@elizaos/plugin-browser 2.0.0-alpha.9 → 2.0.3-beta.2

package/dist/routes/bridge.js

@@ -0,0 +1,844 @@
+import fs from "node:fs";
+import { logger } from "@elizaos/core";
+import {
+  BROWSER_BRIDGE_PACKAGE_PATH_TARGETS
+} from "../contracts.js";
+import {
+  buildBrowserBridgeCompanionPackage,
+  getBrowserBridgeCompanionDownloadFile,
+  getBrowserBridgeCompanionPackageStatus,
+  openBrowserBridgeCompanionManager,
+  openBrowserBridgeCompanionPackagePath
+} from "../packaging.js";
+import {
+  BROWSER_BRIDGE_ROUTE_SERVICE_TYPE
+} from "../service.js";
+function getService(ctx) {
+  if (!ctx.state.runtime) {
+    ctx.error(ctx.res, "Agent runtime is not available", 503);
+    return null;
+  }
+  const service = ctx.state.runtime.getService(
+    BROWSER_BRIDGE_ROUTE_SERVICE_TYPE
+  );
+  if (!service) {
+    ctx.error(ctx.res, "Browser Bridge service is not available", 503);
+    return null;
+  }
+  return service;
+}
+function getBrowserCompanionAuth(ctx) {
+  const companionHeader = ctx.req.headers["x-browser-bridge-companion-id"];
+  const companionId = typeof companionHeader === "string" ? companionHeader.trim() : "";
+  if (!companionId) {
+    routeJsonError(
+      ctx,
+      "Missing X-Browser-Bridge-Companion-Id header",
+      401,
+      "browser_bridge_companion_auth_missing_id"
+    );
+    return null;
+  }
+  const authHeader = typeof ctx.req.headers.authorization === "string" ? ctx.req.headers.authorization.trim() : "";
+  const match = /^Bearer\s+(.+)$/i.exec(authHeader);
+  const pairingToken = match?.[1]?.trim() ?? "";
+  if (!pairingToken) {
+    routeJsonError(
+      ctx,
+      "Missing browser companion bearer token",
+      401,
+      "browser_bridge_companion_auth_missing_token"
+    );
+    return null;
+  }
+  return {
+    companionId,
+    pairingToken
+  };
+}
+function browserAutoPairOriginAllowed(ctx) {
+  const originHeader = typeof ctx.req.headers.origin === "string" ? ctx.req.headers.origin.trim() : "";
+  if (!originHeader) {
+    return requestIsLoopback(ctx);
+  }
+  if (originHeader === ctx.url.origin) {
+    return true;
+  }
+  return originHeader.startsWith("chrome-extension://") || originHeader.startsWith("safari-web-extension://");
+}
+function requestIsLoopback(ctx) {
+  const remoteAddress = ctx.req.socket.remoteAddress?.trim().toLowerCase();
+  return remoteAddress === "127.0.0.1" || remoteAddress === "::1" || remoteAddress === "0:0:0:0:0:0:0:1" || remoteAddress === "::ffff:127.0.0.1" || remoteAddress === "::ffff:0:127.0.0.1";
+}
+const BROWSER_BRIDGE_RATE_LIMITS = {
+  default: { maxRequests: 60, windowMs: 6e4 }
+};
+const rateLimitBuckets = /* @__PURE__ */ new Map();
+const RATE_LIMIT_CLEANUP_INTERVAL_MS = 5 * 60 * 1e3;
+let lastRateLimitCleanup = Date.now();
+function cleanupRateLimitBuckets(windowMs) {
+  const now = Date.now();
+  if (now - lastRateLimitCleanup < RATE_LIMIT_CLEANUP_INTERVAL_MS) return;
+  lastRateLimitCleanup = now;
+  const cutoff = now - windowMs;
+  for (const [key, entry] of rateLimitBuckets) {
+    entry.timestamps = entry.timestamps.filter(
+      (timestamp) => timestamp > cutoff
+    );
+    if (entry.timestamps.length === 0) rateLimitBuckets.delete(key);
+  }
+}
+function checkBrowserBridgeRateLimit(key, config) {
+  const now = Date.now();
+  cleanupRateLimitBuckets(config.windowMs);
+  let entry = rateLimitBuckets.get(key);
+  if (!entry) {
+    entry = { timestamps: [] };
+    rateLimitBuckets.set(key, entry);
+  }
+  const cutoff = now - config.windowMs;
+  entry.timestamps = entry.timestamps.filter((timestamp) => timestamp > cutoff);
+  if (entry.timestamps.length >= config.maxRequests) {
