@geometra/mcp 1.59.0 → 1.60.0

package/dist/__tests__/server-filters.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/__tests__/server-filters.test.js

@@ -1,57 +0,0 @@
-import { describe, expect, it } from 'vitest';
-import { findNodes } from '../server.js';
-function node(role, bounds, options) {
-    return {
-        role,
-        ...(options?.name ? { name: options.name } : {}),
-        ...(options?.value ? { value: options.value } : {}),
-        ...(options?.state ? { state: options.state } : {}),
-        ...(options?.validation ? { validation: options.validation } : {}),
-        bounds,
-        path: options?.path ?? [],
-        children: options?.children ?? [],
-        focusable: options?.focusable ?? false,
-    };
-}
-describe('findNodes', () => {
-    it('matches value and checked-state filters generically', () => {
-        const tree = node('group', { x: 0, y: 0, width: 800, height: 600 }, {
-            children: [
-                node('combobox', { x: 20, y: 20, width: 260, height: 36 }, {
-                    path: [0],
-                    name: 'Location',
-                    value: 'Austin, Texas, United States',
-                    focusable: true,
-                }),
-                node('textbox', { x: 20, y: 120, width: 260, height: 36 }, {
-                    path: [1],
-                    name: 'Email',
-                    focusable: true,
-                    state: { invalid: true, required: true, busy: true },
-                    validation: { error: 'Please enter a valid email address.' },
-                }),
-                node('checkbox', { x: 20, y: 72, width: 24, height: 24 }, {
-                    path: [2],
-                    name: 'Notion Website',
-                    state: { checked: true },
-                    focusable: true,
-                }),
-            ],
-        });
-        expect(findNodes(tree, { value: 'Austin, Texas' })).toEqual([
-            expect.objectContaining({ role: 'combobox', name: 'Location' }),
-        ]);
-        expect(findNodes(tree, { text: 'United States' })).toEqual([
-            expect.objectContaining({ role: 'combobox', value: 'Austin, Texas, United States' }),
-        ]);
-        expect(findNodes(tree, { invalid: true, required: true, busy: true })).toEqual([
-            expect.objectContaining({ role: 'textbox', name: 'Email' }),
-        ]);
-        expect(findNodes(tree, { text: 'valid email address' })).toEqual([
-            expect.objectContaining({ role: 'textbox', name: 'Email' }),
-        ]);
-        expect(findNodes(tree, { role: 'checkbox', checked: true })).toEqual([
-            expect.objectContaining({ name: 'Notion Website' }),
-        ]);
-    });
-});

package/dist/__tests__/server-session-resolution.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/__tests__/server-session-resolution.test.js

@@ -1,88 +0,0 @@
-import { beforeEach, describe, expect, it, vi } from 'vitest';
-const mockState = vi.hoisted(() => ({
-    pruneDisconnectedSessions: vi.fn(() => []),
-    resolveSession: vi.fn(() => ({ kind: 'none' })),
-}));
-vi.mock('../session.js', () => ({
-    connect: vi.fn(),
-    connectThroughProxy: vi.fn(),
-    disconnect: vi.fn(),
-    pruneDisconnectedSessions: mockState.pruneDisconnectedSessions,
-    resolveSession: mockState.resolveSession,
-    listSessions: vi.fn(() => []),
-    getDefaultSessionId: vi.fn(() => null),
-    prewarmProxy: vi.fn(),
-    sendClick: vi.fn(),
-    sendFillFields: vi.fn(),
-    sendFillOtp: vi.fn(),
-    sendType: vi.fn(),
-    sendKey: vi.fn(),
-    sendFileUpload: vi.fn(),
-    sendFieldText: vi.fn(),
-    sendFieldChoice: vi.fn(),
-    sendListboxPick: vi.fn(),
-    sendSelectOption: vi.fn(),
-    sendSetChecked: vi.fn(),
-    sendWheel: vi.fn(),
-    sendScreenshot: vi.fn(),
-    sendPdfGenerate: vi.fn(),
-    buildA11yTree: vi.fn(),
-    buildCompactUiIndex: vi.fn(() => ({ nodes: [], context: {} })),
-    buildFormRequiredSnapshot: vi.fn(() => []),
-    buildPageModel: vi.fn(),
-    buildFormSchemas: vi.fn(() => []),
-    expandPageSection: vi.fn(),
