@flrande/browserctl 0.4.0-dev.15.1 → 0.5.0-dev.19.1

package/apps/browserd/src/main.test.ts

@@ -111,6 +111,14 @@ describe("browserd container", () => {
     expect(config.downloadRoot).toBeUndefined();
     expect(config.authToken).toBeUndefined();
     expect(config.authScopes).toEqual(["read", "act", "upload", "download"]);
+    expect(config.sessionTtlMs).toBe(30 * 60 * 1_000);
+    expect(config.sessionCleanupIntervalMs).toBe(60 * 1_000);
+    expect(config.domainAllowlistMode).toBe("off");
+    expect(config.domainAllowlist).toEqual([]);
+    expect(config.sessionMaxTotal).toBe(200);
+    expect(config.sessionMaxPerTenant).toBe(50);
+    expect(config.sessionRequireTenantPrefix).toBe(false);
+    expect(config.tenantAllowlist).toEqual([]);
   });
 
   it("registers managed-local, managed, chrome-relay, and remote-cdp drivers by default", () => {
@@ -129,7 +137,15 @@ describe("browserd container", () => {
       BROWSERD_UPLOAD_ROOT: "C:\\safe\\uploads",
       BROWSERD_DOWNLOAD_ROOT: "C:\\safe\\downloads",
       BROWSERD_AUTH_TOKEN: "test-token",
-      BROWSERD_AUTH_SCOPES: " read, download "
+      BROWSERD_AUTH_SCOPES: " read, download ",
+      BROWSERD_SESSION_TTL_MS: "120000",
+      BROWSERD_SESSION_CLEANUP_INTERVAL_MS: "5000",
+      BROWSERD_DOMAIN_ALLOWLIST_MODE: "enforce",
+      BROWSERD_DOMAIN_ALLOWLIST: "example.com,*.corp.local",
+      BROWSERD_SESSION_MAX_TOTAL: "2",
+      BROWSERD_SESSION_MAX_PER_TENANT: "1",
+      BROWSERD_SESSION_REQUIRE_TENANT_PREFIX: "true",
+      BROWSERD_TENANT_ALLOWLIST: "finance,ops"
     });
 
     expect(config.remoteCdpUrl).toBe("http://127.0.0.1:9333/devtools/browser/override");
@@ -140,6 +156,37 @@ describe("browserd container", () => {
     expect(config.downloadRoot).toBe("C:\\safe\\downloads");
     expect(config.authToken).toBe("test-token");
     expect(config.authScopes).toEqual(["read", "download"]);
+    expect(config.sessionTtlMs).toBe(120000);
+    expect(config.sessionCleanupIntervalMs).toBe(5000);
+    expect(config.domainAllowlistMode).toBe("enforce");
+    expect(config.domainAllowlist).toEqual(["example.com", "*.corp.local"]);
+    expect(config.sessionMaxTotal).toBe(2);
+    expect(config.sessionMaxPerTenant).toBe(1);
+    expect(config.sessionRequireTenantPrefix).toBe(true);
+    expect(config.tenantAllowlist).toEqual(["finance", "ops"]);
+  });
+
+  it("uses memory defaults in loadBrowserdConfig", () => {
+    const config = loadBrowserdConfig({});
+
+    expect(config.memoryEnabled).toBe(true);
+    expect(config.memoryMode).toBe("ask");
+    expect(config.memoryTtlDays).toBe(30);
+    expect(config.memoryPath).toBe(".browserctl-runtime/navigation-memory.json");
+  });
+
+  it("uses memory env overrides in loadBrowserdConfig", () => {
+    const config = loadBrowserdConfig({
+      BROWSERD_MEMORY_ENABLED: "false",
+      BROWSERD_MEMORY_MODE: "auto",
+      BROWSERD_MEMORY_TTL_DAYS: "7",
+      BROWSERD_MEMORY_PATH: ".browserctl-runtime/memory-custom.json"
+    });
+
+    expect(config.memoryEnabled).toBe(false);
+    expect(config.memoryMode).toBe("auto");
+    expect(config.memoryTtlDays).toBe(7);
+    expect(config.memoryPath).toBe(".browserctl-runtime/memory-custom.json");
   });
 
   it("parses chrome relay extension mode env values", () => {
@@ -677,6 +724,87 @@ describe("browserd bootstrap", () => {
     output.end();
   });
 
