browser-use 0.6.0 → 0.7.0

package/dist/cli.js

@@ -27,13 +27,15 @@ import { ChatVercel } from './llm/vercel/chat.js';
 import { ChatAnthropicBedrock } from './llm/aws/chat-anthropic.js';
 import { ChatBedrockConverse } from './llm/aws/chat-bedrock.js';
 import { ChatBrowserUse } from './llm/browser-use/chat.js';
+import { ChatCodex } from './llm/codex/chat.js';
+import { clearCodexTokens, getCodexAuthStatus, loginAndSaveCodexDeviceCode, saveImportedCodexCliTokens, } from './llm/codex/auth.js';
 import { MCPServer } from './mcp/server.js';
 import { get_browser_use_version } from './utils.js';
 import { setupLogging } from './logging-config.js';
 import { get_tunnel_manager } from './skill-cli/tunnel.js';
 import { DeviceAuthClient, save_cloud_api_token } from './sync/auth.js';
 import dotenv from 'dotenv';
-dotenv.config();
+dotenv.config({ quiet: true });
 const require = createRequire(import.meta.url);
 const CLI_PROVIDER_ALIASES = {
     openai: 'openai',
@@ -44,6 +46,8 @@ const CLI_PROVIDER_ALIASES = {
     groq: 'groq',
     openrouter: 'openrouter',
     azure: 'azure',
+    codex: 'codex',
+    'openai-codex': 'codex',
     mistral: 'mistral',
     cerebras: 'cerebras',
     vercel: 'vercel',
@@ -81,7 +85,7 @@ const parseProvider = (value) => {
     const normalized = value.trim().toLowerCase();
     const provider = CLI_PROVIDER_ALIASES[normalized];
     if (!provider) {
-        throw new Error(`Unsupported provider "${value}". Supported values: openai, anthropic, google, deepseek, groq, openrouter, azure, mistral, cerebras, vercel, oci, ollama, browser-use, aws, aws-anthropic.`);
+        throw new Error(`Unsupported provider "${value}". Supported values: openai, anthropic, google, deepseek, groq, openrouter, azure, codex, mistral, cerebras, vercel, oci, ollama, browser-use, aws, aws-anthropic.`);
     }
     return provider;
 };
@@ -301,6 +305,21 @@ export const getCliHistoryPath = (configDir) => {
         path.join(os.homedir(), '.config', 'browseruse');
     return path.join(baseDir, 'command_history.json');
 };
+const chmodPrivatePath = async (targetPath, mode) => {
+    if (process.platform === 'win32') {
+        return;
+    }
+    try {
+        await fs.chmod(targetPath, mode);
+    }
+    catch {
+        /* best effort */
+    }
+};
+const ensurePrivateDirectory = async (dirPath) => {
+    await fs.mkdir(dirPath, { recursive: true, mode: 0o700 });
+    await chmodPrivatePath(dirPath, 0o700);
+};
 export const loadCliHistory = async (historyPath = getCliHistoryPath()) => {
     try {
         const raw = await fs.readFile(historyPath, 'utf-8');
@@ -320,8 +339,12 @@ export const loadCliHistory = async (historyPath = getCliHistoryPath()) => {
 };
 export const saveCliHistory = async (history, historyPath = getCliHistoryPath()) => {
     const normalized = normalizeCliHistory(history);
-    await fs.mkdir(path.dirname(historyPath), { recursive: true });
-    await fs.writeFile(historyPath, JSON.stringify(normalized, null, 2), 'utf-8');
+    await ensurePrivateDirectory(path.dirname(historyPath));
+    await fs.writeFile(historyPath, JSON.stringify(normalized, null, 2), {
+        encoding: 'utf-8',
+        mode: 0o600,
+    });
+    await chmodPrivatePath(historyPath, 0o600);
 };
 export const shouldStartInteractiveMode = (task, options = {}) => {
     const forceInteractive = options.forceInteractive ??
@@ -364,6 +387,9 @@ const inferProviderFromModel = (model) => {
     if (lower.startsWith('azure:')) {
         return 'azure';
     }
+    if (lower.startsWith('codex:') || lower.startsWith('openai-codex:')) {
+        return 'codex';
+    }
     if (lower.startsWith('mistral:')) {
         return 'mistral';
     }
@@ -422,6 +448,12 @@ const normalizeModelValue = (model, provider) => {
     if (provider === 'azure' && lower.startsWith('azure:')) {
         return model.slice('azure:'.length);
     }
+    if (provider === 'codex' && lower.startsWith('codex:')) {
+        return model.slice('codex:'.length);
+    }
+    if (provider === 'codex' && lower.startsWith('openai-codex:')) {
+        return model.slice('openai-codex:'.length);
+    }
     if (provider === 'mistral' && lower.startsWith('mistral:')) {
         return model.slice('mistral:'.length);
     }
@@ -477,6 +509,8 @@ const getDefaultModelForProvider = (provider) => {
             return 'openai/gpt-5-mini';
         case 'azure':
             return 'gpt-4o';
+        case 'codex':
+            return 'gpt-5.5';
         case 'mistral':
             return 'mistral-large-latest';
         case 'cerebras':
