browser-use 0.6.1 → 0.7.1

package/dist/skill-cli/server.js

@@ -1,4 +1,4 @@
-import { promises as fsp } from 'node:fs';
+import fs, { promises as fsp } from 'node:fs';
 import path from 'node:path';
 import { Request, Response } from './protocol.js';
 import { SessionRegistry } from './sessions.js';
@@ -6,6 +6,22 @@ const normalizeCookieDomain = (value) => String(value ?? '')
     .trim()
     .replace(/^\./, '')
     .toLowerCase();
+const chmodPrivateFile = (filePath) => {
+    if (process.platform !== 'win32') {
+        fs.chmodSync(filePath, 0o600);
+    }
+};
+const writePrivateJsonFile = async (filePath, data) => {
+    await fsp.writeFile(filePath, JSON.stringify(data, null, 2), {
+        encoding: 'utf8',
+        mode: 0o600,
+    });
+    chmodPrivateFile(filePath);
+};
+const writePrivateBinaryFile = async (filePath, data) => {
+    await fsp.writeFile(filePath, data, { mode: 0o600 });
+    chmodPrivateFile(filePath);
+};
 const parseCookieHostname = (url) => {
     const value = String(url ?? '').trim();
     if (!value) {
@@ -49,9 +65,7 @@ const cookieMatchesUrl = (cookie, url) => {
     if (!hostname || !domain) {
         return false;
     }
-    if (!(hostname === domain ||
-        hostname.endsWith(`.${domain}`) ||
-        domain.endsWith(`.${hostname}`))) {
+    if (!(hostname === domain || hostname.endsWith(`.${domain}`))) {
         return false;
     }
     if (!cookiePathMatches(cookie.path, parsedUrl?.pathname || '/')) {
@@ -84,6 +98,33 @@ const parseCookieExpires = (value) => {
     const parsed = Number(value);
     return Number.isFinite(parsed) ? parsed : undefined;
 };
+const getCookieDenialReason = (session, cookie) => {
+    const checker = session?._get_cookie_access_denial_reason;
+    if (typeof checker !== 'function') {
+        return null;
+    }
+    return checker.call(session, cookie);
+};
+const filterAllowedCookies = (session, cookies) => cookies.filter((cookie) => !getCookieDenialReason(session, cookie));
+const partitionAllowedCookies = (session, cookies) => {
+    const allowedCookies = [];
+    const blockedCookies = [];
+    for (const cookie of cookies) {
+        if (getCookieDenialReason(session, cookie)) {
+            blockedCookies.push(cookie);
+        }
+        else {
+            allowedCookies.push(cookie);
+        }
+    }
+    return { allowedCookies, blockedCookies };
+};
+const assertCookieUrlAllowed = (session, url) => {
+    const denialReason = getCookieDenialReason(session, { url });
+    if (denialReason) {
+        throw new Error(`Cookie URL blocked by domain policy: ${denialReason}`);
+    }
+};
 export class SkillCliServer {
     registry;
     constructor(options = {}) {
@@ -102,6 +143,16 @@ export class SkillCliServer {
         }
         return node;
     }
+    async _run_with_page_validation(browser_session, action) {
+        const page = await browser_session.get_current_page?.();
+        await browser_session.validate_page_after_action?.(page);
+        try {
+            return await action();
+        }
+        finally {
+            await browser_session.validate_page_after_action?.(page);
+        }
+    }
     async _read_node_data(browser_session, node, kind) {
         if (!node?.xpath) {
             throw new Error('DOM element does not include an XPath selector');
@@ -110,7 +161,7 @@ export class SkillCliServer {
         if (!page?.evaluate) {
             throw new Error('No active page available');
         }
-        return await page.evaluate(({ xpath, dataKind }) => {
+        return await this._run_with_page_validation(browser_session, () => page.evaluate(({ xpath, dataKind }) => {
             const element = document.evaluate(xpath, document, null, XPathResult.FIRST_ORDERED_NODE_TYPE, null).singleNodeValue;
             if (!element) {
                 return null;
@@ -143,7 +194,7 @@ export class SkillCliServer {
                 };
             }
             return null;
-        }, { xpath: node.xpath, dataKind: kind });
+        }, { xpath: node.xpath, dataKind: kind }));
     }
     async _handle_browser_action(action, sessionName, params) {
         const session = await this.registry.get_or_create_session(sessionName);
@@ -176,7 +227,7 @@ export class SkillCliServer {
             if (!locator?.hover) {
                 throw new Error('Hover is not available for this element');
             }
-            await locator.hover({ timeout: 5000 });
