browser-use 0.6.0 → 0.7.0

package/dist/mcp/redaction.js

@@ -0,0 +1,132 @@
+const REDACTED_VALUE = '<redacted>';
+const isSensitiveMcpArgumentKey = (key) => {
+    const normalized = key.toLowerCase().replace(/[^a-z0-9]/g, '');
+    return [
+        'password',
+        'passwd',
+        'pwd',
+        'secret',
+        'token',
+        'apikey',
+        'accesskey',
+        'secretkey',
+        'credential',
+        'credentials',
+        'authorization',
+        'cookie',
+        'session',
+    ].some((candidate) => normalized.includes(candidate));
+};
+const redactStringForMcpLog = (value) => {
+    const trimmed = value.trim();
+    if (/^(bearer|basic)\s+\S+/i.test(trimmed)) {
+        return REDACTED_VALUE;
+    }
+    if (trimmed.startsWith('data:')) {
+        return 'data:<redacted>';
+    }
+    if (trimmed.startsWith('blob:')) {
+        try {
+            const parsed = new URL(trimmed.slice('blob:'.length));
+            return parsed.origin && parsed.origin !== 'null'
+                ? `blob:${parsed.origin}/<redacted>`
+                : 'blob:<redacted>';
+        }
+        catch {
+            return 'blob:<redacted>';
+        }
+    }
+    try {
+        const parsed = new URL(trimmed);
+        if (parsed.search || parsed.hash) {
+            return `${parsed.origin}${parsed.pathname}${parsed.search ? '?<redacted>' : ''}${parsed.hash ? '#<redacted>' : ''}`;
+        }
+    }
+    catch {
+        // Not a URL; keep regular non-sensitive strings unchanged.
+    }
+    const assignmentMatch = trimmed.match(/^([^:=\s][^:=]*?)([:=])\s*(.+)$/);
+    if (assignmentMatch) {
+        const [, key, separator, assignedValue] = assignmentMatch;
+        if (isSensitiveMcpArgumentKey(key)) {
+            return `${key}${separator}${REDACTED_VALUE}`;
+        }
+        const redactedAssignedValue = redactStringForMcpLog(assignedValue);
+        if (redactedAssignedValue !== assignedValue) {
+            return `${key}${separator}${redactedAssignedValue}`;
+        }
+    }
+    return value;
+};
+const redactMcpProcessArgs = (args) => {
+    const redactedArgs = [];
+    let redactNext = false;
+    for (const arg of args) {
+        if (redactNext) {
+            redactedArgs.push(REDACTED_VALUE);
+            redactNext = false;
+            continue;
+        }
+        const assignmentIndex = arg.indexOf('=');
+        const argName = assignmentIndex >= 0 ? arg.slice(0, assignmentIndex) : arg;
+        if (argName.startsWith('-') && isSensitiveMcpArgumentKey(argName)) {
+            if (assignmentIndex >= 0) {
+                redactedArgs.push(`${argName}=${REDACTED_VALUE}`);
+            }
+            else {
+                redactedArgs.push(arg);
+                redactNext = true;
+            }
+            continue;
+        }
+        redactedArgs.push(redactStringForMcpLog(arg));
+    }
+    return redactedArgs;
+};
+export const formatMcpCommandForLog = (command, args) => [command, ...redactMcpProcessArgs(args)].filter(Boolean).join(' ');
+export const redactMcpLogMessage = (value) => {
+    let message = value instanceof Error
+        ? value.message
+        : typeof value === 'string'
+            ? value
+            : String(value);
+    message = message.replace(/https?:\/\/[^\s"'<>]+/gi, (match) => redactStringForMcpLog(match));
+    message = message.replace(/\bdata:\S+/gi, () => 'data:<redacted>');
+    message = message.replace(/\bblob:[^\s"'<>]+/gi, (match) => redactStringForMcpLog(match));
+    message = message.replace(/\b(Bearer|Basic)\s+[^\s,;]+/gi, (_match, scheme) => `${scheme} ${REDACTED_VALUE}`);
+    message = message.replace(/\b([A-Za-z0-9_.-]*(?:password|passwd|pwd|secret|token|api[_-]?key|access[_-]?key|secret[_-]?key|credential|authorization|cookie|session)[A-Za-z0-9_.-]*)\s*([:=])\s*([^\s,;]+)/gi, (_match, key, separator) => `${key}${separator}${REDACTED_VALUE}`);
+    return message;
+};
+const redactMcpToolArgs = (value, seen = new WeakSet()) => {
+    if (value == null) {
+        return value;
+    }
+    if (typeof value === 'string') {
+        return redactStringForMcpLog(value);
+    }
+    if (typeof value !== 'object') {
+        return value;
+    }
+    if (seen.has(value)) {
+        return '[Circular]';
+    }
+    seen.add(value);
+    if (Array.isArray(value)) {
+        return value.map((item) => redactMcpToolArgs(item, seen));
+    }
+    const result = {};
+    for (const [key, item] of Object.entries(value)) {
+        result[key] = isSensitiveMcpArgumentKey(key)
+            ? REDACTED_VALUE
+            : redactMcpToolArgs(item, seen);
+    }
+    return result;
+};
+export const formatMcpToolArgsForLog = (args) => {
+    try {
+        return JSON.stringify(redactMcpToolArgs(args));
+    }
+    catch {
+        return '[unserializable]';
+    }
+};