+    const oldestInWindow = entry.timestamps[0];
+    const retryAfterMs = oldestInWindow === void 0 ? 0 : oldestInWindow + config.windowMs - now;
+    return { allowed: false, retryAfterMs: Math.max(retryAfterMs, 0) };
+  }
+  entry.timestamps.push(now);
+  return { allowed: true, retryAfterMs: 0 };
+}
+function rateLimitRequest(ctx, operation) {
+  const agentId = String(ctx.state.runtime?.agentId ?? "unknown");
+  const companionHeader = ctx.req.headers["x-browser-bridge-companion-id"];
+  const companionId = typeof companionHeader === "string" ? companionHeader.trim() : "anonymous";
+  const remoteAddress = ctx.req.socket.remoteAddress?.trim() ?? "unknown";
+  const limitKey = `${agentId}:${operation}:${remoteAddress}:${companionId}`;
+  const config = BROWSER_BRIDGE_RATE_LIMITS.default;
+  const { allowed, retryAfterMs } = checkBrowserBridgeRateLimit(
+    limitKey,
+    config
+  );
+  if (!allowed) {
+    ctx.res.writeHead(429, {
+      "Content-Type": "application/json",
+      "Retry-After": String(Math.ceil(retryAfterMs / 1e3))
+    });
+    ctx.res.end(JSON.stringify({ error: "Rate limit exceeded", retryAfterMs }));
+    return true;
+  }
+  return false;
+}
+function routeOperation(ctx) {
+  return `${ctx.method.toUpperCase()} ${ctx.pathname}`;
+}
+function sanitizeTelemetryToken(value) {
+  if (!value) return void 0;
+  const token = value.toLowerCase().replace(/[^a-z0-9_-]/g, "_");
+  const normalized = token.replace(/_+/g, "_").replace(/^_+|_+$/g, "");
+  return normalized ? normalized.slice(0, 64) : void 0;
+}
+function inferTelemetryErrorKind(error) {
+  if (error instanceof Error) {
+    const message = error.message.toLowerCase();
+    if (error.name === "AbortError" || error.name === "TimeoutError" || message.includes("timeout") || message.includes("timed out")) {
+      return "timeout";
+    }
+    return sanitizeTelemetryToken(error.name);
+  }
+  return typeof error === "string" ? sanitizeTelemetryToken(error) : void 0;
+}
+function createBrowserBridgeTelemetrySpan(meta) {
+  const startedAt = Date.now();
+  let settled = false;
+  const finalize = (outcome, args) => {
+    if (settled) return;
+    settled = true;
+    const event = {
+      schema: "integration_boundary_v1",
+      boundary: meta.boundary,
+      operation: meta.operation,
+      outcome,
+      durationMs: Math.max(0, Date.now() - startedAt)
+    };
+    if (typeof meta.timeoutMs === "number") event.timeoutMs = meta.timeoutMs;
+    if (typeof args?.statusCode === "number")
+      event.statusCode = args.statusCode;
+    if (outcome === "failure") {
+      event.errorKind = sanitizeTelemetryToken(args?.errorKind) ?? inferTelemetryErrorKind(args?.error);
+    }
+    const line = `[integration] ${JSON.stringify(event)}`;
+    if (outcome === "success") {
+      logger.info(line);
+    } else {
+      logger.warn(line);
+    }
+  };
+  return {
+    success: (args) => finalize("success", args),
+    failure: (args) => finalize("failure", args)
+  };
+}
+function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+function routeJsonError(ctx, message, status, code) {
+  ctx.json(
+    ctx.res,
+    {
+      error: message,
+      ...code ? { code } : {}
+    },
+    status
+  );
+}
+function isBrowserBridgeRouteBodyObject(value) {
+  return Boolean(value && typeof value === "object" && !Array.isArray(value));
+}
+function rejectMalformedBrowserBridgePayload(ctx) {
+  ctx.error(ctx.res, "request body must be a JSON object", 400);
+  return true;
+}
+function isStatusError(error) {
+  return error instanceof Error && "status" in error && typeof error.status === "number";
+}
+function statusErrorCode(error) {
