@showrun/core 0.1.10 → 0.2.0-rc.1

package/dist/__tests__/playwrightJsExecutor.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=playwrightJsExecutor.test.d.ts.map

package/dist/__tests__/playwrightJsExecutor.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"playwrightJsExecutor.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/playwrightJsExecutor.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/playwrightJsExecutor.test.js

@@ -0,0 +1,191 @@
+import { describe, it, expect, vi } from 'vitest';
+import { executePlaywrightJs, extractFunctionBody } from '../dsl/playwrightJsExecutor.js';
+// Minimal mock page/context/frame for testing
+function createMockScope(overrides) {
+    const mockPage = {
+        goto: vi.fn().mockResolvedValue(undefined),
+        title: vi.fn().mockResolvedValue('Test Title'),
+        url: vi.fn().mockReturnValue('https://example.com'),
+        locator: vi.fn().mockReturnValue({
+            evaluateAll: vi.fn().mockResolvedValue([]),
+        }),
+        screenshot: vi.fn().mockResolvedValue(Buffer.from('')),
+        mouse: { click: vi.fn().mockResolvedValue(undefined) },
+        waitForTimeout: vi.fn().mockResolvedValue(undefined),
+    };
+    return {
+        page: mockPage,
+        context: {},
+        frame: {},
+        inputs: { query: 'hello' },
+        secrets: { apiKey: 'secret123' },
+        showrun: {
+            network: {
+                list: vi.fn().mockResolvedValue([]),
+                find: vi.fn().mockResolvedValue(null),
+                get: vi.fn().mockResolvedValue(null),
+                replay: vi.fn().mockResolvedValue({ status: 200, contentType: 'application/json', body: '{}', bodySize: 2 }),
+            },
+        },
+        util: {
+            detectCloudflareTurnstile: vi.fn().mockResolvedValue({ found: false }),
+            solveCloudflareTurnstile: vi.fn().mockResolvedValue({ success: false, detected: false }),
+        },
+        ...overrides,
+    };
+}
+describe('extractFunctionBody', () => {
+    it('extracts body from async function export', () => {
+        const code = `module.exports = async function({ page }) {
+      await page.goto('https://example.com');
+      return { title: 'test' };
+    };`;
+        const body = extractFunctionBody(code);
+        expect(body).toContain("await page.goto('https://example.com')");
+        expect(body).toContain("return { title: 'test' }");
+    });
+    it('extracts body from async arrow export', () => {
+        const code = `module.exports = async ({ page }) => {
+      return { title: await page.title() };
+    };`;
+        const body = extractFunctionBody(code);
+        expect(body).toContain('return { title: await page.title() }');
+    });
+    it('throws on invalid format', () => {
+        expect(() => extractFunctionBody('const x = 1;')).toThrow('Could not parse flow.playwright.js');
+    });
+});
+describe('executePlaywrightJs', () => {
+    it('returns collectibles from user code', async () => {
+        const code = `module.exports = async function({ page, inputs }) {
+      return { result: inputs.query + '_processed' };
+    };`;
+        const scope = createMockScope();
+        const result = await executePlaywrightJs(code, scope);
+        expect(result.collectibles).toEqual({ result: 'hello_processed' });
+        expect(result.logs).toEqual([]);
+    });
+    it('can call page methods', async () => {
+        const code = `module.exports = async function({ page }) {
+      const t = await page.title();
+      return { title: t };
+    };`;
+        const scope = createMockScope();
+        const result = await executePlaywrightJs(code, scope);
+        expect(result.collectibles).toEqual({ title: 'Test Title' });
+        expect(scope.page.title).toHaveBeenCalled();
+    });
+    it('blocks dangerous globals', async () => {
+        const code = `module.exports = async function({ page }) {
+      return {
+        hasProcess: typeof process !== 'undefined',
+        hasRequire: typeof require !== 'undefined',
+        hasBuffer: typeof Buffer !== 'undefined',
+        hasGlobal: typeof global !== 'undefined',
+        hasGlobalThis: typeof globalThis !== 'undefined',
+        hasFetch: typeof fetch !== 'undefined',
+        hasEval: typeof eval !== 'undefined',
+        hasFunction: typeof Function !== 'undefined',
+        hasSetTimeout: typeof setTimeout !== 'undefined',
+      };
+    };`;
+        const scope = createMockScope();
