@agenticmail/enterprise 0.5.78 → 0.5.80

package/src/browser/client-actions-state.ts

@@ -0,0 +1,284 @@
+import type { BrowserActionOk, BrowserActionTargetOk } from "./client-actions-types.js";
+import { buildProfileQuery, withBaseUrl } from "./client-actions-url.js";
+import { fetchBrowserJson } from "./client-fetch.js";
+
+export async function browserCookies(
+  baseUrl: string | undefined,
+  opts: { targetId?: string; profile?: string } = {},
+): Promise<{ ok: true; targetId: string; cookies: unknown[] }> {
+  const q = new URLSearchParams();
+  if (opts.targetId) {
+    q.set("targetId", opts.targetId);
+  }
+  if (opts.profile) {
+    q.set("profile", opts.profile);
+  }
+  const suffix = q.toString() ? `?${q.toString()}` : "";
+  return await fetchBrowserJson<{
+    ok: true;
+    targetId: string;
+    cookies: unknown[];
+  }>(withBaseUrl(baseUrl, `/cookies${suffix}`), { timeoutMs: 20000 });
+}
+
+export async function browserCookiesSet(
+  baseUrl: string | undefined,
+  opts: {
+    cookie: Record<string, unknown>;
+    targetId?: string;
+    profile?: string;
+  },
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/cookies/set${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ targetId: opts.targetId, cookie: opts.cookie }),
+    timeoutMs: 20000,
+  });
+}
+
+export async function browserCookiesClear(
+  baseUrl: string | undefined,
+  opts: { targetId?: string; profile?: string } = {},
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/cookies/clear${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ targetId: opts.targetId }),
+    timeoutMs: 20000,
+  });
+}
+
+export async function browserStorageGet(
+  baseUrl: string | undefined,
+  opts: {
+    kind: "local" | "session";
+    key?: string;
+    targetId?: string;
+    profile?: string;
+  },
+): Promise<{ ok: true; targetId: string; values: Record<string, string> }> {
+  const q = new URLSearchParams();
+  if (opts.targetId) {
+    q.set("targetId", opts.targetId);
+  }
+  if (opts.key) {
+    q.set("key", opts.key);
+  }
+  if (opts.profile) {
+    q.set("profile", opts.profile);
+  }
+  const suffix = q.toString() ? `?${q.toString()}` : "";
+  return await fetchBrowserJson<{
+    ok: true;
+    targetId: string;
+    values: Record<string, string>;
+  }>(withBaseUrl(baseUrl, `/storage/${opts.kind}${suffix}`), { timeoutMs: 20000 });
+}
+
+export async function browserStorageSet(
+  baseUrl: string | undefined,
+  opts: {
+    kind: "local" | "session";
+    key: string;
+    value: string;
+    targetId?: string;
+    profile?: string;
+  },
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(
+    withBaseUrl(baseUrl, `/storage/${opts.kind}/set${q}`),
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        targetId: opts.targetId,
+        key: opts.key,
+        value: opts.value,
+      }),
+      timeoutMs: 20000,
+    },
+  );
+}
+
+export async function browserStorageClear(
+  baseUrl: string | undefined,
+  opts: { kind: "local" | "session"; targetId?: string; profile?: string },
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(
+    withBaseUrl(baseUrl, `/storage/${opts.kind}/clear${q}`),
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ targetId: opts.targetId }),
+      timeoutMs: 20000,
+    },
+  );
+}
+
+export async function browserSetOffline(
+  baseUrl: string | undefined,
+  opts: { offline: boolean; targetId?: string; profile?: string },
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/offline${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ targetId: opts.targetId, offline: opts.offline }),
+    timeoutMs: 20000,
