@natchs/browser-mcp 2.3.0 → 2.4.0

package/README.md

@@ -1,10 +1,16 @@
 # @natchs/browser-mcp
 
-**Browser automation MCP server** — reverse engineering, web scraping ve data extraction için tasarlanmış, AI ajanların tarayıcıyı tam kontrol etmesini sağlayan bir Model Context Protocol sunucusu.
+[![npm version](https://img.shields.io/npm/v/%40natchs%2Fbrowser-mcp?label=npm&logo=npm)](https://www.npmjs.com/package/@natchs/browser-mcp)
+[![License](https://img.shields.io/npm/l/%40natchs%2Fbrowser-mcp?color=blue&label=license)](LICENSE)
+[![Node Version](https://img.shields.io/node/v/%40natchs%2Fbrowser-mcp?logo=node.js)](package.json)
 
 ---
 
-## Quick Start
+## 🇹🇷 Türkçe
+
+**Browser automation MCP server** — reverse engineering, web scraping ve data extraction için tasarlanmış, AI ajanların tarayıcıyı tam kontrol etmesini sağlayan bir Model Context Protocol sunucusu.
+
+### Quick Start
 
 ```bash
 # 1. Install
@@ -14,7 +20,7 @@ npm install @natchs/browser-mcp
 npx @natchs/browser-mcp
 ```
 
-### MCP Client Config
+#### MCP Client Config
 
 Claude Desktop, Cursor, VS Code veya herhangi bir MCP istemcisine eklemek için:
 
@@ -39,11 +45,143 @@ npm run build
 npx @natchs/browser-mcp
 ```
 
+#### Browser Profili: 3 Mod
+
+Ajanın hangi tarayıcıyı kullanacağını `BROWSER_MODE` ortam değişkeni belirler:
+
+| Mod | Açıklama | Ne Zaman Kullanılır? |
+|-----|----------|---------------------|
+| `fresh` (default) | Playwright'ın kendi Chromium'u. Her seferinde sıfır profil, çerez/ext/login yok | Temiz ortam, iz bırakmamak |
+| `persistent` | **Senin Chrome profilin.** Gerçek çerezler, geçmiş, uzantılar, oturum açmış hesaplar — hepsi ajana kullanıma hazır | Ajanın sitelere "sen" olarak girmesi gereken işlemler |
+| `connect` | Halihazırda açık Chrome'una CDP ile bağlanır | Chrome'u elle kontrol ederken ajanın eşlik etmesi |
+
+**Örnek — persistent (otomatik profil tespiti):**
+
+```bash
+BROWSER_MODE=persistent npx @natchs/browser-mcp
+```
+
+v2.3.0 ile Chrome profili otomatik tespit edilir. Hiçbir yol belirtmeniz gerekmez. Windows/macOS/Linux hepsinde çalışır. Manuel yol belirtmek için:
+
+```bash
+BROWSER_MODE=persistent BROWSER_USER_DATA_DIR=C:\Users\...\User Data\Default npx @natchs/browser-mcp
+```
+
+**Örnek — connect (mevcut Chrome'a bağlan):**
+
+```bash
+# Önce Chrome'u debug port ile aç:
+"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222
+
+# Sonra ajanı bağla:
+BROWSER_MODE=connect npx @natchs/browser-mcp
+```
+
+**MCP Client Config ile kullanım — her mod için ayrı profil:**
+
+```json
+{
+  "mcpServers": {
+    "browser-mcp-persistent": {
+      "command": "npx",
+      "args": ["@natchs/browser-mcp"],
+      "env": {
+        "BROWSER_MODE": "persistent"
+      }
+    },
+    "browser-mcp-fresh": {
+      "command": "npx",
+      "args": ["@natchs/browser-mcp"],
+      "env": {
+        "BROWSER_MODE": "fresh"
+      }
+    }
+  }
+}
+```
+
 ---
 
-## Detaylı Özellikler
+### Ortam Değişkenleri
+
+Tüm yapılandırma, ortam değişkenleri aracılığıyla yapılabilir. Aşağıdaki tablo, desteklenen tüm değişkenleri listeler.