+        const result = await executePlaywrightJs(code, scope);
+        expect(result.collectibles.hasProcess).toBe(false);
+        expect(result.collectibles.hasRequire).toBe(false);
+        expect(result.collectibles.hasBuffer).toBe(false);
+        expect(result.collectibles.hasGlobal).toBe(false);
+        expect(result.collectibles.hasGlobalThis).toBe(false);
+        expect(result.collectibles.hasFetch).toBe(false);
+        expect(result.collectibles.hasEval).toBe(false);
+        expect(result.collectibles.hasFunction).toBe(false);
+        expect(result.collectibles.hasSetTimeout).toBe(false);
+    });
+    it('freezes inputs (mutations do not propagate)', async () => {
+        const code = `module.exports = async function({ inputs }) {
+      inputs.query = 'modified';
+      return { value: inputs.query };
+    };`;
+        const scope = createMockScope();
+        const result = await executePlaywrightJs(code, scope);
+        // Frozen object silently ignores assignment in sloppy mode
+        expect(result.collectibles.value).toBe('hello');
+        // Original scope inputs are also unmodified
+        expect(scope.inputs.query).toBe('hello');
+    });
+    it('freezes secrets (mutations do not propagate)', async () => {
+        const code = `module.exports = async function({ secrets }) {
+      secrets.apiKey = 'hacked';
+      return { value: secrets.apiKey };
+    };`;
+        const scope = createMockScope();
+        const result = await executePlaywrightJs(code, scope);
+        expect(result.collectibles.value).toBe('secret123');
+        expect(scope.secrets.apiKey).toBe('secret123');
+    });
+    it('returns empty object when code returns undefined', async () => {
+        const code = `module.exports = async function({ page }) {
+      // no return
+    };`;
+        const scope = createMockScope();
+        const result = await executePlaywrightJs(code, scope);
+        expect(result.collectibles).toEqual({});
+    });
+    it('can access showrun.network.replay', async () => {
+        const code = `module.exports = async function({ showrun }) {
+      const res = await showrun.network.replay('req-1');
+      return { status: res.status };
+    };`;
+        const scope = createMockScope();
+        const result = await executePlaywrightJs(code, scope);
+        expect(result.collectibles).toEqual({ status: 200 });
+        expect(scope.showrun.network.replay).toHaveBeenCalledWith('req-1');
+    });
+    it('can access showrun.network.list', async () => {
+        const code = `module.exports = async function({ showrun }) {
+      const entries = await showrun.network.list();
+      return { count: entries.length };
+    };`;
+        const scope = createMockScope();
+        const result = await executePlaywrightJs(code, scope);
+        expect(result.collectibles).toEqual({ count: 0 });
+        expect(scope.showrun.network.list).toHaveBeenCalled();
+    });
+    it('can access showrun.network.find', async () => {
+        const code = `module.exports = async function({ showrun }) {
+      const entry = await showrun.network.find({ urlIncludes: '/api' });
+      return { found: entry !== null };
+    };`;
+        const scope = createMockScope();
+        const result = await executePlaywrightJs(code, scope);
+        expect(result.collectibles).toEqual({ found: false });
+        expect(scope.showrun.network.find).toHaveBeenCalledWith({ urlIncludes: '/api' });
+    });
+    it('captures console.log output', async () => {
+        const code = `module.exports = async function({ page }) {
+      console.log('hello', 'world');
+      console.warn('a warning');
+      console.error('an error');
+      console.info('info message');
+      return { done: true };
+    };`;
+        const scope = createMockScope();
+        const result = await executePlaywrightJs(code, scope);
+        expect(result.collectibles).toEqual({ done: true });
+        expect(result.logs).toEqual([
+            'hello world',
+            '[warn] a warning',
+            '[error] an error',
+            'info message',
+        ]);
+    });
+    it('times out on long-running code', async () => {
+        const code = `module.exports = async function({ page }) {
+      await new Promise(() => {}); // never resolves
+      return {};
+    };`;
+        const scope = createMockScope();
+        await expect(executePlaywrightJs(code, scope, 100) // 100ms timeout
+        ).rejects.toThrow('timed out');
+    });
+});