+  });
+}
+
+export async function browserSetHeaders(
+  baseUrl: string | undefined,
+  opts: {
+    headers: Record<string, string>;
+    targetId?: string;
+    profile?: string;
+  },
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/headers${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ targetId: opts.targetId, headers: opts.headers }),
+    timeoutMs: 20000,
+  });
+}
+
+export async function browserSetHttpCredentials(
+  baseUrl: string | undefined,
+  opts: {
+    username?: string;
+    password?: string;
+    clear?: boolean;
+    targetId?: string;
+    profile?: string;
+  } = {},
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(
+    withBaseUrl(baseUrl, `/set/credentials${q}`),
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        targetId: opts.targetId,
+        username: opts.username,
+        password: opts.password,
+        clear: opts.clear,
+      }),
+      timeoutMs: 20000,
+    },
+  );
+}
+
+export async function browserSetGeolocation(
+  baseUrl: string | undefined,
+  opts: {
+    latitude?: number;
+    longitude?: number;
+    accuracy?: number;
+    origin?: string;
+    clear?: boolean;
+    targetId?: string;
+    profile?: string;
+  } = {},
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(
+    withBaseUrl(baseUrl, `/set/geolocation${q}`),
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        targetId: opts.targetId,
+        latitude: opts.latitude,
+        longitude: opts.longitude,
+        accuracy: opts.accuracy,
+        origin: opts.origin,
+        clear: opts.clear,
+      }),
+      timeoutMs: 20000,
+    },
+  );
+}
+
+export async function browserSetMedia(
+  baseUrl: string | undefined,
+  opts: {
+    colorScheme: "dark" | "light" | "no-preference" | "none";
+    targetId?: string;
+    profile?: string;
+  },
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/media${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      targetId: opts.targetId,
+      colorScheme: opts.colorScheme,
+    }),
+    timeoutMs: 20000,
+  });
+}
+
+export async function browserSetTimezone(
+  baseUrl: string | undefined,
+  opts: { timezoneId: string; targetId?: string; profile?: string },
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/timezone${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      targetId: opts.targetId,
+      timezoneId: opts.timezoneId,
+    }),
+    timeoutMs: 20000,
+  });
+}
+
+export async function browserSetLocale(
+  baseUrl: string | undefined,
+  opts: { locale: string; targetId?: string; profile?: string },
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/locale${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ targetId: opts.targetId, locale: opts.locale }),
+    timeoutMs: 20000,
+  });
+}
+
+export async function browserSetDevice(
+  baseUrl: string | undefined,
+  opts: { name: string; targetId?: string; profile?: string },
+): Promise<BrowserActionTargetOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionTargetOk>(withBaseUrl(baseUrl, `/set/device${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ targetId: opts.targetId, name: opts.name }),
+    timeoutMs: 20000,
+  });
+}
+
+export async function browserClearPermissions(
+  baseUrl: string | undefined,
+  opts: { targetId?: string; profile?: string } = {},
+): Promise<BrowserActionOk> {
+  const q = buildProfileQuery(opts.profile);
+  return await fetchBrowserJson<BrowserActionOk>(withBaseUrl(baseUrl, `/set/geolocation${q}`), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ targetId: opts.targetId, clear: true }),
+    timeoutMs: 20000,
+  });
+}