+
+#### Browser
+
+| Variable | Default | Description | Required |
+|----------|---------|-------------|----------|
+| `BROWSER_MODE` | `fresh` | Browser modu: `fresh`, `persistent`, `connect` | No |
+| `BROWSER_HEADLESS` | `true` | Headless modda çalıştır (`true`/`false`/`1`/`0`/`yes`/`no`) | No |
+| `BROWSER_USER_DATA_DIR` | — | Chrome kullanıcı veri dizini (mutlak yol) | No |
+| `BROWSER_CHANNEL` | `""` | Browser kanalı (`chrome`, `msedge`, `chromium`, vb.) | No |
+| `BROWSER_DEBUG_PORT` | `9222` | CDP debug port numarası | No |
+| `BROWSER_AUTO_DETECT_PROFILE` | `true` | Chrome profilini otomatik tespit et | No |
+| `BROWSER_VIEWPORT_WIDTH` | `1280` | Görüntü alanı genişliği (px) | No |
+| `BROWSER_VIEWPORT_HEIGHT` | `720` | Görüntü alanı yüksekliği (px) | No |
+| `BROWSER_USER_AGENT` | — | Özel User-Agent string'i | No |
+| `BROWSER_LOCALE` | — | Tarayıcı locale değeri (örn. `tr-TR`) | No |
+| `BROWSER_TIMEOUT` | `30000` | Browser işlemleri için timeout (ms) | No |
+| `BROWSER_AUTO_INSTALL` | `true` | Chromium'u otomatik kur (`false` ile devre dışı) | No |
+
+#### Network & Download
+
+| Variable | Default | Description | Required |
+|----------|---------|-------------|----------|
+| `NETWORK_HAR_ENABLED` | `1` | HAR yakalamayı etkinleştir (`0` ile devre dışı) | No |
+| `NETWORK_MAX_ENTRIES` | `5000` | Maksimum network kaydı sayısı | No |
+| `NETWORK_MAX_RESPONSE_BODY_SIZE` | `262144` | Maksimum response body boyutu (bytes) | No |
+| `NETWORK_STORE_RESPONSE_BODIES` | `false` | Response body'leri hafızada tut | No |
+| `NETWORK_EXCLUDE_BODY_TYPES` | `["image","media","font","stylesheet"]` | Body kaydı dışı bırakılacak tipler (JSON array) | No |
+| `NETWORK_EXPORT_DIR` | `./network-logs` | Network log dışa aktarma dizini | No |
+| `NETWORK_CAPTURE_FAILED` | `true` | Başarısız istekleri de yakala | No |
+| `NETWORK_CAPTURE_WS` | `true` | WebSocket frame'lerini yakala | No |
+| `NETWORK_WS_MAX_FRAMES` | `1000` | Maksimum WS frame sayısı | No |
+| `NETWORK_WS_MAX_FRAME_SIZE` | `65536` | Maksimum WS frame payload boyutu | No |
+| `NETWORK_MAX_MEMORY_MB` | `256` | Network capture için maksimum bellek (MB) | No |
+| `NETWORK_CAPTURE_REQUEST_BODY` | `false` | Request body'lerini de yakala | No |
+| `NETWORK_DOWNLOAD_DIR` | `./downloads` | İndirilen dosyalar için dizin | No |
+| `NETWORK_MAX_DOWNLOAD_SIZE` | `104857600` | Maksimum indirme boyutu (bytes, varsayılan 100MB) | No |
+| `NETWORK_DOWNLOAD_ENABLED` | `false` | Dosya indirme özelliğini etkinleştir | No |
+| `NETWORK_SAVE_ENABLED` | `false` | Network capture kaydetme özelliğini etkinleştir (`network_save` tool'u) | No |
+
+#### Rate Limiting
+
+| Variable | Default | Description | Required |
+|----------|---------|-------------|----------|
+| `RATE_LIMIT_ENABLED` | `true` | Rate limiting'i etkinleştir | No |
+| `RATE_LIMIT_GLOBAL_RPM` | `120` | Global dakikalık istek limiti | No |
+| `RATE_LIMIT_PER_TOOL_RPM` | `30` | Tool başına dakikalık istek limiti | No |
+| `RATE_LIMIT_BURST_SIZE` | `10` | Maksimum burst boyutu | No |
+
+#### Cache
+
+| Variable | Default | Description | Required |
+|----------|---------|-------------|----------|
+| `CACHE_MAX_ENTRIES` | `100` | Maksimum önbellek girişi sayısı | No |
+| `CACHE_TTL_SECONDS` | `300` | Önbellek TTL değeri (saniye) | No |
+
+#### Security
+
+| Variable | Default | Description | Required |
+|----------|---------|-------------|----------|
+| `SECURITY_API_KEY` | `""` | API anahtarı (boş = auth kapalı) | No |
+| `SECURITY_ALLOWED_DIRS` | `[]` | İzin verilen dizinler (JSON array) | No |
+| `SECURITY_MAX_MEMORY_MB` | `512` | Maksimum bellek kullanımı (MB) | No |
+| `SECURITY_DEFAULT_TIMEOUT` | `30000` | Varsayılan işlem timeout'u (ms) | No |
+| `SECURITY_MAX_TIMEOUT` | `120000` | Maksimum timeout (ms) | No |
+| `SECURITY_MAX_SESSIONS` | `10` | Maksimum eşzamanlı browser session sayısı | No |
+
+#### Config
+
+| Variable | Default | Description | Required |
+|----------|---------|-------------|----------|
+| `BROWSER_MCP_CONFIG` | — | Yapılandırma dosyası yolu (JSON) | No |
 
-### Mevcut Yetenekler
+---
+
+### Detaylı Özellikler
+
+#### Mevcut Yetenekler
 
 | Kategori | Tool Sayısı | Neler Yapabilir? |
 |----------|------------|-------------------|
@@ -59,7 +197,7 @@ npx @natchs/browser-mcp
 
 **Toplam: 40+ tool, 9 kategori, production-grade mimari**
 
-### Ne Yapabilir?
