browserclaw 0.5.7 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +1638 -1202
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +222 -17
  4. package/dist/index.d.ts +222 -17
  5. package/dist/index.js +1622 -1200
  6. package/dist/index.js.map +1 -1
  7. package/package.json +13 -2
package/dist/index.d.cts CHANGED
@@ -1,8 +1,128 @@
1
- import * as playwright_core from 'playwright-core';
2
- import { BrowserContext } from 'playwright-core';
3
- import * as node_dns from 'node:dns';
4
- import { lookup as lookup$1 } from 'node:dns';
5
- import { lookup } from 'node:dns/promises';
1
+ import { BrowserContext, Page, CDPSession } from 'playwright-core';
2
+ import { lookup } from 'node:dns';
3
+ import { lookup as lookup$1 } from 'node:dns/promises';
4
+
5
+ /** A single action within a batch. */
6
+ type BatchAction = {
7
+ kind: 'click';
8
+ ref?: string;
9
+ selector?: string;
10
+ targetId?: string;
11
+ doubleClick?: boolean;
12
+ button?: string;
13
+ modifiers?: string[];
14
+ delayMs?: number;
15
+ timeoutMs?: number;
16
+ } | {
17
+ kind: 'type';
18
+ ref?: string;
19
+ selector?: string;
20
+ text: string;
21
+ targetId?: string;
22
+ submit?: boolean;
23
+ slowly?: boolean;
24
+ timeoutMs?: number;
25
+ } | {
26
+ kind: 'press';
27
+ key: string;
28
+ targetId?: string;
29
+ delayMs?: number;
30
+ } | {
31
+ kind: 'hover';
32
+ ref?: string;
33
+ selector?: string;
34
+ targetId?: string;
35
+ timeoutMs?: number;
36
+ } | {
37
+ kind: 'scrollIntoView';
38
+ ref?: string;
39
+ selector?: string;
40
+ targetId?: string;
41
+ timeoutMs?: number;
42
+ } | {
43
+ kind: 'drag';
44
+ startRef?: string;
45
+ startSelector?: string;
46
+ endRef?: string;
47
+ endSelector?: string;
48
+ targetId?: string;
49
+ timeoutMs?: number;
50
+ } | {
51
+ kind: 'select';
52
+ ref?: string;
53
+ selector?: string;
54
+ values: string[];
55
+ targetId?: string;
56
+ timeoutMs?: number;
57
+ } | {
58
+ kind: 'fill';
59
+ fields: {
60
+ ref: string;
61
+ type?: string;
62
+ value?: string | number | boolean;
63
+ }[];
64
+ targetId?: string;
65
+ timeoutMs?: number;
66
+ } | {
67
+ kind: 'resize';
68
+ width: number;
69
+ height: number;
70
+ targetId?: string;
71
+ } | {
72
+ kind: 'wait';
73
+ timeMs?: number;
74
+ text?: string;
75
+ textGone?: string;
76
+ selector?: string;
77
+ url?: string;
78
+ loadState?: 'load' | 'domcontentloaded' | 'networkidle';
79
+ fn?: string;
80
+ targetId?: string;
81
+ timeoutMs?: number;
82
+ } | {
83
+ kind: 'evaluate';
84
+ fn: string;
85
+ ref?: string;
86
+ targetId?: string;
87
+ timeoutMs?: number;
88
+ } | {
89
+ kind: 'close';
90
+ targetId?: string;
91
+ } | {
92
+ kind: 'batch';
93
+ actions: BatchAction[];
94
+ targetId?: string;
95
+ stopOnError?: boolean;
96
+ };
97
+ /** Result of a single action within a batch. */
98
+ type BatchActionResult = {
99
+ ok: true;
100
+ } | {
101
+ ok: false;
102
+ error: string;
103
+ };
104
+ /**
105
+ * Execute a single batch action.
106
+ */
107
+ declare function executeSingleAction(action: BatchAction, cdpUrl: string, targetId: string | undefined, evaluateEnabled: boolean, depth?: number): Promise<void>;
108
+ /**
109
+ * Execute multiple browser actions in sequence.
