npm - crawlforge-mcp-server - Versions diffs - 4.7.2 → 4.8.0 - Mend

crawlforge-mcp-server 4.7.2 → 4.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/CLAUDE.md +2 -2
package/package.json +2 -1
package/server.js +42 -9
package/src/cli/commands/init.js +13 -2
package/src/cli/commands/install-skills.js +10 -1
package/src/cli/commands/monitor.js +81 -0
package/src/cli/commands/uninstall-skills.js +10 -1
package/src/core/ActionExecutor.js +51 -9
package/src/core/ElicitationHelper.js +18 -5
package/src/core/LLMsTxtAnalyzer.js +2 -1
package/src/core/MonitorScheduler.js +281 -0
package/src/core/MonitorStore.js +79 -0
package/src/core/ResearchOrchestrator.js +2 -1
package/src/core/crawlers/BFSCrawler.js +2 -1
package/src/skills/agent-skills/crawlforge-batch-automation/SKILL.md +126 -0
package/src/skills/agent-skills/crawlforge-batch-automation/references/actions.md +127 -0
package/src/skills/agent-skills/crawlforge-change-tracking/SKILL.md +116 -0
package/src/skills/agent-skills/crawlforge-deep-research/SKILL.md +108 -0
package/src/skills/agent-skills/crawlforge-deep-research/references/workflows.md +76 -0
package/src/skills/agent-skills/crawlforge-getting-started/SKILL.md +89 -0
package/src/skills/agent-skills/crawlforge-getting-started/references/cli.md +71 -0
package/src/skills/agent-skills/crawlforge-getting-started/references/credits.md +75 -0
package/src/skills/agent-skills/crawlforge-stealth-browsing/SKILL.md +106 -0
package/src/skills/agent-skills/crawlforge-stealth-browsing/references/engine-selection.md +63 -0
package/src/skills/agent-skills/crawlforge-structured-extraction/SKILL.md +121 -0
package/src/skills/agent-skills/crawlforge-structured-extraction/references/templates.md +39 -0
package/src/skills/agent-skills/crawlforge-web-scraping/SKILL.md +141 -0
package/src/skills/agent-skills/crawlforge-web-scraping/references/tool-reference.md +95 -0
package/src/skills/installer.js +186 -34
package/src/tools/advanced/batchScrape/worker.js +8 -2
package/src/tools/basic/_fetch.js +14 -1
package/src/tools/crawl/_sessionContext.js +3 -1
package/src/tools/extract/_fetchAndParse.js +2 -1
package/src/tools/extract/extractContent.js +2 -1
package/src/tools/extract/processDocument.js +2 -1
package/src/tools/scrape/_brandingExtractor.js +378 -0
package/src/tools/scrape/unifiedScrape.js +66 -6
package/src/tools/templates/ScrapeTemplateTool.js +2 -1
package/src/tools/tracking/trackChanges/differ.js +3 -1
package/src/tools/tracking/trackChanges/index.js +74 -21
package/src/tools/tracking/trackChanges/schema.js +7 -2
package/src/utils/hostRateLimiter.js +46 -0
package/src/utils/robotsChecker.js +2 -1
package/src/utils/sitemapParser.js +2 -1
package/src/utils/ssrfGuard.js +161 -0
package/src/utils/ssrfProtection.js +6 -9
package/src/skills/crawlforge-cli.md +0 -157
package/src/skills/crawlforge-mcp.md +0 -80
package/src/skills/crawlforge-research.md +0 -104
package/src/skills/crawlforge-stealth.md +0 -98

