@wong2kim/wmux 1.1.2 → 2.0.1

package/dist/mcp/mcp/playwright/tools/navigation.js

@@ -3,6 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.registerNavigationTools = registerNavigationTools;
 const zod_1 = require("zod");
 const PlaywrightEngine_1 = require("../PlaywrightEngine");
+const types_1 = require("../../../shared/types");
+const wmux_client_1 = require("../../wmux-client");
 // Optional surfaceId schema reused across tools
 const optionalSurfaceId = zod_1.z
     .string()
@@ -26,14 +28,17 @@ function registerNavigationTools(server) {
         surfaceId: optionalSurfaceId,
     }, async ({ url, surfaceId }) => {
         try {
-            const page = await engine.getPage(surfaceId);
-            if (!page) {
-                throw new Error('No browser page available. Call browser_open first.');
+            const urlCheck = (0, types_1.validateNavigationUrl)(url);
+            if (!urlCheck.valid) {
+                return {
+                    content: [{ type: 'text', text: `URL blocked: ${urlCheck.reason}` }],
+                    isError: true,
+                };
             }
-            await page.goto(url, { waitUntil: 'domcontentloaded' });
-            const finalUrl = page.url();
+            // Use RPC for fast, reliable navigation (bypasses Playwright CDP discovery)
+            await (0, wmux_client_1.sendRpc)('browser.navigate', { url, ...(surfaceId && { surfaceId }) });
             return {
-                content: [{ type: 'text', text: `Navigated to ${finalUrl}` }],
+                content: [{ type: 'text', text: `Navigated to ${url}` }],
             };
         }
         catch (error) {
@@ -51,14 +56,25 @@ function registerNavigationTools(server) {
         surfaceId: optionalSurfaceId,
     }, async ({ surfaceId }) => {
         try {
-            const page = await engine.getPage(surfaceId);
-            if (!page) {
-                throw new Error('No browser page available. Call browser_open first.');
-            }
-            await page.goBack();
-            const currentUrl = page.url();
+            // Use CDP via RPC for reliability
+            await (0, wmux_client_1.sendRpc)('browser.cdp.send', {
+                method: 'Page.navigateToHistoryEntry',
+                params: {},
+                ...(surfaceId && { surfaceId }),
+            }).catch(() => {
+                // Fallback: use history navigation via JS evaluation
+                return (0, wmux_client_1.sendRpc)('browser.evaluate', {
+                    expression: 'history.back()',
+                    ...(surfaceId && { surfaceId }),
+                });
+            });
+            // Get current URL
+            const urlResult = await (0, wmux_client_1.sendRpc)('browser.evaluate', {
+                expression: 'location.href',
+                ...(surfaceId && { surfaceId }),
+            });
             return {
-                content: [{ type: 'text', text: `Navigated back to ${currentUrl}` }],
+                content: [{ type: 'text', text: `Navigated back to ${urlResult.value}` }],
             };
         }
         catch (error) {
@@ -89,7 +105,7 @@ function registerNavigationTools(server) {
         try {
             const browser = await engine.getBrowser();
             if (!browser) {
-                throw new Error('No browser connected. Call browser_open first.');
+                throw new Error('No browser connected. Call browser_open with a URL first to establish a CDP connection.');
             }
             const resolvedAction = action ?? 'list';
             // Collect all pages across all contexts
@@ -128,6 +144,13 @@ function registerNavigationTools(server) {
                     }
                     const newPage = await context.newPage();
                     if (url) {
+                        const urlCheck = (0, types_1.validateNavigationUrl)(url);
+                        if (!urlCheck.valid) {
+                            return {
+                                content: [{ type: 'text', text: `URL blocked: ${urlCheck.reason}` }],
+                                isError: true,
+                            };
+                        }
                         await newPage.goto(url, { waitUntil: 'domcontentloaded' });
                     }
                     return {