package/dist/mcp/server.d.ts

@@ -53,6 +53,7 @@ export declare class MCPServer {
     private activeSessions;
     private sessionTimeoutMinutes;
     private sessionCleanupInterval;
+    private restoreConsoleRedirect;
     constructor(name: string, version: string);
     private resolvePath;
     private getDefaultProfileConfig;
@@ -61,6 +62,7 @@ export declare class MCPServer {
     private seedOpenAiApiKeyFromConfig;
     private createLlmFromModelName;
     private sanitizeProfileConfig;
+    private normalizeDomainList;
     private buildDirectSessionProfile;
     private buildRetryProfile;
     private initializeLlmForDirectTools;

package/dist/mcp/server.js

@@ -42,15 +42,22 @@ import { zodSchemaToJsonSchema } from '../llm/schema.js';
 import { productTelemetry } from '../telemetry/service.js';
 import { MCPServerTelemetryEvent } from '../telemetry/views.js';
 import { get_browser_use_version } from '../utils.js';
-// Redirect console logs to stderr to prevent JSON-RPC interference
-const originalLog = console.log;
-const originalInfo = console.info;
-const originalWarn = console.warn;
-const originalError = console.error;
-console.log = (...args) => console.error(...args);
-console.info = (...args) => console.error(...args);
-console.warn = (...args) => console.error(...args);
+import { redactMcpLogMessage } from './redaction.js';
 const logger = createLogger('browser_use.mcp.server');
+const redirectConsoleToStderr = () => {
+    const originalLog = console.log;
+    const originalInfo = console.info;
+    const originalWarn = console.warn;
+    const writeToStderr = (...args) => console.error(...args);
+    console.log = writeToStderr;
+    console.info = writeToStderr;
+    console.warn = writeToStderr;
+    return () => {
+        console.log = originalLog;
+        console.info = originalInfo;
+        console.warn = originalWarn;
+    };
+};
 export class MCPServer {
     server;
     tools = {};
@@ -68,6 +75,7 @@ export class MCPServer {
     activeSessions = new Map();
     sessionTimeoutMinutes = 10;
     sessionCleanupInterval = null;
+    restoreConsoleRedirect = null;
     constructor(name, version) {
         this.server = new Server({
             name,
@@ -130,6 +138,20 @@ export class MCPServer {
         delete sanitized.created_at;
         return sanitized;
     }
+    normalizeDomainList(value) {
+        const entries = value instanceof Set
+            ? Array.from(value)
+            : Array.isArray(value)
+                ? value
+                : null;
+        if (!entries) {
+            return null;
+        }
+        const normalized = entries
+            .map((entry) => String(entry).trim())
+            .filter(Boolean);
+        return normalized.length > 0 ? normalized : null;
+    }
     buildDirectSessionProfile(profileConfig) {
         const merged = {
             downloads_path: '~/Downloads/browser-use-mcp',
@@ -164,7 +186,11 @@ export class MCPServer {
         const merged = {
             ...this.sanitizeProfileConfig(profileConfig),
         };
-        if (allowedDomains !== undefined) {
+        const configuredAllowedDomains = this.normalizeDomainList(merged.allowed_domains);
+        if (configuredAllowedDomains) {
+            merged.allowed_domains = configuredAllowedDomains;
+        }
+        else if (allowedDomains !== undefined) {
             merged.allowed_domains = allowedDomains;
         }
         if (merged.keep_alive == null) {
@@ -200,7 +226,7 @@ export class MCPServer {
             this.llm = this.createLlmFromModelName(model, llmConfig);
         }
         catch (error) {
-            logger.debug(`Skipping MCP direct-tools LLM initialization for model "${model}": ${error instanceof Error ? error.message : String(error)}`);
+            logger.debug(`Skipping MCP direct-tools LLM initialization for model "${model}": ${redactMcpLogMessage(error)}`);
         }
     }
     initializeFileSystem(profileConfig) {
@@ -314,7 +340,7 @@ export class MCPServer {
             return {
                 session_id: sessionId,
                 closed: false,
-                message: `Failed to close session ${sessionId}: ${error instanceof Error ? error.message : String(error)}`,
+                message: `Failed to close session ${sessionId}: ${redactMcpLogMessage(error)}`,
             };
         }
     }
@@ -350,7 +376,7 @@ export class MCPServer {
         }
         this.sessionCleanupInterval = setInterval(() => {
             this.cleanupExpiredSessions().catch((error) => {
-                logger.warning(`MCP session cleanup failed: ${error instanceof Error ? error.message : String(error)}`);
+                logger.warning(`MCP session cleanup failed: ${redactMcpLogMessage(error)}`);
             });
         }, 120_000);
         // Do not keep the Node process alive solely because of the cleanup loop.
@@ -448,7 +474,7 @@ export class MCPServer {
             }
             catch (error) {
                 this.errorCount++;
-                errorMsg = error instanceof Error ? error.message : String(error);
+                errorMsg = redactMcpLogMessage(error);