+  if (error && typeof error === "object" && "code" in error && typeof error.code === "string") {
+    return error.code;
+  }
+  return null;
+}
+function decodeMatchedPathComponent(ctx, match, index, res, label) {
+  const raw = match?.[index];
+  return raw ? ctx.decodePathComponent(raw, res, label) : null;
+}
+async function runRoute(ctx, fn) {
+  const operation = routeOperation(ctx);
+  const span = createBrowserBridgeTelemetrySpan({
+    boundary: "browser-bridge",
+    operation
+  });
+  const service = getService(ctx);
+  if (!service) {
+    logger.info(
+      {
+        boundary: "browser-bridge",
+        operation,
+        statusCode: 503
+      },
+      "[browser-bridge] Route rejected because agent runtime is unavailable"
+    );
+    span.failure({
+      statusCode: 503,
+      errorKind: "runtime_unavailable"
+    });
+    return true;
+  }
+  try {
+    await fn(service);
+    span.success({
+      statusCode: ctx.res.statusCode >= 400 ? ctx.res.statusCode : 200
+    });
+    return true;
+  } catch (error) {
+    if (isStatusError(error)) {
+      const logFn = error.status === 401 ? logger.debug.bind(logger) : logger.warn.bind(logger);
+      logFn(
+        {
+          boundary: "browser-bridge",
+          operation,
+          statusCode: error.status
+        },
+        `[browser-bridge] Route failed: ${error.message}`
+      );
+      span.failure({
+        statusCode: error.status,
+        error,
+        errorKind: error.status === 401 ? "browser_bridge_auth_invalid" : "browser_bridge_service_error"
+      });
+      routeJsonError(ctx, error.message, error.status, statusErrorCode(error));
+      return true;
+    }
+    logger.error(
+      {
+        boundary: "browser-bridge",
+        operation
+      },
+      `[browser-bridge] Route crashed: ${errorMessage(error)}`
+    );
+    span.failure({
+      error,
+      errorKind: "unhandled_error"
+    });
+    throw error;
+  }
+}
+async function runStatelessRoute(ctx, fn) {
+  const operation = routeOperation(ctx);
+  const span = createBrowserBridgeTelemetrySpan({
+    boundary: "browser-bridge",
+    operation
+  });
+  try {
+    await fn();
+    span.success({
+      statusCode: ctx.res.statusCode >= 400 ? ctx.res.statusCode : 200
+    });
+    return true;
+  } catch (error) {
+    if (isStatusError(error)) {
+      logger.warn(
+        {
+          boundary: "browser-bridge",
+          operation,
+          statusCode: error.status
+        },
+        `[browser-bridge] Route failed: ${error.message}`
+      );
+      span.failure({
+        statusCode: error.status,
+        error,
+        errorKind: "browser_bridge_service_error"
+      });
+      ctx.error(ctx.res, error.message, error.status);
+      return true;
+    }
+    logger.error(
+      {
+        boundary: "browser-bridge",
+        operation
+      },
+      `[browser-bridge] Route crashed: ${errorMessage(error)}`
+    );
+    span.failure({
+      error,
+      errorKind: "unhandled_error"
+    });
+    throw error;
+  }
+}
+async function handleBrowserBridgeRoutes(ctx) {
+  const { req, res, method, pathname, json, readJsonBody } = ctx;
+  if (method === "GET" && pathname === "/api/browser-bridge/sessions") {
+    return runRoute(ctx, async (service) => {
+      json(res, {
+        sessions: await service.listBrowserSessions(ctx.state.adminEntityId)
+      });
+    });
+  }
+  if (method === "GET" && pathname === "/api/browser-bridge/settings") {
+    return runRoute(ctx, async (service) => {
+      json(res, {
+        settings: await service.getBrowserSettings(ctx.state.adminEntityId)
+      });
+    });
+  }
