npm - browser-mcp-lite - Versions diffs - 1.0.1 - Mend

browser-mcp-lite 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/index.js ADDED Viewed

@@ -0,0 +1,194 @@
+#!/usr/bin/env node
+import Fastify from 'fastify';
+import websocket from '@fastify/websocket';
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { randomUUID } from 'crypto';
+import { registerTools } from './tools.js';
+import { ensureToken } from './token.js';
+// --- Config ---
+const PORT = process.env.MCP_PORT || 12307;
+const HOST = '127.0.0.1';
+// --- Ensure token (auto-setup on first run) ---
+const { token: TOKEN, isNew } = ensureToken();
+// --- Extension connection state ---
+let extensionWs = null;
+const pendingRequests = new Map(); // id -> {resolve, reject, timer}
+let requestCounter = 0;
+export function sendToExtension(method, params = {}) {
+  return new Promise((resolve, reject) => {
+    if (!extensionWs || extensionWs.readyState !== 1) {
+      reject(new Error('Chrome Extension not connected. Open Chrome and click Connect.'));
+      return;
+    }
+    const id = ++requestCounter;
+    const timer = setTimeout(() => {
+      pendingRequests.delete(id);
+      reject(new Error(`Extension request timed out (${method})`));
+    }, 30000);
+    pendingRequests.set(id, { resolve, reject, timer });
+    extensionWs.send(JSON.stringify({ id, method, params }));
+  });
+}
+// --- Per-session MCP transport management ---
+const sessions = new Map(); // sessionId -> transport
+function createSessionTransport() {
+  const server = new McpServer({ name: 'browser-mcp-lite', version: '1.0.0' });
+  registerTools(server);
+  let sessionId = null;
+  const transport = new StreamableHTTPServerTransport({
+    sessionIdGenerator: () => randomUUID(),
+    onsessioninitialized: (id) => {
+      sessionId = id;
+      sessions.set(id, transport);
+      console.log(`[MCP] Session started: ${id.slice(0, 8)}...`);
+    },
+  });
+  transport.onclose = () => {
+    if (sessionId) {
+      sessions.delete(sessionId);
+      console.log(`[MCP] Session closed: ${sessionId.slice(0, 8)}...`);
+    }
+  };
+  server.connect(transport);
+  return transport;
+}
+// --- Fastify app ---
+const app = Fastify({ logger: false });
+await app.register(websocket);
+// Auth check — only for /mcp routes
+function checkAuth(request, reply) {
+  const auth = request.headers.authorization;
+  if (!auth || auth !== `Bearer ${TOKEN}`) {
+    reply.code(401).send({ error: 'Unauthorized' });
+    return false;
+  }
+  return true;
+}
+// MCP route — per-session transport management
+app.all('/mcp', async (request, reply) => {
+  if (!checkAuth(request, reply)) return;
+  const sessionId = request.headers['mcp-session-id'];
+  let transport = sessions.get(sessionId);
+  if (!transport) {
+    if (request.method === 'GET' || request.method === 'DELETE') {
+      reply.code(400).send({ jsonrpc: '2.0', error: { code: -32000, message: 'No active session' } });
+      return;
+    }
+    // POST without session -> new session (initialize request)
+    transport = createSessionTransport();
+  }
+  reply.hijack();
+  await transport.handleRequest(request.raw, reply.raw, request.body);
+});
+// Health check (no auth)
+app.get('/ping', async () => ({ status: 'ok', extension: extensionWs?.readyState === 1 }));
+// WebSocket endpoint for Chrome Extension
+// First message must be: { "type": "auth", "token": "<TOKEN>" }
+app.register(async function (fastify) {
+  fastify.get('/ws', { websocket: true }, (socket, request) => {
+    let authenticated = false;
+    // Auth timeout — close if no valid auth within 5 seconds
+    const authTimeout = setTimeout(() => {
+      if (!authenticated) {
+        console.log('[WS] Auth timeout — closing');
+        socket.close(4001, 'Auth timeout');
+      }
+    }, 5000);
+    socket.on('message', (raw) => {
+      let msg;
+      try { msg = JSON.parse(raw.toString()); } catch { return; }
+      // First message must be auth
+      if (!authenticated) {
+        if (msg.type === 'auth' && msg.token === TOKEN) {
+          authenticated = true;
+          clearTimeout(authTimeout);
+          // Close previous extension connection if any
+          if (extensionWs && extensionWs !== socket) {
+            extensionWs.close(4002, 'Replaced by new connection');
+          }
+          extensionWs = socket;
+          console.log('[WS] Extension authenticated and connected');
+          socket.send(JSON.stringify({ type: 'auth_ok' }));
+        } else {
+          console.log('[WS] Invalid auth — closing');
+          socket.close(4003, 'Invalid token');
+        }
+        return;
+      }
+      // Ignore pings
+      if (msg.type === 'ping') return;
+      const pending = pendingRequests.get(msg.id);
+      if (pending) {
+        clearTimeout(pending.timer);
+        pendingRequests.delete(msg.id);
+        if (msg.error) {
+          pending.reject(new Error(msg.error));
+        } else {
+          pending.resolve(msg.result);
+        }
+      }
+    });
+    socket.on('close', () => {
+      clearTimeout(authTimeout);
+      if (extensionWs === socket) {
+        console.log('[WS] Extension disconnected');
+        extensionWs = null;
+        for (const [id, pending] of pendingRequests) {
+          clearTimeout(pending.timer);
+          pending.reject(new Error('Extension disconnected'));
+          pendingRequests.delete(id);
+        }
+      }
+    });
+  });
+});
+// --- Start ---
+await app.listen({ port: PORT, host: HOST });
+const mcpUrl = `http://${HOST}:${PORT}/mcp`;
+const wsUrl = `ws://${HOST}:${PORT}/ws`;
+const sep = '\u2501'.repeat(53);
+console.log(`[browser-mcp-lite] MCP server: ${mcpUrl}`);
+console.log(`[browser-mcp-lite] WebSocket:  ${wsUrl}`);
+if (isNew) console.log('\n\u26A0 First run \u2014 new token generated');
+console.log(`\n\u2501\u2501\u2501 Auth Token (paste into Chrome Extension popup) \u2501\u2501\u2501`);
+console.log(TOKEN);
+console.log(sep);
+console.log(`\n\u2501\u2501\u2501 MCP Client Config (save as .mcp.json) \u2501\u2501\u2501`);
+console.log(JSON.stringify({
+  mcpServers: {
+    browser: {
+      type: 'http',
+      url: mcpUrl,
+      headers: { Authorization: `Bearer ${TOKEN}` },
+    },
+  },
+}, null, 2));
+console.log(sep);
+console.log('\n[browser-mcp-lite] Waiting for Chrome Extension...');