                 logger.error(`Tool execution failed: ${errorMsg}`);
                 return {
                     content: [
@@ -594,8 +620,15 @@ export class MCPServer {
                 : null;
             if (locator && typeof locator.click === 'function') {
                 const modifier = process.platform === 'darwin' ? 'Meta' : 'Control';
-                await locator.click({ modifiers: [modifier] });
-                await new Promise((resolve) => setTimeout(resolve, 500));
+                const pageBeforeClick = await browserSession.get_current_page();
+                try {
+                    await locator.click({ modifiers: [modifier] });
+                    await new Promise((resolve) => setTimeout(resolve, 500));
+                }
+                finally {
+                    const pageAfterClick = (await browserSession.get_current_page()) ?? pageBeforeClick;
+                    await browserSession.validate_page_after_action(pageAfterClick);
+                }
                 return `Clicked element ${index} with ${modifier} key (new tab if supported)`;
             }
             // Fallback: if no href exists, perform a normal click.
@@ -726,7 +759,7 @@ export class MCPServer {
             task: z.string(),
             max_steps: z.number().int().optional().default(100),
             model: z.string().optional(),
-            allowed_domains: z.array(z.string()).optional().default([]),
+            allowed_domains: z.array(z.string()).optional(),
             use_vision: z.boolean().optional().default(true),
         }), async (args) => {
             const task = String(args?.task ?? '').trim();
@@ -736,11 +769,12 @@ export class MCPServer {
             const requestedModel = typeof args?.model === 'string' ? args.model.trim() : '';
             const maxSteps = Number(args?.max_steps ?? 100);
             const useVision = Boolean(args?.use_vision ?? true);
-            const allowedDomains = Array.isArray(args?.allowed_domains)
+            const allowedDomainValues = Array.isArray(args?.allowed_domains)
                 ? args.allowed_domains
                     .map((entry) => String(entry).trim())
                     .filter(Boolean)
                 : [];
+            const allowedDomains = allowedDomainValues.length > 0 ? allowedDomainValues : undefined;
             const llmConfig = this.getDefaultLlmConfig();
             const configuredModel = typeof llmConfig.model === 'string' && llmConfig.model.trim()
                 ? llmConfig.model.trim()
@@ -751,7 +785,7 @@ export class MCPServer {
                 llm = this.createLlmFromModelName(llmModel, llmConfig);
             }
             catch (error) {
-                return `Error: Failed to initialize LLM "${llmModel}": ${error instanceof Error ? error.message : String(error)}`;
+                return `Error: Failed to initialize LLM "${llmModel}": ${redactMcpLogMessage(error)}`;
             }
             const profileConfig = this.getDefaultProfileConfig();
             const profile = this.buildRetryProfile(profileConfig, allowedDomains);
@@ -769,8 +803,7 @@ export class MCPServer {
                 return this.formatRetryResult(history);
             }
             catch (error) {
-                const message = error instanceof Error ? error.message : String(error);
-                return `Agent task failed: ${message}`;
+                return `Agent task failed: ${redactMcpLogMessage(error)}`;
             }
             finally {
                 await agent.close();
@@ -891,6 +924,7 @@ export class MCPServer {
             logger.warning('MCP Server is already running');
             return;
         }
+        this.restoreConsoleRedirect ??= redirectConsoleToStderr();
         // Capture telemetry for server start
         productTelemetry.capture(new MCPServerTelemetryEvent({
             version: get_browser_use_version(),
@@ -905,7 +939,9 @@ export class MCPServer {
         }
         catch (error) {
             this.isRunning = false;
-            logger.error(`Failed to start MCP server: ${error}`);
+            this.restoreConsoleRedirect?.();
+            this.restoreConsoleRedirect = null;
+            logger.error(`Failed to start MCP server: ${redactMcpLogMessage(error)}`);
             throw error;
         }
     }
@@ -915,6 +951,8 @@ export class MCPServer {
     async stop() {
         if (!this.isRunning) {
             logger.warning('MCP Server is not running');
+            this.restoreConsoleRedirect?.();
+            this.restoreConsoleRedirect = null;
             return;
         }
         try {
@@ -943,7 +981,11 @@ export class MCPServer {
             logger.info(`🔌 MCP Server stopped (uptime: ${Math.floor(stats.uptime)}s, executions: ${stats.executionCount}, success rate: ${(stats.successRate * 100).toFixed(1)}%)`);
         }
         catch (error) {
-            logger.error(`Error stopping MCP server: ${error}`);
+            logger.error(`Error stopping MCP server: ${redactMcpLogMessage(error)}`);
+        }
+        finally {
+            this.restoreConsoleRedirect?.();
+            this.restoreConsoleRedirect = null;
         }
     }
     /**