@@ -525,6 +559,8 @@ const createLlmForProvider = (provider, model) => {
             requireEnv('AZURE_OPENAI_API_KEY');
             requireEnv('AZURE_OPENAI_ENDPOINT');
             return new ChatAzure(model);
+        case 'codex':
+            return new ChatCodex({ model });
         case 'mistral':
             return new ChatMistral({
                 model,
@@ -577,7 +613,7 @@ export const getLlmFromCliArgs = (args) => {
         }
         const provider = args.provider ?? inferredProvider;
         if (!provider) {
-            throw new Error(`Cannot infer provider from model "${args.model}". Provide --provider or use a supported model prefix: gpt*/o*, claude*, gemini*, deepseek*, groq:, openrouter:, azure:, mistral:, cerebras:, vercel:, oci:, ollama:, browser-use:, bu-*, bedrock:.`);
+            throw new Error(`Cannot infer provider from model "${args.model}". Provide --provider or use a supported model prefix: gpt*/o*, claude*, gemini*, deepseek*, groq:, openrouter:, azure:, codex:, mistral:, cerebras:, vercel:, oci:, ollama:, browser-use:, bu-*, bedrock:.`);
         }
         const normalizedModel = normalizeModelValue(args.model, provider);
         return createLlmForProvider(provider, normalizedModel);
@@ -778,6 +814,7 @@ export const getCliUsage = () => `Usage:
   browser-use doctor
   browser-use install
   browser-use setup [--mode <local|remote|full>]
+  browser-use auth codex <login|status|logout|import>
   browser-use tunnel <port>
   browser-use task <list|status|stop|logs>
   browser-use session <list|get|stop|create|share>
@@ -794,8 +831,8 @@ Options:
   --mcp                       Run as MCP server
   --json                      Output command results as JSON when supported
   -y, --yes                   Skip optional setup prompts where supported
-  --provider <name>           Force provider (openai|anthropic|google|deepseek|groq|openrouter|azure|mistral|cerebras|vercel|oci|ollama|browser-use|aws|aws-anthropic)
-  --model <model>             Set model (e.g., gpt-5-mini, claude-4-sonnet, gemini-2.5-pro)
+  --provider <name>           Force provider (openai|anthropic|google|deepseek|groq|openrouter|azure|codex|mistral|cerebras|vercel|oci|ollama|browser-use|aws|aws-anthropic)
+  --model <model>             Set model (e.g., gpt-5-mini, codex:gpt-5.5, claude-4-sonnet)
   -p, --prompt <task>         Run a single task
   --mode <name>              Setup mode for setup command (local|remote|full)
   --api-key <value>          Browser Use API key for setup or cloud operations
@@ -828,6 +865,141 @@ export const runInstallCommand = (options = {}) => {
 const writeLine = (stream, value) => {
     stream.write(`${value}\n`);
 };
+const formatCodexAuthStatus = (status) => {
+    if (!status.authenticated) {
+        return [
+            'Codex auth: not authenticated',
+            `Auth store: ${status.auth_store_path}`,
+            'Run `browser-use auth codex login` to authenticate.',
+        ].join('\n');
+    }
+    return [
+        'Codex auth: authenticated',
+        `Provider: ${status.provider}`,
+        `Base URL: ${status.base_url}`,
+        `Source: ${status.source ?? 'unknown'}`,
+        `Last refresh: ${status.last_refresh ?? 'unknown'}`,
+        `Access token expiring: ${String(status.access_token_expiring)}`,
+        `Auth store: ${status.auth_store_path}`,
+    ].join('\n');
+};
+const parseCodexAuthArgs = (argv) => {
+    const flags = {
+        json: false,
+        force: false,
+        importFromCodexCli: false,
+        parts: [],
+    };
+    for (const arg of argv) {
+        if (arg === '--json') {
+            flags.json = true;
+            continue;
+        }
+        if (arg === '--force') {
+            flags.force = true;
+            continue;
+        }
+        if (arg === '--import') {
+            flags.importFromCodexCli = true;
+            continue;
+        }
+        if (arg.startsWith('-')) {
+            throw new Error(`Unknown auth option: ${arg}`);
+        }
+        flags.parts.push(arg);
+    }
+    return flags;
+};
+export const runAuthCommand = async (argv, options = {}) => {
+    const output = options.stdout ?? process.stdout;
+    const errorOutput = options.stderr ?? process.stderr;
+    const loginDeviceCode = options.login_device_code ?? loginAndSaveCodexDeviceCode;
+    const importCodexCli = options.import_codex_cli ?? saveImportedCodexCliTokens;
+    try {
+        const flags = parseCodexAuthArgs(argv);
+        const jsonOutput = options.json_output ?? flags.json;
