@kaitranntt/ccs 7.79.1-dev.16 → 7.79.1-dev.18

package/lib/mcp/ccs-browser-server.cjs

@@ -83,6 +83,16 @@ const TOOL_HOVER = 'browser_hover';
 const TOOL_QUERY = 'browser_query';
 const TOOL_TAKE_ELEMENT_SCREENSHOT = 'browser_take_element_screenshot';
 const TOOL_WAIT_FOR_EVENT = 'browser_wait_for_event';
+const SENSITIVE_INTERCEPT_HEADER_NAMES = new Set([
+  'authorization',
+  'cookie',
+  'cookie2',
+  'proxy-authorization',
+  'x-api-key',
+  'x-api-token',
+  'x-auth-token',
+]);
+
 const TOOL_NAMES = [
   TOOL_SESSION_INFO,
   TOOL_URL_TITLE,
@@ -612,10 +622,15 @@ function getTools() {
           urlRegex: { type: 'string' },
           headerMatchers: {
             type: 'array',
+            description:
+              'Match non-sensitive request headers. Cookie, Authorization, and token headers are not allowed.',
             items: {
               type: 'object',
               properties: {
-                name: { type: 'string' },
+                name: {
+                  type: 'string',
+                  description: 'Non-sensitive request header name to match.',
+                },
                 valueIncludes: { type: 'string' },
                 valueRegex: { type: 'string' },
               },
@@ -624,7 +639,7 @@ function getTools() {
             },
           },
           priority: { type: 'integer' },
-          action: { type: 'string', enum: ['continue', 'fail', 'fulfill'] },
+          action: { type: 'string', enum: getInterceptActionEnum() },
           statusCode: { type: 'integer', minimum: 100, maximum: 599 },
           responseHeaders: {
             type: 'array',
@@ -1277,9 +1292,30 @@ function parseOptionalPageId(toolArgs) {
     : '';
 }
 
+function getBrowserInterceptFulfillMode() {
+  return String(process.env.CCS_BROWSER_INTERCEPT_FULFILL_MODE || 'disabled').trim() === 'enabled'
+    ? 'enabled'
+    : 'disabled';
+}
+
+function isBrowserInterceptFulfillEnabled() {
+  return getBrowserInterceptFulfillMode() === 'enabled';
+}
+
+function getInterceptActionEnum() {
+  return isBrowserInterceptFulfillEnabled()
+    ? ['continue', 'fail', 'fulfill']
+    : ['continue', 'fail'];
+}
+
 function parseInterceptAction(value) {
+  if (value === 'fulfill' && !isBrowserInterceptFulfillEnabled()) {
+    throw new Error(
+      'action fulfill is disabled by CCS_BROWSER_INTERCEPT_FULFILL_MODE=disabled; set it to enabled only for trusted local testing'
+    );
+  }
   if (value !== 'continue' && value !== 'fail' && value !== 'fulfill') {
-    throw new Error('action must be one of: continue, fail, fulfill');
+    throw new Error(`action must be one of: ${getInterceptActionEnum().join(', ')}`);
   }
   return value;
 }
@@ -1379,6 +1415,10 @@ function parseOptionalPriority(value) {
   return value;
 }
 
+function isSensitiveInterceptHeaderName(name) {
+  return SENSITIVE_INTERCEPT_HEADER_NAMES.has(name.toLowerCase());
+}
+
 function parseOptionalHeaderMatchers(value) {
   if (value === undefined) {
     return [];
@@ -1391,6 +1431,9 @@ function parseOptionalHeaderMatchers(value) {
       throw new Error('headerMatchers entries must be objects');
     }
     const name = requireNonEmptyString(entry.name, 'headerMatchers.name');
+    if (isSensitiveInterceptHeaderName(name)) {
+      throw new Error(`headerMatchers.name cannot target sensitive request header: ${name}`);
+    }
     const valueIncludes =
       entry.valueIncludes === undefined
         ? ''

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kaitranntt/ccs",
-  "version": "7.79.1-dev.16",
+  "version": "7.79.1-dev.18",
   "description": "Claude Code Switch - Instant profile switching between Claude, GLM, Kimi, and more",
   "keywords": [
     "cli",