package/dist/__tests__/registry-client.test.js

@@ -1,5 +1,5 @@
 import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
-import { mkdirSync, rmSync, statSync } from 'fs';
+import { mkdirSync, writeFileSync, readFileSync, rmSync, existsSync, statSync } from 'fs';
 import { join } from 'path';
 import { tmpdir, platform } from 'os';
 import { randomBytes } from 'crypto';
@@ -90,11 +90,18 @@ describe('tokenStore', () => {
 });
 // ── RegistryClient tests ──────────────────────────────────────────────────
 describe('RegistryClient', () => {
+    let tempDir;
     let originalEnv;
     beforeEach(() => {
+        tempDir = join(tmpdir(), `showrun-registry-client-${randomBytes(6).toString('hex')}`);
+        mkdirSync(tempDir, { recursive: true });
         originalEnv = {
             SHOWRUN_REGISTRY_URL: process.env.SHOWRUN_REGISTRY_URL,
+            XDG_CONFIG_HOME: process.env.XDG_CONFIG_HOME,
+            APPDATA: process.env.APPDATA,
+            HOME: process.env.HOME,
         };
+        process.env.XDG_CONFIG_HOME = tempDir;
     });
     afterEach(() => {
         for (const [key, value] of Object.entries(originalEnv)) {
@@ -105,6 +112,7 @@ describe('RegistryClient', () => {
                 process.env[key] = value;
             }
         }
+        rmSync(tempDir, { recursive: true, force: true });
         vi.restoreAllMocks();
     });
     it('falls back to default registry URL when not configured', async () => {
@@ -225,4 +233,164 @@ describe('RegistryClient', () => {
             return client.searchPacks({ q: 'fail' });
         })()).rejects.toThrow(RegistryError);
     });
+    it('publishPack updates showrunVersions with the current ShowRun version', async () => {
+        const tempDir = join(tmpdir(), `showrun-registry-publish-${randomBytes(6).toString('hex')}`);
+        mkdirSync(tempDir, { recursive: true });
+        const packDir = join(tempDir, 'example-pack');
+        mkdirSync(packDir, { recursive: true });
+        writeFileSync(join(packDir, 'taskpack.json'), JSON.stringify({
+            id: 'example-pack',
+            name: 'Example Pack',
+            version: '1.0.0',
+            kind: 'playwright-js',
+            description: 'Example pack',
+            showrunVersions: ['0.1.0'],
+            inputs: {},
+            collectibles: [],
+        }, null, 2));
+        writeFileSync(join(packDir, 'flow.playwright.js'), 'module.exports = async function() { return {}; };\n');
+        const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => { });
+        const fetchSpy = vi.spyOn(globalThis, 'fetch');
+        fetchSpy
+            .mockResolvedValueOnce(new Response(JSON.stringify({ message: 'Not Found' }), {
+            status: 404,
+            headers: { 'Content-Type': 'application/json' },
+        }))
+            .mockResolvedValueOnce(new Response(JSON.stringify({ id: 'pack-1' }), {
+            status: 200,
+            headers: { 'Content-Type': 'application/json' },
+        }))
+            .mockResolvedValueOnce(new Response(JSON.stringify({ version: '1.0.0' }), {
+            status: 200,
+            headers: { 'Content-Type': 'application/json' },
+        }));
+        try {
+            const { RegistryClient } = await import('../registry/client.js');
+            const { saveTokens } = await import('../registry/tokenStore.js');
+            saveTokens({
+                accessToken: 'header.eyJleHAiOjk5OTk5OTk5OTl9.signature',
+                refreshToken: 'rt-mock',
+                user: { id: '1', username: 'alice', email: 'alice@example.com' },
+                registryUrl: 'https://registry.example.com',
+                savedAt: new Date().toISOString(),
+            });
+            const client = new RegistryClient('https://registry.example.com');
+            await client.publishPack({ packPath: packDir, slug: 'example-pack' });
+            const writtenManifest = JSON.parse(readFileSync(join(packDir, 'taskpack.json'), 'utf-8'));
+            expect(writtenManifest.showrunVersions).toContain('0.2.0-rc.0');
+            expect(writtenManifest.showrunVersions).toContain('0.1.0');
+            const publishCall = fetchSpy.mock.calls.at(-1);
+            const publishBody = JSON.parse(String(publishCall[1].body));
+            expect(publishBody.manifest.showrunVersions).toContain('0.2.0-rc.0');
+            expect(warnSpy).not.toHaveBeenCalled();
+        }
+        finally {
+            rmSync(tempDir, { recursive: true, force: true });
+        }
+    });
+    it('installs playwright-js packs using flow.playwright.js', async () => {
+        const tempDir = join(tmpdir(), `showrun-registry-install-${randomBytes(6).toString('hex')}`);
+        mkdirSync(tempDir, { recursive: true });
