@agenticmail/enterprise 0.5.422 → 0.5.424

package/dist/browser-tool-SADIVYCE.js

@@ -0,0 +1,1136 @@
+import {
+  createBrowserRouteContext
+} from "./chunk-HHP5PRXW.js";
+import {
+  registerBrowserRoutes
+} from "./chunk-JGTRHXPL.js";
+import {
+  resolveBrowserConfig,
+  resolveProfile
+} from "./chunk-GKJU25QA.js";
+import {
+  DEFAULT_AI_SNAPSHOT_MAX_CHARS,
+  ensureChromeExtensionRelayServer
+} from "./chunk-PB4RGLMS.js";
+import {
+  DEFAULT_UPLOAD_DIR,
+  createSubsystemLogger,
+  ensureGatewayStartupAuth,
+  escapeRegExp,
+  formatCliCommand,
+  loadConfig,
+  resolveGatewayAuth,
+  resolvePathsWithinRoot,
+  wrapExternalContent
+} from "./chunk-A3PUJDNH.js";
+import {
+  imageResultFromFile,
+  jsonResult,
+  readStringParam
+} from "./chunk-ZB3VC2MR.js";
+import "./chunk-KFQGP6VL.js";
+
+// src/browser/client-actions-url.ts
+function buildProfileQuery(profile) {
+  return profile ? `?profile=${encodeURIComponent(profile)}` : "";
+}
+function withBaseUrl(baseUrl, path) {
+  const trimmed = baseUrl?.trim();
+  if (!trimmed) {
+    return path;
+  }
+  return `${trimmed.replace(/\/$/, "")}${path}`;
+}
+
+// src/browser/bridge-auth-registry.ts
+var authByPort = /* @__PURE__ */ new Map();
+function getBridgeAuthForPort(port) {
+  if (!Number.isFinite(port) || port <= 0) {
+    return void 0;
+  }
+  return authByPort.get(port);
+}
+
+// src/browser/control-auth.ts
+function resolveBrowserControlAuth(cfg, env = process.env) {
+  const auth = resolveGatewayAuth({
+    authConfig: cfg?.gateway?.auth,
+    env,
+    tailscaleMode: cfg?.gateway?.tailscale?.mode
+  });
+  const token = typeof auth?.token === "string" ? auth.token.trim() : "";
+  const password = typeof auth?.password === "string" ? auth.password.trim() : "";
+  return {
+    token: token || void 0,
+    password: password || void 0
+  };
+}
+function shouldAutoGenerateBrowserAuth(env) {
+  const nodeEnv = (env.NODE_ENV ?? "").trim().toLowerCase();
+  if (nodeEnv === "test") {
+    return false;
+  }
+  const vitest = (env.VITEST ?? "").trim().toLowerCase();
+  if (vitest && vitest !== "0" && vitest !== "false" && vitest !== "off") {
+    return false;
+  }
+  return true;
+}
+async function ensureBrowserControlAuth(params) {
+  const env = params.env ?? process.env;
+  const auth = resolveBrowserControlAuth(params.cfg, env);
+  if (auth.token || auth.password) {
+    return { auth };
+  }
+  if (!shouldAutoGenerateBrowserAuth(env)) {
+    return { auth };
+  }
+  if (params.cfg.gateway?.auth?.mode === "password") {
+    return { auth };
+  }
+  if (params.cfg.gateway?.auth?.mode === "none") {
+    return { auth };
+  }
+  if (params.cfg.gateway?.auth?.mode === "trusted-proxy") {
+    return { auth };
+  }
+  const latestCfg = loadConfig();
+  const latestAuth = resolveBrowserControlAuth(latestCfg, env);
+  if (latestAuth.token || latestAuth.password) {
+    return { auth: latestAuth };
+  }
+  if (latestCfg.gateway?.auth?.mode === "password") {
+    return { auth: latestAuth };
+  }
+  if (latestCfg.gateway?.auth?.mode === "none") {
+    return { auth: latestAuth };
+  }
+  if (latestCfg.gateway?.auth?.mode === "trusted-proxy") {
+    return { auth: latestAuth };
+  }
+  const ensured = await ensureGatewayStartupAuth({
+    cfg: latestCfg,
+    env,
+    persist: true
+  });
+  const ensuredAuth = resolveBrowserControlAuth(ensured.cfg, env);
+  return {
+    auth: ensuredAuth,
+    generatedToken: ensured.generatedToken
+  };
+}
+
+// src/browser/server-lifecycle.ts
+async function ensureExtensionRelayForProfiles(params) {
+  for (const name of Object.keys(params.resolved.profiles)) {
+    const profile = resolveProfile(params.resolved, name);
+    if (!profile || profile.driver !== "extension") {
+      continue;
+    }
+    await ensureChromeExtensionRelayServer({ cdpUrl: profile.cdpUrl }).catch((err) => {
+      params.onWarn(`Chrome extension relay init failed for profile "${name}": ${String(err)}`);
+    });
+  }
+}
+
+// src/browser/control-service.ts
+var state = null;
+var log = createSubsystemLogger("browser");
+var logService = log.child("service");
+function createBrowserControlContext() {
+  return createBrowserRouteContext({
+    getState: () => state,
+    refreshConfigFromDisk: true
+  });
+}
+async function startBrowserControlServiceFromConfig() {
+  if (state) {
+    return state;
+  }
+  const cfg = loadConfig();
+  const resolved = resolveBrowserConfig(cfg.browser, cfg);
+  if (!resolved.enabled) {
+    return null;
+  }
+  try {
+    const ensured = await ensureBrowserControlAuth({ cfg });
+    if (ensured.generatedToken) {
+      logService.info("No browser auth configured; generated gateway.auth.token automatically.");
+    }
+  } catch (err) {
+    logService.warn(`failed to auto-configure browser auth: ${String(err)}`);
+  }
+  state = {
+    server: null,
+    port: resolved.controlPort,
+    resolved,
