@btraut/browser-bridge 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -3
- package/README.md +135 -70
- package/extension/assets/ui.css +15 -14
- package/extension/dist/background.js +9 -15
- package/extension/dist/background.js.map +2 -2
- package/extension/dist/content.js +10 -0
- package/extension/dist/content.js.map +2 -2
- package/extension/dist/options-ui.js +22 -17
- package/extension/dist/options-ui.js.map +2 -2
- package/extension/dist/popup-ui.js +34 -18
- package/extension/dist/popup-ui.js.map +2 -2
- package/extension/manifest.json +1 -1
- package/package.json +1 -1
- package/skills/browser-bridge/SKILL.md +28 -0
- package/skills/browser-bridge/skill.json +1 -1
|
@@ -103,6 +103,7 @@ Note: MCP still requires `browser-bridge` to be on PATH, since the client invoke
|
|
|
103
103
|
|
|
104
104
|
- Always store and reuse the `session_id` for subsequent calls.
|
|
105
105
|
- Drive operations are single-flight; do not overlap drive calls.
|
|
106
|
+
- Drive actions are permission-gated per site (safe-by-default). The first time you target a new site, Chrome will open a permission prompt that the user must approve.
|
|
106
107
|
- After navigation/clicks that trigger page loads, wait for the page to settle:
|
|
107
108
|
- MCP: `drive.wait_for`
|
|
108
109
|
- CLI: `browser-bridge drive wait-for ...`
|
|
@@ -112,3 +113,30 @@ Note: MCP still requires `browser-bridge` to be on PATH, since the client invoke
|
|
|
112
113
|
- If drive/inspect fails, run diagnostics and include the output:
|
|
113
114
|
- MCP: `diagnostics.doctor`
|
|
114
115
|
- CLI: `browser-bridge diagnostics doctor`
|
|
116
|
+
|
|
117
|
+
### Site Permissions (Drive Actions)
|
|
118
|
+
|
|
119
|
+
Browser Bridge gates `drive.*` actions on a per-site allowlist.
|
|
120
|
+
|
|
121
|
+
- `inspect.*` is not gated, so you can inspect freely and only ask for permission when it is time to click/type.
|
|
122
|
+
- The first time a `drive.*` action targets a new site, Chrome opens a small permission prompt.
|
|
123
|
+
- **Allow this action**: allow once (does not add to allowlist)
|
|
124
|
+
- **Always allow actions on this site**: adds the site to the allowlist
|
|
125
|
+
- **Decline**: command fails with `PERMISSION_DENIED` (non-retryable)
|
|
126
|
+
- If the prompt is ignored, the command fails with `PERMISSION_PROMPT_TIMEOUT` (retryable). Default wait is 30 seconds; approve the prompt, then retry the command.
|
|
127
|
+
|
|
128
|
+
Manage approvals (and bypass mode):
|
|
129
|
+
|
|
130
|
+
- Open the extension options page (via `chrome://extensions` -> Browser Bridge -> Extension options, or from the Extensions toolbar menu).
|
|
131
|
+
- Review/revoke sites under **Approved sites**.
|
|
132
|
+
- Switch **Permission mode** to **Bypass (dangerous)** to skip prompts/allowlist entirely.
|
|
133
|
+
- Restricted URLs (for example `chrome://` and `file://`) are still blocked.
|
|
134
|
+
|
|
135
|
+
### Error Handling (Structured Envelopes)
|
|
136
|
+
|
|
137
|
+
When you use JSON output (CLI `--json`, or MCP tool results), errors have stable codes and an explicit retry hint:
|
|
138
|
+
|
|
139
|
+
- `ok: false` with `{ error: { code, message, retryable, details? } }`
|
|
140
|
+
- Handle permission-gating errors explicitly:
|
|
141
|
+
- `PERMISSION_PROMPT_TIMEOUT` (retryable): user needs to approve the prompt; then retry.
|
|
142
|
+
- `PERMISSION_DENIED` (not retryable): user declined; ask them to allow/always-allow (or add the site in extension options), then retry.
|