||||
state.port = resolvedPort;
|
state.port = resolvedPort;
|
||||||
state.resolved.controlHost = host;
|
|
||||||
state.resolved.controlPort = resolvedPort;
|
state.resolved.controlPort = resolvedPort;
|
||||||
state.resolved.controlUrl = `http://${host}:${resolvedPort}`;
|
|
||||||
|
|
||||||
const baseUrl = state.resolved.controlUrl;
|
const baseUrl = `http://${host}:${resolvedPort}`;
|
||||||
return { server, port: resolvedPort, baseUrl, state };
|
return { server, port: resolvedPort, baseUrl, state };
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -9,6 +9,12 @@ function buildProfileQuery(profile?: string): string {
|
|||||||
return profile ? `?profile=${encodeURIComponent(profile)}` : "";
|
return profile ? `?profile=${encodeURIComponent(profile)}` : "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function withBaseUrl(baseUrl: string | undefined, path: string): string {
|
||||||
|
const trimmed = baseUrl?.trim();
|
||||||
|
if (!trimmed) return path;
|
||||||
|
return `${trimmed.replace(/\/$/, "")}${path}`;
|
||||||
|
}
|
||||||
|
|
||||||
export type BrowserFormField = {
|
export type BrowserFormField = {
|
||||||
ref: string;
|
ref: string;
|
||||||
type: string;
|
type: string;
|
||||||
@ -92,11 +98,15 @@ export type BrowserDownloadPayload = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
export async function browserNavigate(
|
export async function browserNavigate(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { url: string; targetId?: string; profile?: string },
|
opts: {
|
||||||
|
url: string;
|
||||||
|
targetId?: string;
|
||||||
|
profile?: string;
|
||||||
|
},
|
||||||
): Promise<BrowserActionTabResult> {
|
): Promise<BrowserActionTabResult> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTabResult>(`${baseUrl}/navigate${q}`, {
|
return await fetchBrowserJson<BrowserActionTabResult>(withBaseUrl(baseUrl, `/navigate${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ url: opts.url, targetId: opts.targetId }),
|
body: JSON.stringify({ url: opts.url, targetId: opts.targetId }),
|
||||||
@ -105,7 +115,7 @@ export async function browserNavigate(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserArmDialog(
|
export async function browserArmDialog(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
accept: boolean;
|
accept: boolean;
|
||||||
promptText?: string;
|
promptText?: string;
|
||||||
@ -115,7 +125,7 @@ export async function browserArmDialog(
|
|||||||
},
|
},
|
||||||
): Promise<BrowserActionOk> {
|
): Promise<BrowserActionOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionOk>(`${baseUrl}/hooks/dialog${q}`, {
|
return await fetchBrowserJson<BrowserActionOk>(withBaseUrl(baseUrl, `/hooks/dialog${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -129,7 +139,7 @@ export async function browserArmDialog(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserArmFileChooser(
|
export async function browserArmFileChooser(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
paths: string[];
|
paths: string[];
|
||||||
ref?: string;
|
ref?: string;
|
||||||
@ -141,7 +151,7 @@ export async function browserArmFileChooser(
|
|||||||
},
|
},
|
||||||
): Promise<BrowserActionOk> {
|
): Promise<BrowserActionOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionOk>(`${baseUrl}/hooks/file-chooser${q}`, {
|
return await fetchBrowserJson<BrowserActionOk>(withBaseUrl(baseUrl, `/hooks/file-chooser${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -157,7 +167,7 @@ export async function browserArmFileChooser(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserWaitForDownload(
|
export async function browserWaitForDownload(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
path?: string;
|
path?: string;
|
||||||
targetId?: string;
|
targetId?: string;
|
||||||
@ -170,7 +180,7 @@ export async function browserWaitForDownload(
|
|||||||
ok: true;
|
ok: true;
|
||||||
targetId: string;
|
targetId: string;
|
||||||
download: BrowserDownloadPayload;
|
download: BrowserDownloadPayload;
|
||||||
}>(`${baseUrl}/wait/download${q}`, {
|
}>(withBaseUrl(baseUrl, `/wait/download${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -183,7 +193,7 @@ export async function browserWaitForDownload(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserDownload(
|
export async function browserDownload(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
ref: string;
|
ref: string;
|
||||||
path: string;
|
path: string;
|
||||||
@ -197,7 +207,7 @@ export async function browserDownload(
|
|||||||
ok: true;
|
ok: true;
|
||||||
targetId: string;
|
targetId: string;
|
||||||
download: BrowserDownloadPayload;
|
download: BrowserDownloadPayload;
|
||||||
}>(`${baseUrl}/download${q}`, {
|
}>(withBaseUrl(baseUrl, `/download${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -211,12 +221,12 @@ export async function browserDownload(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserAct(
|
export async function browserAct(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
req: BrowserActRequest,
|
req: BrowserActRequest,
|
||||||
opts?: { profile?: string },
|
opts?: { profile?: string },
|
||||||
): Promise<BrowserActResponse> {
|
): Promise<BrowserActResponse> {
|
||||||
const q = buildProfileQuery(opts?.profile);
|
const q = buildProfileQuery(opts?.profile);
|
||||||
return await fetchBrowserJson<BrowserActResponse>(`${baseUrl}/act${q}`, {
|
return await fetchBrowserJson<BrowserActResponse>(withBaseUrl(baseUrl, `/act${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify(req),
|
body: JSON.stringify(req),
|
||||||
@ -225,7 +235,7 @@ export async function browserAct(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserScreenshotAction(
|
export async function browserScreenshotAction(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
targetId?: string;
|
targetId?: string;
|
||||||
fullPage?: boolean;
|
fullPage?: boolean;
|
||||||
@ -236,7 +246,7 @@ export async function browserScreenshotAction(
|
|||||||
},
|
},
|
||||||
): Promise<BrowserActionPathResult> {
|
): Promise<BrowserActionPathResult> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionPathResult>(`${baseUrl}/screenshot${q}`, {
|
return await fetchBrowserJson<BrowserActionPathResult>(withBaseUrl(baseUrl, `/screenshot${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
|
|||||||
@ -10,8 +10,14 @@ function buildProfileQuery(profile?: string): string {
|
|||||||
return profile ? `?profile=${encodeURIComponent(profile)}` : "";
|
return profile ? `?profile=${encodeURIComponent(profile)}` : "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function withBaseUrl(baseUrl: string | undefined, path: string): string {
|
||||||
|
const trimmed = baseUrl?.trim();
|
||||||
|
if (!trimmed) return path;
|
||||||
|
return `${trimmed.replace(/\/$/, "")}${path}`;
|
||||||
|
}
|
||||||
|
|
||||||
export async function browserConsoleMessages(
|
export async function browserConsoleMessages(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { level?: string; targetId?: string; profile?: string } = {},
|
opts: { level?: string; targetId?: string; profile?: string } = {},
|
||||||
): Promise<{ ok: true; messages: BrowserConsoleMessage[]; targetId: string }> {
|
): Promise<{ ok: true; messages: BrowserConsoleMessage[]; targetId: string }> {
|
||||||
const q = new URLSearchParams();
|
const q = new URLSearchParams();
|
||||||
@ -23,15 +29,15 @@ export async function browserConsoleMessages(
|
|||||||
ok: true;
|
ok: true;
|
||||||
messages: BrowserConsoleMessage[];
|
messages: BrowserConsoleMessage[];
|
||||||
targetId: string;
|
targetId: string;
|
||||||
}>(`${baseUrl}/console${suffix}`, { timeoutMs: 20000 });
|
}>(withBaseUrl(baseUrl, `/console${suffix}`), { timeoutMs: 20000 });
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserPdfSave(
|
export async function browserPdfSave(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { targetId?: string; profile?: string } = {},
|
opts: { targetId?: string; profile?: string } = {},
|
||||||
): Promise<BrowserActionPathResult> {
|
): Promise<BrowserActionPathResult> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionPathResult>(`${baseUrl}/pdf${q}`, {
|
return await fetchBrowserJson<BrowserActionPathResult>(withBaseUrl(baseUrl, `/pdf${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ targetId: opts.targetId }),
|
body: JSON.stringify({ targetId: opts.targetId }),
|
||||||
@ -40,7 +46,7 @@ export async function browserPdfSave(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserPageErrors(
|
export async function browserPageErrors(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { targetId?: string; clear?: boolean; profile?: string } = {},
|
opts: { targetId?: string; clear?: boolean; profile?: string } = {},
|
||||||
): Promise<{ ok: true; targetId: string; errors: BrowserPageError[] }> {
|
): Promise<{ ok: true; targetId: string; errors: BrowserPageError[] }> {
|
||||||
const q = new URLSearchParams();
|
const q = new URLSearchParams();
|
||||||
@ -52,11 +58,11 @@ export async function browserPageErrors(
|
|||||||
ok: true;
|
ok: true;
|
||||||
targetId: string;
|
targetId: string;
|
||||||
errors: BrowserPageError[];
|
errors: BrowserPageError[];
|
||||||
}>(`${baseUrl}/errors${suffix}`, { timeoutMs: 20000 });
|
}>(withBaseUrl(baseUrl, `/errors${suffix}`), { timeoutMs: 20000 });
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserRequests(
|
export async function browserRequests(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
targetId?: string;
|
targetId?: string;
|
||||||
filter?: string;
|
filter?: string;
|
||||||
@ -74,11 +80,11 @@ export async function browserRequests(
|
|||||||
ok: true;
|
ok: true;
|
||||||
targetId: string;
|
targetId: string;
|
||||||
requests: BrowserNetworkRequest[];
|
requests: BrowserNetworkRequest[];
|
||||||
}>(`${baseUrl}/requests${suffix}`, { timeoutMs: 20000 });
|
}>(withBaseUrl(baseUrl, `/requests${suffix}`), { timeoutMs: 20000 });
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserTraceStart(
|
export async function browserTraceStart(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
targetId?: string;
|
targetId?: string;
|
||||||
screenshots?: boolean;
|
screenshots?: boolean;
|
||||||
@ -88,7 +94,7 @@ export async function browserTraceStart(
|
|||||||
} = {},
|
} = {},
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/trace/start${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/trace/start${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -102,11 +108,11 @@ export async function browserTraceStart(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserTraceStop(
|
export async function browserTraceStop(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { targetId?: string; path?: string; profile?: string } = {},
|
opts: { targetId?: string; path?: string; profile?: string } = {},
|
||||||
): Promise<BrowserActionPathResult> {
|
): Promise<BrowserActionPathResult> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionPathResult>(`${baseUrl}/trace/stop${q}`, {
|
return await fetchBrowserJson<BrowserActionPathResult>(withBaseUrl(baseUrl, `/trace/stop${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ targetId: opts.targetId, path: opts.path }),
|
body: JSON.stringify({ targetId: opts.targetId, path: opts.path }),
|
||||||
@ -115,11 +121,11 @@ export async function browserTraceStop(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserHighlight(
|
export async function browserHighlight(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { ref: string; targetId?: string; profile?: string },
|
opts: { ref: string; targetId?: string; profile?: string },
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/highlight${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/highlight${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ targetId: opts.targetId, ref: opts.ref }),
|
body: JSON.stringify({ targetId: opts.targetId, ref: opts.ref }),
|
||||||
@ -128,7 +134,7 @@ export async function browserHighlight(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserResponseBody(
|
export async function browserResponseBody(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
url: string;
|
url: string;
|
||||||
targetId?: string;
|
targetId?: string;
|
||||||
@ -158,7 +164,7 @@ export async function browserResponseBody(
|
|||||||
body: string;
|
body: string;
|
||||||
truncated?: boolean;
|
truncated?: boolean;
|
||||||
};
|
};
|
||||||
}>(`${baseUrl}/response/body${q}`, {
|
}>(withBaseUrl(baseUrl, `/response/body${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
|
|||||||
@ -5,8 +5,14 @@ function buildProfileQuery(profile?: string): string {
|
|||||||
return profile ? `?profile=${encodeURIComponent(profile)}` : "";
|
return profile ? `?profile=${encodeURIComponent(profile)}` : "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function withBaseUrl(baseUrl: string | undefined, path: string): string {
