@owloops/browserbird 1.7.0 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -1
- package/dist/index.mjs +922 -162
- package/package.json +1 -1
- package/web/dist/assets/index-BehCAKeW.css +1 -0
- package/web/dist/assets/index-BsCZjyRj.js +8 -0
- package/web/dist/index.html +2 -2
- package/web/dist/assets/index-C4T4JGQp.css +0 -1
- package/web/dist/assets/index-rMAhMQyM.js +0 -8
package/README.md
CHANGED
|
@@ -263,11 +263,21 @@ Authentication is handled via the web UI. On first visit, you create an account.
|
|
|
263
263
|
| `BROWSER_MODE` | `persistent` (default) or `isolated`. Requires container restart |
|
|
264
264
|
| `BROWSERBIRD_CONFIG` | Path to `browserbird.json`. Overridden by `--config` flag |
|
|
265
265
|
| `BROWSERBIRD_DB` | Path to SQLite database file. Overridden by `--db` flag |
|
|
266
|
+
| `BROWSERBIRD_VAULT_KEY` | Vault encryption key (auto-generated on first start, stored in `.env`) |
|
|
266
267
|
| `NO_COLOR` | Disable colored output |
|
|
267
268
|
|
|
268
269
|
> [!NOTE]
|
|
269
270
|
> **Agent authentication:** `ANTHROPIC_API_KEY` (pay-per-token) is required for shared or commercial deployments per Anthropic's Consumer ToS. `CLAUDE_CODE_OAUTH_TOKEN` is fine for personal self-hosted use. When both are set, OAuth takes priority. This is also why BrowserBird uses the CLI rather than the [Agent SDK](https://docs.anthropic.com/en/docs/agent-sdk/overview); the SDK requires API key auth per Anthropic's [usage policy](https://docs.anthropic.com/en/docs/claude-code/legal-and-compliance).
|
|
270
271
|
|
|
272
|
+
### Vault Keys
|
|
273
|
+
|
|
274
|
+
Store API keys and secrets in the web UI (Settings, Keys tab) and bind them to specific channels or birds. At spawn time, bound keys are injected as environment variables into the agent subprocess.
|
|
275
|
+
|
|
276
|
+
- **Encrypted at rest** with AES-256-GCM. The encryption key is auto-generated on first start and stored in `.env` as `BROWSERBIRD_VAULT_KEY`.
|
|
277
|
+
- **Redacted from output.** If the agent prints a vault key value, it appears as `[redacted]` in Slack and logs.
|
|
278
|
+
- **Bound to targets.** A key bound to channel `*` applies to all channels. A key bound to a specific bird applies only when that bird runs. Bird-level keys override channel-level keys on name conflict.
|
|
279
|
+
- **Name restrictions.** Dangerous env var names (`PATH`, `NODE_OPTIONS`, `LD_PRELOAD`, etc.) are blocked to prevent subprocess hijacking.
|
|
280
|
+
|
|
271
281
|
## CLI
|
|
272
282
|
|
|
273
283
|
Available on npm: `npx @owloops/browserbird`
|
|
@@ -288,6 +298,7 @@ commands:
|
|
|
288
298
|
|
|
289
299
|
sessions manage sessions
|
|
290
300
|
birds manage scheduled birds
|
|
301
|
+
keys manage vault keys
|
|
291
302
|
config view configuration
|
|
292
303
|
logs show recent log entries
|
|
293
304
|
jobs inspect and manage the job queue
|
|
@@ -326,7 +337,7 @@ Runs at `http://localhost:18800` by default.
|
|
|
326
337
|
| **Sessions** | Session list with message history, token usage, and conversation detail |
|
|
327
338
|
| **Birds** | Scheduled birds: create, edit, enable/disable, trigger, inline flight history |
|
|
328
339
|
| **Computer** | Live noVNC viewer (Docker only) |
|
|
329
|
-
| **Settings** | Config editor, agent management, secrets, system birds, job queue, and log viewer
|
|
340
|
+
| **Settings** | Config editor, agent management, secrets, vault keys, system birds, job queue, and log viewer |
|
|
330
341
|
|
|
331
342
|
## Development
|
|
332
343
|
|