package/CLAUDE.md CHANGED Viewed

@@ -62,7 +62,7 @@ These guidelines are working if: fewer unnecessary changes in diffs, fewer rewri
 CrawlForge MCP Server - A professional MCP (Model Context Protocol) server providing 26 web scraping, crawling, and content processing tools (5 inline + 21 advanced).
-**Current Version:** 4.6.0
+**Current Version:** 4.8.0
 ## Development Commands
@@ -241,7 +241,7 @@ When adding a new tool to server.js:
 Key mechanisms for security-conscious future sessions:
-- **SSRF** (`src/utils/ssrfProtection.js`): Every scraped URL validated — http/https only; blocks loopback, RFC1918, IPv6 ULA/link-local, cloud metadata endpoints; blocks dangerous ports (22, 25, 53, 445, 3306, 5432, 6379, 27017, etc.); redirects re-validated per hop, capped at 5; pre-parse path-traversal rejection. Blocklist-based — no per-deployment outbound allowlist.
+- **SSRF** (`src/utils/ssrfGuard.js` enforcing `src/utils/ssrfProtection.js`): As of v4.8.0 SSRF is actually enforced on the live scraping fetch path (previously `ssrfProtection.js` was unwired). `ssrfGuard` injects an undici dispatcher whose connect-time `lookup` validates every connection — initial request and each redirect hop — and pins the validated IP (closing the DNS-rebinding TOCTOU window). Stage 1 (default) blocks loopback, link-local/cloud-metadata (169.254.169.254), and 0.0.0.0; `SSRF_STRICT=true` adds full RFC1918/ULA/etc. enforcement. Kill switch `SSRF_PROTECTION_ENABLED=false`; `ALLOWED_DOMAINS` allowlist bypass. Wired into every read-scrape site (`_fetch.js`, `_fetchAndParse.js`, `batchScrape/worker.js`, `mapSite.js`, `BFSCrawler.js`, extract/template/session/research/llms-txt/robots/sitemap/track-changes fetches) via `ssrfGuard()`/`safeFetch()`. http/https only; dangerous ports + path-traversal still rejected by `ssrfProtection.js`.
 - **endpointGuard** (`src/core/endpointGuard.js`): Hard allow-list of `{crawlforge.dev, www.crawlforge.dev, api.crawlforge.dev}` for the server's own backend calls; HTTPS required; fail-closed. Localhost only in creator mode (v3.0.18).
 - **Action allowlist** (`src/core/ActionExecutor.js`): `scrape_with_actions` accepts only 7 action types: `wait`, `click`, `type`, `press`, `scroll`, `screenshot`, `executeJavaScript`. `executeJavaScript` throws unless `ALLOW_JAVASCRIPT_EXECUTION=true` is set at deploy time (off by default).
 - **Elicitation** (`src/core/ElicitationHelper.js`): User confirmation requested for `deep_research` (>50 URLs), `batch_scrape` (sync, >25 URLs), `crawl_deep` (projected >500 pages), `extract_structured` (schema has >3 required fields, no LLM configured), and credit-low situations. Fail-open if client does not support elicitation.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "crawlforge-mcp-server",
-  "version": "4.7.2",
+  "version": "4.8.0",
   "mcpName": "io.github.mysleekdesigns/crawlforge-mcp-server",
   "description": "CrawlForge MCP Server - Professional Model Context Protocol server with 26 web scraping, crawling, deep-research, and autonomous-extraction tools. Returns clean Markdown and structured JSON for Claude, Cursor, and any MCP client. Defaults to local Ollama for LLM extraction (no API key needed); OpenAI/Anthropic available as opt-in. Includes a unified multi-format scrape tool, an autonomous agent, pre-built site templates, and Camoufox stealth browsing.",
   "main": "server.js",
@@ -22,6 +22,7 @@
     "test:tools": "node test-tools.js",
     "test:real-world": "node test-real-world.js",
     "test:all": "bash run-all-tests.sh",
+    "skills:gen": "node scripts/generate-skill-md.mjs",
     "postinstall": "echo '\nCrawlForge MCP Server installed!\n\nQuick start: run \"npx crawlforge init\" to configure your API key, install skills, and register the MCP server with your AI clients.\nOr run \"npx crawlforge-setup\" to configure your API key only.\n'",
     "docker:build": "docker build -t crawlforge .",
     "docker:dev": "docker-compose up crawlforge-dev",