+  if (method === "POST" && pathname === "/api/browser-bridge/settings") {
+    const body = await readJsonBody(
+      req,
+      res
+    );
+    if (!body) return true;
+    if (!isBrowserBridgeRouteBodyObject(body)) {
+      return rejectMalformedBrowserBridgePayload(ctx);
+    }
+    return runRoute(ctx, async (service) => {
+      json(res, {
+        settings: await service.updateBrowserSettings(
+          body,
+          ctx.state.adminEntityId
+        )
+      });
+    });
+  }
+  if (method === "POST" && pathname === "/api/browser-bridge/companions/pair") {
+    const body = await readJsonBody(
+      req,
+      res
+    );
+    if (!body) return true;
+    if (!isBrowserBridgeRouteBodyObject(body)) {
+      return rejectMalformedBrowserBridgePayload(ctx);
+    }
+    return runRoute(ctx, async (service) => {
+      json(
+        res,
+        await service.createBrowserCompanionPairing(
+          body,
+          ctx.state.adminEntityId
+        ),
+        201
+      );
+    });
+  }
+  if (method === "POST" && pathname === "/api/browser-bridge/companions/auto-pair") {
+    if (rateLimitRequest(ctx, "companions:auto-pair")) {
+      return true;
+    }
+    if (!browserAutoPairOriginAllowed(ctx)) {
+      ctx.error(
+        res,
+        "browser auto-pair must come from the agent app or a browser extension",
+        403
+      );
+      return true;
+    }
+    const body = await readJsonBody(req, res);
+    if (!body) return true;
+    if (!isBrowserBridgeRouteBodyObject(body)) {
+      return rejectMalformedBrowserBridgePayload(ctx);
+    }
+    return runRoute(ctx, async (service) => {
+      json(
+        res,
+        await service.autoPairBrowserCompanion(
+          body,
+          ctx.url.origin,
+          ctx.state.adminEntityId
+        ),
+        201
+      );
+    });
+  }
+  if (method === "GET" && pathname === "/api/browser-bridge/companions") {
+    return runRoute(ctx, async (service) => {
+      json(res, {
+        companions: await service.listBrowserCompanions(
+          ctx.state.adminEntityId
+        )
+      });
+    });
+  }
+  if (method === "POST" && pathname === "/api/browser-bridge/companions/revoke") {
+    if (rateLimitRequest(ctx, "companions:revoke")) {
+      return true;
+    }
+    return runRoute(ctx, async (service) => {
+      const auth = getBrowserCompanionAuth(ctx);
+      if (!auth) {
+        return;
+      }
+      json(
+        res,
+        await service.revokeBrowserCompanionFromCompanion(
+          auth.companionId,
+          auth.pairingToken,
+          ctx.state.adminEntityId
+        )
+      );
+    });
+  }
+  const browserCompanionRevokeMatch = pathname.match(
+    /^\/api\/browser-bridge\/companions\/([^/]+)\/revoke$/
+  );
+  if (method === "POST" && browserCompanionRevokeMatch) {
+    const companionId = decodeMatchedPathComponent(
+      ctx,
+      browserCompanionRevokeMatch,
+      1,
+      res,
+      "browser companion id"
+    );
+    if (!companionId) return true;
+    return runRoute(ctx, async (service) => {
+      json(
+        res,
+        await service.revokeBrowserCompanion(
+          companionId,
+          ctx.state.adminEntityId
+        )
+      );
+    });
+  }
+  if (method === "GET" && pathname === "/api/browser-bridge/packages") {
+    return runStatelessRoute(ctx, async () => {
+      json(res, { status: getBrowserBridgeCompanionPackageStatus() });
+    });
+  }
+  if (method === "POST" && pathname === "/api/browser-bridge/packages/open-path") {
+    if (!requestIsLoopback(ctx)) {
+      ctx.error(
+        res,
+        "Local extension install helpers can only run on the same machine as the agent",
