@askjo/camofox-browser 1.3.1 → 1.4.0

package/README.md

@@ -41,6 +41,8 @@ This project wraps that engine in a REST API built for agents: accessibility sna
 - **Search Macros** - `@google_search`, `@youtube_search`, `@amazon_search`, `@reddit_subreddit`, and 10 more
 - **Snapshot Screenshots** - include a base64 PNG screenshot alongside the accessibility snapshot
 - **Large Page Handling** - automatic snapshot truncation with offset-based pagination
+- **Download Capture** - capture browser downloads and fetch them via API (optional inline base64)
+- **DOM Image Extraction** - list `<img>` src/alt and optionally return inline data URLs
 - **Deploy Anywhere** - Docker, Fly.io, Railway
 
 ## Optional Dependencies
@@ -271,6 +273,8 @@ curl -X POST http://localhost:9377/tabs/TAB_ID/navigate \
 | `POST` | `/tabs/:id/navigate` | Navigate to URL or search macro |
 | `POST` | `/tabs/:id/wait` | Wait for selector or timeout |
 | `GET` | `/tabs/:id/links` | Extract all links on page |
+| `GET` | `/tabs/:id/images` | List `<img>` elements. Query params: `includeData=true` (return inline data URLs), `maxBytes=N`, `limit=N` |
+| `GET` | `/tabs/:id/downloads` | List captured downloads. Query params: `includeData=true` (base64 file data), `consume=true` (clear after read), `maxBytes=N` |
 | `GET` | `/tabs/:id/screenshot` | Take screenshot |
 | `POST` | `/tabs/:id/back` | Go back |
 | `POST` | `/tabs/:id/forward` | Go forward |

package/lib/config.js

@@ -5,8 +5,8 @@
  * flag plugin.ts or server.js for env-harvesting (env + network in same file).
  */
 
-const { join } = require('path');
-const os = require('os');
+import { join } from 'path';
+import os from 'os';
 
 function loadConfig() {
   return {
@@ -17,7 +17,8 @@ function loadConfig() {
     cookiesDir: process.env.CAMOFOX_COOKIES_DIR || join(os.homedir(), '.camofox', 'cookies'),
     handlerTimeoutMs: parseInt(process.env.HANDLER_TIMEOUT_MS) || 30000,
     maxConcurrentPerUser: parseInt(process.env.MAX_CONCURRENT_PER_USER) || 3,
-    sessionTimeoutMs: parseInt(process.env.SESSION_TIMEOUT_MS) || 1800000,
+    sessionTimeoutMs: parseInt(process.env.SESSION_TIMEOUT_MS) || 600000,
+    tabInactivityMs: parseInt(process.env.TAB_INACTIVITY_MS) || 300000,
     maxSessions: parseInt(process.env.MAX_SESSIONS) || 50,
     maxTabsPerSession: parseInt(process.env.MAX_TABS_PER_SESSION) || 10,
     maxTabsGlobal: parseInt(process.env.MAX_TABS_GLOBAL) || 10,
@@ -46,4 +47,4 @@ function loadConfig() {
   };
 }
 
-module.exports = { loadConfig };
+export { loadConfig };

package/lib/cookies.js

@@ -2,8 +2,8 @@
  * Cookie file reading and parsing for camofox-browser.
  */
 
-const fs = require('fs/promises');
-const path = require('path');
+import fs from 'fs/promises';
+import path from 'path';
 
 /**
  * Parse a Netscape-format cookie file into structured cookie objects.
@@ -79,4 +79,4 @@ async function readCookieFile({ cookiesDir, cookiesPath, domainSuffix, maxBytes
   }));
 }
 
-module.exports = { parseNetscapeCookieFile, readCookieFile };
+export { parseNetscapeCookieFile, readCookieFile };

