npm - browser-use - Versions diffs - 0.6.0 → 0.7.0 - Mend

browser-use 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

package/README.md +29 -18
package/dist/actor/element.js +24 -3
package/dist/actor/mouse.js +21 -3
package/dist/actor/page.js +33 -11
package/dist/agent/gif.js +28 -3
package/dist/agent/message-manager/service.js +2 -22
package/dist/agent/message-manager/utils.js +15 -2
package/dist/agent/message-manager/views.d.ts +7 -7
package/dist/agent/message-manager/views.js +1 -0
package/dist/agent/prompts.d.ts +3 -0
package/dist/agent/prompts.js +22 -12
package/dist/agent/service.d.ts +9 -1
package/dist/agent/service.js +215 -81
package/dist/agent/system_prompt.md +12 -11
package/dist/agent/system_prompt_anthropic_flash.md +6 -5
package/dist/agent/system_prompt_no_thinking.md +12 -11
package/dist/agent/views.d.ts +2 -0
package/dist/agent/views.js +48 -36
package/dist/browser/extensions.js +20 -10
package/dist/browser/profile.d.ts +4 -0
package/dist/browser/profile.js +107 -4
package/dist/browser/session.d.ts +28 -1
package/dist/browser/session.js +1436 -528
package/dist/browser/watchdogs/default-action-watchdog.js +32 -3
package/dist/browser/watchdogs/downloads-watchdog.d.ts +4 -0
package/dist/browser/watchdogs/downloads-watchdog.js +105 -9
package/dist/browser/watchdogs/har-recording-watchdog.d.ts +1 -0
package/dist/browser/watchdogs/har-recording-watchdog.js +54 -2
package/dist/browser/watchdogs/permissions-watchdog.d.ts +5 -0
package/dist/browser/watchdogs/permissions-watchdog.js +106 -3
package/dist/browser/watchdogs/recording-watchdog.d.ts +2 -0
package/dist/browser/watchdogs/recording-watchdog.js +54 -2
package/dist/browser/watchdogs/security-watchdog.d.ts +1 -0
package/dist/browser/watchdogs/security-watchdog.js +47 -7
package/dist/browser/watchdogs/storage-state-watchdog.d.ts +6 -0
package/dist/browser/watchdogs/storage-state-watchdog.js +206 -14
package/dist/cli.d.ts +13 -2
package/dist/cli.js +188 -8
package/dist/code-use/namespace.js +52 -7
package/dist/code-use/notebook-export.js +18 -2
package/dist/code-use/service.js +1 -0
package/dist/config.js +27 -5
package/dist/controller/action-timeout.d.ts +9 -0
package/dist/controller/action-timeout.js +95 -0
package/dist/controller/registry/service.d.ts +1 -0
package/dist/controller/registry/service.js +28 -1
package/dist/controller/registry/views.d.ts +2 -0
package/dist/controller/registry/views.js +44 -17
package/dist/controller/service.d.ts +2 -1
package/dist/controller/service.js +494 -329
package/dist/filesystem/file-system.js +38 -8
package/dist/integrations/gmail/service.js +30 -6
package/dist/llm/browser-use/chat.js +2 -2
package/dist/llm/codex/auth.d.ts +118 -0
package/dist/llm/codex/auth.js +599 -0
package/dist/llm/codex/chat.d.ts +70 -0
package/dist/llm/codex/chat.js +392 -0
package/dist/llm/codex/index.d.ts +2 -0
package/dist/llm/codex/index.js +2 -0
package/dist/llm/google/chat.js +18 -1
package/dist/logging-config.js +22 -11
package/dist/mcp/client.d.ts +1 -0
package/dist/mcp/client.js +12 -10
package/dist/mcp/redaction.d.ts +3 -0
package/dist/mcp/redaction.js +132 -0
package/dist/mcp/server.d.ts +2 -0
package/dist/mcp/server.js +64 -22
package/dist/observability.js +1 -1
package/dist/screenshots/service.js +25 -2
package/dist/skill-cli/direct.d.ts +4 -1
package/dist/skill-cli/direct.js +260 -64
package/dist/skill-cli/server.d.ts +1 -0
package/dist/skill-cli/server.js +115 -25
package/dist/skill-cli/tunnel.d.ts +1 -0
package/dist/skill-cli/tunnel.js +16 -4
package/dist/sync/auth.js +22 -9
package/dist/telemetry/service.js +21 -2
package/dist/telemetry/views.js +31 -8
package/dist/tokens/custom-pricing.js +2 -2
package/dist/tokens/openrouter-pricing.d.ts +11 -0
package/dist/tokens/openrouter-pricing.js +102 -0
package/dist/tokens/service.js +20 -16
package/dist/utils.d.ts +3 -1
package/dist/utils.js +4 -2
package/package.json +75 -33

package/dist/browser/watchdogs/security-watchdog.js CHANGED Viewed

@@ -1,5 +1,26 @@
 import { BrowserErrorEvent, CloseTabEvent, NavigateToUrlEvent, NavigationCompleteEvent, TabCreatedEvent, } from '../events.js';
