@hydra-acp/browser 0.1.0

package/dist/server/routes-sessions.js

@@ -0,0 +1,104 @@
+import { HydraRestError } from "../hydra/client.js";
+import { UpstreamConnection, runInitialize } from "../hydra/ws.js";
+import { logger } from "../util/log.js";
+const log = logger("routes-sessions");
+export function registerSessionRoutes(app, ctx) {
+    app.get("/api/health", { config: { skipAuth: true } }, async (_request, reply) => {
+        try {
+            const upstream = await ctx.rest.health();
+            reply.send({ status: "ok", upstream });
+        }
+        catch (err) {
+            reply
+                .code(502)
+                .send({ status: "degraded", error: err.message });
+        }
+    });
+    app.get("/api/sessions", async (request, reply) => {
+        const query = request.query;
+        const all = query?.all === "true" || query?.all === "1";
+        try {
+            const result = await ctx.rest.listSessions({ cwd: query?.cwd, all });
+            reply.send(result);
+        }
+        catch (err) {
+            const status = err instanceof HydraRestError ? err.status : 502;
+            reply.code(status).send({ error: err.message });
+        }
+    });
+    app.post("/api/kill", async (request, reply) => {
+        const body = (request.body ?? {});
+        if (!body.sessionId) {
+            reply.code(400).send({ error: "sessionId required" });
+            return;
+        }
+        try {
+            await ctx.rest.deleteSession(body.sessionId);
+            reply.code(204).send();
+        }
+        catch (err) {
+            const status = err instanceof HydraRestError ? err.status : 502;
+            reply.code(status).send({ error: err.message });
+        }
+    });
+    app.post("/api/sessions", async (request, reply) => {
+        const body = (request.body ?? {});
+        if (!body.cwd || typeof body.cwd !== "string") {
+            reply.code(400).send({ error: "cwd required" });
+            return;
+        }
+        try {
+            const result = await createSession(ctx, body);
+            reply.code(201).send(result);
+        }
+        catch (err) {
+            log.warn(`session creation failed: ${err.message}`);
+            reply.code(502).send({ error: err.message });
+        }
+    });
+}
+// Open a transient WSS to hydra, initialize, session/new (with name in
+// _meta), optionally session/prompt, close. Returns the new sessionId.
+async function createSession(ctx, body) {
+    const conn = new UpstreamConnection({
+        daemonWsUrl: ctx.config.hydraWsUrl,
+        token: ctx.config.hydraToken,
+        clientName: "hydra-acp-browser-session",
+    });
+    const opened = new Promise((resolveOpen, rejectOpen) => {
+        conn.once("open", () => resolveOpen());
+        conn.once("error", (err) => rejectOpen(err));
+        conn.once("close", () => rejectOpen(new Error("upstream closed")));
+    });
+    conn.start();
+    await opened;
+    try {
+        await runInitialize(conn);
+        const newParams = {
+            cwd: body.cwd,
+            mcpServers: [],
+        };
+        if (body.agentId) {
+            newParams.agentId = body.agentId;
+        }
+        if (body.name) {
+            newParams._meta = { "hydra-acp": { name: body.name } };
+        }
+        const newResult = (await conn.request("session/new", newParams));
+        if (body.prompt && body.prompt.trim().length > 0) {
+            await conn.request("session/prompt", {
+                sessionId: newResult.sessionId,
+                prompt: [{ type: "text", text: body.prompt }],
+            });
+        }
+        return {
+            sessionId: newResult.sessionId,
+            agentId: body.agentId,
+            cwd: body.cwd,
+        };
+    }
+    finally {
+        conn.stop();
+    }
+}
+//# sourceMappingURL=routes-sessions.js.map

