@mehmoodqureshi/chrome-mcp 0.4.1 → 0.5.0

package/extension-dist/background.js

@@ -75,6 +75,7 @@
         }
         switch (frame.type) {
           case "welcome":
+            this.deps.onPolicy(frame.policy);
             this.setState("connected");
             this.deps.log("paired with server");
             break;
@@ -116,6 +117,92 @@
     }
   };
 
+  // shared/policy.ts
+  var READ_CONTENT = /* @__PURE__ */ new Set([
+    "get_text",
+    "get_html",
+    "screenshot",
+    "wait_for"
+  ]);
+  var MUTATE_CONTENT = /* @__PURE__ */ new Set([
+    "click",
+    "type",
+    "press",
+    "hover",
+    "scroll"
+  ]);
+  var NAVIGATION = /* @__PURE__ */ new Set([
+    "navigate",
+    "back",
+    "forward",
+    "reload"
+  ]);
+  var TAB_MUTATE = /* @__PURE__ */ new Set([
+    "tab_select",
+    "tab_new",
+    "tab_close"
+  ]);
+  function isMutatingMethod(method) {
+    return MUTATE_CONTENT.has(method) || NAVIGATION.has(method) || TAB_MUTATE.has(method);
+  }
+  function isUrlGated(method) {
+    return READ_CONTENT.has(method) || MUTATE_CONTENT.has(method) || NAVIGATION.has(method) || method === "eval" || method === "upload_file";
+  }
+  function hostOf(url) {
+    try {
+      return new URL(url).hostname.toLowerCase();
+    } catch {
+      return "";
+    }
+  }
+  function isAboutBlank(url) {
+    return url === "about:blank" || url === "" || url.startsWith("about:");
+  }
+  function globMatches(host, pattern) {
+    const p = pattern.trim().toLowerCase();
+    if (p === "*" || p === "*://*/*") return true;
+    if (p.startsWith("*.")) {
+      const base = p.slice(2);
+      return host === base || host.endsWith("." + base);
+    }
+    return host === p;
+  }
+  function isDomainAllowed(url, policy) {
+    const host = hostOf(url);
+    if (!host) return false;
+    return policy.allowDomains.some((pat) => globMatches(host, pat));
+  }
+  function evaluatePolicy(url, method, policy) {
+    if (method === "eval" && !policy.allowEval) {
+      return { ok: false, reason: "eval is disabled (safe-mode). Pass --unsafe-enable-eval to allow it." };
+    }
+    if (method === "download_file" && !policy.allowDownloads) {
+      return { ok: false, reason: "downloads are disabled. Pass --enable-downloads or set allowDownloads." };
+    }
+    if (method === "upload_file" && !policy.allowUploads) {
+      return {
+        ok: false,
+        reason: "uploads are disabled (sending local files to a page is an exfiltration risk). Pass --enable-uploads or set allowUploads."
+      };
+    }
+    if (isMutatingMethod(method) && !policy.enableMutations) {
+      return {
+        ok: false,
+        reason: `mutating tool "${method}" is disabled (safe-mode). Pass --enable-mutations to allow it.`
+      };
+    }
+    if (!isUrlGated(method)) return { ok: true };
+    if (isAboutBlank(url) && NAVIGATION.has(method)) return { ok: true };
+    if (!isDomainAllowed(url, policy)) {
+      const host = hostOf(url) || url;
+      return {
+        ok: false,
+        reason: `"${method}" denied: ${host} is not in the domain allowlist. Add it to allowDomains, or pass --unsafe-all-domains.`
+      };
+    }
+    return { ok: true };
+  }
+
   // shared/download.ts
   var MAX_DOWNLOAD_BYTES = 100 * 1024 * 1024;
   var DANGEROUS_EXTENSIONS = /* @__PURE__ */ new Set([
@@ -272,6 +359,62 @@
     return { url: location.href, title: document.title, nodes, truncated: els.length > nodes.length };
   }
 