+        403
+      );
+      return true;
+    }
+    const body = await readJsonBody(req, res);
+    if (!body) return true;
+    if (!isBrowserBridgeRouteBodyObject(body)) {
+      return rejectMalformedBrowserBridgePayload(ctx);
+    }
+    if (typeof body.target !== "string" || !BROWSER_BRIDGE_PACKAGE_PATH_TARGETS.includes(
+      body.target
+    )) {
+      ctx.error(
+        res,
+        `target must be one of: ${BROWSER_BRIDGE_PACKAGE_PATH_TARGETS.join(", ")}`,
+        400
+      );
+      return true;
+    }
+    const validatedTarget = body.target;
+    return runStatelessRoute(ctx, async () => {
+      json(
+        res,
+        await openBrowserBridgeCompanionPackagePath(validatedTarget, {
+          revealOnly: body.revealOnly === true
+        })
+      );
+    });
+  }
+  if (method === "POST" && pathname === "/api/browser-bridge/companions/sync") {
+    if (rateLimitRequest(ctx, "companions:sync")) {
+      return true;
+    }
+    return runRoute(ctx, async (service) => {
+      const auth = getBrowserCompanionAuth(ctx);
+      if (!auth) {
+        return;
+      }
+      const body = await readJsonBody(req, res);
+      if (!body) return;
+      if (!isBrowserBridgeRouteBodyObject(body)) {
+        rejectMalformedBrowserBridgePayload(ctx);
+        return;
+      }
+      json(
+        res,
+        await service.syncBrowserCompanion(
+          auth.companionId,
+          auth.pairingToken,
+          body,
+          ctx.state.adminEntityId
+        )
+      );
+    });
+  }
+  if (method === "GET" && pathname === "/api/browser-bridge/tabs") {
+    return runRoute(ctx, async (service) => {
+      json(res, {
+        tabs: await service.listBrowserTabs(ctx.state.adminEntityId)
+      });
+    });
+  }
+  const browserPackageBuildMatch = pathname.match(
+    /^\/api\/browser-bridge\/packages\/([^/]+)\/build$/
+  );
+  if (method === "POST" && browserPackageBuildMatch) {
+    const browser = decodeMatchedPathComponent(
+      ctx,
+      browserPackageBuildMatch,
+      1,
+      res,
+      "browser package target"
+    );
+    if (!browser) return true;
+    if (browser !== "chrome" && browser !== "safari") {
+      ctx.error(res, "browser must be chrome or safari", 400);
+      return true;
+    }
+    return runStatelessRoute(ctx, async () => {
+      json(res, {
+        status: await buildBrowserBridgeCompanionPackage(browser)
+      });
+    });
+  }
+  const browserPackageOpenManagerMatch = pathname.match(
+    /^\/api\/browser-bridge\/packages\/([^/]+)\/open-manager$/
+  );
+  if (method === "POST" && browserPackageOpenManagerMatch) {
+    if (!requestIsLoopback(ctx)) {
+      ctx.error(
+        res,
+        "Local extension install helpers can only run on the same machine as the agent",
+        403
+      );
+      return true;
+    }
+    const browser = decodeMatchedPathComponent(
+      ctx,
+      browserPackageOpenManagerMatch,
+      1,
+      res,
+      "browser package target"
+    );
+    if (!browser) return true;
+    if (browser !== "chrome" && browser !== "safari") {
+      ctx.error(res, "browser must be chrome or safari", 400);
+      return true;
+    }
+    return runStatelessRoute(ctx, async () => {
+      json(res, await openBrowserBridgeCompanionManager(browser));
+    });
+  }
+  const browserPackageDownloadMatch = pathname.match(
+    /^\/api\/browser-bridge\/packages\/([^/]+)\/download$/
+  );
+  if (method === "GET" && browserPackageDownloadMatch) {
+    const browser = decodeMatchedPathComponent(
+      ctx,
+      browserPackageDownloadMatch,
+      1,
+      res,
+      "browser package target"