|
||||||
|
const trimmed = baseUrl?.trim();
|
||||||
|
if (!trimmed) return path;
|
||||||
|
return `${trimmed.replace(/\/$/, "")}${path}`;
|
||||||
|
}
|
||||||
|
|
||||||
export async function browserCookies(
|
export async function browserCookies(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { targetId?: string; profile?: string } = {},
|
opts: { targetId?: string; profile?: string } = {},
|
||||||
): Promise<{ ok: true; targetId: string; cookies: unknown[] }> {
|
): Promise<{ ok: true; targetId: string; cookies: unknown[] }> {
|
||||||
const q = new URLSearchParams();
|
const q = new URLSearchParams();
|
||||||
@ -17,11 +23,11 @@ export async function browserCookies(
|
|||||||
ok: true;
|
ok: true;
|
||||||
targetId: string;
|
targetId: string;
|
||||||
cookies: unknown[];
|
cookies: unknown[];
|
||||||
}>(`${baseUrl}/cookies${suffix}`, { timeoutMs: 20000 });
|
}>(withBaseUrl(baseUrl, `/cookies${suffix}`), { timeoutMs: 20000 });
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserCookiesSet(
|
export async function browserCookiesSet(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
cookie: Record<string, unknown>;
|
cookie: Record<string, unknown>;
|
||||||
targetId?: string;
|
targetId?: string;
|
||||||
@ -29,7 +35,7 @@ export async function browserCookiesSet(
|
|||||||
},
|
},
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/cookies/set${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/cookies/set${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ targetId: opts.targetId, cookie: opts.cookie }),
|
body: JSON.stringify({ targetId: opts.targetId, cookie: opts.cookie }),
|
||||||
@ -38,11 +44,11 @@ export async function browserCookiesSet(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserCookiesClear(
|
export async function browserCookiesClear(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { targetId?: string; profile?: string } = {},
|
opts: { targetId?: string; profile?: string } = {},
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/cookies/clear${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/cookies/clear${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ targetId: opts.targetId }),
|
body: JSON.stringify({ targetId: opts.targetId }),
|
||||||
@ -51,7 +57,7 @@ export async function browserCookiesClear(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserStorageGet(
|
export async function browserStorageGet(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
kind: "local" | "session";
|
kind: "local" | "session";
|
||||||
key?: string;
|
key?: string;
|
||||||
@ -68,11 +74,11 @@ export async function browserStorageGet(
|
|||||||
ok: true;
|
ok: true;
|
||||||
targetId: string;
|
targetId: string;
|
||||||
values: Record<string, string>;
|
values: Record<string, string>;
|
||||||
}>(`${baseUrl}/storage/${opts.kind}${suffix}`, { timeoutMs: 20000 });
|
}>(withBaseUrl(baseUrl, `/storage/${opts.kind}${suffix}`), { timeoutMs: 20000 });
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserStorageSet(
|
export async function browserStorageSet(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
kind: "local" | "session";
|
kind: "local" | "session";
|
||||||
key: string;
|
key: string;
|
||||||
@ -82,7 +88,9 @@ export async function browserStorageSet(
|
|||||||
},
|
},
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/storage/${opts.kind}/set${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(
|
||||||
|
withBaseUrl(baseUrl, `/storage/${opts.kind}/set${q}`),
|
||||||
|
{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -91,16 +99,17 @@ export async function browserStorageSet(
|
|||||||
value: opts.value,
|
value: opts.value,
|
||||||
}),
|
}),
|
||||||
timeoutMs: 20000,
|
timeoutMs: 20000,
|
||||||
});
|
},
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserStorageClear(
|
export async function browserStorageClear(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { kind: "local" | "session"; targetId?: string; profile?: string },
|
opts: { kind: "local" | "session"; targetId?: string; profile?: string },
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(
|
return await fetchBrowserJson<BrowserActionTargetOk>(
|
||||||
`${baseUrl}/storage/${opts.kind}/clear${q}`,
|
withBaseUrl(baseUrl, `/storage/${opts.kind}/clear${q}`),
|
||||||
{
|
{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
@ -111,11 +120,11 @@ export async function browserStorageClear(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserSetOffline(
|
export async function browserSetOffline(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { offline: boolean; targetId?: string; profile?: string },
|
opts: { offline: boolean; targetId?: string; profile?: string },
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/set/offline${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/offline${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ targetId: opts.targetId, offline: opts.offline }),
|
body: JSON.stringify({ targetId: opts.targetId, offline: opts.offline }),
|
||||||
@ -124,7 +133,7 @@ export async function browserSetOffline(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserSetHeaders(
|
export async function browserSetHeaders(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
headers: Record<string, string>;
|
headers: Record<string, string>;
|
||||||
targetId?: string;
|
targetId?: string;
|
||||||
@ -132,7 +141,7 @@ export async function browserSetHeaders(
|
|||||||
},
|
},
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/set/headers${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/headers${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ targetId: opts.targetId, headers: opts.headers }),
|
body: JSON.stringify({ targetId: opts.targetId, headers: opts.headers }),
|
||||||
@ -141,7 +150,7 @@ export async function browserSetHeaders(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserSetHttpCredentials(
|
export async function browserSetHttpCredentials(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
username?: string;
|
username?: string;
|
||||||
password?: string;
|
password?: string;
|
||||||
@ -151,7 +160,9 @@ export async function browserSetHttpCredentials(
|
|||||||
} = {},
|
} = {},
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/set/credentials${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(
|
||||||
|
withBaseUrl(baseUrl, `/set/credentials${q}`),
|
||||||
|
{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -161,11 +172,12 @@ export async function browserSetHttpCredentials(
|
|||||||
clear: opts.clear,
|
clear: opts.clear,
|
||||||
}),
|
}),
|
||||||
timeoutMs: 20000,
|
timeoutMs: 20000,
|
||||||
});
|
},
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserSetGeolocation(
|
export async function browserSetGeolocation(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
latitude?: number;
|
latitude?: number;
|
||||||
longitude?: number;
|
longitude?: number;
|
||||||
@ -177,7 +189,9 @@ export async function browserSetGeolocation(
|
|||||||
} = {},
|
} = {},
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/set/geolocation${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(
|
||||||
|
withBaseUrl(baseUrl, `/set/geolocation${q}`),
|
||||||
|
{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -189,11 +203,12 @@ export async function browserSetGeolocation(
|
|||||||
clear: opts.clear,
|
clear: opts.clear,
|
||||||
}),
|
}),
|
||||||
timeoutMs: 20000,
|
timeoutMs: 20000,
|
||||||
});
|
},
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserSetMedia(
|
export async function browserSetMedia(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
colorScheme: "dark" | "light" | "no-preference" | "none";
|
colorScheme: "dark" | "light" | "no-preference" | "none";
|
||||||
targetId?: string;
|
targetId?: string;
|
||||||
@ -201,7 +216,7 @@ export async function browserSetMedia(
|
|||||||
},
|
},
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/set/media${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/media${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -213,11 +228,11 @@ export async function browserSetMedia(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserSetTimezone(
|
export async function browserSetTimezone(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { timezoneId: string; targetId?: string; profile?: string },
|
opts: { timezoneId: string; targetId?: string; profile?: string },
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/set/timezone${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/timezone${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -229,11 +244,11 @@ export async function browserSetTimezone(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserSetLocale(
|
export async function browserSetLocale(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { locale: string; targetId?: string; profile?: string },
|
opts: { locale: string; targetId?: string; profile?: string },
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/set/locale${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/locale${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ targetId: opts.targetId, locale: opts.locale }),
|
body: JSON.stringify({ targetId: opts.targetId, locale: opts.locale }),
|
||||||
@ -242,11 +257,11 @@ export async function browserSetLocale(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserSetDevice(
|
export async function browserSetDevice(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { name: string; targetId?: string; profile?: string },
|
opts: { name: string; targetId?: string; profile?: string },
|
||||||
): Promise<BrowserActionTargetOk> {
|
): Promise<BrowserActionTargetOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionTargetOk>(`${baseUrl}/set/device${q}`, {
|
return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/device${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ targetId: opts.targetId, name: opts.name }),
|
body: JSON.stringify({ targetId: opts.targetId, name: opts.name }),
|
||||||
@ -255,11 +270,11 @@ export async function browserSetDevice(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserClearPermissions(
|
export async function browserClearPermissions(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: { targetId?: string; profile?: string } = {},
|
opts: { targetId?: string; profile?: string } = {},
|
||||||
): Promise<BrowserActionOk> {
|
): Promise<BrowserActionOk> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson<BrowserActionOk>(`${baseUrl}/set/geolocation${q}`, {
|
return await fetchBrowserJson<BrowserActionOk>(withBaseUrl(baseUrl, `/set/geolocation${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ targetId: opts.targetId, clear: true }),
|
body: JSON.stringify({ targetId: opts.targetId, clear: true }),
|
||||||
|
|||||||
@ -1,57 +1,51 @@
|
|||||||
import { extractErrorCode, formatErrorMessage } from "../infra/errors.js";
|
|
||||||
import { loadConfig } from "../config/config.js";
|
|
||||||
import { formatCliCommand } from "../cli/command-format.js";
|
import { formatCliCommand } from "../cli/command-format.js";
|
||||||
import { resolveBrowserConfig } from "./config.js";
|
import {
|
||||||
|
createBrowserControlContext,
|
||||||
|
startBrowserControlServiceFromConfig,
|
||||||
|
} from "./control-service.js";
|
||||||
|
import { createBrowserRouteDispatcher } from "./routes/dispatcher.js";
|
||||||
|
|
||||||
let cachedConfigToken: string | null | undefined = undefined;
|
function isAbsoluteHttp(url: string): boolean {
|
||||||
|
return /^https?:\/\//i.test(url.trim());
|
||||||
function getBrowserControlToken(): string | null {
|
|
||||||
const env = process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN?.trim();
|
|
||||||
if (env) return env;
|
|
||||||
|
|
||||||
if (cachedConfigToken !== undefined) return cachedConfigToken;
|
|
||||||
try {
|
|
||||||
const cfg = loadConfig();
|
|
||||||
const resolved = resolveBrowserConfig(cfg.browser);
|
|
||||||
const token = resolved.controlToken?.trim() || "";
|
|
||||||
cachedConfigToken = token ? token : null;
|
|
||||||
} catch {
|
|
||||||
cachedConfigToken = null;
|
|
||||||
}
|
|
||||||
return cachedConfigToken;
|
|
||||||
}
|
|
||||||
|
|
||||||
function unwrapCause(err: unknown): unknown {
|
|
||||||
if (!err || typeof err !== "object") return null;
|
|
||||||
const cause = (err as { cause?: unknown }).cause;
|
|
||||||
return cause ?? null;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function enhanceBrowserFetchError(url: string, err: unknown, timeoutMs: number): Error {
|
function enhanceBrowserFetchError(url: string, err: unknown, timeoutMs: number): Error {
|
||||||
const cause = unwrapCause(err);
|
const hint = isAbsoluteHttp(url)
|
||||||
const code = extractErrorCode(cause) ?? extractErrorCode(err) ?? "";
|
? "If this is a sandboxed session, ensure the sandbox browser is running and try again."