+#### Ne Yapabilir?
 
 - **Reverse Engineering**: JS deobfuscation, API auth analizi, network isteklerini HAR formatında export
 - **Web Scraping**: Cloudflare koruması olmayan sitelerden HTML/Markdown/text çekme, tablo ve Schema.org yapılandırılmış veri extraction
@@ -71,7 +209,15 @@ npx @natchs/browser-mcp
 - **Observability**: Structured JSON logging, tool metrikleri (call count, süre, hata), LRU cache + TTL
 - **Rate Limiting**: Token bucket, global + per-tool, yapılandırılabilir RPM
 
-### Ne Yapamaz? (Mevcut Sınırlamalar)
+#### Browser Profil Yönetimi (v2.3.0)
+
+Ajan, 3 farklı browser modundan biriyle çalışır:
+
+- **`fresh` (default):** Playwright'ın kendi Chromium'unu kullanır, her seferinde sıfır profil. Çerez, geçmiş, uzantı — hiçbiri taşınmaz.
+- **`persistent`:** Gerçek Chrome profilinizi kullanır. Oturum açtığınız tüm sitelere (Gmail, GitHub, ChatGPT, kurumsal VPN) ajan da "sizmiş gibi" erişir. v2.3.0 ile profil otomatik tespit edilir — `BROWSER_MODE=persistent` yazmanız yeterli.
+- **`connect`:** Halihazırda `--remote-debugging-port` ile açılmış Chrome'unuza bağlanır. Mevcut sekmeleri ve oturumları ajanla paylaşırsınız.
+
+#### Ne Yapamaz? (Mevcut Sınırlamalar)
 
 - **Cloudflare/anti-bot korumalı siteler**: Challenge sayfalarını geçemez, manuel çözüm gerekir
 - **Captcha çözümü**: Dahili captcha çözücü yoktur (üçüncü parti servislerle entegre edilebilir)
@@ -80,23 +226,23 @@ npx @natchs/browser-mcp
 - **Canvas/WebGL fingerprinting**: Temel fingerprint değişir ama gelişmiş anti-bot sistemlerini geçemeyebilir
 - **Mobil browser simülasyonu**: Sadece Chromium desktop, mobile viewport taklidi yapabilir
 
-### Güvenlik Özellikleri
+#### Güvenlik Özellikleri
 
 - `redirect: 'manual'` tüm URL fetch çağrılarında — SSRF redirect bypass koruması
 - `validateUrlAsync` DNS lookup — DNS rebind saldırılarına karşı
 - `DANGEROUS_EXTENSIONS` blocklist (.exe, .bat, .sh vb) → güvenli `.bin` fallback
 - Pseudo-FS path blocking (`/proc/`, `/sys/`, `/etc/` vb)
 - Cookie header filtresi — Stage 3 HTTP re-fetch'te cross-origin credential sızıntısı önlenir
-- `downloadEnabled` varsayılan **false** — kullanıcı açıkça enable etmeden download çalışmaz
+- `downloadEnabled` (download) ve `networkSaveEnabled` (network_save) varsayılan **false** — kullanıcı açıkça enable etmeden çalışmaz
 - Input sanitizasyonu (null byte, path traversal, fileName injection)
 
-### MCP Client Uyumluluğu
+#### MCP Client Uyumluluğu
 
 Claude Desktop, Cursor, VS Code (Cline, Roo Code), Continue.dev, özel MCP istemcileri — protocol uyumlu tüm platformlar.
 
 ---
 
-## Daha Fazlası Yolda
+### Daha Fazlası Yolda
 
 Bu proje aktif geliştirme aşamasındadır. Kısa süre içinde:
 
@@ -108,7 +254,204 @@ Bu proje aktif geliştirme aşamasındadır. Kısa süre içinde:
 
 ---
 
-## Geliştirme
+### Geliştirme
+
+```bash
+# Test
+npm test
+npm run test:coverage
+
+# Type check (tsc --noEmit)
+npm run lint
+
+# Build
+npm run build
+```
+
+### Lisans
+
+MIT
+
+---
+
+## 🇬🇧 English
+
+**Browser automation MCP server** — a Model Context Protocol server designed for reverse engineering, web scraping, and data extraction. It gives AI agents full control over a browser.
