@ricardodeazambuja/browser-mcp-server 1.0.3 → 1.4.0

package/tests/test-security.js

@@ -0,0 +1,203 @@
+#!/usr/bin/env node
+
+/**
+ * Security Tools Test Suite
+ * Tests security headers, CSP monitoring, and mixed content detection
+ */
+
+const { spawn } = require('child_process');
+const path = require('path');
+const readline = require('readline');
+
+const serverPath = path.join(__dirname, '..', 'src', 'index.js');
+const proc = spawn('node', [serverPath], { stdio: ['pipe', 'pipe', 'pipe'] });
+
+proc.stderr.on('data', (data) => {
+    // Suppress stderr for cleaner test output
+});
+
+proc.on('error', (err) => {
+    console.error('Server error:', err);
+    process.exit(1);
+});
+
+const rl = readline.createInterface({ input: proc.stdout, terminal: false });
+
+let messageId = 1;
+let testStep = 0;
+
+function sendRequest(method, params) {
+    const request = { jsonrpc: '2.0', id: messageId++, method, params };
+    proc.stdin.write(JSON.stringify(request) + '\n');
+}
+
+console.log('🔒 Security Tools Test Suite\n');
+
+rl.on('line', (line) => {
+    try {
+        const response = JSON.parse(line);
+        if (response.method === 'notifications/resources/list_changed') return;
+        if (response.error) {
+            console.error('❌ Error:', response.error.message);
+            process.exit(1);
+        }
+        if (response.result && response.id) {
+            handleResponse(response);
+        }
+    } catch (e) {
+        // Ignore non-JSON lines
+    }
+});
+
+function handleResponse(response) {
+    const currentTest = steps[testStep];
+    if (!currentTest) return;
+
+    console.log(`➡️  ${currentTest.name}`);
+
+    try {
+        currentTest.verify(response);
+        console.log(`   ✅ Passed\n`);
+    } catch (err) {
+        console.error(`   ❌ Failed: ${err.message}`);
+        process.exit(1);
+    }
+
+    testStep++;
+    if (testStep < steps.length) {
+        setTimeout(() => {
+            sendRequest(steps[testStep].method, steps[testStep].params());
+        }, 500);
+    } else {
+        console.log('🎉 All security tests passed!');
+        proc.kill();
+        process.exit(0);
+    }
+}
+
+const steps = [
+    {
+        name: 'Initialize',
+        method: 'initialize',
+        params: () => ({
+            protocolVersion: '2024-11-05',
+            capabilities: {},
+            clientInfo: { name: 'security-test', version: '1.0.0' }
+        }),
+        verify: () => { }
+    },
+    {
+        name: 'Navigate to Security Test Page',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_navigate',
+            arguments: { url: 'file://' + path.join(__dirname, 'fixtures', 'test-security.html') }
+        }),
+        verify: () => { }
+    },
+    {
+        name: 'Wait for Page Load',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_wait',
+            arguments: { ms: 1000 }
+        }),
+        verify: () => { }
+    },
+    {
+        name: 'Get Security Headers',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_sec_get_security_headers',
+            arguments: {}
+        }),
+        verify: (res) => {
+            const text = res.result.content[0].text;
+            if (res.result.isError) {
+                throw new Error('Get security headers failed: ' + text);
+            }
+            if (!text.includes('content-security-policy') && !text.includes('Security Headers')) {
+                throw new Error('Unexpected response: ' + text.substring(0, 100));
+            }
+        }
+    },
+    {
+        name: 'Start CSP Monitoring',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_sec_start_csp_monitoring',
+            arguments: {}
+        }),
+        verify: (res) => {
+            const text = res.result.content[0].text;
+            // Accept success, already active, or error
+            if (!text.includes('monitoring started') && !text.includes('already active') && !text.includes('Error')) {
+                throw new Error('Unexpected response: ' + text.substring(0, 100));
+            }
+        }
+    },
+    {
+        name: 'Wait for CSP Events',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_wait',