|
||||||
|
: `Start (or restart) the Clawdbot gateway (Clawdbot.app menubar, or \`${formatCliCommand("clawdbot gateway")}\`) and try again.`;
|
||||||
const hint = `Start (or restart) the Clawdbot gateway (Clawdbot.app menubar, or \`${formatCliCommand("clawdbot gateway")}\`) and try again.`;
|
const msg = String(err);
|
||||||
|
const msgLower = msg.toLowerCase();
|
||||||
if (code === "ECONNREFUSED") {
|
const looksLikeTimeout =
|
||||||
|
msgLower.includes("timed out") ||
|
||||||
|
msgLower.includes("timeout") ||
|
||||||
|
msgLower.includes("aborted") ||
|
||||||
|
msgLower.includes("abort") ||
|
||||||
|
msgLower.includes("aborterror");
|
||||||
|
if (looksLikeTimeout) {
|
||||||
return new Error(
|
return new Error(
|
||||||
`Can't reach the clawd browser control server at ${url} (connection refused). ${hint}`,
|
`Can't reach the clawd browser control service (timed out after ${timeoutMs}ms). ${hint}`,
|
||||||
);
|
|
||||||
}
|
|
||||||
if (code === "ETIMEDOUT" || code === "UND_ERR_CONNECT_TIMEOUT") {
|
|
||||||
return new Error(
|
|
||||||
`Can't reach the clawd browser control server at ${url} (timed out after ${timeoutMs}ms). ${hint}`,
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
return new Error(`Can't reach the clawd browser control service. ${hint} (${msg})`);
|
||||||
|
}
|
||||||
|
|
||||||
const msg = formatErrorMessage(err);
|
async function fetchHttpJson<T>(
|
||||||
if (msg.toLowerCase().includes("abort")) {
|
url: string,
|
||||||
return new Error(
|
init: RequestInit & { timeoutMs?: number },
|
||||||
`Can't reach the clawd browser control server at ${url} (timed out after ${timeoutMs}ms). ${hint}`,
|
): Promise<T> {
|
||||||
);
|
const timeoutMs = init.timeoutMs ?? 5000;
|
||||||
|
const ctrl = new AbortController();
|
||||||
|
const t = setTimeout(() => ctrl.abort(), timeoutMs);
|
||||||
|
try {
|
||||||
|
const res = await fetch(url, { ...init, signal: ctrl.signal });
|
||||||
|
if (!res.ok) {
|
||||||
|
const text = await res.text().catch(() => "");
|
||||||
|
throw new Error(text || `HTTP ${res.status}`);
|
||||||
|
}
|
||||||
|
return (await res.json()) as T;
|
||||||
|
} finally {
|
||||||
|
clearTimeout(t);
|
||||||
}
|
}
|
||||||
|
|
||||||
return new Error(`Can't reach the clawd browser control server at ${url}. ${hint} (${msg})`);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function fetchBrowserJson<T>(
|
export async function fetchBrowserJson<T>(
|
||||||
@ -59,32 +53,58 @@ export async function fetchBrowserJson<T>(
|
|||||||
init?: RequestInit & { timeoutMs?: number },
|
init?: RequestInit & { timeoutMs?: number },
|
||||||
): Promise<T> {
|
): Promise<T> {
|
||||||
const timeoutMs = init?.timeoutMs ?? 5000;
|
const timeoutMs = init?.timeoutMs ?? 5000;
|
||||||
const ctrl = new AbortController();
|
|
||||||
const t = setTimeout(() => ctrl.abort(), timeoutMs);
|
|
||||||
let res: Response;
|
|
||||||
try {
|
try {
|
||||||
const token = getBrowserControlToken();
|
if (isAbsoluteHttp(url)) {
|
||||||
const mergedHeaders = (() => {
|
return await fetchHttpJson<T>(url, { ...init, timeoutMs });
|
||||||
if (!token) return init?.headers;
|
|
||||||
const h = new Headers(init?.headers ?? {});
|
|
||||||
if (!h.has("Authorization")) {
|
|
||||||
h.set("Authorization", `Bearer ${token}`);
|
|
||||||
}
|
}
|
||||||
return h;
|
const started = await startBrowserControlServiceFromConfig();
|
||||||
})();
|
if (!started) {
|
||||||
res = await fetch(url, {
|
throw new Error("browser control disabled");
|
||||||
...init,
|
}
|
||||||
...(mergedHeaders ? { headers: mergedHeaders } : {}),
|
const dispatcher = createBrowserRouteDispatcher(createBrowserControlContext());
|
||||||
signal: ctrl.signal,
|
const parsed = new URL(url, "http://localhost");
|
||||||
} as RequestInit);
|
const query: Record<string, unknown> = {};
|
||||||
|
for (const [key, value] of parsed.searchParams.entries()) {
|
||||||
|
query[key] = value;
|
||||||
|
}
|
||||||
|
let body = init?.body;
|
||||||
|
if (typeof body === "string") {
|
||||||
|
try {
|
||||||
|
body = JSON.parse(body);
|
||||||
|
} catch {
|
||||||
|
// keep as string
|
||||||
|
}
|
||||||
|
}
|
||||||
|
const dispatchPromise = dispatcher.dispatch({
|
||||||
|
method:
|
||||||
|
init?.method?.toUpperCase() === "DELETE"
|
||||||
|
? "DELETE"
|
||||||
|
: init?.method?.toUpperCase() === "POST"
|
||||||
|
? "POST"
|
||||||
|
: "GET",
|
||||||
|
path: parsed.pathname,
|
||||||
|
query,
|
||||||
|
body,
|
||||||
|
});
|
||||||
|
|
||||||
|
const result = await (timeoutMs
|
||||||
|
? Promise.race([
|
||||||
|
dispatchPromise,
|
||||||
|
new Promise<never>((_, reject) =>
|
||||||
|
setTimeout(() => reject(new Error("timed out")), timeoutMs),
|
||||||
|
),
|
||||||
|
])
|
||||||
|
: dispatchPromise);
|
||||||
|
|
||||||
|
if (result.status >= 400) {
|
||||||
|
const message =
|
||||||
|
result.body && typeof result.body === "object" && "error" in result.body
|
||||||
|
? String((result.body as { error?: unknown }).error)
|
||||||
|
: `HTTP ${result.status}`;
|
||||||
|
throw new Error(message);
|
||||||
|
}
|
||||||
|
return result.body as T;
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
throw enhanceBrowserFetchError(url, err, timeoutMs);
|
throw enhanceBrowserFetchError(url, err, timeoutMs);
|
||||||
} finally {
|
|
||||||
clearTimeout(t);
|
|
||||||
}
|
}
|
||||||
if (!res.ok) {
|
|
||||||
const text = await res.text().catch(() => "");
|
|
||||||
throw new Error(text ? `${res.status}: ${text}` : `HTTP ${res.status}`);
|
|
||||||
}
|
|
||||||
return (await res.json()) as T;
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -16,7 +16,7 @@ describe("browser client", () => {
|
|||||||
vi.unstubAllGlobals();
|
vi.unstubAllGlobals();
|
||||||
});
|
});
|
||||||
|
|
||||||
it("wraps connection failures with a gateway hint", async () => {
|
it("wraps connection failures with a sandbox hint", async () => {
|
||||||
const refused = Object.assign(new Error("connect ECONNREFUSED 127.0.0.1"), {
|
const refused = Object.assign(new Error("connect ECONNREFUSED 127.0.0.1"), {
|
||||||
code: "ECONNREFUSED",
|
code: "ECONNREFUSED",
|
||||||
});
|
});
|
||||||
@ -26,7 +26,7 @@ describe("browser client", () => {
|
|||||||
|
|
||||||
vi.stubGlobal("fetch", vi.fn().mockRejectedValue(fetchFailed));
|
vi.stubGlobal("fetch", vi.fn().mockRejectedValue(fetchFailed));
|
||||||
|
|
||||||
await expect(browserStatus("http://127.0.0.1:18791")).rejects.toThrow(/Start .*gateway/i);
|
await expect(browserStatus("http://127.0.0.1:18791")).rejects.toThrow(/sandboxed session/i);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("adds useful timeout messaging for abort-like failures", async () => {
|
it("adds useful timeout messaging for abort-like failures", async () => {
|
||||||
@ -34,41 +34,6 @@ describe("browser client", () => {
|
|||||||
await expect(browserStatus("http://127.0.0.1:18791")).rejects.toThrow(/timed out/i);
|
await expect(browserStatus("http://127.0.0.1:18791")).rejects.toThrow(/timed out/i);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("adds Authorization when CLAWDBOT_BROWSER_CONTROL_TOKEN is set", async () => {
|
|
||||||
const prev = process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN;
|
|
||||||
process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN = "t1";
|
|
||||||
|
|
||||||
const calls: Array<{ url: string; init?: RequestInit }> = [];
|
|
||||||
vi.stubGlobal(
|
|
||||||
"fetch",
|
|
||||||
vi.fn(async (url: string, init?: RequestInit) => {
|
|
||||||
calls.push({ url, init });
|
|
||||||
return {
|
|
||||||
ok: true,
|
|
||||||
json: async () => ({
|
|
||||||
enabled: true,
|
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
running: false,
|
|
||||||
pid: null,
|
|
||||||
cdpPort: 18792,
|
|
||||||
chosenBrowser: null,
|
|
||||||
userDataDir: null,
|
|
||||||
color: "#FF0000",
|
|
||||||
headless: true,
|
|
||||||
attachOnly: false,
|
|
||||||
}),
|
|
||||||
} as unknown as Response;
|
|
||||||
}),
|
|
||||||
);
|
|
||||||
|
|
||||||
await browserStatus("http://127.0.0.1:18791");
|
|
||||||
const init = calls[0]?.init;
|
|
||||||
const auth = new Headers(init?.headers ?? {}).get("Authorization");
|
|
||||||
expect(auth).toBe("Bearer t1");
|
|
||||||
|
|
||||||
process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN = prev;
|
|
||||||
});
|
|
||||||
|
|
||||||
it("surfaces non-2xx responses with body text", async () => {
|
it("surfaces non-2xx responses with body text", async () => {
|
||||||
vi.stubGlobal(
|
vi.stubGlobal(
|
||||||
"fetch",
|
"fetch",
|
||||||
@ -81,7 +46,7 @@ describe("browser client", () => {
|
|||||||
|
|
||||||
await expect(
|
await expect(
|
||||||
browserSnapshot("http://127.0.0.1:18791", { format: "aria", limit: 1 }),
|
browserSnapshot("http://127.0.0.1:18791", { format: "aria", limit: 1 }),
|
||||||
).rejects.toThrow(/409: conflict/i);
|
).rejects.toThrow(/conflict/i);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("adds labels + efficient mode query params to snapshots", async () => {
|
it("adds labels + efficient mode query params to snapshots", async () => {
|
||||||
@ -255,7 +220,6 @@ describe("browser client", () => {
|
|||||||
ok: true,
|
ok: true,
|
||||||
json: async () => ({
|
json: async () => ({
|
||||||
enabled: true,
|
enabled: true,
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
running: true,
|
running: true,
|
||||||
pid: 1,
|
pid: 1,
|
||||||
cdpPort: 18792,
|
cdpPort: 18792,
|
||||||
|
|||||||
@ -1,10 +1,7 @@
|
|||||||
import { loadConfig } from "../config/config.js";
|
|
||||||
import { fetchBrowserJson } from "./client-fetch.js";
|
import { fetchBrowserJson } from "./client-fetch.js";
|
||||||
import { resolveBrowserConfig } from "./config.js";
|
|
||||||
|
|
||||||
export type BrowserStatus = {
|
export type BrowserStatus = {
|
||||||
enabled: boolean;
|
enabled: boolean;
|
||||||
controlUrl: string;
|
|
||||||
profile?: string;
|
profile?: string;
|
||||||
running: boolean;
|
running: boolean;
|
||||||
cdpReady?: boolean;
|
cdpReady?: boolean;
|
||||||
@ -89,59 +86,64 @@ export type SnapshotResult =
|
|||||||
imageType?: "png" | "jpeg";
|
imageType?: "png" | "jpeg";
|
||||||
};
|
};
|
||||||
|
|
||||||
export function resolveBrowserControlUrl(overrideUrl?: string) {
|
|
||||||
const cfg = loadConfig();
|
|
||||||
const resolved = resolveBrowserConfig(cfg.browser);
|
|
||||||
const url = overrideUrl?.trim() ? overrideUrl.trim() : resolved.controlUrl;
|
|
||||||
return url.replace(/\/$/, "");
|
|
||||||
}
|
|
||||||
|
|
||||||
function buildProfileQuery(profile?: string): string {
|
function buildProfileQuery(profile?: string): string {
|
||||||
return profile ? `?profile=${encodeURIComponent(profile)}` : "";
|
return profile ? `?profile=${encodeURIComponent(profile)}` : "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function withBaseUrl(baseUrl: string | undefined, path: string): string {
|
||||||
|
const trimmed = baseUrl?.trim();
|
||||||
|
if (!trimmed) return path;
|
||||||
|
return `${trimmed.replace(/\/$/, "")}${path}`;
|
||||||
|
}
|
||||||
|
|
||||||
export async function browserStatus(
|
export async function browserStatus(
|
||||||
baseUrl: string,
|
baseUrl?: string,
|
||||||
opts?: { profile?: string },
|
opts?: { profile?: string },
|
||||||
): Promise<BrowserStatus> {
|
): Promise<BrowserStatus> {
|
||||||
const q = buildProfileQuery(opts?.profile);
|
const q = buildProfileQuery(opts?.profile);
|
||||||
return await fetchBrowserJson<BrowserStatus>(`${baseUrl}/${q}`, {
|
return await fetchBrowserJson<BrowserStatus>(withBaseUrl(baseUrl, `/${q}`), {
|
||||||
timeoutMs: 1500,
|
timeoutMs: 1500,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserProfiles(baseUrl: string): Promise<ProfileStatus[]> {
|
export async function browserProfiles(baseUrl?: string): Promise<ProfileStatus[]> {
|
||||||
const res = await fetchBrowserJson<{ profiles: ProfileStatus[] }>(`${baseUrl}/profiles`, {
|
const res = await fetchBrowserJson<{ profiles: ProfileStatus[] }>(
|
||||||
|
withBaseUrl(baseUrl, `/profiles`),
|
||||||
|
{
|
||||||
timeoutMs: 3000,
|
timeoutMs: 3000,
|
||||||
});
|
},
|
||||||
|
);
|
||||||
return res.profiles ?? [];
|
return res.profiles ?? [];
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserStart(baseUrl: string, opts?: { profile?: string }): Promise<void> {
|
export async function browserStart(baseUrl?: string, opts?: { profile?: string }): Promise<void> {