package/dist/server/routes-sessions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes-sessions.js","sourceRoot":"","sources":["../../src/server/routes-sessions.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAGxC,MAAM,GAAG,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAatC,MAAM,UAAU,qBAAqB,CACnC,GAAoB,EACpB,GAAkB;IAElB,GAAG,CAAC,GAAG,CACL,aAAa,EACb,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,EAC9B,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE;QACxB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QACzC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK;iBACF,IAAI,CAAC,GAAG,CAAC;iBACT,IAAI,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAmD,CAAC;QAC1E,MAAM,GAAG,GAAG,KAAK,EAAE,GAAG,KAAK,MAAM,IAAI,KAAK,EAAE,GAAG,KAAK,GAAG,CAAC;QACxD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;YACrE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,GAAG,YAAY,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC;YAChE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAC7C,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAa,CAAC;QAC9C,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC;YACtD,OAAO;QACT,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7C,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACzB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,GAAG,YAAY,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC;YAChE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACjD,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAsB,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC9C,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QACD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC9C,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,4BAA6B,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/D,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAQD,uEAAuE;AACvE,uEAAuE;AACvE,KAAK,UAAU,aAAa,CAC1B,GAAkB,EAClB,IAAuB;IAEvB,MAAM,IAAI,GAAG,IAAI,kBAAkB,CAAC;QAClC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,UAAU;QAClC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,UAAU;QAC5B,UAAU,EAAE,2BAA2B;KACxC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,IAAI,OAAO,CAAO,CAAC,WAAW,EAAE,UAAU,EAAE,EAAE;QAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IACH,IAAI,CAAC,KAAK,EAAE,CAAC;IACb,MAAM,MAAM,CAAC;IAEb,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC;QAC1B,MAAM,SAAS,GAA4B;YACzC,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,UAAU,EAAE,EAAE;SACf,CAAC;QACF,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QACnC,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,SAAS,CAAC,KAAK,GAAG,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QACzD,CAAC;QACD,MAAM,SAAS,GAAG,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,SAAS,CAAC,CAG9D,CAAC;QACF,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE;gBACnC,SAAS,EAAE,SAAS,CAAC,SAAS;gBAC9B,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;aAC9C,CAAC,CAAC;QACL,CAAC;QACD,OAAO;YACL,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,GAAG,EAAE,IAAI,CAAC,GAAI;SACf,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/server/title-cache.js

@@ -0,0 +1,59 @@
+// Per-session title fallback cache. Hydra only stores the title that
+// was passed at session/new (typically the editor's frame name, or
+// nothing for sessions spawned through the browser). When a tab sends
+// its first session/prompt frame, we seed an entry here from the prompt
+// text — the routes-sessions handler folds this into /api/sessions
+// responses for any session whose hydra-side title is empty, so the
+// list view and chat topbar show something more informative than the
+// raw sessionId. Mirrors what acp-hydra-slack does in the slack thread
+// header.
+//
+// Lives in process memory only. A daemon restart loses it; the next
+// prompt re-seeds.
+const seededTitles = new Map();
+export function seedSessionTitle(sessionId, text) {
+    if (seededTitles.has(sessionId)) {
+        return;
+    }
+    const seed = firstLine(text, 100);
+    if (!seed) {
+        return;
+    }
+    seededTitles.set(sessionId, seed);
+}
+export function getSeededTitle(sessionId) {
+    return seededTitles.get(sessionId);
+}
+// First non-empty line of `text`, truncated to `max` chars with a
+// trailing ellipsis if needed. Returns undefined if `text` is all
+// whitespace.
+function firstLine(text, max) {
+    for (const raw of text.split(/\r?\n/)) {
+        const line = raw.trim();
+        if (!line) {
+            continue;
+        }
+        return line.length > max ? `${line.slice(0, max)}…` : line;
+    }
+    return undefined;
+}
+// Pull text out of an ACP session/prompt request's `prompt` field, which
+// is an array of content blocks like `{type: "text", text: "..."}`.
+// Concatenates all text blocks; ignores image/other blocks.