package/src/browser/client-actions-types.ts

@@ -0,0 +1,16 @@
+export type BrowserActionOk = { ok: true };
+
+export type BrowserActionTabResult = {
+  ok: true;
+  targetId: string;
+  url?: string;
+};
+
+export type BrowserActionPathResult = {
+  ok: true;
+  path: string;
+  targetId: string;
+  url?: string;
+};
+
+export type BrowserActionTargetOk = { ok: true; targetId: string };

package/src/browser/client-actions-url.ts

@@ -0,0 +1,11 @@
+export function buildProfileQuery(profile?: string): string {
+  return profile ? `?profile=${encodeURIComponent(profile)}` : "";
+}
+
+export function withBaseUrl(baseUrl: string | undefined, path: string): string {
+  const trimmed = baseUrl?.trim();
+  if (!trimmed) {
+    return path;
+  }
+  return `${trimmed.replace(/\/$/, "")}${path}`;
+}

package/src/browser/client-actions.ts

@@ -0,0 +1,4 @@
+export * from "./client-actions-core.js";
+export * from "./client-actions-observe.js";
+export * from "./client-actions-state.js";
+export * from "./client-actions-types.js";

package/src/browser/client-fetch.ts

@@ -0,0 +1,253 @@
+
+
+import { getBridgeAuthForPort } from "./bridge-auth-registry.js";
+import { resolveBrowserControlAuth } from "./control-auth.js";
+import {
+  createBrowserControlContext,
+  startBrowserControlServiceFromConfig,
+} from "./control-service.js";
+import { createBrowserRouteDispatcher } from "./routes/dispatcher.js";
+import { formatCliCommand, loadConfig } from "./enterprise-compat.js";
+
+type LoopbackBrowserAuthDeps = {
+  loadConfig: typeof loadConfig;
+  resolveBrowserControlAuth: typeof resolveBrowserControlAuth;
+  getBridgeAuthForPort: typeof getBridgeAuthForPort;
+};
+
+function isAbsoluteHttp(url: string): boolean {
+  return /^https?:\/\//i.test(url.trim());
+}
+
+function isLoopbackHttpUrl(url: string): boolean {
+  try {
+    const host = new URL(url).hostname.trim().toLowerCase();
+    // URL hostnames may keep IPv6 brackets (for example "[::1]"); normalize before checks.
+    const normalizedHost = host.startsWith("[") && host.endsWith("]") ? host.slice(1, -1) : host;
+    return (
+      normalizedHost === "127.0.0.1" || normalizedHost === "localhost" || normalizedHost === "::1"
+    );
+  } catch {
+    return false;
+  }
+}
+
+function withLoopbackBrowserAuthImpl(
+  url: string,
+  init: (RequestInit & { timeoutMs?: number }) | undefined,
+  deps: LoopbackBrowserAuthDeps,
+): RequestInit & { timeoutMs?: number } {
+  const headers = new Headers(init?.headers ?? {});
+  if (headers.has("authorization") || headers.has("x-openclaw-password")) {
+    return { ...init, headers };
+  }
+  if (!isLoopbackHttpUrl(url)) {
+    return { ...init, headers };
+  }
+
+  try {
+    const cfg = deps.loadConfig();
+    const auth = deps.resolveBrowserControlAuth(cfg);
+    if (auth.token) {
+      headers.set("Authorization", `Bearer ${auth.token}`);
+      return { ...init, headers };
+    }
+    if (auth.password) {
+      headers.set("x-openclaw-password", auth.password);
+      return { ...init, headers };
+    }
+  } catch {
+    // ignore config/auth lookup failures and continue without auth headers
+  }
+
+  // Sandbox bridge servers can run with per-process ephemeral auth on dynamic ports.
+  // Fall back to the in-memory registry if config auth is not available.
+  try {
+    const parsed = new URL(url);
+    const port =
+      parsed.port && Number.parseInt(parsed.port, 10) > 0
+        ? Number.parseInt(parsed.port, 10)
+        : parsed.protocol === "https:"
+          ? 443
+          : 80;
+    const bridgeAuth = deps.getBridgeAuthForPort(port);
+    if (bridgeAuth?.token) {
+      headers.set("Authorization", `Bearer ${bridgeAuth.token}`);
+    } else if (bridgeAuth?.password) {
+      headers.set("x-openclaw-password", bridgeAuth.password);
+    }
+  } catch {
+    // ignore
+  }
+
+  return { ...init, headers };
+}
+
+function withLoopbackBrowserAuth(
+  url: string,
+  init: (RequestInit & { timeoutMs?: number }) | undefined,
+): RequestInit & { timeoutMs?: number } {
+  return withLoopbackBrowserAuthImpl(url, init, {
+    loadConfig,
+    resolveBrowserControlAuth,
+    getBridgeAuthForPort,
+  });
+}
+
+function enhanceBrowserFetchError(url: string, err: unknown, timeoutMs: number): Error {
+  const isLocal = !isAbsoluteHttp(url);
+  // Human-facing hint for logs/diagnostics.
+  const operatorHint = isLocal
+    ? `Restart the OpenClaw gateway (OpenClaw.app menubar, or \`${formatCliCommand("openclaw gateway")}\`).`
+    : "If this is a sandboxed session, ensure the sandbox browser is running.";
+  // Model-facing suffix: explicitly tell the LLM NOT to retry.
+  // Without this, models see "try again" and enter an infinite tool-call loop.
+  const modelHint =
+    "Do NOT retry the browser tool — it will keep failing. " +
+    "Use an alternative approach or inform the user that the browser is currently unavailable.";