+        const provider = flags.parts[0] ?? 'codex';
+        const action = flags.parts[1] ?? (flags.importFromCodexCli ? 'import' : 'status');
+        if (provider !== 'codex' && provider !== 'openai-codex') {
+            throw new Error('Usage: browser-use auth codex <login|status|logout|import>');
+        }
+        const authOptions = {
+            configDir: options.configDir,
+            authStorePath: options.authStorePath,
+        };
+        if (action === 'status') {
+            const status = await getCodexAuthStatus(authOptions);
+            if (jsonOutput) {
+                writeLine(output, JSON.stringify(status, null, 2));
+            }
+            else {
+                writeLine(output, formatCodexAuthStatus(status));
+            }
+            return status.authenticated ? 0 : 1;
+        }
+        if (action === 'logout') {
+            await clearCodexTokens(authOptions);
+            const status = await getCodexAuthStatus(authOptions);
+            if (jsonOutput) {
+                writeLine(output, JSON.stringify(status, null, 2));
+            }
+            else {
+                writeLine(output, 'Codex auth cleared from browser-use auth store.');
+            }
+            return 0;
+        }
+        if (action === 'import' || flags.importFromCodexCli) {
+            const imported = await importCodexCli(authOptions);
+            if (!imported) {
+                writeLine(errorOutput, 'No valid Codex CLI credentials found. Run `browser-use auth codex login` for a separate browser-use session.');
+                return 1;
+            }
+            const status = await getCodexAuthStatus(authOptions);
+            if (jsonOutput) {
+                writeLine(output, JSON.stringify(status, null, 2));
+            }
+            else {
+                writeLine(output, 'Imported Codex CLI credentials into browser-use auth store.');
+                writeLine(output, 'browser-use will refresh its own copy and will not write ~/.codex/auth.json.');
+                writeLine(output, 'For the cleanest separation from Codex CLI, prefer `browser-use auth codex login --force`.');
+            }
+            return 0;
+        }
+        if (action === 'login') {
+            if (!flags.force) {
+                const status = await getCodexAuthStatus(authOptions);
+                if (status.authenticated) {
+                    if (jsonOutput) {
+                        writeLine(output, JSON.stringify(status, null, 2));
+                    }
+                    else {
+                        writeLine(output, 'Existing browser-use Codex credentials found.');
+                        writeLine(output, 'Use `browser-use auth codex login --force` to create a fresh session.');
+                    }
+                    return 0;
+                }
+            }
+            await loginDeviceCode({
+                ...authOptions,
+                stdout: (jsonOutput ? errorOutput : output),
+            });
+            const status = await getCodexAuthStatus(authOptions);
+            if (jsonOutput) {
+                writeLine(output, JSON.stringify(status, null, 2));
+            }
+            else {
+                writeLine(output, 'Codex login successful.');
+                writeLine(output, `Auth store: ${status.auth_store_path}`);
+            }
+            return 0;
+        }
+        throw new Error('Usage: browser-use auth codex <login|status|logout|import>');
+    }
+    catch (error) {
+        writeLine(errorOutput, `Error: ${error.message}`);
+        return 1;
+    }
+};
 const parseTunnelPort = (value) => {
     const port = Number.parseInt(String(value ?? ''), 10);
     if (!Number.isFinite(port) || port <= 0) {
@@ -2106,7 +2278,8 @@ export const extractPrefixedSubcommand = (argv) => {
     if (command !== 'run' &&
         command !== 'task' &&
         command !== 'session' &&
-        command !== 'profile') {
+        command !== 'profile' &&
+        command !== 'auth') {
         return null;
     }
     return {
@@ -2551,6 +2724,13 @@ export async function main(argv = process.argv.slice(2)) {
             }
             return;
         }
+        if (prefixedSubcommand.command === 'auth') {
+            const exitCode = await runAuthCommand(subcommandArgv);
+            if (exitCode !== 0) {
+                process.exit(exitCode);
+            }
+            return;
+        }
         const exitCode = await runProfileCommand(subcommandArgv);
         if (exitCode !== 0) {
             process.exit(exitCode);