+            await this._run_with_page_validation(browser_session, async () => locator.hover({ timeout: 5000 }));
             return { hovered: Number(params.index) };
         }
         if (action === 'dblclick') {
@@ -188,7 +239,7 @@ export class SkillCliServer {
             if (!locator?.dblclick) {
                 throw new Error('Double-click is not available for this element');
             }
-            await locator.dblclick({ timeout: 5000 });
+            await this._run_with_page_validation(browser_session, async () => locator.dblclick({ timeout: 5000 }));
             return { double_clicked: Number(params.index) };
         }
         if (action === 'rightclick') {
@@ -200,7 +251,7 @@ export class SkillCliServer {
             if (!locator?.click) {
                 throw new Error('Right-click is not available for this element');
             }
-            await locator.click({ button: 'right', timeout: 5000 });
+            await this._run_with_page_validation(browser_session, async () => locator.click({ button: 'right', timeout: 5000 }));
             return { right_clicked: Number(params.index) };
         }
         if (action === 'type') {
@@ -243,7 +294,7 @@ export class SkillCliServer {
                 return { screenshot };
             }
             const filePath = path.resolve(file);
-            await fsp.writeFile(filePath, Buffer.from(screenshot, 'base64'));
+            await writePrivateBinaryFile(filePath, Buffer.from(screenshot, 'base64'));
             return { file: filePath };
         }
         if (action === 'wait_selector') {
@@ -265,7 +316,7 @@ export class SkillCliServer {
             if (!page?.waitForFunction) {
                 throw new Error('No active page available for wait_text');
             }
-            await page.waitForFunction((needle) => document.body?.innerText?.includes(needle) ?? false, text, { timeout });
+            await this._run_with_page_validation(browser_session, () => page.waitForFunction((needle) => document.body?.innerText?.includes(needle) ?? false, text, { timeout }));
             return { waited_for: 'text', text, timeout };
         }
         if (action === 'scroll') {
@@ -344,10 +395,10 @@ export class SkillCliServer {
             if (!page?.evaluate) {
                 throw new Error('No active page available for html');
             }
-            const html = await page.evaluate((targetSelector) => {
+            const html = await this._run_with_page_validation(browser_session, () => page.evaluate((targetSelector) => {
                 const element = document.querySelector(targetSelector);
                 return element ? element.outerHTML : null;
-            }, selector);
+            }, selector));
             if (typeof html !== 'string' || html.length === 0) {
                 throw new Error(`No element found for selector: ${selector}`);
             }
@@ -378,7 +429,7 @@ export class SkillCliServer {
                 throw new Error('No active page available for get_title');
             }
             return {
-                title: await page.title(),
+                title: await this._run_with_page_validation(browser_session, () => page.title()),
             };
         }
         if (action === 'get_html') {
@@ -407,10 +458,14 @@ export class SkillCliServer {
         }
         if (action === 'cookies_get') {
             const url = typeof params.url === 'string' ? params.url.trim() : '';
+            if (url) {
+                assertCookieUrlAllowed(browser_session, url);
+            }
             const allCookies = (await browser_session.get_cookies());
+            const allowedCookies = filterAllowedCookies(browser_session, allCookies);
             const cookies = url
-                ? allCookies.filter((cookie) => cookieMatchesUrl(cookie, url))
-                : allCookies;
+                ? allowedCookies.filter((cookie) => cookieMatchesUrl(cookie, url))
+                : allowedCookies;
             return { cookies, count: cookies.length };
         }
         if (action === 'cookies_set') {
@@ -443,6 +498,10 @@ export class SkillCliServer {
             if (!cookie.url && !cookie.domain) {
                 throw new Error('Provide cookie url/domain or open a page first');
             }
+            const denialReason = getCookieDenialReason(browser_session, cookie);
+            if (denialReason) {