-    buildUiDelta: vi.fn(() => ({})),
-    hasUiDelta: vi.fn(() => false),
-    nodeIdForPath: vi.fn(),
-    nodeContextForNode: vi.fn(),
-    parseSectionId: vi.fn(),
-    findNodeByPath: vi.fn(),
-    summarizeCompactIndex: vi.fn(() => ''),
-    summarizePageModel: vi.fn(() => ''),
-    summarizeUiDelta: vi.fn(() => ''),
-    waitForUiCondition: vi.fn(),
-}));
-const { createServer } = await import('../server.js');
-function getToolHandler(name) {
-    const server = createServer();
-    return server._registeredTools[name].handler;
-}
-describe('server session resolution', () => {
-    beforeEach(() => {
-        vi.clearAllMocks();
-        mockState.pruneDisconnectedSessions.mockReturnValue([]);
-        mockState.resolveSession.mockReturnValue({ kind: 'none' });
-    });
-    it('prunes disconnected sessions before resolving explicit session ids', async () => {
-        const handler = getToolHandler('geometra_query');
-        mockState.pruneDisconnectedSessions.mockReturnValue(['s7']);
-        mockState.resolveSession.mockReturnValue({
-            kind: 'not_found',
-            id: 's7',
-            activeIds: [],
-        });
-        const result = await handler({ sessionId: 's7', role: 'button' });
-        expect(result.isError).toBe(true);
-        expect(result.content[0].text).toContain('session_not_found: no active session with id "s7"');
-        expect(result.content[0].text).toContain('disconnected or expired');
-        expect(mockState.pruneDisconnectedSessions).toHaveBeenCalledTimes(1);
-        expect(mockState.resolveSession).toHaveBeenCalledWith('s7');
-    });
-    it('preserves ambiguous-session errors after pruning disconnected sessions', async () => {
-        const handler = getToolHandler('geometra_query');
-        mockState.pruneDisconnectedSessions.mockReturnValue(['s3']);
-        mockState.resolveSession.mockReturnValue({
-            kind: 'ambiguous',
-            activeIds: ['s1', 's2'],
-            isolatedIds: ['s2'],
-        });
-        const result = await handler({ role: 'button' });
-        expect(result.isError).toBe(true);
-        expect(result.content[0].text).toContain('multiple_active_sessions_provide_id');
-        expect(result.content[0].text).toContain('s1, s2');
-        expect(result.content[0].text).toContain('isolated: s2');
-        expect(mockState.pruneDisconnectedSessions).toHaveBeenCalledTimes(1);
-        expect(mockState.resolveSession).toHaveBeenCalledWith(undefined);
-    });
-});

package/dist/__tests__/session-isolation.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/__tests__/session-isolation.test.js

@@ -1,308 +0,0 @@
-/**
- * Integration test for `connectThroughProxy({ isolated: true })`.
- *
- * Setup: a tiny HTTP server serves an HTML page that, on first visit, writes
- * a path-tagged marker to `localStorage` if one isn't already set, then
- * renders the marker text into an `<h1>`. The marker is therefore set ONCE
- * per browser instance, regardless of how many navigations happen.
- *
- * Two scenarios verify the isolated flag's behavior:
- *
- * 1. **Pooled (default)**: connect to `/page-a`, disconnect (the proxy
- *    enters the reusable pool), then connect to `/page-b`. The second
- *    connect attaches to the same pooled proxy, which navigates the
- *    existing Chromium from /page-a to /page-b — but the browser's
- *    localStorage still has `marker-from-/page-a`, so the second session
- *    SEES THE FIRST SESSION'S MARKER. This documents the contamination
- *    that breaks parallel form submission against real apply flows.
- *
- * 2. **Isolated**: same connect/disconnect/connect sequence, but with
- *    `isolated: true`. Each connect spawns a brand-new Chromium with
- *    empty storage, so the second session sees its own marker, not the
- *    first's. This is the fix.
- *
- * The point of having both cases in one test file is so that future edits
- * to the pool code can't quietly break the isolation guarantee — both
- * paths run end-to-end against real Chromium and assert on the actual
- * post-navigation a11y tree the MCP would expose to a tool call.