+
+### Quick Start
+
+```bash
+# 1. Install
+npm install @natchs/browser-mcp
+
+# 2. Run (Chromium installs automatically ~30s on first run)
+npx @natchs/browser-mcp
+```
+
+#### MCP Client Config
+
+Add to Claude Desktop, Cursor, VS Code, or any MCP client:
+
+```json
+{
+  "mcpServers": {
+    "browser-mcp": {
+      "command": "npx",
+      "args": ["@natchs/browser-mcp"]
+    }
+  }
+}
+```
+
+You can also clone and build locally:
+
+```bash
+git clone https://github.com/natchs/browser-mcp.git
+cd browser-mcp
+npm ci
+npm run build
+npx @natchs/browser-mcp
+```
+
+#### Browser Profile: 3 Modes
+
+The `BROWSER_MODE` environment variable determines which browser the agent uses:
+
+| Mode | Description | When to Use |
+|------|-------------|-------------|
+| `fresh` (default) | Playwright's own Chromium. Fresh profile every time, no cookies/extensions/logins | Clean environment, leave no trace |
+| `persistent` | **Your Chrome profile.** Real cookies, history, extensions, logged-in accounts — all available to the agent | When the agent needs to act "as you" on sites |
+| `connect` | Connects to your already-open Chrome via CDP | When manually controlling Chrome alongside the agent |
+
+**Example — persistent (auto-detect profile):**
+
+```bash
+BROWSER_MODE=persistent npx @natchs/browser-mcp
+```
+
+Since v2.3.0 the Chrome profile is auto-detected. No path needed. Works on Windows/macOS/Linux. To specify a manual path:
+
+```bash
+BROWSER_MODE=persistent BROWSER_USER_DATA_DIR=C:\Users\...\User Data\Default npx @natchs/browser-mcp
+```
+
+**Example — connect (attach to existing Chrome):**
+
+```bash
+# First open Chrome with debug port:
+"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222
+
+# Then start the agent:
+BROWSER_MODE=connect npx @natchs/browser-mcp
+```
+
+**MCP Client Config — separate profiles per mode:**
+
+```json
+{
+  "mcpServers": {
+    "browser-mcp-persistent": {
+      "command": "npx",
+      "args": ["@natchs/browser-mcp"],
+      "env": {
+        "BROWSER_MODE": "persistent"
+      }
+    },
+    "browser-mcp-fresh": {
+      "command": "npx",
+      "args": ["@natchs/browser-mcp"],
+      "env": {
+        "BROWSER_MODE": "fresh"
+      }
+    }
+  }
+}
+```
+
+---
+
+### Environment Variables
+
+All configuration can be done via environment variables. The table below lists all supported variables. (Same as the Turkish table above — see the Turkish section for the full list.)
+
+---
+
+### Detailed Features
+
+#### Current Capabilities
+
+| Category | Tools | Capabilities |
+|----------|-------|--------------|
+| **Navigation** | 5 | Open page, back/forward, refresh, wait for element/URL |
+| **Interaction** | 8 | Click, fill form, select box, hover, drag-drop, keyboard, file upload |
+| **Extraction** | 7 | HTML, Markdown, plain text, CSS selector, tables, Schema.org, Open Graph |
+| **Network** | 10 | Request/response tracking, HAR/JSON/CSV export, WebSocket frame capture, body save, console log |
+| **Browser Control** | 8 | Screenshot, PDF, cookie management, JavaScript execution, file download |
+| **Session** | 3 | Multi-session open/close/list, automatic TTL cleanup |
+| **Admin** | 3 | Server status, cache statistics, cache clear |
+| **RE Tools** | 4 | JavaScript beautify/deobfuscate, API endpoint discovery, auth analysis |
+| **Stealth** | 2 | Fingerprint rotation, human behavior simulation |
+
+**Total: 40+ tools, 9 categories, production-grade architecture**
+
+#### What It Can Do
+
+- **Reverse Engineering**: JS deobfuscation, API auth analysis, network request export in HAR format
+- **Web Scraping**: HTML/Markdown/text extraction from non-Cloudflare sites, table and Schema.org structured data extraction
+- **Network Monitoring**: Real-time HTTP/HTTPS interception, WebSocket frame inspection, binary body save to disk
+- **Form Automation**: Login forms, search, multi-step form filling, file upload
+- **Session Management**: Each isolated, concurrent browser sessions with automatic TTL cleanup
+- **Security**: SSRF protection (internal IP blocking, DNS rebind prevention, redirect bypass guard), path traversal prevention, MIME-based extension blocklist, cookie leak protection
+- **Data Export**: Network captures as HAR/JSON/CSV, body save, WS frame save (.jsonl)
+- **Observability**: Structured JSON logging, tool metrics (call count, duration, errors), LRU cache + TTL
+- **Rate Limiting**: Token bucket, global + per-tool, configurable RPM
+
+#### Browser Profile Management (v2.3.0)
+
+The agent works in one of 3 browser modes:
+
+- **`fresh` (default):** Uses Playwright's own Chromium, fresh profile every time. No cookies, history, or extensions are carried over.