package/dist/code-use/namespace.js

@@ -1,7 +1,46 @@
 const buildExpression = (source, args) => `(${source})(${args.map((arg) => JSON.stringify(arg)).join(',')})`;
+const hasDomainRestrictions = (browser_session) => {
+    const checker = browser_session._has_url_access_restrictions;
+    if (typeof checker === 'function') {
+        try {
+            return Boolean(checker.call(browser_session));
+        }
+        catch {
+            return true;
+        }
+    }
+    const profile = browser_session.browser_profile;
+    const hasEntries = (value) => Array.isArray(value)
+        ? value.length > 0
+        : value instanceof Set && value.size > 0;
+    return (hasEntries(profile?.allowed_domains) ||
+        hasEntries(profile?.prohibited_domains) ||
+        Boolean(profile?.block_ip_addresses));
+};
+const createSafeBrowserFacade = (browser_session) => Object.freeze({
+    navigate_to: browser_session.navigate_to.bind(browser_session),
+    navigate: browser_session.navigate.bind(browser_session),
+    create_new_tab: browser_session.create_new_tab.bind(browser_session),
+    go_back: browser_session.go_back.bind(browser_session),
+    go_forward: browser_session.go_forward.bind(browser_session),
+    refresh: browser_session.refresh.bind(browser_session),
+    wait: browser_session.wait.bind(browser_session),
+    send_keys: browser_session.send_keys.bind(browser_session),
+    click_coordinates: browser_session.click_coordinates.bind(browser_session),
+    scroll: browser_session.scroll.bind(browser_session),
+    scroll_to_text: browser_session.scroll_to_text.bind(browser_session),
+    get_browser_state_with_recovery: browser_session.get_browser_state_with_recovery.bind(browser_session),
+    get_page_info: browser_session.get_page_info.bind(browser_session),
+    get_page_html: browser_session.get_page_html.bind(browser_session),
+    execute_javascript: browser_session.execute_javascript.bind(browser_session),
+    take_screenshot: browser_session.take_screenshot.bind(browser_session),
+    get_cookies: () => browser_session.get_cookies(),
+});
 export const create_namespace = (browser_session, options = {}) => {
     const namespace = options.namespace ?? {};
-    namespace.browser = browser_session;
+    namespace.browser = hasDomainRestrictions(browser_session)
+        ? createSafeBrowserFacade(browser_session)
+        : browser_session;
     namespace.navigate = async (url, init = {}) => {
         await browser_session.navigate_to(url, init);
     };
@@ -55,16 +94,22 @@ export const create_namespace = (browser_session, options = {}) => {
     };
     namespace.evaluate = async (code, ...args) => {
         const page = await browser_session.get_current_page();
-        if (!page) {
+        if (!page?.evaluate) {
             throw new Error('No active page for evaluate');
         }
-        if (typeof code === 'function') {
-            return page.evaluate(code, ...args);
+        await browser_session.validate_page_after_action(page);
+        try {
+            if (typeof code === 'function') {
+                return await page.evaluate(code, ...args);
+            }
+            if (args.length === 0) {
+                return await page.evaluate(code);
+            }
+            return await page.evaluate(buildExpression(code, args));
         }
-        if (args.length === 0) {
-            return page.evaluate(code);
+        finally {
+            await browser_session.validate_page_after_action(page);
         }
-        return page.evaluate(buildExpression(code, args));
     };
     namespace.done = (result = null, success = true) => {
         namespace._task_done = true;