+        const manifest = {
+            id: 'example-pack',
+            name: 'Example Pack',
+            version: '1.2.3',
+            kind: 'playwright-js',
+            description: 'Example playwright-js pack',
+            inputs: {
+                query: { type: 'string', required: true },
+            },
+            collectibles: [
+                { name: 'items', type: 'array' },
+            ],
+        };
+        const fetchSpy = vi.spyOn(globalThis, 'fetch');
+        fetchSpy
+            .mockResolvedValueOnce(new Response(JSON.stringify({
+            id: 'pack-1',
+            slug: '@alice/example-pack',
+            name: 'Example Pack',
+            description: 'Example playwright-js pack',
+            visibility: 'public',
+            latestVersion: '1.2.3',
+            owner: { id: 'user-1', username: 'alice' },
+            createdAt: '2026-03-12T00:00:00.000Z',
+            updatedAt: '2026-03-12T00:00:00.000Z',
+            versions: [{ version: '1.2.3', createdAt: '2026-03-12T00:00:00.000Z' }],
+        }), {
+            status: 200,
+            headers: { 'Content-Type': 'application/json' },
+        }))
+            .mockResolvedValueOnce(new Response(JSON.stringify({
+            manifest,
+            playwrightJsSource: 'module.exports = async function() { return { items: [] }; };\n',
+        }), {
+            status: 200,
+            headers: { 'Content-Type': 'application/json' },
+        }));
+        try {
+            const { RegistryClient } = await import('../registry/client.js');
+            const client = new RegistryClient('https://registry.example.com');
+            await client.installPack('@alice/example-pack', tempDir);
+            const packDir = join(tempDir, '@alice/example-pack');
+            expect(existsSync(join(packDir, 'taskpack.json'))).toBe(true);
+            expect(existsSync(join(packDir, 'flow.playwright.js'))).toBe(true);
+            expect(existsSync(join(packDir, 'flow.json'))).toBe(false);
+            const installedManifest = JSON.parse(readFileSync(join(packDir, 'taskpack.json'), 'utf-8'));
+            expect(installedManifest.kind).toBe('playwright-js');
+            expect(readFileSync(join(packDir, 'flow.playwright.js'), 'utf-8')).toContain('return { items: [] }');
+        }
+        finally {
+            rmSync(tempDir, { recursive: true, force: true });
+        }
+    });
+    it('warns when installed pack showrunVersions do not include the current version', async () => {
+        const tempDir = join(tmpdir(), `showrun-registry-warn-${randomBytes(6).toString('hex')}`);
+        mkdirSync(tempDir, { recursive: true });
+        const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => { });
+        const fetchSpy = vi.spyOn(globalThis, 'fetch');
+        fetchSpy
+            .mockResolvedValueOnce(new Response(JSON.stringify({
+            id: 'pack-1',
+            slug: '@alice/example-pack',
+            name: 'Example Pack',
+            description: 'Example playwright-js pack',
+            visibility: 'public',
+            latestVersion: '1.2.3',
+            owner: { id: 'user-1', username: 'alice' },
+            createdAt: '2026-03-12T00:00:00.000Z',
+            updatedAt: '2026-03-12T00:00:00.000Z',
+            versions: [{ version: '1.2.3', createdAt: '2026-03-12T00:00:00.000Z' }],
+        }), {
+            status: 200,
+            headers: { 'Content-Type': 'application/json' },
+        }))
+            .mockResolvedValueOnce(new Response(JSON.stringify({
+            manifest: {
+                id: 'example-pack',
+                name: 'Example Pack',
+                version: '1.2.3',
+                kind: 'playwright-js',
+                description: 'Example playwright-js pack',
+                showrunVersions: ['0.1.0'],
+                inputs: {},
+                collectibles: [],
+            },
+            playwrightJsSource: 'module.exports = async function() { return {}; };\n',
+        }), {
+            status: 200,
+            headers: { 'Content-Type': 'application/json' },
+        }));
+        try {
+            const { RegistryClient } = await import('../registry/client.js');
+            const client = new RegistryClient('https://registry.example.com');
+            await client.installPack('@alice/example-pack', tempDir);
+            expect(warnSpy).toHaveBeenCalledOnce();
+            expect(warnSpy.mock.calls[0][0]).toContain('declares compatibility with ShowRun 0.1.0');
+            expect(warnSpy.mock.calls[0][0]).toContain('current version is 0.2.0-rc.0');
+        }
+        finally {
+            rmSync(tempDir, { recursive: true, force: true });
+        }
+    });
 });