+- **`persistent`:** Uses your real Chrome profile. The agent accesses all your logged-in sites (Gmail, GitHub, ChatGPT, corporate VPN) as "you." Since v2.3.0, profiles are auto-detected — just set `BROWSER_MODE=persistent`.
+- **`connect`:** Connects to your already-running Chrome via `--remote-debugging-port`. Share existing tabs and sessions with the agent.
+
+#### Limitations
+
+- **Cloudflare/anti-bot sites**: Cannot bypass challenge pages, manual solving required
+- **Captcha solving**: No built-in captcha solver (third-party services can be integrated)
+- **Visual recognition**: Can take screenshots but cannot interpret content
+- **Native file download**: `browser_download` is URL-based, does not cover Playwright native download events
+- **Canvas/WebGL fingerprinting**: Basic fingerprint changes but may not bypass advanced anti-bot systems
+- **Mobile browser simulation**: Chromium desktop only, can emulate mobile viewport
+
+#### Security Features
+
+- `redirect: 'manual'` on all URL fetch calls — SSRF redirect bypass protection
+- `validateUrlAsync` DNS lookup — DNS rebind attack prevention
+- `DANGEROUS_EXTENSIONS` blocklist (.exe, .bat, .sh etc.) → safe `.bin` fallback
+- Pseudo-FS path blocking (`/proc/`, `/sys/`, `/etc/` etc.)
+- Cookie header filter — prevents cross-origin credential leakage in Stage 3 HTTP re-fetch
+- `downloadEnabled` and `networkSaveEnabled` default to **false** — must be explicitly enabled
+- Input sanitization (null byte, path traversal, fileName injection)
+
+#### MCP Client Compatibility
+
+Claude Desktop, Cursor, VS Code (Cline, Roo Code), Continue.dev, custom MCP clients — all protocol-compliant platforms.
+
+---
+
+### Roadmap
+
+This project is under active development. Coming soon:
+
+- **New tools**: PDF extraction, screenshot annotation, form detection, cookie manager, session snapshot/restore
+- **Cloudflare bypass**: Playwright Stealth integration, rotatable proxy support
+- **Batch scraping**: Multi-page scraping pipeline, queue system
+- **Performance**: Ring buffer optimization, streaming response, lazy evaluation
+- **Developer Experience**: Interactive CLI, playground UI, type-safe client SDK
+
+---
+
+### Development
 
 ```bash
 # Test
@@ -122,6 +465,6 @@ npm run lint
 npm run build
 ```
 
-## Lisans
+### License
 
 MIT

package/dist/core/audit-logger.d.ts

@@ -0,0 +1,3 @@
+export type AuditEvent = 'AUTH_FAILURE' | 'SANDBOX_VIOLATION' | 'FILE_ACCESS' | 'DNS_REBIND' | 'INTERNAL_IP' | 'PATH_TRAVERSAL';
+export declare function auditLog(event: AuditEvent, details: Record<string, unknown>): void;
+//# sourceMappingURL=audit-logger.d.ts.map

package/dist/core/audit-logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-logger.d.ts","sourceRoot":"","sources":["../../src/core/audit-logger.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,UAAU,GAAG,cAAc,GAAG,mBAAmB,GAAG,aAAa,GAAG,YAAY,GAAG,aAAa,GAAG,gBAAgB,CAAC;AAEhI,wBAAgB,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAElF"}

package/dist/core/audit-logger.js

@@ -0,0 +1,5 @@
+import { logger } from './logger.js';
+export function auditLog(event, details) {
+    logger.warn(`[AUDIT] ${event}`, details);
+}
+//# sourceMappingURL=audit-logger.js.map

package/dist/core/audit-logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-logger.js","sourceRoot":"","sources":["../../src/core/audit-logger.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC,MAAM,UAAU,QAAQ,CAAC,KAAiB,EAAE,OAAgC;IAC1E,MAAM,CAAC,IAAI,CAAC,WAAW,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;AAC3C,CAAC"}

package/dist/core/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/core/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAEhD;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,UAAU,CAiBhE"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/core/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAIhD;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,UAAU,CA2ChE"}

package/dist/core/auth.js

@@ -1,3 +1,5 @@
+import * as crypto from 'node:crypto';
+import { auditLog } from './audit-logger.js';
 /**
  * Creates an auth middleware that checks apiKey.
  * If apiKey is not set, the middleware passes through (no auth).