+  it("supports POSIX-style upload/download allowlist roots", async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const runtime = bootstrapBrowserd({
+      env: createTestEnv({
+        BROWSERD_DEFAULT_DRIVER: "managed",
+        BROWSERD_UPLOAD_ROOT: "/allowed/uploads",
+        BROWSERD_DOWNLOAD_ROOT: "/allowed/downloads"
+      }),
+      input,
+      output,
+      stdioProtocol: "legacy"
+    });
+
+    const openResponse = await sendToolRequest(input, output, {
+      id: "request-posix-open",
+      name: "browser.tab.open",
+      traceId: "trace:posix:open",
+      arguments: {
+        sessionId: "session:posix-root",
+        url: "https://example.com/posix"
+      }
+    });
+
+    const targetId = (openResponse.data as { targetId: string }).targetId;
+
+    const uploadResponse = await sendToolRequest(input, output, {
+      id: "request-posix-upload",
+      name: "browser.upload.arm",
+      traceId: "trace:posix:upload",
+      arguments: {
+        sessionId: "session:posix-root",
+        targetId,
+        files: ["reports/q1.csv"]
+      }
+    });
+
+    expect(uploadResponse.ok).toBe(true);
+    expect(uploadResponse.data).toMatchObject({
+      files: ["/allowed/uploads/reports/q1.csv"]
+    });
+
+    const downloadResponse = await sendToolRequest(input, output, {
+      id: "request-posix-download",
+      name: "browser.download.wait",
+      traceId: "trace:posix:download",
+      arguments: {
+        sessionId: "session:posix-root",
+        targetId,
+        path: "reports/out.bin"
+      }
+    });
+
+    expect(downloadResponse.ok).toBe(true);
+    expect(downloadResponse.data).toMatchObject({
+      download: {
+        path: "/allowed/downloads/reports/out.bin"
+      }
+    });
+
+    const traversalResponse = await sendToolRequest(input, output, {
+      id: "request-posix-download-traversal",
+      name: "browser.download.wait",
+      traceId: "trace:posix:download:traversal",
+      arguments: {
+        sessionId: "session:posix-root",
+        targetId,
+        path: "../escape.bin"
+      }
+    });
+
+    expect(traversalResponse.ok).toBe(false);
+    expect(traversalResponse.error).toMatchObject({
+      code: "E_PERMISSION"
+    });
+
+    runtime.close();
+    input.end();
+    output.end();
+  });
+
   it("rejects download-wait when download root is not configured", async () => {
     const input = new PassThrough();
     const output = new PassThrough();
@@ -811,6 +939,66 @@ describe("browserd bootstrap", () => {
       entries: []
     });
 
+    const consoleFilteredResponse = await sendToolRequest(input, output, {
+      id: "request-console-filtered",
+      name: "browser.console.list",
+      traceId: "trace:tools:console:filtered",
+      arguments: {
+        sessionId: "session:tools",
+        targetId,
+        type: "error",
+        contains: "timeout",
+        since: "2026-01-01T00:00:00.000Z",
+        limit: 10
+      }
+    });
+
+    expect(consoleFilteredResponse.ok).toBe(true);
+    expect(consoleFilteredResponse.data).toEqual({
+      driver: "managed",
+      targetId,
+      entries: []
+    });
+
+    const networkListResponse = await sendToolRequest(input, output, {
+      id: "request-network-list",
+      name: "browser.network.list",
+      traceId: "trace:tools:network:list",
+      arguments: {
+        sessionId: "session:tools",
+        targetId,
+        limit: 20
+      }
+    });
+
+    expect(networkListResponse.ok).toBe(true);
+    expect(networkListResponse.data).toEqual({
+      driver: "managed",
+      targetId,
+      requests: []
+    });
+
+    const harExportResponse = await sendToolRequest(input, output, {
+      id: "request-network-har-export",
+      name: "browser.network.harExport",
+      traceId: "trace:tools:network:har",
+      arguments: {
+        sessionId: "session:tools",
+        targetId
+      }
+    });
+
+    expect(harExportResponse.ok).toBe(true);
+    expect(harExportResponse.data).toMatchObject({
+      driver: "managed",
+      targetId,
+      har: {
+        log: {
+          entries: []
+        }
+      }
+    });
+
     const networkResponse = await sendToolRequest(input, output, {
       id: "request-network",
       name: "browser.network.responseBody",
@@ -831,6 +1019,29 @@ describe("browserd bootstrap", () => {
       encoding: "utf8"
     });
 