package/dist/mcp/mcp/playwright/tools/state.js

@@ -48,7 +48,7 @@ function registerStateTools(server) {
         try {
             const page = await engine.getPage(surfaceId);
             if (!page) {
-                throw new Error('No browser page available. Call browser_open first.');
+                throw new Error('No browser page available. Call browser_open with a URL first to establish a CDP connection (required even if a browser panel is already visible).');
             }
             const context = page.context();
             switch (action) {
@@ -126,7 +126,7 @@ function registerStateTools(server) {
         try {
             const page = await engine.getPage(surfaceId);
             if (!page) {
-                throw new Error('No browser page available. Call browser_open first.');
+                throw new Error('No browser page available. Call browser_open with a URL first to establish a CDP connection (required even if a browser panel is already visible).');
             }
             const storageName = type === 'local' ? 'localStorage' : 'sessionStorage';
             switch (action) {
@@ -245,7 +245,7 @@ function registerStateTools(server) {
         try {
             const page = await engine.getPage(surfaceId);
             if (!page) {
-                throw new Error('No browser page available. Call browser_open first.');
+                throw new Error('No browser page available. Call browser_open with a URL first to establish a CDP connection (required even if a browser panel is already visible).');
             }
             const context = page.context();
             const applied = [];
@@ -387,7 +387,7 @@ function registerStateTools(server) {
         try {
             const page = await engine.getPage(surfaceId);
             if (!page) {
-                throw new Error('No browser page available. Call browser_open first.');
+                throw new Error('No browser page available. Call browser_open with a URL first to establish a CDP connection (required even if a browser panel is already visible).');
             }
             await page.setViewportSize({ width, height });
             return {

package/dist/mcp/mcp/playwright/tools/utility.js

@@ -65,7 +65,7 @@ function registerUtilityTools(server) {
         try {
             const page = await engine.getPage(surfaceId);
             if (!page) {
-                throw new Error('No browser page available. Call browser_open first.');
+                throw new Error('No browser page available. Call browser_open with a URL first to establish a CDP connection (required even if a browser panel is already visible).');
             }
             try {
                 // Try Playwright's built-in pdf() first
@@ -130,7 +130,7 @@ function registerUtilityTools(server) {
         try {
             const page = await engine.getPage(surfaceId);
             if (!page) {
-                throw new Error('No browser page available. Call browser_open first.');
+                throw new Error('No browser page available. Call browser_open with a URL first to establish a CDP connection (required even if a browser panel is already visible).');
             }
             const context = page.context();
             if (action === 'start') {

package/dist/mcp/mcp/playwright/tools/wait.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.registerWaitTools = registerWaitTools;
 const zod_1 = require("zod");
 const PlaywrightEngine_1 = require("../PlaywrightEngine");
+const security_1 = require("../security");
 // Optional surfaceId schema reused across tools
 const optionalSurfaceId = zod_1.z
     .string()
@@ -46,7 +47,7 @@ function registerWaitTools(server) {
         try {
             const page = await engine.getPage(surfaceId);
             if (!page) {
-                throw new Error('No browser page available. Call browser_open first.');
+                throw new Error('No browser page available. Call browser_open with a URL first to establish a CDP connection (required even if a browser panel is already visible).');
             }
             // Priority: url > selector > text > fn > networkidle
             if (url) {
@@ -68,9 +69,16 @@ function registerWaitTools(server) {
                 };
             }
             if (fn) {
+                const warnings = (0, security_1.detectDangerousPatterns)(fn);
+                if (warnings.length > 0) {
+                    console.warn(`[browser_wait] Dangerous patterns in fn: ${warnings.join(', ')}`);
+                }
                 await page.waitForFunction(fn, undefined, { timeout: resolvedTimeout });
+                const warningPrefix = warnings.length > 0
+                    ? `\u26A0 Security warning: fn contains potentially dangerous patterns: ${warnings.join(', ')}.\n`
+                    : '';
                 return {
-                    content: [{ type: 'text', text: `Wait completed: custom predicate satisfied` }],
+                    content: [{ type: 'text', text: warningPrefix + 'Wait completed: custom predicate satisfied' }],
                 };
             }
             // Default: wait for network idle

package/dist/mcp/shared/rpc.js

@@ -34,6 +34,12 @@ exports.ALL_RPC_METHODS = [
     'browser.type.humanlike',
     'browser.cdp.target',
     'browser.cdp.info',
+    'browser.cdp.send',
+    'browser.screenshot',
+    'browser.evaluate',
+    'browser.type.cdp',
+    'browser.click.cdp',
+    'browser.press.cdp',
     'daemon.createSession',
     'daemon.destroySession',
     'daemon.attachSession',

