@aria-cli/tools 1.0.12 → 1.0.14

package/dist-cjs/executors/utils.js

@@ -1,73 +0,0 @@
-"use strict";
-/**
- * @aria/tools - Shared executor utilities
- *
- * Common helper functions used across all executor modules.
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getErrorMessage = void 0;
-exports.success = success;
-exports.fail = fail;
-exports.isPathWithinBase = isPathWithinBase;
-const nodePath = __importStar(require("node:path"));
-var types_1 = require("@aria-cli/types");
-Object.defineProperty(exports, "getErrorMessage", { enumerable: true, get: function () { return types_1.getErrorMessage; } });
-/**
- * Creates a successful result.
- */
-function success(message, data) {
-    return { success: true, message, data };
-}
-/**
- * Creates a failure result.
- */
-function fail(message, data) {
-    return { success: false, message, data };
-}
-/**
- * Checks if a resolved path is within the allowed base directory.
- * Prevents path traversal attacks.
- */
-function isPathWithinBase(resolvedPath, baseDir) {
-    const normalizedPath = nodePath.normalize(resolvedPath);
-    const normalizedBase = nodePath.normalize(baseDir);
-    // normalize() strips trailing separators except for root "/".
-    // Guard against root-as-base which would allow every absolute path.
-    const baseWithSep = normalizedBase.endsWith(nodePath.sep)
-        ? normalizedBase
-        : normalizedBase + nodePath.sep;
-    return normalizedPath === normalizedBase || normalizedPath.startsWith(baseWithSep);
-}

package/dist-cjs/executors/web.js

@@ -1,547 +0,0 @@
-"use strict";
-/**
- * @aria/tools - Web tool executors
- *
- * Implementation of web operations for ARIA tool system.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.executeWebSearch = executeWebSearch;
-exports.executeWebFetch = executeWebFetch;
-exports.executeBrowse = executeBrowse;
-const node_crypto_1 = require("node:crypto");
-const types_1 = require("@aria-cli/types");
-const zod_1 = require("zod");
-const utils_js_1 = require("./utils.js");
-const safe_parse_json_js_1 = require("../utils/safe-parse-json.js");
-const ssrf_js_1 = require("../security/ssrf.js");
-const router_js_1 = require("../providers/router.js");
-const index_js_1 = require("../providers/index.js");
-const search_provider_js_1 = require("../providers/search-provider.js");
-const web_cache_js_1 = require("../cache/web-cache.js");
-const retry_js_1 = require("../utils/retry.js");
-const external_content_js_1 = require("../security/external-content.js");
-const content_extraction_js_1 = require("../extraction/content-extraction.js");
-const url_js_1 = require("../utils/url.js");
-function buildSearchEnv(ctx) {
-    const env = ctx.env ?? {};
-    return {
-        ARIA_SEARCH_PROVIDER: env.ARIA_SEARCH_PROVIDER ?? process.env.ARIA_SEARCH_PROVIDER,
-        BRAVE_API_KEY: env.BRAVE_API_KEY ?? process.env.BRAVE_API_KEY,
-        FIRECRAWL_API_KEY: env.FIRECRAWL_API_KEY ?? process.env.FIRECRAWL_API_KEY,
-        EXA_API_KEY: env.EXA_API_KEY ?? process.env.EXA_API_KEY,
-        TAVILY_API_KEY: env.TAVILY_API_KEY ?? process.env.TAVILY_API_KEY,
-        JINA_API_KEY: env.JINA_API_KEY ?? process.env.JINA_API_KEY,
-    };
-}
-function createSearchRouter(env) {
-    return new router_js_1.SearchProviderRouter([
-        new index_js_1.BraveSearchProvider(env),
-        new index_js_1.TavilySearchProvider(env),
-        new index_js_1.JinaSearchProvider(env),
-        new index_js_1.ExaSearchProvider(env),
-        new index_js_1.FirecrawlSearchProvider(env),
-        new index_js_1.DuckDuckGoSearchProvider(),
-    ], env);
-}
-/** Default timeout for fetch requests in milliseconds */
-const DEFAULT_TIMEOUT_MS = 30_000;
-/** Default maximum response size in bytes for fetch (1MB) */
-const FETCH_MAX_SIZE_BYTES = 1 * 1024 * 1024;
-/** Default maximum response size in bytes for browse (2MB) */
-const BROWSE_MAX_SIZE_BYTES = 2 * 1024 * 1024;
-const JsonFetchContentSchema = zod_1.z.union([
-    zod_1.z.record(zod_1.z.string(), zod_1.z.unknown()),
-    zod_1.z.array(zod_1.z.unknown()),
-    zod_1.z.string(),
-    zod_1.z.number(),
-    zod_1.z.boolean(),
-    zod_1.z.null(),
-]);
-/**
- * Creates an AbortController with a timeout.
