barebrowse 0.7.1 → 0.9.1

package/src/chromium.js

@@ -6,7 +6,47 @@
  */
 
 import { execSync, spawn } from 'node:child_process';
-import { existsSync } from 'node:fs';
+import { existsSync, rmSync } from 'node:fs';
+
+// Track launched browsers so we can clean them up if the parent crashes.
+// Registered exit handlers (one-time) iterate this set on shutdown.
+const activeBrowsers = new Set();
+let exitHandlersRegistered = false;
+
+function reapAllSync() {
+  const toReap = [...activeBrowsers];
+  activeBrowsers.clear();
+  // Send SIGKILL to everything first so the kernel reaps in parallel
+  for (const b of toReap) {
+    try { if (!b.process.killed) b.process.kill('SIGKILL'); } catch {}
+  }
+  // Then poll each for actual death before removing its profile dir —
+  // Chromium can hold file handles briefly even after SIGKILL, which would
+  // race rmSync. Cap the wait so a stuck process can't hang shutdown.
+  for (const b of toReap) {
+    for (let i = 0; i < 20; i++) {
+      try { process.kill(b.process.pid, 0); } catch { break; }
+      try { execSync('sleep 0.05'); } catch {}
+    }
+    if (b.ownedProfileDir) {
+      try { rmSync(b.ownedProfileDir, { recursive: true, force: true }); } catch {}
+    }
+  }
+}
+
+function registerExitHandlers() {
+  if (exitHandlersRegistered) return;
+  exitHandlersRegistered = true;
+  // 'exit' is sync-only — must use synchronous APIs (SIGKILL, rmSync)
+  process.once('exit', reapAllSync);
+  for (const sig of ['SIGINT', 'SIGTERM', 'SIGHUP']) {
+    process.once(sig, () => {
+      reapAllSync();
+      // Re-raise default behavior so the parent's exit code matches the signal
+      process.kill(process.pid, sig);
+    });
+  }
+}
 
 // Common Chromium binary paths by platform (Linux focus for POC)
 const CANDIDATES = [
@@ -75,6 +115,14 @@ export async function launch(opts = {}) {
     '--disable-sync',
     '--disable-translate',
     '--mute-audio',
+    // Force every iframe (same-origin included) into its own renderer so it
+    // gets a dedicated CDP session via Target.setAutoAttach. Without this,
+    // same-origin iframes stay in the parent process — getFullAXTree still
+    // works via frameId, but Input.dispatchMouseEvent on the parent session
+    // uses parent-viewport coords while DOM.getBoxModel for iframe-internal
+    // nodes returns frame-local coords, so clicks land off-target. The OOPIF
+    // path side-steps that: each frame has its own Input domain.
+    '--site-per-process',
     // Headless-only flags
     ...(!opts.headed ? ['--headless=new', '--hide-scrollbars'] : []),
     // Suppress permission prompts (location, notifications, camera, mic, etc.)
@@ -90,12 +138,14 @@ export async function launch(opts = {}) {
     args.push(`--proxy-server=${opts.proxy}`);
   }
 
+  // Track the temp profile dir only when we create one — caller-supplied dirs
+  // are the caller's to manage. ownedProfileDir gets rm'd in cleanupBrowser.
+  let ownedProfileDir = null;
   if (opts.userDataDir) {
     args.push(`--user-data-dir=${opts.userDataDir}`);
   } else {
-    // Use a unique temp profile so we don't lock the user's profile
-    // or conflict with parallel instances
-    args.push(`--user-data-dir=/tmp/barebrowse-${process.pid}-${Date.now()}`);
+    ownedProfileDir = `/tmp/barebrowse-${process.pid}-${Date.now()}`;
+    args.push(`--user-data-dir=${ownedProfileDir}`);
   }
 
   // about:blank as initial page
@@ -138,7 +188,52 @@ export async function launch(opts = {}) {
   // Extract port from wsUrl
   const actualPort = parseInt(new URL(wsUrl).port, 10);
 
