@agenticmail/enterprise 0.5.78 → 0.5.79

package/src/browser/server-context.types.ts

@@ -0,0 +1,65 @@
+import type { Server } from "node:http";
+import type { RunningChrome } from "./chrome.js";
+import type { BrowserTab } from "./client.js";
+import type { ResolvedBrowserConfig, ResolvedBrowserProfile } from "./config.js";
+
+export type { BrowserTab };
+
+/**
+ * Runtime state for a single profile's Chrome instance.
+ */
+export type ProfileRuntimeState = {
+  profile: ResolvedBrowserProfile;
+  running: RunningChrome | null;
+  /** Sticky tab selection when callers omit targetId (keeps snapshot+act consistent). */
+  lastTargetId?: string | null;
+};
+
+export type BrowserServerState = {
+  server?: Server | null;
+  port: number;
+  resolved: ResolvedBrowserConfig;
+  profiles: Map<string, ProfileRuntimeState>;
+};
+
+type BrowserProfileActions = {
+  ensureBrowserAvailable: () => Promise<void>;
+  ensureTabAvailable: (targetId?: string) => Promise<BrowserTab>;
+  isHttpReachable: (timeoutMs?: number) => Promise<boolean>;
+  isReachable: (timeoutMs?: number) => Promise<boolean>;
+  listTabs: () => Promise<BrowserTab[]>;
+  openTab: (url: string) => Promise<BrowserTab>;
+  focusTab: (targetId: string) => Promise<void>;
+  closeTab: (targetId: string) => Promise<void>;
+  stopRunningBrowser: () => Promise<{ stopped: boolean }>;
+  resetProfile: () => Promise<{ moved: boolean; from: string; to?: string }>;
+};
+
+export type BrowserRouteContext = {
+  state: () => BrowserServerState;
+  forProfile: (profileName?: string) => ProfileContext;
+  listProfiles: () => Promise<ProfileStatus[]>;
+  // Legacy methods delegate to default profile for backward compatibility
+  mapTabError: (err: unknown) => { status: number; message: string } | null;
+} & BrowserProfileActions;
+
+export type ProfileContext = {
+  profile: ResolvedBrowserProfile;
+} & BrowserProfileActions;
+
+export type ProfileStatus = {
+  name: string;
+  cdpPort: number;
+  cdpUrl: string;
+  color: string;
+  running: boolean;
+  tabCount: number;
+  isDefault: boolean;
+  isRemote: boolean;
+};
+
+export type ContextOptions = {
+  getState: () => BrowserServerState | null;
+  onEnsureAttachTarget?: (profile: ResolvedBrowserProfile) => Promise<void>;
+  refreshConfigFromDisk?: boolean;
+};

package/src/browser/server-lifecycle.ts

@@ -0,0 +1,48 @@
+import type { ResolvedBrowserConfig } from "./config.js";
+import { resolveProfile } from "./config.js";
+import { ensureChromeExtensionRelayServer } from "./extension-relay.js";
+import {
+  type BrowserServerState,
+  createBrowserRouteContext,
+  listKnownProfileNames,
+} from "./server-context.js";
+
+export async function ensureExtensionRelayForProfiles(params: {
+  resolved: ResolvedBrowserConfig;
+  onWarn: (message: string) => void;
+}) {
+  for (const name of Object.keys(params.resolved.profiles)) {
+    const profile = resolveProfile(params.resolved, name);
+    if (!profile || profile.driver !== "extension") {
+      continue;
+    }
+    await ensureChromeExtensionRelayServer({ cdpUrl: profile.cdpUrl }).catch((err) => {
+      params.onWarn(`Chrome extension relay init failed for profile "${name}": ${String(err)}`);
+    });
+  }
+}
+
+export async function stopKnownBrowserProfiles(params: {
+  getState: () => BrowserServerState | null;
+  onWarn: (message: string) => void;
+}) {
+  const current = params.getState();
+  if (!current) {
+    return;
+  }
+  const ctx = createBrowserRouteContext({
+    getState: params.getState,
+    refreshConfigFromDisk: true,
+  });
+  try {
+    for (const name of listKnownProfileNames(current)) {
+      try {
+        await ctx.forProfile(name).stopRunningBrowser();
+      } catch {
+        // ignore
+      }
+    }
+  } catch (err) {
+    params.onWarn(`openclaw browser stop failed: ${String(err)}`);
+  }
+}