 import { BaseWatchdog } from './base.js';
+const redactUrlForError = (url) => {
+    try {
+        const parsed = new URL(url);
+        if (parsed.protocol === 'data:') {
+            return 'data:<redacted>';
+        }
+        if (parsed.protocol === 'blob:') {
+            return parsed.origin && parsed.origin !== 'null'
+                ? `blob:${parsed.origin}/<redacted>`
+                : 'blob:<redacted>';
+        }
+        return `${parsed.origin}${parsed.pathname}${parsed.search ? '?<redacted>' : ''}${parsed.hash ? '#<redacted>' : ''}`;
+    }
+    catch {
+        const queryIndex = url.indexOf('?');
+        const hashIndex = url.indexOf('#');
+        const cutoffCandidates = [queryIndex, hashIndex].filter((index) => index >= 0);
+        const cutoff = cutoffCandidates.length > 0 ? Math.min(...cutoffCandidates) : url.length;
+        return `${url.slice(0, cutoff)}${queryIndex >= 0 ? '?<redacted>' : ''}${hashIndex >= 0 ? '#<redacted>' : ''}`;
+    }
+};
 export class SecurityWatchdog extends BaseWatchdog {
     static LISTENS_TO = [
         NavigateToUrlEvent,
@@ -12,30 +33,38 @@ export class SecurityWatchdog extends BaseWatchdog {
         if (!denialReason) {
             return;
         }
+        const safeUrl = redactUrlForError(event.url);
         await this.event_bus.dispatch(new BrowserErrorEvent({
             error_type: 'NavigationBlocked',
-            message: `Navigation blocked to disallowed URL: ${event.url}`,
+            message: `Navigation blocked to disallowed URL: ${safeUrl}`,
             details: {
-                url: event.url,
+                url: safeUrl,
                 reason: denialReason,
             },
         }));
-        throw new Error(`Navigation to ${event.url} blocked by security policy`);
+        throw new Error(`Navigation to ${safeUrl} blocked by security policy`);
     }
     async on_NavigationCompleteEvent(event) {
         const denialReason = this._getUrlDenialReason(event.url);
         if (!denialReason) {
             return;
         }
+        const safeUrl = redactUrlForError(event.url);
         await this.event_bus.dispatch(new BrowserErrorEvent({
             error_type: 'NavigationBlocked',
-            message: `Navigation blocked to non-allowed URL: ${event.url} - redirecting to about:blank`,
+            message: `Navigation blocked to non-allowed URL: ${safeUrl}`,
             details: {
-                url: event.url,
+                url: safeUrl,
                 target_id: event.target_id,
                 reason: denialReason,
             },
         }));
+        if (!this._isActiveTarget(event.target_id)) {
+            await this.event_bus.dispatch(new CloseTabEvent({
+                target_id: event.target_id,
+            }));
+            return;
+        }
         try {
             await this.browser_session.navigate_to('about:blank');
         }
@@ -48,11 +77,12 @@ export class SecurityWatchdog extends BaseWatchdog {
         if (!denialReason) {
             return;
         }
+        const safeUrl = redactUrlForError(event.url);
         await this.event_bus.dispatch(new BrowserErrorEvent({
             error_type: 'TabCreationBlocked',
-            message: `Tab created with non-allowed URL: ${event.url}`,
+            message: `Tab created with non-allowed URL: ${safeUrl}`,
             details: {
-                url: event.url,
+                url: safeUrl,
                 target_id: event.target_id,
                 reason: denialReason,
             },
@@ -81,4 +111,14 @@ export class SecurityWatchdog extends BaseWatchdog {
         }
         return null;
     }
+    _isActiveTarget(targetId) {
+        if (!targetId) {
+            return true;
+        }
+        const activeTab = this.browser_session.active_tab;
+        if (!activeTab) {
+            return true;
+        }
+        return activeTab.target_id === targetId || activeTab.tab_id === targetId;
+    }
 }

package/dist/browser/watchdogs/storage-state-watchdog.d.ts CHANGED Viewed

