npm - @rushstack/playwright-browser-tunnel - Versions diffs - 0.2.4 → 0.3.1 - Mend

@rushstack/playwright-browser-tunnel 0.2.4 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (98) hide show

package/CHANGELOG.json CHANGED Viewed

@@ -1,6 +1,44 @@
 {
   "name": "@rushstack/playwright-browser-tunnel",
   "entries": [
+    {
+      "version": "0.3.1",
+      "tag": "@rushstack/playwright-browser-tunnel_v0.3.1",
+      "date": "Thu, 19 Feb 2026 01:30:06 GMT",
+      "comments": {
+        "patch": [
+          {
+            "comment": "Filter files from publish and include missing LICENSE file."
+          }
+        ]
+      }
+    },
+    {
+      "version": "0.3.0",
+      "tag": "@rushstack/playwright-browser-tunnel_v0.3.0",
+      "date": "Thu, 19 Feb 2026 00:04:53 GMT",
+      "comments": {
+        "minor": [
+          {
+            "comment": "Normalize package layout. CommonJS is now under `lib-commonjs`, DTS is now under `lib-dts`, and ESM is now under `lib-esm`. Imports to `lib` still work as before, handled by the `\"exports\"` field in `package.json`."
+          }
+        ],
+        "dependency": [
+          {
+            "comment": "Updating dependency \"@rushstack/node-core-library\" to `5.20.0`"
+          },
+          {
+            "comment": "Updating dependency \"@rushstack/terminal\" to `0.22.0`"
+          },
+          {
+            "comment": "Updating dependency \"@rushstack/ts-command-line\" to `5.3.0`"
+          },
+          {
+            "comment": "Updating dependency \"@rushstack/heft\" to `1.2.0`"
+          }
+        ]
+      }
+    },
     {
       "version": "0.2.4",
       "tag": "@rushstack/playwright-browser-tunnel_v0.2.4",

package/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,20 @@
 # Change Log - @rushstack/playwright-browser-tunnel
-This log was last generated on Wed, 11 Feb 2026 23:14:09 GMT and should not be manually modified.
+This log was last generated on Thu, 19 Feb 2026 01:30:06 GMT and should not be manually modified.
+## 0.3.1
+Thu, 19 Feb 2026 01:30:06 GMT
+### Patches
+- Filter files from publish and include missing LICENSE file.
+## 0.3.0
+Thu, 19 Feb 2026 00:04:53 GMT
+### Minor changes
+- Normalize package layout. CommonJS is now under `lib-commonjs`, DTS is now under `lib-dts`, and ESM is now under `lib-esm`. Imports to `lib` still work as before, handled by the `"exports"` field in `package.json`.
 ## 0.2.4
 Wed, 11 Feb 2026 23:14:09 GMT

package/LICENSE ADDED Viewed

@@ -0,0 +1,24 @@
+@rushstack/playwright-browser-tunnel
+Copyright (c) Microsoft Corporation. All rights reserved.
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/{lib → lib-dts}/tsdoc-metadata.json RENAMED Viewed

@@ -5,7 +5,7 @@
   "toolPackages": [
     {
       "packageName": "@microsoft/api-extractor",
-      "packageVersion": "7.56.3"
+      "packageVersion": "7.57.0"
     }
   ]
 }