package/src/browser/server-middleware.ts

@@ -0,0 +1,37 @@
+import type { Express } from "express";
+import express from "express";
+import { browserMutationGuardMiddleware } from "./csrf.js";
+import { isAuthorizedBrowserRequest } from "./http-auth.js";
+
+export function installBrowserCommonMiddleware(app: Express) {
+  app.use((req, res, next) => {
+    const ctrl = new AbortController();
+    const abort = () => ctrl.abort(new Error("request aborted"));
+    req.once("aborted", abort);
+    res.once("close", () => {
+      if (!res.writableEnded) {
+        abort();
+      }
+    });
+    // Make the signal available to browser route handlers (best-effort).
+    (req as unknown as { signal?: AbortSignal }).signal = ctrl.signal;
+    next();
+  });
+  app.use(express.json({ limit: "1mb" }));
+  app.use(browserMutationGuardMiddleware());
+}
+
+export function installBrowserAuthMiddleware(
+  app: Express,
+  auth: { token?: string; password?: string },
+) {
+  if (!auth.token && !auth.password) {
+    return;
+  }
+  app.use((req, res, next) => {
+    if (isAuthorizedBrowserRequest(req, auth)) {
+      return next();
+    }
+    res.status(401).send("Unauthorized");
+  });
+}

package/src/browser/server.ts

@@ -0,0 +1,110 @@
+import type { Server } from "node:http";
+import express from "express";
+
+import { resolveBrowserConfig } from "./config.js";
+import { ensureBrowserControlAuth, resolveBrowserControlAuth } from "./control-auth.js";
+import { isPwAiLoaded } from "./pw-ai-state.js";
+import { registerBrowserRoutes } from "./routes/index.js";
+import type { BrowserRouteRegistrar } from "./routes/types.js";
+import { type BrowserServerState, createBrowserRouteContext } from "./server-context.js";
+import { ensureExtensionRelayForProfiles, stopKnownBrowserProfiles } from "./server-lifecycle.js";
+import {
+import { createSubsystemLogger, loadConfig } from "./enterprise-compat.js";
+  installBrowserAuthMiddleware,
+  installBrowserCommonMiddleware,
+} from "./server-middleware.js";
+
+let state: BrowserServerState | null = null;
+const log = createSubsystemLogger("browser");
+const logServer = log.child("server");
+
+export async function startBrowserControlServerFromConfig(): Promise<BrowserServerState | null> {
+  if (state) {
+    return state;
+  }
+
+  const cfg = loadConfig();
+  const resolved = resolveBrowserConfig(cfg.browser, cfg);
+  if (!resolved.enabled) {
+    return null;
+  }
+
+  let browserAuth = resolveBrowserControlAuth(cfg);
+  try {
+    const ensured = await ensureBrowserControlAuth({ cfg });
+    browserAuth = ensured.auth;
+    if (ensured.generatedToken) {
+      logServer.info("No browser auth configured; generated gateway.auth.token automatically.");
+    }
+  } catch (err) {
+    logServer.warn(`failed to auto-configure browser auth: ${String(err)}`);
+  }
+
+  const app = express();
+  installBrowserCommonMiddleware(app);
+  installBrowserAuthMiddleware(app, browserAuth);
+
+  const ctx = createBrowserRouteContext({
+    getState: () => state,
+    refreshConfigFromDisk: true,
+  });
+  registerBrowserRoutes(app as unknown as BrowserRouteRegistrar, ctx);
+
+  const port = resolved.controlPort;
+  const server = await new Promise<Server>((resolve, reject) => {
+    const s = app.listen(port, "127.0.0.1", () => resolve(s));
+    s.once("error", reject);
+  }).catch((err) => {
+    logServer.error(`openclaw browser server failed to bind 127.0.0.1:${port}: ${String(err)}`);
+    return null;
+  });
+
+  if (!server) {
+    return null;
+  }
+
+  state = {
+    server,
+    port,
+    resolved,
+    profiles: new Map(),
+  };
+
+  await ensureExtensionRelayForProfiles({
+    resolved,
+    onWarn: (message) => logServer.warn(message),
+  });
+
+  const authMode = browserAuth.token ? "token" : browserAuth.password ? "password" : "off";
+  logServer.info(`Browser control listening on http://127.0.0.1:${port}/ (auth=${authMode})`);
+  return state;
+}
+
+export async function stopBrowserControlServer(): Promise<void> {
+  const current = state;
+  if (!current) {
+    return;
+  }
+
+  await stopKnownBrowserProfiles({
+    getState: () => state,
+    onWarn: (message) => logServer.warn(message),
+  });
+
+  if (current.server) {
+    await new Promise<void>((resolve) => {
+      current.server?.close(() => resolve());
+    });
+  }
+  state = null;
+
+  // Optional: avoid importing heavy Playwright bridge when this process never used it.
+  if (isPwAiLoaded()) {
+    try {
+      const mod = await import("./pw-ai.js");
+      await mod.closePlaywrightBrowserConnection();
+    } catch {
+      // ignore
+    }
+  }
+}

