agent-browser 0.14.0 → 0.15.0

package/README.md

@@ -109,7 +109,7 @@ agent-browser hover <sel>             # Hover element
 agent-browser select <sel> <val>      # Select dropdown option
 agent-browser check <sel>             # Check checkbox
 agent-browser uncheck <sel>           # Uncheck checkbox
-agent-browser scroll <dir> [px]       # Scroll (up/down/left/right)
+agent-browser scroll <dir> [px]       # Scroll (up/down/left/right, --selector <sel>)
 agent-browser scrollintoview <sel>    # Scroll element into view (alias: scrollinto)
 agent-browser drag <src> <tgt>        # Drag and drop
 agent-browser upload <sel> <files>    # Upload files
@@ -395,6 +395,28 @@ agent-browser --session-name secure open example.com
 | `AGENT_BROWSER_ENCRYPTION_KEY` | 64-char hex key for AES-256-GCM encryption |
 | `AGENT_BROWSER_STATE_EXPIRE_DAYS` | Auto-delete states older than N days (default: 30) |
 
+## Security
+
+agent-browser includes security features for safe AI agent deployments. All features are opt-in -- existing workflows are unaffected until you explicitly enable a feature:
+
+- **Authentication Vault** -- Store credentials locally (always encrypted), reference by name. The LLM never sees passwords. A key is auto-generated at `~/.agent-browser/.encryption-key` if `AGENT_BROWSER_ENCRYPTION_KEY` is not set: `echo "pass" | agent-browser auth save github --url https://github.com/login --username user --password-stdin` then `agent-browser auth login github`
+- **Content Boundary Markers** -- Wrap page output in delimiters so LLMs can distinguish tool output from untrusted content: `--content-boundaries`
+- **Domain Allowlist** -- Restrict navigation to trusted domains (wildcards like `*.example.com` also match the bare domain): `--allowed-domains "example.com,*.example.com"`. Sub-resource requests (scripts, images, fetch) and WebSocket/EventSource connections to non-allowed domains are also blocked. Include any CDN domains your target pages depend on (e.g., `*.cdn.example.com`).
+- **Action Policy** -- Gate destructive actions with a static policy file: `--action-policy ./policy.json`
+- **Action Confirmation** -- Require explicit approval for sensitive action categories: `--confirm-actions eval,download`
+- **Output Length Limits** -- Prevent context flooding: `--max-output 50000`
+
+| Variable | Description |
+|----------|-------------|
+| `AGENT_BROWSER_CONTENT_BOUNDARIES` | Wrap page output in boundary markers |
+| `AGENT_BROWSER_MAX_OUTPUT` | Max characters for page output |
+| `AGENT_BROWSER_ALLOWED_DOMAINS` | Comma-separated allowed domain patterns |
+| `AGENT_BROWSER_ACTION_POLICY` | Path to action policy JSON file |
+| `AGENT_BROWSER_CONFIRM_ACTIONS` | Action categories requiring confirmation |
+| `AGENT_BROWSER_CONFIRM_INTERACTIVE` | Enable interactive confirmation prompts |
+
+See [Security documentation](https://agent-browser.vercel.app/security) for details.
+
 ## Snapshot Options
 