package/dist/dsl/playwrightJsExecutor.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Sandboxed executor for playwright-js task packs.
+ *
+ * Runs user-provided Playwright JavaScript in a best-effort sandbox:
+ * - Dangerous Node.js globals are shadowed via AsyncFunction parameters
+ * - inputs and secrets are passed as frozen copies (read-only)
+ * - page, context, frame have full Playwright access
+ *
+ * NOTE: This is NOT a hard security boundary. A determined attacker could
+ * escape via prototype chain tricks. Trust is managed at the registry level.
+ */
+import type { Page, BrowserContext, Frame } from 'playwright';
+import type { NetworkCaptureApi } from '../networkCapture.js';
+import { type PlaywrightJsUtil } from '../util/index.js';
+/**
+ * Scope provided to user code.
+ */
+export interface PlaywrightJsScope {
+    page: Page;
+    context: BrowserContext;
+    frame: Frame;
+    inputs: Record<string, unknown>;
+    secrets: Record<string, string>;
+    showrun: {
+        network: {
+            list: NetworkCaptureApi['list'];
+            find: NetworkCaptureApi['find'];
+            get: NetworkCaptureApi['get'];
+            replay: NetworkCaptureApi['replay'];
+        };
+    };
+    util: PlaywrightJsUtil;
+}
+/**
+ * Result from executing a playwright-js flow.
+ */
+export interface PlaywrightJsResult {
+    collectibles: Record<string, unknown>;
+    logs: string[];
+    error?: string;
+}
+/**
+ * Extract the function body from a `module.exports = async function(...) { BODY }` pattern.
+ * Also supports `module.exports = async (...) => { BODY }` arrow functions.
+ */
+export declare function extractFunctionBody(code: string): string;
+/**
+ * Execute a playwright-js flow in a sandboxed context.
+ *
+ * @param code       Raw source of flow.playwright.js
+ * @param scope      Playwright objects + inputs/secrets
+ * @param timeoutMs  Maximum execution time (default 5 minutes)
+ * @returns          The return value from the user function (collectibles object)
+ */
+export declare function executePlaywrightJs(code: string, scope: PlaywrightJsScope, timeoutMs?: number): Promise<PlaywrightJsResult>;
+//# sourceMappingURL=playwrightJsExecutor.d.ts.map

package/dist/dsl/playwrightJsExecutor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"playwrightJsExecutor.d.ts","sourceRoot":"","sources":["../../src/dsl/playwrightJsExecutor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAC9D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EAA0B,KAAK,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAajF;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,IAAI,CAAC;IACX,OAAO,EAAE,cAAc,CAAC;IACxB,KAAK,EAAE,KAAK,CAAC;IACb,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,OAAO,EAAE;QACP,OAAO,EAAE;YACP,IAAI,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAChC,IAAI,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAChC,GAAG,EAAE,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAC9B,MAAM,EAAE,iBAAiB,CAAC,QAAQ,CAAC,CAAC;SACrC,CAAC;KACH,CAAC;IACF,IAAI,EAAE,gBAAgB,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CA+BxD;AAMD;;;;;;;GAOG;AACH,wBAAsB,mBAAmB,CACvC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,iBAAiB,EACxB,SAAS,SAAgB,GACxB,OAAO,CAAC,kBAAkB,CAAC,CA4E7B"}