+  const msg = String(err);
+  const msgLower = msg.toLowerCase();
+  const looksLikeTimeout =
+    msgLower.includes("timed out") ||
+    msgLower.includes("timeout") ||
+    msgLower.includes("aborted") ||
+    msgLower.includes("abort") ||
+    msgLower.includes("aborterror");
+  if (looksLikeTimeout) {
+    return new Error(
+      `Can't reach the OpenClaw browser control service (timed out after ${timeoutMs}ms). ${operatorHint} ${modelHint}`,
+    );
+  }
+  return new Error(
+    `Can't reach the OpenClaw browser control service. ${operatorHint} ${modelHint} (${msg})`,
+  );
+}
+
+async function fetchHttpJson<T>(
+  url: string,
+  init: RequestInit & { timeoutMs?: number },
+): Promise<T> {
+  const timeoutMs = init.timeoutMs ?? 5000;
+  const ctrl = new AbortController();
+  const upstreamSignal = init.signal;
+  let upstreamAbortListener: (() => void) | undefined;
+  if (upstreamSignal) {
+    if (upstreamSignal.aborted) {
+      ctrl.abort(upstreamSignal.reason);
+    } else {
+      upstreamAbortListener = () => ctrl.abort(upstreamSignal.reason);
+      upstreamSignal.addEventListener("abort", upstreamAbortListener, { once: true });
+    }
+  }
+
+  const t = setTimeout(() => ctrl.abort(new Error("timed out")), timeoutMs);
+  try {
+    const res = await fetch(url, { ...init, signal: ctrl.signal });
+    if (!res.ok) {
+      const text = await res.text().catch(() => "");
+      throw new Error(text || `HTTP ${res.status}`);
+    }
+    return (await res.json()) as T;
+  } finally {
+    clearTimeout(t);
+    if (upstreamSignal && upstreamAbortListener) {
+      upstreamSignal.removeEventListener("abort", upstreamAbortListener);
+    }
+  }
+}
+
+export async function fetchBrowserJson<T>(
+  url: string,
+  init?: RequestInit & { timeoutMs?: number },
+): Promise<T> {
+  const timeoutMs = init?.timeoutMs ?? 5000;
+  try {
+    if (isAbsoluteHttp(url)) {
+      const httpInit = withLoopbackBrowserAuth(url, init);
+      return await fetchHttpJson<T>(url, { ...httpInit, timeoutMs });
+    }
+    const started = await startBrowserControlServiceFromConfig();
+    if (!started) {
+      throw new Error("browser control disabled");
+    }
+    const dispatcher = createBrowserRouteDispatcher(createBrowserControlContext());
+    const parsed = new URL(url, "http://localhost");
+    const query: Record<string, unknown> = {};
+    for (const [key, value] of parsed.searchParams.entries()) {
+      query[key] = value;
+    }
+    let body = init?.body;
+    if (typeof body === "string") {
+      try {
+        body = JSON.parse(body);
+      } catch {
+        // keep as string
+      }
+    }
+
+    const abortCtrl = new AbortController();
+    const upstreamSignal = init?.signal;
+    let upstreamAbortListener: (() => void) | undefined;
+    if (upstreamSignal) {
+      if (upstreamSignal.aborted) {
+        abortCtrl.abort(upstreamSignal.reason);
+      } else {
+        upstreamAbortListener = () => abortCtrl.abort(upstreamSignal.reason);
+        upstreamSignal.addEventListener("abort", upstreamAbortListener, { once: true });
+      }
+    }
+
+    let abortListener: (() => void) | undefined;
+    const abortPromise: Promise<never> = abortCtrl.signal.aborted
+      ? Promise.reject(abortCtrl.signal.reason ?? new Error("aborted"))
+      : new Promise((_, reject) => {
+          abortListener = () => reject(abortCtrl.signal.reason ?? new Error("aborted"));
+          abortCtrl.signal.addEventListener("abort", abortListener, { once: true });
+        });
+
+    let timer: ReturnType<typeof setTimeout> | undefined;
+    if (timeoutMs) {
+      timer = setTimeout(() => abortCtrl.abort(new Error("timed out")), timeoutMs);
+    }
+
+    const dispatchPromise = dispatcher.dispatch({
+      method:
+        init?.method?.toUpperCase() === "DELETE"
+          ? "DELETE"
+          : init?.method?.toUpperCase() === "POST"
+            ? "POST"
+            : "GET",
+      path: parsed.pathname,
+      query,
+      body,
+      signal: abortCtrl.signal,
+    });
+
+    const result = await Promise.race([dispatchPromise, abortPromise]).finally(() => {
+      if (timer) {
+        clearTimeout(timer);
+      }
+      if (abortListener) {
+        abortCtrl.signal.removeEventListener("abort", abortListener);
+      }
+      if (upstreamSignal && upstreamAbortListener) {
+        upstreamSignal.removeEventListener("abort", upstreamAbortListener);
+      }
+    });
+
+    if (result.status >= 400) {
+      const message =
+        result.body && typeof result.body === "object" && "error" in result.body
+          ? String((result.body as { error?: unknown }).error)
+          : `HTTP ${result.status}`;
+      throw new Error(message);
+    }
+    return result.body as T;
+  } catch (err) {
+    throw enhanceBrowserFetchError(url, err, timeoutMs);
+  }
+}
+
+export const __test = {
+  withLoopbackBrowserAuth: withLoopbackBrowserAuthImpl,
+};