@wong2kim/wmux 1.1.1 → 2.0.0

package/dist/mcp/mcp/playwright/tools/wait.js

@@ -0,0 +1,119 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerWaitTools = registerWaitTools;
+const zod_1 = require("zod");
+const PlaywrightEngine_1 = require("../PlaywrightEngine");
+const security_1 = require("../security");
+// Optional surfaceId schema reused across tools
+const optionalSurfaceId = zod_1.z
+    .string()
+    .optional()
+    .describe('Target a specific surface by ID. Omit to use the active surface.');
+/**
+ * Register wait-related MCP tools on the given server.
+ *
+ * Tools:
+ *  - browser_wait — wait for a URL, selector, text, JS predicate, or network idle
+ */
+function registerWaitTools(server) {
+    const engine = PlaywrightEngine_1.PlaywrightEngine.getInstance();
+    // -----------------------------------------------------------------------
+    // browser_wait
+    // -----------------------------------------------------------------------
+    server.tool('browser_wait', 'Wait for a condition: URL pattern, CSS selector, text content, custom JS predicate, or network idle. Priority: url > selector > text > fn > networkidle.', {
+        url: zod_1.z
+            .string()
+            .optional()
+            .describe('URL or glob pattern to wait for (e.g. "**/dashboard**").'),
+        selector: zod_1.z
+            .string()
+            .optional()
+            .describe('CSS selector to wait for.'),
+        text: zod_1.z
+            .string()
+            .optional()
+            .describe('Text to wait for in document.body.innerText.'),
+        fn: zod_1.z
+            .string()
+            .optional()
+            .describe('Custom JavaScript predicate function body to wait for (must return truthy).'),
+        timeout: zod_1.z
+            .number()
+            .optional()
+            .describe('Maximum wait time in milliseconds. Defaults to 30000.'),
+        surfaceId: optionalSurfaceId,
+    }, async ({ url, selector, text, fn, timeout, surfaceId }) => {
+        const resolvedTimeout = timeout ?? 30000;
+        try {
+            const page = await engine.getPage(surfaceId);
+            if (!page) {
+                throw new Error('No browser page available. Call browser_open with a URL first to establish a CDP connection (required even if a browser panel is already visible).');
+            }
+            // Priority: url > selector > text > fn > networkidle
+            if (url) {
+                await page.waitForURL(url, { timeout: resolvedTimeout });
+                return {
+                    content: [{ type: 'text', text: `Wait completed: URL matched "${url}"` }],
+                };
+            }
+            if (selector) {
+                await page.waitForSelector(selector, { timeout: resolvedTimeout });
+                return {
+                    content: [{ type: 'text', text: `Wait completed: selector "${selector}" found` }],
+                };
+            }
+            if (text) {
+                await page.waitForFunction((t) => document.body.innerText.includes(t), text, { timeout: resolvedTimeout });
+                return {
+                    content: [{ type: 'text', text: `Wait completed: text "${text}" found` }],
+                };
+            }
+            if (fn) {
+                const warnings = (0, security_1.detectDangerousPatterns)(fn);
+                if (warnings.length > 0) {
+                    console.warn(`[browser_wait] Dangerous patterns in fn: ${warnings.join(', ')}`);
+                }
+                await page.waitForFunction(fn, undefined, { timeout: resolvedTimeout });
+                const warningPrefix = warnings.length > 0
+                    ? `\u26A0 Security warning: fn contains potentially dangerous patterns: ${warnings.join(', ')}.\n`
+                    : '';
+                return {
+                    content: [{ type: 'text', text: warningPrefix + 'Wait completed: custom predicate satisfied' }],
+                };
+            }
+            // Default: wait for network idle
+            await page.waitForLoadState('networkidle', { timeout: resolvedTimeout });
+            return {
+                content: [{ type: 'text', text: `Wait completed: network idle` }],
+            };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            // Provide clear timeout messaging
+            if (message.includes('Timeout') || message.includes('timeout')) {
+                const condition = url
+                    ? `URL "${url}"`
+                    : selector
+                        ? `selector "${selector}"`
+                        : text
+                            ? `text "${text}"`
+                            : fn
+                                ? 'custom predicate'
+                                : 'network idle';
+                return {
+                    content: [
+                        {
+                            type: 'text',
+                            text: `Timed out after ${resolvedTimeout}ms waiting for ${condition}`,
+                        },
+                    ],
+                    isError: true,
+                };
+            }
+            return {
+                content: [{ type: 'text', text: message }],
+                isError: true,
+            };
+        }
+    });
+}

package/dist/mcp/shared/constants.js

@@ -45,6 +45,9 @@ exports.IPC = {
     FS_WATCH: 'fs:watch',
     FS_UNWATCH: 'fs:unwatch',
     FS_CHANGED: 'fs:changed',
+    // Scrollback persistence
+    SCROLLBACK_DUMP: 'scrollback:dump',
+    SCROLLBACK_LOAD: 'scrollback:load',
 };
 // Named Pipe / Unix socket path for wmux API
 // Fixed name so MCP clients (e.g. Claude Code) can reconnect across wmux restarts