+export function extractPromptText(params) {
+    if (!params || typeof params !== "object") {
+        return "";
+    }
+    const blocks = params.prompt;
+    if (!Array.isArray(blocks)) {
+        return typeof blocks === "string" ? blocks : "";
+    }
+    let out = "";
+    for (const b of blocks) {
+        if (b && typeof b === "object" && typeof b.text === "string") {
+            out += b.text;
+        }
+    }
+    return out;
+}
+//# sourceMappingURL=title-cache.js.map

package/dist/server/title-cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"title-cache.js","sourceRoot":"","sources":["../../src/server/title-cache.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,mEAAmE;AACnE,sEAAsE;AACtE,wEAAwE;AACxE,mEAAmE;AACnE,oEAAoE;AACpE,qEAAqE;AACrE,uEAAuE;AACvE,UAAU;AACV,EAAE;AACF,oEAAoE;AACpE,mBAAmB;AAEnB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;AAE/C,MAAM,UAAU,gBAAgB,CAAC,SAAiB,EAAE,IAAY;IAC9D,IAAI,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,OAAO;IACT,CAAC;IACD,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAClC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;IACT,CAAC;IACD,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,SAAiB;IAC9C,OAAO,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;AACrC,CAAC;AAED,kEAAkE;AAClE,kEAAkE;AAClE,cAAc;AACd,SAAS,SAAS,CAAC,IAAY,EAAE,GAAW;IAC1C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,SAAS;QACX,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7D,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,yEAAyE;AACzE,oEAAoE;AACpE,4DAA4D;AAC5D,MAAM,UAAU,iBAAiB,CAAC,MAAe;IAC/C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,MAAM,GAAI,MAA+B,CAAC,MAAM,CAAC;IACvD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,OAAO,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAClD,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAQ,CAAwB,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrF,GAAG,IAAK,CAAsB,CAAC,IAAI,CAAC;QACtC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/server/ws-bridge.js

@@ -0,0 +1,261 @@
+import { WebSocket, WebSocketServer } from "ws";
+import { logger } from "../util/log.js";
+import { UpstreamConnection, isNotification, isRequest, isResponse, runInitialize, } from "../hydra/ws.js";
+import { COOKIE_NAME, constantTimeKeyMatch, parseCookies, } from "./auth.js";
+import { checkStateChanging } from "../util/csrf.js";
+const log = logger("ws-bridge");
+const ALLOWED_BROWSER_REQUEST_METHODS = new Set([
+    "session/prompt",
+    // session/cancel is kept here for backward compat with older browser
+    // builds that frame it as a request. New builds send the notification
+    // form (see ALLOWED_BROWSER_NOTIFICATION_METHODS) per the ACP spec.
+    "session/cancel",
+    "session/set_mode",
+    "session/set_model",
+]);
+const ALLOWED_BROWSER_NOTIFICATION_METHODS = new Set([
+    "session/cancel",
+]);
+const SHORT_CIRCUIT_AGENT_REQUEST_METHODS = new Set([
+    "fs/read_text_file",
+    "fs/write_text_file",
+]);
+export function attachWsBridge(httpServer, ctx) {
+    const wss = new WebSocketServer({ noServer: true });
+    httpServer.on("upgrade", (request, socket, head) => {
+        const url = new URL(request.url ?? "/", "http://placeholder");
+        if (url.pathname !== "/ws") {
+            socket.destroy();
+            return;
+        }
+        const ip = (request.socket.remoteAddress ?? "unknown").toString();
+        if (ctx.rateLimiter.isBlocked(ip)) {
+            socket.write("HTTP/1.1 429 Too Many Requests\r\n\r\n");
+            socket.destroy();
+            return;
+        }
+        const csrf = checkStateChanging(ctx.security, request.headers);
+        if (!csrf.ok) {
+            socket.write(`HTTP/1.1 ${csrf.status} ${csrf.reason}\r\n\r\n`);
+            socket.destroy();
+            return;
+        }
+        const cookies = parseCookies(request.headers.cookie);
+        const provided = cookies.get(COOKIE_NAME);
+        if (!provided || !constantTimeKeyMatch(provided, ctx.authkey)) {
+            ctx.rateLimiter.recordFailure(ip);