package/dist/mcp/shared/types.js

@@ -7,19 +7,22 @@ exports.validateMessage = validateMessage;
 exports.createSurface = createSurface;
 exports.createLeafPane = createLeafPane;
 exports.createWorkspace = createWorkspace;
+exports.validateNavigationUrl = validateNavigationUrl;
 // === Utility: generate unique IDs ===
 function generateId(prefix) {
     return `${prefix}-${crypto.randomUUID()}`;
 }
 // === Security: sanitize text before PTY write ===
 /**
- * Strips control characters (\r, \n, \x00-\x1f except \t) from text
- * that will be written to a PTY, preventing embedded command injection.
+ * Strips dangerous control characters from text before writing to a PTY.
+ * Removes: NULL byte (\x00) and C1 control characters (\x80-\x9f).
+ * Preserves: CR (\r), LF (\n), Tab (\t), ESC sequences (\x1b[...),
+ * and other standard terminal control characters needed for normal operation.
  */
 function sanitizePtyText(text) {
-    // Remove all control chars except tab (\x09)
+    // Remove NULL byte and C1 control characters (U+0080–U+009F)
     // eslint-disable-next-line no-control-regex
-    return text.replace(/[\x00-\x08\x0a-\x1f\x7f\u0080-\u009f]/g, '');
+    return text.replace(/[\x00\u0080-\u009f]/g, '');
 }
 /**
  * Validates and clamps a user-supplied name string.
@@ -77,3 +80,104 @@ function createWorkspace(name) {
         activePaneId: rootPane.id,
     };
 }
+// === Security: URL validation for SSRF prevention ===
+/**
+ * Validates a URL for safe navigation. Blocks dangerous schemes and private
+ * network addresses to prevent SSRF attacks from AI agent-driven browsing.
+ *
+ * Allows localhost/127.0.0.1/[::1] for local development servers.
+ *
+ * NOTE (v1 limitation): This is string-based validation only. DNS-resolved IPs
+ * are not checked, so DNS rebinding attacks are not mitigated. A future version
+ * should resolve hostnames and re-validate the resolved IP.
+ */
+function validateNavigationUrl(url) {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        return { valid: false, reason: 'Invalid URL' };
+    }
+    // Only allow http and https schemes
+    const scheme = parsed.protocol.toLowerCase();
+    if (scheme !== 'http:' && scheme !== 'https:') {
+        return { valid: false, reason: `Blocked URL scheme: ${scheme}` };
+    }
+    // Extract hostname (strip brackets from IPv6)
+    const hostname = parsed.hostname.toLowerCase();
+    // Allow localhost and IPv4/IPv6 loopback
+    if (hostname === 'localhost' || hostname === '127.0.0.1' || hostname === '::1') {
+        return { valid: true };
+    }
+    // Block IPv6 private/link-local ranges
+    if (hostname.startsWith('[') || hostname.includes(':')) {
+        // Hostname is an IPv6 address (URL parser strips brackets in .hostname)
+        const addr = hostname;
+        // Block fc00::/7 (unique local) — starts with fc or fd
+        if (addr.startsWith('fc') || addr.startsWith('fd')) {
+            return { valid: false, reason: 'Blocked private IPv6 address (fc00::/7)' };
+        }
+        // Block fe80::/10 (link-local) — starts with fe8, fe9, fea, feb
+        if (/^fe[89ab]/.test(addr)) {
+            return { valid: false, reason: 'Blocked link-local IPv6 address (fe80::/10)' };
+        }
+        // ::1 already allowed above; block any other loopback representation
+        // Normalize: collapse :: and check
+        if (addr === '0:0:0:0:0:0:0:1' || addr === '0000:0000:0000:0000:0000:0000:0000:0001') {
+            return { valid: true };
+        }
+        // Block null IPv6 address (:: or 0:0:0:0:0:0:0:0) — equivalent to 0.0.0.0
+        if (addr === '::' || addr === '0:0:0:0:0:0:0:0' || addr === '0000:0000:0000:0000:0000:0000:0000:0000') {
+            return { valid: false, reason: 'Blocked null IPv6 address (equivalent to 0.0.0.0)' };
+        }
+        // Block IPv4-mapped IPv6 (::ffff:x.x.x.x) and IPv4-compatible IPv6 (::x.x.x.x)
+        // These resolve to their embedded IPv4 address, bypassing IPv4 private IP checks.
+        const v4MappedMatch = /^::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/.exec(addr);
+        const v4CompatMatch = !v4MappedMatch ? /^::(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/.exec(addr) : null;
+        const embeddedV4 = v4MappedMatch?.[1] ?? v4CompatMatch?.[1];
+        if (embeddedV4) {
+            // Recursively validate the embedded IPv4 through the same checks
+            const embeddedResult = validateNavigationUrl(`http://${embeddedV4}/`);
+            if (!embeddedResult.valid) {
+                return { valid: false, reason: `Blocked IPv4-mapped/compatible IPv6: embedded ${embeddedV4} — ${embeddedResult.reason}` };
+            }
+        }
+        return { valid: true };
+    }
+    // Check for IPv4 addresses
+    const ipv4Match = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/.exec(hostname);
+    if (ipv4Match) {
+        const octets = [
+            parseInt(ipv4Match[1], 10),
+            parseInt(ipv4Match[2], 10),
+            parseInt(ipv4Match[3], 10),
+            parseInt(ipv4Match[4], 10),
+        ];
+        // 127.0.0.1 already allowed above; block other 127.x.x.x
+        if (octets[0] === 127) {
+            return { valid: false, reason: 'Blocked loopback address' };
+        }
+        // Block 10.0.0.0/8
+        if (octets[0] === 10) {
+            return { valid: false, reason: 'Blocked private IP address (10.0.0.0/8)' };
+        }
+        // Block 172.16.0.0/12 (172.16.x.x – 172.31.x.x)
+        if (octets[0] === 172 && octets[1] >= 16 && octets[1] <= 31) {
+            return { valid: false, reason: 'Blocked private IP address (172.16.0.0/12)' };
+        }
+        // Block 192.168.0.0/16
+        if (octets[0] === 192 && octets[1] === 168) {
+            return { valid: false, reason: 'Blocked private IP address (192.168.0.0/16)' };
+        }
+        // Block 169.254.0.0/16 (link-local, includes cloud metadata 169.254.169.254)
+        if (octets[0] === 169 && octets[1] === 254) {
+            return { valid: false, reason: 'Blocked link-local/cloud metadata address (169.254.0.0/16)' };
+        }
+        // Block 0.0.0.0
+        if (octets.every((o) => o === 0)) {
+            return { valid: false, reason: 'Blocked null address (0.0.0.0)' };
+        }
+    }
+    return { valid: true };
+}