package/src/browser/target-id.ts

@@ -0,0 +1,30 @@
+export type TargetIdResolution =
+  | { ok: true; targetId: string }
+  | { ok: false; reason: "not_found" | "ambiguous"; matches?: string[] };
+
+export function resolveTargetIdFromTabs(
+  input: string,
+  tabs: Array<{ targetId: string }>,
+): TargetIdResolution {
+  const needle = input.trim();
+  if (!needle) {
+    return { ok: false, reason: "not_found" };
+  }
+
+  const exact = tabs.find((t) => t.targetId === needle);
+  if (exact) {
+    return { ok: true, targetId: exact.targetId };
+  }
+
+  const lower = needle.toLowerCase();
+  const matches = tabs.map((t) => t.targetId).filter((id) => id.toLowerCase().startsWith(lower));
+
+  const only = matches.length === 1 ? matches[0] : undefined;
+  if (only) {
+    return { ok: true, targetId: only };
+  }
+  if (matches.length === 0) {
+    return { ok: false, reason: "not_found" };
+  }
+  return { ok: false, reason: "ambiguous", matches };
+}

package/src/browser/trash.ts

@@ -0,0 +1,21 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { runExec } from "./enterprise-compat.js";
+
+export async function movePathToTrash(targetPath: string): Promise<string> {
+  try {
+    await runExec("trash", [targetPath], { timeoutMs: 10_000 });
+    return targetPath;
+  } catch {
+    const trashDir = path.join(os.homedir(), ".Trash");
+    fs.mkdirSync(trashDir, { recursive: true });
+    const base = path.basename(targetPath);
+    let dest = path.join(trashDir, `${base}-${Date.now()}`);
+    if (fs.existsSync(dest)) {
+      dest = path.join(trashDir, `${base}-${Date.now()}-${Math.random()}`);
+    }
+    fs.renameSync(targetPath, dest);
+    return dest;
+  }
+}