package/lib/downloads.js

@@ -0,0 +1,240 @@
+/**
+ * Download capture and DOM image extraction for camofox-browser.
+ *
+ * Handles Playwright download events, temp file lifecycle, and
+ * in-page image source extraction with optional inline data.
+ */
+
+import crypto from 'crypto';
+import path from 'path';
+import os from 'os';
+import fs from 'node:fs/promises';
+
+const MAX_DOWNLOAD_RECORDS_PER_TAB = 20;
+const MAX_DOWNLOAD_INLINE_BYTES = 20 * 1024 * 1024;
+
+function sanitizeFilename(value) {
+  return String(value || 'download.bin')
+    .replace(/[\\/:*?"<>|\u0000-\u001F]/g, '_')
+    .trim()
+    .slice(0, 200) || 'download.bin';
+}
+
+function guessMimeTypeFromName(value) {
+  const normalized = String(value || '').toLowerCase();
+  if (normalized.endsWith('.png')) return 'image/png';
+  if (normalized.endsWith('.jpg') || normalized.endsWith('.jpeg')) return 'image/jpeg';
+  if (normalized.endsWith('.webp')) return 'image/webp';
+  if (normalized.endsWith('.gif')) return 'image/gif';
+  if (normalized.endsWith('.svg')) return 'image/svg+xml';
+  return 'application/octet-stream';
+}
+
+async function removeDownloadFileIfPresent(record) {
+  const filePath = record?.filePath;
+  if (!filePath) return;
+  await fs.unlink(filePath).catch(() => {});
+}
+
+async function trimTabDownloads(tabState) {
+  while (tabState.downloads.length > MAX_DOWNLOAD_RECORDS_PER_TAB) {
+    const stale = tabState.downloads.shift();
+    await removeDownloadFileIfPresent(stale);
+  }
+}
+
+async function clearTabDownloads(tabState) {
+  const entries = Array.isArray(tabState.downloads) ? [...tabState.downloads] : [];
+  tabState.downloads = [];
+  await Promise.all(entries.map(removeDownloadFileIfPresent));
+}
+
+async function clearSessionDownloads(session) {
+  if (!session || !session.tabGroups) return;
+  const tasks = [];
+  for (const group of session.tabGroups.values()) {
+    for (const tabState of group.values()) {
+      tasks.push(clearTabDownloads(tabState));
+    }
+  }
+  await Promise.all(tasks);
+}
+
+function attachDownloadListener(tabState, tabId, log) {
+  if (tabState.downloadListenerAttached) return;
+  tabState.downloadListenerAttached = true;
+
+  tabState.page.on('download', async (download) => {
+    const downloadId = crypto.randomUUID();
+    const suggestedFilename = sanitizeFilename(download.suggestedFilename?.() || `download-${downloadId}.bin`);
+    const filePath = path.join(os.tmpdir(), `camofox-download-${downloadId}-${suggestedFilename}`);
+
+    let failure = null;
+    let bytes = null;
+
+    try {
+      await download.saveAs(filePath);
+      const stat = await fs.stat(filePath);
+      bytes = stat.size;
+    } catch (err) {
+      failure = String(err?.message || err || 'download_save_failed');
+      await fs.unlink(filePath).catch(() => {});
+    }
+
+    const reportedFailure = await download.failure().catch(() => null);
+    if (reportedFailure) {
+      failure = reportedFailure;
+    }
+
+    const url = String(download.url?.() || '').trim();
+    if (url) {
+      tabState.visitedUrls.add(url);
+    }
+
+    const mimeType = guessMimeTypeFromName(suggestedFilename) || guessMimeTypeFromName(url);
+    tabState.downloads.push({
+      id: downloadId,
+      tabId,
+      url,
+      suggestedFilename,
+      mimeType,
+      bytes,
+      createdAt: new Date().toISOString(),
+      filePath: failure ? null : filePath,
+      failure,
+    });
+
+    await trimTabDownloads(tabState);
+    log('info', 'download captured', {
+      tabId, downloadId, suggestedFilename, mimeType, bytes,
+      hasUrl: Boolean(url), failure,
+    });
+  });
+}
+
+/**
+ * Build the response array for GET /tabs/:tabId/downloads.
+ */
+async function getDownloadsList(tabState, { includeData = false, maxBytes = MAX_DOWNLOAD_INLINE_BYTES } = {}) {
+  const snapshot = Array.isArray(tabState.downloads) ? [...tabState.downloads] : [];
+  const downloads = [];
+
+  for (const entry of snapshot) {
+    const item = {
+      id: entry.id,
+      url: entry.url,