package/server.js CHANGED Viewed

@@ -154,7 +154,7 @@ const deepResearchTool = new DeepResearchTool();
 const trackChangesTool = new TrackChangesTool();
 const generateLLMsTxtTool = new GenerateLLMsTxtTool();
 const scrapeTemplateTool = new ScrapeTemplateTool(); // D3.3
-const unifiedScrapeTool = new UnifiedScrapeTool(); // D4 D1
+const unifiedScrapeTool = new UnifiedScrapeTool({ actionExecutor: scrapeWithActionsTool.actionExecutor }); // D4 D1 (+v4.8 screenshot reuses the shared browser pool)
 const agentTool = new AgentTool(); // D4 D2
 const stealthBrowserManager = new StealthBrowserManager();
 const localizationManager = new LocalizationManager();
@@ -177,6 +177,7 @@ batchScrapeTool.setMcpServer(server);
 crawlDeepTool.setMcpServer(server);
 extractStructuredTool.setMcpServer(server);
 agentTool.setMcpServer(server); // D4 D2: SamplingClient + Elicitation
+trackChangesTool.setMcpServer(server); // v4.8: SamplingClient for scheduled-monitor goal judging
 AuthManager.setElicitation(elicitation);
 // ─── D1.1 Resource Templates (MCP Resources) ─────────────────────────────────
@@ -813,12 +814,12 @@ server.registerTool("deep_research", {
 // Tool: scrape (D4 D1 — unified multi-format single-fetch)
 server.registerTool("scrape", {
-  description: "Use this when you need multiple content formats from a single URL in one call — e.g. markdown + links + metadata together. One fetch, no N-request fan-out. Formats: \"markdown\", \"html\", \"rawHtml\", \"text\", \"links\", \"metadata\", or {type:\"json\",schema,prompt} for LLM-structured extraction. onlyMainContent:true (default) strips boilerplate via Readability. Partial success: per-format warnings never fail the whole call. Example: scrape({url:\"https://example.com\", formats:[\"markdown\",\"links\",\"metadata\"]})",
+  description: "Use this when you need multiple content formats from a single URL in one call — e.g. markdown + links + metadata together. One fetch, no N-request fan-out. Formats: \"markdown\", \"html\", \"rawHtml\", \"text\", \"links\", \"metadata\", \"branding\" (static design tokens: colors, fonts, logo), \"screenshot\" (renders in a browser, returns crawlforge://screenshot/{id} resources), or {type:\"json\",schema,prompt} for LLM-structured extraction. onlyMainContent:true (default) strips boilerplate via Readability. Partial success: per-format warnings never fail the whole call. Example: scrape({url:\"https://example.com\", formats:[\"markdown\",\"links\",\"branding\"]})",
   annotations: { title: "Scrape (Multi-Format)", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true },
   inputSchema: {
     url: z.string().url().describe("The URL to scrape"),
     formats: z.array(z.union([
-      z.enum(["markdown", "html", "rawHtml", "text", "links", "metadata", "screenshot"]),
+      z.enum(["markdown", "html", "rawHtml", "text", "links", "metadata", "screenshot", "branding"]),
       z.object({
         type: z.literal("json"),
         schema: z.record(z.any()).optional().describe("JSON schema for extraction"),
@@ -826,11 +827,31 @@ server.registerTool("scrape", {
       })
     ])).min(1).optional().default(["markdown"]).describe("Formats to return (default: [\"markdown\"])"),
     onlyMainContent: z.boolean().optional().default(true).describe("Strip boilerplate via Readability (default: true)"),
-    timeoutMs: z.number().min(1000).max(60000).optional().default(15000).describe("Fetch timeout in ms")
+    timeoutMs: z.number().min(1000).max(60000).optional().default(15000).describe("Fetch timeout in ms"),
+    brandingOptions: z.object({
+      fetchLinkedCss: z.boolean().optional().default(true).describe("Fetch linked stylesheets for richer color/font extraction"),
+      maxStylesheets: z.number().min(0).max(20).optional().default(10).describe("Max linked stylesheets to fetch")
+    }).optional().describe("Options for the \"branding\" format"),
+    screenshotOptions: z.object({
+      fullPage: z.boolean().optional().default(false).describe("Capture the full scrollable page"),
+      format: z.enum(["png", "jpeg"]).optional().default("png"),