package/dist/observability.js

@@ -1,7 +1,7 @@
 import { createRequire } from 'node:module';
 import { config as loadEnv } from 'dotenv';
 import { createLogger } from './logging-config.js';
-loadEnv();
+loadEnv({ quiet: true });
 const require = createRequire(import.meta.url);
 const logger = createLogger('browser_use.observability');
 let lmnrObserve = null;

package/dist/screenshots/service.js

@@ -1,16 +1,39 @@
 import fs from 'node:fs';
 import path from 'node:path';
 const decodeBase64 = (data) => Buffer.from(data, 'base64');
+const chmodPrivatePath = (targetPath, mode) => {
+    if (process.platform === 'win32') {
+        return;
+    }
+    try {
+        fs.chmodSync(targetPath, mode);
+    }
+    catch {
+        /* best effort */
+    }
+};
+const createPrivateDirectory = (dirPath) => {
+    fs.mkdirSync(dirPath, { recursive: true, mode: 0o700 });
+    chmodPrivatePath(dirPath, 0o700);
+};
+const chmodPrivateFile = async (filePath) => {
+    if (process.platform !== 'win32') {
+        await fs.promises.chmod(filePath, 0o600);
+    }
+};
 export class ScreenshotService {
     screenshotsDir;
     constructor(agentDirectory) {
         this.screenshotsDir = path.join(agentDirectory, 'screenshots');
-        fs.mkdirSync(this.screenshotsDir, { recursive: true });
+        createPrivateDirectory(this.screenshotsDir);
     }
     async store_screenshot(screenshot_b64, step_number) {
         const filename = `step_${step_number}.png`;
         const filepath = path.join(this.screenshotsDir, filename);
-        await fs.promises.writeFile(filepath, decodeBase64(screenshot_b64));
+        await fs.promises.writeFile(filepath, decodeBase64(screenshot_b64), {
+            mode: 0o600,
+        });
+        await chmodPrivateFile(filepath);
         return filepath;
     }
     async get_screenshot(screenshot_path) {

package/dist/skill-cli/direct.d.ts

@@ -59,11 +59,14 @@ interface DirectSessionLike {
     go_forward?: () => Promise<unknown>;
     get_page_html?: () => Promise<string>;
     execute_javascript?: (script: string) => Promise<unknown>;
+    validate_page_after_action?: (page: any) => Promise<unknown>;
     switch_to_tab?: (identifier: number | string) => Promise<unknown>;
     close_tab?: (identifier: number | string) => Promise<unknown>;
     select_dropdown_option?: (node: any, value: string) => Promise<unknown>;
     wait_for_element?: (selector: string, timeout: number) => Promise<unknown>;
-    get_cookies?: () => Promise<any[]>;
+    get_cookies?: (options?: {
+        include_blocked?: boolean;
+    }) => Promise<any[]>;
 }
 export interface DirectCliEnvironment {
     state_file?: string;