package/dist/dsl/playwrightJsExecutor.js

@@ -0,0 +1,134 @@
+/**
+ * Sandboxed executor for playwright-js task packs.
+ *
+ * Runs user-provided Playwright JavaScript in a best-effort sandbox:
+ * - Dangerous Node.js globals are shadowed via AsyncFunction parameters
+ * - inputs and secrets are passed as frozen copies (read-only)
+ * - page, context, frame have full Playwright access
+ *
+ * NOTE: This is NOT a hard security boundary. A determined attacker could
+ * escape via prototype chain tricks. Trust is managed at the registry level.
+ */
+/**
+ * Globals shadowed inside user code (passed as undefined).
+ */
+const BLOCKED_GLOBALS = [
+    'process', 'require', 'module', 'exports',
+    '__dirname', '__filename', 'global', 'globalThis',
+    'Buffer', 'setTimeout', 'setInterval', 'setImmediate',
+    'clearTimeout', 'clearInterval', 'clearImmediate',
+    'fetch', 'XMLHttpRequest', 'eval', 'Function', 'Deno', 'Bun',
+];
+/**
+ * Extract the function body from a `module.exports = async function(...) { BODY }` pattern.
+ * Also supports `module.exports = async (...) => { BODY }` arrow functions.
+ */
+export function extractFunctionBody(code) {
+    // Match module.exports = async function(...) { BODY }
+    // or module.exports = async (...) => { BODY }
+    const patterns = [
+        // async function with destructuring or params
+        /module\.exports\s*=\s*async\s+function\s*\([^)]*\)\s*\{/,
+        // async arrow with destructuring or params
+        /module\.exports\s*=\s*async\s*\([^)]*\)\s*=>\s*\{/,
+    ];
+    for (const pattern of patterns) {
+        const match = code.match(pattern);
+        if (match) {
+            const startIdx = match.index + match[0].length;
+            // Find matching closing brace
+            let depth = 1;
+            let i = startIdx;
+            while (i < code.length && depth > 0) {
+                if (code[i] === '{')
+                    depth++;
+                else if (code[i] === '}')
+                    depth--;
+                i++;
+            }
+            if (depth === 0) {
+                return code.slice(startIdx, i - 1).trim();
+            }
+        }
+    }
+    throw new Error('Could not parse flow.playwright.js: expected `module.exports = async function({ page, context, frame, inputs, secrets }) { ... }` pattern.');
+}
+// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+const AsyncFunction = Object.getPrototypeOf(async function () { }).constructor;
+/**
+ * Execute a playwright-js flow in a sandboxed context.
+ *
+ * @param code       Raw source of flow.playwright.js
+ * @param scope      Playwright objects + inputs/secrets
+ * @param timeoutMs  Maximum execution time (default 5 minutes)
+ * @returns          The return value from the user function (collectibles object)
+ */
+export async function executePlaywrightJs(code, scope, timeoutMs = 5 * 60 * 1000) {
+    const functionBody = extractFunctionBody(code);
+    // Capture console.log output from user code
+    const logs = [];
+    const customConsole = {
+        log: (...args) => logs.push(args.map(String).join(' ')),
+        warn: (...args) => logs.push(`[warn] ${args.map(String).join(' ')}`),
+        error: (...args) => logs.push(`[error] ${args.map(String).join(' ')}`),
+        info: (...args) => logs.push(args.map(String).join(' ')),
+    };
+    // Build the sandboxed function:
+    // Blocked globals are function parameters, passed as undefined to shadow them.
+    // Scope variables (page, context, etc.) are also parameters.
+    const fn = new AsyncFunction(...BLOCKED_GLOBALS, 'page', 'context', 'frame', 'inputs', 'secrets', 'showrun', 'util', 'console', functionBody);
+    // Freeze inputs and secrets so user code cannot mutate them
+    const frozenInputs = Object.freeze({ ...scope.inputs });
+    const frozenSecrets = Object.freeze({ ...scope.secrets });
+    // Build args: undefined for each blocked global, then scope values
+    const blockedArgs = BLOCKED_GLOBALS.map(() => undefined);
+    const args = [
+        ...blockedArgs,
+        scope.page,
+        scope.context,
+        scope.frame,
+        frozenInputs,
+        frozenSecrets,
+        scope.showrun,
+        scope.util,
+        customConsole,
+    ];
+    // Execute with timeout, wrapped in try-catch to handle browser/page closure errors
+    let result;
+    try {
+        result = await Promise.race([
+            fn(...args),
+            new Promise((_, reject) => {
+                const timer = globalThis.setTimeout(() => {
+                    reject(new Error(`playwright-js execution timed out after ${timeoutMs}ms`));
+                }, timeoutMs);
+                // Allow Node.js to exit even if timer is pending
+                if (typeof timer === 'object' && 'unref' in timer) {
+                    timer.unref();
+                }
+            }),
+        ]);
+    }
+    catch (error) {
+        // Handle flow execution errors gracefully instead of crashing
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logs.push(`[error] Flow execution failed: ${errorMessage}`);
+        return {
+            collectibles: {},
+            logs,
+            error: errorMessage,
+        };
+    }
+    // Normalize result: if null/undefined, return empty object
+    let collectibles;
+    if (result == null) {
+        collectibles = {};
+    }
+    else if (typeof result !== 'object' || Array.isArray(result)) {
+        collectibles = { _result: result };
+    }
+    else {
+        collectibles = result;
+    }
+    return { collectibles, logs };
+}