+      quality: z.number().min(0).max(100).optional().describe("JPEG quality (jpeg only)")
+    }).optional().describe("Options for the \"screenshot\" format")
   }
 }, withAuth("scrape", async (params) => {
   try {
     const result = await unifiedScrapeTool.execute(params);
+    // Publish any captured screenshots as crawlforge://screenshot/{actionId}
+    // resources and annotate each with its URI (mirrors scrape_with_actions).
+    if (Array.isArray(result?.content?.screenshots)) {
+      result.content.screenshots = result.content.screenshots.map((shot) => {
+        if (shot?.actionId && shot?.data) {
+          resourceRegistry.storeScreenshot(shot.actionId, shot.data);
+          return { ...shot, resourceUri: `crawlforge://screenshot/${shot.actionId}` };
+        }
+        return shot;
+      });
+    }
     return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
   } catch (error) {
     return { content: [{ type: "text", text: `Scrape failed: ${error.message}` }], isError: true };
@@ -863,10 +884,10 @@ server.registerTool("track_changes", {
   description: "Use this when you need to monitor a URL for content changes over time — e.g. competitor pricing, regulation updates, product availability. Start with operation:\"create_baseline\", then periodically use operation:\"compare\" to diff. Supports webhooks and scheduled monitoring. Example: track_changes({url: \"https://example.com/pricing\", operation: \"create_baseline\"})",
   annotations: { title: "Track Changes", readOnlyHint: false, destructiveHint: false, idempotentHint: false, openWorldHint: true },
   inputSchema: {
-    url: z.string().url().describe("The URL to track changes for"),
+    url: z.string().url().optional().describe("The URL to track changes for (optional for list_scheduled_monitors)"),
     operation: z.enum([
       'create_baseline', 'compare', 'monitor', 'get_history', 'get_stats',
-      'create_scheduled_monitor', 'stop_scheduled_monitor', 'get_dashboard',
+      'create_scheduled_monitor', 'stop_scheduled_monitor', 'list_scheduled_monitors', 'get_dashboard',
       'export_history', 'create_alert_rule', 'generate_trend_report', 'get_monitoring_templates'
     ]).default('compare').describe("Tracking operation to perform"),
     content: z.string().optional().describe("Content to compare against baseline"),
@@ -930,10 +951,14 @@ server.registerTool("track_changes", {
       }).optional()
     }).optional().describe("Notification configuration for webhooks and Slack"),
     scheduledMonitorOptions: z.object({
-      schedule: z.string().optional(),
+      schedule: z.string().optional().describe("Optional cron expression (power users)"),
       templateId: z.string().optional(),
-      enabled: z.boolean().default(true)
-    }).optional().describe("Scheduled monitoring options with cron expressions"),
+      enabled: z.boolean().default(true),
+      interval: z.number().min(60000).optional().describe("Polling interval in ms (default 1h)"),
+      goal: z.string().optional().describe("Plain-English alert goal; an LLM judges whether a change matches (degrades to threshold if no LLM)"),
+      monitorId: z.string().optional().describe("Monitor id for stop_scheduled_monitor"),
+      notificationThreshold: z.enum(['minor', 'moderate', 'major', 'critical']).optional()
+    }).optional().describe("Scheduled monitoring: recurring compare + notify, optional plain-English goal"),
     alertRuleOptions: z.object({
       ruleId: z.string().optional(),
       condition: z.string().optional(),
@@ -1271,6 +1296,14 @@ async function runServer() {
     await connectStdio(server);
   }
+  // v4.8: start the scheduled-monitor engine (loads persisted monitors, catches
+  // up any due runs). Best-effort — a scheduler failure must not block startup.
+  try {
+    await trackChangesTool.startScheduler();
+  } catch (err) {
+    console.error('Scheduled-monitor engine failed to start:', err.message);
+  }
   console.error(`Environment: ${config.server.nodeEnv}`);
   console.error("Search enabled: true (via CrawlForge proxy)");