+    profiles: /* @__PURE__ */ new Map()
+  };
+  await ensureExtensionRelayForProfiles({
+    resolved,
+    onWarn: (message) => logService.warn(message)
+  });
+  logService.info(
+    `Browser control service ready (profiles=${Object.keys(resolved.profiles).length})`
+  );
+  return state;
+}
+
+// src/browser/routes/dispatcher.ts
+function compileRoute(path) {
+  const paramNames = [];
+  const parts = path.split("/").map((part) => {
+    if (part.startsWith(":")) {
+      const name = part.slice(1);
+      paramNames.push(name);
+      return "([^/]+)";
+    }
+    return escapeRegExp(part);
+  });
+  return { regex: new RegExp(`^${parts.join("/")}$`), paramNames };
+}
+function createRegistry() {
+  const routes = [];
+  const register = (method) => (path, handler) => {
+    const { regex, paramNames } = compileRoute(path);
+    routes.push({ method, path, regex, paramNames, handler });
+  };
+  const router = {
+    get: register("GET"),
+    post: register("POST"),
+    delete: register("DELETE")
+  };
+  return { routes, router };
+}
+function normalizePath(path) {
+  if (!path) {
+    return "/";
+  }
+  return path.startsWith("/") ? path : `/${path}`;
+}
+function createBrowserRouteDispatcher(ctx) {
+  const registry = createRegistry();
+  registerBrowserRoutes(registry.router, ctx);
+  return {
+    dispatch: async (req) => {
+      const method = req.method;
+      const path = normalizePath(req.path);
+      const query = req.query ?? {};
+      const body = req.body;
+      const signal = req.signal;
+      const match = registry.routes.find((route) => {
+        if (route.method !== method) {
+          return false;
+        }
+        return route.regex.test(path);
+      });
+      if (!match) {
+        return { status: 404, body: { error: "Not Found" } };
+      }
+      const exec = match.regex.exec(path);
+      const params = {};
+      if (exec) {
+        for (const [idx, name] of match.paramNames.entries()) {
+          const value = exec[idx + 1];
+          if (typeof value === "string") {
+            params[name] = decodeURIComponent(value);
+          }
+        }
+      }
+      let status = 200;
+      let payload = void 0;
+      const res = {
+        status(code) {
+          status = code;
+          return res;
+        },
+        json(bodyValue) {
+          payload = bodyValue;
+        }
+      };
+      try {
+        await match.handler(
+          {
+            params,
+            query,
+            body,
+            signal
+          },
+          res
+        );
+      } catch (err) {
+        return { status: 500, body: { error: String(err) } };
+      }
+      return { status, body: payload };
+    }
+  };
+}
+
+// src/browser/client-fetch.ts
+function isAbsoluteHttp(url) {
+  return /^https?:\/\//i.test(url.trim());
+}
+function isLoopbackHttpUrl(url) {
+  try {
+    const host = new URL(url).hostname.trim().toLowerCase();
+    const normalizedHost = host.startsWith("[") && host.endsWith("]") ? host.slice(1, -1) : host;
+    return normalizedHost === "127.0.0.1" || normalizedHost === "localhost" || normalizedHost === "::1";
+  } catch {
+    return false;
+  }
+}
+function withLoopbackBrowserAuthImpl(url, init, deps) {
+  const headers = new Headers(init?.headers ?? {});
+  if (headers.has("authorization") || headers.has("x-agenticmail-password")) {
+    return { ...init, headers };
+  }
+  if (!isLoopbackHttpUrl(url)) {
+    return { ...init, headers };
+  }
+  try {
+    const cfg = deps.loadConfig();
+    const auth = deps.resolveBrowserControlAuth(cfg);
+    if (auth.token) {
+      headers.set("Authorization", `Bearer ${auth.token}`);
+      return { ...init, headers };
+    }
+    if (auth.password) {
+      headers.set("x-agenticmail-password", auth.password);
+      return { ...init, headers };
+    }
+  } catch {
+  }
+  try {
+    const parsed = new URL(url);
+    const port = parsed.port && Number.parseInt(parsed.port, 10) > 0 ? Number.parseInt(parsed.port, 10) : parsed.protocol === "https:" ? 443 : 80;
+    const bridgeAuth = deps.getBridgeAuthForPort(port);
+    if (bridgeAuth?.token) {
+      headers.set("Authorization", `Bearer ${bridgeAuth.token}`);
+    } else if (bridgeAuth?.password) {
+      headers.set("x-agenticmail-password", bridgeAuth.password);
+    }
+  } catch {
+  }
+  return { ...init, headers };
+}
+function withLoopbackBrowserAuth(url, init) {
+  return withLoopbackBrowserAuthImpl(url, init, {
+    loadConfig,
+    resolveBrowserControlAuth,
+    getBridgeAuthForPort
+  });
+}
+var consecutiveBrowserErrors = 0;
+var MAX_TRANSIENT_ERRORS = 2;
+function resetBrowserErrorCount() {
+  consecutiveBrowserErrors = 0;
+}
+function enhanceBrowserFetchError(url, err, timeoutMs) {
+  consecutiveBrowserErrors += 1;
+  const isLocal = !isAbsoluteHttp(url);
+  const msg = String(err);
+  const msgLower = msg.toLowerCase();