@@ -5,7 +7,33 @@
 export function createAuthMiddleware(apiKey) {
     return async (pc, next) => {
         if (apiKey) {
-            if (!pc.args.api_key || pc.args.api_key !== apiKey) {
+            if (!pc.args.api_key) {
+                auditLog('AUTH_FAILURE', { reason: 'missing_key', tool: pc.toolName });
+                return {
+                    ...pc,
+                    response: {
+                        content: [{
+                                type: 'text',
+                                text: JSON.stringify({ ok: false, error: { code: 'UNAUTHORIZED', message: 'Invalid or missing API key' } }),
+                            }],
+                    },
+                };
+            }
+            const providedKey = String(pc.args.api_key);
+            if (providedKey.length !== apiKey.length) {
+                auditLog('AUTH_FAILURE', { reason: 'length_mismatch', tool: pc.toolName });
+                return {
+                    ...pc,
+                    response: {
+                        content: [{
+                                type: 'text',
+                                text: JSON.stringify({ ok: false, error: { code: 'UNAUTHORIZED', message: 'Invalid or missing API key' } }),
+                            }],
+                    },
+                };
+            }
+            if (!crypto.timingSafeEqual(Buffer.from(providedKey), Buffer.from(apiKey))) {
+                auditLog('AUTH_FAILURE', { reason: 'key_mismatch', tool: pc.toolName });
                 return {
                     ...pc,
                     response: {

package/dist/core/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/core/auth.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAe;IAClD,OAAO,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE;QACxB,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,IAAI,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;gBACnD,OAAO;oBACL,GAAG,EAAE;oBACL,QAAQ,EAAE;wBACR,OAAO,EAAE,CAAC;gCACR,IAAI,EAAE,MAAe;gCACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAE,CAAC;6BAC5G,CAAC;qBACH;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/core/auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAE7C;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAe;IAClD,OAAO,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE;QACxB,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACrB,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACvE,OAAO;oBACL,GAAG,EAAE;oBACL,QAAQ,EAAE;wBACR,OAAO,EAAE,CAAC;gCACR,IAAI,EAAE,MAAe;gCACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAE,CAAC;6BAC5G,CAAC;qBACH;iBACF,CAAC;YACJ,CAAC;YACD,MAAM,WAAW,GAAG,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,WAAW,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;gBACzC,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,iBAAiB,EAAE,IAAI,EAAE,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC3E,OAAO;oBACL,GAAG,EAAE;oBACL,QAAQ,EAAE;wBACR,OAAO,EAAE,CAAC;gCACR,IAAI,EAAE,MAAe;gCACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAE,CAAC;6BAC5G,CAAC;qBACH;iBACF,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;gBAC3E,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACxE,OAAO;oBACL,GAAG,EAAE;oBACL,QAAQ,EAAE;wBACR,OAAO,EAAE,CAAC;gCACR,IAAI,EAAE,MAAe;gCACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAE,CAAC;6BAC5G,CAAC;qBACH;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/dist/core/body-fetch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"body-fetch.d.ts","sourceRoot":"","sources":["../../src/core/body-fetch.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAIxC,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,GAAG,KAAK,GAAG,MAAM,CAAC;IACjC,SAAS,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,qBAAa,gBAAgB;IACf,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,aAAa;IAEnC,KAAK,CAAC,KAAK,EAAE,SAAS,EAAE,cAAc,CAAC,EAAE,MAAM,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAA;KAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,eAAe,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,SAAS,CAAA;KAAE,CAAC;CA0DrK"}
+{"version":3,"file":"body-fetch.d.ts","sourceRoot":"","sources":["../../src/core/body-fetch.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAMxC,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,GAAG,KAAK,GAAG,MAAM,CAAC;IACjC,SAAS,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF,qBAAa,gBAAgB;IACf,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,aAAa;IAEnC,KAAK,CAAC,KAAK,EAAE,SAAS,EAAE,cAAc,CAAC,EAAE,MAAM,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAA;KAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,eAAe,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,SAAS,CAAA;KAAE,CAAC;CAgFrK"}

package/dist/core/body-fetch.js

@@ -1,6 +1,8 @@
 import { ErrorCode } from './errors.js';
-import { validateUrl } from './sandbox.js';
+import { validateUrl, isInternalIP } from './sandbox.js';
 import { logger } from './logger.js';
+import { auditLog } from './audit-logger.js';
+import * as dns from 'node:dns';
 export class BodyFetchService {
     config;
     constructor(config) {
@@ -38,12 +40,34 @@ export class BodyFetchService {