package/dist/code-use/notebook-export.js

@@ -1,5 +1,17 @@
 import fs from 'node:fs';
 import path from 'node:path';
+const chmodPrivateFile = (filePath) => {
+    if (process.platform !== 'win32') {
+        fs.chmodSync(filePath, 0o600);
+    }
+};
+const ensurePrivateDirectoryIfCreated = (dirPath) => {
+    const existed = fs.existsSync(dirPath);
+    fs.mkdirSync(dirPath, { recursive: true, mode: 0o700 });
+    if (!existed && process.platform !== 'win32') {
+        fs.chmodSync(dirPath, 0o700);
+    }
+};
 export const export_to_ipynb = (agent, output_path) => {
     const notebook = {
         nbformat: 4,
@@ -37,8 +49,12 @@ export const export_to_ipynb = (agent, output_path) => {
         }),
     };
     const resolved = path.resolve(output_path);
-    fs.mkdirSync(path.dirname(resolved), { recursive: true });
-    fs.writeFileSync(resolved, JSON.stringify(notebook, null, 2), 'utf-8');
+    ensurePrivateDirectoryIfCreated(path.dirname(resolved));
+    fs.writeFileSync(resolved, JSON.stringify(notebook, null, 2), {
+        encoding: 'utf-8',
+        mode: 0o600,
+    });
+    chmodPrivateFile(resolved);
     return resolved;
 };
 export const session_to_python_script = (agent) => {

package/dist/code-use/service.js

@@ -65,6 +65,7 @@ export class CodeAgent {
             };
         }
         const page = await this.browser_session.get_current_page();
+        await this.browser_session.validate_page_after_action(page ?? null);
         const state = new CodeAgentState({
             url: typeof page?.url === 'function' ? page.url() : null,
             title: typeof page?.title === 'function' ? await page.title() : null,

package/dist/config.js

@@ -4,7 +4,7 @@ import path from 'node:path';
 import { randomUUID } from 'node:crypto';
 import { config as loadEnv } from 'dotenv';
 import { createLogger } from './logging-config.js';
-loadEnv();
+loadEnv({ quiet: true });
 const logger = createLogger('browser_use.config');
 const expand_user = (value) => value.replace(/^~(?=$|\/|\\)/, os.homedir());
 const resolve_path = (value) => path.resolve(expand_user(value));
@@ -65,7 +65,28 @@ export const is_running_in_docker = () => {
     docker_cache = false;
     return false;
 };
-const ensure_dir = (target) => fs.mkdirSync(target, { recursive: true });
+const chmod_private = (target, mode) => {
+    if (process.platform === 'win32') {
+        return;
+    }
+    try {
+        fs.chmodSync(target, mode);
+    }
+    catch {
+        /* noop */
+    }
+};
+const ensure_dir = (target) => {
+    fs.mkdirSync(target, { recursive: true, mode: 0o700 });
+    chmod_private(target, 0o700);
+};
+const write_private_config_file = (config_path, config) => {
+    fs.writeFileSync(config_path, JSON.stringify(config, null, 2), {
+        encoding: 'utf-8',
+        mode: 0o600,
+    });
+    chmod_private(config_path, 0o600);
+};
 class OldConfig {
     _dirs_created = false;
     get BROWSER_USE_LOGGING_LEVEL() {
@@ -377,24 +398,25 @@ const load_and_migrate_config = (config_path) => {
         const parent = path.dirname(config_path);
         ensure_dir(parent);
         const fresh = create_default_config();
-        fs.writeFileSync(config_path, JSON.stringify(fresh, null, 2), 'utf-8');
+        write_private_config_file(config_path, fresh);
         return fresh;
     }
     try {
         const raw = JSON.parse(fs.readFileSync(config_path, 'utf-8'));
         if (looks_like_new_format(raw)) {
+            chmod_private(config_path, 0o600);
             return sanitize_db_config(raw);
         }
         logger.debug(`Old config format detected at ${config_path}, creating fresh config`);
         const fresh = create_default_config();
-        fs.writeFileSync(config_path, JSON.stringify(fresh, null, 2), 'utf-8');
+        write_private_config_file(config_path, fresh);
         return fresh;
     }
     catch (error) {
         logger.error(`Failed to load config from ${config_path}: ${error.message}, creating fresh config`);
         const fresh = create_default_config();
         try {
-            fs.writeFileSync(config_path, JSON.stringify(fresh, null, 2), 'utf-8');
+            write_private_config_file(config_path, fresh);
         }
         catch (write_error) {
             logger.error(`Failed to write fresh config: ${write_error.message}`);