@@ -19,6 +19,12 @@ export declare class StorageStateWatchdog extends BaseWatchdog {
     private _snapshotStorageState;
     private _readStoredState;
     private _mergeStorageStates;
+    private _filterStorageStateForSave;
+    private _hasUrlAccessRestrictions;
     private _applyOriginsStorage;
+    private _getOriginDenialReason;
+    private _filterCookies;
+    private _filterOrigins;
+    private _getCookieDenialReason;
     private _normalizeStorageEntries;
 }

package/dist/browser/watchdogs/storage-state-watchdog.js CHANGED Viewed

@@ -2,6 +2,59 @@ import fs from 'node:fs';
 import path from 'node:path';
 import { BrowserConnectedEvent, BrowserStopEvent, LoadStorageStateEvent, SaveStorageStateEvent, StorageStateLoadedEvent, StorageStateSavedEvent, } from '../events.js';
 import { BaseWatchdog } from './base.js';
+const chmodPrivateFile = (filePath) => {
+    if (process.platform === 'win32') {
+        return;
+    }
+    fs.chmodSync(filePath, 0o600);
+};
+const ensurePrivateDirectoryIfCreated = (dirPath) => {
+    const existed = fs.existsSync(dirPath);
+    fs.mkdirSync(dirPath, { recursive: true, mode: 0o700 });
+    if (!existed && process.platform !== 'win32') {
+        fs.chmodSync(dirPath, 0o700);
+    }
+};
+const redactUrlForLogging = (url) => {
+    const raw = String(url ?? '');
+    if (!raw) {
+        return raw;
+    }
+    if (/^data:/i.test(raw)) {
+        return 'data:<redacted>';
+    }
+    try {
+        const parsed = new URL(raw);
+        parsed.username = '';
+        parsed.password = '';
+        const [withoutHash] = parsed.href.split('#', 1);
+        const [withoutQuery] = withoutHash.split('?', 1);
+        return `${withoutQuery}${parsed.search ? '?<redacted>' : ''}${parsed.hash ? '#<redacted>' : ''}`;
+    }
+    catch {
+        const queryIndex = raw.indexOf('?');
+        const hashIndex = raw.indexOf('#');
+        const firstSensitiveIndex = [queryIndex, hashIndex]
+            .filter((index) => index >= 0)
+            .sort((a, b) => a - b)[0];
+        if (firstSensitiveIndex === undefined) {
+            return raw;
+        }
+        return `${raw.slice(0, firstSensitiveIndex)}${queryIndex >= 0 ? '?<redacted>' : ''}${hashIndex >= 0 ? '#<redacted>' : ''}`;
+    }
+};
+const sameOrigin = (left, right) => {
+    try {
+        return new URL(left).origin === new URL(right).origin;
+    }
+    catch {
+        return false;
+    }
+};
+const writePrivateFile = (filePath, contents) => {
+    fs.writeFileSync(filePath, contents, { encoding: 'utf-8', mode: 0o600 });
+    chmodPrivateFile(filePath);
+};
 export class StorageStateWatchdog extends BaseWatchdog {
     static LISTENS_TO = [
         BrowserConnectedEvent,
@@ -34,25 +87,27 @@ export class StorageStateWatchdog extends BaseWatchdog {
         }
         const storageState = (await browserContext.storageState());
         const normalized = storageState ?? {};
-        const merged = this._mergeStorageStates(this._readStoredState(targetPath), {
+        const merged = this._filterStorageStateForSave(this._mergeStorageStates(this._readStoredState(targetPath), {
             cookies: Array.isArray(normalized.cookies) ? normalized.cookies : [],
             origins: Array.isArray(normalized.origins) ? normalized.origins : [],
-        });
+        }));
         this._lastSavedSnapshot = this._snapshotStorageState(merged);
         const dirPath = path.dirname(targetPath);
-        fs.mkdirSync(dirPath, { recursive: true });
+        ensurePrivateDirectoryIfCreated(dirPath);
         const tempPath = `${targetPath}.tmp`;
-        fs.writeFileSync(tempPath, JSON.stringify(merged, null, 2));
+        writePrivateFile(tempPath, JSON.stringify(merged, null, 2));
         if (fs.existsSync(targetPath)) {
             const backupPath = `${targetPath}.bak`;
             try {
                 fs.renameSync(targetPath, backupPath);
+                chmodPrivateFile(backupPath);
             }
             catch {
                 // Ignore backup failures and continue with atomic swap.