package/package.json

@@ -1,21 +1,22 @@
 {
   "name": "@wong2kim/wmux",
   "productName": "wmux",
-  "version": "1.1.2",
+  "version": "2.0.1",
   "description": "Windows terminal multiplexer with MCP server for AI agents - run multiple CLI sessions in parallel, control via Claude Code and other AI tools",
   "main": ".vite/build/index.js",
   "scripts": {
     "postinstall": "node scripts/fix-node-pty.js",
-    "start": "npm run build:mcp && electron-forge start",
-    "package": "npm run build:mcp && electron-forge package",
-    "make": "npm run build:mcp && electron-forge make",
+    "start": "npm run build:daemon && npm run build:mcp && electron-forge start",
+    "package": "npm run build:daemon && npm run build:mcp && electron-forge package",
+    "make": "npm run build:daemon && npm run build:mcp && electron-forge make",
     "forge-publish": "electron-forge publish",
     "lint": "eslint --ext .ts,.tsx .",
     "build:cli": "tsc -p tsconfig.cli.json",
+    "build:daemon": "tsc -p tsconfig.daemon.json",
     "build:mcp": "tsc -p tsconfig.mcp.json && esbuild dist/mcp/mcp/index.js --bundle --platform=node --outfile=dist/mcp-bundle/index.js --external:electron --external:playwright-core",
     "cli": "node dist/cli/cli/index.js",
     "mcp": "node dist/mcp/mcp/index.js",
-    "prepublishOnly": "npm run build:cli && npm run build:mcp",
+    "prepublishOnly": "npm run build:daemon && npm run build:cli && npm run build:mcp",
     "test": "vitest run"
   },
   "bin": {