+    );
+    if (!browser) return true;
+    if (browser !== "chrome" && browser !== "safari") {
+      ctx.error(res, "browser must be chrome or safari", 400);
+      return true;
+    }
+    return runStatelessRoute(ctx, async () => {
+      const artifact = getBrowserBridgeCompanionDownloadFile(browser);
+      res.statusCode = 200;
+      res.setHeader("Content-Type", artifact.contentType);
+      res.setHeader(
+        "Content-Disposition",
+        `attachment; filename="${artifact.filename}"`
+      );
+      await new Promise((resolve, reject) => {
+        const stream = fs.createReadStream(artifact.path);
+        stream.on("error", reject);
+        res.on("error", reject);
+        stream.on("end", resolve);
+        stream.pipe(res);
+      });
+    });
+  }
+  if (method === "GET" && pathname === "/api/browser-bridge/current-page") {
+    return runRoute(ctx, async (service) => {
+      json(res, {
+        page: await service.getCurrentBrowserPage(ctx.state.adminEntityId)
+      });
+    });
+  }
+  if (method === "POST" && pathname === "/api/browser-bridge/sync") {
+    const body = await readJsonBody(req, res);
+    if (!body) return true;
+    if (!isBrowserBridgeRouteBodyObject(body)) {
+      return rejectMalformedBrowserBridgePayload(ctx);
+    }
+    return runRoute(ctx, async (service) => {
+      json(res, await service.syncBrowserState(body, ctx.state.adminEntityId));
+    });
+  }
+  if (method === "POST" && pathname === "/api/browser-bridge/sessions") {
+    const body = await readJsonBody(
+      req,
+      res
+    );
+    if (!body) return true;
+    if (!isBrowserBridgeRouteBodyObject(body)) {
+      return rejectMalformedBrowserBridgePayload(ctx);
+    }
+    return runRoute(ctx, async (service) => {
+      json(
+        res,
+        {
+          session: await service.createBrowserSession(
+            body,
+            ctx.state.adminEntityId
+          )
+        },
+        201
+      );
+    });
+  }
+  const browserSessionMatch = pathname.match(
+    /^\/api\/browser-bridge\/sessions\/([^/]+)$/
+  );
+  if (browserSessionMatch) {
+    const sessionId = decodeMatchedPathComponent(
+      ctx,
+      browserSessionMatch,
+      1,
+      res,
+      "browser session id"
+    );
+    if (!sessionId) return true;
+    if (method === "GET") {
+      return runRoute(ctx, async (service) => {
+        json(res, {
+          session: await service.getBrowserSession(
+            sessionId,
+            ctx.state.adminEntityId
+          )
+        });
+      });
+    }
+  }
+  const browserConfirmMatch = pathname.match(
+    /^\/api\/browser-bridge\/sessions\/([^/]+)\/confirm$/
+  );
+  if (method === "POST" && browserConfirmMatch) {
+    const sessionId = decodeMatchedPathComponent(
+      ctx,
+      browserConfirmMatch,
+      1,
+      res,
+      "browser session id"
+    );
+    if (!sessionId) return true;
+    const body = await readJsonBody(
+      req,
+      res
+    );
+    if (!body) return true;
+    if (!isBrowserBridgeRouteBodyObject(body)) {
+      return rejectMalformedBrowserBridgePayload(ctx);
+    }
+    return runRoute(ctx, async (service) => {
+      json(res, {
+        session: await service.confirmBrowserSession(
+          sessionId,
+          body,
+          ctx.state.adminEntityId
+        )
+      });
+    });
+  }
+  const browserProgressMatch = pathname.match(
+    /^\/api\/browser-bridge\/sessions\/([^/]+)\/progress$/
+  );
+  if (method === "POST" && browserProgressMatch) {
+    const sessionId = decodeMatchedPathComponent(
+      ctx,
+      browserProgressMatch,
+      1,
+      res,