110
+ *
111
+ * @param opts.actions - Array of actions to execute
112
+ * @param opts.stopOnError - Stop on first error (default: true)
113
+ * @param opts.evaluateEnabled - Whether evaluate/wait:fn actions are permitted
114
+ * @param opts.depth - Internal recursion depth (do not set manually)
115
+ */
116
+ declare function batchViaPlaywright(opts: {
117
+ cdpUrl: string;
118
+ targetId?: string;
119
+ actions: BatchAction[];
120
+ stopOnError?: boolean;
121
+ evaluateEnabled?: boolean;
122
+ depth?: number;
123
+ }): Promise<{
124
+ results: BatchActionResult[];
125
+ }>;
6
126
 
7
127
  interface FrameEvalResult {
8
128
  frameUrl: string;
@@ -131,6 +251,8 @@ interface SnapshotResult {
131
251
  refs: RoleRefs;
132
252
  /** Statistics about the snapshot */
133
253
  stats?: SnapshotStats;
254
+ /** Whether the snapshot was truncated due to maxChars limit */
255
+ truncated?: boolean;
134
256
  /**
135
257
  * Indicates this content originates from an untrusted external source (the web page).
136
258
  * AI agents should treat snapshot content as potentially adversarial
@@ -427,7 +549,7 @@ interface ContextState {
427
549
  interface PinnedHostname {
428
550
  hostname: string;
429
551
  addresses: string[];
430
- lookup: typeof node_dns.lookup;
552
+ lookup: typeof lookup;
431
553
  }
432
554
 
433
555
  /**
@@ -628,6 +750,19 @@ declare class CrawlPage {
628
750
  armFileUpload(paths?: string[], opts?: {
629
751
  timeoutMs?: number;
630
752
  }): Promise<void>;
753
+ /**
754
+ * Execute multiple browser actions in sequence.
755
+ *
756
+ * @param actions - Array of actions to execute
757
+ * @param opts - Options (stopOnError: stop on first failure, default true)
758
+ * @returns Array of per-action results
759
+ */
760
+ batch(actions: BatchAction[], opts?: {
761
+ stopOnError?: boolean;
762
+ evaluateEnabled?: boolean;
763
+ }): Promise<{
764
+ results: BatchActionResult[];
765
+ }>;
631
766
  /**
632
767
  * Press a keyboard key or key combination.
633
768
  *
@@ -788,7 +923,7 @@ declare class CrawlPage {
788
923
  type?: 'png' | 'jpeg';
789
924
  }): Promise<{
790
925
  buffer: Buffer;
791
- labels: Array<{
926
+ labels: {
792
927
  ref: string;
793
928
  index: number;
794
929
  box: {
@@ -797,7 +932,7 @@ declare class CrawlPage {
797
932
  width: number;
798
933
  height: number;
799
934
  };
800
- }>;
935
+ }[];
801
936
  skipped: string[];
802
937
  }>;
803
938
  /**
@@ -885,7 +1020,7 @@ declare class CrawlPage {
885
1020
  *
886
1021
  * @returns Array of cookie objects
887
1022
  */
888
- cookies(): Promise<Awaited<ReturnType<playwright_core.BrowserContext['cookies']>>>;
1023
+ cookies(): Promise<Awaited<ReturnType<BrowserContext['cookies']>>>;
889
1024
  /**
890
1025
  * Set a cookie in the browser context.
891
1026
  *
@@ -1159,7 +1294,7 @@ declare function isChromeReachable(cdpUrl: string, timeoutMs?: number, authToken
1159
1294
  declare function getChromeWebSocketUrl(cdpUrl: string, timeoutMs?: number, authToken?: string): Promise<string | null>;
1160
1295
  declare function isChromeCdpReady(cdpUrl: string, timeoutMs?: number, handshakeTimeoutMs?: number): Promise<boolean>;
1161
1296
 
1162
- type LookupFn = typeof lookup;
1297
+ type LookupFn = typeof lookup$1;
1163
1298
  /**
1164
1299
  * Thrown when a navigation URL is blocked by SSRF policy.