package/lib-esm/HttpServer.js ADDED Viewed

@@ -0,0 +1,70 @@
+// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
+// See LICENSE in the project root for license information.
+import http from 'node:http';
+import { URL } from 'node:url';
+import { WebSocketServer } from 'ws';
+const LOCALHOST = 'localhost';
+/**
+ * Formats an address info object into a WebSocket-compatible address string.
+ * IPv6 addresses are formatted with brackets: [address]:port
+ * IPv4 addresses are formatted as: address:port
+ */
+function formatAddress(addressInfo) {
+    return addressInfo.family === 'IPv6'
+        ? `[${addressInfo.address}]:${addressInfo.port}`
+        : `${addressInfo.address}:${addressInfo.port}`;
+}
+/**
+ * This HttpServer is used for the localProxyWs WebSocketServer.
+ * The purpose is to parse the query params and path for the websocket url to get the
+ * browserName and launchOptions.
+ */
+export class HttpServer {
+    constructor(logger) {
+        this._logger = logger;
+        // We'll create an HTTP server and attach a WebSocketServer in noServer mode so we can
+        // manually parse the URL and extract query parameters before upgrading.
+        this._server = http.createServer();
+        this._wsServer = new WebSocketServer({ noServer: true });
+        this._server.on('upgrade', (request, socket, head) => {
+            // Accept all upgrades on the root path. We parse query string for browserName + launchOptions.
+            this._wsServer.handleUpgrade(request, socket, head, (ws) => {
+                this._wsServer.emit('connection', ws, request);
+            });
+        });
+    }
+    async listenAsync() {
+        return await new Promise((resolve) => {
+            // Bind to 'localhost' which resolves to IPv4 (127.0.0.1) or IPv6 (::1)
+            // depending on system configuration and DNS resolution
+            this._server.listen(0, LOCALHOST, () => {
+                const addressInfo = this._server.address();
+                if (!addressInfo) {
+                    throw new Error('Server address is null - server may not be bound properly');
+                }
+                if (typeof addressInfo === 'string') {
+                    throw new Error(`Server address is a pipe/socket path (${addressInfo}), expected an IP address`);
+                }
+                const formattedAddress = formatAddress(addressInfo);
+                this._listeningAddress = formattedAddress;
+                // This MUST be printed to terminal so VS Code can auto-port forward
+                this._logger.writeLine(`Local proxy HttpServer listening at ws://${formattedAddress}`);
+                resolve(new URL(`ws://${formattedAddress}`));
+            });
+        });
+    }
+    get endpoint() {
+        if (this._listeningAddress === undefined) {
+            throw new Error('HttpServer not listening yet');
+        }
+        return `ws://${this._listeningAddress}`;
+    }
+    get wsServer() {
+        return this._wsServer;
+    }
+    [Symbol.dispose]() {
+        this._wsServer.close();
+        this._server.close();
+    }
+}
+//# sourceMappingURL=HttpServer.js.map