             }
         }
         fs.renameSync(tempPath, targetPath);
+        chmodPrivateFile(targetPath);
         await this.event_bus.dispatch(new StorageStateSavedEvent({
             path: targetPath,
             cookies_count: Array.isArray(merged.cookies)
@@ -81,16 +136,18 @@ export class StorageStateWatchdog extends BaseWatchdog {
             cookies,
             origins,
         });
-        if (cookies.length > 0 && typeof browserContext.addCookies === 'function') {
-            await browserContext.addCookies(cookies);
-        }
-        if (origins.length > 0) {
-            await this._applyOriginsStorage(origins);
+        const allowedCookies = this._filterCookies(cookies);
+        if (allowedCookies.length > 0 &&
+            typeof browserContext.addCookies === 'function') {
+            await browserContext.addCookies(allowedCookies);
         }
+        const originsLoaded = origins.length > 0
+            ? await this._applyOriginsStorage(origins)
+            : 0;
         await this.event_bus.dispatch(new StorageStateLoadedEvent({
             path: targetPath,
-            cookies_count: cookies.length,
-            origins_count: origins.length,
+            cookies_count: allowedCookies.length,
+            origins_count: originsLoaded,
         }));
     }
     onDetached() {
@@ -142,7 +199,10 @@ export class StorageStateWatchdog extends BaseWatchdog {
         try {
             const storageState = (await browserContext.storageState());
             const normalized = storageState ?? {};
-            const snapshot = this._snapshotStorageState(normalized);
+            const snapshot = this._snapshotStorageState(this._filterStorageStateForSave({
+                cookies: Array.isArray(normalized.cookies) ? normalized.cookies : [],
+                origins: Array.isArray(normalized.origins) ? normalized.origins : [],
+            }));
             if (snapshot === this._lastSavedSnapshot) {
                 return;
             }
@@ -213,11 +273,32 @@ export class StorageStateWatchdog extends BaseWatchdog {
             origins: [...mergedOrigins.values()],
         };
     }
+    _filterStorageStateForSave(state) {
+        const cookies = Array.isArray(state.cookies) ? state.cookies : [];
+        const origins = Array.isArray(state.origins) ? state.origins : [];
+        if (!this._hasUrlAccessRestrictions()) {
+            return { cookies, origins };
+        }
+        return {
+            cookies: this._filterCookies(cookies),
+            origins: this._filterOrigins(origins),
+        };
+    }
+    _hasUrlAccessRestrictions() {
+        const profile = this.browser_session.browser_profile;
+        const hasEntries = (value) => Array.isArray(value)
+            ? value.length > 0
+            : value instanceof Set && value.size > 0;
+        return (hasEntries(profile.allowed_domains) ||
+            hasEntries(profile.prohibited_domains) ||
+            Boolean(profile.block_ip_addresses));
+    }
     async _applyOriginsStorage(origins) {
         const browserContext = this.browser_session.browser_context;
         if (!browserContext?.newPage) {
-            return;
+            return 0;
         }
+        let loadedCount = 0;
         for (const originState of origins) {
             const origin = typeof originState?.origin === 'string'
                 ? originState.origin.trim()
@@ -225,6 +306,11 @@ export class StorageStateWatchdog extends BaseWatchdog {
             if (!origin || !/^https?:\/\//i.test(origin)) {
                 continue;
             }
+            const denialReason = this._getOriginDenialReason(origin);
+            if (denialReason) {
+                this.browser_session.logger.warning(`[StorageStateWatchdog] Skipping storage origin ${redactUrlForLogging(origin)}: ${denialReason}`);
+                continue;
+            }
             const localStorageEntries = this._normalizeStorageEntries(originState?.localStorage);
             const sessionStorageEntries = this._normalizeStorageEntries(originState?.sessionStorage);