|
||||||
const q = buildProfileQuery(opts?.profile);
|
const q = buildProfileQuery(opts?.profile);
|
||||||
await fetchBrowserJson(`${baseUrl}/start${q}`, {
|
await fetchBrowserJson(withBaseUrl(baseUrl, `/start${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
timeoutMs: 15000,
|
timeoutMs: 15000,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserStop(baseUrl: string, opts?: { profile?: string }): Promise<void> {
|
export async function browserStop(baseUrl?: string, opts?: { profile?: string }): Promise<void> {
|
||||||
const q = buildProfileQuery(opts?.profile);
|
const q = buildProfileQuery(opts?.profile);
|
||||||
await fetchBrowserJson(`${baseUrl}/stop${q}`, {
|
await fetchBrowserJson(withBaseUrl(baseUrl, `/stop${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
timeoutMs: 15000,
|
timeoutMs: 15000,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserResetProfile(
|
export async function browserResetProfile(
|
||||||
baseUrl: string,
|
baseUrl?: string,
|
||||||
opts?: { profile?: string },
|
opts?: { profile?: string },
|
||||||
): Promise<BrowserResetProfileResult> {
|
): Promise<BrowserResetProfileResult> {
|
||||||
const q = buildProfileQuery(opts?.profile);
|
const q = buildProfileQuery(opts?.profile);
|
||||||
return await fetchBrowserJson<BrowserResetProfileResult>(`${baseUrl}/reset-profile${q}`, {
|
return await fetchBrowserJson<BrowserResetProfileResult>(
|
||||||
|
withBaseUrl(baseUrl, `/reset-profile${q}`),
|
||||||
|
{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
timeoutMs: 20000,
|
timeoutMs: 20000,
|
||||||
});
|
},
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
export type BrowserCreateProfileResult = {
|
export type BrowserCreateProfileResult = {
|
||||||
@ -154,7 +156,7 @@ export type BrowserCreateProfileResult = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
export async function browserCreateProfile(
|
export async function browserCreateProfile(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
name: string;
|
name: string;
|
||||||
color?: string;
|
color?: string;
|
||||||
@ -162,7 +164,9 @@ export async function browserCreateProfile(
|
|||||||
driver?: "clawd" | "extension";
|
driver?: "clawd" | "extension";
|
||||||
},
|
},
|
||||||
): Promise<BrowserCreateProfileResult> {
|
): Promise<BrowserCreateProfileResult> {
|
||||||
return await fetchBrowserJson<BrowserCreateProfileResult>(`${baseUrl}/profiles/create`, {
|
return await fetchBrowserJson<BrowserCreateProfileResult>(
|
||||||
|
withBaseUrl(baseUrl, `/profiles/create`),
|
||||||
|
{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -172,7 +176,8 @@ export async function browserCreateProfile(
|
|||||||
driver: opts.driver,
|
driver: opts.driver,
|
||||||
}),
|
}),
|
||||||
timeoutMs: 10000,
|
timeoutMs: 10000,
|
||||||
});
|
},
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
export type BrowserDeleteProfileResult = {
|
export type BrowserDeleteProfileResult = {
|
||||||
@ -182,11 +187,11 @@ export type BrowserDeleteProfileResult = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
export async function browserDeleteProfile(
|
export async function browserDeleteProfile(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
profile: string,
|
profile: string,
|
||||||
): Promise<BrowserDeleteProfileResult> {
|
): Promise<BrowserDeleteProfileResult> {
|
||||||
return await fetchBrowserJson<BrowserDeleteProfileResult>(
|
return await fetchBrowserJson<BrowserDeleteProfileResult>(
|
||||||
`${baseUrl}/profiles/${encodeURIComponent(profile)}`,
|
withBaseUrl(baseUrl, `/profiles/${encodeURIComponent(profile)}`),
|
||||||
{
|
{
|
||||||
method: "DELETE",
|
method: "DELETE",
|
||||||
timeoutMs: 20000,
|
timeoutMs: 20000,
|
||||||
@ -195,24 +200,24 @@ export async function browserDeleteProfile(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserTabs(
|
export async function browserTabs(
|
||||||
baseUrl: string,
|
baseUrl?: string,
|
||||||
opts?: { profile?: string },
|
opts?: { profile?: string },
|
||||||
): Promise<BrowserTab[]> {
|
): Promise<BrowserTab[]> {
|
||||||
const q = buildProfileQuery(opts?.profile);
|
const q = buildProfileQuery(opts?.profile);
|
||||||
const res = await fetchBrowserJson<{ running: boolean; tabs: BrowserTab[] }>(
|
const res = await fetchBrowserJson<{ running: boolean; tabs: BrowserTab[] }>(
|
||||||
`${baseUrl}/tabs${q}`,
|
withBaseUrl(baseUrl, `/tabs${q}`),
|
||||||
{ timeoutMs: 3000 },
|
{ timeoutMs: 3000 },
|
||||||
);
|
);
|
||||||
return res.tabs ?? [];
|
return res.tabs ?? [];
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserOpenTab(
|
export async function browserOpenTab(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
url: string,
|
url: string,
|
||||||
opts?: { profile?: string },
|
opts?: { profile?: string },
|
||||||
): Promise<BrowserTab> {
|
): Promise<BrowserTab> {
|
||||||
const q = buildProfileQuery(opts?.profile);
|
const q = buildProfileQuery(opts?.profile);
|
||||||
return await fetchBrowserJson<BrowserTab>(`${baseUrl}/tabs/open${q}`, {
|
return await fetchBrowserJson<BrowserTab>(withBaseUrl(baseUrl, `/tabs/open${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ url }),
|
body: JSON.stringify({ url }),
|
||||||
@ -221,12 +226,12 @@ export async function browserOpenTab(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserFocusTab(
|
export async function browserFocusTab(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
targetId: string,
|
targetId: string,
|
||||||
opts?: { profile?: string },
|
opts?: { profile?: string },
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
const q = buildProfileQuery(opts?.profile);
|
const q = buildProfileQuery(opts?.profile);
|
||||||
await fetchBrowserJson(`${baseUrl}/tabs/focus${q}`, {
|
await fetchBrowserJson(withBaseUrl(baseUrl, `/tabs/focus${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({ targetId }),
|
body: JSON.stringify({ targetId }),
|
||||||
@ -235,19 +240,19 @@ export async function browserFocusTab(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserCloseTab(
|
export async function browserCloseTab(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
targetId: string,
|
targetId: string,
|
||||||
opts?: { profile?: string },
|
opts?: { profile?: string },
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
const q = buildProfileQuery(opts?.profile);
|
const q = buildProfileQuery(opts?.profile);
|
||||||
await fetchBrowserJson(`${baseUrl}/tabs/${encodeURIComponent(targetId)}${q}`, {
|
await fetchBrowserJson(withBaseUrl(baseUrl, `/tabs/${encodeURIComponent(targetId)}${q}`), {
|
||||||
method: "DELETE",
|
method: "DELETE",
|
||||||
timeoutMs: 5000,
|
timeoutMs: 5000,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
export async function browserTabAction(
|
export async function browserTabAction(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
action: "list" | "new" | "close" | "select";
|
action: "list" | "new" | "close" | "select";
|
||||||
index?: number;
|
index?: number;
|
||||||
@ -255,7 +260,7 @@ export async function browserTabAction(
|
|||||||
},
|
},
|
||||||
): Promise<unknown> {
|
): Promise<unknown> {
|
||||||
const q = buildProfileQuery(opts.profile);
|
const q = buildProfileQuery(opts.profile);
|
||||||
return await fetchBrowserJson(`${baseUrl}/tabs/action${q}`, {
|
return await fetchBrowserJson(withBaseUrl(baseUrl, `/tabs/action${q}`), {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@ -267,7 +272,7 @@ export async function browserTabAction(
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function browserSnapshot(
|
export async function browserSnapshot(
|
||||||
baseUrl: string,
|
baseUrl: string | undefined,
|
||||||
opts: {
|
opts: {
|
||||||
format: "aria" | "ai";
|
format: "aria" | "ai";
|
||||||
targetId?: string;
|
targetId?: string;
|
||||||
@ -301,7 +306,7 @@ export async function browserSnapshot(
|
|||||||
if (opts.labels === true) q.set("labels", "1");
|
if (opts.labels === true) q.set("labels", "1");
|
||||||
if (opts.mode) q.set("mode", opts.mode);
|
if (opts.mode) q.set("mode", opts.mode);
|
||||||
if (opts.profile) q.set("profile", opts.profile);
|
if (opts.profile) q.set("profile", opts.profile);
|
||||||
return await fetchBrowserJson<SnapshotResult>(`${baseUrl}/snapshot?${q.toString()}`, {
|
return await fetchBrowserJson<SnapshotResult>(withBaseUrl(baseUrl, `/snapshot?${q.toString()}`), {
|
||||||
timeoutMs: 20000,
|
timeoutMs: 20000,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2,13 +2,14 @@ import { describe, expect, it } from "vitest";
|
|||||||
import { resolveBrowserConfig, resolveProfile, shouldStartLocalBrowserServer } from "./config.js";
|
import { resolveBrowserConfig, resolveProfile, shouldStartLocalBrowserServer } from "./config.js";
|
||||||
|
|
||||||
describe("browser config", () => {
|
describe("browser config", () => {
|
||||||
it("defaults to enabled with loopback control url and lobster-orange color", () => {
|
it("defaults to enabled with loopback defaults and lobster-orange color", () => {
|
||||||
const resolved = resolveBrowserConfig(undefined);
|
const resolved = resolveBrowserConfig(undefined);
|
||||||
expect(resolved.enabled).toBe(true);
|
expect(resolved.enabled).toBe(true);
|
||||||
expect(resolved.controlPort).toBe(18791);
|
expect(resolved.controlPort).toBe(18791);
|
||||||
expect(resolved.controlHost).toBe("127.0.0.1");
|
|
||||||
expect(resolved.color).toBe("#FF4500");
|
expect(resolved.color).toBe("#FF4500");
|
||||||
expect(shouldStartLocalBrowserServer(resolved)).toBe(true);
|
expect(shouldStartLocalBrowserServer(resolved)).toBe(true);
|
||||||
|
expect(resolved.cdpHost).toBe("127.0.0.1");
|
||||||
|
expect(resolved.cdpProtocol).toBe("http");
|
||||||
const profile = resolveProfile(resolved, resolved.defaultProfile);
|
const profile = resolveProfile(resolved, resolved.defaultProfile);
|
||||||
expect(profile?.name).toBe("chrome");
|
expect(profile?.name).toBe("chrome");
|
||||||
expect(profile?.driver).toBe("extension");
|
expect(profile?.driver).toBe("extension");
|
||||||
@ -46,9 +47,31 @@ describe("browser config", () => {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("derives default ports from gateway.port when env is unset", () => {
|
||||||
|
const prev = process.env.CLAWDBOT_GATEWAY_PORT;
|
||||||
|
delete process.env.CLAWDBOT_GATEWAY_PORT;
|
||||||
|
try {
|
||||||
|
const resolved = resolveBrowserConfig(undefined, { gateway: { port: 19011 } });
|
||||||
|
expect(resolved.controlPort).toBe(19013);
|
||||||
|
const chrome = resolveProfile(resolved, "chrome");
|
||||||
|
expect(chrome?.driver).toBe("extension");
|
||||||
|
expect(chrome?.cdpPort).toBe(19014);
|
||||||
|
expect(chrome?.cdpUrl).toBe("http://127.0.0.1:19014");
|
||||||
|
|
||||||
|
const clawd = resolveProfile(resolved, "clawd");
|
||||||
|
expect(clawd?.cdpPort).toBe(19022);
|
||||||
|
expect(clawd?.cdpUrl).toBe("http://127.0.0.1:19022");
|
||||||
|
} finally {
|
||||||
|
if (prev === undefined) {
|
||||||
|
delete process.env.CLAWDBOT_GATEWAY_PORT;
|
||||||
|
} else {
|
||||||
|
process.env.CLAWDBOT_GATEWAY_PORT = prev;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
it("normalizes hex colors", () => {
|
it("normalizes hex colors", () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({
|
||||||
controlUrl: "http://localhost:18791",
|
|
||||||
color: "ff4500",
|
color: "ff4500",
|
||||||
});
|
});
|
||||||
expect(resolved.color).toBe("#FF4500");
|
expect(resolved.color).toBe("#FF4500");
|
||||||
@ -56,7 +79,6 @@ describe("browser config", () => {
|
|||||||
|
|
||||||
it("supports custom remote CDP timeouts", () => {
|
it("supports custom remote CDP timeouts", () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
remoteCdpTimeoutMs: 2200,
|
remoteCdpTimeoutMs: 2200,
|
||||||
remoteCdpHandshakeTimeoutMs: 5000,
|
remoteCdpHandshakeTimeoutMs: 5000,
|
||||||
});
|
});
|
||||||
@ -66,31 +88,21 @@ describe("browser config", () => {
|
|||||||
|
|
||||||
it("falls back to default color for invalid hex", () => {
|
it("falls back to default color for invalid hex", () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({
|
||||||
controlUrl: "http://localhost:18791",
|
|
||||||
color: "#GGGGGG",
|
color: "#GGGGGG",
|
||||||
});
|
});
|
||||||
expect(resolved.color).toBe("#FF4500");
|
expect(resolved.color).toBe("#FF4500");
|
||||||
});
|
});
|
||||||