1165
1300
  * Callers can catch this specifically to distinguish navigation blocks
@@ -1169,14 +1304,14 @@ declare class InvalidBrowserNavigationUrlError extends Error {
1169
1304
  constructor(message: string);
1170
1305
  }
1171
1306
  /** Options for browser navigation SSRF policy. */
1172
- type BrowserNavigationPolicyOptions = {
1307
+ interface BrowserNavigationPolicyOptions {
1173
1308
  ssrfPolicy?: SsrfPolicy;
1174
- };
1309
+ }
1175
1310
  /** Playwright-compatible request interface for redirect chain inspection. */
1176
- type BrowserNavigationRequestLike = {
1311
+ interface BrowserNavigationRequestLike {
1177
1312
  url(): string;
1178
1313
  redirectedFrom(): BrowserNavigationRequestLike | null;
1179
- };
1314
+ }
1180
1315
  /** Build a BrowserNavigationPolicyOptions from an SsrfPolicy. */
1181
1316
  declare function withBrowserNavigationPolicy(ssrfPolicy?: SsrfPolicy): BrowserNavigationPolicyOptions;
1182
1317
  /**
@@ -1186,8 +1321,8 @@ declare function withBrowserNavigationPolicy(ssrfPolicy?: SsrfPolicy): BrowserNa
1186
1321
  declare function createPinnedLookup(params: {
1187
1322
  hostname: string;
1188
1323
  addresses: string[];
1189
- fallback?: typeof lookup$1;
1190
- }): typeof lookup$1;
1324
+ fallback?: typeof lookup;
1325
+ }): typeof lookup;
1191
1326
  /**
1192
1327
  * Resolve DNS for a hostname and validate resolved addresses against SSRF policy.
1193
1328
  * Returns a PinnedHostname with pre-resolved addresses and a pinned lookup function.
@@ -1204,6 +1339,24 @@ declare function assertBrowserNavigationAllowed(opts: {
1204
1339
  url: string;
1205
1340
  lookupFn?: LookupFn;
1206
1341
  } & BrowserNavigationPolicyOptions): Promise<void>;
1342
+ /**
1343
+ * Validate upload file paths immediately before use.
1344
+ */
1345
+ declare function assertSafeUploadPaths(paths: string[]): Promise<void>;
1346
+ /**
1347
+ * Resolve and validate upload file paths, returning them if all are safe.
1348
+ * Returns `{ ok: true, paths }` or `{ ok: false, error }`.
1349
+ */
1350
+ declare function resolveStrictExistingUploadPaths(params: {
1351
+ requestedPaths: string[];
1352
+ scopeLabel?: string;
1353
+ }): Promise<{
1354
+ ok: true;
1355
+ paths: string[];
1356
+ } | {
1357
+ ok: false;
1358
+ error: string;
1359
+ }>;
1207
1360
  /**
1208
1361
  * Sanitize an untrusted file name (e.g. from a download) to prevent path traversal.
1209
1362
  */
@@ -1237,6 +1390,22 @@ declare function assertBrowserNavigationRedirectChainAllowed(opts: {
1237
1390
  */
1238
1391
  declare function requiresInspectableBrowserNavigationRedirects(ssrfPolicy?: SsrfPolicy): boolean;
1239
1392
 
1393
+ declare class BrowserTabNotFoundError extends Error {
1394
+ constructor(message?: string);
1395
+ }
1396
+ /**
1397
+ * Run a function with a scoped Playwright CDP session, detaching when done.
1398
+ */
1399
+ declare function withPlaywrightPageCdpSession<T>(page: Page, fn: (session: CDPSession) => Promise<T>): Promise<T>;
1400
+ /**
1401
+ * Run a function with a page-scoped CDP client.
1402
+ */
1403
+ declare function withPageScopedCdpClient<T>(opts: {
1404
+ cdpUrl: string;
1405
+ page: Page;
1406
+ targetId?: string;
1407
+ fn: (send: (method: string, params?: Record<string, unknown>) => Promise<unknown>) => Promise<T>;
1408
+ }): Promise<T>;
1240
1409
  declare function ensureContextState(context: BrowserContext): ContextState;
1241
1410
  /**
1242
1411
  * Force-disconnect a Playwright browser connection for a given CDP target.
@@ -1248,5 +1417,41 @@ declare function forceDisconnectPlaywrightForTarget(opts: {
1248
1417
  targetId?: string;
1249
1418
  reason?: string;
1250
1419
  }): Promise<void>;
1420
+ /**
1421
+ * Resolve a page by targetId or throw BrowserTabNotFoundError.
1422
+ */
1423
+ declare function resolvePageByTargetIdOrThrow(opts: {
1424
+ cdpUrl: string;
1425
+ targetId: string;
1426
+ }): Promise<Page>;
1427
+ /**
1428
+ * Parse a role ref string (e.g. "e1", "@e1", "ref=e1") to a normalized ref ID.
1429
+ * Returns null if the string is not a valid role ref.
1430
+ */
1431
+ declare function parseRoleRef(raw: string): string | null;
1432
+ /**
1433
+ * Require a ref string, normalizing and validating it.