package/src/dashboard/pages/agent-detail.js

@@ -3974,7 +3974,319 @@ function ToolsSection(props) {
       })
     ),
 
-    filtered.length === 0 && h('div', { style: { textAlign: 'center', padding: 40, color: 'var(--text-muted)' } }, 'No tools match this filter.')
+    filtered.length === 0 && h('div', { style: { textAlign: 'center', padding: 40, color: 'var(--text-muted)' } }, 'No tools match this filter.'),
+
+    // ─── Browser Configuration ─────────────────────────
+    h(BrowserConfigCard, { agentId: agentId }),
+
+    // ─── Tool Restrictions ─────────────────────────────
+    h(ToolRestrictionsCard, { agentId: agentId })
+  );
+}
+
+// ════════════════════════════════════════════════════════════
+// BROWSER CONFIG CARD — Configurable browser settings per agent
+// ════════════════════════════════════════════════════════════
+
+function BrowserConfigCard(props) {
+  var agentId = props.agentId;
+  var _d = useApp(); var toast = _d.toast;
+  var _cfg = useState(null); var cfg = _cfg[0]; var setCfg = _cfg[1];
+  var _saving = useState(false); var saving = _saving[0]; var setSaving = _saving[1];
+  var _collapsed = useState(true); var collapsed = _collapsed[0]; var setCollapsed = _collapsed[1];
+
+  function load() {
+    engineCall('/bridge/agents/' + agentId + '/browser-config')
+      .then(function(d) { setCfg(d.config || {}); })
+      .catch(function() { setCfg({}); });
+  }
+
+  useEffect(function() { load(); }, [agentId]);
+
+  function save() {
+    setSaving(true);
+    engineCall('/bridge/agents/' + agentId + '/browser-config', {
+      method: 'PUT',
+      body: JSON.stringify(cfg),
+    }).then(function() { toast('Browser config saved', 'success'); setSaving(false); })
+      .catch(function(e) { toast(e.message, 'error'); setSaving(false); });
+  }
+
+  function update(key, value) {
+    setCfg(function(prev) { var n = Object.assign({}, prev); n[key] = value; return n; });
+  }
+
+  if (!cfg) return null;
+
+  var labelStyle = { display: 'block', fontSize: 12, fontWeight: 600, color: 'var(--text-secondary)', marginBottom: 4 };
+  var helpStyle = { fontSize: 11, color: 'var(--text-muted)', marginTop: 2 };
+
+  return h('div', { className: 'card', style: { marginTop: 16 } },
+    h('div', {
+      className: 'card-header',
+      style: { cursor: 'pointer', display: 'flex', alignItems: 'center', justifyContent: 'space-between' },
+      onClick: function() { setCollapsed(!collapsed); }
+    },
+      h('span', null, '\uD83C\uDF10 Browser Configuration'),
+      h('span', { style: { fontSize: 12, color: 'var(--text-muted)' } }, collapsed ? '\u25BC' : '\u25B2')
+    ),
+    !collapsed && h('div', { style: { padding: 16, display: 'grid', gap: 16 } },
+      // Headless mode
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Headless Mode'),
+        h('select', {
+          className: 'input', value: cfg.headless !== false ? 'true' : 'false',
+          onChange: function(e) { update('headless', e.target.value === 'true'); }
+        },
+          h('option', { value: 'true' }, 'Headless (no visible browser window)'),
+          h('option', { value: 'false' }, 'Headed (visible browser — needed for Meet/Teams)')
+        ),
+        h('div', { style: helpStyle }, 'Use headed mode for video calls (Google Meet, Teams) or visual debugging.')
+      ),
+
+      // SSRF Protection
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'URL Protection'),
+        h('select', {
+          className: 'input', value: cfg.ssrfProtection || 'permissive',
+          onChange: function(e) { update('ssrfProtection', e.target.value); }
+        },
+          h('option', { value: 'off' }, 'Off — No restrictions (full internet access)'),
+          h('option', { value: 'permissive' }, 'Permissive — Block known dangerous URLs only'),
+          h('option', { value: 'strict' }, 'Strict — Block private IPs, require allowlist')
+        ),
+        h('div', { style: helpStyle }, 'Controls which URLs the agent can navigate to.')
+      ),
+
+      // Allow JS Evaluation
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'JavaScript Evaluation'),
+        h('select', {
+          className: 'input', value: cfg.allowEvaluate !== false ? 'true' : 'false',
+          onChange: function(e) { update('allowEvaluate', e.target.value === 'true'); }
+        },
+          h('option', { value: 'true' }, 'Allowed — Agent can run JS in page context'),
+          h('option', { value: 'false' }, 'Blocked — No arbitrary JS execution')
+        )
+      ),
+
+      // Allow File URLs
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'File URLs (file://)'),
+        h('select', {