- */
-function createTimeoutController(timeoutMs) {
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => {
-        if (!controller.signal.aborted) {
-            controller.abort();
-        }
-    }, timeoutMs);
-    return { controller, timeoutId };
-}
-/**
- * Links a parent AbortSignal to a child AbortController, forwarding abort.
- * Returns a cleanup function that MUST be called when the operation completes
- * to prevent the listener from firing after the try/catch scope has exited.
- */
-function linkAbortSignal(parentSignal, childController) {
-    if (!parentSignal)
-        return () => { };
-    const onAbort = () => {
-        if (!childController.signal.aborted) {
-            childController.abort();
-        }
-    };
-    parentSignal.addEventListener("abort", onAbort, { once: true });
-    return () => {
-        parentSignal.removeEventListener("abort", onAbort);
-    };
-}
-/**
- * Reads a response body with a streaming byte limit.
- * Unlike checking Content-Length alone, this protects against chunked/streaming
- * responses that lack a Content-Length header.
- *
- * When `truncate` is false (default), throws if the limit is exceeded.
- * When `truncate` is true, returns whatever was read up to the limit.
- */
-async function readResponseWithLimit(response, maxBytes, options) {
-    const body = response.body;
-    if (!body) {
-        return { text: "", truncated: false, contentBytes: 0 };
-    }
-    const truncateMode = options?.truncate ?? false;
-    const reader = body.getReader();
-    const decoder = new TextDecoder();
-    const chunks = [];
-    let totalBytes = 0;
-    try {
-        for (;;) {
-            const { done, value } = await reader.read();
-            if (done)
-                break;
-            const chunkBytes = value.byteLength;
-            if (totalBytes + chunkBytes > maxBytes) {
-                if (truncateMode) {
-                    // Keep what we have so far (exclude the chunk that exceeded the limit)
-                    reader.cancel();
-                    chunks.push(decoder.decode());
-                    return {
-                        text: chunks.join(""),
-                        truncated: true,
-                        contentBytes: totalBytes,
-                    };
-                }
-                reader.cancel();
-                throw new Error(`Response body exceeds maximum size of ${maxBytes} bytes`);
-            }
-            totalBytes += chunkBytes;
-            chunks.push(decoder.decode(value, { stream: true }));
-        }
-        // Flush the decoder
-        chunks.push(decoder.decode());
-        return { text: chunks.join(""), truncated: false, contentBytes: totalBytes };
-    }
-    catch (err) {
-        reader.cancel();
-        throw err;
-    }
-}
-function ensureWrappedExternalContent(content, source) {
-    return (0, external_content_js_1.wrapExternalContent)(content, source).content;
-}
-function wrapWebSearchOutput(output) {
-    return {
-        query: output.query,
-        results: output.results.map((result) => ({
-            ...result,
-            content: ensureWrappedExternalContent(result.content, "web_search"),
-        })),
-    };
-}
-function hasAdvancedSearchOptions(input) {
-    return (input.limit !== undefined ||
-        input.topic !== undefined ||
-        (input.domains?.length ?? 0) > 0 ||
-        (input.excludeDomains?.length ?? 0) > 0 ||
-        input.timeRange !== undefined);
-}
-function buildSearchCachePayload(query, options) {
-    return JSON.stringify({ query, ...options });
-}
-function buildRouterSearchCacheKey(env, query, options) {
-    const resolved = (0, search_provider_js_1.resolveSearchProviderEnv)(env);
-    const providerOverride = resolved.ARIA_SEARCH_PROVIDER ?? "auto";
-    const providerAvailability = [
-        resolved.BRAVE_API_KEY ? "brave=1" : "brave=0",
-        resolved.TAVILY_API_KEY ? "tavily=1" : "tavily=0",
-        resolved.JINA_API_KEY ? "jina=1" : "jina=0",
-        resolved.EXA_API_KEY ? "exa=1" : "exa=0",
-        resolved.FIRECRAWL_API_KEY ? "firecrawl=1" : "firecrawl=0",
-    ].join(",");
-    return `search:router:${providerOverride}:${providerAvailability}:${buildSearchCachePayload(query, options)}`;
-}
-function buildNativeSearchCacheKey(providerName, query, options) {
-    return `search:native:${providerName}:${buildSearchCachePayload(query, options)}`;
-}
-/**
- * Searches the web using the SearchProviderRouter with automatic fallback.