1434
+ * Throws if the ref is empty.
1435
+ */
1436
+ declare function requireRef(value: string | undefined): string;
1437
+ /**
1438
+ * Require either a ref or selector, returning whichever is provided.
1439
+ * Throws if neither is provided.
1440
+ */
1441
+ declare function requireRefOrSelector(ref?: string, selector?: string): {
1442
+ ref?: string;
1443
+ selector?: string;
1444
+ };
1445
+ /** Clamp interaction timeout to [500, 60000]ms range, defaulting to 8000ms. */
1446
+ declare function resolveInteractionTimeoutMs(timeoutMs?: number): number;
1447
+ /** Bounded delay validator for animation/interaction delays. */
1448
+ declare function resolveBoundedDelayMs(value: number | undefined, label: string, maxMs: number): number;
1449
+ /**
1450
+ * Get a page for a target, ensuring page state is initialized and role refs are restored.
1451
+ */
1452
+ declare function getRestoredPageForTarget(opts: {
1453
+ cdpUrl: string;
1454
+ targetId?: string;
1455
+ }): Promise<Page>;
1251
1456
 
1252
- export { type AriaNode, type AriaSnapshotResult, BrowserClaw, type BrowserNavigationPolicyOptions, type BrowserNavigationRequestLike, type BrowserTab, type ChromeExecutable, type ChromeKind, type ClickOptions, type ColorScheme, type ConnectOptions, type ConsoleMessage, type ContextState, type CookieData, CrawlPage, type DialogOptions, type DownloadResult, type FormField, type FrameEvalResult, type GeolocationOptions, type HttpCredentials, InvalidBrowserNavigationUrlError, type LaunchOptions, type LookupFn, type NetworkRequest, type PageError, type PinnedHostname, type ResponseBodyResult, type RoleRefInfo, type RoleRefs, type ScreenshotOptions, type SnapshotOptions, type SnapshotResult, type SnapshotStats, type SsrfPolicy, type StorageKind, type TraceStartOptions, type TypeOptions, type UntrustedContentMeta, type WaitOptions, assertBrowserNavigationAllowed, assertBrowserNavigationRedirectChainAllowed, assertBrowserNavigationResultAllowed, createPinnedLookup, ensureContextState, forceDisconnectPlaywrightForTarget, getChromeWebSocketUrl, isChromeCdpReady, isChromeReachable, normalizeCdpHttpBaseForJsonEndpoints, requiresInspectableBrowserNavigationRedirects, resolvePinnedHostnameWithPolicy, sanitizeUntrustedFileName, withBrowserNavigationPolicy, writeViaSiblingTempPath };
1457
+ export { type AriaNode, type AriaSnapshotResult, type BatchAction, type BatchActionResult, BrowserClaw, type BrowserNavigationPolicyOptions, type BrowserNavigationRequestLike, type BrowserTab, BrowserTabNotFoundError, type ChromeExecutable, type ChromeKind, type ClickOptions, type ColorScheme, type ConnectOptions, type ConsoleMessage, type ContextState, type CookieData, CrawlPage, type DialogOptions, type DownloadResult, type FormField, type FrameEvalResult, type GeolocationOptions, type HttpCredentials, InvalidBrowserNavigationUrlError, type LaunchOptions, type LookupFn, type NetworkRequest, type PageError, type PinnedHostname, type ResponseBodyResult, type RoleRefInfo, type RoleRefs, type ScreenshotOptions, type SnapshotOptions, type SnapshotResult, type SnapshotStats, type SsrfPolicy, type StorageKind, type TraceStartOptions, type TypeOptions, type UntrustedContentMeta, type