|
|
||||||
it("treats non-loopback control urls as remote", () => {
|
it("treats non-loopback cdpUrl as remote", () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({
|
||||||
controlUrl: "http://example.com:18791",
|
cdpUrl: "http://example.com:9222",
|
||||||
});
|
});
|
||||||
expect(shouldStartLocalBrowserServer(resolved)).toBe(false);
|
const profile = resolveProfile(resolved, "clawd");
|
||||||
});
|
expect(profile?.cdpIsLoopback).toBe(false);
|
||||||
|
|
||||||
it("derives CDP host/protocol from control url when cdpUrl is unset", () => {
|
|
||||||
const resolved = resolveBrowserConfig({
|
|
||||||
controlUrl: "http://127.0.0.1:19000",
|
|
||||||
});
|
|
||||||
expect(resolved.controlPort).toBe(19000);
|
|
||||||
expect(resolved.cdpHost).toBe("127.0.0.1");
|
|
||||||
expect(resolved.cdpProtocol).toBe("http");
|
|
||||||
});
|
});
|
||||||
|
|
||||||
it("supports explicit CDP URLs for the default profile", () => {
|
it("supports explicit CDP URLs for the default profile", () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
cdpUrl: "http://example.com:9222",
|
cdpUrl: "http://example.com:9222",
|
||||||
});
|
});
|
||||||
const profile = resolveProfile(resolved, "clawd");
|
const profile = resolveProfile(resolved, "clawd");
|
||||||
@ -101,7 +113,6 @@ describe("browser config", () => {
|
|||||||
|
|
||||||
it("uses profile cdpUrl when provided", () => {
|
it("uses profile cdpUrl when provided", () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
profiles: {
|
profiles: {
|
||||||
remote: { cdpUrl: "http://10.0.0.42:9222", color: "#0066CC" },
|
remote: { cdpUrl: "http://10.0.0.42:9222", color: "#0066CC" },
|
||||||
},
|
},
|
||||||
@ -115,7 +126,6 @@ describe("browser config", () => {
|
|||||||
|
|
||||||
it("uses base protocol for profiles with only cdpPort", () => {
|
it("uses base protocol for profiles with only cdpPort", () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
cdpUrl: "https://example.com:9443",
|
cdpUrl: "https://example.com:9443",
|
||||||
profiles: {
|
profiles: {
|
||||||
work: { cdpPort: 18801, color: "#0066CC" },
|
work: { cdpPort: 18801, color: "#0066CC" },
|
||||||
@ -127,14 +137,11 @@ describe("browser config", () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
it("rejects unsupported protocols", () => {
|
it("rejects unsupported protocols", () => {
|
||||||
expect(() => resolveBrowserConfig({ controlUrl: "ws://127.0.0.1:18791" })).toThrow(
|
expect(() => resolveBrowserConfig({ cdpUrl: "ws://127.0.0.1:18791" })).toThrow(/must be http/i);
|
||||||
/must be http/i,
|
|
||||||
);
|
|
||||||
});
|
});
|
||||||
|
|
||||||
it("does not add the built-in chrome extension profile if the derived relay port is already used", () => {
|
it("does not add the built-in chrome extension profile if the derived relay port is already used", () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
profiles: {
|
profiles: {
|
||||||
clawd: { cdpPort: 18792, color: "#FF4500" },
|
clawd: { cdpPort: 18792, color: "#FF4500" },
|
||||||
},
|
},
|
||||||
|
|||||||
@ -1,12 +1,14 @@
|
|||||||
import type { BrowserConfig, BrowserProfileConfig } from "../config/config.js";
|
import type { BrowserConfig, BrowserProfileConfig, ClawdbotConfig } from "../config/config.js";
|
||||||
import {
|
import {
|
||||||
deriveDefaultBrowserCdpPortRange,
|
deriveDefaultBrowserCdpPortRange,
|
||||||
deriveDefaultBrowserControlPort,
|
deriveDefaultBrowserControlPort,
|
||||||
|
DEFAULT_BROWSER_CONTROL_PORT,
|
||||||
} from "../config/port-defaults.js";
|
} from "../config/port-defaults.js";
|
||||||
|
import { resolveGatewayPort } from "../config/paths.js";
|
||||||
import {
|
import {
|
||||||
DEFAULT_CLAWD_BROWSER_COLOR,
|
DEFAULT_CLAWD_BROWSER_COLOR,
|
||||||
DEFAULT_CLAWD_BROWSER_CONTROL_URL,
|
|
||||||
DEFAULT_CLAWD_BROWSER_ENABLED,
|
DEFAULT_CLAWD_BROWSER_ENABLED,
|
||||||
|
DEFAULT_BROWSER_EVALUATE_ENABLED,
|
||||||
DEFAULT_BROWSER_DEFAULT_PROFILE_NAME,
|
DEFAULT_BROWSER_DEFAULT_PROFILE_NAME,
|
||||||
DEFAULT_CLAWD_BROWSER_PROFILE_NAME,
|
DEFAULT_CLAWD_BROWSER_PROFILE_NAME,
|
||||||
} from "./constants.js";
|
} from "./constants.js";
|
||||||
@ -14,10 +16,8 @@ import { CDP_PORT_RANGE_START, getUsedPorts } from "./profiles.js";
|
|||||||
|
|
||||||
export type ResolvedBrowserConfig = {
|
export type ResolvedBrowserConfig = {
|
||||||
enabled: boolean;
|
enabled: boolean;
|
||||||
controlUrl: string;
|
evaluateEnabled: boolean;
|
||||||
controlHost: string;
|
|
||||||
controlPort: number;
|
controlPort: number;
|
||||||
controlToken?: string;
|
|
||||||
cdpProtocol: "http" | "https";
|
cdpProtocol: "http" | "https";
|
||||||
cdpHost: string;
|
cdpHost: string;
|
||||||
cdpIsLoopback: boolean;
|
cdpIsLoopback: boolean;
|
||||||
@ -137,24 +137,14 @@ function ensureDefaultChromeExtensionProfile(
|
|||||||
};
|
};
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
export function resolveBrowserConfig(cfg: BrowserConfig | undefined): ResolvedBrowserConfig {
|
export function resolveBrowserConfig(
|
||||||
|
cfg: BrowserConfig | undefined,
|
||||||
|
rootConfig?: ClawdbotConfig,
|
||||||
|
): ResolvedBrowserConfig {
|
||||||
const enabled = cfg?.enabled ?? DEFAULT_CLAWD_BROWSER_ENABLED;
|
const enabled = cfg?.enabled ?? DEFAULT_CLAWD_BROWSER_ENABLED;
|
||||||
const envControlUrl = process.env.CLAWDBOT_BROWSER_CONTROL_URL?.trim();
|
const evaluateEnabled = cfg?.evaluateEnabled ?? DEFAULT_BROWSER_EVALUATE_ENABLED;
|
||||||
const controlToken = cfg?.controlToken?.trim() || undefined;
|
const gatewayPort = resolveGatewayPort(rootConfig);
|
||||||
const derivedControlPort = (() => {
|
const controlPort = deriveDefaultBrowserControlPort(gatewayPort ?? DEFAULT_BROWSER_CONTROL_PORT);
|
||||||
const raw = process.env.CLAWDBOT_GATEWAY_PORT?.trim();
|
|
||||||
if (!raw) return null;
|
|
||||||
const gatewayPort = Number.parseInt(raw, 10);
|
|
||||||
if (!Number.isFinite(gatewayPort) || gatewayPort <= 0) return null;
|
|
||||||
return deriveDefaultBrowserControlPort(gatewayPort);
|
|
||||||
})();
|
|
||||||
const derivedControlUrl = derivedControlPort ? `http://127.0.0.1:${derivedControlPort}` : null;
|
|
||||||
|
|
||||||
const controlInfo = parseHttpUrl(
|
|
||||||
cfg?.controlUrl ?? envControlUrl ?? derivedControlUrl ?? DEFAULT_CLAWD_BROWSER_CONTROL_URL,
|
|
||||||
"browser.controlUrl",
|
|
||||||
);
|
|
||||||
const controlPort = controlInfo.port;
|
|
||||||
const defaultColor = normalizeHexColor(cfg?.color);
|
const defaultColor = normalizeHexColor(cfg?.color);
|
||||||
const remoteCdpTimeoutMs = normalizeTimeoutMs(cfg?.remoteCdpTimeoutMs, 1500);
|
const remoteCdpTimeoutMs = normalizeTimeoutMs(cfg?.remoteCdpTimeoutMs, 1500);
|
||||||
const remoteCdpHandshakeTimeoutMs = normalizeTimeoutMs(
|
const remoteCdpHandshakeTimeoutMs = normalizeTimeoutMs(
|
||||||
@ -178,11 +168,10 @@ export function resolveBrowserConfig(cfg: BrowserConfig | undefined): ResolvedBr
|
|||||||
const derivedPort = controlPort + 1;
|
const derivedPort = controlPort + 1;
|
||||||
if (derivedPort > 65535) {
|
if (derivedPort > 65535) {
|
||||||
throw new Error(
|
throw new Error(
|
||||||
`browser.controlUrl port (${controlPort}) is too high; cannot derive CDP port (${derivedPort})`,
|
`Derived CDP port (${derivedPort}) is too high; check gateway port configuration.`,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
const derived = new URL(controlInfo.normalized);
|
const derived = new URL(`http://127.0.0.1:${derivedPort}`);
|
||||||
derived.port = String(derivedPort);
|
|
||||||
cdpInfo = {
|
cdpInfo = {
|
||||||
parsed: derived,
|
parsed: derived,
|
||||||
port: derivedPort,
|
port: derivedPort,
|
||||||
@ -211,10 +200,8 @@ export function resolveBrowserConfig(cfg: BrowserConfig | undefined): ResolvedBr
|
|||||||
|
|
||||||
return {
|
return {
|
||||||
enabled,
|
enabled,
|
||||||
controlUrl: controlInfo.normalized,
|
evaluateEnabled,
|
||||||
controlHost: controlInfo.parsed.hostname,
|
|
||||||
controlPort,
|
controlPort,
|
||||||
...(controlToken ? { controlToken } : {}),
|
|
||||||
cdpProtocol,
|
cdpProtocol,
|
||||||
cdpHost: cdpInfo.parsed.hostname,
|
cdpHost: cdpInfo.parsed.hostname,
|
||||||
cdpIsLoopback: isLoopbackHost(cdpInfo.parsed.hostname),
|
cdpIsLoopback: isLoopbackHost(cdpInfo.parsed.hostname),
|
||||||
@ -269,6 +256,6 @@ export function resolveProfile(
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
export function shouldStartLocalBrowserServer(resolved: ResolvedBrowserConfig) {
|
export function shouldStartLocalBrowserServer(_resolved: ResolvedBrowserConfig) {
|
||||||
return isLoopbackHost(resolved.controlHost);
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
export const DEFAULT_CLAWD_BROWSER_ENABLED = true;
|
export const DEFAULT_CLAWD_BROWSER_ENABLED = true;
|
||||||
export const DEFAULT_CLAWD_BROWSER_CONTROL_URL = "http://127.0.0.1:18791";
|
export const DEFAULT_BROWSER_EVALUATE_ENABLED = true;
|
||||||
export const DEFAULT_CLAWD_BROWSER_COLOR = "#FF4500";
|
export const DEFAULT_CLAWD_BROWSER_COLOR = "#FF4500";
|
||||||
export const DEFAULT_CLAWD_BROWSER_PROFILE_NAME = "clawd";
|
export const DEFAULT_CLAWD_BROWSER_PROFILE_NAME = "clawd";
|
||||||
export const DEFAULT_BROWSER_DEFAULT_PROFILE_NAME = "chrome";
|
export const DEFAULT_BROWSER_DEFAULT_PROFILE_NAME = "chrome";
|
||||||
|
|||||||
80
src/browser/control-service.ts
Normal file
80
src/browser/control-service.ts
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
import { loadConfig } from "../config/config.js";
|
||||||
|
import { createSubsystemLogger } from "../logging/subsystem.js";
|
||||||
|
import { resolveBrowserConfig, resolveProfile } from "./config.js";
|
||||||
|
import { ensureChromeExtensionRelayServer } from "./extension-relay.js";
|
||||||
|
import { type BrowserServerState, createBrowserRouteContext } from "./server-context.js";
|
||||||
|
|
||||||
|
let state: BrowserServerState | null = null;
|
||||||
|
const log = createSubsystemLogger("browser");
|
||||||
|
const logService = log.child("service");
|
||||||
|
|
||||||
|
export function getBrowserControlState(): BrowserServerState | null {
|
||||||
|
return state;
|
||||||
|
}
|
||||||
|
|
||||||
|
export function createBrowserControlContext() {
|
||||||
|
return createBrowserRouteContext({
|
||||||
|
getState: () => state,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
export async function startBrowserControlServiceFromConfig(): Promise<BrowserServerState | null> {
|
||||||
|
if (state) return state;
|
||||||
|
|
||||||
|
const cfg = loadConfig();
|
||||||
|
const resolved = resolveBrowserConfig(cfg.browser, cfg);
|
||||||
|
if (!resolved.enabled) return null;
|
||||||
|
|
||||||
|
state = {
|
||||||
|
server: null,
|
||||||
|
port: resolved.controlPort,
|
||||||
|
resolved,
|
||||||
|
profiles: new Map(),
|
||||||
|
};
|
||||||
|
|
||||||
|
// If any profile uses the Chrome extension relay, start the local relay server eagerly
|
||||||
|
// so the extension can connect before the first browser action.
|
||||||
|
for (const name of Object.keys(resolved.profiles)) {
|
||||||
|
const profile = resolveProfile(resolved, name);
|
||||||
|
if (!profile || profile.driver !== "extension") continue;
|
||||||
|
await ensureChromeExtensionRelayServer({ cdpUrl: profile.cdpUrl }).catch((err) => {
|
||||||
|
logService.warn(`Chrome extension relay init failed for profile "${name}": ${String(err)}`);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
logService.info(
|
||||||
|
`Browser control service ready (profiles=${Object.keys(resolved.profiles).length})`,
|
||||||
|
);
|
||||||
|
return state;
|
||||||
|
}
|
||||||
|
|
||||||
|
export async function stopBrowserControlService(): Promise<void> {
|
||||||
|
const current = state;
|
||||||
|
if (!current) return;
|
||||||
|
|
||||||
|
const ctx = createBrowserRouteContext({
|
||||||
|
getState: () => state,
|
||||||
|
});
|
||||||
|
|
||||||
|
try {
|
||||||
|
for (const name of Object.keys(current.resolved.profiles)) {
|
||||||
|
try {
|
||||||
|
await ctx.forProfile(name).stopRunningBrowser();
|
||||||
|
} catch {
|
||||||
|
// ignore
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} catch (err) {
|
||||||
|
logService.warn(`clawd browser stop failed: ${String(err)}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
state = null;
|
||||||
|
|
||||||
|
// Optional: Playwright is not always available (e.g. embedded gateway builds).