+                throw new Error(`Cookie target blocked by domain policy: ${denialReason}`);
+            }
             await browser_session.browser_context.addCookies([cookie]);
             return { set: name };
         }
@@ -452,15 +511,39 @@ export class SkillCliServer {
             }
             const url = typeof params.url === 'string' ? params.url.trim() : '';
             if (!url) {
+                if (typeof browser_session.get_cookies !== 'function') {
+                    await browser_session.browser_context.clearCookies();
+                    return { cleared: true };
+                }
+                const allCookies = (await browser_session.get_cookies({
+                    include_blocked: true,
+                }));
+                const { allowedCookies, blockedCookies } = partitionAllowedCookies(browser_session, allCookies);
+                if (allowedCookies.length === 0 && blockedCookies.length > 0) {
+                    return { cleared: true, count: 0 };
+                }
+                if (blockedCookies.length > 0 &&
+                    !browser_session.browser_context.addCookies) {
+                    throw new Error('Browser context does not support preserving blocked cookies');
+                }
                 await browser_session.browser_context.clearCookies();
-                return { cleared: true };
+                if (blockedCookies.length > 0) {
+                    await browser_session.browser_context.addCookies(blockedCookies);
+                }
+                return { cleared: true, count: allowedCookies.length };
             }
-            const allCookies = (await browser_session.get_cookies());
+            assertCookieUrlAllowed(browser_session, url);
+            const allCookies = (await browser_session.get_cookies({
+                include_blocked: true,
+            }));
             const remainingCookies = allCookies.filter((cookie) => !cookieMatchesUrl(cookie, url));
             const removedCount = allCookies.length - remainingCookies.length;
-            await browser_session.browser_context.clearCookies();
             if (remainingCookies.length > 0 &&
-                browser_session.browser_context.addCookies) {
+                !browser_session.browser_context.addCookies) {
+                throw new Error('Browser context does not support preserving non-matching cookies');
+            }
+            await browser_session.browser_context.clearCookies();
+            if (remainingCookies.length > 0) {
                 await browser_session.browser_context.addCookies(remainingCookies);
             }
             return { cleared: true, url, count: removedCount };
@@ -471,12 +554,16 @@ export class SkillCliServer {
                 throw new Error('Missing file');
             }
             const url = typeof params.url === 'string' ? params.url.trim() : '';
+            if (url) {
+                assertCookieUrlAllowed(browser_session, url);
+            }
             const allCookies = (await browser_session.get_cookies());
+            const allowedCookies = filterAllowedCookies(browser_session, allCookies);
             const cookies = url
-                ? allCookies.filter((cookie) => cookieMatchesUrl(cookie, url))
-                : allCookies;
+                ? allowedCookies.filter((cookie) => cookieMatchesUrl(cookie, url))
+                : allowedCookies;
             const filePath = path.resolve(file);
-            await fsp.writeFile(filePath, JSON.stringify(cookies, null, 2));
+            await writePrivateJsonFile(filePath, cookies);
             return { file: filePath, count: cookies.length };
         }
         if (action === 'cookies_import') {
@@ -504,8 +591,11 @@ export class SkillCliServer {
                 }
                 return typedCookie;
             });
-            await browser_session.browser_context.addCookies(importedCookies);
-            return { file: filePath, imported: importedCookies.length };
+            const allowedCookies = filterAllowedCookies(browser_session, importedCookies);
+            if (allowedCookies.length > 0) {
+                await browser_session.browser_context.addCookies(allowedCookies);
+            }
+            return { file: filePath, imported: allowedCookies.length };
         }
         if (action === 'close') {
             await this.registry.close_session(sessionName);