+  // shared/screenshot.ts
+  var MAX_CAPTURE_PX = 16384;
+  function planScreenshot(dims, opts = {}) {
+    if (opts.element) {
+      const realH = Math.max(1, Math.round(opts.element.h));
+      const clipH = Math.min(opts.element.h, MAX_CAPTURE_PX);
+      return {
+        clip: { x: opts.element.x, y: opts.element.y, width: opts.element.w, height: clipH, scale: 1 },
+        captureBeyondViewport: true,
+        width: Math.max(1, Math.round(opts.element.w)),
+        height: Math.min(realH, MAX_CAPTURE_PX),
+        truncated: realH > MAX_CAPTURE_PX,
+        fullHeight: realH
+      };
+    }
+    if (opts.fullPage) {
+      const clipH = Math.min(dims.fullH, MAX_CAPTURE_PX);
+      return {
+        clip: { x: 0, y: 0, width: dims.fullW, height: clipH, scale: 1 },
+        captureBeyondViewport: true,
+        width: dims.fullW,
+        height: clipH,
+        truncated: dims.fullH > clipH,
+        fullHeight: dims.fullH
+      };
+    }
+    return {
+      captureBeyondViewport: false,
+      width: dims.w,
+      height: dims.h,
+      truncated: false
+    };
+  }
+
+  // shared/mutex.ts
+  function noop() {
+  }
+  var KeyedMutex = class {
+    tails = /* @__PURE__ */ new Map();
+    /** Run `fn` after all earlier holders of `key` settle. Resolves/rejects with fn's outcome. */
+    run(key, fn) {
+      const prev = this.tails.get(key) ?? Promise.resolve();
+      const result = prev.then(fn, fn);
+      const tail = result.then(noop, noop);
+      this.tails.set(key, tail);
+      void tail.then(() => {
+        if (this.tails.get(key) === tail) this.tails.delete(key);
+      });
+      return result;
+    }
+    /** Number of keys with an outstanding or queued holder (for tests/inspection). */
+    get size() {
+      return this.tails.size;
+    }
+  };
+
   // extension/src/sw/executor.ts
   var CmdError = class extends Error {
     constructor(code, message) {
@@ -282,6 +425,8 @@
   var SESSION = crypto.randomUUID();
   var CONTENT_SCHEME = /^(https?|file):/i;
   var delay = (ms) => new Promise((r) => setTimeout(r, ms));
+  var locks = new KeyedMutex();
+  var claimedTabs = /* @__PURE__ */ new Set();
   function mint(tabId) {
     return `ext:${SESSION}:${tabId}`;
   }
@@ -303,6 +448,19 @@
   async function targetTab(cmd) {
     return cmd.tabId ? parseTabId(cmd.tabId) : currentTabId();
   }
+  async function urlForCommand(cmd) {
+    if (cmd.method === "navigate") {
+      const u = cmd.params.url;
+      return typeof u === "string" ? u : "";
+    }
+    try {
+      const tabId = await targetTab(cmd);
+      const t = await chrome.tabs.get(tabId);
+      return t.url ?? "";
+    } catch {
+      return "";
+    }
+  }
   async function execInTab(tabId, func, args = [], world) {
     const [res] = await chrome.scripting.executeScript({
       target: { tabId },
@@ -341,13 +499,15 @@
     }
   }
   async function withDebugger(tabId, fn) {
-    const target = { tabId };
-    await chrome.debugger.attach(target, "1.3");
-    try {
-      return await fn(target);
-    } finally {
-      await chrome.debugger.detach(target).catch(() => void 0);
-    }
+    return locks.run(`dbg:${tabId}`, async () => {
+      const target = { tabId };
+      await chrome.debugger.attach(target, "1.3");
+      try {
+        return await fn(target);
+      } finally {
+        await chrome.debugger.detach(target).catch(() => void 0);
+      }
+    });
   }
   async function trustedType(tabId, selector, text, clear) {
     const focused = await execInTab(
@@ -389,6 +549,72 @@
     });
     return true;
   }
+  async function measurePage(tabId, selector) {
+    return execInTab(
+      tabId,
+      (sel) => {
+        const d = document.documentElement;
+        const dims = {
+          w: window.innerWidth,
+          h: window.innerHeight,
+          fullW: Math.max(d.scrollWidth, d.clientWidth),
+          fullH: Math.max(d.scrollHeight, d.clientHeight)
+        };
+        if (!sel) return { dims, element: null, missing: false };
+        const el = document.querySelector(sel);
+        if (!el) return { dims, element: null, missing: true };
+        el.scrollIntoView({ block: "center", inline: "center" });
+        const r = el.getBoundingClientRect();
+        return { dims, element: { x: r.left + window.scrollX, y: r.top + window.scrollY, w: r.width, h: r.height }, missing: false };
+      },
+      [selector ?? null]
+    );
+  }
+  async function screenshotViaDebugger(tabId, fullPage, selector) {
+    const measured = await measurePage(tabId, selector);
+    if (!measured) throw new CmdError("CDP_ERROR", "could not read page dimensions");
+    if (selector && measured.missing) throw new CmdError("SELECTOR_NOT_FOUND", `no element for selector: ${selector}`);
+    const plan = planScreenshot(measured.dims, { fullPage, element: measured.element });
+    const params = { format: "png", captureBeyondViewport: plan.captureBeyondViewport };
+    if (plan.clip) params.clip = plan.clip;
+    const data = await withDebugger(tabId, async (target) => {
+      const res = await chrome.debugger.sendCommand(target, "Page.captureScreenshot", params);
+      return res.data ?? "";
+    });
+    return {
+      dataBase64: data,
+      mimeType: "image/png",
+      width: plan.width,
+      height: plan.height,
+      truncated: plan.truncated,
+      fullHeight: plan.fullHeight
+    };
+  }
+  async function screenshotViaVisibleTab(tabId, fullPage) {
+    let t = await chrome.tabs.get(tabId);
+    if (!t.active) {
+      await chrome.tabs.update(tabId, { active: true });
+      await chrome.windows.update(t.windowId, { focused: true }).catch(() => void 0);
+      await delay(150);
+      t = await chrome.tabs.get(tabId);
+    }
+    const dims = await execInTab(
+      tabId,
+      () => ({ w: window.innerWidth, h: window.innerHeight, full: document.documentElement.scrollHeight }),