|
||||||
|
try {
|
||||||
|
const mod = await import("./pw-ai.js");
|
||||||
|
await mod.closePlaywrightBrowserConnection();
|
||||||
|
} catch {
|
||||||
|
// ignore
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -49,9 +49,7 @@ function createCtx(resolved: BrowserServerState["resolved"]) {
|
|||||||
|
|
||||||
describe("BrowserProfilesService", () => {
|
describe("BrowserProfilesService", () => {
|
||||||
it("allocates next local port for new profiles", async () => {
|
it("allocates next local port for new profiles", async () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({});
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
});
|
|
||||||
const { ctx, state } = createCtx(resolved);
|
const { ctx, state } = createCtx(resolved);
|
||||||
|
|
||||||
vi.mocked(loadConfig).mockReturnValue({ browser: { profiles: {} } });
|
vi.mocked(loadConfig).mockReturnValue({ browser: { profiles: {} } });
|
||||||
@ -66,9 +64,7 @@ describe("BrowserProfilesService", () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
it("accepts per-profile cdpUrl for remote Chrome", async () => {
|
it("accepts per-profile cdpUrl for remote Chrome", async () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({});
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
});
|
|
||||||
const { ctx } = createCtx(resolved);
|
const { ctx } = createCtx(resolved);
|
||||||
|
|
||||||
vi.mocked(loadConfig).mockReturnValue({ browser: { profiles: {} } });
|
vi.mocked(loadConfig).mockReturnValue({ browser: { profiles: {} } });
|
||||||
@ -97,7 +93,6 @@ describe("BrowserProfilesService", () => {
|
|||||||
|
|
||||||
it("deletes remote profiles without stopping or removing local data", async () => {
|
it("deletes remote profiles without stopping or removing local data", async () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
profiles: {
|
profiles: {
|
||||||
remote: { cdpUrl: "http://10.0.0.42:9222", color: "#0066CC" },
|
remote: { cdpUrl: "http://10.0.0.42:9222", color: "#0066CC" },
|
||||||
},
|
},
|
||||||
@ -124,7 +119,6 @@ describe("BrowserProfilesService", () => {
|
|||||||
|
|
||||||
it("deletes local profiles and moves data to Trash", async () => {
|
it("deletes local profiles and moves data to Trash", async () => {
|
||||||
const resolved = resolveBrowserConfig({
|
const resolved = resolveBrowserConfig({
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
profiles: {
|
profiles: {
|
||||||
work: { cdpPort: 18801, color: "#0066CC" },
|
work: { cdpPort: 18801, color: "#0066CC" },
|
||||||
},
|
},
|
||||||
|
|||||||
@ -1,5 +1,3 @@
|
|||||||
import type express from "express";
|
|
||||||
|
|
||||||
import type { BrowserFormField } from "../client-actions-core.js";
|
import type { BrowserFormField } from "../client-actions-core.js";
|
||||||
import type { BrowserRouteContext } from "../server-context.js";
|
import type { BrowserRouteContext } from "../server-context.js";
|
||||||
import {
|
import {
|
||||||
@ -16,8 +14,12 @@ import {
|
|||||||
SELECTOR_UNSUPPORTED_MESSAGE,
|
SELECTOR_UNSUPPORTED_MESSAGE,
|
||||||
} from "./agent.shared.js";
|
} from "./agent.shared.js";
|
||||||
import { jsonError, toBoolean, toNumber, toStringArray, toStringOrEmpty } from "./utils.js";
|
import { jsonError, toBoolean, toNumber, toStringArray, toStringOrEmpty } from "./utils.js";
|
||||||
|
import type { BrowserRouteRegistrar } from "./types.js";
|
||||||
|
|
||||||
export function registerBrowserAgentActRoutes(app: express.Express, ctx: BrowserRouteContext) {
|
export function registerBrowserAgentActRoutes(
|
||||||
|
app: BrowserRouteRegistrar,
|
||||||
|
ctx: BrowserRouteContext,
|
||||||
|
) {
|
||||||
app.post("/act", async (req, res) => {
|
app.post("/act", async (req, res) => {
|
||||||
const profileCtx = resolveProfileContext(req, res, ctx);
|
const profileCtx = resolveProfileContext(req, res, ctx);
|
||||||
if (!profileCtx) return;
|
if (!profileCtx) return;
|
||||||
@ -37,6 +39,7 @@ export function registerBrowserAgentActRoutes(app: express.Express, ctx: Browser
|
|||||||
const cdpUrl = profileCtx.profile.cdpUrl;
|
const cdpUrl = profileCtx.profile.cdpUrl;
|
||||||
const pw = await requirePwAi(res, `act:${kind}`);
|
const pw = await requirePwAi(res, `act:${kind}`);
|
||||||
if (!pw) return;
|
if (!pw) return;
|
||||||
|
const evaluateEnabled = ctx.state().resolved.evaluateEnabled;
|
||||||
|
|
||||||
switch (kind) {
|
switch (kind) {
|
||||||
case "click": {
|
case "click": {
|
||||||
@ -208,6 +211,16 @@ export function registerBrowserAgentActRoutes(app: express.Express, ctx: Browser
|
|||||||
: undefined;
|
: undefined;
|
||||||
const fn = toStringOrEmpty(body.fn) || undefined;
|
const fn = toStringOrEmpty(body.fn) || undefined;
|
||||||
const timeoutMs = toNumber(body.timeoutMs) ?? undefined;
|
const timeoutMs = toNumber(body.timeoutMs) ?? undefined;
|
||||||
|
if (fn && !evaluateEnabled) {
|
||||||
|
return jsonError(
|
||||||
|
res,
|
||||||
|
403,
|
||||||
|
[
|
||||||
|
"wait --fn is disabled by config (browser.evaluateEnabled=false).",
|
||||||
|
"Docs: /gateway/configuration#browser-clawd-managed-browser",
|
||||||
|
].join("\n"),
|
||||||
|
);
|
||||||
|
}
|
||||||
if (
|
if (
|
||||||
timeMs === undefined &&
|
timeMs === undefined &&
|
||||||
!text &&
|
!text &&
|
||||||
@ -238,6 +251,16 @@ export function registerBrowserAgentActRoutes(app: express.Express, ctx: Browser
|
|||||||
return res.json({ ok: true, targetId: tab.targetId });
|
return res.json({ ok: true, targetId: tab.targetId });
|
||||||
}
|
}
|
||||||
case "evaluate": {
|
case "evaluate": {
|
||||||
|
if (!evaluateEnabled) {
|
||||||
|
return jsonError(
|
||||||
|
res,
|
||||||
|
403,
|
||||||
|
[
|
||||||
|
"act:evaluate is disabled by config (browser.evaluateEnabled=false).",
|
||||||
|
"Docs: /gateway/configuration#browser-clawd-managed-browser",
|
||||||
|
].join("\n"),
|
||||||
|
);
|
||||||
|
}
|
||||||
const fn = toStringOrEmpty(body.fn);
|
const fn = toStringOrEmpty(body.fn);
|
||||||
if (!fn) return jsonError(res, 400, "fn is required");
|
if (!fn) return jsonError(res, 400, "fn is required");
|
||||||
const ref = toStringOrEmpty(body.ref) || undefined;
|
const ref = toStringOrEmpty(body.ref) || undefined;
|
||||||
|
|||||||
@ -2,13 +2,15 @@ import crypto from "node:crypto";
|
|||||||
import fs from "node:fs/promises";
|
import fs from "node:fs/promises";
|
||||||
import path from "node:path";
|
import path from "node:path";
|
||||||
|
|
||||||
import type express from "express";
|
|
||||||
|
|
||||||
import type { BrowserRouteContext } from "../server-context.js";
|
import type { BrowserRouteContext } from "../server-context.js";
|
||||||
import { handleRouteError, readBody, requirePwAi, resolveProfileContext } from "./agent.shared.js";
|
import { handleRouteError, readBody, requirePwAi, resolveProfileContext } from "./agent.shared.js";
|
||||||
import { toBoolean, toStringOrEmpty } from "./utils.js";
|
import { toBoolean, toStringOrEmpty } from "./utils.js";
|
||||||
|
import type { BrowserRouteRegistrar } from "./types.js";
|
||||||
|
|
||||||
export function registerBrowserAgentDebugRoutes(app: express.Express, ctx: BrowserRouteContext) {
|
export function registerBrowserAgentDebugRoutes(
|
||||||
|
app: BrowserRouteRegistrar,
|
||||||
|
ctx: BrowserRouteContext,
|
||||||
|
) {
|
||||||
app.get("/console", async (req, res) => {
|
app.get("/console", async (req, res) => {
|
||||||
const profileCtx = resolveProfileContext(req, res, ctx);
|
const profileCtx = resolveProfileContext(req, res, ctx);
|
||||||
if (!profileCtx) return;
|
if (!profileCtx) return;
|
||||||
|
|||||||
@ -1,9 +1,8 @@
|
|||||||
import type express from "express";
|
|
||||||
|
|
||||||
import type { BrowserRouteContext, ProfileContext } from "../server-context.js";
|
import type { BrowserRouteContext, ProfileContext } from "../server-context.js";
|
||||||
import type { PwAiModule } from "../pw-ai-module.js";
|
import type { PwAiModule } from "../pw-ai-module.js";
|
||||||
import { getPwAiModule as getPwAiModuleBase } from "../pw-ai-module.js";
|
import { getPwAiModule as getPwAiModuleBase } from "../pw-ai-module.js";
|
||||||
import { getProfileContext, jsonError } from "./utils.js";
|
import { getProfileContext, jsonError } from "./utils.js";
|
||||||
|
import type { BrowserRequest, BrowserResponse } from "./types.js";
|
||||||
|
|
||||||
export const SELECTOR_UNSUPPORTED_MESSAGE = [
|
export const SELECTOR_UNSUPPORTED_MESSAGE = [
|
||||||
"Error: 'selector' is not supported. Use 'ref' from snapshot instead.",
|
"Error: 'selector' is not supported. Use 'ref' from snapshot instead.",
|
||||||
@ -15,21 +14,21 @@ export const SELECTOR_UNSUPPORTED_MESSAGE = [
|
|||||||
"This is more reliable for modern SPAs.",
|
"This is more reliable for modern SPAs.",
|
||||||
].join("\n");
|
].join("\n");
|
||||||
|
|
||||||
export function readBody(req: express.Request): Record<string, unknown> {
|
export function readBody(req: BrowserRequest): Record<string, unknown> {
|
||||||
const body = req.body as Record<string, unknown> | undefined;
|
const body = req.body as Record<string, unknown> | undefined;
|
||||||
if (!body || typeof body !== "object" || Array.isArray(body)) return {};
|
if (!body || typeof body !== "object" || Array.isArray(body)) return {};
|
||||||
return body;
|
return body;
|
||||||
}
|
}
|
||||||
|
|
||||||
export function handleRouteError(ctx: BrowserRouteContext, res: express.Response, err: unknown) {
|
export function handleRouteError(ctx: BrowserRouteContext, res: BrowserResponse, err: unknown) {
|
||||||
const mapped = ctx.mapTabError(err);
|
const mapped = ctx.mapTabError(err);
|
||||||
if (mapped) return jsonError(res, mapped.status, mapped.message);
|
if (mapped) return jsonError(res, mapped.status, mapped.message);
|
||||||
jsonError(res, 500, String(err));
|
jsonError(res, 500, String(err));
|
||||||
}
|
}
|
||||||
|
|
||||||
export function resolveProfileContext(
|
export function resolveProfileContext(
|
||||||
req: express.Request,
|
req: BrowserRequest,
|
||||||
res: express.Response,
|
res: BrowserResponse,
|
||||||
ctx: BrowserRouteContext,
|
ctx: BrowserRouteContext,
|
||||||
): ProfileContext | null {
|
): ProfileContext | null {
|
||||||
const profileCtx = getProfileContext(req, ctx);
|
const profileCtx = getProfileContext(req, ctx);
|
||||||
@ -45,7 +44,7 @@ export async function getPwAiModule(): Promise<PwAiModule | null> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function requirePwAi(
|
export async function requirePwAi(
|
||||||
res: express.Response,
|
res: BrowserResponse,
|
||||||
feature: string,
|
feature: string,
|
||||||
): Promise<PwAiModule | null> {
|
): Promise<PwAiModule | null> {
|
||||||
const mod = await getPwAiModule();
|
const mod = await getPwAiModule();
|
||||||
|
|||||||
@ -1,7 +1,5 @@
|
|||||||
import path from "node:path";
|
import path from "node:path";
|
||||||
|
|
||||||
import type express from "express";
|
|
||||||
|
|
||||||
import { ensureMediaDir, saveMediaBuffer } from "../../media/store.js";
|
import { ensureMediaDir, saveMediaBuffer } from "../../media/store.js";
|
||||||
import { captureScreenshot, snapshotAria } from "../cdp.js";
|
import { captureScreenshot, snapshotAria } from "../cdp.js";
|
||||||
import {
|
import {
|
||||||
@ -23,8 +21,12 @@ import {
|
|||||||
resolveProfileContext,
|
resolveProfileContext,
|
||||||
} from "./agent.shared.js";
|
} from "./agent.shared.js";
|
||||||
import { jsonError, toBoolean, toNumber, toStringOrEmpty } from "./utils.js";
|
import { jsonError, toBoolean, toNumber, toStringOrEmpty } from "./utils.js";
|
||||||
|
import type { BrowserRouteRegistrar } from "./types.js";
|
||||||
|
|
||||||
export function registerBrowserAgentSnapshotRoutes(app: express.Express, ctx: BrowserRouteContext) {
|
export function registerBrowserAgentSnapshotRoutes(
|
||||||
|
app: BrowserRouteRegistrar,
|
||||||
|
ctx: BrowserRouteContext,
|
||||||
|
) {
|
||||||
app.post("/navigate", async (req, res) => {
|
app.post("/navigate", async (req, res) => {
|
||||||
const profileCtx = resolveProfileContext(req, res, ctx);
|
const profileCtx = resolveProfileContext(req, res, ctx);
|
||||||
if (!profileCtx) return;
|
if (!profileCtx) return;
|
||||||
|
|||||||
@ -1,10 +1,12 @@
|
|||||||
import type express from "express";