- */
-import { afterEach, beforeAll, describe, expect, it } from 'vitest';
-import http from 'node:http';
-import { buildA11yTree, connectThroughProxy, disconnect, getDefaultSessionId, resolveSession, } from '../session.js';
-const PAGE_HTML = `<!doctype html>
-<html>
-  <head><title>isolation-fixture</title></head>
-  <body>
-    <h1 id="marker"></h1>
-    <script>
-      const stored = localStorage.getItem('isolation-marker')
-      if (!stored) {
-        // First visit in this browser instance — set a path-tagged marker.
-        localStorage.setItem('isolation-marker', 'marker-from-' + location.pathname)
-      }
-      document.getElementById('marker').textContent =
-        localStorage.getItem('isolation-marker') || 'marker-missing'
-    </script>
-  </body>
-</html>`;
-let baseUrl;
-let server;
-function findHeadingText(node) {
-    if (!node)
-        return undefined;
-    if (node.role === 'heading') {
-        const name = (node.name ?? '').trim();
-        if (name)
-            return name;
-    }
-    for (const child of node.children ?? []) {
-        const found = findHeadingText(child);
-        if (found)
-            return found;
-    }
-    return undefined;
-}
-function currentA11y(session) {
-    if (!session.tree || !session.layout)
-        return null;
-    return buildA11yTree(session.tree, session.layout);
-}
-async function waitForMarkerText(session, expectedPrefix, timeoutMs = 6_000) {
-    const deadline = Date.now() + timeoutMs;
-    while (Date.now() < deadline) {
-        const text = findHeadingText(currentA11y(session));
-        if (text && text.startsWith(expectedPrefix))
-            return text;
-        await new Promise(r => setTimeout(r, 100));
-    }
-    throw new Error(`Timed out waiting for heading text starting with "${expectedPrefix}". ` +
-        `Last seen: ${JSON.stringify(findHeadingText(currentA11y(session)) ?? null)}`);
-}
-describe('connectThroughProxy({ isolated: true })', () => {
-    beforeAll(async () => {
-        server = http.createServer((req, res) => {
-            const url = req.url ?? '/';
-            if (url === '/page-a' || url === '/page-b') {
-                res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' });
-                res.end(PAGE_HTML);
-                return;
-            }
-            res.writeHead(404);
-            res.end();
-        });
-        await new Promise((resolve, reject) => {
-            server.once('error', reject);
-            server.listen(0, '127.0.0.1', () => resolve());
-        });
-        const address = server.address();
-        baseUrl = `http://127.0.0.1:${address.port}`;
-    });
-    afterEach(() => {
-        // Force-close everything so the next test starts with no pooled proxies.
-        disconnect({ closeProxy: true });
-    });
-    it('isolated sessions get independent localStorage between connects', async () => {
-        // First isolated session against /page-a.
-        const sessionA = await connectThroughProxy({
-            pageUrl: `${baseUrl}/page-a`,
-            headless: true,
-            isolated: true,
-        });
-        expect(sessionA.isolated).toBe(true);
-        const markerA = await waitForMarkerText(sessionA, 'marker-from-');
-        expect(markerA).toBe('marker-from-/page-a');
-        // Disconnect — because the session is isolated, this MUST destroy the
-        // underlying Chromium. The next connect cannot attach to it.
-        disconnect({ sessionId: sessionA.id });
-        // Second isolated session against /page-b. Because each isolated
-        // session gets its own brand-new Chromium, /page-b's first-visit
-        // script runs against an empty localStorage and writes its own marker.
-        const sessionB = await connectThroughProxy({
-            pageUrl: `${baseUrl}/page-b`,
-            headless: true,
-            isolated: true,
-        });
-        expect(sessionB.isolated).toBe(true);
-        const markerB = await waitForMarkerText(sessionB, 'marker-from-');
-        // Critical assertion: sessionB does NOT see sessionA's marker.
-        expect(markerB).toBe('marker-from-/page-b');
-        expect(markerB).not.toBe(markerA);
-        disconnect({ sessionId: sessionB.id });
-    }, 30_000);
-    it('pooled (default) sessions DO leak localStorage — documents the bug isolated fixes', async () => {
-        // First pooled session against /page-a. The proxy will be eligible
-        // for reuse after disconnect.
-        const sessionA = await connectThroughProxy({
-            pageUrl: `${baseUrl}/page-a`,
-            headless: true,
-            // isolated: false (default)
-        });
-        expect(sessionA.isolated).toBeFalsy();
-        const markerA = await waitForMarkerText(sessionA, 'marker-from-');
-        expect(markerA).toBe('marker-from-/page-a');
-        // Disconnect WITHOUT closing the proxy — leaves it in the reusable pool.