+            arguments: { ms: 1000 }
+        }),
+        verify: () => { }
+    },
+    {
+        name: 'Get CSP Violations',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_sec_get_csp_violations',
+            arguments: {}
+        }),
+        verify: (res) => {
+            const text = res.result.content[0].text;
+            // May or may not have violations depending on browser behavior
+            if (!text.includes('violations') && !text.includes('No CSP') && !text.includes('not active') && !text.includes('Error')) {
+                throw new Error('Unexpected response: ' + text.substring(0, 100));
+            }
+        }
+    },
+    {
+        name: 'Stop CSP Monitoring',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_sec_stop_csp_monitoring',
+            arguments: {}
+        }),
+        verify: (res) => {
+            const text = res.result.content[0].text;
+            // Accept stopped, not active, or error
+            if (!text.includes('stopped') && !text.includes('not active') && !text.includes('Error')) {
+                throw new Error('Unexpected response: ' + text.substring(0, 100));
+            }
+        }
+    },
+    {
+        name: 'Detect Mixed Content (HTTP page)',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_sec_detect_mixed_content',
+            arguments: {}
+        }),
+        verify: (res) => {
+            const text = res.result.content[0].text;
+            // On file:// protocol, should indicate HTTPS-only
+            if (!text.includes('HTTPS') && !text.includes('No mixed content')) {
+                throw new Error('Invalid mixed content response');
+            }
+        }
+    }
+];
+
+// Start tests
+setTimeout(() => sendRequest(steps[0].method, steps[0].params()), 500);
+
+// Timeout after 60 seconds
+setTimeout(() => {
+    console.error('\n❌ Test timeout');
+    proc.kill();
+    process.exit(1);
+}, 60000);

package/tests/test-storage.js

@@ -0,0 +1,192 @@
+#!/usr/bin/env node
+
+/**
+ * Storage Tools Test Suite
+ * Tests IndexedDB, Cache Storage, and Service Worker inspection
+ */
+
+const { spawn } = require('child_process');
+const path = require('path');
+const readline = require('readline');
+
+const serverPath = path.join(__dirname, '..', 'src', 'index.js');
+const proc = spawn('node', [serverPath], { stdio: ['pipe', 'pipe', 'pipe'] });
+
+proc.stderr.on('data', (data) => {
+    // Suppress stderr for cleaner test output
+});
+
+proc.on('error', (err) => {
+    console.error('Server error:', err);
+    process.exit(1);
+});
+
+const rl = readline.createInterface({ input: proc.stdout, terminal: false });
+
+let messageId = 1;
+let testStep = 0;
+
+function sendRequest(method, params) {
+    const request = { jsonrpc: '2.0', id: messageId++, method, params };
+    proc.stdin.write(JSON.stringify(request) + '\n');
+}
+
+console.log('💾 Storage Tools Test Suite\n');
+
+rl.on('line', (line) => {
+    try {
+        const response = JSON.parse(line);
+        if (response.method === 'notifications/resources/list_changed') return;
+        if (response.error) {
+            console.error('❌ Error:', response.error.message);
+            process.exit(1);
+        }
+        if (response.result && response.id) {
+            handleResponse(response);
+        }
+    } catch (e) {
+        // Ignore non-JSON lines
+    }
+});
+
+function handleResponse(response) {
+    const currentTest = steps[testStep];
+    if (!currentTest) return;
+
+    console.log(`➡️  ${currentTest.name}`);
+
+    try {
+        currentTest.verify(response);
+        console.log(`   ✅ Passed\n`);
+    } catch (err) {
+        console.error(`   ❌ Failed: ${err.message}`);
+        process.exit(1);
+    }
+
+    testStep++;
+    if (testStep < steps.length) {
+        setTimeout(() => {
+            sendRequest(steps[testStep].method, steps[testStep].params());
+        }, 500);
+    } else {
+        console.log('🎉 All storage tests passed!');
+        proc.kill();
+        process.exit(0);
+    }
+}
+
+const steps = [
+    {
+        name: 'Initialize',
+        method: 'initialize',
+        params: () => ({
+            protocolVersion: '2024-11-05',