             if (localStorageEntries.length === 0 &&
@@ -238,6 +324,34 @@ export class StorageStateWatchdog extends BaseWatchdog {
                     waitUntil: 'domcontentloaded',
                     timeout: 5_000,
                 });
+                const finalUrl = typeof page.url === 'function' ? page.url() : origin;
+                const finalDenialReason = this._getOriginDenialReason(finalUrl);
+                if (finalDenialReason) {
+                    this.browser_session.logger.warning(`[StorageStateWatchdog] Skipping storage origin ${redactUrlForLogging(origin)} after redirect to blocked URL: ${finalDenialReason}`);
+                    try {
+                        await page.goto?.('about:blank', {
+                            waitUntil: 'load',
+                            timeout: 5_000,
+                        });
+                    }
+                    catch {
+                        // The temporary page is closed below; resetting first is best effort.
+                    }
+                    continue;
+                }
+                if (!sameOrigin(origin, finalUrl)) {
+                    this.browser_session.logger.warning(`[StorageStateWatchdog] Skipping storage origin ${redactUrlForLogging(origin)} after redirect to a different origin`);
+                    try {
+                        await page.goto?.('about:blank', {
+                            waitUntil: 'load',
+                            timeout: 5_000,
+                        });
+                    }
+                    catch {
+                        // The temporary page is closed below; resetting first is best effort.
+                    }
+                    continue;
+                }
                 await page.evaluate?.((payload) => {
                     for (const entry of payload.localStorageEntries) {
                         window.localStorage.setItem(entry.name, entry.value);
@@ -249,9 +363,10 @@ export class StorageStateWatchdog extends BaseWatchdog {
                     localStorageEntries,
                     sessionStorageEntries,
                 });
+                loadedCount += 1;
             }
             catch (error) {
-                this.browser_session.logger.debug(`[StorageStateWatchdog] Failed to apply origin storage for ${origin}: ${error.message}`);
+                this.browser_session.logger.debug(`[StorageStateWatchdog] Failed to apply origin storage for ${redactUrlForLogging(origin)}: ${error.message}`);
             }
             finally {
                 try {
@@ -262,6 +377,83 @@ export class StorageStateWatchdog extends BaseWatchdog {
                 }
             }
         }
+        return loadedCount;
+    }
+    _getOriginDenialReason(origin) {
+        const session = this.browser_session;
+        if (typeof session._get_url_access_denial_reason === 'function') {
+            try {
+                return session._get_url_access_denial_reason(origin);
+            }
+            catch {
+                return 'blocked';
+            }
+        }
+        if (typeof session._is_url_allowed === 'function') {
+            try {
+                return session._is_url_allowed(origin) ? null : 'blocked';
+            }
+            catch {
+                return 'blocked';
+            }
+        }
+        return null;
+    }
+    _filterCookies(cookies) {
+        return cookies.filter((cookie) => {
+            const denialReason = this._getCookieDenialReason(cookie);
+            if (!denialReason) {
+                return true;
+            }
+            const cookieName = cookie && typeof cookie === 'object' && 'name' in cookie
+                ? String(cookie.name ?? '')
+                : '';
+            this.browser_session.logger.warning(`[StorageStateWatchdog] Skipping storage cookie ${cookieName || '<unnamed>'}: ${denialReason}`);
+            return false;
+        });
+    }
+    _filterOrigins(origins) {
+        return origins.filter((originState) => {