-        disconnect({ sessionId: sessionA.id, closeProxy: false });
-        // Second pooled session against a *different* URL. The pool will
-        // attach the existing Chromium and navigate it to /page-b, but the
-        // browser still has /page-a's localStorage, so /page-b's first-visit
-        // script sees the existing marker and doesn't overwrite it.
-        const sessionB = await connectThroughProxy({
-            pageUrl: `${baseUrl}/page-b`,
-            headless: true,
-        });
-        const markerB = await waitForMarkerText(sessionB, 'marker-from-');
-        // Documents the contamination: the second session sees the first
-        // session's marker because they share a browser via the pool.
-        expect(markerB).toBe('marker-from-/page-a');
-        disconnect({ sessionId: sessionB.id, closeProxy: true });
-    }, 30_000);
-    it('serializes concurrent default connects to a pooled proxy onto a single session', async () => {
-        // Regression for the per-proxy attach race. Before the attachLock fix,
-        // two concurrent connectThroughProxy calls that both picked the same
-        // pooled proxy entry could both pass attachToReusableProxy's
-        // "reusedExistingSession" check (because neither's session was in
-        // activeSessions yet — connect() runs first) and then both call
-        // connect(proxy.wsUrl), creating two distinct WebSocket sessions
-        // bound to the same Chromium. Two agents would silently mutate the
-        // same DOM. With the lock, the second connect waits for the first,
-        // re-picks via findReusableProxy, and takes the reusedExistingSession
-        // branch — both calls return the same Session object.
-        //
-        // Step 1: warm the pool with a single connect+disconnect so the next
-        // connects find an existing entry. Cold-start parallel connects
-        // legitimately create separate browsers (no shared state to leak), so
-        // the race only matters when the pool is already populated.
-        const warmup = await connectThroughProxy({
-            pageUrl: `${baseUrl}/page-a`,
-            headless: true,
-        });
-        disconnect({ sessionId: warmup.id, closeProxy: false });
-        // Step 2: fire two concurrent connects. Without the lock, both would
-        // call connect(proxy.wsUrl) and create distinct sessions bound to the
-        // same browser. With the lock, the second waits for the first to bind,
-        // then sees the bound session and reuses it.
-        const [sessionA, sessionB] = await Promise.all([
-            connectThroughProxy({ pageUrl: `${baseUrl}/page-a`, headless: true }),
-            connectThroughProxy({ pageUrl: `${baseUrl}/page-a`, headless: true }),
-        ]);
-        // Both connects must converge on the same underlying session. If they
-        // don't, the race re-emerged: two agents would race in the same browser.
-        expect(sessionA.id).toBe(sessionB.id);
-        disconnect({ sessionId: sessionA.id, closeProxy: true });
-    }, 30_000);
-    // ── Bug #1 regression: parallel isolated sessions must never share a
-    // default pointer, and tool-call resolution must refuse to implicitly
-    // route to an isolated session when no sessionId is passed.
-    it('three parallel isolated sessions stay strictly independent — no shared default, strict id routing', async () => {
-        // Spawn three isolated sessions in parallel, each pinned to a
-        // different local URL. Each session gets its own Chromium instance
-        // (isolated: true forces a fresh proxy every time), and each tool
-        // call in real usage would address its session by the returned id.
-        const [sessionA, sessionB, sessionC] = await Promise.all([
-            connectThroughProxy({
-                pageUrl: `${baseUrl}/page-a`,
-                headless: true,
-                isolated: true,
-            }),
-            connectThroughProxy({
-                pageUrl: `${baseUrl}/page-b`,
-                headless: true,
-                isolated: true,
-            }),
-            connectThroughProxy({
-                pageUrl: `${baseUrl}/page-a`,
-                headless: true,
-                isolated: true,
-            }),
-        ]);
-        try {
-            // Invariant 1: every isolated session is flagged, and all three got
-            // distinct session ids (no collision).