+          className: 'input', value: cfg.allowFileUrls ? 'true' : 'false',
+          onChange: function(e) { update('allowFileUrls', e.target.value === 'true'); }
+        },
+          h('option', { value: 'false' }, 'Blocked — Cannot access local files'),
+          h('option', { value: 'true' }, 'Allowed — Can open local file:// URLs')
+        )
+      ),
+
+      // Max Contexts
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Max Browser Contexts'),
+        h('input', {
+          className: 'input', type: 'number', min: 1, max: 50,
+          value: cfg.maxContexts || 10,
+          onChange: function(e) { update('maxContexts', parseInt(e.target.value) || 10); }
+        }),
+        h('div', { style: helpStyle }, 'Maximum concurrent browser windows/tabs.')
+      ),
+
+      // Navigation Timeout
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Navigation Timeout (ms)'),
+        h('input', {
+          className: 'input', type: 'number', min: 5000, max: 120000, step: 1000,
+          value: cfg.navigationTimeoutMs || 30000,
+          onChange: function(e) { update('navigationTimeoutMs', parseInt(e.target.value) || 30000); }
+        }),
+        h('div', { style: helpStyle }, 'Maximum time to wait for page loads.')
+      ),
+
+      // Idle Timeout
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Idle Timeout (minutes)'),
+        h('input', {
+          className: 'input', type: 'number', min: 1, max: 60,
+          value: Math.round((cfg.idleTimeoutMs || 300000) / 60000),
+          onChange: function(e) { update('idleTimeoutMs', (parseInt(e.target.value) || 5) * 60000); }
+        }),
+        h('div', { style: helpStyle }, 'Close browser after this many minutes of inactivity.')
+      ),
+
+      // Blocked URL Patterns
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Blocked URL Patterns'),
+        h('input', {
+          className: 'input', placeholder: '*://169.254.*, *://metadata.google.*',
+          value: (cfg.blockedUrlPatterns || []).join(', '),
+          onChange: function(e) { update('blockedUrlPatterns', e.target.value.split(',').map(function(s) { return s.trim(); }).filter(Boolean)); }
+        }),
+        h('div', { style: helpStyle }, 'Comma-separated URL patterns to block (supports *).')
+      ),
+
+      // Allowed URL Patterns (only for strict mode)
+      cfg.ssrfProtection === 'strict' && h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Allowed URL Patterns (Strict Mode)'),
+        h('input', {
+          className: 'input', placeholder: '*://example.com/*, *://api.service.com/*',
+          value: (cfg.allowedUrlPatterns || []).join(', '),
+          onChange: function(e) { update('allowedUrlPatterns', e.target.value.split(',').map(function(s) { return s.trim(); }).filter(Boolean)); }
+        }),
+        h('div', { style: helpStyle }, 'Only these URLs are allowed in strict mode.')
+      ),
+
+      // Save button
+      h('div', { style: { display: 'flex', justifyContent: 'flex-end', paddingTop: 8 } },
+        h('button', { className: 'btn', disabled: saving, onClick: save }, saving ? 'Saving...' : 'Save Browser Config')
+      )
+    )
+  );
+}
+
+// ════════════════════════════════════════════════════════════
+// TOOL RESTRICTIONS CARD — Per-agent restrictions
+// ════════════════════════════════════════════════════════════
+
+function ToolRestrictionsCard(props) {
+  var agentId = props.agentId;
+  var _d = useApp(); var toast = _d.toast;
+  var _cfg = useState(null); var cfg = _cfg[0]; var setCfg = _cfg[1];
+  var _saving = useState(false); var saving = _saving[0]; var setSaving = _saving[1];
+  var _collapsed = useState(true); var collapsed = _collapsed[0]; var setCollapsed = _collapsed[1];
+
+  function load() {
+    engineCall('/bridge/agents/' + agentId + '/tool-restrictions')
+      .then(function(d) { setCfg(d.restrictions || {}); })
+      .catch(function() { setCfg({}); });
+  }
+
+  useEffect(function() { load(); }, [agentId]);
+
+  function save() {
+    setSaving(true);
+    engineCall('/bridge/agents/' + agentId + '/tool-restrictions', {
+      method: 'PUT',
+      body: JSON.stringify(cfg),
+    }).then(function() { toast('Restrictions saved', 'success'); setSaving(false); })
+      .catch(function(e) { toast(e.message, 'error'); setSaving(false); });
+  }
+
+  function update(key, value) {
+    setCfg(function(prev) { var n = Object.assign({}, prev); n[key] = value; return n; });
+  }
+
+  if (!cfg) return null;
+
+  var labelStyle = { display: 'block', fontSize: 12, fontWeight: 600, color: 'var(--text-secondary)', marginBottom: 4 };
+  var helpStyle = { fontSize: 11, color: 'var(--text-muted)', marginTop: 2 };
+