+  const looksLikeTimeout = msgLower.includes("timed out") || msgLower.includes("timeout") || msgLower.includes("aborted") || msgLower.includes("abort") || msgLower.includes("aborterror");
+  if (consecutiveBrowserErrors <= MAX_TRANSIENT_ERRORS) {
+    const retryHint = "This may be a transient browser connection issue. You can retry once \u2014 if it fails again, stop and inform the user.";
+    if (looksLikeTimeout) {
+      return new Error(
+        `Browser timed out after ${timeoutMs}ms. ${retryHint}`
+      );
+    }
+    return new Error(
+      `Browser connection error: ${msg}. ${retryHint}`
+    );
+  }
+  const operatorHint = isLocal ? `Restart the AgenticMail gateway (AgenticMail.app menubar, or \`${formatCliCommand("agenticmail gateway")}\`).` : "If this is a sandboxed session, ensure the sandbox browser is running.";
+  const modelHint = "Do NOT retry the browser tool \u2014 it will keep failing. Use an alternative approach or inform the user that the browser is currently unavailable.";
+  if (looksLikeTimeout) {
+    return new Error(
+      `Can't reach the AgenticMail browser control service (timed out after ${timeoutMs}ms). ${operatorHint} ${modelHint}`
+    );
+  }
+  return new Error(
+    `Can't reach the AgenticMail browser control service. ${operatorHint} ${modelHint} (${msg})`
+  );
+}
+async function fetchHttpJson(url, init) {
+  const timeoutMs = init.timeoutMs ?? 5e3;
+  const ctrl = new AbortController();
+  const upstreamSignal = init.signal;
+  let upstreamAbortListener;
+  if (upstreamSignal) {
+    if (upstreamSignal.aborted) {
+      ctrl.abort(upstreamSignal.reason);
+    } else {
+      upstreamAbortListener = () => ctrl.abort(upstreamSignal.reason);
+      upstreamSignal.addEventListener("abort", upstreamAbortListener, { once: true });
+    }
+  }
+  const t = setTimeout(() => ctrl.abort(new Error("timed out")), timeoutMs);
+  try {
+    const res = await fetch(url, { ...init, signal: ctrl.signal });
+    if (!res.ok) {
+      const text = await res.text().catch(() => "");
+      throw new Error(text || `HTTP ${res.status}`);
+    }
+    return await res.json();
+  } finally {
+    clearTimeout(t);
+    if (upstreamSignal && upstreamAbortListener) {
+      upstreamSignal.removeEventListener("abort", upstreamAbortListener);
+    }
+  }
+}
+function isOwnBrowserServer(url) {
+  if (!isAbsoluteHttp(url)) return false;
+  const ownPort = globalThis.__agenticmail_browser_port;
+  if (!ownPort) return false;
+  try {
+    const parsed = new URL(url);
+    const host = parsed.hostname.toLowerCase();
+    const port = parsed.port ? Number(parsed.port) : parsed.protocol === "https:" ? 443 : 80;
+    return (host === "127.0.0.1" || host === "localhost" || host === "::1") && port === ownPort;
+  } catch {
+    return false;
+  }
+}
+async function fetchBrowserJson(url, init) {
+  const timeoutMs = init?.timeoutMs ?? 5e3;
+  try {
+    if (isAbsoluteHttp(url) && !isOwnBrowserServer(url)) {
+      const httpInit = withLoopbackBrowserAuth(url, init);
+      const result2 = await fetchHttpJson(url, { ...httpInit, timeoutMs });
+      resetBrowserErrorCount();
+      return result2;
+    }
+    const existingCtx = globalThis.__agenticmail_browser_ctx;
+    let dispatcher = globalThis.__agenticmail_browser_dispatcher;
+    if (!dispatcher) {
+      if (existingCtx) {
+        dispatcher = createBrowserRouteDispatcher(existingCtx);
+      } else {
+        const started = await startBrowserControlServiceFromConfig();
+        if (!started) {
+          throw new Error("browser control disabled");
+        }
+        dispatcher = createBrowserRouteDispatcher(createBrowserControlContext());
+      }
+      globalThis.__agenticmail_browser_dispatcher = dispatcher;
+    }
+    const parsed = new URL(url, "http://localhost");
+    const query = {};
+    for (const [key, value] of parsed.searchParams.entries()) {
+      query[key] = value;
+    }
+    let body = init?.body;
+    if (typeof body === "string") {
+      try {
+        body = JSON.parse(body);
+      } catch {
+      }
+    }
+    const abortCtrl = new AbortController();
+    const upstreamSignal = init?.signal;
+    let upstreamAbortListener;
+    if (upstreamSignal) {
+      if (upstreamSignal.aborted) {
+        abortCtrl.abort(upstreamSignal.reason);
+      } else {
+        upstreamAbortListener = () => abortCtrl.abort(upstreamSignal.reason);
+        upstreamSignal.addEventListener("abort", upstreamAbortListener, { once: true });
+      }
+    }
+    let abortListener;
+    const abortPromise = abortCtrl.signal.aborted ? Promise.reject(abortCtrl.signal.reason ?? new Error("aborted")) : new Promise((_, reject) => {
+      abortListener = () => reject(abortCtrl.signal.reason ?? new Error("aborted"));
+      abortCtrl.signal.addEventListener("abort", abortListener, { once: true });
+    });
+    let timer;
+    if (timeoutMs) {