+            capabilities: {},
+            clientInfo: { name: 'storage-test', version: '1.0.0' }
+        }),
+        verify: () => { }
+    },
+    {
+        name: 'Navigate to Storage Test Page',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_navigate',
+            arguments: { url: 'file://' + path.join(__dirname, 'fixtures', 'test-storage.html') }
+        }),
+        verify: () => { }
+    },
+    {
+        name: 'Wait for Storage Setup',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_wait',
+            arguments: { ms: 2000 }
+        }),
+        verify: () => { }
+    },
+    {
+        name: 'List IndexedDB Databases',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_storage_get_indexeddb',
+            arguments: {}
+        }),
+        verify: (res) => {
+            const text = res.result.content[0].text;
+            // Should list databases, indicate none found, or CDP error
+            if (!text.includes('databases') && !text.includes('No IndexedDB') && !text.includes('CDP Error') && !text.includes('Error')) {
+                throw new Error('Unexpected response: ' + text.substring(0, 100));
+            }
+        }
+    },
+    {
+        name: 'Inspect IndexedDB Database',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_storage_get_indexeddb',
+            arguments: { databaseName: 'testDB' }
+        }),
+        verify: (res) => {
+            const text = res.result.content[0].text;
+            // Should show database structure or error if not found
+            if (!text.includes('objectStores') && !text.includes('not found') && !text.includes('error') && !text.includes('Error') && !text.includes('CDP Error')) {
+                throw new Error('Unexpected response: ' + text.substring(0, 100));
+            }
+        }
+    },
+    {
+        name: 'List Cache Storage',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_storage_get_cache_storage',
+            arguments: {}
+        }),
+        verify: (res) => {
+            const text = res.result.content[0].text;
+            // Should list caches, indicate none found, or error
+            if (!text.includes('caches') && !text.includes('No Cache') && !text.includes('CDP Error') && !text.includes('Error')) {
+                throw new Error('Unexpected response: ' + text.substring(0, 100));
+            }
+        }
+    },
+    {
+        name: 'Inspect Cache Entries',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_storage_get_cache_storage',
+            arguments: { cacheName: 'test-cache-v1' }
+        }),
+        verify: (res) => {
+            const text = res.result.content[0].text;
+            // Should show cache entries, not found, or error
+            if (!text.includes('entries') && !text.includes('not found') && !text.includes('CDP Error') && !text.includes('Error')) {
+                throw new Error('Unexpected response: ' + text.substring(0, 100));
+            }
+        }
+    },
+    {
+        name: 'Get Service Workers',
+        method: 'tools/call',
+        params: () => ({
+            name: 'browser_storage_get_service_workers',
+            arguments: {}
+        }),
+        verify: (res) => {
+            const text = res.result.content[0].text;
+            // Should list service workers, indicate none/not supported, or error
+            if (!text.includes('Service Worker') && !text.includes('supported') && !text.includes('No service') && !text.includes('Error') && !text.includes('CDP Error')) {
+                throw new Error('Unexpected response: ' + text.substring(0, 100));
+            }
+        }
+    }
+];
+
+// Start tests
+setTimeout(() => sendRequest(steps[0].method, steps[0].params()), 500);
+
+// Timeout after 60 seconds
+setTimeout(() => {
+    console.error('\n❌ Test timeout');
+    proc.kill();
+    process.exit(1);
+}, 60000);

package/CHANGELOG-v1.0.2.md

@@ -1,126 +0,0 @@
-# Changelog - Version 1.0.2
-
-## Release Date
-2025-12-26
-
-## Summary
-Enhanced browser detection and standalone mode support. The MCP server now intelligently searches for and uses system Chrome/Chromium installations, eliminating the need for redundant browser downloads.