|
|
||||||
|
|
||||||
import type { BrowserRouteContext } from "../server-context.js";
|
import type { BrowserRouteContext } from "../server-context.js";
|
||||||
import { handleRouteError, readBody, requirePwAi, resolveProfileContext } from "./agent.shared.js";
|
import { handleRouteError, readBody, requirePwAi, resolveProfileContext } from "./agent.shared.js";
|
||||||
import { jsonError, toBoolean, toNumber, toStringOrEmpty } from "./utils.js";
|
import { jsonError, toBoolean, toNumber, toStringOrEmpty } from "./utils.js";
|
||||||
|
import type { BrowserRouteRegistrar } from "./types.js";
|
||||||
|
|
||||||
export function registerBrowserAgentStorageRoutes(app: express.Express, ctx: BrowserRouteContext) {
|
export function registerBrowserAgentStorageRoutes(
|
||||||
|
app: BrowserRouteRegistrar,
|
||||||
|
ctx: BrowserRouteContext,
|
||||||
|
) {
|
||||||
app.get("/cookies", async (req, res) => {
|
app.get("/cookies", async (req, res) => {
|
||||||
const profileCtx = resolveProfileContext(req, res, ctx);
|
const profileCtx = resolveProfileContext(req, res, ctx);
|
||||||
if (!profileCtx) return;
|
if (!profileCtx) return;
|
||||||
|
|||||||
@ -1,12 +1,11 @@
|
|||||||
import type express from "express";
|
|
||||||
|
|
||||||
import type { BrowserRouteContext } from "../server-context.js";
|
import type { BrowserRouteContext } from "../server-context.js";
|
||||||
import { registerBrowserAgentActRoutes } from "./agent.act.js";
|
import { registerBrowserAgentActRoutes } from "./agent.act.js";
|
||||||
import { registerBrowserAgentDebugRoutes } from "./agent.debug.js";
|
import { registerBrowserAgentDebugRoutes } from "./agent.debug.js";
|
||||||
import { registerBrowserAgentSnapshotRoutes } from "./agent.snapshot.js";
|
import { registerBrowserAgentSnapshotRoutes } from "./agent.snapshot.js";
|
||||||
import { registerBrowserAgentStorageRoutes } from "./agent.storage.js";
|
import { registerBrowserAgentStorageRoutes } from "./agent.storage.js";
|
||||||
|
import type { BrowserRouteRegistrar } from "./types.js";
|
||||||
|
|
||||||
export function registerBrowserAgentRoutes(app: express.Express, ctx: BrowserRouteContext) {
|
export function registerBrowserAgentRoutes(app: BrowserRouteRegistrar, ctx: BrowserRouteContext) {
|
||||||
registerBrowserAgentSnapshotRoutes(app, ctx);
|
registerBrowserAgentSnapshotRoutes(app, ctx);
|
||||||
registerBrowserAgentActRoutes(app, ctx);
|
registerBrowserAgentActRoutes(app, ctx);
|
||||||
registerBrowserAgentDebugRoutes(app, ctx);
|
registerBrowserAgentDebugRoutes(app, ctx);
|
||||||
|
|||||||
@ -1,11 +1,10 @@
|
|||||||
import type express from "express";
|
|
||||||
|
|
||||||
import { resolveBrowserExecutableForPlatform } from "../chrome.executables.js";
|
import { resolveBrowserExecutableForPlatform } from "../chrome.executables.js";
|
||||||
import { createBrowserProfilesService } from "../profiles-service.js";
|
import { createBrowserProfilesService } from "../profiles-service.js";
|
||||||
import type { BrowserRouteContext } from "../server-context.js";
|
import type { BrowserRouteContext } from "../server-context.js";
|
||||||
import { getProfileContext, jsonError, toStringOrEmpty } from "./utils.js";
|
import { getProfileContext, jsonError, toStringOrEmpty } from "./utils.js";
|
||||||
|
import type { BrowserRouteRegistrar } from "./types.js";
|
||||||
|
|
||||||
export function registerBrowserBasicRoutes(app: express.Express, ctx: BrowserRouteContext) {
|
export function registerBrowserBasicRoutes(app: BrowserRouteRegistrar, ctx: BrowserRouteContext) {
|
||||||
// List all profiles with their status
|
// List all profiles with their status
|
||||||
app.get("/profiles", async (_req, res) => {
|
app.get("/profiles", async (_req, res) => {
|
||||||
try {
|
try {
|
||||||
@ -53,7 +52,6 @@ export function registerBrowserBasicRoutes(app: express.Express, ctx: BrowserRou
|
|||||||
|
|
||||||
res.json({
|
res.json({
|
||||||
enabled: current.resolved.enabled,
|
enabled: current.resolved.enabled,
|
||||||
controlUrl: current.resolved.controlUrl,
|
|
||||||
profile: profileCtx.profile.name,
|
profile: profileCtx.profile.name,
|
||||||
running: cdpReady,
|
running: cdpReady,
|
||||||
cdpReady,
|
cdpReady,
|
||||||
|
|||||||
122
src/browser/routes/dispatcher.ts
Normal file
122
src/browser/routes/dispatcher.ts
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
import type { BrowserRouteContext } from "../server-context.js";
|
||||||
|
import { registerBrowserRoutes } from "./index.js";
|
||||||
|
import type { BrowserRequest, BrowserResponse, BrowserRouteRegistrar } from "./types.js";
|
||||||
|
|
||||||
|
type BrowserDispatchRequest = {
|
||||||
|
method: "GET" | "POST" | "DELETE";
|
||||||
|
path: string;
|
||||||
|
query?: Record<string, unknown>;
|
||||||
|
body?: unknown;
|
||||||
|
};
|
||||||
|
|
||||||
|
type BrowserDispatchResponse = {
|
||||||
|
status: number;
|
||||||
|
body: unknown;
|
||||||
|
};
|
||||||
|
|
||||||
|
type RouteEntry = {
|
||||||
|
method: BrowserDispatchRequest["method"];
|
||||||
|
path: string;
|
||||||
|
regex: RegExp;
|
||||||
|
paramNames: string[];
|
||||||
|
handler: (req: BrowserRequest, res: BrowserResponse) => void | Promise<void>;
|
||||||
|
};
|
||||||
|
|
||||||
|
function escapeRegex(value: string) {
|
||||||
|
return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
|
||||||
|
}
|
||||||
|
|
||||||
|
function compileRoute(path: string): { regex: RegExp; paramNames: string[] } {
|
||||||
|
const paramNames: string[] = [];
|
||||||
|
const parts = path.split("/").map((part) => {
|
||||||
|
if (part.startsWith(":")) {
|
||||||
|
const name = part.slice(1);
|
||||||
|
paramNames.push(name);
|
||||||
|
return "([^/]+)";
|
||||||
|
}
|
||||||
|
return escapeRegex(part);
|
||||||
|
});
|
||||||
|
return { regex: new RegExp(`^${parts.join("/")}$`), paramNames };
|
||||||
|
}
|
||||||
|
|
||||||
|
function createRegistry() {
|
||||||
|
const routes: RouteEntry[] = [];
|
||||||
|
const register =
|
||||||
|
(method: RouteEntry["method"]) => (path: string, handler: RouteEntry["handler"]) => {
|
||||||
|
const { regex, paramNames } = compileRoute(path);
|
||||||
|
routes.push({ method, path, regex, paramNames, handler });
|
||||||
|
};
|
||||||
|
const router: BrowserRouteRegistrar = {
|
||||||
|
get: register("GET"),
|
||||||
|
post: register("POST"),
|
||||||
|
delete: register("DELETE"),
|
||||||
|
};
|
||||||
|
return { routes, router };
|
||||||
|
}
|
||||||
|
|
||||||
|
function normalizePath(path: string) {
|
||||||
|
if (!path) return "/";
|
||||||
|
return path.startsWith("/") ? path : `/${path}`;
|
||||||
|
}
|
||||||
|
|
||||||
|
export function createBrowserRouteDispatcher(ctx: BrowserRouteContext) {
|
||||||
|
const registry = createRegistry();
|
||||||
|
registerBrowserRoutes(registry.router, ctx);
|
||||||
|
|
||||||
|
return {
|
||||||
|
dispatch: async (req: BrowserDispatchRequest): Promise<BrowserDispatchResponse> => {
|
||||||
|
const method = req.method;
|
||||||
|
const path = normalizePath(req.path);
|
||||||
|
const query = req.query ?? {};
|
||||||
|
const body = req.body;
|
||||||
|
|
||||||
|
const match = registry.routes.find((route) => {
|
||||||
|
if (route.method !== method) return false;
|
||||||
|
return route.regex.test(path);
|
||||||
|
});
|
||||||
|
if (!match) {
|
||||||
|
return { status: 404, body: { error: "Not Found" } };
|
||||||
|
}
|
||||||
|
|
||||||
|
const exec = match.regex.exec(path);
|
||||||
|
const params: Record<string, string> = {};
|
||||||
|
if (exec) {
|
||||||
|
for (const [idx, name] of match.paramNames.entries()) {
|
||||||
|
const value = exec[idx + 1];
|
||||||
|
if (typeof value === "string") {
|
||||||
|
params[name] = decodeURIComponent(value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let status = 200;
|
||||||
|
let payload: unknown = undefined;
|
||||||
|
const res: BrowserResponse = {
|
||||||
|
status(code) {
|
||||||
|
status = code;
|
||||||
|
return res;
|
||||||
|
},
|
||||||
|
json(bodyValue) {
|
||||||
|
payload = bodyValue;
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
try {
|
||||||
|
await match.handler(
|
||||||
|
{
|
||||||
|
params,
|
||||||
|
query,
|
||||||
|
body,
|
||||||
|
},
|
||||||
|
res,
|
||||||
|
);
|
||||||
|
} catch (err) {
|
||||||
|
return { status: 500, body: { error: String(err) } };
|
||||||
|
}
|
||||||
|
|
||||||
|
return { status, body: payload };
|
||||||
|
},
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
export type { BrowserDispatchRequest, BrowserDispatchResponse };
|
||||||
@ -1,11 +1,10 @@
|
|||||||
import type express from "express";
|
|
||||||
|
|
||||||
import type { BrowserRouteContext } from "../server-context.js";
|
import type { BrowserRouteContext } from "../server-context.js";
|
||||||
import { registerBrowserAgentRoutes } from "./agent.js";
|
import { registerBrowserAgentRoutes } from "./agent.js";
|
||||||
import { registerBrowserBasicRoutes } from "./basic.js";
|
import { registerBrowserBasicRoutes } from "./basic.js";
|
||||||
import { registerBrowserTabRoutes } from "./tabs.js";
|
import { registerBrowserTabRoutes } from "./tabs.js";
|
||||||
|
import type { BrowserRouteRegistrar } from "./types.js";
|
||||||
|
|
||||||
export function registerBrowserRoutes(app: express.Express, ctx: BrowserRouteContext) {
|
export function registerBrowserRoutes(app: BrowserRouteRegistrar, ctx: BrowserRouteContext) {
|
||||||
registerBrowserBasicRoutes(app, ctx);
|
registerBrowserBasicRoutes(app, ctx);
|
||||||
registerBrowserTabRoutes(app, ctx);
|
registerBrowserTabRoutes(app, ctx);
|
||||||
registerBrowserAgentRoutes(app, ctx);
|
registerBrowserAgentRoutes(app, ctx);
|
||||||
|
|||||||
@ -1,9 +1,8 @@
|
|||||||
import type express from "express";
|
|
||||||
|
|
||||||
import type { BrowserRouteContext } from "../server-context.js";
|
import type { BrowserRouteContext } from "../server-context.js";
|
||||||
import { getProfileContext, jsonError, toNumber, toStringOrEmpty } from "./utils.js";
|
import { getProfileContext, jsonError, toNumber, toStringOrEmpty } from "./utils.js";
|
||||||
|
import type { BrowserRouteRegistrar } from "./types.js";
|
||||||
|
|
||||||
export function registerBrowserTabRoutes(app: express.Express, ctx: BrowserRouteContext) {
|
export function registerBrowserTabRoutes(app: BrowserRouteRegistrar, ctx: BrowserRouteContext) {
|
||||||
app.get("/tabs", async (req, res) => {
|
app.get("/tabs", async (req, res) => {
|
||||||
const profileCtx = getProfileContext(req, ctx);
|
const profileCtx = getProfileContext(req, ctx);
|
||||||
if ("error" in profileCtx) return jsonError(res, profileCtx.status, profileCtx.error);
|
if ("error" in profileCtx) return jsonError(res, profileCtx.status, profileCtx.error);
|
||||||
|
|||||||
21
src/browser/routes/types.ts
Normal file
21
src/browser/routes/types.ts
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
export type BrowserRequest = {
|
||||||
|
params: Record<string, string>;
|
||||||
|
query: Record<string, unknown>;
|
||||||
|
body?: unknown;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type BrowserResponse = {
|
||||||
|
status: (code: number) => BrowserResponse;
|
||||||
|
json: (body: unknown) => void;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type BrowserRouteHandler = (
|
||||||
|
req: BrowserRequest,
|
||||||
|
res: BrowserResponse,
|
||||||
|
) => void | Promise<void>;
|
||||||
|
|
||||||
|
export type BrowserRouteRegistrar = {
|
||||||
|
get: (path: string, handler: BrowserRouteHandler) => void;
|
||||||
|
post: (path: string, handler: BrowserRouteHandler) => void;
|
||||||
|
delete: (path: string, handler: BrowserRouteHandler) => void;
|
||||||
|
};
|
||||||
@ -1,14 +1,13 @@
|
|||||||
import type express from "express";
|
|
||||||
|
|
||||||
import type { BrowserRouteContext, ProfileContext } from "../server-context.js";
|
import type { BrowserRouteContext, ProfileContext } from "../server-context.js";
|
||||||
import { parseBooleanValue } from "../../utils/boolean.js";
|
import { parseBooleanValue } from "../../utils/boolean.js";
|
||||||
|
import type { BrowserRequest, BrowserResponse } from "./types.js";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Extract profile name from query string or body and get profile context.