package/dist/mcp/shared/rpc.js

@@ -25,9 +25,26 @@ exports.ALL_RPC_METHODS = [
     'system.identify',
     'system.capabilities',
     'browser.open',
-    'browser.snapshot',
-    'browser.click',
-    'browser.fill',
-    'browser.eval',
     'browser.navigate',
+    'browser.close',
+    'browser.session.start',
+    'browser.session.stop',
+    'browser.session.status',
+    'browser.session.list',
+    'browser.type.humanlike',
+    'browser.cdp.target',
+    'browser.cdp.info',
+    'browser.cdp.send',
+    'browser.screenshot',
+    'browser.evaluate',
+    'browser.type.cdp',
+    'browser.click.cdp',
+    'browser.press.cdp',
+    'daemon.createSession',
+    'daemon.destroySession',
+    'daemon.attachSession',
+    'daemon.detachSession',
+    'daemon.resizeSession',
+    'daemon.listSessions',
+    'daemon.ping',
 ];

package/dist/mcp/shared/types.js

@@ -7,19 +7,22 @@ exports.validateMessage = validateMessage;
 exports.createSurface = createSurface;
 exports.createLeafPane = createLeafPane;
 exports.createWorkspace = createWorkspace;
+exports.validateNavigationUrl = validateNavigationUrl;
 // === Utility: generate unique IDs ===
 function generateId(prefix) {
     return `${prefix}-${crypto.randomUUID()}`;
 }
 // === Security: sanitize text before PTY write ===
 /**
- * Strips control characters (\r, \n, \x00-\x1f except \t) from text
- * that will be written to a PTY, preventing embedded command injection.
+ * Strips dangerous control characters from text before writing to a PTY.
+ * Removes: NULL byte (\x00) and C1 control characters (\x80-\x9f).
+ * Preserves: CR (\r), LF (\n), Tab (\t), ESC sequences (\x1b[...),
+ * and other standard terminal control characters needed for normal operation.
  */
 function sanitizePtyText(text) {
-    // Remove all control chars except tab (\x09)
+    // Remove NULL byte and C1 control characters (U+0080–U+009F)
     // eslint-disable-next-line no-control-regex
-    return text.replace(/[\x00-\x08\x0a-\x1f\x7f\u0080-\u009f]/g, '');
+    return text.replace(/[\x00\u0080-\u009f]/g, '');
 }
 /**
  * Validates and clamps a user-supplied name string.
@@ -77,3 +80,104 @@ function createWorkspace(name) {
         activePaneId: rootPane.id,
     };
 }
+// === Security: URL validation for SSRF prevention ===
+/**
+ * Validates a URL for safe navigation. Blocks dangerous schemes and private
+ * network addresses to prevent SSRF attacks from AI agent-driven browsing.
+ *
+ * Allows localhost/127.0.0.1/[::1] for local development servers.
+ *
+ * NOTE (v1 limitation): This is string-based validation only. DNS-resolved IPs
+ * are not checked, so DNS rebinding attacks are not mitigated. A future version
+ * should resolve hostnames and re-validate the resolved IP.
+ */
+function validateNavigationUrl(url) {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        return { valid: false, reason: 'Invalid URL' };
+    }
+    // Only allow http and https schemes
+    const scheme = parsed.protocol.toLowerCase();
+    if (scheme !== 'http:' && scheme !== 'https:') {
+        return { valid: false, reason: `Blocked URL scheme: ${scheme}` };
+    }
+    // Extract hostname (strip brackets from IPv6)
+    const hostname = parsed.hostname.toLowerCase();
+    // Allow localhost and IPv4/IPv6 loopback
+    if (hostname === 'localhost' || hostname === '127.0.0.1' || hostname === '::1') {
+        return { valid: true };
+    }
+    // Block IPv6 private/link-local ranges
+    if (hostname.startsWith('[') || hostname.includes(':')) {
+        // Hostname is an IPv6 address (URL parser strips brackets in .hostname)
+        const addr = hostname;
+        // Block fc00::/7 (unique local) — starts with fc or fd
+        if (addr.startsWith('fc') || addr.startsWith('fd')) {
+            return { valid: false, reason: 'Blocked private IPv6 address (fc00::/7)' };
+        }
+        // Block fe80::/10 (link-local) — starts with fe8, fe9, fea, feb
+        if (/^fe[89ab]/.test(addr)) {
+            return { valid: false, reason: 'Blocked link-local IPv6 address (fe80::/10)' };
+        }
+        // ::1 already allowed above; block any other loopback representation
+        // Normalize: collapse :: and check
+        if (addr === '0:0:0:0:0:0:0:1' || addr === '0000:0000:0000:0000:0000:0000:0000:0001') {
+            return { valid: true };
+        }
+        // Block null IPv6 address (:: or 0:0:0:0:0:0:0:0) — equivalent to 0.0.0.0
+        if (addr === '::' || addr === '0:0:0:0:0:0:0:0' || addr === '0000:0000:0000:0000:0000:0000:0000:0000') {
+            return { valid: false, reason: 'Blocked null IPv6 address (equivalent to 0.0.0.0)' };
+        }
+        // Block IPv4-mapped IPv6 (::ffff:x.x.x.x) and IPv4-compatible IPv6 (::x.x.x.x)
+        // These resolve to their embedded IPv4 address, bypassing IPv4 private IP checks.
+        const v4MappedMatch = /^::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/.exec(addr);
+        const v4CompatMatch = !v4MappedMatch ? /^::(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/.exec(addr) : null;
+        const embeddedV4 = v4MappedMatch?.[1] ?? v4CompatMatch?.[1];
+        if (embeddedV4) {
+            // Recursively validate the embedded IPv4 through the same checks
+            const embeddedResult = validateNavigationUrl(`http://${embeddedV4}/`);
+            if (!embeddedResult.valid) {
+                return { valid: false, reason: `Blocked IPv4-mapped/compatible IPv6: embedded ${embeddedV4} — ${embeddedResult.reason}` };
+            }
+        }
+        return { valid: true };
+    }
+    // Check for IPv4 addresses
+    const ipv4Match = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/.exec(hostname);
+    if (ipv4Match) {
+        const octets = [
+            parseInt(ipv4Match[1], 10),
+            parseInt(ipv4Match[2], 10),
+            parseInt(ipv4Match[3], 10),
+            parseInt(ipv4Match[4], 10),
+        ];
+        // 127.0.0.1 already allowed above; block other 127.x.x.x
+        if (octets[0] === 127) {
+            return { valid: false, reason: 'Blocked loopback address' };
+        }
+        // Block 10.0.0.0/8
+        if (octets[0] === 10) {
+            return { valid: false, reason: 'Blocked private IP address (10.0.0.0/8)' };
+        }
+        // Block 172.16.0.0/12 (172.16.x.x – 172.31.x.x)
+        if (octets[0] === 172 && octets[1] >= 16 && octets[1] <= 31) {
+            return { valid: false, reason: 'Blocked private IP address (172.16.0.0/12)' };
+        }
+        // Block 192.168.0.0/16
+        if (octets[0] === 192 && octets[1] === 168) {
+            return { valid: false, reason: 'Blocked private IP address (192.168.0.0/16)' };
+        }
+        // Block 169.254.0.0/16 (link-local, includes cloud metadata 169.254.169.254)
+        if (octets[0] === 169 && octets[1] === 254) {
+            return { valid: false, reason: 'Blocked link-local/cloud metadata address (169.254.0.0/16)' };
+        }
+        // Block 0.0.0.0
+        if (octets.every((o) => o === 0)) {
+            return { valid: false, reason: 'Blocked null address (0.0.0.0)' };
+        }
+    }
+    return { valid: true };
+}