-
-## New Features
-
-### 1. Smart Chrome/Chromium Detection
-- **New function**: `findChromeExecutable()` searches for Chrome/Chromium in common system locations
-- **Search locations**:
-  - Linux: `/usr/bin/google-chrome`, `/usr/bin/chromium`, `/usr/bin/chromium-browser`, `/snap/bin/chromium`
-  - macOS: `/Applications/Google Chrome.app`, `/Applications/Chromium.app`
-  - Windows: `C:\Program Files\Google\Chrome\Application\chrome.exe`
-  - Also uses `which` command as fallback on Unix systems
-
-### 2. Three-Tier Browser Strategy
-The server now tries browsers in this order:
-1. **Antigravity Mode**: Connect to existing Chrome on port 9222 (if available)
-2. **System Browser**: Use system-installed Chrome/Chromium (if found)
-3. **Playwright Chromium**: Fall back to Playwright's Chromium (if installed)
-
-### 3. Improved Error Messages
-When no browser is found, users get clear, actionable instructions:
-
-```
-❌ No Chrome/Chromium browser found!
-
-This MCP server needs a Chrome or Chromium browser to work.
-
-Option 1 - Install Chrome/Chromium on your system:
-  • Ubuntu/Debian: sudo apt install google-chrome-stable
-  • Ubuntu/Debian: sudo apt install chromium-browser
-  • Fedora: sudo dnf install google-chrome-stable
-  • macOS: brew install --cask google-chrome
-  • Or download from: https://www.google.com/chrome/
-
-Option 2 - Install Playwright's Chromium:
-  npm install playwright
-  npx playwright install chromium
-
-Option 3 - Use with Antigravity:
-  Open Antigravity and click the Chrome logo (top right) to start the browser.
-  This MCP server will automatically connect to it.
-```
-
-## Bug Fixes
-
-### 1. Browser Reconnection
-- Fixed browser disconnection detection
-- Improved reconnection logic after browser crashes or closures
-
-## Changes
-
-### package.json
-- Moved Playwright from `peerDependencies` to `dependencies` (^1.57.0)
-- Removed `postinstall` script (no longer auto-installs Chromium)
-- Users can now choose: system Chrome, Chromium, or Playwright Chromium
-
-### browser-mcp-server-playwright.js
-- Added `findChromeExecutable()` function (+43 lines)
-- Enhanced browser launch logic with Chrome detection
-- Improved error handling with context-aware messages
-- Better debug logging for troubleshooting
-
-## Benefits
-
-✅ **No Redundant Downloads**: Uses existing Chrome/Chromium installations
-✅ **Disk Space Savings**: Avoids downloading ~275MB Playwright Chromium if system browser exists
-✅ **Faster Installation**: No browser download during npm install
-✅ **Better UX**: Clear error messages guide users to solutions
-✅ **Flexible**: Works with Antigravity, system browsers, OR Playwright Chromium
-✅ **Cross-Platform**: Supports Linux, macOS, and Windows
-
-## Compatibility
-
-- **Node.js**: >=16.0.0
-- **Playwright**: ^1.57.0
-- **Browsers**: Chrome, Chromium, or Playwright Chromium
-
-## Testing
-
-All 16 browser automation tools tested and verified:
-- ✅ browser_navigate
-- ✅ browser_click
-- ✅ browser_screenshot
-- ✅ browser_get_text
-- ✅ browser_type
-- ✅ browser_evaluate
-- ✅ browser_wait_for_selector
-- ✅ browser_scroll
-- ✅ browser_resize_window
-- ✅ browser_get_dom
-- ✅ browser_start_video_recording
-- ✅ browser_stop_video_recording
-- ✅ browser_health_check
-- ✅ browser_console_start
-- ✅ browser_console_get
-- ✅ browser_console_clear
-
-## Migration Guide
-
-### From v1.0.1 to v1.0.2
-
-**No action required!** The update is fully backward compatible.
-
-**If you had Playwright Chromium installed:**
-- It will still work as a fallback
-- But the server will prefer your system Chrome/Chromium if available
-
-**If you didn't have any browser:**
-- The new error messages will guide you through installation options
-- Choose the option that works best for your system
-
-## Debug Logs
-
-Server logs are written to: `/tmp/mcp-browser-server.log`
-
-Example log output:
-```
-Found Chrome at: /usr/bin/google-chrome
-Using system Chrome/Chromium: /usr/bin/google-chrome
-✅ Successfully launched new Chrome instance (Standalone mode)
-```