package/dist/skill-cli/tunnel.d.ts

@@ -48,6 +48,7 @@ export declare class TunnelManager {
     constructor(options?: TunnelManagerOptions);
     private get_tunnel_file;
     private get_tunnel_log_file;
+    private ensure_tunnel_dir;
     private save_tunnel_info;
     private load_tunnel_info;
     get_binary_path(): string;

package/dist/skill-cli/tunnel.js

@@ -42,9 +42,18 @@ export class TunnelManager {
     get_tunnel_log_file(port) {
         return path.join(this.tunnel_dir, `${port}.log`);
     }
+    ensure_tunnel_dir() {
+        fs.mkdirSync(this.tunnel_dir, { recursive: true, mode: 0o700 });
+        if (process.platform !== 'win32') {
+            fs.chmodSync(this.tunnel_dir, 0o700);
+        }
+    }
     save_tunnel_info(port, pid, url) {
-        fs.mkdirSync(this.tunnel_dir, { recursive: true });
-        fs.writeFileSync(this.get_tunnel_file(port), JSON.stringify({ port, pid, url }), 'utf-8');
+        this.ensure_tunnel_dir();
+        fs.writeFileSync(this.get_tunnel_file(port), JSON.stringify({ port, pid, url }), { encoding: 'utf-8', mode: 0o600 });
+        if (process.platform !== 'win32') {
+            fs.chmodSync(this.get_tunnel_file(port), 0o600);
+        }
     }
     load_tunnel_info(port) {
         const filePath = this.get_tunnel_file(port);
@@ -122,9 +131,12 @@ export class TunnelManager {
         catch (error) {
             return { error: error.message };
         }
-        fs.mkdirSync(this.tunnel_dir, { recursive: true });
+        this.ensure_tunnel_dir();
         const logPath = this.get_tunnel_log_file(port);
-        const logFd = fs.openSync(logPath, 'w');
+        const logFd = fs.openSync(logPath, 'w', 0o600);
+        if (process.platform !== 'win32') {
+            fs.chmodSync(logPath, 0o600);
+        }
         try {
             const child = this.spawn_impl(binaryPath, ['tunnel', '--url', `http://localhost:${port}`], {
                 detached: true,

package/dist/sync/auth.js

@@ -10,7 +10,26 @@ const CONFIG_DIR = () => CONFIG.BROWSER_USE_CONFIG_DIR ?? path.join(process.cwd(
 const DEVICE_ID_PATH = () => path.join(CONFIG_DIR(), 'device_id');
 const CLOUD_AUTH_PATH = () => path.join(CONFIG_DIR(), 'cloud_auth.json');
 const ensureDir = () => {
-    fs.mkdirSync(CONFIG_DIR(), { recursive: true });
+    fs.mkdirSync(CONFIG_DIR(), { recursive: true, mode: 0o700 });
+    if (process.platform !== 'win32') {
+        try {
+            fs.chmodSync(CONFIG_DIR(), 0o700);
+        }
+        catch {
+            /* noop */
+        }
+    }
+};
+const writePrivateFile = (filePath, contents) => {
+    fs.writeFileSync(filePath, contents, { encoding: 'utf-8', mode: 0o600 });
+    if (process.platform !== 'win32') {
+        try {
+            fs.chmodSync(filePath, 0o600);
+        }
+        catch {
+            /* noop */
+        }
+    }
 };
 const loadAuthConfig = () => {
     try {
@@ -28,13 +47,7 @@ const loadAuthConfig = () => {
 };
 const saveAuthConfig = (config) => {
     ensureDir();
-    fs.writeFileSync(CLOUD_AUTH_PATH(), JSON.stringify(config, null, 2), 'utf-8');
-    try {
-        fs.chmodSync(CLOUD_AUTH_PATH(), 0o600);
-    }
-    catch {
-        /* noop */
-    }
+    writePrivateFile(CLOUD_AUTH_PATH(), JSON.stringify(config, null, 2));
 };
 export const load_cloud_auth_config = () => loadAuthConfig();
 export const save_cloud_api_token = (api_token, user_id = TEMP_USER_ID) => {
@@ -60,7 +73,7 @@ const getOrCreateDeviceId = () => {
         /* continue */
     }
     const deviceId = uuid7str();
-    fs.writeFileSync(DEVICE_ID_PATH(), deviceId, 'utf-8');
+    writePrivateFile(DEVICE_ID_PATH(), deviceId);
     return deviceId;
 };
 const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));