|
* Extract profile name from query string or body and get profile context.
|
||||||
* Query string takes precedence over body for consistency with GET routes.
|
* Query string takes precedence over body for consistency with GET routes.
|
||||||
*/
|
*/
|
||||||
export function getProfileContext(
|
export function getProfileContext(
|
||||||
req: express.Request,
|
req: BrowserRequest,
|
||||||
ctx: BrowserRouteContext,
|
ctx: BrowserRouteContext,
|
||||||
): ProfileContext | { error: string; status: number } {
|
): ProfileContext | { error: string; status: number } {
|
||||||
let profileName: string | undefined;
|
let profileName: string | undefined;
|
||||||
@ -33,7 +32,7 @@ export function getProfileContext(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export function jsonError(res: express.Response, status: number, message: string) {
|
export function jsonError(res: BrowserResponse, status: number, message: string) {
|
||||||
res.status(status).json({ error: message });
|
res.status(status).json({ error: message });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -62,8 +62,6 @@ describe("browser server-context ensureTabAvailable", () => {
|
|||||||
port: 0,
|
port: 0,
|
||||||
resolved: {
|
resolved: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
controlHost: "127.0.0.1",
|
|
||||||
controlPort: 18791,
|
controlPort: 18791,
|
||||||
cdpProtocol: "http",
|
cdpProtocol: "http",
|
||||||
cdpHost: "127.0.0.1",
|
cdpHost: "127.0.0.1",
|
||||||
@ -121,8 +119,6 @@ describe("browser server-context ensureTabAvailable", () => {
|
|||||||
port: 0,
|
port: 0,
|
||||||
resolved: {
|
resolved: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
controlHost: "127.0.0.1",
|
|
||||||
controlPort: 18791,
|
controlPort: 18791,
|
||||||
cdpProtocol: "http",
|
cdpProtocol: "http",
|
||||||
cdpHost: "127.0.0.1",
|
cdpHost: "127.0.0.1",
|
||||||
@ -170,8 +166,6 @@ describe("browser server-context ensureTabAvailable", () => {
|
|||||||
port: 0,
|
port: 0,
|
||||||
resolved: {
|
resolved: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
controlHost: "127.0.0.1",
|
|
||||||
controlPort: 18791,
|
controlPort: 18791,
|
||||||
cdpProtocol: "http",
|
cdpProtocol: "http",
|
||||||
cdpHost: "127.0.0.1",
|
cdpHost: "127.0.0.1",
|
||||||
|
|||||||
@ -21,8 +21,6 @@ function makeState(
|
|||||||
port: 0,
|
port: 0,
|
||||||
resolved: {
|
resolved: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
controlUrl: "http://127.0.0.1:18791",
|
|
||||||
controlHost: "127.0.0.1",
|
|
||||||
controlPort: 18791,
|
controlPort: 18791,
|
||||||
cdpProtocol: profile === "remote" ? "https" : "http",
|
cdpProtocol: profile === "remote" ? "https" : "http",
|
||||||
cdpHost: profile === "remote" ? "browserless.example" : "127.0.0.1",
|
cdpHost: profile === "remote" ? "browserless.example" : "127.0.0.1",
|
||||||
|
|||||||
@ -17,7 +17,7 @@ export type ProfileRuntimeState = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
export type BrowserServerState = {
|
export type BrowserServerState = {
|
||||||
server: Server;
|
server?: Server | null;
|
||||||
port: number;
|
port: number;
|
||||||
resolved: ResolvedBrowserConfig;
|
resolved: ResolvedBrowserConfig;
|
||||||
profiles: Map<string, ProfileRuntimeState>;
|
profiles: Map<string, ProfileRuntimeState>;
|
||||||
|
|||||||
@ -7,7 +7,9 @@ let testPort = 0;
|
|||||||
let cdpBaseUrl = "";
|
let cdpBaseUrl = "";
|
||||||
let reachable = false;
|
let reachable = false;
|
||||||
let cfgAttachOnly = false;
|
let cfgAttachOnly = false;
|
||||||
|
let cfgEvaluateEnabled = true;
|
||||||
let createTargetId: string | null = null;
|
let createTargetId: string | null = null;
|
||||||
|
let prevGatewayPort: string | undefined;
|
||||||
|
|
||||||
const cdpMocks = vi.hoisted(() => ({
|
const cdpMocks = vi.hoisted(() => ({
|
||||||
createTargetViaCdp: vi.fn(async () => {
|
createTargetViaCdp: vi.fn(async () => {
|
||||||
@ -88,7 +90,7 @@ vi.mock("../config/config.js", async (importOriginal) => {
|
|||||||
loadConfig: () => ({
|
loadConfig: () => ({
|
||||||
browser: {
|
browser: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
controlUrl: `http://127.0.0.1:${testPort}`,
|
evaluateEnabled: cfgEvaluateEnabled,
|
||||||
color: "#FF4500",
|
color: "#FF4500",
|
||||||
attachOnly: cfgAttachOnly,
|
attachOnly: cfgAttachOnly,
|
||||||
headless: true,
|
headless: true,
|
||||||
@ -185,6 +187,7 @@ describe("browser control server", () => {
|
|||||||
beforeEach(async () => {
|
beforeEach(async () => {
|
||||||
reachable = false;
|
reachable = false;
|
||||||
cfgAttachOnly = false;
|
cfgAttachOnly = false;
|
||||||
|
cfgEvaluateEnabled = true;
|
||||||
createTargetId = null;
|
createTargetId = null;
|
||||||
|
|
||||||
cdpMocks.createTargetViaCdp.mockImplementation(async () => {
|
cdpMocks.createTargetViaCdp.mockImplementation(async () => {
|
||||||
@ -197,6 +200,8 @@ describe("browser control server", () => {
|
|||||||
|
|
||||||
testPort = await getFreePort();
|
testPort = await getFreePort();
|
||||||
cdpBaseUrl = `http://127.0.0.1:${testPort + 1}`;
|
cdpBaseUrl = `http://127.0.0.1:${testPort + 1}`;
|
||||||
|
prevGatewayPort = process.env.CLAWDBOT_GATEWAY_PORT;
|
||||||
|
process.env.CLAWDBOT_GATEWAY_PORT = String(testPort - 2);
|
||||||
|
|
||||||
// Minimal CDP JSON endpoints used by the server.
|
// Minimal CDP JSON endpoints used by the server.
|
||||||
let putNewCalls = 0;
|
let putNewCalls = 0;
|
||||||
@ -248,6 +253,11 @@ describe("browser control server", () => {
|
|||||||
afterEach(async () => {
|
afterEach(async () => {
|
||||||
vi.unstubAllGlobals();
|
vi.unstubAllGlobals();
|
||||||
vi.restoreAllMocks();
|
vi.restoreAllMocks();
|
||||||
|
if (prevGatewayPort === undefined) {
|
||||||
|
delete process.env.CLAWDBOT_GATEWAY_PORT;
|
||||||
|
} else {
|
||||||
|
process.env.CLAWDBOT_GATEWAY_PORT = prevGatewayPort;
|
||||||
|
}
|
||||||
const { stopBrowserControlServer } = await import("./server.js");
|
const { stopBrowserControlServer } = await import("./server.js");
|
||||||
await stopBrowserControlServer();
|
await stopBrowserControlServer();
|
||||||
});
|
});
|
||||||
@ -342,6 +352,30 @@ describe("browser control server", () => {
|
|||||||
slowTimeoutMs,
|
slowTimeoutMs,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
it(
|
||||||
|
"blocks act:evaluate when browser.evaluateEnabled=false",
|
||||||
|
async () => {
|
||||||
|
cfgEvaluateEnabled = false;
|
||||||
|
const base = await startServerAndBase();
|
||||||
|
|
||||||
|
const waitRes = (await postJson(`${base}/act`, {
|
||||||
|
kind: "wait",
|
||||||
|
fn: "() => window.ready === true",
|
||||||
|
})) as { error?: string };
|
||||||
|
expect(waitRes.error).toContain("browser.evaluateEnabled=false");
|
||||||
|
expect(pwMocks.waitForViaPlaywright).not.toHaveBeenCalled();
|
||||||
|
|
||||||
|
const res = (await postJson(`${base}/act`, {
|
||||||
|
kind: "evaluate",
|
||||||
|
fn: "() => 1",
|
||||||
|
})) as { error?: string };
|
||||||
|
|
||||||
|
expect(res.error).toContain("browser.evaluateEnabled=false");
|
||||||
|
expect(pwMocks.evaluateViaPlaywright).not.toHaveBeenCalled();
|
||||||
|
},
|
||||||
|
slowTimeoutMs,
|
||||||
|
);
|
||||||
|
|
||||||
it("agent contract: hooks + response + downloads + screenshot", async () => {
|
it("agent contract: hooks + response + downloads + screenshot", async () => {
|
||||||
const base = await startServerAndBase();
|
const base = await startServerAndBase();
|
||||||
|
|
||||||
|
|||||||
@ -9,6 +9,7 @@ let cdpBaseUrl = "";
|
|||||||
let reachable = false;
|
let reachable = false;
|
||||||
let cfgAttachOnly = false;
|
let cfgAttachOnly = false;
|
||||||
let createTargetId: string | null = null;
|
let createTargetId: string | null = null;
|
||||||
|
let prevGatewayPort: string | undefined;
|
||||||
|
|
||||||
const cdpMocks = vi.hoisted(() => ({
|
const cdpMocks = vi.hoisted(() => ({
|
||||||
createTargetViaCdp: vi.fn(async () => {
|
createTargetViaCdp: vi.fn(async () => {
|
||||||
@ -89,7 +90,6 @@ vi.mock("../config/config.js", async (importOriginal) => {
|
|||||||
loadConfig: () => ({
|
loadConfig: () => ({
|
||||||
browser: {
|
browser: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
controlUrl: `http://127.0.0.1:${testPort}`,
|
|
||||||
color: "#FF4500",
|
color: "#FF4500",
|
||||||
attachOnly: cfgAttachOnly,
|
attachOnly: cfgAttachOnly,
|
||||||
headless: true,
|
headless: true,
|
||||||
@ -198,6 +198,8 @@ describe("browser control server", () => {
|
|||||||
|
|
||||||
testPort = await getFreePort();
|
testPort = await getFreePort();
|
||||||
cdpBaseUrl = `http://127.0.0.1:${testPort + 1}`;
|
cdpBaseUrl = `http://127.0.0.1:${testPort + 1}`;
|
||||||
|
prevGatewayPort = process.env.CLAWDBOT_GATEWAY_PORT;
|
||||||
|
process.env.CLAWDBOT_GATEWAY_PORT = String(testPort - 2);
|
||||||
|
|
||||||
// Minimal CDP JSON endpoints used by the server.
|
// Minimal CDP JSON endpoints used by the server.
|
||||||
let putNewCalls = 0;
|
let putNewCalls = 0;
|
||||||
@ -249,6 +251,11 @@ describe("browser control server", () => {
|
|||||||
afterEach(async () => {
|
afterEach(async () => {
|
||||||
vi.unstubAllGlobals();
|
vi.unstubAllGlobals();
|
||||||
vi.restoreAllMocks();
|
vi.restoreAllMocks();
|
||||||
|
if (prevGatewayPort === undefined) {
|
||||||
|
delete process.env.CLAWDBOT_GATEWAY_PORT;
|
||||||
|
} else {
|
||||||
|
process.env.CLAWDBOT_GATEWAY_PORT = prevGatewayPort;
|
||||||
|
}
|
||||||
const { stopBrowserControlServer } = await import("./server.js");
|
const { stopBrowserControlServer } = await import("./server.js");
|
||||||
await stopBrowserControlServer();
|
await stopBrowserControlServer();
|
||||||
});
|
});
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user