-            expect(sessionA.isolated).toBe(true);
-            expect(sessionB.isolated).toBe(true);
-            expect(sessionC.isolated).toBe(true);
-            expect(new Set([sessionA.id, sessionB.id, sessionC.id]).size).toBe(3);
-            // Invariant 2: the implicit default-session pointer must not be set
-            // to any of these isolated sessions. This is the contamination fix —
-            // before v1.43, `connect()` unconditionally set defaultSessionId to
-            // whichever session most recently finished connecting, so parallel
-            // workers without an explicit sessionId would race onto each
-            // other's browsers.
-            const implicitDefault = getDefaultSessionId();
-            expect(implicitDefault).toBeNull();
-            // Invariant 3: resolveSession() with no id must refuse to pick any
-            // of these isolated sessions. Callers that omit sessionId get an
-            // ambiguous error and are forced to pass an explicit id.
-            const ambiguous = resolveSession();
-            expect(ambiguous.kind).toBe('ambiguous');
-            if (ambiguous.kind === 'ambiguous') {
-                expect(ambiguous.activeIds).toEqual(expect.arrayContaining([sessionA.id, sessionB.id, sessionC.id]));
-                expect(ambiguous.isolatedIds).toEqual(expect.arrayContaining([sessionA.id, sessionB.id, sessionC.id]));
-            }
-            // Invariant 4: explicit id routing must return exactly the
-            // requested session — never a peer — even under parallel load.
-            const lookupA = resolveSession(sessionA.id);
-            const lookupB = resolveSession(sessionB.id);
-            const lookupC = resolveSession(sessionC.id);
-            expect(lookupA.kind).toBe('ok');
-            expect(lookupB.kind).toBe('ok');
-            expect(lookupC.kind).toBe('ok');
-            if (lookupA.kind === 'ok')
-                expect(lookupA.session).toBe(sessionA);
-            if (lookupB.kind === 'ok')
-                expect(lookupB.session).toBe(sessionB);
-            if (lookupC.kind === 'ok')
-                expect(lookupC.session).toBe(sessionC);
-            // Invariant 5: each session's page still reads its own per-URL
-            // marker. This is the end-to-end "different browsers" check —
-            // even though they share the same MCP server process, the
-            // underlying Chromium / localStorage is distinct per session.
-            const [markerA, markerB, markerC] = await Promise.all([
-                waitForMarkerText(sessionA, 'marker-from-'),
-                waitForMarkerText(sessionB, 'marker-from-'),
-                waitForMarkerText(sessionC, 'marker-from-'),
-            ]);
-            expect(markerA).toBe('marker-from-/page-a');
-            expect(markerB).toBe('marker-from-/page-b');
-            expect(markerC).toBe('marker-from-/page-a');
-            // Invariant 6: looking up a session id that no longer exists must
-            // return `not_found` with the full active-id list, NEVER silently
-            // fall back to the default. This is the v1.42-era contamination
-            // vector: workers were seeing their tool calls routed to whatever
-            // the "most recent" session happened to be.
-            disconnect({ sessionId: sessionB.id, closeProxy: true });
-            const afterDisconnect = resolveSession(sessionB.id);
-            expect(afterDisconnect.kind).toBe('not_found');
-            if (afterDisconnect.kind === 'not_found') {
-                expect(afterDisconnect.id).toBe(sessionB.id);
-            }
-            // And the implicit default is STILL null — disconnecting one
-            // isolated session doesn't promote the next one to default.
-            expect(getDefaultSessionId()).toBeNull();
-        }
-        finally {
-            disconnect({ sessionId: sessionA.id, closeProxy: true });
-            disconnect({ sessionId: sessionC.id, closeProxy: true });
-        }
-    }, 60_000);
-    it('a single non-isolated session DOES become the implicit default (back-compat)', async () => {
-        // Single pooled session — the default-fallback behavior is retained
-        // for callers that don't pass sessionId and aren't running in
-        // parallel. This preserves every existing single-worker script.
-        const session = await connectThroughProxy({
-            pageUrl: `${baseUrl}/page-a`,
-            headless: true,
-        });
-        try {
-            expect(session.isolated).toBeFalsy();
-            expect(getDefaultSessionId()).toBe(session.id);
-            const resolved = resolveSession();
-            expect(resolved.kind).toBe('ok');
-            if (resolved.kind === 'ok')
-                expect(resolved.session.id).toBe(session.id);
-        }
-        finally {
-            disconnect({ sessionId: session.id, closeProxy: true });
-        }
-    }, 30_000);
-});

package/dist/__tests__/session-model.test.d.ts

@@ -1 +0,0 @@
-export {};