browserclaw 0.3.8 → 0.3.10

package/dist/index.cjs

@@ -382,6 +382,51 @@ async function getChromeWebSocketUrl(cdpUrl, timeoutMs = 500, authToken) {
     clearTimeout(t);
   }
 }
+async function isChromeCdpReady(cdpUrl, timeoutMs = 500, handshakeTimeoutMs = 800) {
+  const wsUrl = await getChromeWebSocketUrl(cdpUrl, timeoutMs);
+  if (!wsUrl) return false;
+  return await canRunCdpHealthCommand(wsUrl, handshakeTimeoutMs);
+}
+async function canRunCdpHealthCommand(wsUrl, timeoutMs = 800) {
+  return new Promise((resolve2) => {
+    let settled = false;
+    const finish = (value) => {
+      if (settled) return;
+      settled = true;
+      clearTimeout(timer);
+      try {
+        ws.close();
+      } catch {
+      }
+      resolve2(value);
+    };
+    const timer = setTimeout(() => finish(false), Math.max(50, timeoutMs + 25));
+    let ws;
+    try {
+      ws = new WebSocket(wsUrl);
+    } catch {
+      finish(false);
+      return;
+    }
+    ws.onopen = () => {
+      try {
+        ws.send(JSON.stringify({ id: 1, method: "Browser.getVersion" }));
+      } catch {
+        finish(false);
+      }
+    };
+    ws.onmessage = (event) => {
+      try {
+        const parsed = JSON.parse(String(event.data));
+        if (parsed?.id !== 1) return;
+        finish(Boolean(parsed.result && typeof parsed.result === "object"));
+      } catch {
+      }
+    };
+    ws.onerror = () => finish(false);
+    ws.onclose = () => finish(false);
+  });
+}
 async function launchChrome(opts = {}) {
   const cdpPort = opts.cdpPort ?? DEFAULT_CDP_PORT;
   await ensurePortAvailable(cdpPort);
@@ -456,18 +501,30 @@ async function launchChrome(opts = {}) {
   }
   const proc = spawnChrome();
   const cdpUrl = `http://127.0.0.1:${cdpPort}`;
+  const stderrChunks = [];
+  const onStderr = (chunk) => {
+    stderrChunks.push(chunk);
+  };
+  proc.stderr?.on("data", onStderr);
   const readyDeadline = Date.now() + 15e3;
   while (Date.now() < readyDeadline) {
     if (await isChromeReachable(cdpUrl, 500)) break;
     await new Promise((r) => setTimeout(r, 200));
   }
   if (!await isChromeReachable(cdpUrl, 500)) {
+    const stderrOutput = Buffer.concat(stderrChunks).toString("utf8").trim();
+    const stderrHint = stderrOutput ? `
+Chrome stderr:
+${stderrOutput.slice(0, 2e3)}` : "";
+    const sandboxHint = process.platform === "linux" && !opts.noSandbox ? "\nHint: If running in a container or as root, try setting noSandbox: true." : "";
     try {
       proc.kill("SIGKILL");
     } catch {
     }
-    throw new Error(`Failed to start Chrome CDP on port ${cdpPort}. Chrome may not have started correctly.`);
+    throw new Error(`Failed to start Chrome CDP on port ${cdpPort}.${sandboxHint}${stderrHint}`);
   }
+  proc.stderr?.off("data", onStderr);
+  stderrChunks.length = 0;
   return {
     pid: proc.pid ?? -1,
     exe,
@@ -1232,7 +1289,8 @@ async function assertBrowserNavigationAllowed(opts) {
     const hostname = parsed.hostname.toLowerCase();
     if (allowedHostnames.some((h) => h.toLowerCase() === hostname)) return;
   }
-  if (await isInternalUrlResolved(rawUrl, opts.lookupFn)) {
+  const ipOpts = { allowRfc2544BenchmarkRange: policy?.allowRfc2544BenchmarkRange };
+  if (await isInternalUrlResolved(rawUrl, opts.lookupFn, ipOpts)) {
     throw new InvalidBrowserNavigationUrlError(
       `Navigation to internal/loopback address blocked: "${rawUrl}". ssrfPolicy.dangerouslyAllowPrivateNetwork is false (strict mode).`
     );
@@ -1347,7 +1405,7 @@ function isUnsupportedIPv4Literal(ip) {
   if (!parts.every(isStrictDecimalOctet)) return true;
   return false;
 }
-function isInternalIP(ip) {
+function isInternalIP(ip, opts) {
   if (!ip.includes(":") && isUnsupportedIPv4Literal(ip)) return true;
   if (/^127\./.test(ip)) return true;
   if (/^10\./.test(ip)) return true;
@@ -1356,6 +1414,7 @@ function isInternalIP(ip) {
   if (/^169\.254\./.test(ip)) return true;
   if (/^100\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\./.test(ip)) return true;
   if (ip === "0.0.0.0") return true;
+  if (!opts?.allowRfc2544BenchmarkRange && /^198\.1[89]\./.test(ip)) return true;
   const lower = ip.toLowerCase();
   if (lower === "::1") return true;
   if (lower.startsWith("fe80:")) return true;
@@ -1364,11 +1423,11 @@ function isInternalIP(ip) {
   const embedded = extractEmbeddedIPv4(lower);
   if (embedded !== null) {
     if (embedded === "") return true;
-    return isInternalIP(embedded);
+    return isInternalIP(embedded, opts);
   }
   return false;
 }
-function isInternalUrl(url) {
+function isInternalUrl(url, opts) {
   let parsed;
   try {
     parsed = new URL(url);
@@ -1377,7 +1436,7 @@ function isInternalUrl(url) {
   }
   const hostname = parsed.hostname.toLowerCase();
   if (hostname === "localhost") return true;
-  if (isInternalIP(hostname)) return true;
+  if (isInternalIP(hostname, opts)) return true;
   if (hostname.endsWith(".local") || hostname.endsWith(".internal") || hostname.endsWith(".localhost")) {
     return true;
   }
@@ -1399,8 +1458,8 @@ async function assertSafeUploadPaths(paths) {
     }
   }
 }
-async function isInternalUrlResolved(url, lookupFn = promises.lookup) {
-  if (isInternalUrl(url)) return true;
+async function isInternalUrlResolved(url, lookupFn = promises.lookup, opts) {
+  if (isInternalUrl(url, opts)) return true;
   let parsed;
   try {
     parsed = new URL(url);
@@ -1409,12 +1468,25 @@ async function isInternalUrlResolved(url, lookupFn = promises.lookup) {
   }
   try {
     const { address } = await lookupFn(parsed.hostname);
-    if (isInternalIP(address)) return true;
+    if (isInternalIP(address, opts)) return true;
   } catch {
     return true;
   }
   return false;
 }
+async function assertBrowserNavigationResultAllowed(opts) {
+  const rawUrl = String(opts.url ?? "").trim();
+  if (!rawUrl) return;
+  let parsed;
+  try {
+    parsed = new URL(rawUrl);
+  } catch {
+    return;
+  }
+  if (NETWORK_NAVIGATION_PROTOCOLS.has(parsed.protocol) || SAFE_NON_NETWORK_URLS.has(parsed.href)) {
+    await assertBrowserNavigationAllowed(opts);
+  }
+}
 