 The `snapshot` command supports filtering to reduce output size:
@@ -466,6 +488,13 @@ This is useful for multimodal AI models that can reason about visual layout, unl
 | `--cdp <port\|url>` | Connect via Chrome DevTools Protocol (port or WebSocket URL) |
 | `--auto-connect` | Auto-discover and connect to running Chrome (or `AGENT_BROWSER_AUTO_CONNECT` env) |
 | `--color-scheme <scheme>` | Color scheme: `dark`, `light`, `no-preference` (or `AGENT_BROWSER_COLOR_SCHEME` env) |
+| `--download-path <path>` | Default download directory (or `AGENT_BROWSER_DOWNLOAD_PATH` env) |
+| `--content-boundaries` | Wrap page output in boundary markers for LLM safety (or `AGENT_BROWSER_CONTENT_BOUNDARIES` env) |
+| `--max-output <chars>` | Truncate page output to N characters (or `AGENT_BROWSER_MAX_OUTPUT` env) |
+| `--allowed-domains <list>` | Comma-separated allowed domain patterns (or `AGENT_BROWSER_ALLOWED_DOMAINS` env) |
+| `--action-policy <path>` | Path to action policy JSON file (or `AGENT_BROWSER_ACTION_POLICY` env) |
+| `--confirm-actions <list>` | Action categories requiring confirmation (or `AGENT_BROWSER_CONFIRM_ACTIONS` env) |
+| `--confirm-interactive` | Interactive confirmation prompts; auto-denies if stdin is not a TTY (or `AGENT_BROWSER_CONFIRM_INTERACTIVE` env) |
 | `--config <path>` | Use a custom config file (or `AGENT_BROWSER_CONFIG` env) |
 | `--debug` | Debug output |
 

package/dist/action-policy.d.ts

@@ -0,0 +1,14 @@
+export interface ActionPolicy {
+    default: 'allow' | 'deny';
+    allow?: string[];
+    deny?: string[];
+}
+export type PolicyDecision = 'allow' | 'deny' | 'confirm';
+export declare const KNOWN_CATEGORIES: Set<string>;
+export declare function getActionCategory(action: string): string;
+export declare function loadPolicyFile(policyPath: string): ActionPolicy;
+export declare function initPolicyReloader(policyPath: string, policy: ActionPolicy): void;
+export declare function reloadPolicyIfChanged(): ActionPolicy | null;
+export declare function checkPolicy(action: string, policy: ActionPolicy | null, confirmCategories: Set<string>): PolicyDecision;
+export declare function describeAction(action: string, command: Record<string, unknown>): string;
+//# sourceMappingURL=action-policy.d.ts.map

package/dist/action-policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-policy.d.ts","sourceRoot":"","sources":["../src/action-policy.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,GAAG,MAAM,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;AA4K1D,eAAO,MAAM,gBAAgB,aAE5B,CAAC;AAEF,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAExD;AAED,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,YAAY,CAwB/D;AAQD,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,IAAI,CAIjF;AAED,wBAAgB,qBAAqB,IAAI,YAAY,GAAG,IAAI,CAkB3D;AAED,wBAAgB,WAAW,CACzB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,YAAY,GAAG,IAAI,EAC3B,iBAAiB,EAAE,GAAG,CAAC,MAAM,CAAC,GAC7B,cAAc,CAkBhB;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAyBvF"}