package/lib-esm/HttpServer.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"HttpServer.js","sourceRoot":"","sources":["../src/HttpServer.ts"],"names":[],"mappings":"AAAA,4FAA4F;AAC5F,2DAA2D;AAE3D,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B,OAAO,EAAE,eAAe,EAAkB,MAAM,IAAI,CAAC;AAIrD,MAAM,SAAS,GAAW,WAAW,CAAC;AAEtC;;;;GAIG;AACH,SAAS,aAAa,CAAC,WAAwB;IAC7C,OAAO,WAAW,CAAC,MAAM,KAAK,MAAM;QAClC,CAAC,CAAC,IAAI,WAAW,CAAC,OAAO,KAAK,WAAW,CAAC,IAAI,EAAE;QAChD,CAAC,CAAC,GAAG,WAAW,CAAC,OAAO,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC;AACnD,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,UAAU;IAMrB,YAAmB,MAAiB;QAClC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,sFAAsF;QACtF,wEAAwE;QACxE,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACnC,IAAI,CAAC,SAAS,GAAG,IAAI,eAAe,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzD,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;YACnD,+FAA+F;YAC/F,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAa,EAAE,EAAE;gBACpE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,WAAW;QACtB,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YACnC,uEAAuE;YACvE,uDAAuD;YACvD,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE;gBACrC,MAAM,WAAW,GAAgC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBACxE,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;gBAC/E,CAAC;gBACD,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;oBACpC,MAAM,IAAI,KAAK,CAAC,yCAAyC,WAAW,2BAA2B,CAAC,CAAC;gBACnG,CAAC;gBACD,MAAM,gBAAgB,GAAW,aAAa,CAAC,WAAW,CAAC,CAAC;gBAC5D,IAAI,CAAC,iBAAiB,GAAG,gBAAgB,CAAC;gBAC1C,oEAAoE;gBACpE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,4CAA4C,gBAAgB,EAAE,CAAC,CAAC;gBACvF,OAAO,CAAC,IAAI,GAAG,CAAC,QAAQ,gBAAgB,EAAE,CAAC,CAAC,CAAC;YAC/C,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAW,QAAQ;QACjB,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,QAAQ,IAAI,CAAC,iBAAiB,EAAE,CAAC;IAC1C,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAEM,CAAC,MAAM,CAAC,OAAO,CAAC;QACrB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\n// See LICENSE in the project root for license information.\n\nimport http from 'node:http';\nimport type { AddressInfo } from 'node:net';\nimport { URL } from 'node:url';\n\nimport { WebSocketServer, type WebSocket } from 'ws';\n\nimport type { ITerminal } from '@rushstack/terminal';\n\nconst LOCALHOST: string = 'localhost';\n\n/**\n * Formats an address info object into a WebSocket-compatible address string.\n * IPv6 addresses are formatted with brackets: [address]:port\n * IPv4 addresses are formatted as: address:port\n */\nfunction formatAddress(addressInfo: AddressInfo): string {\n return addressInfo.family === 'IPv6'\n ? `[${addressInfo.address}]:${addressInfo.port}`\n : `${addressInfo.address}:${addressInfo.port}`;\n}\n\n/**\n * This HttpServer is used for the localProxyWs WebSocketServer.\n * The purpose is to parse the query params and path for the websocket url to get the\n * browserName and launchOptions.\n */\nexport class HttpServer {\n private readonly _server: http.Server;\n private readonly _wsServer: WebSocketServer; // local proxy websocket server accepting browser clients\n private _listeningAddress: string | undefined;\n private _logger: ITerminal;\n\n public constructor(logger: ITerminal) {\n this._logger = logger;\n // We'll create an HTTP server and attach a WebSocketServer in noServer mode so we can\n // manually parse the URL and extract query parameters before upgrading.\n this._server = http.createServer();\n this._wsServer = new WebSocketServer({ noServer: true });\n\n this._server.on('upgrade', (request, socket, head) => {\n // Accept all upgrades on the root path. We parse query string for browserName + launchOptions.\n this._wsServer.handleUpgrade(request, socket, head, (ws: WebSocket) => {\n this._wsServer.emit('connection', ws, request);\n });\n });\n }\n\n public async listenAsync(): Promise<URL> {\n return await new Promise((resolve) => {\n // Bind to 'localhost' which resolves to IPv4 (127.0.0.1) or IPv6 (::1)\n // depending on system configuration and DNS resolution\n this._server.listen(0, LOCALHOST, () => {\n const addressInfo: AddressInfo | string | null = this._server.address();\n if (!addressInfo) {\n throw new Error('Server address is null - server may not be bound properly');\n }\n if (typeof addressInfo === 'string') {\n throw new Error(`Server address is a pipe/socket path (${addressInfo}), expected an IP address`);\n }\n const formattedAddress: string = formatAddress(addressInfo);\n this._listeningAddress = formattedAddress;\n // This MUST be printed to terminal so VS Code can auto-port forward\n this._logger.writeLine(`Local proxy HttpServer listening at ws://${formattedAddress}`);\n resolve(new URL(`ws://${formattedAddress}`));\n });\n });\n }\n\n public get endpoint(): string {\n if (this._listeningAddress === undefined) {\n throw new Error('HttpServer not listening yet');\n }\n return `ws://${this._listeningAddress}`;\n }\n\n public get wsServer(): WebSocketServer {\n return this._wsServer;\n }\n\n public [Symbol.dispose](): void {\n this._wsServer.close();\n this._server.close();\n }\n}\n"]}