package/package.json

@@ -1,21 +1,23 @@
 {
   "name": "@wong2kim/wmux",
   "productName": "wmux",
-  "version": "1.1.1",
+  "version": "2.0.0",
   "description": "Windows terminal multiplexer with MCP server for AI agents - run multiple CLI sessions in parallel, control via Claude Code and other AI tools",
   "main": ".vite/build/index.js",
   "scripts": {
     "postinstall": "node scripts/fix-node-pty.js",
-    "start": "npm run build:mcp && electron-forge start",
-    "package": "npm run build:mcp && electron-forge package",
-    "make": "npm run build:mcp && electron-forge make",
+    "start": "npm run build:daemon && npm run build:mcp && electron-forge start",
+    "package": "npm run build:daemon && npm run build:mcp && electron-forge package",
+    "make": "npm run build:daemon && npm run build:mcp && electron-forge make",
     "forge-publish": "electron-forge publish",
     "lint": "eslint --ext .ts,.tsx .",
     "build:cli": "tsc -p tsconfig.cli.json",
-    "build:mcp": "tsc -p tsconfig.mcp.json && esbuild dist/mcp/mcp/index.js --bundle --platform=node --outfile=dist/mcp-bundle/index.js --external:electron",
+    "build:daemon": "tsc -p tsconfig.daemon.json",
+    "build:mcp": "tsc -p tsconfig.mcp.json && esbuild dist/mcp/mcp/index.js --bundle --platform=node --outfile=dist/mcp-bundle/index.js --external:electron --external:playwright-core",
     "cli": "node dist/cli/cli/index.js",
     "mcp": "node dist/mcp/mcp/index.js",
-    "prepublishOnly": "npm run build:cli && npm run build:mcp"
+    "prepublishOnly": "npm run build:daemon && npm run build:cli && npm run build:mcp",
+    "test": "vitest run"
   },
   "bin": {
     "wmux": "dist/cli/cli/index.js",
@@ -76,7 +78,8 @@
     "postcss": "^8.5.8",
     "tailwindcss": "^3.4.19",
     "typescript": "^5.9.3",
-    "vite": "^5.4.21"
+    "vite": "^5.4.21",
+    "vitest": "^4.1.0"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.27.1",
@@ -87,6 +90,7 @@
     "electron-squirrel-startup": "^1.0.1",
     "immer": "^11.1.4",
     "node-pty": "^1.1.0",
+    "playwright-core": "^1.58.2",
     "react": "^19.2.4",
     "react-dom": "^19.2.4",
     "react-resizable-panels": "^4.7.3",