+    const traceResponse = await sendToolRequest(input, output, {
+      id: "request-trace-get",
+      name: "browser.trace.get",
+      traceId: "trace:tools:trace",
+      arguments: {
+        sessionId: "session:tools",
+        limit: 50
+      }
+    });
+
+    expect(traceResponse.ok).toBe(true);
+    expect(traceResponse.data).toMatchObject({
+      sessionId: "session:tools"
+    });
+    const tracePayload = traceResponse.data as {
+      steps?: Array<{ tool?: string }>;
+      keyResponses?: Array<{ kind?: string }>;
+    };
+    expect(Array.isArray(tracePayload.steps)).toBe(true);
+    expect(tracePayload.steps?.some((step) => step.tool === "browser.console.list")).toBe(true);
+    expect(Array.isArray(tracePayload.keyResponses)).toBe(true);
+    expect(tracePayload.keyResponses?.some((event) => event.kind === "network.list")).toBe(true);
+
     const screenshotResponse = await sendToolRequest(input, output, {
       id: "request-screenshot",
       name: "browser.screenshot",
@@ -851,6 +1062,332 @@ describe("browserd bootstrap", () => {
     output.end();
   });
 
+  it("enforces domain allowlist for tab.open", async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const runtime = bootstrapBrowserd({
+      env: createTestEnv({
+        BROWSERD_DEFAULT_DRIVER: "managed",
+        BROWSERD_DOMAIN_ALLOWLIST_MODE: "enforce",
+        BROWSERD_DOMAIN_ALLOWLIST: "example.com,*.corp.local"
+      }),
+      input,
+      output,
+      stdioProtocol: "legacy"
+    });
+
+    const allowed = await sendToolRequest(input, output, {
+      id: "request-domain-allowed",
+      name: "browser.tab.open",
+      traceId: "trace:domain:allowed",
+      arguments: {
+        sessionId: "finance:domain-allowed",
+        url: "https://example.com/home"
+      }
+    });
+
+    expect(allowed.ok).toBe(true);
+
+    const blocked = await sendToolRequest(input, output, {
+      id: "request-domain-blocked",
+      name: "browser.tab.open",
+      traceId: "trace:domain:blocked",
+      arguments: {
+        sessionId: "finance:domain-blocked",
+        url: "https://evil.test/home"
+      }
+    });
+
+    expect(blocked.ok).toBe(false);
+    expect(blocked.error).toMatchObject({
+      code: "E_PERMISSION"
+    });
+
+    runtime.close();
+    input.end();
+    output.end();
+  });
+
+  it("enforces domain allowlist for act navigate/goto", async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const runtime = bootstrapBrowserd({
+      env: createTestEnv({
+        BROWSERD_DEFAULT_DRIVER: "managed",
+        BROWSERD_DOMAIN_ALLOWLIST_MODE: "enforce",
+        BROWSERD_DOMAIN_ALLOWLIST: "example.com"
+      }),
+      input,
+      output,
+      stdioProtocol: "legacy"
+    });
+
+    const openResponse = await sendToolRequest(input, output, {
+      id: "request-domain-act-open",
+      name: "browser.tab.open",
+      traceId: "trace:domain:act:open",
+      arguments: {
+        sessionId: "finance:domain-act",
+        url: "https://example.com"
+      }
+    });
+    const targetId = (openResponse.data as { targetId: string }).targetId;
+
+    const actResponse = await sendToolRequest(input, output, {
+      id: "request-domain-act-blocked",
+      name: "browser.act",
+      traceId: "trace:domain:act:blocked",
+      arguments: {
+        sessionId: "finance:domain-act",
+        targetId,
+        action: {
+          type: "navigate",
+          payload: {
+            url: "https://unauthorized.example.net"
+          }
+        }
+      }
+    });
+
+    expect(actResponse.ok).toBe(false);
+    expect(actResponse.error).toMatchObject({
+      code: "E_PERMISSION"
+    });