package/package.json ADDED Viewed

@@ -0,0 +1,27 @@
+{
+  "name": "browser-mcp-lite",
+  "version": "1.0.1",
+  "description": "Minimal, auth-secured MCP server for real browser access",
+  "type": "module",
+  "main": "index.js",
+  "bin": {
+    "browser-mcp-lite": "index.js"
+  },
+  "files": [
+    "index.js",
+    "token.js",
+    "setup.js",
+    "tools.js"
+  ],
+  "scripts": {
+    "start": "node index.js",
+    "setup": "node setup.js"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "fastify": "^5.0.0",
+    "@fastify/websocket": "^11.0.0",
+    "zod": "^3.25.0"
+  },
+  "license": "MIT"
+}

package/setup.js ADDED Viewed

@@ -0,0 +1,30 @@
+import { ensureToken } from './token.js';
+const PORT = process.env.MCP_PORT || 12307;
+const HOST = '127.0.0.1';
+const mcpUrl = `http://${HOST}:${PORT}/mcp`;
+const sep = '\u2501'.repeat(53);
+const { token, isNew } = ensureToken();
+if (isNew) {
+  console.log('\u26A0 New token generated');
+} else {
+  console.log('Token already exists');
+}
+console.log(`\n\u2501\u2501\u2501 Auth Token (paste into Chrome Extension popup) \u2501\u2501\u2501`);
+console.log(token);
+console.log(sep);
+console.log(`\n\u2501\u2501\u2501 MCP Client Config (save as .mcp.json) \u2501\u2501\u2501`);
+console.log(JSON.stringify({
+  mcpServers: {
+    browser: {
+      type: 'http',
+      url: mcpUrl,
+      headers: { Authorization: `Bearer ${token}` },
+    },
+  },
+}, null, 2));
+console.log(sep);