+      timer = setTimeout(() => abortCtrl.abort(new Error("timed out")), timeoutMs);
+    }
+    const dispatchPromise = dispatcher.dispatch({
+      method: init?.method?.toUpperCase() === "DELETE" ? "DELETE" : init?.method?.toUpperCase() === "POST" ? "POST" : "GET",
+      path: parsed.pathname,
+      query,
+      body,
+      signal: abortCtrl.signal
+    });
+    const result = await Promise.race([dispatchPromise, abortPromise]).finally(() => {
+      if (timer) {
+        clearTimeout(timer);
+      }
+      if (abortListener) {
+        abortCtrl.signal.removeEventListener("abort", abortListener);
+      }
+      if (upstreamSignal && upstreamAbortListener) {
+        upstreamSignal.removeEventListener("abort", upstreamAbortListener);
+      }
+    });
+    if (result.status >= 400) {
+      const message = result.body && typeof result.body === "object" && "error" in result.body ? String(result.body.error) : `HTTP ${result.status}`;
+      const err = new Error(message);
+      if (result.status < 500) {
+        err._browserValidation = true;
+        resetBrowserErrorCount();
+      }
+      throw err;
+    }
+    resetBrowserErrorCount();
+    return result.body;
+  } catch (err) {
+    if (err && typeof err === "object" && "_browserValidation" in err) {
+      throw err;
+    }
+    throw enhanceBrowserFetchError(url, err, timeoutMs);
+  }
+}
+
+// src/browser/client-actions-core.ts
+async function browserNavigate(baseUrl, opts) {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson(withBaseUrl(baseUrl, `/navigate${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ url: opts.url, targetId: opts.targetId }),
+    timeoutMs: 5e4
+  });
+}
+async function browserArmDialog(baseUrl, opts) {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson(withBaseUrl(baseUrl, `/hooks/dialog${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      accept: opts.accept,
+      promptText: opts.promptText,
+      targetId: opts.targetId,
+      timeoutMs: opts.timeoutMs
+    }),
+    timeoutMs: 5e4
+  });
+}
+async function browserArmFileChooser(baseUrl, opts) {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson(withBaseUrl(baseUrl, `/hooks/file-chooser${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      paths: opts.paths,
+      ref: opts.ref,
+      inputRef: opts.inputRef,
+      element: opts.element,
+      targetId: opts.targetId,
+      timeoutMs: opts.timeoutMs
+    }),
+    timeoutMs: 5e4
+  });
+}
+async function browserAct(baseUrl, req, opts) {
+  const q = buildProfileQuery(opts?.profile);
+  return await fetchBrowserJson(withBaseUrl(baseUrl, `/act${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(req),
+    timeoutMs: 5e4
+  });
+}
+async function browserScreenshotAction(baseUrl, opts) {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson(withBaseUrl(baseUrl, `/screenshot${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      targetId: opts.targetId,
+      fullPage: opts.fullPage,
+      ref: opts.ref,
+      element: opts.element,
+      type: opts.type
+    }),
+    timeoutMs: 5e4
+  });
+}
+
+// src/browser/client-actions-observe.ts
+function buildQuerySuffix(params) {
+  const query = new URLSearchParams();
+  for (const [key, value] of params) {
+    if (typeof value === "boolean") {
+      query.set(key, String(value));
+      continue;
+    }
+    if (typeof value === "string" && value.length > 0) {
+      query.set(key, value);
+    }
+  }
+  const encoded = query.toString();
+  return encoded.length > 0 ? `?${encoded}` : "";
+}
+async function browserConsoleMessages(baseUrl, opts = {}) {
+  const suffix = buildQuerySuffix([
+    ["level", opts.level],
+    ["targetId", opts.targetId],
+    ["profile", opts.profile]
+  ]);
+  return await fetchBrowserJson(withBaseUrl(baseUrl, `/console${suffix}`), { timeoutMs: 2e4 });
+}
+async function browserPdfSave(baseUrl, opts = {}) {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson(withBaseUrl(baseUrl, `/pdf${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ targetId: opts.targetId }),
+    timeoutMs: 2e4
+  });
+}
+
+// src/browser/client.ts
+function buildProfileQuery2(profile) {
+  return profile ? `?profile=${encodeURIComponent(profile)}` : "";
+}
+function withBaseUrl2(baseUrl, path) {
+  const trimmed = baseUrl?.trim();
+  if (!trimmed) {
+    return path;
+  }
+  return `${trimmed.replace(/\/$/, "")}${path}`;
+}
+async function browserStatus(baseUrl, opts) {
+  const q = buildProfileQuery2(opts?.profile);
+  return await fetchBrowserJson(withBaseUrl2(baseUrl, `/${q}`), {
+    timeoutMs: 1500
+  });
+}
+async function browserProfiles(baseUrl) {
+  const res = await fetchBrowserJson(
+    withBaseUrl2(baseUrl, `/profiles`),
+    {
+      timeoutMs: 3e3
+    }
+  );
+  return res.profiles ?? [];
+}
+async function browserStart(baseUrl, opts) {
+  const q = buildProfileQuery2(opts?.profile);
+  await fetchBrowserJson(withBaseUrl2(baseUrl, `/start${q}`), {