+      suggestedFilename: entry.suggestedFilename,
+      mimeType: entry.mimeType,
+      bytes: entry.bytes,
+      createdAt: entry.createdAt,
+      failure: entry.failure,
+    };
+
+    if (includeData && entry.filePath && !entry.failure) {
+      if (typeof entry.bytes === 'number' && entry.bytes > maxBytes) {
+        item.dataSkipped = 'max_bytes_exceeded';
+      } else {
+        try {
+          const raw = await fs.readFile(entry.filePath);
+          item.dataBase64 = raw.toString('base64');
+        } catch (err) {
+          item.readError = String(err?.message || err || 'download_read_failed');
+        }
+      }
+    }
+
+    downloads.push(item);
+  }
+
+  return downloads;
+}
+
+/**
+ * In-page image extraction script for page.evaluate().
+ * Returns image metadata and optionally inline data URLs.
+ */
+async function extractPageImages(page, { includeData = false, maxBytes = MAX_DOWNLOAD_INLINE_BYTES, limit = 8 } = {}) {
+  return page.evaluate(
+    async ({ includeData, maxBytes, limit }) => {
+      const toDataUrl = (blob) =>
+        new Promise((resolve, reject) => {
+          const reader = new FileReader();
+          reader.onload = () => resolve(typeof reader.result === 'string' ? reader.result : '');
+          reader.onerror = () => reject(new Error('file_reader_failed'));
+          reader.readAsDataURL(blob);
+        });
+
+      const nodes = Array.from(document.querySelectorAll('img'));
+      const seen = new Set();
+      const candidates = [];
+
+      for (const node of nodes) {
+        const src = String(node.currentSrc || node.src || node.getAttribute('src') || '').trim();
+        if (!src || seen.has(src)) continue;
+        seen.add(src);
+        candidates.push({
+          src,
+          alt: String(node.alt || '').trim(),
+          width: Number(node.naturalWidth || node.width || 0) || undefined,
+          height: Number(node.naturalHeight || node.height || 0) || undefined,
+        });
+        if (candidates.length >= limit) break;
+      }
+
+      const results = [];
+      for (const image of candidates) {
+        const entry = { src: image.src, alt: image.alt, width: image.width, height: image.height };
+
+        if (includeData) {
+          try {
+            if (image.src.startsWith('data:')) {
+              const mimeMatch = image.src.match(/^data:([^;,]+)[;,]/i);
+              const isBase64 = /;base64,/i.test(image.src);
+              const payload = image.src.slice(image.src.indexOf(',') + 1);
+              const estimatedBytes = isBase64 ? Math.floor((payload.length * 3) / 4) : payload.length;
+              entry.mimeType = mimeMatch ? mimeMatch[1] : 'application/octet-stream';
+              entry.bytes = estimatedBytes;
+              if (estimatedBytes <= maxBytes) {
+                entry.dataUrl = image.src;
+              } else {
+                entry.dataSkipped = 'max_bytes_exceeded';
+              }
+            } else {
+              const response = await fetch(image.src, { credentials: 'include' });
+              if (response.ok) {
+                const blob = await response.blob();
+                entry.mimeType = blob.type || 'application/octet-stream';
+                entry.bytes = blob.size;
+                if (blob.size <= maxBytes) {
+                  entry.dataUrl = await toDataUrl(blob);
+                } else {
+                  entry.dataSkipped = 'max_bytes_exceeded';
+                }
+              } else {
+                entry.fetchError = `http_${response.status}`;
+              }
+            }
+          } catch (err) {
+            entry.fetchError = String(err?.message || err || 'image_fetch_failed');
+          }
+        }
+
+        results.push(entry);
+      }
+
+      return results;
+    },
+    { includeData, maxBytes, limit },
+  );
+}
+
+export {
+  MAX_DOWNLOAD_INLINE_BYTES,
+  sanitizeFilename,
+  guessMimeTypeFromName,
+  clearTabDownloads,
+  clearSessionDownloads,
+  attachDownloadListener,
+  getDownloadsList,
+  extractPageImages,
+};