+  return h('div', { className: 'card', style: { marginTop: 16 } },
+    h('div', {
+      className: 'card-header',
+      style: { cursor: 'pointer', display: 'flex', alignItems: 'center', justifyContent: 'space-between' },
+      onClick: function() { setCollapsed(!collapsed); }
+    },
+      h('span', null, '\uD83D\uDD12 Tool Restrictions'),
+      h('span', { style: { fontSize: 12, color: 'var(--text-muted)' } }, collapsed ? '\u25BC' : '\u25B2')
+    ),
+    !collapsed && h('div', { style: { padding: 16, display: 'grid', gap: 16 } },
+      // Max file size for read/write
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Max File Size (MB)'),
+        h('input', {
+          className: 'input', type: 'number', min: 1, max: 1000,
+          value: cfg.maxFileSizeMb || 50,
+          onChange: function(e) { update('maxFileSizeMb', parseInt(e.target.value) || 50); }
+        }),
+        h('div', { style: helpStyle }, 'Maximum file size the agent can read or write.')
+      ),
+
+      // Shell command execution
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Shell Command Execution'),
+        h('select', {
+          className: 'input', value: cfg.shellExecution || 'allowed',
+          onChange: function(e) { update('shellExecution', e.target.value); }
+        },
+          h('option', { value: 'allowed' }, 'Allowed — Full shell access'),
+          h('option', { value: 'sandboxed' }, 'Sandboxed — Limited to safe commands'),
+          h('option', { value: 'blocked' }, 'Blocked — No shell execution')
+        ),
+        h('div', { style: helpStyle }, 'Controls whether the agent can run shell commands.')
+      ),
+
+      // Web fetch restrictions
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Web Fetch'),
+        h('select', {
+          className: 'input', value: cfg.webFetch || 'allowed',
+          onChange: function(e) { update('webFetch', e.target.value); }
+        },
+          h('option', { value: 'allowed' }, 'Allowed — Can fetch any URL'),
+          h('option', { value: 'restricted' }, 'Restricted — Only allowed domains'),
+          h('option', { value: 'blocked' }, 'Blocked — No web fetching')
+        )
+      ),
+
+      // Email sending restrictions
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Email Sending'),
+        h('select', {
+          className: 'input', value: cfg.emailSending || 'allowed',
+          onChange: function(e) { update('emailSending', e.target.value); }
+        },
+          h('option', { value: 'allowed' }, 'Allowed — Can send to anyone'),
+          h('option', { value: 'internal' }, 'Internal Only — Same domain only'),
+          h('option', { value: 'approval' }, 'Requires Approval — Manager must approve'),
+          h('option', { value: 'blocked' }, 'Blocked — No email sending')
+        ),
+        h('div', { style: helpStyle }, 'Controls who the agent can email.')
+      ),
+
+      // Database access
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Database Access'),
+        h('select', {
+          className: 'input', value: cfg.databaseAccess || 'readwrite',
+          onChange: function(e) { update('databaseAccess', e.target.value); }
+        },
+          h('option', { value: 'readwrite' }, 'Read + Write — Full database access'),
+          h('option', { value: 'readonly' }, 'Read Only — SELECT queries only'),
+          h('option', { value: 'blocked' }, 'Blocked — No database access')
+        )
+      ),
+
+      // Drive/file sharing
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'File Sharing (Drive)'),
+        h('select', {
+          className: 'input', value: cfg.fileSharing || 'allowed',
+          onChange: function(e) { update('fileSharing', e.target.value); }
+        },
+          h('option', { value: 'allowed' }, 'Allowed — Can share files externally'),
+          h('option', { value: 'internal' }, 'Internal Only — Share within org only'),
+          h('option', { value: 'blocked' }, 'Blocked — No file sharing')
+        )
+      ),
+
+      // Rate limiting
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Rate Limit (calls per minute)'),
+        h('input', {
+          className: 'input', type: 'number', min: 0, max: 1000,
+          value: cfg.rateLimit || 0,
+          onChange: function(e) { update('rateLimit', parseInt(e.target.value) || 0); }
+        }),
+        h('div', { style: helpStyle }, '0 = no limit. Applies across all tool calls.')
+      ),
+
+      // Save button
+      h('div', { style: { display: 'flex', justifyContent: 'flex-end', paddingTop: 8 } },
+        h('button', { className: 'btn', disabled: saving, onClick: save }, saving ? 'Saving...' : 'Save Restrictions')
+      )
+    )
   );
 }