             }
             const urlCheck = validateUrl(entry.url);
             if (!urlCheck.valid) {
+                auditLog('DNS_REBIND', { url: entry.url, reason: urlCheck.error });
                 return { error: 'SSRF blocked: ' + urlCheck.error, code: ErrorCode.NETWORK_RESPONSE_FAILED };
             }
+            const parsedUrl = new URL(entry.url);
+            let fetchUrl = entry.url;
+            try {
+                const addresses = await dns.promises.lookup(parsedUrl.hostname, { all: true });
+                for (const addr of addresses) {
+                    if (isInternalIP(addr.address)) {
+                        auditLog('INTERNAL_IP', { url: entry.url, ip: addr.address });
+                        return { error: `DNS rebind blocked: ${entry.url} resolves to internal IP ${addr.address}`, code: ErrorCode.INTERNAL_IP };
+                    }
+                }
+                // TOCTOU DNS rebind fix: use resolved IP directly for HTTP
+                if (parsedUrl.protocol === 'http:' && addresses.length > 0) {
+                    fetchUrl = `http://${addresses[0].address}${parsedUrl.pathname}${parsedUrl.search}`;
+                    headers['Host'] = parsedUrl.hostname;
+                }
+            }
+            catch (err) {
+                const errMsg = err instanceof Error ? err.message : String(err);
+                auditLog('DNS_REBIND', { url: entry.url, reason: `DNS lookup failed for ${parsedUrl.hostname}: ${errMsg}` });
+                throw new Error(`DNS lookup failed for ${parsedUrl.hostname}: ${errMsg}`);
+            }
             const controller = new AbortController();
             const timeout = setTimeout(() => controller.abort(), 30000);
             try {
-                const response = await fetch(entry.url, {
+                const response = await fetch(fetchUrl, {
                     method: entry.method,
                     headers: Object.keys(headers).length > 0 ? headers : undefined,
                     signal: controller.signal,

package/dist/core/body-fetch.js.map

@@ -1 +1 @@
-{"version":3,"file":"body-fetch.js","sourceRoot":"","sources":["../../src/core/body-fetch.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAQrC,MAAM,OAAO,gBAAgB;IACP;IAApB,YAAoB,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAE7C,KAAK,CAAC,KAAK,CAAC,KAAgB,EAAE,cAAsE;QAClG,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;gBACtD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;YAC1D,CAAC;YAAC,MAAM,CAAC;gBAAC,MAAM,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAAC,CAAC;QACpF,CAAC;QAED,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,cAAc,EAAE,CAAC;gBACnC,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;oBAC7B,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;gBACxD,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBAAC,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;YAAC,CAAC;QACrF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAA2B,EAAE,CAAC;YAC3C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC1D,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC3B,IAAI,CAAC,QAAQ,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;oBACxD,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBACjB,CAAC;YACH,CAAC;YACD,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxC,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;gBACpB,OAAO,EAAE,KAAK,EAAE,gBAAgB,GAAG,QAAQ,CAAC,KAAK,EAAE,IAAI,EAAE,SAAS,CAAC,uBAAuB,EAAE,CAAC;YAC/F,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC;YAC5D,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE;oBACtC,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;oBAC9D,MAAM,EAAE,UAAU,CAAC,MAAM;oBACzB,QAAQ,EAAE,QAAQ;iBACnB,CAAC,CAAC;gBACH,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;oBAC3C,OAAO,EAAE,KAAK,EAAE,QAAQ,QAAQ,CAAC,MAAM,kBAAkB,EAAE,IAAI,EAAE,SAAS,CAAC,uBAAuB,EAAE,CAAC;gBACvG,CAAC;gBACD,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;gBAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;gBAC5C,IAAI,aAAa,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC;oBAC3D,OAAO,EAAE,KAAK,EAAE,uBAAuB,aAAa,gBAAgB,OAAO,GAAG,EAAE,IAAI,EAAE,SAAS,CAAC,YAAY,EAAE,CAAC;gBACjH,CAAC;gBACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;gBACtD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;YACzD,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,OAAO,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,EAAE,KAAK,EAAE,yBAAyB,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,CAAC,uBAAuB,EAAE,CAAC;QAChG,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"body-fetch.js","sourceRoot":"","sources":["../../src/core/body-fetch.