package/src/cli/commands/init.js CHANGED Viewed

@@ -3,7 +3,7 @@
  */
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'node:fs';
 import { join } from 'node:path';
-import { install } from '../../skills/installer.js';
+import { install, installHook } from '../../skills/installer.js';
 const HOME = process.env.HOME || process.env.USERPROFILE || '';
@@ -61,6 +61,7 @@ export function register(program) {
     .description('Set up CrawlForge: verify API key, install skills, and register the MCP server with your AI clients')
     .option('--all', 'Install skills to all targets and register all detected client configs')
     .option('--client <name>', 'Target client to register: claude-code, claude-desktop, or cursor')
+    .option('--with-hook', 'Add an opt-in UserPromptSubmit reminder to boost skill auto-activation')
     .option('--yes', 'Non-interactive — assume yes to all prompts')
     .action(async (opts) => {
       const out = (msg) => process.stderr.write(msg + '\n');
@@ -80,7 +81,7 @@ export function register(program) {
       try {
         const results = await install({ target: skillTarget, force: false, cwd: process.cwd() });
         if (results.installed.length > 0) {
-          out('Skills installed: ' + results.installed.length + ' file(s)');
+          out('Skills installed: ' + results.installed.length + ' skill(s)');
         } else {
           out('Skills: already up to date (use crawlforge install-skills --force to overwrite)');
         }
@@ -88,6 +89,16 @@ export function register(program) {
         out('Warning: skill install failed — ' + err.message);
       }
+      // 2b. Optional forced-eval hook (opt-in)
+      if (opts.withHook) {
+        try {
+          const hook = installHook();
+          out(hook.added ? 'Forced-eval hook added: ' + hook.path : 'Forced-eval hook already present');
+        } catch (err) {
+          out('Warning: could not add forced-eval hook — ' + err.message);
+        }
+      }
       // 3. MCP stanza merge
       const clientFilter = opts.client || (opts.all ? undefined : 'claude-code');
       const targets = resolveClientPaths(clientFilter);

package/src/cli/commands/install-skills.js CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * install-skills command -- install CrawlForge skill files into AI coding tools.
  */
-import { install } from '../../skills/installer.js';
+import { install, installHook } from '../../skills/installer.js';
 export function register(program) {
   program
@@ -10,6 +10,7 @@ export function register(program) {
     .option('--target <target>', 'Target: claude-code, cursor, vscode, or all', 'all')
     .option('--force', 'Overwrite existing skill files')
     .option('--dry-run', 'Show what would be installed without writing files')
+    .option('--with-hook', 'Also add an opt-in UserPromptSubmit reminder to boost skill auto-activation')
     .action(async (opts) => {
       try {
         const results = await install({
@@ -19,6 +20,14 @@ export function register(program) {
           cwd: process.cwd()
         });
+        if (opts.withHook && !opts.dryRun) {
+          const hook = installHook();
+          process.stdout.write(
+            (hook.added ? 'Added forced-eval hook: ' : 'Forced-eval hook already present: ') +
+            hook.path + '\n'
+          );
+        }
         if (opts.dryRun) {
           process.stdout.write('Dry run -- would install to:\n');
           results.paths.forEach(p => process.stdout.write('  ' + p + '\n'));