 // src/actions/interaction.ts
 async function clickViaPlaywright(opts) {
@@ -1620,7 +1692,9 @@ async function navigateViaPlaywright(opts) {
   const page = await getPageForTargetId({ cdpUrl: opts.cdpUrl, targetId: opts.targetId });
   ensurePageState(page);
   await page.goto(url, { timeout: normalizeTimeoutMs(opts.timeoutMs, 2e4) });
-  return { url: page.url() };
+  const finalUrl = page.url();
+  await assertBrowserNavigationResultAllowed({ url: finalUrl, ssrfPolicy: policy });
+  return { url: finalUrl };
 }
 async function listPagesViaPlaywright(opts) {
   const { browser } = await connectBrowser(opts.cdpUrl);
@@ -1639,8 +1713,8 @@ async function listPagesViaPlaywright(opts) {
 }
 async function createPageViaPlaywright(opts) {
   const targetUrl = (opts.url ?? "").trim() || "about:blank";
+  const policy = opts.allowInternal ? { ...opts.ssrfPolicy, dangerouslyAllowPrivateNetwork: true } : opts.ssrfPolicy;
   if (targetUrl !== "about:blank") {
-    const policy = opts.allowInternal ? { ...opts.ssrfPolicy, dangerouslyAllowPrivateNetwork: true } : opts.ssrfPolicy;
     await assertBrowserNavigationAllowed({ url: targetUrl, ssrfPolicy: policy });
   }
   const { browser } = await connectBrowser(opts.cdpUrl);
@@ -1649,6 +1723,7 @@ async function createPageViaPlaywright(opts) {
   ensurePageState(page);
   if (targetUrl !== "about:blank") {
     await page.goto(targetUrl, { timeout: normalizeTimeoutMs(void 0, 2e4) });
+    await assertBrowserNavigationResultAllowed({ url: page.url(), ssrfPolicy: policy });
   }
   const tid = await pageTargetId(page).catch(() => null);
   if (!tid) throw new Error("Failed to get targetId for new page");
@@ -3177,6 +3252,7 @@ exports.BrowserClaw = BrowserClaw;
 exports.CrawlPage = CrawlPage;
 exports.InvalidBrowserNavigationUrlError = InvalidBrowserNavigationUrlError;
 exports.assertBrowserNavigationAllowed = assertBrowserNavigationAllowed;
+exports.isChromeCdpReady = isChromeCdpReady;
 exports.withBrowserNavigationPolicy = withBrowserNavigationPolicy;
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map