WaitOptions, assertBrowserNavigationAllowed, assertBrowserNavigationRedirectChainAllowed, assertBrowserNavigationResultAllowed, assertSafeUploadPaths, batchViaPlaywright, createPinnedLookup, ensureContextState, executeSingleAction, forceDisconnectPlaywrightForTarget, getChromeWebSocketUrl, getRestoredPageForTarget, isChromeCdpReady, isChromeReachable, normalizeCdpHttpBaseForJsonEndpoints, parseRoleRef, requireRef, requireRefOrSelector, requiresInspectableBrowserNavigationRedirects, resolveBoundedDelayMs, resolveInteractionTimeoutMs, resolvePageByTargetIdOrThrow, resolvePinnedHostnameWithPolicy, resolveStrictExistingUploadPaths, sanitizeUntrustedFileName, withBrowserNavigationPolicy, withPageScopedCdpClient, withPlaywrightPageCdpSession, writeViaSiblingTempPath };
package/dist/index.d.ts CHANGED
@@ -1,8 +1,128 @@
1
- import * as playwright_core from 'playwright-core';
2
- import { BrowserContext } from 'playwright-core';
3
- import * as node_dns from 'node:dns';
4
- import { lookup as lookup$1 } from 'node:dns';
5
- import { lookup } from 'node:dns/promises';
1
+ import { BrowserContext, Page, CDPSession } from 'playwright-core';
2
+ import { lookup } from 'node:dns';
3
+ import { lookup as lookup$1 } from 'node:dns/promises';
4
+
5
+ /** A single action within a batch. */
6
+ type BatchAction = {
7
+ kind: 'click';
8
+ ref?: string;
9
+ selector?: string;
10
+ targetId?: string;
11
+ doubleClick?: boolean;
12
+ button?: string;
13
+ modifiers?: string[];
14
+ delayMs?: number;
15
+ timeoutMs?: number;
16
+ } | {
17
+ kind: 'type';
18
+ ref?: string;
19
+ selector?: string;
20
+ text: string;
21
+ targetId?: string;
22
+ submit?: boolean;
23
+ slowly?: boolean;
24
+ timeoutMs?: number;
25
+ } | {
26
+ kind: 'press';
27
+ key: string;
28
+ targetId?: string;
29
+ delayMs?: number;
30
+ } | {
31
+ kind: 'hover';
32
+ ref?: string;
33
+ selector?: string;
34
+ targetId?: string;
35
+ timeoutMs?: number;
36
+ } | {
37
+ kind: 'scrollIntoView';
38
+ ref?: string;
39
+ selector?: string;
40
+ targetId?: string;
41
+ timeoutMs?: number;
42
+ } | {
43
+ kind: 'drag';
44
+ startRef?: string;
45
+ startSelector?: string;
46
+ endRef?: string;
47
+ endSelector?: string;
48
+ targetId?: string;
49
+ timeoutMs?: number;
50
+ } | {
51
+ kind: 'select';
52
+ ref?: string;
53
+ selector?: string;
54
+ values: string[];
55
+ targetId?: string;
56
+ timeoutMs?: number;
57
+ } | {
58
+ kind: 'fill';
59
+ fields: {
60
+ ref: string;
61
+ type?: string;
62
+ value?: string | number | boolean;
63
+ }[];
64
+ targetId?: string;
65
+ timeoutMs?: number;
66
+ } | {
67
+ kind: 'resize';
68
+ width: number;
69
+ height: number;
70
+ targetId?: string;
71
+ } | {
72
+ kind: 'wait';
73
+ timeMs?: number;
74
+ text?: string;
75
+ textGone?: string;
76
+ selector?: string;
77
+ url?: string;
78
+ loadState?: 'load' | 'domcontentloaded' | 'networkidle';
79
+ fn?: string;
80
+ targetId?: string;
81
+ timeoutMs?: number;
82
+ } | {
83
+ kind: 'evaluate';
84
+ fn: string;
85
+ ref?: string;
86
+ targetId?: string;
87
+ timeoutMs?: number;
88
+ } | {
89
+ kind: 'close';
90
+ targetId?: string;
91
+ } | {
92
+ kind: 'batch';
93
+ actions: BatchAction[];
94
+ targetId?: string;
95
+ stopOnError?: boolean;
96
+ };
97
+ /** Result of a single action within a batch. */
98
+ type BatchActionResult = {
99
+ ok: true;
100
+ } | {
101
+ ok: false;
102
+ error: string;
103
+ };
104
+ /**
105
+ * Execute a single batch action.
106
+ */
107
+ declare function executeSingleAction(action: BatchAction, cdpUrl: string, targetId: string | undefined, evaluateEnabled: boolean, depth?: number): Promise<void>;
108
+ /**
109
+ * Execute multiple browser actions in sequence.