+    method: "POST",
+    timeoutMs: 15e3
+  });
+}
+async function browserStop(baseUrl, opts) {
+  const q = buildProfileQuery2(opts?.profile);
+  await fetchBrowserJson(withBaseUrl2(baseUrl, `/stop${q}`), {
+    method: "POST",
+    timeoutMs: 15e3
+  });
+}
+async function browserTabs(baseUrl, opts) {
+  const q = buildProfileQuery2(opts?.profile);
+  const res = await fetchBrowserJson(
+    withBaseUrl2(baseUrl, `/tabs${q}`),
+    { timeoutMs: 3e3 }
+  );
+  return res.tabs ?? [];
+}
+async function browserOpenTab(baseUrl, url, opts) {
+  const q = buildProfileQuery2(opts?.profile);
+  return await fetchBrowserJson(withBaseUrl2(baseUrl, `/tabs/open${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ url }),
+    timeoutMs: 15e3
+  });
+}
+async function browserFocusTab(baseUrl, targetId, opts) {
+  const q = buildProfileQuery2(opts?.profile);
+  await fetchBrowserJson(withBaseUrl2(baseUrl, `/tabs/focus${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ targetId }),
+    timeoutMs: 5e3
+  });
+}
+async function browserCloseTab(baseUrl, targetId, opts) {
+  const q = buildProfileQuery2(opts?.profile);
+  await fetchBrowserJson(withBaseUrl2(baseUrl, `/tabs/${encodeURIComponent(targetId)}${q}`), {
+    method: "DELETE",
+    timeoutMs: 5e3
+  });
+}
+async function browserSnapshot(baseUrl, opts) {
+  const q = new URLSearchParams();
+  q.set("format", opts.format);
+  if (opts.targetId) {
+    q.set("targetId", opts.targetId);
+  }
+  if (typeof opts.limit === "number") {
+    q.set("limit", String(opts.limit));
+  }
+  if (typeof opts.maxChars === "number" && Number.isFinite(opts.maxChars)) {
+    q.set("maxChars", String(opts.maxChars));
+  }
+  if (opts.refs === "aria" || opts.refs === "role") {
+    q.set("refs", opts.refs);
+  }
+  if (typeof opts.interactive === "boolean") {
+    q.set("interactive", String(opts.interactive));
+  }
+  if (typeof opts.compact === "boolean") {
+    q.set("compact", String(opts.compact));
+  }
+  if (typeof opts.depth === "number" && Number.isFinite(opts.depth)) {
+    q.set("depth", String(opts.depth));
+  }
+  if (opts.selector?.trim()) {
+    q.set("selector", opts.selector.trim());
+  }
+  if (opts.frame?.trim()) {
+    q.set("frame", opts.frame.trim());
+  }
+  if (opts.labels === true) {
+    q.set("labels", "1");
+  }
+  if (opts.mode) {
+    q.set("mode", opts.mode);
+  }
+  if (opts.profile) {
+    q.set("profile", opts.profile);
+  }
+  return await fetchBrowserJson(withBaseUrl2(baseUrl, `/snapshot?${q.toString()}`), {
+    timeoutMs: 5e4
+  });
+}
+
+// src/agent-tools/tools/browser-tool.schema.ts
+import { Type as Type2 } from "@sinclair/typebox";
+
+// src/agent-tools/schema/typebox.ts
+import { Type } from "@sinclair/typebox";
+function stringEnum(values, options = {}) {
+  return Type.Unsafe({
+    type: "string",
+    enum: [...values],
+    ...options
+  });
+}
+function optionalStringEnum(values, options = {}) {
+  return Type.Optional(stringEnum(values, options));
+}
+
+// src/agent-tools/tools/browser-tool.schema.ts
+var BROWSER_ACT_KINDS = [
+  "click",
+  "type",
+  "press",
+  "hover",
+  "drag",
+  "select",
+  "fill",
+  "resize",
+  "wait",
+  "evaluate",
+  "close",
+  "mouse_click",
+  "scroll"
+];
+var BROWSER_TOOL_ACTIONS = [
+  "status",
+  "start",
+  "stop",
+  "profiles",
+  "tabs",
+  "open",
+  "focus",
+  "close",
+  "snapshot",
+  "screenshot",
+  "navigate",
+  "console",
+  "pdf",
+  "upload",
+  "dialog",
+  "act"
+];
+var BROWSER_TARGETS = ["sandbox", "host", "node"];
+var BROWSER_SNAPSHOT_FORMATS = ["aria", "ai"];
+var BROWSER_SNAPSHOT_MODES = ["efficient"];
+var BROWSER_SNAPSHOT_REFS = ["role", "aria"];
+var BROWSER_IMAGE_TYPES = ["png", "jpeg"];
+var BrowserActSchema = Type2.Object({
+  kind: stringEnum(BROWSER_ACT_KINDS),
+  // Common fields
+  targetId: Type2.Optional(Type2.String()),
+  ref: Type2.Optional(Type2.String()),
+  // click
+  doubleClick: Type2.Optional(Type2.Boolean()),
+  button: Type2.Optional(Type2.String()),
+  modifiers: Type2.Optional(Type2.Array(Type2.String())),
+  // type
+  text: Type2.Optional(Type2.String()),
+  submit: Type2.Optional(Type2.Boolean()),
+  slowly: Type2.Optional(Type2.Boolean()),
+  // press
+  key: Type2.Optional(Type2.String()),
+  // drag
+  startRef: Type2.Optional(Type2.String()),
+  endRef: Type2.Optional(Type2.String()),
+  // select
+  values: Type2.Optional(Type2.Array(Type2.String())),
+  // fill - use permissive array of objects
+  fields: Type2.Optional(Type2.Array(Type2.Object({}, { additionalProperties: true }))),
+  // resize
+  width: Type2.Optional(Type2.Number()),
+  height: Type2.Optional(Type2.Number()),
+  // wait
+  timeMs: Type2.Optional(Type2.Number()),
+  textGone: Type2.Optional(Type2.String()),
+  // evaluate
+  fn: Type2.Optional(Type2.String()),
+  // mouse_click (coordinate-based clicking — fallback for Shadow DOM)