+            socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
+            socket.destroy();
+            return;
+        }
+        ctx.rateLimiter.recordSuccess(ip);
+        const sessionId = url.searchParams.get("session");
+        const load = url.searchParams.get("load") === "true";
+        if (!sessionId) {
+            socket.write("HTTP/1.1 400 Bad Request\r\n\r\n");
+            socket.destroy();
+            return;
+        }
+        wss.handleUpgrade(request, socket, head, (browserWs) => {
+            handleConnection(browserWs, request, ctx, sessionId, load);
+        });
+    });
+    return wss;
+}
+function handleConnection(browserWs, _req, ctx, sessionId, load) {
+    log.info(`bridge open session=${sessionId} load=${load}`);
+    const upstream = new UpstreamConnection({
+        daemonWsUrl: ctx.config.hydraWsUrl,
+        token: ctx.config.hydraToken,
+    });
+    // Track ids of outstanding upstream→browser requests so we can validate
+    // browser-supplied responses (and reject responses for unknown ids,
+    // which would otherwise be a path for a compromised tab to spoof
+    // permission outcomes).
+    const outstandingFromUpstream = new Set();
+    let upstreamReady = false;
+    // While the upstream handshake is running we can't yet forward browser
+    // frames. Buffer them and flush once attach completes.
+    const browserBuffer = [];
+    upstream.on("open", () => {
+        void doHandshake().catch((err) => {
+            log.warn(`handshake failed for ${sessionId}: ${err.message}`);
+            sendBrowserError("handshake_failed", err.message);
+            cleanup();
+        });
+    });
+    upstream.on("notification", (n) => {
+        sendBrowserFrame(n);
+    });
+    upstream.on("request", (r) => {
+        if (SHORT_CIRCUIT_AGENT_REQUEST_METHODS.has(r.method)) {
+            // We advertised fs/* off in initialize; if an agent still asks,
+            // refuse rather than expose the user's filesystem to it.
+            upstream.replyError(r.id, -32601, `method not supported: ${r.method}`);
+            return;
+        }
+        outstandingFromUpstream.add(String(r.id));
+        sendBrowserFrame(r);
+    });
+    upstream.on("response", (r) => {
+        sendBrowserFrame(r);
+    });
+    upstream.on("close", ({ code, reason }) => {
+        log.info(`upstream closed session=${sessionId} code=${code} reason=${reason}`);
+        try {
+            browserWs.close();
+        }
+        catch {
+            void 0;
+        }
+    });
+    upstream.on("error", (err) => {
+        log.warn(`upstream error session=${sessionId}: ${err.message}`);
+    });
+    browserWs.on("message", (data, isBinary) => {
+        if (isBinary) {
+            return;
+        }
+        let parsed;
+        try {
+            parsed = JSON.parse(data.toString("utf8"));
+        }
+        catch (err) {
+            log.warn(`browser parse error: ${err.message}`);
+            return;
+        }
+        handleBrowserFrame(parsed);
+    });
+    browserWs.on("close", () => {
+        log.info(`browser closed session=${sessionId}`);
+        cleanup();
+    });
+    browserWs.on("error", (err) => {
+        log.warn(`browser error session=${sessionId}: ${err.message}`);
+    });
+    upstream.start();
+    function handleBrowserFrame(msg) {
+        if (!upstreamReady) {
+            browserBuffer.push(msg);
+            return;
+        }
+        forwardBrowserFrame(msg);
+    }
+    function forwardBrowserFrame(msg) {
+        if (isRequest(msg)) {
+            if (!ALLOWED_BROWSER_REQUEST_METHODS.has(msg.method)) {
+                log.warn(`reject browser request method=${msg.method}`);
+                sendBrowserResponseError(msg.id, -32601, `method not allowed: ${msg.method}`);
+                return;
+            }
+            // Coerce sessionId in params to the URL-bound session so a
+            // compromised tab can't redirect prompts at sessions it doesn't
+            // hold the WS for.