+      []
+    );
+    const dataUrl = await chrome.tabs.captureVisibleTab(t.windowId, { format: "png" });
+    const viewportH = dims?.h ?? 0;
+    const fullH = dims?.full ?? viewportH;
+    return {
+      dataBase64: dataUrl.split(",")[1] ?? "",
+      mimeType: "image/png",
+      width: dims?.w ?? 0,
+      height: viewportH,
+      truncated: fullPage && fullH > viewportH,
+      fullHeight: fullPage ? fullH : void 0
+    };
+  }
   async function tabInfo(tab, index = 0) {
     return {
       tabId: mint(tab.id ?? -1),
@@ -442,19 +668,34 @@
         }
         case "tab_new": {
           const url = typeof cmd.params.url === "string" ? cmd.params.url : void 0;
+          const active = cmd.params.active !== false;
           const BLANK = /^(about:blank|chrome:\/\/newtab|chrome:\/\/new-tab-page|edge:\/\/newtab)/i;
-          const blank = (await chrome.tabs.query({})).find(
-            (t2) => t2.id !== void 0 && (BLANK.test(t2.url ?? "") || (t2.url ?? "") === "" || t2.pendingUrl === "about:blank")
-          );
-          if (blank?.id !== void 0) {
-            if (url) {
-              await chrome.tabs.update(blank.id, { url });
-              await waitComplete(blank.id);
+          const claim = await locks.run("tab_new", async () => {
+            const tabs = await chrome.tabs.query({});
+            const present = new Set(tabs.map((t) => t.id).filter((id) => id !== void 0));
+            for (const id of claimedTabs) if (!present.has(id)) claimedTabs.delete(id);
+            const blank = tabs.find(
+              (t) => t.id !== void 0 && !claimedTabs.has(t.id) && (BLANK.test(t.url ?? "") || (t.url ?? "") === "" || t.pendingUrl === "about:blank")
+            );
+            if (blank?.id !== void 0) {
+              claimedTabs.add(blank.id);
+              return { id: blank.id, reused: true, needsNav: url !== void 0 };
             }
-            return { ...await tabInfo(await chrome.tabs.get(blank.id)), reused: true };
+            const created = await chrome.tabs.create({ url, active: false });
+            if (created.id === void 0) throw new CmdError("TARGET_GONE", "failed to create a tab");
+            claimedTabs.add(created.id);
+            return { id: created.id, reused: false, needsNav: false };
+          });
+          if (claim.needsNav) {
+            await chrome.tabs.update(claim.id, { url });
+            await waitComplete(claim.id);
           }
-          const t = await chrome.tabs.create({ url, active: false });
-          return { ...await tabInfo(t), reused: false };
+          if (active) {
+            const t = await chrome.tabs.get(claim.id);
+            await chrome.tabs.update(claim.id, { active: true }).catch(() => void 0);
+            await chrome.windows.update(t.windowId, { focused: true }).catch(() => void 0);
+          }
+          return { ...await tabInfo(await chrome.tabs.get(claim.id)), reused: claim.reused };
         }
         case "tab_close": {
           const id = parseTabId(String(cmd.tabId));
@@ -709,34 +950,21 @@
           );
           return { ok: true };
         }
-        // -- screenshot (captureVisibleTab grabs the ACTIVE visible tab, so activate the target first) --
+        // -- screenshot --
+        // Primary path: chrome.debugger Page.captureScreenshot, which captures a
+        // SPECIFIC tab WITHOUT activating it (no focus-stealing → safe under
+        // concurrent batches) and supports true full-page + element capture.
+        // Falls back to captureVisibleTab only if the debugger can't attach.
         case "screenshot": {
           const id = await targetTab(cmd);
-          let t = await chrome.tabs.get(id);
-          if (!t.active) {
-            await chrome.tabs.update(id, { active: true });
-            await chrome.windows.update(t.windowId, { focused: true }).catch(() => void 0);
-            await delay(150);
-            t = await chrome.tabs.get(id);
-          }
-          const dims = await execInTab(
-            id,
-            () => ({ w: window.innerWidth, h: window.innerHeight, full: document.documentElement.scrollHeight }),
-            []
-          );
-          const dataUrl = await chrome.tabs.captureVisibleTab(t.windowId, { format: "png" });
           const fullPage = cmd.params.fullPage === true;
-          const viewportH = dims?.h ?? 0;
-          const fullH = dims?.full ?? viewportH;
-          return {
-            dataBase64: dataUrl.split(",")[1] ?? "",
-            mimeType: "image/png",
-            width: dims?.w ?? 0,
-            height: viewportH,
-            // The scripting backend can only capture the viewport; flag when a fullPage was asked but clipped.
-            truncated: fullPage && fullH > viewportH,
-            fullHeight: fullPage ? fullH : void 0
-          };
+          const selector = selectorOf(cmd);
+          try {
+            return await screenshotViaDebugger(id, fullPage, selector);
+          } catch (err) {
+            if (err instanceof CmdError && err.code === "SELECTOR_NOT_FOUND") throw err;
+            return await screenshotViaVisibleTab(id, fullPage);
+          }
         }
         // -- eval (MAIN world; may be blocked by strict page CSP) --
         case "eval": {
@@ -829,6 +1057,12 @@
     }
     async dispatch(cmd) {
       try {
+        const policy = this.deps.getPolicy();
+        if (policy) {
+          const url = isUrlGated(cmd.method) ? await urlForCommand(cmd) : "";
+          const verdict = evaluatePolicy(url, cmd.method, policy);
+          if (!verdict.ok) throw new CmdError("POLICY_DENIED", verdict.reason);
+        }
         const data = await this.deps.exec.run(cmd);
         const frame = { type: "result", v: PROTOCOL_VERSION, id: cmd.id, ok: true, data };
         this.deps.send(frame);
@@ -850,15 +1084,20 @@
 