+            const origin = originState &&
+                typeof originState === 'object' &&
+                'origin' in originState &&
+                typeof originState.origin === 'string'
+                ? originState.origin.trim()
+                : '';
+            const denialReason = origin
+                ? this._getOriginDenialReason(origin)
+                : 'invalid_url';
+            if (!denialReason) {
+                return true;
+            }
+            this.browser_session.logger.warning(`[StorageStateWatchdog] Skipping saved storage origin ${origin ? redactUrlForLogging(origin) : '<invalid>'}: ${denialReason}`);
+            return false;
+        });
+    }
+    _getCookieDenialReason(cookie) {
+        const session = this.browser_session;
+        if (typeof session._get_cookie_access_denial_reason === 'function') {
+            try {
+                return session._get_cookie_access_denial_reason(cookie);
+            }
+            catch {
+                return 'blocked';
+            }
+        }
+        if (!cookie || typeof cookie !== 'object') {
+            return null;
+        }
+        const cookieLike = cookie;
+        const explicitUrl = typeof cookieLike.url === 'string' ? cookieLike.url.trim() : '';
+        if (explicitUrl) {
+            return this._getOriginDenialReason(explicitUrl);
+        }
+        const rawDomain = typeof cookieLike.domain === 'string' ? cookieLike.domain.trim() : '';
+        const host = rawDomain.replace(/^\./, '');
+        if (!host) {
+            return null;
+        }
+        return this._getOriginDenialReason(`https://${host}`);
     }
     _normalizeStorageEntries(entries) {
         if (!Array.isArray(entries)) {

package/dist/cli.d.ts CHANGED Viewed

@@ -3,9 +3,10 @@ import { spawnSync } from 'node:child_process';
 import { BrowserProfile } from './browser/profile.js';
 import { CloudBrowserClient } from './browser/cloud/cloud.js';
 import { CloudManagementClient } from './browser/cloud/management.js';
+import { loginAndSaveCodexDeviceCode, saveImportedCodexCliTokens } from './llm/codex/auth.js';
 import type { BaseChatModel } from './llm/base.js';
 import { get_tunnel_manager } from './skill-cli/tunnel.js';
-type CliModelProvider = 'openai' | 'anthropic' | 'google' | 'deepseek' | 'groq' | 'openrouter' | 'azure' | 'mistral' | 'cerebras' | 'vercel' | 'oci' | 'aws-anthropic' | 'aws' | 'ollama' | 'browser-use';
+type CliModelProvider = 'openai' | 'anthropic' | 'google' | 'deepseek' | 'groq' | 'openrouter' | 'azure' | 'codex' | 'mistral' | 'cerebras' | 'vercel' | 'oci' | 'aws-anthropic' | 'aws' | 'ollama' | 'browser-use';
 export interface ParsedCliArgs {
     help: boolean;
     version: boolean;
@@ -122,6 +123,16 @@ type BrowserCookieInit = {
     partitionKey?: string;
 };
 export declare const runInstallCommand: (options?: RunInstallCommandOptions) => void;
+export interface RunAuthCommandOptions {
+    stdout?: WritableLike;
+    stderr?: WritableLike;
+    json_output?: boolean;
+    configDir?: string | null;
+    authStorePath?: string | null;
+    login_device_code?: typeof loginAndSaveCodexDeviceCode;
+    import_codex_cli?: typeof saveImportedCodexCliTokens;
+}
+export declare const runAuthCommand: (argv: string[], options?: RunAuthCommandOptions) => Promise<0 | 1>;
 export declare const runTunnelCommand: (argv: string[], options?: RunTunnelCommandOptions) => Promise<0 | 1>;
 export declare const runSetupCommand: (params: {
     mode?: string | null;
@@ -133,7 +144,7 @@ export declare const runSessionCommand: (argv: string[], options?: RunSessionCom
 export declare const runProfileCommand: (argv: string[], options?: RunProfileCommandOptions) => Promise<0 | 1>;
 export declare const hasCloudRunFlags: (argv: string[]) => boolean;
 type PrefixedSubcommand = {
-    command: 'run' | 'task' | 'session' | 'profile';
+    command: 'run' | 'task' | 'session' | 'profile' | 'auth';
     argv: string[];
     debug: boolean;
     forwardedArgs: string[];