package/token.js ADDED Viewed

@@ -0,0 +1,36 @@
+import { randomBytes } from 'crypto';
+import { readFileSync, writeFileSync, chmodSync } from 'fs';
+import { homedir } from 'os';
+import { join } from 'path';
+const secretsPath = join(homedir(), '.browser-mcp-secrets.json');
+/** Read token from ~/.browser-mcp-secrets.json, or null if missing/invalid. */
+export function loadToken() {
+  try {
+    const secrets = JSON.parse(readFileSync(secretsPath, 'utf8'));
+    return secrets.token && secrets.token.length >= 32 ? secrets.token : null;
+  } catch {
+    return null;
+  }
+}
+/** Load token; generate if missing. Always enforces 600 permissions. Returns { token, isNew }. */
+export function ensureToken() {
+  const existing = loadToken();
+  if (existing) {
+    // Enforce permissions on every startup (file may have been loosened)
+    try { chmodSync(secretsPath, 0o600); } catch { /* may not own file */ }
+    return { token: existing, isNew: false };
+  }
+  const token = randomBytes(32).toString('hex');
+  let secrets = {};
+  try { secrets = JSON.parse(readFileSync(secretsPath, 'utf8')); } catch { /* fresh */ }
+  secrets.token = token;
+  writeFileSync(secretsPath, JSON.stringify(secrets, null, 2) + '\n', 'utf8');
+  chmodSync(secretsPath, 0o600);
+  return { token, isNew: true };
+}

package/tools.js ADDED Viewed

@@ -0,0 +1,60 @@
+import { z } from 'zod';
+import { sendToExtension } from './index.js';
+export function registerTools(server) {
+  // --- list_tabs ---
+  server.tool('list_tabs', 'List all open browser tabs with their URLs and titles', async () => {
+    const tabs = await sendToExtension('list_tabs');
+    return { content: [{ type: 'text', text: JSON.stringify(tabs, null, 2) }] };
+  });
+  // --- read_page ---
+  // URL restriction is enforced by the extension (single source of truth).
+  server.tool(
+    'read_page',
+    'Read the DOM structure of a browser tab as an accessibility tree',
+    { tabId: z.number().optional().describe('Tab ID to read. Defaults to the active tab.') },
+    async ({ tabId }) => {
+      const result = await sendToExtension('read_page', { tabId });
+      return { content: [{ type: 'text', text: result }] };
+    }
+  );
+  // --- screenshot ---
+  server.tool(
+    'screenshot',
+    'Capture a screenshot of the visible area of a browser tab',
+    { tabId: z.number().optional().describe('Tab ID to capture. Defaults to the active tab.') },
+    async ({ tabId }) => {
+      const dataUrl = await sendToExtension('screenshot', { tabId });
+      const base64 = dataUrl.replace(/^data:image\/png;base64,/, '');
+      return { content: [{ type: 'image', data: base64, mimeType: 'image/png' }] };
+    }
+  );
+  // --- focus_tab ---
+  server.tool(
+    'focus_tab',
+    'Switch to a specific browser tab (bring it to the foreground)',
+    { tabId: z.number().describe('Tab ID to focus.') },
+    async ({ tabId }) => {
+      await sendToExtension('focus_tab', { tabId });
+      return { content: [{ type: 'text', text: `Focused tab ${tabId}` }] };
+    }
+  );
+  // --- inject_script ---
+  server.tool(
+    'inject_script',
+    'Execute custom JavaScript code in a browser tab and return the result',
+    {
+      code: z.string().max(10000).describe('JavaScript code to execute (max 10,000 chars). Must return a JSON-serializable value.'),
+      tabId: z.number().optional().describe('Tab ID to inject into. Defaults to the active tab.'),
+    },
+    async ({ code, tabId }) => {
+      const result = await sendToExtension('inject_script', { code, tabId });
+      return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] };
+    }
+  );
+}