package/dist/action-policy.js

@@ -0,0 +1,253 @@
+import { readFileSync, statSync } from 'node:fs';
+import { resolve } from 'node:path';
+const ACTION_CATEGORIES = {
+    navigate: 'navigate',
+    back: 'navigate',
+    forward: 'navigate',
+    reload: 'navigate',
+    tab_new: 'navigate',
+    click: 'click',
+    dblclick: 'click',
+    tap: 'click',
+    fill: 'fill',
+    type: 'fill',
+    // The `keyboard` action is a compound command that dispatches to sub-actions
+    // (type, inserttext, press, down, up). Its primary use is text input, so it
+    // maps to 'fill'. The interact-like sub-actions (press, down, up) are less
+    // common and don't have separate top-level action names in the protocol.
+    keyboard: 'fill',
+    inserttext: 'fill',
+    select: 'fill',
+    multiselect: 'fill',
+    check: 'fill',
+    uncheck: 'fill',
+    clear: 'fill',
+    selectall: 'fill',
+    setvalue: 'fill',
+    download: 'download',
+    waitfordownload: 'download',
+    upload: 'upload',
+    evaluate: 'eval',
+    evalhandle: 'eval',
+    addscript: 'eval',
+    addinitscript: 'eval',
+    snapshot: 'snapshot',
+    screenshot: 'snapshot',
+    pdf: 'snapshot',
+    diff_snapshot: 'snapshot',
+    diff_screenshot: 'snapshot',
+    diff_url: 'snapshot',
+    scroll: 'scroll',
+    scrollintoview: 'scroll',
+    wait: 'wait',
+    waitforurl: 'wait',
+    waitforloadstate: 'wait',
+    waitforfunction: 'wait',
+    gettext: 'get',
+    content: 'get',
+    innerhtml: 'get',
+    innertext: 'get',
+    inputvalue: 'get',
+    url: 'get',
+    title: 'get',
+    getattribute: 'get',
+    count: 'get',
+    boundingbox: 'get',
+    styles: 'get',
+    isvisible: 'get',
+    isenabled: 'get',
+    ischecked: 'get',
+    responsebody: 'get',
+    route: 'network',
+    unroute: 'network',
+    requests: 'network',
+    state_save: 'state',
+    state_load: 'state',
+    cookies_set: 'state',
+    storage_set: 'state',
+    credentials: 'state',
+    hover: 'interact',
+    focus: 'interact',
+    drag: 'interact',
+    press: 'interact',
+    keydown: 'interact',
+    keyup: 'interact',
+    mousemove: 'interact',
+    mousedown: 'interact',
+    mouseup: 'interact',
+    wheel: 'interact',
+    dispatch: 'interact',
+    // These are always allowed (internal/meta operations)
+    launch: '_internal',
+    close: '_internal',
+    tab_list: '_internal',
+    tab_switch: '_internal',
+    tab_close: '_internal',
+    window_new: '_internal',
+    frame: '_internal',
+    mainframe: '_internal',
+    dialog: '_internal',
+    session: '_internal',
+    console: '_internal',
+    errors: '_internal',
+    cookies_get: '_internal',
+    cookies_clear: '_internal',
+    storage_get: '_internal',
+    storage_clear: '_internal',
+    state_list: '_internal',
+    state_show: '_internal',
+    state_clear: '_internal',
+    state_clean: '_internal',
+    state_rename: '_internal',
+    highlight: '_internal',
+    bringtofront: '_internal',
+    trace_start: '_internal',
+    trace_stop: '_internal',
+    har_start: '_internal',
+    har_stop: '_internal',
+    video_start: '_internal',
+    video_stop: '_internal',
+    recording_start: '_internal',
+    recording_stop: '_internal',
+    recording_restart: '_internal',
+    profiler_start: '_internal',
+    profiler_stop: '_internal',
+    clipboard: '_internal',
+    viewport: '_internal',
+    useragent: '_internal',
+    device: '_internal',
+    geolocation: '_internal',
+    permissions: '_internal',
+    emulatemedia: '_internal',
+    offline: '_internal',
+    headers: '_internal',
+    addstyle: 'eval',
+    expose: 'eval',
+    timezone: '_internal',
+    locale: '_internal',
+    pause: '_internal',
+    setcontent: 'eval',
+    screencast_start: '_internal',
+    screencast_stop: '_internal',
+    input_mouse: '_internal',
+    input_keyboard: '_internal',
+    input_touch: '_internal',
+    auth_save: '_internal',
+    auth_login: '_internal',
+    auth_list: '_internal',
+    auth_delete: '_internal',
+    auth_show: '_internal',
+    confirm: '_internal',
+    deny: '_internal',
+    // Find/semantic locator actions (read-only element resolution)
+    getbyrole: 'get',