package/lib-esm/LaunchOptionsValidator.js ADDED Viewed

@@ -0,0 +1,156 @@
+// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
+// See LICENSE in the project root for license information.
+import os from 'node:os';
+import path from 'node:path';
+import { FileSystem } from '@rushstack/node-core-library';
+/**
+ * The filename used to store the launch options allowlist.
+ * Stored in the user's home directory/.playwright-browser-tunnel folder.
+ * @beta
+ */
+export const LAUNCH_OPTIONS_ALLOWLIST_FILENAME = '.playwright-launch-options-allowlist.json';
+/**
+ * Validates Playwright launch options against security allowlists.
+ * Provides utilities for managing client-side allowlist configuration.
+ * @beta
+ */
+export class LaunchOptionsValidator {
+    /**
+     * Gets the path to the allowlist file in the user's local preferences folder.
+     * This follows the pattern of playwright-browser-installed.txt but stores in user's home directory.
+     */
+    static getAllowlistFilePath() {
+        // Store in user's home directory under .playwright-browser-tunnel
+        const homeDir = os.homedir();
+        const configDir = path.join(homeDir, '.playwright-browser-tunnel');
+        return path.join(configDir, LAUNCH_OPTIONS_ALLOWLIST_FILENAME);
+    }
+    /**
+     * Reads the allowlist from the user's local file system.
+     * Returns an empty allowlist if the file doesn't exist or is invalid.
+     */
+    static async readAllowlistAsync() {
+        const allowlistPath = this.getAllowlistFilePath();
+        try {
+            if (!FileSystem.exists(allowlistPath)) {
+                return {
+                    allowedOptions: [],
+                    version: this._allowlistVersion
+                };
+            }
+            const content = await FileSystem.readFileAsync(allowlistPath);
+            const parsed = JSON.parse(content);
+            if (typeof parsed === 'object' &&
+                parsed !== null &&
+                'allowedOptions' in parsed &&
+                Array.isArray(parsed.allowedOptions) &&
+                'version' in parsed &&
+                typeof parsed.version === 'number') {
+                return parsed;
+            }
+            // Invalid format, return empty allowlist
+            return {
+                allowedOptions: [],
+                version: this._allowlistVersion
+            };
+        }
+        catch (error) {
+            // If we can't read the file, return empty allowlist
+            return {
+                allowedOptions: [],
+                version: this._allowlistVersion
+            };
+        }
+    }
+    /**
+     * Writes the allowlist to the user's local file system.
+     */
+    static async writeAllowlistAsync(allowlist) {
+        const allowlistPath = this.getAllowlistFilePath();
+        const configDir = path.dirname(allowlistPath);
+        // Ensure the config directory exists
+        await FileSystem.ensureFolderAsync(configDir);
+        const content = JSON.stringify(allowlist, null, 2);
+        await FileSystem.writeFileAsync(allowlistPath, content, { ensureFolderExists: true });
+    }
+    /**
+     * Validates launch options against the security allowlist.
+     * All launch options are denied by default unless explicitly allowed by the user.
+     *
+     * @param launchOptions - The launch options to validate
+     * @param terminal - Optional terminal for logging warnings
+     * @returns Validation result with filtered options and warnings
+     */
+    static async validateLaunchOptionsAsync(launchOptions, terminal) {
+        const allowlist = await this.readAllowlistAsync();
+        const allowedOptionsSet = new Set(allowlist.allowedOptions);
+        const deniedOptions = [];
+        const warnings = [];
+        const filteredOptions = {};
+        // Check each provided launch option - deny all unless explicitly allowed
+        for (const key of Object.keys(launchOptions)) {
+            if (allowedOptionsSet.has(key)) {
+                // Option is in the user's allowlist - permit it
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                filteredOptions[key] = launchOptions[key];
+                if (terminal) {
+                    terminal.writeWarningLine(`Launch option '${key}' is allowed by user allowlist. ` +
+                        `Value: ${JSON.stringify(launchOptions[key])}`);
+                }
+            }
+            else {
+                // Option is not in allowlist - deny it
+                deniedOptions.push(key);
+                const warning = `Launch option '${key}' was denied (not in allowlist). ` +
+                    `To allow this option, add it to your local allowlist at: ${this.getAllowlistFilePath()}`;
+                warnings.push(warning);
+                if (terminal) {
+                    terminal.writeWarningLine(warning);
+                }
+            }
+        }
+        return {
+            isValid: deniedOptions.length === 0,
+            deniedOptions,
+            filteredOptions,
+            warnings
+        };
+    }
+    /**
+     * Adds an option to the allowlist.
+     */
+    static async addToAllowlistAsync(option) {
+        const allowlist = await this.readAllowlistAsync();
+        if (!allowlist.allowedOptions.includes(option)) {
+            allowlist.allowedOptions.push(option);
+            await this.writeAllowlistAsync(allowlist);
+        }
+    }
+    /**
+     * Removes an option from the allowlist.
+     */
+    static async removeFromAllowlistAsync(option) {
+        const allowlist = await this.readAllowlistAsync();
+        allowlist.allowedOptions = allowlist.allowedOptions.filter((opt) => opt !== option);
+        await this.writeAllowlistAsync(allowlist);
+    }
+    /**
+     * Clears the entire allowlist.
+     */
+    static async clearAllowlistAsync() {
+        await this.writeAllowlistAsync({
+            allowedOptions: [],
+            version: this._allowlistVersion
+        });
+    }
+    /**
+     * Gets a human-readable description of the allowlist security model.
+     */
+    static getAllowlistDescription() {
+        return (`All launch options are denied by default for security.\n` +
+            `Only options explicitly added to your allowlist will be permitted.\n\n` +
+            `Allowlist location: ${this.getAllowlistFilePath()}`);
+    }
+}
+LaunchOptionsValidator._allowlistVersion = 1;
+//# sourceMappingURL=LaunchOptionsValidator.js.map