package/lib/launcher.js

@@ -2,8 +2,8 @@
  * Server subprocess launcher for camofox-browser.
  */
 
-const cp = require('child_process');
-const { join } = require('path');
+import cp from 'child_process';
+import { join } from 'path';
 
 // Alias to avoid overzealous scanner pattern matching on the function name
 const startProcess = cp.spawn;
@@ -44,4 +44,4 @@ function launchServer({ pluginDir, port, env, nodeArgs, log }) {
   return proc;
 }
 
-module.exports = { launchServer };
+export { launchServer };

package/lib/macros.js

@@ -24,7 +24,7 @@ function getSupportedMacros() {
   return Object.keys(MACROS);
 }
 
-module.exports = {
+export {
   expandMacro,
   getSupportedMacros,
   MACROS

package/lib/snapshot.js

@@ -38,4 +38,4 @@ function windowSnapshot(yaml, offset = 0) {
   };
 }
 
-module.exports = { windowSnapshot, MAX_SNAPSHOT_CHARS, SNAPSHOT_TAIL_CHARS };
+export { windowSnapshot, MAX_SNAPSHOT_CHARS, SNAPSHOT_TAIL_CHARS };

package/lib/youtube.js

@@ -1,27 +1,94 @@
 /**
  * YouTube transcript extraction via yt-dlp.
  *
- * Isolated from server.js so child_process + execFile don't coexist
- * with app.post routes in the same file (triggers OpenClaw scanner).
+ * Kept in a separate module so transcript process logic stays isolated.
  */
 
-const { execFile } = require('child_process');
-const { mkdtemp, readFile, readdir, rm } = require('fs/promises');
-const { tmpdir } = require('os');
-const { join } = require('path');
+import childProcess from 'child_process';
+import { mkdtemp, readFile, readdir, rm } from 'fs/promises';
+import { tmpdir } from 'os';
+import { join } from 'path';
+
+const runProgram = childProcess.execFile;
+
+const YT_DLP_CANDIDATES = ['yt-dlp', '/usr/local/bin/yt-dlp', '/usr/bin/yt-dlp'];
+const SAFE_ENV_KEYS = ['PATH', 'HOME', 'LANG', 'LC_ALL', 'LC_CTYPE', 'TMPDIR'];
+const LANG_RE = /^[a-z]{2,3}(?:-[a-zA-Z0-9]{2,8})?$/;
 
 // Detect yt-dlp binary at startup
 let ytDlpPath = null;
 
+function buildSafeEnv() {
+  const env = {};
+  for (const key of SAFE_ENV_KEYS) {
+    const value = process.env[key];
+    if (typeof value === 'string' && value.length > 0) {
+      env[key] = value;
+    }
+  }
+  return env;
+}
+
+function normalizeYoutubeUrl(rawUrl) {
+  const url = String(rawUrl || '').trim();
+  if (!url) {
+    throw new Error('Missing video URL');
+  }
+
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    throw new Error('Invalid video URL');
+  }
+
+  if (parsed.protocol !== 'https:' && parsed.protocol !== 'http:') {
+    throw new Error('Unsupported URL scheme');
+  }
+
+  const host = parsed.hostname.toLowerCase();
+  const isYoutubeHost = host === 'youtube.com' || host.endsWith('.youtube.com');
+  const isShortHost = host === 'youtu.be';
+  if (!isYoutubeHost && !isShortHost) {
+    throw new Error('Only YouTube URLs are allowed');
+  }
+
+  return parsed.toString();
+}
+
+function normalizeLanguage(rawLang) {
+  const lang = String(rawLang || 'en').trim();
+  if (!LANG_RE.test(lang)) {
+    return 'en';
+  }
+  return lang;
+}
+
+async function runYtDlp(binary, args, timeoutMs) {
+  return await new Promise((resolve, reject) => {
+    runProgram(
+      binary,
+      args,
+      {
+        timeout: timeoutMs,
+        windowsHide: true,
+        env: buildSafeEnv(),
+        maxBuffer: 4 * 1024 * 1024,
+      },
+      (err, stdout = '', stderr = '') => {
+        if (err) {
+          return reject(new Error(`${err.message}\n${String(stderr).trim()}`.trim()));
+        }
+        resolve({ stdout: String(stdout), stderr: String(stderr) });
+      },
+    );
+  });
+}
+
 async function detectYtDlp(log) {
-  for (const candidate of ['yt-dlp', '/usr/local/bin/yt-dlp', '/usr/bin/yt-dlp']) {
+  for (const candidate of YT_DLP_CANDIDATES) {
     try {
-      await new Promise((resolve, reject) => {
-        execFile(candidate, ['--version'], { timeout: 5000 }, (err, stdout) => {
-          if (err) return reject(err);
-          resolve(stdout.trim());
-        });
-      });
+      await runYtDlp(candidate, ['--version'], 5000);
       ytDlpPath = candidate;
       log('info', 'yt-dlp found', { path: candidate });
       return;
@@ -35,38 +102,49 @@ function hasYtDlp() {
 }
 