- * Providers are selected based on available API keys (Brave, Tavily, Jina, Exa,
- * Firecrawl, DuckDuckGo). DuckDuckGo is always available as a last resort.
- *
- * Results are cached via LRU+TTL cache for 15 minutes.
- */
-async function executeWebSearch(input, ctx) {
-    const limit = input.limit ?? 10;
-    const searchOptions = {
-        limit,
-        ...(input.topic ? { topic: input.topic } : {}),
-        ...(input.domains ? { domains: input.domains } : {}),
-        ...(input.excludeDomains ? { excludeDomains: input.excludeDomains } : {}),
-        ...(input.timeRange ? { timeRange: input.timeRange } : {}),
-    };
-    const searchEnv = buildSearchEnv(ctx);
-    const advancedOptionsProvided = hasAdvancedSearchOptions(input);
-    const nativeSearchAvailable = Boolean(ctx.nativeSearchAdapter && ctx.providerContext?.capabilities?.nativeSearch);
-    const nativeProviderName = ctx.providerContext?.name ?? "unknown";
-    const routerCacheKey = buildRouterSearchCacheKey(searchEnv, input.query, searchOptions);
-    const nativeCacheKey = nativeSearchAvailable && !advancedOptionsProvided
-        ? buildNativeSearchCacheKey(nativeProviderName, input.query, searchOptions)
-        : undefined;
-    if (nativeCacheKey) {
-        const cachedNative = web_cache_js_1.searchCache.get(nativeCacheKey);
-        if (cachedNative) {
-            return (0, utils_js_1.success)(`Found ${cachedNative.results.length} cached results for "${input.query}"`, wrapWebSearchOutput(cachedNative));
-        }
-    }
-    else {
-        const cachedRouter = web_cache_js_1.searchCache.get(routerCacheKey);
-        if (cachedRouter) {
-            return (0, utils_js_1.success)(`Found ${cachedRouter.results.length} cached results for "${input.query}"`, wrapWebSearchOutput(cachedRouter));
-        }
-    }
-    if (advancedOptionsProvided && nativeSearchAvailable) {
-        types_1.log.debug("[web_search] advanced options provided; bypassing native adapter");
-    }
-    // Native search routing: If provider supports native search and adapter is wired, use it
-    // Phase 1: Gemini isolated adapter (router-based callback pattern)
-    if (nativeSearchAvailable && ctx.nativeSearchAdapter && !advancedOptionsProvided) {
-        try {
-            const rawResults = await ctx.nativeSearchAdapter(input.query);
-            if (rawResults.length === 0) {
-                throw new Error("Native search returned no results");
-            }
-            const results = rawResults.map((r) => ({
-                title: r.title,
-                url: r.url,
-                content: r.content,
-                score: r.score,
-            }));
-            const output = { query: input.query, results };
-            web_cache_js_1.searchCache.set(nativeCacheKey, output);
-            return (0, utils_js_1.success)(`Found ${results.length} results for "${input.query}" (native search)`, wrapWebSearchOutput(output));
-        }
-        catch (err) {
-            // Fall through to SearchProviderRouter on native search failure
-            types_1.log.debug(`[web_search] native adapter failed, falling back: ${(0, utils_js_1.getErrorMessage)(err)}`);
-            const cachedRouterFallback = web_cache_js_1.searchCache.get(routerCacheKey);
-            if (cachedRouterFallback) {
-                return (0, utils_js_1.success)(`Found ${cachedRouterFallback.results.length} cached results for "${input.query}"`, wrapWebSearchOutput(cachedRouterFallback));
-            }
-        }
-    }
-    const searchRouter = createSearchRouter(searchEnv);
-    try {
-        // Race search against context abort signal for cancellation support
-        let results;
-        if (ctx.abortSignal) {
-            const abortPromise = new Promise((_resolve, reject) => {
-                if (ctx.abortSignal.aborted) {
-                    reject(new DOMException("The operation was aborted", "AbortError"));
-                    return;
-                }
-                ctx.abortSignal.addEventListener("abort", () => reject(new DOMException("The operation was aborted", "AbortError")), { once: true });
-            });