package/dist/telemetry/service.js

@@ -8,6 +8,17 @@ const logger = createLogger('browser_use.telemetry');
 const POSTHOG_EVENT_SETTINGS = {
     process_person_profile: true,
 };
+const chmodPrivate = (target, mode) => {
+    if (process.platform === 'win32') {
+        return;
+    }
+    try {
+        fs.chmodSync(target, mode);
+    }
+    catch {
+        /* noop */
+    }
+};
 export class ProductTelemetry {
     client = null;
     debugLogging;
@@ -68,13 +79,21 @@ export class ProductTelemetry {
         }
         try {
             if (!fs.existsSync(this.userIdFile)) {
-                fs.mkdirSync(path.dirname(this.userIdFile), { recursive: true });
+                fs.mkdirSync(path.dirname(this.userIdFile), {
+                    recursive: true,
+                    mode: 0o700,
+                });
+                chmodPrivate(path.dirname(this.userIdFile), 0o700);
                 this.cachedUserId = uuid7str();
-                fs.writeFileSync(this.userIdFile, this.cachedUserId, 'utf-8');
+                fs.writeFileSync(this.userIdFile, this.cachedUserId, {
+                    encoding: 'utf-8',
+                    mode: 0o600,
+                });
             }
             else {
                 this.cachedUserId = fs.readFileSync(this.userIdFile, 'utf-8');
             }
+            chmodPrivate(this.userIdFile, 0o600);
         }
         catch {
             this.cachedUserId = 'UNKNOWN_USER_ID';

package/dist/telemetry/views.js

@@ -8,6 +8,29 @@ export class BaseTelemetryEvent {
         };
     }
 }
+const REDACTED_TELEMETRY_VALUE = '<redacted>';
+const redactSequence = (value) => {
+    if (!Array.isArray(value)) {
+        return value;
+    }
+    return value.map((entry) => entry == null ? entry : REDACTED_TELEMETRY_VALUE);
+};
+const summarizeActionHistory = (value) => {
+    if (!Array.isArray(value)) {
+        return value;
+    }
+    return value.map((step) => {
+        if (!Array.isArray(step)) {
+            return step;
+        }
+        return step.map((action) => ({
+            action: action && typeof action === 'object'
+                ? (Object.keys(action)[0] ?? 'unknown')
+                : 'unknown',
+        }));
+    });
+};
+const redactNullableString = (value) => value ? REDACTED_TELEMETRY_VALUE : null;
 export class AgentTelemetryEvent extends BaseTelemetryEvent {
     name = 'agent_event';
     task;
@@ -39,7 +62,7 @@ export class AgentTelemetryEvent extends BaseTelemetryEvent {
     judge_impossible_task;
     constructor(payload) {
         super();
-        this.task = payload.task;
+        this.task = payload.task ? REDACTED_TELEMETRY_VALUE : '';
         this.model = payload.model;
         this.model_provider = payload.model_provider;
         this.max_steps = payload.max_steps;
@@ -49,9 +72,9 @@ export class AgentTelemetryEvent extends BaseTelemetryEvent {
         this.source = payload.source;
         this.cdp_url = payload.cdp_url;
         this.agent_type = payload.agent_type;
-        this.action_errors = payload.action_errors;
-        this.action_history = payload.action_history;
-        this.urls_visited = payload.urls_visited;
+        this.action_errors = redactSequence(payload.action_errors);
+        this.action_history = summarizeActionHistory(payload.action_history);
+        this.urls_visited = redactSequence(payload.urls_visited);
         this.steps = payload.steps;
         this.total_input_tokens = payload.total_input_tokens;
         this.total_output_tokens = payload.total_output_tokens;
@@ -59,11 +82,11 @@ export class AgentTelemetryEvent extends BaseTelemetryEvent {
         this.total_tokens = payload.total_tokens;
         this.total_duration_seconds = payload.total_duration_seconds;
         this.success = payload.success;
-        this.final_result_response = payload.final_result_response;
-        this.error_message = payload.error_message;
+        this.final_result_response = redactNullableString(payload.final_result_response);
+        this.error_message = redactNullableString(payload.error_message);
         this.judge_verdict = payload.judge_verdict ?? null;
-        this.judge_reasoning = payload.judge_reasoning ?? null;
-        this.judge_failure_reason = payload.judge_failure_reason ?? null;
+        this.judge_reasoning = redactNullableString(payload.judge_reasoning);
+        this.judge_failure_reason = redactNullableString(payload.judge_failure_reason);
         this.judge_reached_captcha = payload.judge_reached_captcha ?? null;
         this.judge_impossible_task = payload.judge_impossible_task ?? null;
     }