package/lib-esm/LaunchOptionsValidator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"LaunchOptionsValidator.js","sourceRoot":"","sources":["../src/LaunchOptionsValidator.ts"],"names":[],"mappings":"AAAA,4FAA4F;AAC5F,2DAA2D;AAE3D,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAI7B,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAG1D;;;;GAIG;AACH,MAAM,CAAC,MAAM,iCAAiC,GAAW,2CAA2C,CAAC;AA6CrG;;;;GAIG;AACH,MAAM,OAAO,sBAAsB;IAGjC;;;OAGG;IACI,MAAM,CAAC,oBAAoB;QAChC,kEAAkE;QAClE,MAAM,OAAO,GAAW,EAAE,CAAC,OAAO,EAAE,CAAC;QACrC,MAAM,SAAS,GAAW,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,4BAA4B,CAAC,CAAC;QAC3E,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,iCAAiC,CAAC,CAAC;IACjE,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,kBAAkB;QACpC,MAAM,aAAa,GAAW,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAE1D,IAAI,CAAC;YACH,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC;gBACtC,OAAO;oBACL,cAAc,EAAE,EAAE;oBAClB,OAAO,EAAE,IAAI,CAAC,iBAAiB;iBAChC,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAW,MAAM,UAAU,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;YACtE,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAE5C,IACE,OAAO,MAAM,KAAK,QAAQ;gBAC1B,MAAM,KAAK,IAAI;gBACf,gBAAgB,IAAI,MAAM;gBAC1B,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC;gBACpC,SAAS,IAAI,MAAM;gBACnB,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAClC,CAAC;gBACD,OAAO,MAAiC,CAAC;YAC3C,CAAC;YAED,yCAAyC;YACzC,OAAO;gBACL,cAAc,EAAE,EAAE;gBAClB,OAAO,EAAE,IAAI,CAAC,iBAAiB;aAChC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,oDAAoD;YACpD,OAAO;gBACL,cAAc,EAAE,EAAE;gBAClB,OAAO,EAAE,IAAI,CAAC,iBAAiB;aAChC,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,SAAkC;QACxE,MAAM,aAAa,GAAW,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAW,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAEtD,qCAAqC;QACrC,MAAM,UAAU,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE9C,MAAM,OAAO,GAAW,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC3D,MAAM,UAAU,CAAC,cAAc,CAAC,aAAa,EAAE,OAAO,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;IACxF,CAAC;IAED;;;;;;;OAOG;IACI,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAC5C,aAA4B,EAC5B,QAAoB;QAEpB,MAAM,SAAS,GAA4B,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC3E,MAAM,iBAAiB,GAAgB,IAAI,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAEzE,MAAM,aAAa,GAA+B,EAAE,CAAC;QACrD,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,eAAe,GAAkB,EAAE,CAAC;QAE1C,yEAAyE;QACzE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAA+B,EAAE,CAAC;YAC3E,IAAI,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,gDAAgD;gBAChD,8DAA8D;gBAC7D,eAAuB,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;gBAEnD,IAAI,QAAQ,EAAE,CAAC;oBACb,QAAQ,CAAC,gBAAgB,CACvB,kBAAkB,GAAG,kCAAkC;wBACrD,UAAU,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,CACjD,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,uCAAuC;gBACvC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAExB,MAAM,OAAO,GACX,kBAAkB,GAAG,mCAAmC;oBACxD,4DAA4D,IAAI,CAAC,oBAAoB,EAAE,EAAE,CAAC;gBAC5F,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAEvB,IAAI,QAAQ,EAAE,CAAC;oBACb,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,aAAa,CAAC,MAAM,KAAK,CAAC;YACnC,aAAa;YACb,eAAe;YACf,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,MAA2B;QACjE,MAAM,SAAS,GAA4B,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE3E,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/C,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtC,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,MAA2B;QACtE,MAAM,SAAS,GAA4B,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC3E,SAAS,CAAC,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,MAAM,CAAC,CAAC;QACpF,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,KAAK,CAAC,mBAAmB;QACrC,MAAM,IAAI,CAAC,mBAAmB,CAAC;YAC7B,cAAc,EAAE,EAAE;YAClB,OAAO,EAAE,IAAI,CAAC,iBAAiB;SAChC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,uBAAuB;QACnC,OAAO,CACL,0DAA0D;YAC1D,wEAAwE;YACxE,uBAAuB,IAAI,CAAC,oBAAoB,EAAE,EAAE,CACrD,CAAC;IACJ,CAAC;;AArKuB,wCAAiB,GAAW,CAAC,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\n// See LICENSE in the project root for license information.