+  x: Type2.Optional(Type2.Number()),
+  y: Type2.Optional(Type2.Number()),
+  // scroll
+  deltaX: Type2.Optional(Type2.Number()),
+  deltaY: Type2.Optional(Type2.Number())
+});
+var BrowserToolSchema = Type2.Object({
+  action: stringEnum(BROWSER_TOOL_ACTIONS),
+  target: optionalStringEnum(BROWSER_TARGETS),
+  node: Type2.Optional(Type2.String()),
+  profile: Type2.Optional(Type2.String()),
+  targetUrl: Type2.Optional(Type2.String()),
+  targetId: Type2.Optional(Type2.String()),
+  limit: Type2.Optional(Type2.Number()),
+  maxChars: Type2.Optional(Type2.Number()),
+  mode: optionalStringEnum(BROWSER_SNAPSHOT_MODES),
+  snapshotFormat: optionalStringEnum(BROWSER_SNAPSHOT_FORMATS),
+  refs: optionalStringEnum(BROWSER_SNAPSHOT_REFS),
+  interactive: Type2.Optional(Type2.Boolean()),
+  compact: Type2.Optional(Type2.Boolean()),
+  depth: Type2.Optional(Type2.Number()),
+  selector: Type2.Optional(Type2.String()),
+  frame: Type2.Optional(Type2.String()),
+  labels: Type2.Optional(Type2.Boolean()),
+  fullPage: Type2.Optional(Type2.Boolean()),
+  ref: Type2.Optional(Type2.String()),
+  element: Type2.Optional(Type2.String()),
+  type: optionalStringEnum(BROWSER_IMAGE_TYPES),
+  level: Type2.Optional(Type2.String()),
+  paths: Type2.Optional(Type2.Array(Type2.String())),
+  inputRef: Type2.Optional(Type2.String()),
+  timeoutMs: Type2.Optional(Type2.Number()),
+  accept: Type2.Optional(Type2.Boolean()),
+  promptText: Type2.Optional(Type2.String()),
+  request: Type2.Optional(BrowserActSchema)
+});
+
+// src/agent-tools/tools/browser-tool.ts
+function wrapBrowserExternalJson(params) {
+  const extractedText = JSON.stringify(params.payload, null, 2);
+  const wrappedText = wrapExternalContent(extractedText, {
+    source: "browser",
+    includeWarning: params.includeWarning ?? true
+  });
+  return {
+    wrappedText,
+    safeDetails: {
+      ok: true,
+      externalContent: {
+        untrusted: true,
+        source: "browser",
+        kind: params.kind,
+        wrapped: true
+      }
+    }
+  };
+}
+function createEnterpriseBrowserTool(config) {
+  const baseUrl = config?.baseUrl;
+  const defaultProfile = config?.defaultProfile;
+  return {
+    label: "Browser",
+    name: "browser",
+    description: [
+      "Control the browser for web automation \u2014 navigate, screenshot, snapshot (accessibility tree), click, type, hover, drag, fill forms, manage tabs, capture console logs, save PDFs, upload files, and handle dialogs.",
+      "Actions: status, start, stop, profiles, tabs, open, focus, close, snapshot, screenshot, navigate, console, pdf, upload, dialog, act.",
+      "Use snapshot+act for UI automation. snapshot returns the page accessibility tree; use refs from it with act to interact.",
+      'snapshot format="ai" returns a text description; format="aria" returns structured nodes.',
+      "act supports: click, type, press, hover, drag, select, fill, resize, wait, evaluate, close, mouse_click, scroll.",
+      "mouse_click: coordinate-based clicking (x, y) \u2014 use when ref-based click fails on Shadow DOM/custom components. Take a screenshot first to identify coordinates.",
+      "scroll: scroll the page (deltaY positive=down, negative=up). Use to navigate long pages before taking snapshots.",
+      "IMPORTANT: Use open(targetUrl) to create NEW tabs for each different site/URL. Do NOT reuse the same tab for different sites \u2014 open a new tab, get its targetId, then use that targetId for all actions on that site.",
+      "Reddit URLs are auto-rewritten to old.reddit.com (avoids Shadow DOM issues).",
+      'TWITTER/X RULES: (1) Non-Premium accounts have a 280 character limit per post/reply. ALWAYS keep tweets under 280 chars. Count carefully before posting. If your message is too long, shorten it \u2014 the Post/Reply button will be DISABLED if over the limit. (2) ALWAYS verify your post went through: after clicking Reply/Post, check for a "Your post was sent" confirmation alert or see your reply appear in the thread. If the button was disabled or no confirmation appeared, the post FAILED \u2014 shorten and retry. Never assume a post succeeded without verification. (3) For replies, navigate directly to the post URL (e.g. x.com/user/status/ID) instead of searching \u2014 this avoids loading the massive search results DOM.',
+      "TOKEN EFFICIENCY: Snapshots can be large. Use compact=true to reduce size. Use maxChars (e.g. 5000) to limit output. Use selector to snapshot only a specific part of the page (e.g. the reply box or a single tweet). Avoid taking full-page snapshots repeatedly \u2014 each one adds thousands of tokens to your context.",
+      "FALLBACK STRATEGY: If snapshot refs fail \u2192 try evaluate with document.querySelector(). If clicks fail \u2192 take screenshot, identify coordinates, use mouse_click(x, y). If page is too long \u2192 use scroll to navigate, then snapshot again."