+    getbytext: 'get',
+    getbylabel: 'get',
+    getbyplaceholder: 'get',
+    getbyalttext: 'get',
+    getbytitle: 'get',
+    getbytestid: 'get',
+    nth: 'get',
+};
+// User-facing categories used in policy files. '_internal' is excluded because
+// internal actions always bypass policy. 'unknown' is intentionally not a value
+// in ACTION_CATEGORIES -- it is only the fallback return of getActionCategory()
+// for unrecognized actions. If a user puts "unknown" in a policy file,
+// loadPolicyFile will warn about it as unrecognized, which is correct.
+export const KNOWN_CATEGORIES = new Set(Object.values(ACTION_CATEGORIES).filter((c) => c !== '_internal'));
+export function getActionCategory(action) {
+    return ACTION_CATEGORIES[action] ?? 'unknown';
+}
+export function loadPolicyFile(policyPath) {
+    const resolved = resolve(policyPath);
+    const content = readFileSync(resolved, 'utf-8');
+    const policy = JSON.parse(content);
+    if (policy.default !== 'allow' && policy.default !== 'deny') {
+        throw new Error(`Invalid action policy: "default" must be "allow" or "deny", got "${policy.default}"`);
+    }
+    for (const list of [policy.allow, policy.deny]) {
+        if (!list)
+            continue;
+        for (const category of list) {
+            if (!KNOWN_CATEGORIES.has(category)) {
+                console.warn(`[agent-browser] Warning: unrecognized action category "${category}" in policy file. ` +
+                    `Known categories: ${[...KNOWN_CATEGORIES].sort().join(', ')}`);
+            }
+        }
+    }
+    return policy;
+}
+let cachedPolicyPath = null;
+let cachedPolicyMtimeMs = 0;
+let cachedPolicy = null;
+const RELOAD_CHECK_INTERVAL_MS = 5_000;
+let lastCheckMs = 0;
+export function initPolicyReloader(policyPath, policy) {
+    cachedPolicyPath = resolve(policyPath);
+    cachedPolicyMtimeMs = statSync(cachedPolicyPath).mtimeMs;
+    cachedPolicy = policy;
+}
+export function reloadPolicyIfChanged() {
+    if (!cachedPolicyPath)
+        return cachedPolicy;
+    const now = Date.now();
+    if (now - lastCheckMs < RELOAD_CHECK_INTERVAL_MS)
+        return cachedPolicy;
+    lastCheckMs = now;
+    try {
+        const currentMtime = statSync(cachedPolicyPath).mtimeMs;
+        if (currentMtime !== cachedPolicyMtimeMs) {
+            cachedPolicy = loadPolicyFile(cachedPolicyPath);
+            cachedPolicyMtimeMs = currentMtime;
+        }
+    }
+    catch {
+        // File may have been removed; keep using cached policy
+    }
+    return cachedPolicy;
+}
+export function checkPolicy(action, policy, confirmCategories) {
+    const category = getActionCategory(action);
+    // Internal actions are always allowed
+    if (category === '_internal')
+        return 'allow';
+    // Explicit deny takes precedence over confirmation
+    if (policy?.deny?.includes(category))
+        return 'deny';
+    // Check if this category requires confirmation
+    if (confirmCategories.has(category))
+        return 'confirm';
+    if (!policy)
+        return 'allow';
+    // Explicit allow list
+    if (policy.allow?.includes(category))
+        return 'allow';
+    return policy.default;
+}
+export function describeAction(action, command) {
+    const category = getActionCategory(action);
+    switch (action) {
+        case 'navigate':
+            return `Navigate to ${command.url}`;
+        case 'evaluate':
+        case 'evalhandle':
+            return `Evaluate JavaScript: ${String(command.script ?? '').slice(0, 80)}`;
+        case 'fill':
+            return `Fill ${command.selector}`;
+        case 'type':
+            return `Type into ${command.selector}`;
+        case 'click':
+            return `Click ${command.selector}`;
+        case 'dblclick':
+            return `Double-click ${command.selector}`;
+        case 'tap':
+            return `Tap ${command.selector}`;
+        case 'download':
+            return `Download via ${command.selector} to ${command.path}`;
+        case 'upload':
+            return `Upload files to ${command.selector}`;
+        default:
+            return `${category}: ${action}`;
+    }
+}
+//# sourceMappingURL=action-policy.js.map