   // extension/src/sw/background.ts
   var KEEPALIVE_ALARM = "chrome-mcp-keepalive";
+  var currentPolicy = null;
   var executor = new ChromeExecutor();
   var ws = new WsClient({
     onCommand: (cmd) => void router.dispatch(cmd),
     onState: (state) => void persistState(state),
+    onPolicy: (policy) => {
+      currentPolicy = policy;
+    },
     log: (m) => console.debug("[chrome-mcp]", m)
   });
   var router = new CommandRouter({
     exec: executor,
     send: (frame) => ws.send(frame),
+    getPolicy: () => currentPolicy,
     log: (m) => console.debug("[chrome-mcp]", m)
   });
   async function getConfig() {

package/extension-dist/manifest.json

@@ -1,7 +1,7 @@
 {
   "manifest_version": 3,
   "name": "Chrome MCP Bridge",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "description": "Lets a local chrome-mcp server drive this browser. Pair it with the server's handshake token.",
   "minimum_chrome_version": "116",
   "background": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mehmoodqureshi/chrome-mcp",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "description": "Drive a real Chrome browser over MCP. A stdio MCP server (CLI) plus an MV3 extension, behind one pluggable Executor (extension via chrome.scripting, or a Playwright CDP fallback).",
   "author": "Mehmood Ur Rehman Qureshi",
   "license": "MIT",