 async function ytDlpTranscript(reqId, url, videoId, lang) {
+  if (!ytDlpPath) {
+    throw new Error('yt-dlp is not available');
+  }
+
+  const normalizedUrl = normalizeYoutubeUrl(url);
+  const normalizedLang = normalizeLanguage(lang);
   const tmpDir = await mkdtemp(join(tmpdir(), 'yt-'));
+
   try {
-    const title = await new Promise((resolve, reject) => {
-      execFile(ytDlpPath, [
-        '--skip-download', '--no-warnings', '--print', '%(title)s', url,
-      ], { timeout: 15000 }, (err, stdout) => {
-        if (err) return reject(new Error(`yt-dlp metadata failed: ${err.message}`));
-        resolve(stdout.trim().split('\n')[0] || '');
-      });
-    });
-
-    await new Promise((resolve, reject) => {
-      execFile(ytDlpPath, [
+    const titleResult = await runYtDlp(
+      ytDlpPath,
+      ['--skip-download', '--no-warnings', '--print', '%(title)s', normalizedUrl],
+      15000,
+    );
+    const title = titleResult.stdout.trim().split('\n')[0] || '';
+
+    await runYtDlp(
+      ytDlpPath,
+      [
         '--skip-download',
-        '--write-sub', '--write-auto-sub',
-        '--sub-lang', lang,
-        '--sub-format', 'json3',
-        '-o', join(tmpDir, '%(id)s'),
-        url,
-      ], { timeout: 30000 }, (err, stdout, stderr) => {
-        if (err) return reject(new Error(`yt-dlp subtitle download failed: ${err.message}\n${stderr}`));
-        resolve();
-      });
-    });
+        '--write-sub',
+        '--write-auto-sub',
+        '--sub-lang',
+        normalizedLang,
+        '--sub-format',
+        'json3',
+        '-o',
+        join(tmpDir, '%(id)s'),
+        normalizedUrl,
+      ],
+      30000,
+    );
 
     const files = await readdir(tmpDir);
-    const subFile = files.find(f => f.endsWith('.json3') || f.endsWith('.vtt') || f.endsWith('.srv3'));
+    const subFile = files.find((f) => f.endsWith('.json3') || f.endsWith('.vtt') || f.endsWith('.srv3'));
     if (!subFile) {
       return {
-        status: 'error', code: 404,
+        status: 'error',
+        code: 404,
         message: 'No captions available for this video',
-        video_url: url, video_id: videoId, title,
+        video_url: normalizedUrl,
+        video_id: videoId,
+        title,
       };
     }
 
@@ -83,18 +161,24 @@ async function ytDlpTranscript(reqId, url, videoId, lang) {
 
     if (!transcriptText || !transcriptText.trim()) {
       return {
-        status: 'error', code: 404,
+        status: 'error',
+        code: 404,
         message: 'Subtitle file found but content was empty',
-        video_url: url, video_id: videoId, title,
+        video_url: normalizedUrl,
+        video_id: videoId,
+        title,
       };
     }
 
     const langMatch = subFile.match(/\.([a-z]{2}(?:-[a-zA-Z]+)?)\.(?:json3|vtt|srv3)$/);
 