package/dist/controller/action-timeout.d.ts

@@ -0,0 +1,9 @@
+export declare const coerceActionTimeoutSeconds: (value: number | null | undefined) => number;
+export declare class ActionTimeoutError extends Error {
+    readonly actionName: string;
+    readonly timeoutSeconds: number;
+    readonly isBrowserUseActionTimeout = true;
+    constructor(actionName: string, timeoutSeconds: number);
+}
+export declare const isActionTimeoutError: (error: unknown) => error is ActionTimeoutError;
+export declare function runActionWithTimeout<T>(actionName: string, actionTimeoutSeconds: number | null | undefined, parentSignal: AbortSignal | null | undefined, execute: (signal: AbortSignal) => Promise<T>): Promise<T>;

package/dist/controller/action-timeout.js

@@ -0,0 +1,95 @@
+import { createLogger } from '../logging-config.js';
+const logger = createLogger('browser_use.controller.action_timeout');
+const ACTION_TIMEOUT_FALLBACK_SECONDS = 180;
+const ACTION_TIMEOUT_ENV = 'BROWSER_USE_ACTION_TIMEOUT_S';
+const createAbortError = (reason) => {
+    if (reason instanceof Error && reason.name === 'AbortError') {
+        return reason;
+    }
+    const error = new Error(reason instanceof Error ? reason.message : 'Operation aborted');
+    error.name = 'AbortError';
+    if (reason !== undefined) {
+        error.cause = reason;
+    }
+    return error;
+};
+const parseEnvActionTimeoutSeconds = () => {
+    const raw = process.env[ACTION_TIMEOUT_ENV];
+    if (raw == null || raw === '') {
+        return ACTION_TIMEOUT_FALLBACK_SECONDS;
+    }
+    const parsed = Number(raw);
+    if (!Number.isFinite(parsed) || parsed <= 0) {
+        logger.warning(`Invalid ${ACTION_TIMEOUT_ENV}=${JSON.stringify(raw)}; falling back to ${ACTION_TIMEOUT_FALLBACK_SECONDS}s`);
+        return ACTION_TIMEOUT_FALLBACK_SECONDS;
+    }
+    return parsed;
+};
+export const coerceActionTimeoutSeconds = (value) => {
+    if (value == null) {
+        return parseEnvActionTimeoutSeconds();
+    }
+    if (!Number.isFinite(value) || value <= 0) {
+        const fallback = parseEnvActionTimeoutSeconds();
+        logger.warning(`Invalid action_timeout=${String(value)}; falling back to ${fallback}s`);
+        return fallback;
+    }
+    return value;
+};
+export class ActionTimeoutError extends Error {
+    actionName;
+    timeoutSeconds;
+    isBrowserUseActionTimeout = true;
+    constructor(actionName, timeoutSeconds) {
+        super(`Action ${actionName} timed out after ${Math.round(timeoutSeconds)}s. ` +
+            'The browser may be unresponsive (dead CDP WebSocket). Try again or a different approach.');
+        this.name = 'TimeoutError';
+        this.actionName = actionName;
+        this.timeoutSeconds = timeoutSeconds;
+    }
+}
+export const isActionTimeoutError = (error) => error instanceof Error &&
+    error.name === 'TimeoutError' &&
+    error.isBrowserUseActionTimeout === true;
+export async function runActionWithTimeout(actionName, actionTimeoutSeconds, parentSignal, execute) {
+    const timeoutSeconds = coerceActionTimeoutSeconds(actionTimeoutSeconds);
+    const controller = new AbortController();
+    if (parentSignal?.aborted) {
+        throw createAbortError(parentSignal.reason);
+    }
+    let timeoutHandle = null;
+    let abortHandler = null;
+    try {
+        const timeoutPromise = new Promise((_, reject) => {
+            timeoutHandle = setTimeout(() => {
+                const timeoutError = new ActionTimeoutError(actionName, timeoutSeconds);
+                reject(timeoutError);
+                controller.abort(timeoutError);
+            }, timeoutSeconds * 1000);
+        });
+        const abortPromise = new Promise((_, reject) => {
+            if (!parentSignal) {
+                return;
+            }
+            abortHandler = () => {
+                const abortError = createAbortError(parentSignal.reason);
+                controller.abort(abortError);
+                reject(abortError);
+            };
+            parentSignal.addEventListener('abort', abortHandler, { once: true });
+        });
+        return await Promise.race([
+            execute(controller.signal),
+            timeoutPromise,
+            abortPromise,
+        ]);
+    }
+    finally {
+        if (timeoutHandle) {
+            clearTimeout(timeoutHandle);
+        }
+        if (abortHandler) {
+            parentSignal?.removeEventListener('abort', abortHandler);
+        }
+    }
+}