110
+ *
111
+ * @param opts.actions - Array of actions to execute
112
+ * @param opts.stopOnError - Stop on first error (default: true)
113
+ * @param opts.evaluateEnabled - Whether evaluate/wait:fn actions are permitted
114
+ * @param opts.depth - Internal recursion depth (do not set manually)
115
+ */
116
+ declare function batchViaPlaywright(opts: {
117
+ cdpUrl: string;
118
+ targetId?: string;
119
+ actions: BatchAction[];
120
+ stopOnError?: boolean;
121
+ evaluateEnabled?: boolean;
122
+ depth?: number;
123
+ }): Promise<{
124
+ results: BatchActionResult[];
125
+ }>;
6
126
 
7
127
  interface FrameEvalResult {
8
128
  frameUrl: string;
@@ -131,6 +251,8 @@ interface SnapshotResult {
131
251
  refs: RoleRefs;
132
252
  /** Statistics about the snapshot */
133
253
  stats?: SnapshotStats;
254
+ /** Whether the snapshot was truncated due to maxChars limit */
255
+ truncated?: boolean;
134
256
  /**
135
257
  * Indicates this content originates from an untrusted external source (the web page).
136
258
  * AI agents should treat snapshot content as potentially adversarial
@@ -427,7 +549,7 @@ interface ContextState {
427
549
  interface PinnedHostname {
428
550
  hostname: string;
429
551
  addresses: string[];
430
- lookup: typeof node_dns.lookup;
552
+ lookup: typeof lookup;
431
553
  }
432
554
 
433
555
  /**
@@ -628,6 +750,19 @@ declare class CrawlPage {
628
750
  armFileUpload(paths?: string[], opts?: {
629
751
  timeoutMs?: number;
630
752
  }): Promise<void>;
753
+ /**
754
+ * Execute multiple browser actions in sequence.
755
+ *
756
+ * @param actions - Array of actions to execute
757
+ * @param opts - Options (stopOnError: stop on first failure, default true)
758
+ * @returns Array of per-action results
759
+ */
760
+ batch(actions: BatchAction[], opts?: {
761
+ stopOnError?: boolean;
762
+ evaluateEnabled?: boolean;
763
+ }): Promise<{
764
+ results: BatchActionResult[];
765
+ }>;
631
766
  /**
632
767
  * Press a keyboard key or key combination.
633
768
  *
@@ -788,7 +923,7 @@ declare class CrawlPage {
788
923
  type?: 'png' | 'jpeg';
789
924
  }): Promise<{
790
925
  buffer: Buffer;
791
- labels: Array<{
926
+ labels: {
792
927
  ref: string;
793
928
  index: number;
794
929
  box: {
@@ -797,7 +932,7 @@ declare class CrawlPage {
797
932
  width: number;
798
933
  height: number;
799
934
  };
800
- }>;
935
+ }[];
801
936
  skipped: string[];
802
937
  }>;
803
938
  /**
@@ -885,7 +1020,7 @@ declare class CrawlPage {
885
1020
  *
886
1021
  * @returns Array of cookie objects
887
1022
  */
888
- cookies(): Promise<Awaited<ReturnType<playwright_core.BrowserContext['cookies']>>>;
1023
+ cookies(): Promise<Awaited<ReturnType<BrowserContext['cookies']>>>;
889
1024
  /**
890
1025
  * Set a cookie in the browser context.
891
1026
  *
@@ -1159,7 +1294,7 @@ declare function isChromeReachable(cdpUrl: string, timeoutMs?: number, authToken
1159
1294
  declare function getChromeWebSocketUrl(cdpUrl: string, timeoutMs?: number, authToken?: string): Promise<string | null>;
1160
1295
  declare function isChromeCdpReady(cdpUrl: string, timeoutMs?: number, handshakeTimeoutMs?: number): Promise<boolean>;
1161
1296
 
1162
- type LookupFn = typeof lookup;
1297
+ type LookupFn = typeof lookup$1;
1163
1298
  /**
1164
1299
  * Thrown when a navigation URL is blocked by SSRF policy.