\n\nimport os from 'node:os';\nimport path from 'node:path';\n\nimport type { LaunchOptions } from 'playwright-core';\n\nimport { FileSystem } from '@rushstack/node-core-library';\nimport type { ITerminal } from '@rushstack/terminal';\n\n/**\n * The filename used to store the launch options allowlist.\n * Stored in the user's home directory/.playwright-browser-tunnel folder.\n * @beta\n */\nexport const LAUNCH_OPTIONS_ALLOWLIST_FILENAME: string = '.playwright-launch-options-allowlist.json';\n\n/**\n * Interface for the allowlist configuration stored in the user's local file system.\n * @beta\n */\nexport interface ILaunchOptionsAllowlist {\n /**\n * Set of launch option keys that the user has explicitly allowed.\n * These bypass the default security restrictions.\n */\n allowedOptions: string[];\n\n /**\n * Version of the allowlist format, for future compatibility.\n */\n version: number;\n}\n\n/**\n * Result of validating launch options against the allowlist.\n * @beta\n */\nexport interface ILaunchOptionsValidationResult {\n /**\n * Whether the launch options are valid and allowed.\n */\n isValid: boolean;\n\n /**\n * Launch options that were denied due to security restrictions.\n */\n deniedOptions: Array<keyof LaunchOptions>;\n\n /**\n * Filtered launch options with denied properties removed.\n */\n filteredOptions: LaunchOptions;\n\n /**\n * Warning messages about denied options.\n */\n warnings: string[];\n}\n\n/**\n * Validates Playwright launch options against security allowlists.\n * Provides utilities for managing client-side allowlist configuration.\n * @beta\n */\nexport class LaunchOptionsValidator {\n private static readonly _allowlistVersion: number = 1;\n\n /**\n * Gets the path to the allowlist file in the user's local preferences folder.\n * This follows the pattern of playwright-browser-installed.txt but stores in user's home directory.\n */\n public static getAllowlistFilePath(): string {\n // Store in user's home directory under .playwright-browser-tunnel\n const homeDir: string = os.homedir();\n const configDir: string = path.join(homeDir, '.playwright-browser-tunnel');\n return path.join(configDir, LAUNCH_OPTIONS_ALLOWLIST_FILENAME);\n }\n\n /**\n * Reads the allowlist from the user's local file system.\n * Returns an empty allowlist if the file doesn't exist or is invalid.\n */\n public static async readAllowlistAsync(): Promise<ILaunchOptionsAllowlist> {\n const allowlistPath: string = this.getAllowlistFilePath();\n\n try {\n if (!FileSystem.exists(allowlistPath)) {\n return {\n allowedOptions: [],\n version: this._allowlistVersion\n };\n }\n\n const content: string = await FileSystem.readFileAsync(allowlistPath);\n const parsed: unknown = JSON.parse(content);\n\n if (\n typeof parsed === 'object' &&\n parsed !== null &&\n 'allowedOptions' in parsed &&\n Array.isArray(parsed.allowedOptions) &&\n 'version' in parsed &&\n typeof parsed.version === 'number'\n ) {\n return parsed as ILaunchOptionsAllowlist;\n }\n\n // Invalid format, return empty allowlist\n return {\n allowedOptions: [],\n version: this._allowlistVersion\n };\n } catch (error) {\n // If we can't read the file, return empty allowlist\n return {\n allowedOptions: [],\n version: this._allowlistVersion\n };\n }\n }\n\n /**\n * Writes the allowlist to the user's local file system.