package/dist/controller/registry/service.d.ts

@@ -44,6 +44,7 @@ export declare class Registry<Context = unknown> {
     get_all_actions(): Map<string, RegisteredAction>;
     execute_action: (...args: any[]) => any;
     private replace_sensitive_data;
+    private redactUrlForLog;
     private log_sensitive_data_usage;
     create_action_model(options?: {
         include_actions?: string[] | null;

package/dist/controller/registry/service.js

@@ -416,11 +416,38 @@ export class Registry {
         }
         return processed;
     }
+    redactUrlForLog(url) {
+        if (!url || is_new_tab_page(url)) {
+            return '';
+        }
+        try {
+            const parsed = new URL(url);
+            if (parsed.protocol === 'data:') {
+                return 'data:<redacted>';
+            }
+            if (parsed.protocol === 'blob:') {
+                return parsed.origin && parsed.origin !== 'null'
+                    ? `blob:${parsed.origin}/<redacted>`
+                    : 'blob:<redacted>';
+            }
+            return `${parsed.origin}${parsed.pathname}${parsed.search ? '?<redacted>' : ''}${parsed.hash ? '#<redacted>' : ''}`;
+        }
+        catch {
+            const queryIndex = url.indexOf('?');
+            const hashIndex = url.indexOf('#');
+            const cutoffCandidates = [queryIndex, hashIndex].filter((index) => index >= 0);
+            const cutoff = cutoffCandidates.length > 0
+                ? Math.min(...cutoffCandidates)
+                : url.length;
+            return `${url.slice(0, cutoff)}${queryIndex >= 0 ? '?<redacted>' : ''}${hashIndex >= 0 ? '#<redacted>' : ''}`;
+        }
+    }
     log_sensitive_data_usage(placeholders, currentUrl) {
         if (!placeholders.size) {
             return;
         }
-        const urlInfo = currentUrl && !is_new_tab_page(currentUrl) ? ` on ${currentUrl}` : '';
+        const redactedUrl = this.redactUrlForLog(currentUrl);
+        const urlInfo = redactedUrl ? ` on ${redactedUrl}` : '';
         logger.info(`🔒 Using sensitive data placeholders: ${Array.from(placeholders).sort().join(', ')}${urlInfo}`);
     }
     create_action_model(options = {}) {

package/dist/controller/registry/views.d.ts

@@ -4,6 +4,7 @@ export type ActionHandler = (...args: any[]) => Promise<unknown> | unknown;
 type BrowserSession = unknown;
 type BaseChatModel = unknown;
 type FileSystem = unknown;
+export declare function renderParamsJsonSchema(schema: ZodTypeAny, skipKeys: Set<string>): Record<string, unknown>;
 export declare class RegisteredAction {
     readonly name: string;
     readonly description: string;
@@ -13,6 +14,7 @@ export declare class RegisteredAction {
     readonly pageFilter: ((page: Page) => boolean) | null;
     readonly terminates_sequence: boolean;
     constructor(name: string, description: string, handler: ActionHandler, paramSchema: ZodTypeAny, domains?: string[] | null, pageFilter?: ((page: Page) => boolean) | null, terminates_sequence?: boolean);
+    getPromptJsonSchema(): Record<string, unknown>;
     promptDescription(): string;
 }
 export declare class ActionModel {