-            results = await Promise.race([searchRouter.search(input.query, searchOptions), abortPromise]);
-        }
-        else {
-            results = await searchRouter.search(input.query, searchOptions);
-        }
-        // Normalize results to WebSearchResult shape (cache raw; wrap at return-time)
-        const webResults = results.map((r) => ({
-            title: r.title,
-            url: r.url,
-            content: r.content,
-            score: r.score,
-        }));
-        const output = { query: input.query, results: webResults };
-        web_cache_js_1.searchCache.set(routerCacheKey, output);
-        return (0, utils_js_1.success)(`Found ${webResults.length} results for "${input.query}"`, wrapWebSearchOutput(output));
-    }
-    catch (err) {
-        if (ctx.abortSignal?.aborted) {
-            return (0, utils_js_1.fail)("Web search cancelled");
-        }
-        return (0, utils_js_1.fail)(`Web search failed: ${(0, utils_js_1.getErrorMessage)(err)}`);
-    }
-}
-function wrapWebFetchOutput(output) {
-    if (typeof output.content !== "string") {
-        return output;
-    }
-    return {
-        ...output,
-        content: ensureWrappedExternalContent(output.content, "web_fetch"),
-    };
-}
-function markFetchOutputFromCache(cached) {
-    return {
-        ...cached,
-        fromCache: true,
-    };
-}
-function normalizeRequestHeaders(headers) {
-    if (!headers) {
-        return [];
-    }
-    return Object.entries(headers)
-        .map(([name, value]) => [name.trim().toLowerCase(), value.trim()])
-        .sort(([left], [right]) => left.localeCompare(right));
-}
-function hashRequestHeaders(headers) {
-    const normalizedHeaders = normalizeRequestHeaders(headers);
-    if (normalizedHeaders.length === 0) {
-        return "none";
-    }
-    return (0, node_crypto_1.createHash)("sha256").update(JSON.stringify(normalizedHeaders)).digest("hex");
-}
-function createFetchCacheKey({ url, format, headers, timeoutMs, maxSizeBytes, }) {
-    return `fetch:${url}:${format}:headers=${hashRequestHeaders(headers)}:maxSizeBytes=${maxSizeBytes}:timeoutMs=${timeoutMs}`;
-}
-/**
- * Fetches content from a URL with retry resilience, caching, and security wrapping.
- * Uses fetchWithRetry for automatic retry on transient failures (429, 5xx, ECONNRESET).
- * Results are cached via LRU+TTL cache for 15 minutes.
- */
-async function executeWebFetch(input, ctx) {
-    // Normalize GitHub blob URLs to raw content URLs before fetching
-    const url = (0, url_js_1.normalizeGitHubUrl)(input.url);
-    // Validate URL structure. DNS/SSRF safety is enforced by fetchWithSsrf
-    // so validation and fetch share one trust boundary.
-    const urlError = (0, ssrf_js_1.validateUrlStructure)(url);
-    if (urlError) {
-        return (0, utils_js_1.fail)(urlError);
-    }
-    const format = input.format ?? "text";
-    const timeoutMs = input.timeoutMs ?? DEFAULT_TIMEOUT_MS;
-    const maxSizeBytes = input.maxSizeBytes ?? FETCH_MAX_SIZE_BYTES;
-    // Check cache first (use normalized URL + request variants to avoid collisions)
-    const cacheKey = createFetchCacheKey({
-        url,
-        format,
-        headers: input.headers,
-        timeoutMs,
-        maxSizeBytes,
-    });
-    const cached = web_cache_js_1.fetchCache.get(cacheKey);
-    if (cached) {
-        return (0, utils_js_1.success)(`Fetched ${input.url} (cached)`, wrapWebFetchOutput(markFetchOutputFromCache(cached)));
-    }
-    const { controller, timeoutId } = createTimeoutController(timeoutMs);
-    // Forward context abort signal to our controller
-    const unlinkAbort = linkAbortSignal(ctx.abortSignal, controller);
-    try {
-        const fetchOptions = {
-            headers: input.headers ?? {},
-            signal: controller.signal,
-            redirect: "manual",
-        };
-        // Use DNS-pinned SSRF fetch wrapper with transient retry support.
-        const initialResponse = await (0, retry_js_1.fetchWithSsrf)(url, fetchOptions, {
-            maxAttempts: 2,
-        });
-        // Follow redirects manually and keep each hop on the same DNS-pinned path.