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAQhC,MAAM,OAAO,gBAAgB;IACP;IAApB,YAAoB,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAE7C,KAAK,CAAC,KAAK,CAAC,KAAgB,EAAE,cAAsE;QAClG,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;gBACtD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;YAC1D,CAAC;YAAC,MAAM,CAAC;gBAAC,MAAM,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAAC,CAAC;QACpF,CAAC;QAED,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,cAAc,EAAE,CAAC;gBACnC,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;oBAC7B,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;gBACxD,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBAAC,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;YAAC,CAAC;QACrF,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAA2B,EAAE,CAAC;YAC3C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC1D,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC3B,IAAI,CAAC,QAAQ,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;oBACxD,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBACjB,CAAC;YACH,CAAC;YACD,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxC,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;gBACpB,QAAQ,CAAC,YAAY,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;gBACnE,OAAO,EAAE,KAAK,EAAE,gBAAgB,GAAG,QAAQ,CAAC,KAAK,EAAE,IAAI,EAAE,SAAS,CAAC,uBAAuB,EAAE,CAAC;YAC/F,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC/E,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;oBAC7B,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC/B,QAAQ,CAAC,aAAa,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,EAAE,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;wBAC9D,OAAO,EAAE,KAAK,EAAE,uBAAuB,KAAK,CAAC,GAAG,4BAA4B,IAAI,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;oBAC5H,CAAC;gBACH,CAAC;gBACD,2DAA2D;gBAC3D,IAAI,SAAS,CAAC,QAAQ,KAAK,OAAO,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC3D,QAAQ,GAAG,UAAU,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG,SAAS,CAAC,QAAQ,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC;oBACpF,OAAO,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC;gBACvC,CAAC;YACH,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChE,QAAQ,CAAC,YAAY,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,yBAAyB,SAAS,CAAC,QAAQ,KAAK,MAAM,EAAE,EAAE,CAAC,CAAC;gBAC7G,MAAM,IAAI,KAAK,CAAC,yBAAyB,SAAS,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC,CAAC;YAC5E,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC;YAC5D,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;oBACrC,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;oBAC9D,MAAM,EAAE,UAAU,CAAC,MAAM;oBACzB,QAAQ,EAAE,QAAQ;iBACnB,CAAC,CAAC;gBACH,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;oBAC3C,OAAO,EAAE,KAAK,EAAE,QAAQ,QAAQ,CAAC,MAAM,kBAAkB,EAAE,IAAI,EAAE,SAAS,CAAC,uBAAuB,EAAE,CAAC;gBACvG,CAAC;gBACD,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;gBAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;gBAC5C,IAAI,aAAa,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC;oBAC3D,OAAO,EAAE,KAAK,EAAE,uBAAuB,aAAa,gBAAgB,OAAO,GAAG,EAAE,IAAI,EAAE,SAAS,CAAC,YAAY,EAAE,CAAC;gBACjH,CAAC;gBACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;gBACtD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;YACzD,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,OAAO,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,EAAE,KAAK,EAAE,yBAAyB,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,CAAC,uBAAuB,EAAE,CAAC;QAChG,CAAC;IACH,CAAC;CACF"}

package/dist/core/browser-lifecycle.d.ts

@@ -0,0 +1,29 @@
+import { Browser, BrowserContext, Page } from 'playwright';
+import { BrowserProvider } from './browser-provider.js';
+export declare class BrowserLifecycle {
+    private provider;
+    private headless;
+    private browser;
+    private context;
+    private pages;
+    private nextPageId;
+    private _maxPages;
+    constructor(provider: BrowserProvider | undefined, headless: boolean, maxPages?: number);
+    set maxPages(value: number);
+    get maxPages(): number;
+    get hasProvider(): boolean;
+    ensureBrowser(): Promise<Browser>;
+    createContext(): Promise<BrowserContext>;
+    getOrCreateContext(): Promise<BrowserContext>;
+    createPage(): Promise<{
+        page: Page;
+        id: string;
+    }>;
+    getPage(id: string): Page | undefined;
+    closePage(id: string): Promise<void>;
+    shutdown(): Promise<void>;
+    isRunning(): boolean;
+    getCurrentContext(): BrowserContext | null;
+    getCurrentBrowser(): Browser | null;
+}
+//# sourceMappingURL=browser-lifecycle.d.ts.map

package/dist/core/browser-lifecycle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser-lifecycle.d.ts","sourceRoot":"","sources":["../../src/core/browser-lifecycle.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAIxD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAA8B;IAC9C,OAAO,CAAC,QAAQ,CAAU;IAC1B,OAAO,CAAC,OAAO,CAAwB;IACvC,OAAO,CAAC,OAAO,CAA+B;IAC9C,OAAO,CAAC,KAAK,CAAgC;IAC7C,OAAO,CAAC,UAAU,CAAK;IAEvB,OAAO,CAAC,SAAS,CAAM;gBAEX,QAAQ,EAAE,eAAe,GAAG,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,SAAK;IAMnF,IAAI,QAAQ,CAAC,KAAK,EAAE,MAAM,EAEzB;IAED,IAAI,QAAQ,IAAI,MAAM,CAErB;IAED,IAAI,WAAW,IAAI,OAAO,CAEzB;IAEK,aAAa,IAAI,OAAO,CAAC,OAAO,CAAC;IAWjC,aAAa,IAAI,OAAO,CAAC,cAAc,CAAC;IAQxC,kBAAkB,IAAI,OAAO,CAAC,cAAc,CAAC;IAM7C,UAAU,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAWvD,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAI/B,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQpC,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAoB/B,SAAS,IAAI,OAAO;IAIpB,iBAAiB,IAAI,cAAc,GAAG,IAAI;IAI1C,iBAAiB,IAAI,OAAO,GAAG,IAAI;CAGpC"}