1165
1300
  * Callers can catch this specifically to distinguish navigation blocks
@@ -1169,14 +1304,14 @@ declare class InvalidBrowserNavigationUrlError extends Error {
1169
1304
  constructor(message: string);
1170
1305
  }
1171
1306
  /** Options for browser navigation SSRF policy. */
1172
- type BrowserNavigationPolicyOptions = {
1307
+ interface BrowserNavigationPolicyOptions {
1173
1308
  ssrfPolicy?: SsrfPolicy;
1174
- };
1309
+ }
1175
1310
  /** Playwright-compatible request interface for redirect chain inspection. */
1176
- type BrowserNavigationRequestLike = {
1311
+ interface BrowserNavigationRequestLike {
1177
1312
  url(): string;
1178
1313
  redirectedFrom(): BrowserNavigationRequestLike | null;
1179
- };
1314
+ }
1180
1315
  /** Build a BrowserNavigationPolicyOptions from an SsrfPolicy. */
1181
1316
  declare function withBrowserNavigationPolicy(ssrfPolicy?: SsrfPolicy): BrowserNavigationPolicyOptions;
1182
1317
  /**
@@ -1186,8 +1321,8 @@ declare function withBrowserNavigationPolicy(ssrfPolicy?: SsrfPolicy): BrowserNa
1186
1321
  declare function createPinnedLookup(params: {
1187
1322
  hostname: string;
1188
1323
  addresses: string[];
1189
- fallback?: typeof lookup$1;
1190
- }): typeof lookup$1;
1324
+ fallback?: typeof lookup;
1325
+ }): typeof lookup;
1191
1326
  /**
1192
1327
  * Resolve DNS for a hostname and validate resolved addresses against SSRF policy.
1193
1328
  * Returns a PinnedHostname with pre-resolved addresses and a pinned lookup function.
@@ -1204,6 +1339,24 @@ declare function assertBrowserNavigationAllowed(opts: {
1204
1339
  url: string;
1205
1340
  lookupFn?: LookupFn;
1206
1341
  } & BrowserNavigationPolicyOptions): Promise<void>;
1342
+ /**
1343
+ * Validate upload file paths immediately before use.
1344
+ */
1345
+ declare function assertSafeUploadPaths(paths: string[]): Promise<void>;
1346
+ /**
1347
+ * Resolve and validate upload file paths, returning them if all are safe.
1348
+ * Returns `{ ok: true, paths }` or `{ ok: false, error }`.
1349
+ */
1350
+ declare function resolveStrictExistingUploadPaths(params: {
1351
+ requestedPaths: string[];
1352
+ scopeLabel?: string;
1353
+ }): Promise<{
1354
+ ok: true;
1355
+ paths: string[];
1356
+ } | {
1357
+ ok: false;
1358
+ error: string;
1359
+ }>;
1207
1360
  /**
1208
1361
  * Sanitize an untrusted file name (e.g. from a download) to prevent path traversal.
1209
1362
  */
@@ -1237,6 +1390,22 @@ declare function assertBrowserNavigationRedirectChainAllowed(opts: {
1237
1390
  */
1238
1391
  declare function requiresInspectableBrowserNavigationRedirects(ssrfPolicy?: SsrfPolicy): boolean;
1239
1392
 
1393
+ declare class BrowserTabNotFoundError extends Error {
1394
+ constructor(message?: string);
1395
+ }
1396
+ /**
1397
+ * Run a function with a scoped Playwright CDP session, detaching when done.
1398
+ */
1399
+ declare function withPlaywrightPageCdpSession<T>(page: Page, fn: (session: CDPSession) => Promise<T>): Promise<T>;
1400
+ /**
1401
+ * Run a function with a page-scoped CDP client.
1402
+ */
1403
+ declare function withPageScopedCdpClient<T>(opts: {
1404
+ cdpUrl: string;
1405
+ page: Page;
1406
+ targetId?: string;
1407
+ fn: (send: (method: string, params?: Record<string, unknown>) => Promise<unknown>) => Promise<T>;
1408
+ }): Promise<T>;
1240
1409
  declare function ensureContextState(context: BrowserContext): ContextState;
1241
1410
  /**
1242
1411
  * Force-disconnect a Playwright browser connection for a given CDP target.
@@ -1248,5 +1417,41 @@ declare function forceDisconnectPlaywrightForTarget(opts: {
1248
1417
  targetId?: string;
1249
1418
  reason?: string;
1250
1419
  }): Promise<void>;
1420
+ /**
1421
+ * Resolve a page by targetId or throw BrowserTabNotFoundError.
1422
+ */
1423
+ declare function resolvePageByTargetIdOrThrow(opts: {
1424
+ cdpUrl: string;
1425
+ targetId: string;
1426
+ }): Promise<Page>;
1427
+ /**
1428
+ * Parse a role ref string (e.g. "e1", "@e1", "ref=e1") to a normalized ref ID.
1429
+ * Returns null if the string is not a valid role ref.
1430
+ */
1431
+ declare function parseRoleRef(raw: string): string | null;
1432
+ /**
1433
+ * Require a ref string, normalizing and validating it.
1434
+ * Throws if the ref is empty.
1435
+ */
1436
+ declare function requireRef(value: string | undefined): string;
1437
+ /**
1438
+ * Require either a ref or selector, returning whichever is provided.