+    ].join(" "),
+    parameters: BrowserToolSchema,
+    execute: async (_toolCallId, args) => {
+      const executeWithRetry = async () => {
+        try {
+          return await executeInner(args);
+        } catch (err) {
+          const msg = String(err?.message || err || "");
+          if (msg.includes("Can't reach") && !msg.includes("timed out")) {
+            await new Promise((r) => setTimeout(r, 1500));
+            return await executeInner(args);
+          }
+          throw err;
+        }
+      };
+      return await executeWithRetry();
+    }
+  };
+  async function executeInner(args) {
+    const params = args;
+    const action = readStringParam(params, "action", { required: true });
+    const profile = readStringParam(params, "profile") || defaultProfile;
+    switch (action) {
+      case "status":
+        return jsonResult(await browserStatus(baseUrl, { profile }));
+      case "start":
+        await browserStart(baseUrl, { profile });
+        return jsonResult(await browserStatus(baseUrl, { profile }));
+      case "stop":
+        await browserStop(baseUrl, { profile });
+        return jsonResult(await browserStatus(baseUrl, { profile }));
+      case "profiles":
+        return jsonResult({ profiles: await browserProfiles(baseUrl) });
+      case "tabs": {
+        const tabs = await browserTabs(baseUrl, { profile });
+        const wrapped = wrapBrowserExternalJson({
+          kind: "tabs",
+          payload: { tabs },
+          includeWarning: false
+        });
+        return {
+          content: [{ type: "text", text: wrapped.wrappedText }],
+          details: { ...wrapped.safeDetails, tabCount: tabs.length }
+        };
+      }
+      case "open": {
+        const targetUrl = readStringParam(params, "targetUrl", { required: true });
+        return jsonResult(await browserOpenTab(baseUrl, targetUrl, { profile }));
+      }
+      case "focus": {
+        const targetId = readStringParam(params, "targetId", { required: true });
+        await browserFocusTab(baseUrl, targetId, { profile });
+        return jsonResult({ ok: true });
+      }
+      case "close": {
+        const targetId = readStringParam(params, "targetId");
+        if (targetId) {
+          await browserCloseTab(baseUrl, targetId, { profile });
+        } else {
+          await browserAct(baseUrl, { kind: "close" }, { profile });
+        }
+        return jsonResult({ ok: true });
+      }
+      case "snapshot": {
+        const format = params.snapshotFormat === "ai" || params.snapshotFormat === "aria" ? params.snapshotFormat : "ai";
+        const mode = params.mode === "efficient" ? "efficient" : void 0;
+        const labels = typeof params.labels === "boolean" ? params.labels : void 0;
+        const refs = params.refs === "aria" || params.refs === "role" ? params.refs : void 0;
+        const hasMaxChars = Object.hasOwn(params, "maxChars");
+        const targetId = typeof params.targetId === "string" ? params.targetId.trim() : void 0;
+        const limit = typeof params.limit === "number" && Number.isFinite(params.limit) ? params.limit : void 0;
+        const maxChars = typeof params.maxChars === "number" && Number.isFinite(params.maxChars) && params.maxChars > 0 ? Math.floor(params.maxChars) : void 0;
+        const resolvedMaxChars = hasMaxChars ? maxChars : mode === "efficient" ? void 0 : DEFAULT_AI_SNAPSHOT_MAX_CHARS;
+        const interactive = typeof params.interactive === "boolean" ? params.interactive : void 0;
+        const compact = typeof params.compact === "boolean" ? params.compact : void 0;
+        const depth = typeof params.depth === "number" && Number.isFinite(params.depth) ? params.depth : void 0;
+        const selector = typeof params.selector === "string" ? params.selector.trim() : void 0;
+        const frame = typeof params.frame === "string" ? params.frame.trim() : void 0;
+        const snapshot = await browserSnapshot(baseUrl, {
+          format,
+          targetId,
+          limit,
+          ...typeof resolvedMaxChars === "number" ? { maxChars: resolvedMaxChars } : {},
+          refs,
+          interactive,
+          compact,
+          depth,
+          selector,
+          frame,
+          labels,
+          mode,
+          profile
+        });
+        if (snapshot.format === "ai") {
+          const extractedText = snapshot.snapshot ?? "";
+          const wrappedSnapshot = wrapExternalContent(extractedText, {
+            source: "browser",
+            includeWarning: true
+          });
+          const safeDetails = {
+            ok: true,
+            format: snapshot.format,
+            targetId: snapshot.targetId,
+            url: snapshot.url,
+            truncated: snapshot.truncated,
+            stats: snapshot.stats,
+            refs: snapshot.refs ? Object.keys(snapshot.refs).length : void 0,
+            labels: snapshot.labels,
+            labelsCount: snapshot.labelsCount,
+            labelsSkipped: snapshot.labelsSkipped,
+            imagePath: snapshot.imagePath,
+            imageType: snapshot.imageType,
+            externalContent: {
+              untrusted: true,
+              source: "browser",
+              kind: "snapshot",
+              format: "ai",
+              wrapped: true
+            }
+          };
+          if (labels && snapshot.imagePath) {
+            return await imageResultFromFile({
+              label: "browser:snapshot",
+              path: snapshot.imagePath,