+      "browser session id"
+    );
+    if (!sessionId) return true;
+    const body = await readJsonBody(
+      req,
+      res
+    );
+    if (!body) return true;
+    if (!isBrowserBridgeRouteBodyObject(body)) {
+      return rejectMalformedBrowserBridgePayload(ctx);
+    }
+    return runRoute(ctx, async (service) => {
+      json(res, {
+        session: await service.updateBrowserSessionProgress(
+          sessionId,
+          body,
+          ctx.state.adminEntityId
+        )
+      });
+    });
+  }
+  const browserCompleteMatch = pathname.match(
+    /^\/api\/browser-bridge\/sessions\/([^/]+)\/complete$/
+  );
+  if (method === "POST" && browserCompleteMatch) {
+    const sessionId = decodeMatchedPathComponent(
+      ctx,
+      browserCompleteMatch,
+      1,
+      res,
+      "browser session id"
+    );
+    if (!sessionId) return true;
+    const body = await readJsonBody(
+      req,
+      res
+    );
+    if (!body) return true;
+    if (!isBrowserBridgeRouteBodyObject(body)) {
+      return rejectMalformedBrowserBridgePayload(ctx);
+    }
+    return runRoute(ctx, async (service) => {
+      json(res, {
+        session: await service.completeBrowserSession(
+          sessionId,
+          body,
+          ctx.state.adminEntityId
+        )
+      });
+    });
+  }
+  const browserCompanionProgressMatch = pathname.match(
+    /^\/api\/browser-bridge\/companions\/sessions\/([^/]+)\/progress$/
+  );
+  if (method === "POST" && browserCompanionProgressMatch) {
+    if (rateLimitRequest(ctx, "companions:session-progress")) {
+      return true;
+    }
+    const sessionId = decodeMatchedPathComponent(
+      ctx,
+      browserCompanionProgressMatch,
+      1,
+      res,
+      "browser session id"
+    );
+    if (!sessionId) return true;
+    return runRoute(ctx, async (service) => {
+      const auth = getBrowserCompanionAuth(ctx);
+      if (!auth) {
+        return;
+      }
+      const body = await readJsonBody(
+        req,
+        res
+      );
+      if (!body) return;
+      if (!isBrowserBridgeRouteBodyObject(body)) {
+        rejectMalformedBrowserBridgePayload(ctx);
+        return;
+      }
+      json(res, {
+        session: await service.updateBrowserSessionProgressFromCompanion(
+          auth.companionId,
+          auth.pairingToken,
+          sessionId,
+          body,
+          ctx.state.adminEntityId
+        )
+      });
+    });
+  }
+  const browserCompanionCompleteMatch = pathname.match(
+    /^\/api\/browser-bridge\/companions\/sessions\/([^/]+)\/complete$/
+  );
+  if (method === "POST" && browserCompanionCompleteMatch) {
+    if (rateLimitRequest(ctx, "companions:session-complete")) {
+      return true;
+    }
+    const sessionId = decodeMatchedPathComponent(
+      ctx,
+      browserCompanionCompleteMatch,
+      1,
+      res,
+      "browser session id"
+    );
+    if (!sessionId) return true;
+    return runRoute(ctx, async (service) => {
+      const auth = getBrowserCompanionAuth(ctx);
+      if (!auth) {
+        return;
+      }
+      const body = await readJsonBody(
+        req,
+        res
+      );
+      if (!body) return;
+      if (!isBrowserBridgeRouteBodyObject(body)) {
+        rejectMalformedBrowserBridgePayload(ctx);
+        return;
+      }
+      json(res, {
+        session: await service.completeBrowserSessionFromCompanion(
+          auth.companionId,
+          auth.pairingToken,
+          sessionId,
+          body,
+          ctx.state.adminEntityId
+        )
+      });
+    });
+  }
+  return false;
+}
+export {
+  handleBrowserBridgeRoutes,
+  rateLimitRequest
+};
+//# sourceMappingURL=bridge.js.map