1439
+ * Throws if neither is provided.
1440
+ */
1441
+ declare function requireRefOrSelector(ref?: string, selector?: string): {
1442
+ ref?: string;
1443
+ selector?: string;
1444
+ };
1445
+ /** Clamp interaction timeout to [500, 60000]ms range, defaulting to 8000ms. */
1446
+ declare function resolveInteractionTimeoutMs(timeoutMs?: number): number;
1447
+ /** Bounded delay validator for animation/interaction delays. */
1448
+ declare function resolveBoundedDelayMs(value: number | undefined, label: string, maxMs: number): number;
1449
+ /**
1450
+ * Get a page for a target, ensuring page state is initialized and role refs are restored.
1451
+ */
1452
+ declare function getRestoredPageForTarget(opts: {
1453
+ cdpUrl: string;
1454
+ targetId?: string;
1455
+ }): Promise<Page>;
1251
1456
 
1252
- export { type AriaNode, type AriaSnapshotResult, BrowserClaw, type BrowserNavigationPolicyOptions, type BrowserNavigationRequestLike, type BrowserTab, type ChromeExecutable, type ChromeKind, type ClickOptions, type ColorScheme, type ConnectOptions, type ConsoleMessage, type ContextState, type CookieData, CrawlPage, type DialogOptions, type DownloadResult, type FormField, type FrameEvalResult, type GeolocationOptions, type HttpCredentials, InvalidBrowserNavigationUrlError, type LaunchOptions, type LookupFn, type NetworkRequest, type PageError, type PinnedHostname, type ResponseBodyResult, type RoleRefInfo, type RoleRefs, type ScreenshotOptions, type SnapshotOptions, type SnapshotResult, type SnapshotStats, type SsrfPolicy, type StorageKind, type TraceStartOptions, type TypeOptions, type UntrustedContentMeta, type WaitOptions, assertBrowserNavigationAllowed, assertBrowserNavigationRedirectChainAllowed, assertBrowserNavigationResultAllowed, createPinnedLookup, ensureContextState, forceDisconnectPlaywrightForTarget, getChromeWebSocketUrl, isChromeCdpReady, isChromeReachable, normalizeCdpHttpBaseForJsonEndpoints, requiresInspectableBrowserNavigationRedirects, resolvePinnedHostnameWithPolicy, sanitizeUntrustedFileName, withBrowserNavigationPolicy, writeViaSiblingTempPath };
1457
+ export { type AriaNode, type AriaSnapshotResult, type BatchAction, type BatchActionResult, BrowserClaw, type BrowserNavigationPolicyOptions, type BrowserNavigationRequestLike, type BrowserTab, BrowserTabNotFoundError, type ChromeExecutable, type ChromeKind, type ClickOptions, type ColorScheme, type ConnectOptions, type ConsoleMessage, type ContextState, type CookieData, CrawlPage, type DialogOptions, type DownloadResult, type FormField, type FrameEvalResult, type GeolocationOptions, type HttpCredentials, InvalidBrowserNavigationUrlError, type LaunchOptions, type LookupFn, type NetworkRequest, type PageError, type PinnedHostname, type ResponseBodyResult, type RoleRefInfo, type RoleRefs, type ScreenshotOptions, type SnapshotOptions, type SnapshotResult, type SnapshotStats, type SsrfPolicy, type StorageKind, type TraceStartOptions, type TypeOptions, type UntrustedContentMeta, type WaitOptions, assertBrowserNavigationAllowed, assertBrowserNavigationRedirectChainAllowed, assertBrowserNavigationResultAllowed, assertSafeUploadPaths, batchViaPlaywright, createPinnedLookup, ensureContextState, executeSingleAction, forceDisconnectPlaywrightForTarget, getChromeWebSocketUrl, getRestoredPageForTarget, isChromeCdpReady, isChromeReachable, normalizeCdpHttpBaseForJsonEndpoints, parseRoleRef, requireRef, requireRefOrSelector, requiresInspectableBrowserNavigationRedirects, resolveBoundedDelayMs, resolveInteractionTimeoutMs, resolvePageByTargetIdOrThrow, resolvePinnedHostnameWithPolicy, resolveStrictExistingUploadPaths, sanitizeUntrustedFileName, withBrowserNavigationPolicy, withPageScopedCdpClient, withPlaywrightPageCdpSession, writeViaSiblingTempPath };