+
+    runtime.close();
+    input.end();
+    output.end();
+  });
+
+  it("enforces max total session limit", async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const runtime = bootstrapBrowserd({
+      env: createTestEnv({
+        BROWSERD_DEFAULT_DRIVER: "managed",
+        BROWSERD_SESSION_MAX_TOTAL: "1"
+      }),
+      input,
+      output,
+      stdioProtocol: "legacy"
+    });
+
+    const first = await sendToolRequest(input, output, {
+      id: "request-session-limit-first",
+      name: "browser.status",
+      traceId: "trace:session-limit:first",
+      arguments: {
+        sessionId: "team-a:first"
+      }
+    });
+    expect(first.ok).toBe(true);
+
+    const second = await sendToolRequest(input, output, {
+      id: "request-session-limit-second",
+      name: "browser.status",
+      traceId: "trace:session-limit:second",
+      arguments: {
+        sessionId: "team-b:second"
+      }
+    });
+    expect(second.ok).toBe(false);
+    expect(second.error).toMatchObject({
+      code: "E_CONFLICT"
+    });
+
+    runtime.close();
+    input.end();
+    output.end();
+  });
+
+  it("enforces tenant prefix, allowlist, and per-tenant session limit", async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const runtime = bootstrapBrowserd({
+      env: createTestEnv({
+        BROWSERD_DEFAULT_DRIVER: "managed",
+        BROWSERD_SESSION_REQUIRE_TENANT_PREFIX: "true",
+        BROWSERD_TENANT_ALLOWLIST: "finance,ops",
+        BROWSERD_SESSION_MAX_TOTAL: "10",
+        BROWSERD_SESSION_MAX_PER_TENANT: "1"
+      }),
+      input,
+      output,
+      stdioProtocol: "legacy"
+    });
+
+    const missingTenant = await sendToolRequest(input, output, {
+      id: "request-tenant-missing",
+      name: "browser.status",
+      traceId: "trace:tenant:missing",
+      arguments: {
+        sessionId: "missingTenant"
+      }
+    });
+    expect(missingTenant.ok).toBe(false);
+    expect(missingTenant.error).toMatchObject({
+      code: "E_PERMISSION"
+    });
+
+    const disallowedTenant = await sendToolRequest(input, output, {
+      id: "request-tenant-disallowed",
+      name: "browser.status",
+      traceId: "trace:tenant:disallowed",
+      arguments: {
+        sessionId: "personal:task-1"
+      }
+    });
+    expect(disallowedTenant.ok).toBe(false);
+    expect(disallowedTenant.error).toMatchObject({
+      code: "E_PERMISSION"
+    });
+
+    const financeFirst = await sendToolRequest(input, output, {
+      id: "request-tenant-finance-first",
+      name: "browser.status",
+      traceId: "trace:tenant:finance:first",
+      arguments: {
+        sessionId: "finance:task-1"
+      }
+    });
+    expect(financeFirst.ok).toBe(true);
+
+    const financeSecond = await sendToolRequest(input, output, {
+      id: "request-tenant-finance-second",
+      name: "browser.status",
+      traceId: "trace:tenant:finance:second",
+      arguments: {
+        sessionId: "finance:task-2"
+      }
+    });
+    expect(financeSecond.ok).toBe(false);
+    expect(financeSecond.error).toMatchObject({
+      code: "E_CONFLICT"
+    });
+
+    const opsFirst = await sendToolRequest(input, output, {
+      id: "request-tenant-ops-first",
+      name: "browser.status",
+      traceId: "trace:tenant:ops:first",
+      arguments: {
+        sessionId: "ops:task-1"
+      }
+    });
+    expect(opsFirst.ok).toBe(true);
+
+    runtime.close();
+    input.end();
+    output.end();
+  });
+
+  it("supports session-list and session-drop governance tools", async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const runtime = bootstrapBrowserd({
+      env: createTestEnv({