package/dist/tokens/custom-pricing.js

@@ -18,5 +18,5 @@ export const CUSTOM_MODEL_PRICING = {
         max_output_tokens: null,
     },
 };
-CUSTOM_MODEL_PRICING['bu-latest'] = CUSTOM_MODEL_PRICING['bu-1-0'];
-CUSTOM_MODEL_PRICING.smart = CUSTOM_MODEL_PRICING['bu-1-0'];
+CUSTOM_MODEL_PRICING['bu-latest'] = CUSTOM_MODEL_PRICING['bu-2-0'];
+CUSTOM_MODEL_PRICING.smart = CUSTOM_MODEL_PRICING['bu-2-0'];

package/dist/tokens/openrouter-pricing.d.ts

@@ -0,0 +1,11 @@
+import type { ModelPricing } from './views.js';
+export declare const OPENROUTER_MODELS_URL = "https://openrouter.ai/api/v1/models";
+export declare const OPENROUTER_MODELS_CACHE_MS: number;
+type OpenRouterMetadata = Record<string, any>;
+export declare const isOpenRouterPricingModel: (modelName: string) => boolean;
+export declare const resetOpenRouterPricingCacheForTesting: () => void;
+export declare function getOpenRouterModelsMetadata(refresh?: boolean): Promise<Record<string, OpenRouterMetadata>>;
+export declare function getOpenRouterModelMetadata(modelName: string, refresh?: boolean): Promise<OpenRouterMetadata | null>;
+export declare function modelPricingFromOpenRouterMetadata(modelName: string, metadata: OpenRouterMetadata): ModelPricing | null;
+export declare function getOpenRouterModelPricing(modelName: string, refresh?: boolean): Promise<ModelPricing | null>;
+export {};

package/dist/tokens/openrouter-pricing.js

@@ -0,0 +1,102 @@
+import axios from 'axios';
+import { createLogger } from '../logging-config.js';
+const logger = createLogger('browser_use.tokens.openrouter');
+export const OPENROUTER_MODELS_URL = 'https://openrouter.ai/api/v1/models';
+export const OPENROUTER_MODELS_CACHE_MS = 60 * 60 * 1000;
+let openRouterModelsCache = null;
+let openRouterModelsCacheFetchedAt = 0;
+const floatOrNull = (value) => {
+    if (value == null || value === '')
+        return null;
+    const parsed = Number(value);
+    return Number.isFinite(parsed) ? parsed : null;
+};
+const intOrNull = (value) => {
+    if (value == null || value === '')
+        return null;
+    const parsed = Number(value);
+    return Number.isFinite(parsed) ? Math.trunc(parsed) : null;
+};
+const normalizeOpenRouterModelId = (modelName) => {
+    let modelId = modelName;
+    if (modelId.startsWith('openrouter/')) {
+        modelId = modelId.slice('openrouter/'.length);
+    }
+    else if (modelId.startsWith('openrouter-')) {
+        modelId = modelId.slice('openrouter-'.length);
+    }
+    return modelId.includes('/') ? modelId : null;
+};
+export const isOpenRouterPricingModel = (modelName) => modelName.startsWith('openrouter/') || modelName.startsWith('openrouter-');
+export const resetOpenRouterPricingCacheForTesting = () => {
+    openRouterModelsCache = null;
+    openRouterModelsCacheFetchedAt = 0;
+};
+export async function getOpenRouterModelsMetadata(refresh = false) {
+    const now = Date.now();
+    if (!refresh &&
+        openRouterModelsCache &&
+        now - openRouterModelsCacheFetchedAt < OPENROUTER_MODELS_CACHE_MS) {
+        return openRouterModelsCache;
+    }
+    try {
+        const response = await axios.get(OPENROUTER_MODELS_URL, { timeout: 30_000 });
+        const models = Array.isArray(response.data?.data) ? response.data.data : [];
+        openRouterModelsCache = {};
+        for (const model of models) {
+            if (model &&
+                typeof model === 'object' &&
+                typeof model.id === 'string') {
+                openRouterModelsCache[model.id] =
+                    model;
+            }
+        }
+        openRouterModelsCacheFetchedAt = now;
+        return openRouterModelsCache;
+    }
+    catch (error) {
+        logger.debug(`Failed to fetch OpenRouter pricing: ${error.message}`);
+        return openRouterModelsCache ?? {};
+    }
+}
+export async function getOpenRouterModelMetadata(modelName, refresh = false) {
+    const modelId = normalizeOpenRouterModelId(modelName);
+    if (!modelId) {
+        return null;
+    }
+    const models = await getOpenRouterModelsMetadata(refresh);
+    return models[modelId] ?? null;
+}
+export function modelPricingFromOpenRouterMetadata(modelName, metadata) {
+    const pricing = metadata.pricing;
+    if (!pricing || typeof pricing !== 'object') {
+        return null;
+    }
+    const inputCost = floatOrNull(pricing.prompt);
+    const outputCost = floatOrNull(pricing.completion);
+    if (inputCost == null && outputCost == null) {
+        return null;
+    }
+    const contextLength = intOrNull(metadata.context_length);
+    const topProvider = metadata.top_provider;
+    const maxOutputTokens = topProvider && typeof topProvider === 'object'
+        ? intOrNull(topProvider.max_completion_tokens)
+        : null;
+    return {
+        model: modelName,
+        input_cost_per_token: inputCost,
+        output_cost_per_token: outputCost,
+        cache_read_input_token_cost: floatOrNull(pricing.input_cache_read),
+        cache_creation_input_token_cost: floatOrNull(pricing.input_cache_write),
+        max_tokens: contextLength,
+        max_input_tokens: contextLength,
+        max_output_tokens: maxOutputTokens,
+    };
+}
+export async function getOpenRouterModelPricing(modelName, refresh = false) {
+    const metadata = await getOpenRouterModelMetadata(modelName, refresh);
+    if (!metadata) {
+        return null;
+    }
+    return modelPricingFromOpenRouterMetadata(modelName, metadata);
+}