package/dist/action-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-policy.js","sourceRoot":"","sources":["../src/action-policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACjD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAUpC,MAAM,iBAAiB,GAA2B;IAChD,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,UAAU;IAChB,OAAO,EAAE,UAAU;IACnB,MAAM,EAAE,UAAU;IAClB,OAAO,EAAE,UAAU;IAEnB,KAAK,EAAE,OAAO;IACd,QAAQ,EAAE,OAAO;IACjB,GAAG,EAAE,OAAO;IAEZ,IAAI,EAAE,MAAM;IACZ,IAAI,EAAE,MAAM;IACZ,6EAA6E;IAC7E,4EAA4E;IAC5E,2EAA2E;IAC3E,yEAAyE;IACzE,QAAQ,EAAE,MAAM;IAChB,UAAU,EAAE,MAAM;IAClB,MAAM,EAAE,MAAM;IACd,WAAW,EAAE,MAAM;IACnB,KAAK,EAAE,MAAM;IACb,OAAO,EAAE,MAAM;IACf,KAAK,EAAE,MAAM;IACb,SAAS,EAAE,MAAM;IACjB,QAAQ,EAAE,MAAM;IAEhB,QAAQ,EAAE,UAAU;IACpB,eAAe,EAAE,UAAU;IAE3B,MAAM,EAAE,QAAQ;IAEhB,QAAQ,EAAE,MAAM;IAChB,UAAU,EAAE,MAAM;IAClB,SAAS,EAAE,MAAM;IACjB,aAAa,EAAE,MAAM;IAErB,QAAQ,EAAE,UAAU;IACpB,UAAU,EAAE,UAAU;IACtB,GAAG,EAAE,UAAU;IACf,aAAa,EAAE,UAAU;IACzB,eAAe,EAAE,UAAU;IAC3B,QAAQ,EAAE,UAAU;IAEpB,MAAM,EAAE,QAAQ;IAChB,cAAc,EAAE,QAAQ;IAExB,IAAI,EAAE,MAAM;IACZ,UAAU,EAAE,MAAM;IAClB,gBAAgB,EAAE,MAAM;IACxB,eAAe,EAAE,MAAM;IAEvB,OAAO,EAAE,KAAK;IACd,OAAO,EAAE,KAAK;IACd,SAAS,EAAE,KAAK;IAChB,SAAS,EAAE,KAAK;IAChB,UAAU,EAAE,KAAK;IACjB,GAAG,EAAE,KAAK;IACV,KAAK,EAAE,KAAK;IACZ,YAAY,EAAE,KAAK;IACnB,KAAK,EAAE,KAAK;IACZ,WAAW,EAAE,KAAK;IAClB,MAAM,EAAE,KAAK;IACb,SAAS,EAAE,KAAK;IAChB,SAAS,EAAE,KAAK;IAChB,SAAS,EAAE,KAAK;IAChB,YAAY,EAAE,KAAK;IAEnB,KAAK,EAAE,SAAS;IAChB,OAAO,EAAE,SAAS;IAClB,QAAQ,EAAE,SAAS;IAEnB,UAAU,EAAE,OAAO;IACnB,UAAU,EAAE,OAAO;IACnB,WAAW,EAAE,OAAO;IACpB,WAAW,EAAE,OAAO;IACpB,WAAW,EAAE,OAAO;IAEpB,KAAK,EAAE,UAAU;IACjB,KAAK,EAAE,UAAU;IACjB,IAAI,EAAE,UAAU;IAChB,KAAK,EAAE,UAAU;IACjB,OAAO,EAAE,UAAU;IACnB,KAAK,EAAE,UAAU;IACjB,SAAS,EAAE,UAAU;IACrB,SAAS,EAAE,UAAU;IACrB,OAAO,EAAE,UAAU;IACnB,KAAK,EAAE,UAAU;IACjB,QAAQ,EAAE,UAAU;IAEpB,sDAAsD;IACtD,MAAM,EAAE,WAAW;IACnB,KAAK,EAAE,WAAW;IAClB,QAAQ,EAAE,WAAW;IACrB,UAAU,EAAE,WAAW;IACvB,SAAS,EAAE,WAAW;IACtB,UAAU,EAAE,WAAW;IACvB,KAAK,EAAE,WAAW;IAClB,SAAS,EAAE,WAAW;IACtB,MAAM,EAAE,WAAW;IACnB,OAAO,EAAE,WAAW;IACpB,OAAO,EAAE,WAAW;IACpB,MAAM,EAAE,WAAW;IACnB,WAAW,EAAE,WAAW;IACxB,aAAa,EAAE,WAAW;IAC1B,WAAW,EAAE,WAAW;IACxB,aAAa,EAAE,WAAW;IAC1B,UAAU,EAAE,WAAW;IACvB,UAAU,EAAE,WAAW;IACvB,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,WAAW;IACxB,YAAY,EAAE,WAAW;IACzB,SAAS,EAAE,WAAW;IACtB,YAAY,EAAE,WAAW;IACzB,WAAW,EAAE,WAAW;IACxB,UAAU,EAAE,WAAW;IACvB,SAAS,EAAE,WAAW;IACtB,QAAQ,EAAE,WAAW;IACrB,WAAW,EAAE,WAAW;IACxB,UAAU,EAAE,WAAW;IACvB,eAAe,EAAE,WAAW;IAC5B,cAAc,EAAE,WAAW;IAC3B,iBAAiB,EAAE,WAAW;IAC9B,cAAc,EAAE,WAAW;IAC3B,aAAa,EAAE,WAAW;IAC1B,SAAS,EAAE,WAAW;IACtB,QAAQ,EAAE,WAAW;IACrB,SAAS,EAAE,WAAW;IACtB,MAAM,EAAE,WAAW;IACnB,WAAW,EAAE,WAAW;IACxB,WAAW,EAAE,WAAW;IACxB,YAAY,EAAE,WAAW;IACzB,OAAO,EAAE,WAAW;IACpB,OAAO,EAAE,WAAW;IACpB,QAAQ,EAAE,MAAM;IAChB,MAAM,EAAE,MAAM;IACd,QAAQ,EAAE,WAAW;IACrB,MAAM,EAAE,WAAW;IACnB,KAAK,EAAE,WAAW;IAClB,UAAU,EAAE,MAAM;IAClB,gBAAgB,EAAE,WAAW;IAC7B,eAAe,EAAE,WAAW;IAC5B,WAAW,EAAE,WAAW;IACxB,cAAc,EAAE,WAAW;IAC3B,WAAW,EAAE,WAAW;IAExB,SAAS,EAAE,WAAW;IACtB,UAAU,EAAE,WAAW;IACvB,SAAS,EAAE,WAAW;IACtB,WAAW,EAAE,WAAW;IACxB,SAAS,EAAE,WAAW;IACtB,OAAO,EAAE,WAAW;IACpB,IAAI,EAAE,WAAW;IAEjB,+DAA+D;IAC/D,SAAS,EAAE,KAAK;IAChB,SAAS,EAAE,KAAK;IAChB,UAAU,EAAE,KAAK;IACjB,gBAAgB,EAAE,KAAK;IACvB,YAAY,EAAE,KAAK;IACnB,UAAU,EAAE,KAAK;IACjB,WAAW,EAAE,KAAK;IAClB,GAAG,EAAE,KAAK;CACX,CAAC;AAEF,+EAA+E;AAC/E,gFAAgF;AAChF,gFAAgF;AAChF,uEAAuE;AACvE,uEAAuE;AACvE,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,GAAG,CACrC,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,WAAW,CAAC,CAClE,CAAC;AAEF,MAAM,UAAU,iBAAiB,CAAC,MAAc;IAC9C,OAAO,iBAAiB,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,UAAkB;IAC/C,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAiB,CAAC;IAEnD,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAC5D,MAAM,IAAI,KAAK,CACb,oEAAoE,MAAM,CAAC,OAAO,GAAG,CACtF,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,KAAK,MAAM,QAAQ,IAAI,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,IAAI,CACV,0DAA0D,QAAQ,oBAAoB;oBACpF,qBAAqB,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACjE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,IAAI,gBAAgB,GAAkB,IAAI,CAAC;AAC3C,IAAI,mBAAmB,GAAG,CAAC,CAAC;AAC5B,IAAI,YAAY,GAAwB,IAAI,CAAC;AAC7C,MAAM,wBAAwB,GAAG,KAAK,CAAC;AACvC,IAAI,WAAW,GAAG,CAAC,CAAC;AAEpB,MAAM,UAAU,kBAAkB,CAAC,UAAkB,EAAE,MAAoB;IACzE,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACvC,mBAAmB,GAAG,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC;IACzD,YAAY,GAAG,MAAM,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,IAAI,CAAC,gBAAgB;QAAE,OAAO,YAAY,CAAC;IAE3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,GAAG,GAAG,WAAW,GAAG,wBAAwB;QAAE,OAAO,YAAY,CAAC;IACtE,WAAW,GAAG,GAAG,CAAC;IAElB,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC;QACxD,IAAI,YAAY,KAAK,mBAAmB,EAAE,CAAC;YACzC,YAAY,GAAG,cAAc,CAAC,gBAAgB,CAAC,CAAC;YAChD,mBAAmB,GAAG,YAAY,CAAC;QACrC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uDAAuD;IACzD,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,MAAc,EACd,MAA2B,EAC3B,iBAA8B;IAE9B,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE3C,sCAAsC;IACtC,IAAI,QAAQ,KAAK,WAAW;QAAE,OAAO,OAAO,CAAC;IAE7C,mDAAmD;IACnD,IAAI,