\n */\n public static async writeAllowlistAsync(allowlist: ILaunchOptionsAllowlist): Promise<void> {\n const allowlistPath: string = this.getAllowlistFilePath();\n const configDir: string = path.dirname(allowlistPath);\n\n // Ensure the config directory exists\n await FileSystem.ensureFolderAsync(configDir);\n\n const content: string = JSON.stringify(allowlist, null, 2);\n await FileSystem.writeFileAsync(allowlistPath, content, { ensureFolderExists: true });\n }\n\n /**\n * Validates launch options against the security allowlist.\n * All launch options are denied by default unless explicitly allowed by the user.\n *\n * @param launchOptions - The launch options to validate\n * @param terminal - Optional terminal for logging warnings\n * @returns Validation result with filtered options and warnings\n */\n public static async validateLaunchOptionsAsync(\n launchOptions: LaunchOptions,\n terminal?: ITerminal\n ): Promise<ILaunchOptionsValidationResult> {\n const allowlist: ILaunchOptionsAllowlist = await this.readAllowlistAsync();\n const allowedOptionsSet: Set<string> = new Set(allowlist.allowedOptions);\n\n const deniedOptions: Array<keyof LaunchOptions> = [];\n const warnings: string[] = [];\n const filteredOptions: LaunchOptions = {};\n\n // Check each provided launch option - deny all unless explicitly allowed\n for (const key of Object.keys(launchOptions) as Array<keyof LaunchOptions>) {\n if (allowedOptionsSet.has(key)) {\n // Option is in the user's allowlist - permit it\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (filteredOptions as any)[key] = launchOptions[key];\n\n if (terminal) {\n terminal.writeWarningLine(\n `Launch option '${key}' is allowed by user allowlist. ` +\n `Value: ${JSON.stringify(launchOptions[key])}`\n );\n }\n } else {\n // Option is not in allowlist - deny it\n deniedOptions.push(key);\n\n const warning: string =\n `Launch option '${key}' was denied (not in allowlist). ` +\n `To allow this option, add it to your local allowlist at: ${this.getAllowlistFilePath()}`;\n warnings.push(warning);\n\n if (terminal) {\n terminal.writeWarningLine(warning);\n }\n }\n }\n\n return {\n isValid: deniedOptions.length === 0,\n deniedOptions,\n filteredOptions,\n warnings\n };\n }\n\n /**\n * Adds an option to the allowlist.\n */\n public static async addToAllowlistAsync(option: keyof LaunchOptions): Promise<void> {\n const allowlist: ILaunchOptionsAllowlist = await this.readAllowlistAsync();\n\n if (!allowlist.allowedOptions.includes(option)) {\n allowlist.allowedOptions.push(option);\n await this.writeAllowlistAsync(allowlist);\n }\n }\n\n /**\n * Removes an option from the allowlist.\n */\n public static async removeFromAllowlistAsync(option: keyof LaunchOptions): Promise<void> {\n const allowlist: ILaunchOptionsAllowlist = await this.readAllowlistAsync();\n allowlist.allowedOptions = allowlist.allowedOptions.filter((opt) => opt !== option);\n await this.writeAllowlistAsync(allowlist);\n }\n\n /**\n * Clears the entire allowlist.\n */\n public static async clearAllowlistAsync(): Promise<void> {\n await this.writeAllowlistAsync({\n allowedOptions: [],\n version: this._allowlistVersion\n });\n }\n\n /**\n * Gets a human-readable description of the allowlist security model.\n */\n public static getAllowlistDescription(): string {\n return (\n `All launch options are denied by default for security.\\n` +\n `Only options explicitly added to your allowlist will be permitted.\\n\\n` +\n `Allowlist location: ${this.getAllowlistFilePath()}`\n );\n }\n}\n"]}