+              extraText: wrappedSnapshot,
+              details: safeDetails
+            });
+          }
+          return {
+            content: [{ type: "text", text: wrappedSnapshot }],
+            details: safeDetails
+          };
+        }
+        const snapshotAny = snapshot;
+        const ariaTree = typeof snapshotAny.snapshot === "string" ? snapshotAny.snapshot : snapshot.nodes ? JSON.stringify(snapshot.nodes, null, 2) : JSON.stringify(snapshot, null, 2);
+        const wrappedAria = wrapExternalContent(ariaTree, {
+          source: "browser",
+          includeWarning: true
+        });
+        return {
+          content: [{ type: "text", text: wrappedAria }],
+          details: {
+            ok: true,
+            format: "aria",
+            targetId: snapshot.targetId,
+            url: snapshot.url,
+            nodeCount: snapshot.nodes?.length ?? 0,
+            truncated: snapshotAny.truncated,
+            externalContent: {
+              untrusted: true,
+              source: "browser",
+              kind: "snapshot",
+              format: "aria",
+              wrapped: true
+            }
+          }
+        };
+      }
+      case "screenshot": {
+        const targetId = readStringParam(params, "targetId");
+        const fullPage = Boolean(params.fullPage);
+        const ref = readStringParam(params, "ref");
+        const element = readStringParam(params, "element");
+        const type = params.type === "jpeg" ? "jpeg" : "png";
+        const result = await browserScreenshotAction(baseUrl, {
+          targetId,
+          fullPage,
+          ref,
+          element,
+          type,
+          profile
+        });
+        return await imageResultFromFile({
+          label: "browser:screenshot",
+          path: result.path,
+          details: result
+        });
+      }
+      case "navigate": {
+        const targetUrl = readStringParam(params, "targetUrl", { required: true });
+        const targetId = readStringParam(params, "targetId");
+        return jsonResult(
+          await browserNavigate(baseUrl, {
+            url: targetUrl,
+            targetId,
+            profile
+          })
+        );
+      }
+      case "console": {
+        const level = typeof params.level === "string" ? params.level.trim() : void 0;
+        const targetId = typeof params.targetId === "string" ? params.targetId.trim() : void 0;
+        const result = await browserConsoleMessages(baseUrl, { level, targetId, profile });
+        const wrapped = wrapBrowserExternalJson({
+          kind: "console",
+          payload: result,
+          includeWarning: false
+        });
+        return {
+          content: [{ type: "text", text: wrapped.wrappedText }],
+          details: {
+            ...wrapped.safeDetails,
+            targetId: result.targetId,
+            messageCount: result.messages.length
+          }
+        };
+      }
+      case "pdf": {
+        const targetId = typeof params.targetId === "string" ? params.targetId.trim() : void 0;
+        const result = await browserPdfSave(baseUrl, { targetId, profile });
+        return {
+          content: [{ type: "text", text: `FILE:${result.path}` }],
+          details: result
+        };
+      }
+      case "upload": {
+        const paths = Array.isArray(params.paths) ? params.paths.map((p) => String(p)) : [];
+        if (paths.length === 0) throw new Error("paths required");
+        const uploadDir = config?.uploadDir || DEFAULT_UPLOAD_DIR;
+        const normalizedPaths = resolvePathsWithinRoot(uploadDir, ...paths);
+        const ref = readStringParam(params, "ref");
+        const inputRef = readStringParam(params, "inputRef");
+        const element = readStringParam(params, "element");
+        const targetId = typeof params.targetId === "string" ? params.targetId.trim() : void 0;
+        const timeoutMs = typeof params.timeoutMs === "number" && Number.isFinite(params.timeoutMs) ? params.timeoutMs : void 0;
+        return jsonResult(
+          await browserArmFileChooser(baseUrl, {
+            paths: normalizedPaths,
+            ref,
+            inputRef,
+            element,
+            targetId,
+            timeoutMs,
+            profile
+          })
+        );
+      }
+      case "dialog": {
+        const accept = Boolean(params.accept);
+        const promptText = typeof params.promptText === "string" ? params.promptText : void 0;
+        const targetId = typeof params.targetId === "string" ? params.targetId.trim() : void 0;
+        const timeoutMs = typeof params.timeoutMs === "number" && Number.isFinite(params.timeoutMs) ? params.timeoutMs : void 0;
+        return jsonResult(
+          await browserArmDialog(baseUrl, {
+            accept,
+            promptText,
+            targetId,
+            timeoutMs,
+            profile
+          })
+        );
+      }
+      case "act": {
+        const request = params.request;
+        if (!request || typeof request !== "object") throw new Error("request required");
+        if (request.kind === "evaluate" && config?.allowEvaluate === false) {
+          throw new Error("JavaScript evaluation is disabled for this agent. Enable it in agent config.");
+        }
+        const result = await browserAct(baseUrl, request, {
+          profile
+        });
+        return jsonResult(result);
+      }
+      default:
+        throw new Error(`Unknown browser action: ${action}`);
+    }
+  }
+}
+export {
+  createEnterpriseBrowserTool
+};