+        BROWSERD_DEFAULT_DRIVER: "managed"
+      }),
+      input,
+      output,
+      stdioProtocol: "legacy"
+    });
+
+    const financeStatus = await sendToolRequest(input, output, {
+      id: "request-session-governance-finance",
+      name: "browser.status",
+      traceId: "trace:session-governance:finance",
+      arguments: {
+        sessionId: "finance:task-1"
+      }
+    });
+    expect(financeStatus.ok).toBe(true);
+
+    const opsStatus = await sendToolRequest(input, output, {
+      id: "request-session-governance-ops",
+      name: "browser.status",
+      traceId: "trace:session-governance:ops",
+      arguments: {
+        sessionId: "ops:task-1"
+      }
+    });
+    expect(opsStatus.ok).toBe(true);
+
+    const listBeforeDrop = await sendToolRequest(input, output, {
+      id: "request-session-list-before",
+      name: "browser.session.list",
+      traceId: "trace:session-governance:list:before",
+      arguments: {
+        sessionId: "finance:task-1",
+        limit: 20
+      }
+    });
+    expect(listBeforeDrop.ok).toBe(true);
+    const listPayloadBeforeDrop = listBeforeDrop.data as { sessions: Array<{ sessionId: string }> };
+    expect(Array.isArray(listPayloadBeforeDrop.sessions)).toBe(true);
+    expect(listPayloadBeforeDrop.sessions.some((entry) => entry.sessionId === "ops:task-1")).toBe(true);
+
+    const dropResponse = await sendToolRequest(input, output, {
+      id: "request-session-drop",
+      name: "browser.session.drop",
+      traceId: "trace:session-governance:drop",
+      arguments: {
+        sessionId: "finance:task-1",
+        sessionIdToDelete: "ops:task-1"
+      }
+    });
+    expect(dropResponse.ok).toBe(false);
+    expect(dropResponse.error).toMatchObject({
+      code: "E_PERMISSION"
+    });
+
+    const listAfterDrop = await sendToolRequest(input, output, {
+      id: "request-session-list-after",
+      name: "browser.session.list",
+      traceId: "trace:session-governance:list:after",
+      arguments: {
+        sessionId: "finance:task-1",
+        limit: 20
+      }
+    });
+    expect(listAfterDrop.ok).toBe(true);
+    const listPayloadAfterDrop = listAfterDrop.data as { sessions: Array<{ sessionId: string }> };
+    expect(listPayloadAfterDrop.sessions.some((entry) => entry.sessionId === "ops:task-1")).toBe(true);
+
+    const selfDropResponse = await sendToolRequest(input, output, {
+      id: "request-session-drop-self",
+      name: "browser.session.drop",
+      traceId: "trace:session-governance:drop:self",
+      arguments: {
+        sessionId: "finance:task-1",
+        sessionIdToDelete: "finance:task-1"
+      }
+    });
+    expect(selfDropResponse.ok).toBe(true);
+    expect(selfDropResponse.data).toMatchObject({
+      sessionIdToDelete: "finance:task-1",
+      dropped: true
+    });
+
+    const listAfterSelfDrop = await sendToolRequest(input, output, {
+      id: "request-session-list-after-self-drop",
+      name: "browser.session.list",
+      traceId: "trace:session-governance:list:after:self",
+      arguments: {
+        sessionId: "ops:task-1",
+        limit: 20
+      }
+    });
+    expect(listAfterSelfDrop.ok).toBe(true);
+    const listPayloadAfterSelfDrop = listAfterSelfDrop.data as {
+      sessions: Array<{ sessionId: string }>;
+    };
+    expect(listPayloadAfterSelfDrop.sessions.some((entry) => entry.sessionId === "finance:task-1")).toBe(false);
+
+    runtime.close();
+    input.end();
+    output.end();
+  });
+
   it("preserves id and trace/session metadata when queue-level error handling runs", async () => {
     const input = new PassThrough();
     const output = new PassThrough();