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,MAAM,CAAC;IAEpD,+CAA+C;IAC/C,IAAI,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC;QAAE,OAAO,SAAS,CAAC;IAEtD,IAAI,CAAC,MAAM;QAAE,OAAO,OAAO,CAAC;IAE5B,sBAAsB;IACtB,IAAI,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,OAAO,CAAC;IAErD,OAAO,MAAM,CAAC,OAAO,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAc,EAAE,OAAgC;IAC7E,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC3C,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,UAAU;YACb,OAAO,eAAe,OAAO,CAAC,GAAG,EAAE,CAAC;QACtC,KAAK,UAAU,CAAC;QAChB,KAAK,YAAY;YACf,OAAO,wBAAwB,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QAC7E,KAAK,MAAM;YACT,OAAO,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;QACpC,KAAK,MAAM;YACT,OAAO,aAAa,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzC,KAAK,OAAO;YACV,OAAO,SAAS,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrC,KAAK,UAAU;YACb,OAAO,gBAAgB,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC5C,KAAK,KAAK;YACR,OAAO,OAAO,OAAO,CAAC,QAAQ,EAAE,CAAC;QACnC,KAAK,UAAU;YACb,OAAO,gBAAgB,OAAO,CAAC,QAAQ,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/D,KAAK,QAAQ;YACX,OAAO,mBAAmB,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC/C;YACE,OAAO,GAAG,QAAQ,KAAK,MAAM,EAAE,CAAC;IACpC,CAAC;AACH,CAAC"}

package/dist/actions.d.ts

@@ -10,6 +10,7 @@ export declare function setScreencastFrameCallback(callback: ((frame: Screencast
  * @internal Exported for testing
  */
 export declare function toAIFriendlyError(error: unknown, selector: string): Error;
+export declare function initActionPolicy(): void;
 /**
  * Execute a command and return a response
  */

package/dist/actions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../src/actions.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAUpE,OAAO,KAAK,EACV,OAAO,EACP,QAAQ,EAmIT,MAAM,YAAY,CAAC;AAQpB;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,CAAC,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,CAAC,GAAG,IAAI,GAClD,IAAI,CAEN;AAQD;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,KAAK,CAqDzE;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC,CAuRjG"}
+{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../src/actions.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAqBpE,OAAO,KAAK,EACV,OAAO,EACP,QAAQ,EAsIT,MAAM,YAAY,CAAC;AAQpB;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,CAAC,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,CAAC,GAAG,IAAI,GAClD,IAAI,CAEN;AAQD;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,KAAK,CAqDzE;AAKD,wBAAgB,gBAAgB,IAAI,IAAI,CAuBvC;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC,CA6CjG"}