package/dist/tokens/service.js

@@ -7,6 +7,7 @@ import { createLogger } from '../logging-config.js';
 import { create_task_with_error_handling } from '../utils.js';
 import { CUSTOM_MODEL_PRICING } from './custom-pricing.js';
 import { MODEL_TO_LITELLM } from './mappings.js';
+import { getOpenRouterModelPricing, isOpenRouterPricingModel, } from './openrouter-pricing.js';
 const logger = createLogger('browser_use.tokens');
 const costLogger = createLogger('browser_use.tokens.cost');
 const PRICING_URL = 'https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json';
@@ -263,25 +264,28 @@ export class TokenCost {
                 max_output_tokens: customPricing.max_output_tokens ?? null,
             };
         }
-        await this.ensurePricingLoaded();
-        if (!this.pricingData) {
-            return null;
+        if (isOpenRouterPricingModel(modelName)) {
+            const openRouterPricing = await getOpenRouterModelPricing(modelName);
+            if (openRouterPricing) {
+                return openRouterPricing;
+            }
         }
+        await this.ensurePricingLoaded();
         const litellmModelName = MODEL_TO_LITELLM[modelName] ?? modelName;
-        const pricing = this.pricingData[litellmModelName];
-        if (!pricing) {
-            return null;
+        const pricing = this.pricingData?.[litellmModelName];
+        if (pricing) {
+            return {
+                model: modelName,
+                input_cost_per_token: pricing.input_cost_per_token ?? null,
+                output_cost_per_token: pricing.output_cost_per_token ?? null,
+                cache_read_input_token_cost: pricing.cache_read_input_token_cost ?? null,
+                cache_creation_input_token_cost: pricing.cache_creation_input_token_cost ?? null,
+                max_tokens: pricing.max_tokens ?? null,
+                max_input_tokens: pricing.max_input_tokens ?? null,
+                max_output_tokens: pricing.max_output_tokens ?? null,
+            };
         }
-        return {
-            model: modelName,
-            input_cost_per_token: pricing.input_cost_per_token ?? null,
-            output_cost_per_token: pricing.output_cost_per_token ?? null,
-            cache_read_input_token_cost: pricing.cache_read_input_token_cost ?? null,
-            cache_creation_input_token_cost: pricing.cache_creation_input_token_cost ?? null,
-            max_tokens: pricing.max_tokens ?? null,
-            max_input_tokens: pricing.max_input_tokens ?? null,
-            max_output_tokens: pricing.max_output_tokens ?? null,
-        };
+        return await getOpenRouterModelPricing(modelName);
     }
     get_usage_tokens_for_model(model) {
         const filtered = this.usageHistory.filter((entry) => entry.model === model);