-        const response = await (0, ssrf_js_1.followRedirects)(initialResponse, fetchOptions, {
-            baseUrl: url,
-            fetchFn: (redirectUrl, redirectInit) => (0, retry_js_1.fetchWithSsrf)(redirectUrl, redirectInit, { maxAttempts: 2 }),
-            validateRedirectUrl: ssrf_js_1.validateUrlStructure,
-        });
-        clearTimeout(timeoutId);
-        if (!response.ok) {
-            await (0, ssrf_js_1.discardResponseBody)(response);
-            unlinkAbort();
-            return (0, utils_js_1.fail)(`HTTP error: ${response.status} ${response.statusText}`, {
-                status: response.status,
-                statusText: response.statusText,
-            });
-        }
-        // Check Content-Length header for size limit
-        const contentLength = response.headers.get("Content-Length");
-        if (contentLength) {
-            const size = parseInt(contentLength, 10);
-            if (!isNaN(size) && size > maxSizeBytes) {
-                await (0, ssrf_js_1.discardResponseBody)(response);
-                unlinkAbort();
-                return (0, utils_js_1.fail)(`Response too large: ${size} bytes exceeds maximum of ${maxSizeBytes} bytes`);
-            }
-        }
-        const contentType = response.headers.get("Content-Type") ?? undefined;
-        let content;
-        // Use streaming reader to enforce size limit even for chunked responses
-        let text;
-        let contentBytes = 0;
-        try {
-            const result = await readResponseWithLimit(response, maxSizeBytes);
-            text = result.text;
-            contentBytes = result.contentBytes;
-            if (result.truncated) {
-                unlinkAbort();
-                return (0, utils_js_1.fail)(`Response body exceeds maximum size of ${maxSizeBytes} bytes`);
-            }
-        }
-        catch (sizeErr) {
-            unlinkAbort();
-            return (0, utils_js_1.fail)((0, utils_js_1.getErrorMessage)(sizeErr));
-        }
-        if (format === "json") {
-            const parsed = (0, safe_parse_json_js_1.safeParseJson)(text, JsonFetchContentSchema);
-            if (!parsed.ok) {
-                unlinkAbort();
-                return (0, utils_js_1.fail)(`Failed to parse JSON response (${parsed.reason})`);
-            }
-            content = parsed.data;
-        }
-        else {
-            content = text;
-        }
-        const output = {
-            content,
-            status: response.status,
-            contentType,
-            fromCache: false,
-            fetchedAt: new Date().toISOString(),
-            finalUrl: response.url || url,
-            contentBytes,
-            truncated: false,
-        };
-        web_cache_js_1.fetchCache.set(cacheKey, output);
-        unlinkAbort();
-        return (0, utils_js_1.success)(`Fetched ${input.url} (${response.status})`, wrapWebFetchOutput(output));
-    }
-    catch (err) {
-        clearTimeout(timeoutId);
-        unlinkAbort();
-        if (err instanceof Error &&
-            (err.name === "AbortError" || (err instanceof DOMException && err.name === "AbortError"))) {
-            if (ctx.abortSignal?.aborted) {
-                return (0, utils_js_1.fail)("Request cancelled");
-            }
-            return (0, utils_js_1.fail)(`Request timed out after ${timeoutMs}ms`);
-        }
-        return (0, utils_js_1.fail)((0, utils_js_1.getErrorMessage)(err));
-    }
-}
-// ============================================================================
-// Browse
-// ============================================================================
-/** Default timeout for browsing in milliseconds */
-const BROWSE_TIMEOUT_MS = 30_000;
-/** Maximum content length returned by browse (characters) — increased from 10K to 50K */
-const BROWSE_MAX_CONTENT_LENGTH = 50_000;
-function wrapBrowseOutput(output) {
-    return {
-        ...output,
-        content: ensureWrappedExternalContent(output.content, "browse"),
-    };
-}
-function markBrowseOutputFromCache(cached) {
-    return {
-        ...cached,
-        fromCache: true,
-    };
-}
-/**
- * Browses a URL by fetching its HTML content and extracting Markdown.
- * Uses Readability.js + Turndown for article extraction with three-tier fallback.
- * Supports GitHub URL normalization, retry on transient failures, LRU+TTL caching,
- * and nonce-based external content wrapping.