package/dist/index.d.ts

@@ -13,6 +13,7 @@ export * from './packVersioning.js';
 export * from './config.js';
 export * from './requestSnapshot.js';
 export * from './httpReplay.js';
+export * from './version.js';
 export * from './registry/index.js';
 export * from './proxy/index.js';
 export * from './transport/index.js';
@@ -24,4 +25,6 @@ export * from './dsl/validation.js';
 export * from './dsl/templating.js';
 export * from './dsl/target.js';
 export * from './dsl/conditions.js';
+export * from './dsl/playwrightJsExecutor.js';
+export * from './util/index.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,wBAAwB,CAAC;AACvC,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,aAAa,CAAC;AAC5B,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,qBAAqB,CAAC;AAGpC,cAAc,kBAAkB,CAAC;AAGjC,cAAc,sBAAsB,CAAC;AAGrC,cAAc,oBAAoB,CAAC;AAGnC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAClC,cAAc,sBAAsB,CAAC;AACrC,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,wBAAwB,CAAC;AACvC,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,aAAa,CAAC;AAC5B,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,cAAc,CAAC;AAG7B,cAAc,qBAAqB,CAAC;AAGpC,cAAc,kBAAkB,CAAC;AAGjC,cAAc,sBAAsB,CAAC;AAGrC,cAAc,oBAAoB,CAAC;AAGnC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC;AAClC,cAAc,sBAAsB,CAAC;AACrC,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC;AACpC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iBAAiB,CAAC"}

package/dist/index.js

@@ -13,6 +13,7 @@ export * from './packVersioning.js';
 export * from './config.js';
 export * from './requestSnapshot.js';
 export * from './httpReplay.js';
+export * from './version.js';
 // Registry exports
 export * from './registry/index.js';
 // Proxy exports
@@ -29,3 +30,5 @@ export * from './dsl/validation.js';
 export * from './dsl/templating.js';
 export * from './dsl/target.js';
 export * from './dsl/conditions.js';
+export * from './dsl/playwrightJsExecutor.js';
+export * from './util/index.js';

package/dist/loader.d.ts

@@ -19,9 +19,17 @@ export declare class TaskPackLoader {
      */
     static loadManifest(packPath: string): TaskPackManifest;
     /**
-     * Load task pack from directory (json-dsl format only)
+     * Load task pack from directory
      */
     static loadTaskPack(packPath: string): Promise<TaskPack>;
+    /**
+     * Load a json-dsl task pack
+     */
+    private static loadJsonDslPack;
+    /**
+     * Load a playwright-js task pack
+     */
+    private static loadPlaywrightJsPack;
     /**
      * Load secrets from .secrets.json file in pack directory
      * Returns empty object if file doesn't exist

package/dist/loader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAsC,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAInH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,CAAC,CAAC;IACX,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED;;;;;;GAMG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB;IA4BvD;;OAEG;WACU,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IA4C9D;;;OAGG;IACH,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAwB5D;;OAEG;IACH,MAAM,CAAC,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,EAAE;CAQlE"}
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAsC,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAInH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,CAAC,CAAC;IACX,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED;;;;;;GAMG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACH,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB;IA6BvD;;OAEG;WACU,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAU9D;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,eAAe;IA0C9B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAyBnC;;;OAGG;IACH,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAwB5D;;OAEG;IACH,MAAM,CAAC,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,EAAE;CAQlE"}