+            const params = msg.params && typeof msg.params === "object"
+                ? { ...msg.params, sessionId }
+                : { sessionId };
+            upstream.sendRaw({
+                jsonrpc: "2.0",
+                id: msg.id,
+                method: msg.method,
+                params,
+            });
+            return;
+        }
+        if (isResponse(msg)) {
+            const idStr = String(msg.id);
+            if (!outstandingFromUpstream.has(idStr)) {
+                log.warn(`reject browser response for unknown id=${idStr}`);
+                return;
+            }
+            outstandingFromUpstream.delete(idStr);
+            upstream.sendRaw(msg);
+            return;
+        }
+        if (isNotification(msg)) {
+            if (!ALLOWED_BROWSER_NOTIFICATION_METHODS.has(msg.method)) {
+                log.debug(`ignore browser notification method=${msg.method}`);
+                return;
+            }
+            // Same sessionId coercion as the request branch: a compromised tab
+            // shouldn't be able to send notifications targeting other sessions.
+            const params = msg.params && typeof msg.params === "object"
+                ? { ...msg.params, sessionId }
+                : { sessionId };
+            upstream.sendRaw({
+                jsonrpc: "2.0",
+                method: msg.method,
+                params,
+            });
+            return;
+        }
+    }
+    function sendBrowserFrame(msg) {
+        if (browserWs.readyState !== WebSocket.OPEN) {
+            return;
+        }
+        browserWs.send(JSON.stringify(msg));
+    }
+    function sendBrowserError(code, message) {
+        sendBrowserFrame({
+            jsonrpc: "2.0",
+            method: "bridge/error",
+            params: { code, message },
+        });
+    }
+    function sendBrowserResponseError(id, code, message) {
+        const resp = {
+            jsonrpc: "2.0",
+            id,
+            error: { code, message },
+        };
+        sendBrowserFrame(resp);
+    }
+    async function doHandshake() {
+        await runInitialize(upstream);
+        if (load) {
+            try {
+                await upstream.request("session/load", { sessionId });
+            }
+            catch (err) {
+                log.warn(`session/load failed for ${sessionId}: ${err.message} — will still attempt attach`);
+            }
+        }
+        await upstream.request("session/attach", {
+            sessionId,
+            historyPolicy: "full",
+            clientInfo: {
+                name: upstream.clientName,
+                version: upstream.clientVersion,
+            },
+        });
+        sendBrowserFrame({
+            jsonrpc: "2.0",
+            method: "bridge/ready",
+            params: { sessionId },
+        });
+        upstreamReady = true;
+        while (browserBuffer.length > 0) {
+            const next = browserBuffer.shift();
+            forwardBrowserFrame(next);
+        }
+    }
+    function cleanup() {
+        upstream.stop();
+        if (browserWs.readyState === WebSocket.OPEN) {
+            try {
+                browserWs.close();
+            }
+            catch {
+                void 0;
+            }
+        }
+    }
+}
+// Exported for tests.