- */
-async function executeBrowse(input, ctx) {
-    // Validate URL
-    if (!input.url) {
-        return (0, utils_js_1.fail)("URL is required for browse");
-    }
-    // Normalize GitHub blob URLs to raw content URLs
-    const url = (0, url_js_1.normalizeGitHubUrl)(input.url);
-    // Check cache (using normalized URL as key)
-    const cached = web_cache_js_1.browseCache.get(url);
-    if (cached) {
-        return (0, utils_js_1.success)(`Browsed ${input.url} (cached)`, wrapBrowseOutput(markBrowseOutputFromCache(cached)));
-    }
-    const urlError = (0, ssrf_js_1.validateUrlStructure)(url);
-    if (urlError) {
-        return (0, utils_js_1.fail)(urlError);
-    }
-    const timeoutMs = input.timeoutMs ?? BROWSE_TIMEOUT_MS;
-    const { controller, timeoutId } = createTimeoutController(timeoutMs);
-    // Forward context abort signal to our controller
-    const unlinkAbort = linkAbortSignal(ctx.abortSignal, controller);
-    try {
-        const fetchOptions = {
-            headers: {
-                "User-Agent": (0, url_js_1.getUserAgent)(),
-                Accept: "text/html, application/xhtml+xml, */*",
-            },
-            signal: controller.signal,
-            redirect: "manual",
-        };
-        // Use DNS-pinned SSRF fetch wrapper with transient retry support.
-        const initialResponse = await (0, retry_js_1.fetchWithSsrf)(url, fetchOptions, {
-            maxAttempts: 2,
-        });
-        // Follow redirects manually and keep each hop on the same DNS-pinned path.
-        const response = await (0, ssrf_js_1.followRedirects)(initialResponse, fetchOptions, {
-            baseUrl: url,
-            fetchFn: (redirectUrl, redirectInit) => (0, retry_js_1.fetchWithSsrf)(redirectUrl, redirectInit, { maxAttempts: 2 }),
-            validateRedirectUrl: ssrf_js_1.validateUrlStructure,
-        });
-        clearTimeout(timeoutId);
-        if (!response.ok) {
-            await (0, ssrf_js_1.discardResponseBody)(response);
-            unlinkAbort();
-            return (0, utils_js_1.fail)(`HTTP error fetching ${input.url}: ${response.status} ${response.statusText}`);
-        }
-        // Truncate large pages gracefully — content gets reduced to 50K chars by
-        // Readability+Turndown anyway, so the first 2MB of HTML is plenty.
-        const { text: html, truncated: responseTruncated, contentBytes, } = await readResponseWithLimit(response, BROWSE_MAX_SIZE_BYTES, {
-            truncate: true,
-        });
-        // Extract content using Content-Type-aware extraction pipeline.
-        const { title, content: extractedContent } = await (0, content_extraction_js_1.extractFromResponse)(html, url, response.headers.get("Content-Type"));
-        // Truncate to 50K character limit
-        // extractContent() internally truncates to MAX_CONTENT_LENGTH (50K),
-        // so content that was originally longer arrives here at exactly 50K.
-        // Use >= to detect content that hit the internal limit.
-        const contentLimitReached = extractedContent.length >= BROWSE_MAX_CONTENT_LENGTH;
-        const truncated = contentLimitReached || responseTruncated;
-        const truncatedContent = contentLimitReached
-            ? extractedContent.slice(0, BROWSE_MAX_CONTENT_LENGTH) + "\n\n[Content truncated]"
-            : responseTruncated
-                ? extractedContent + "\n\n[Content truncated]"
-                : extractedContent;
-        const output = {
-            url: input.url,
-            title,
-            content: truncatedContent,
-            fromCache: false,
-            fetchedAt: new Date().toISOString(),
-            finalUrl: response.url || url,
-            contentBytes,
-            truncated,
-        };
-        web_cache_js_1.browseCache.set(url, output);
-        unlinkAbort();
-        return (0, utils_js_1.success)(`Browsed ${input.url}`, wrapBrowseOutput(output));
-    }
-    catch (err) {
-        clearTimeout(timeoutId);
-        unlinkAbort();
-        if (err instanceof Error && err.name === "AbortError") {
-            if (ctx.abortSignal?.aborted) {
-                return (0, utils_js_1.fail)("Browse cancelled");
-            }
-            return (0, utils_js_1.fail)(`Browse timed out after ${timeoutMs}ms: ${input.url}`);
-        }
-        return (0, utils_js_1.fail)(`Browse failed: ${(0, utils_js_1.getErrorMessage)(err)}`);
-    }
-}