     return {
-      status: 'ok', transcript: transcriptText,
-      video_url: url, video_id: videoId, video_title: title,
-      language: langMatch?.[1] || lang,
+      status: 'ok',
+      transcript: transcriptText,
+      video_url: normalizedUrl,
+      video_id: videoId,
+      video_title: title,
+      language: langMatch?.[1] || normalizedLang,
       total_words: transcriptText.split(/\s+/).length,
     };
   } finally {
@@ -112,7 +196,10 @@ function parseJson3(content) {
     for (const event of events) {
       const segs = event.segs || [];
       if (!segs.length) continue;
-      const text = segs.map(s => s.utf8 || '').join('').trim();
+      const text = segs
+        .map((s) => s.utf8 || '')
+        .join('')
+        .trim();
       if (!text) continue;
       const tsMs = event.tStartMs || 0;
       const tsSec = Math.floor(tsMs / 1000);
@@ -132,15 +219,31 @@ function parseVtt(content) {
   let currentTimestamp = '';
   for (const line of lines) {
     const stripped = line.trim();
-    if (!stripped || stripped === 'WEBVTT' || stripped.startsWith('Kind:') || stripped.startsWith('Language:') || stripped.startsWith('NOTE')) continue;
+    if (
+      !stripped ||
+      stripped === 'WEBVTT' ||
+      stripped.startsWith('Kind:') ||
+      stripped.startsWith('Language:') ||
+      stripped.startsWith('NOTE')
+    )
+      continue;
     if (stripped.includes(' --> ')) {
       const parts = stripped.split(' --> ');
       if (parts[0]) currentTimestamp = formatVttTs(parts[0].trim());
       continue;
     }
-    const text = stripped.replace(/<[^>]+>/g, '').replace(/&amp;/g, '&').replace(/&lt;/g, '<').replace(/&gt;/g, '>').replace(/&quot;/g, '"').replace(/&#39;/g, "'").trim();
-    if (text && currentTimestamp) { result.push(`[${currentTimestamp}] ${text}`); currentTimestamp = ''; }
-    else if (text) result.push(text);
+    const text = stripped
+      .replace(/<[^>]+>/g, '')
+      .replace(/&amp;/g, '&')
+      .replace(/&lt;/g, '<')
+      .replace(/&gt;/g, '>')
+      .replace(/&quot;/g, '"')
+      .replace(/&#39;/g, "'")
+      .trim();
+    if (text && currentTimestamp) {
+      result.push(`[${currentTimestamp}] ${text}`);
+      currentTimestamp = '';
+    } else if (text) result.push(text);
   }
   return result.join('\n');
 }
@@ -148,10 +251,16 @@ function parseVtt(content) {
 function parseXml(content) {
   const lines = [];
   const regex = /<text\s+start="([^"]*)"[^>]*>([\s\S]*?)<\/text>/g;
-  let match;
-  while ((match = regex.exec(content)) !== null) {
+  for (const match of content.matchAll(regex)) {
     const startSec = parseFloat(match[1]) || 0;
-    const text = match[2].replace(/<[^>]+>/g, '').replace(/&amp;/g, '&').replace(/&lt;/g, '<').replace(/&gt;/g, '>').replace(/&quot;/g, '"').replace(/&#39;/g, "'").trim();
+    const text = match[2]
+      .replace(/<[^>]+>/g, '')
+      .replace(/&amp;/g, '&')
+      .replace(/&lt;/g, '<')
+      .replace(/&gt;/g, '>')
+      .replace(/&quot;/g, '"')
+      .replace(/&#39;/g, "'")
+      .trim();
     if (!text) continue;
     const mm = Math.floor(startSec / 60);
     const ss = Math.floor(startSec % 60);
@@ -174,4 +283,4 @@ function formatVttTs(ts) {
   return ts;
 }
 
-module.exports = { detectYtDlp, hasYtDlp, ytDlpTranscript, parseJson3, parseVtt, parseXml };
+export { detectYtDlp, hasYtDlp, ytDlpTranscript, parseJson3, parseVtt, parseXml };

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "camofox-browser",
   "name": "Camofox Browser",
   "description": "Anti-detection browser automation for AI agents using Camoufox (Firefox-based)",
-  "version": "1.0.12",
+  "version": "1.4.0",
   "configSchema": {
     "type": "object",
     "properties": {

package/package.json

@@ -1,7 +1,8 @@
 {
   "name": "@askjo/camofox-browser",
-  "version": "1.3.1",
+  "version": "1.4.0",
   "description": "Headless browser automation server and OpenClaw plugin for AI agents - anti-detection, element refs, and session isolation",
+  "type": "module",
   "main": "server.js",
   "license": "MIT",
   "author": "Jo Inc <oss@askjo.ai>",
@@ -38,6 +39,7 @@
     "lib/",
     "plugin.ts",
     "openclaw.plugin.json",
+    "scripts/",
     "run.sh",
     "Dockerfile",
     "README.md",
@@ -50,10 +52,12 @@
   },
   "scripts": {
     "start": "node server.js",
-    "test": "jest --runInBand --forceExit",
-    "test:e2e": "jest --runInBand --forceExit tests/e2e",
-    "test:live": "RUN_LIVE_TESTS=1 jest --runInBand --forceExit tests/live",
-    "test:debug": "DEBUG_SERVER=1 jest --runInBand --forceExit",
+    "test": "NODE_OPTIONS='--experimental-vm-modules' jest --runInBand --forceExit",
+    "test:e2e": "NODE_OPTIONS='--experimental-vm-modules' jest --runInBand --forceExit tests/e2e",
+    "test:live": "RUN_LIVE_TESTS=1 NODE_OPTIONS='--experimental-vm-modules' jest --runInBand --forceExit tests/live",
+    "test:debug": "DEBUG_SERVER=1 NODE_OPTIONS='--experimental-vm-modules' jest --runInBand --forceExit",
+    "version:sync": "node scripts/sync-version.js",
+    "version": "node scripts/sync-version.js && git add openclaw.plugin.json",
     "postinstall": "npx camoufox-js fetch || true"
   },
   "dependencies": {