+export const _internal = {
+    ALLOWED_BROWSER_REQUEST_METHODS,
+    ALLOWED_BROWSER_NOTIFICATION_METHODS,
+    SHORT_CIRCUIT_AGENT_REQUEST_METHODS,
+};
+//# sourceMappingURL=ws-bridge.js.map

package/dist/server/ws-bridge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ws-bridge.js","sourceRoot":"","sources":["../../src/server/ws-bridge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,IAAI,CAAC;AAEhD,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACxC,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,SAAS,EACT,UAAU,EACV,aAAa,GAKd,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,WAAW,EACX,oBAAoB,EACpB,YAAY,GACb,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAGrD,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;AAEhC,MAAM,+BAA+B,GAAG,IAAI,GAAG,CAAS;IACtD,gBAAgB;IAChB,qEAAqE;IACrE,sEAAsE;IACtE,oEAAoE;IACpE,gBAAgB;IAChB,kBAAkB;IAClB,mBAAmB;CACpB,CAAC,CAAC;AAEH,MAAM,oCAAoC,GAAG,IAAI,GAAG,CAAS;IAC3D,gBAAgB;CACjB,CAAC,CAAC;AAEH,MAAM,mCAAmC,GAAG,IAAI,GAAG,CAAS;IAC1D,mBAAmB;IACnB,oBAAoB;CACrB,CAAC,CAAC;AAEH,MAAM,UAAU,cAAc,CAC5B,UAAsB,EACtB,GAAkB;IAElB,MAAM,GAAG,GAAG,IAAI,eAAe,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IAEpD,UAAU,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;QACjD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,CAAC,CAAC;QAC9D,IAAI,GAAG,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;YAC3B,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC;QAClE,IAAI,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC;YAClC,MAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;YACvD,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,kBAAkB,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,YAAY,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,UAAU,CAAC,CAAC;YAC/D,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC1C,IAAI,CAAC,QAAQ,IAAI,CAAC,oBAAoB,CAAC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9D,GAAG,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;YAClC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YAClD,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,GAAG,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC;QACrD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;YACjD,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,GAAG,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,EAAE;YACrD,gBAAgB,CAAC,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,gBAAgB,CACvB,SAAoB,EACpB,IAAqB,EACrB,GAAkB,EAClB,SAAiB,EACjB,IAAa;IAEb,GAAG,CAAC,IAAI,CAAC,uBAAuB,SAAS,SAAS,IAAI,EAAE,CAAC,CAAC;IAE1D,MAAM,QAAQ,GAAG,IAAI,kBAAkB,CAAC;QACtC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,UAAU;QAClC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,UAAU;KAC7B,CAAC,CAAC;IAEH,wEAAwE;IACxE,oEAAoE;IACpE,iEAAiE;IACjE,wBAAwB;IACxB,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAU,CAAC;IAElD,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,uEAAuE;IACvE,uDAAuD;IACvD,MAAM,aAAa,GAAqB,EAAE,CAAC;IAE3C,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;QACvB,KAAK,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;YACxC,GAAG,CAAC,IAAI,CACN,wBAAwB,SAAS,KAAM,GAAa,CAAC,OAAO,EAAE,CAC/D,CAAC;YACF,gBAAgB,CAAC,kBAAkB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YAC7D,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE;QAChC,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE;QAC3B,IAAI,mCAAmC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YACtD,gEAAgE;YAChE,yDAAyD;YACzD,QAAQ,CAAC,UAAU,CACjB,CAAC,CAAC,EAAE,EACJ,CAAC,KAAK,EACN,yBAAyB,CAAC,CAAC,MAAM,EAAE,CACpC,CAAC;YACF,OAAO;QACT,CAAC;QACD,uBAAuB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1C,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE;QAC5B,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE;QACxC,GAAG,CAAC,IAAI,CAAC,2BAA2B,SAAS,SAAS,IAAI,WAAW,MAAM,EAAE,CAAC,CAAC;QAC/E,IAAI,CAAC;YACH,SAAS,CAAC,KAAK,EAAE,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,KAAK,CAAC,CAAC;QACT,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;QAC3B,GAAG,CAAC,IAAI,CAAC,0BAA0B,SAAS,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE;QACzC,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QACD,