-  return { wsUrl, process: child, port: actualPort };
+  const browser = { wsUrl, process: child, port: actualPort, ownedProfileDir };
+
+  // Register for parent-crash reaping. Auto-untrack on natural exit so
+  // a normally-exited browser doesn't leave a stale entry around.
+  registerExitHandlers();
+  activeBrowsers.add(browser);
+  child.once('exit', () => activeBrowsers.delete(browser));
+
+  return browser;
+}
+
+/**
+ * Kill a launched browser and remove its temp profile dir (if we created one).
+ * Waits up to 2s for the process to actually exit before unlinking the dir —
+ * Chromium can still hold files briefly after SIGTERM, which races rmSync.
+ * Safe to call on partially-failed launches or already-dead processes.
+ * @returns {Promise<void>}
+ */
+export async function cleanupBrowser(browser) {
+  if (!browser) return;
+  activeBrowsers.delete(browser);
+  if (browser.process && !browser.process.killed && browser.process.exitCode === null) {
+    const exited = new Promise((resolve) => {
+      const timer = setTimeout(resolve, 2000);
+      browser.process.once('exit', () => { clearTimeout(timer); resolve(); });
+    });
+    try { browser.process.kill(); } catch {}
+    await exited;
+  }
+  if (browser.ownedProfileDir) {
+    // Chromium can still flush files for ~hundreds of ms after exit; with
+    // --site-per-process (added in H2) every iframe is its own renderer
+    // process, each with its own pending file handles, so the old 10×100ms
+    // window (1s) wasn't always enough under parallel test load. Now
+    // 25×100ms (2.5s) plus a polling jitter to avoid every concurrent
+    // cleanup hammering at the same tick.
+    for (let i = 0; i < 25; i++) {
+      try {
+        rmSync(browser.ownedProfileDir, { recursive: true, force: true });
+        break;
+      } catch (err) {
+        if (err.code !== 'ENOTEMPTY' && err.code !== 'EBUSY') break;
+        await new Promise((r) => setTimeout(r, 100 + Math.floor(Math.random() * 50)));
+      }
+    }
+  }
 }
 
 /**
@@ -152,3 +247,18 @@ export async function getDebugUrl(port) {
   const data = await res.json();
   return data.webSocketDebuggerUrl;
 }
+
+/**
+ * Attach to a Chromium already running with --remote-debugging-port=<port>.
+ * Returns the same shape as launch() but with process: null and
+ * ownedProfileDir: null — cleanupBrowser() becomes a no-op so we never
+ * kill a browser we did not start or remove a profile we do not own.
+ * @param {object} opts
+ * @param {number} opts.port - The debug port the running browser is listening on
+ * @returns {Promise<{wsUrl: string, process: null, port: number, ownedProfileDir: null}>}
+ */
+export async function attach({ port }) {
+  if (!port) throw new Error('attach({ port }) requires a port number');
+  const wsUrl = await getDebugUrl(port);
+  return { wsUrl, process: null, port, ownedProfileDir: null };
+}

package/src/consent.js

@@ -290,14 +290,9 @@ function findAcceptButton(dialogId, nodes, nodeMap, parentMap) {
  * Only matches strong patterns (not single-word fallbacks) to avoid false positives.
  */
 function tryGlobalConsentButton(nodes, session) {
-  // Only use the specific multi-word patterns for global search
-  const strictPatterns = ACCEPT_PATTERNS.filter((p) => {
-    const src = p.source;
-    return src.includes('\\s') || src.includes('\\b.*\\b.*\\b');
-  });
-
-  // Actually, let's just use all non-single-word patterns
-  const safePatterns = ACCEPT_PATTERNS.slice(0, -3); // exclude ^accept$, ^agree$, ^ok$
+  // Multi-word patterns only — exclude the bare ^accept$/^agree$/^ok$ from
+  // ACCEPT_PATTERNS so we don't false-match unrelated buttons page-wide.
+  const safePatterns = ACCEPT_PATTERNS.slice(0, -3);
 
   for (const pattern of safePatterns) {
     for (const node of nodes) {

package/src/daemon.js

@@ -39,6 +39,7 @@ export async function startDaemon(opts, outputDir, initialUrl) {
   if (opts.proxy) args.push('--proxy', opts.proxy);
   if (opts.viewport) args.push('--viewport', opts.viewport);
   if (opts.storageState) args.push('--storage-state', opts.storageState);
+  if (opts.downloadPath) args.push('--download-path', opts.downloadPath);
 
   const child = spawn(process.execPath, args, {
     detached: true,
@@ -77,6 +78,7 @@ export async function runDaemon(opts, outputDir, initialUrl) {
     proxy: opts.proxy,
     viewport: opts.viewport,
     storageState: opts.storageState,
+    downloadPath: opts.downloadPath,
   });
 
   // Console log capture
@@ -208,6 +210,17 @@ export async function runDaemon(opts, outputDir, initialUrl) {
       return { ok: true };
     },
 
+    async reload({ ignoreCache }) {
+      await page.reload({ ignoreCache: !!ignoreCache });
+      return { ok: true };
+    },
+
+    async downloads() {
+      // Snapshot the array — callers want a static view at the moment of
+      // the request, not a reference that mutates under them.
+      return { ok: true, value: page.downloads.map((d) => ({ ...d })) };
+    },
+
     async drag({ fromRef, toRef }) {
       await page.drag(String(fromRef), String(toRef));
       return { ok: true };