IAAI,MAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAmB,CAAC;QAC/D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,wBAAyB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3D,OAAO;QACT,CAAC;QACD,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QACzB,GAAG,CAAC,IAAI,CAAC,0BAA0B,SAAS,EAAE,CAAC,CAAC;QAChD,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;QAC5B,GAAG,CAAC,IAAI,CAAC,yBAAyB,SAAS,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,KAAK,EAAE,CAAC;IAEjB,SAAS,kBAAkB,CAAC,GAAmB;QAC7C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxB,OAAO;QACT,CAAC;QACD,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,SAAS,mBAAmB,CAAC,GAAmB;QAC9C,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,IAAI,CAAC,+BAA+B,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACrD,GAAG,CAAC,IAAI,CAAC,iCAAiC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;gBACxD,wBAAwB,CACtB,GAAG,CAAC,EAAE,EACN,CAAC,KAAK,EACN,uBAAuB,GAAG,CAAC,MAAM,EAAE,CACpC,CAAC;gBACF,OAAO;YACT,CAAC;YACD,2DAA2D;YAC3D,gEAAgE;YAChE,mBAAmB;YACnB,MAAM,MAAM,GACV,GAAG,CAAC,MAAM,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ;gBAC1C,CAAC,CAAC,EAAE,GAAI,GAAG,CAAC,MAAkC,EAAE,SAAS,EAAE;gBAC3D,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC;YACpB,QAAQ,CAAC,OAAO,CAAC;gBACf,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,GAAG,CAAC,EAAE;gBACV,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,MAAM;aACP,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACpB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7B,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxC,GAAG,CAAC,IAAI,CAAC,0CAA0C,KAAK,EAAE,CAAC,CAAC;gBAC5D,OAAO;YACT,CAAC;YACD,uBAAuB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACtC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACtB,OAAO;QACT,CAAC;QACD,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,oCAAoC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1D,GAAG,CAAC,KAAK,CAAC,sCAAsC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;YACD,mEAAmE;YACnE,oEAAoE;YACpE,MAAM,MAAM,GACV,GAAG,CAAC,MAAM,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ;gBAC1C,CAAC,CAAC,EAAE,GAAI,GAAG,CAAC,MAAkC,EAAE,SAAS,EAAE;gBAC3D,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC;YACpB,QAAQ,CAAC,OAAO,CAAC;gBACf,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,MAAM;aACP,CAAC,CAAC;YACH,OAAO;QACT,CAAC;IACH,CAAC;IAED,SAAS,gBAAgB,CAAC,GAAmB;QAC3C,IAAI,SAAS,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;YAC5C,OAAO;QACT,CAAC;QACD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,SAAS,gBAAgB,CAAC,IAAY,EAAE,OAAe;QACrD,gBAAgB,CAAC;YACf,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,cAAc;YACtB,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,SAAS,wBAAwB,CAC/B,EAAa,EACb,IAAY,EACZ,OAAe;QAEf,MAAM,IAAI,GAAoB;YAC5B,OAAO,EAAE,KAAK;YACd,EAAE;YACF,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;SACzB,CAAC;QACF,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC;IAED,KAAK,UAAU,WAAW;QACxB,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC9B,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC;gBACH,MAAM,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;YACxD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CACN,2BAA2B,SAAS,KAAM,GAAa,CAAC,OAAO,8BAA8B,CAC9F,CAAC;YACJ,CAAC;QACH,CAAC;QACD,MAAM,QAAQ,CAAC,OAAO,CAAC,gBAAgB,EAAE;YACvC,SAAS;YACT,aAAa,EAAE,MAAM;YACrB,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ,CAAC,UAAU;gBACzB,OAAO,EAAE,QAAQ,CAAC,aAAa;aAChC;SACF,CAAC,CAAC;QACH,gBAAgB,CAAC;YACf,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,cAAc;YACtB,MAAM,EAAE,EAAE,SAAS,EAAE;SACtB,CAAC,CAAC;QACH,aAAa,GAAG,IAAI,CAAC;QACrB,OAAO,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,EAAG,CAAC;YACpC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,SAAS,OAAO;QACd,QAAQ,CAAC,IAAI,EAAE,CAAC;QAChB,IAAI,SAAS,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,CAAC;gBACH,SAAS,CAAC,KAAK,EAAE,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,KAAK,CAAC,CAAC;YACT,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,sBAAsB;AACtB,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,+BAA+B;IAC/B,oCAAoC;IACpC,mCAAmC;CACpC,CAAC"}