package/src/cli/commands/monitor.js CHANGED Viewed

@@ -46,4 +46,85 @@ export function register(program) {
       // monitor runs continuously — do not auto-exit after the first result.
       await runTool(wrapperTool, params, cliFlags, { exitOnSuccess: false });
     });
+  // ── Scheduled monitors (persisted; fire in-process while the server runs, or
+  //    via `monitor:run-due` from system cron for guaranteed firing) ──────────
+  const emit = (obj) => process.stdout.write(JSON.stringify(obj, null, 2) + '\n');
+  program
+    .command('monitor:create <url>')
+    .description('Create a persisted scheduled monitor (optionally with a plain-English alert goal)')
+    .option('--every <seconds>', 'Polling interval in seconds', '3600')
+    .option('--goal <text>', 'Plain-English alert goal (LLM-judged; degrades to threshold if no LLM)')
+    .option('--webhook <url>', 'Webhook URL to notify on meaningful changes')
+    .option('--threshold <level>', 'Notification threshold: minor|moderate|major|critical', 'moderate')
+    .option('--cron <expr>', 'Optional cron expression (advanced)')
+    .option('--selector <css>', 'CSS selector to scope monitoring')
+    .action(async (url, opts) => {
+      const tool = new TrackChangesTool(getToolConfig('track_changes'));
+      try {
+        const res = await tool.execute({
+          url,
+          operation: 'create_scheduled_monitor',
+          ...(opts.selector ? { trackingOptions: { customSelectors: [opts.selector] } } : {}),
+          ...(opts.webhook ? { notificationOptions: { webhook: { enabled: true, url: opts.webhook } } } : {}),
+          scheduledMonitorOptions: {
+            interval: Math.max(parseInt(opts.every, 10), 60) * 1000,
+            ...(opts.goal ? { goal: opts.goal } : {}),
+            ...(opts.cron ? { schedule: opts.cron } : {}),
+            notificationThreshold: opts.threshold
+          }
+        });
+        emit(res);
+        process.exit(res.success ? 0 : 1);
+      } catch (err) {
+        process.stderr.write('Error: ' + err.message + '\n');
+        process.exit(1);
+      }
+    });
+  program
+    .command('monitor:list')
+    .description('List persisted scheduled monitors')
+    .action(async () => {
+      const tool = new TrackChangesTool(getToolConfig('track_changes'));
+      try {
+        emit(await tool.execute({ operation: 'list_scheduled_monitors' }));
+        process.exit(0);
+      } catch (err) {
+        process.stderr.write('Error: ' + err.message + '\n');
+        process.exit(1);
+      }
+    });
+  program
+    .command('monitor:stop <id>')
+    .description('Stop and remove a scheduled monitor by id')
+    .action(async (id) => {
+      const tool = new TrackChangesTool(getToolConfig('track_changes'));
+      try {
+        const res = await tool.execute({ operation: 'stop_scheduled_monitor', scheduledMonitorOptions: { monitorId: id } });
+        emit(res);
+        process.exit(res.success ? 0 : 1);
+      } catch (err) {
+        process.stderr.write('Error: ' + err.message + '\n');
+        process.exit(1);
+      }
+    });
+  program
+    .command('monitor:run-due')
+    .description('Fire every due scheduled monitor once and exit (wire into system cron for guaranteed firing)')
+    .action(async () => {
+      const tool = new TrackChangesTool(getToolConfig('track_changes'));
+      try {
+        const res = await tool.runDueOnce();
+        emit({ success: true, ...res });
+        process.exit(0);
+      } catch (err) {
+        process.stderr.write('Error: ' + err.message + '\n');
+        process.exit(1);
+      }
+    });
 }

package/src/cli/commands/uninstall-skills.js CHANGED Viewed

@@ -1,13 +1,14 @@
 /**
  * uninstall-skills command -- remove CrawlForge skill files.
  */
-import { uninstall } from '../../skills/installer.js';
+import { uninstall, uninstallHook } from '../../skills/installer.js';
 export function register(program) {
   program
     .command('uninstall-skills')
     .description('Remove CrawlForge skill files from Claude Code, Cursor, or VS Code')
     .option('--target <target>', 'Target: claude-code, cursor, vscode, or all', 'all')
+    .option('--remove-hook', 'Also remove the opt-in UserPromptSubmit reminder hook')
     .action(async (opts) => {
       try {
         const results = await uninstall({
@@ -15,6 +16,14 @@ export function register(program) {
           cwd: process.cwd()
         });
+        if (opts.removeHook) {
+          const hook = uninstallHook();
+          process.stdout.write(
+            (hook.removed ? 'Removed forced-eval hook: ' : 'No forced-eval hook found: ') +
+            hook.path + '\n'
+          );
+        }
         if (results.removed.length > 0) {
           process.stdout.write('Removed:\n');
           results.removed.forEach(p => process.stdout.write('  ' + p + '\n'));

package/src/core/ActionExecutor.js CHANGED Viewed

@@ -6,6 +6,12 @@
 import { z } from 'zod';
 import BrowserProcessor from './processing/BrowserProcessor.js';
 import { EventEmitter } from 'events';
+import { createHash } from 'node:crypto';
+// executeJavaScript hardening limits (only relevant when the deploy-time flag
+// ALLOW_JAVASCRIPT_EXECUTION=true is set; JS execution stays off by default).
+const JS_MAX_SCRIPT_LENGTH = parseInt(process.env.JS_MAX_SCRIPT_LENGTH || '10000', 10);
+const JS_EXECUTION_TIMEOUT_MS = parseInt(process.env.JS_EXECUTION_TIMEOUT_MS || '5000', 10);
 // Action schemas
 const BaseActionSchema = z.object({
@@ -715,17 +721,53 @@ export class ActionExecutor extends EventEmitter {
       );
     }
-    // Log security warning when JS execution is enabled
-    console.warn('⚠️  SECURITY WARNING: JavaScript execution is enabled. This allows arbitrary code execution!');
-    const result = await page.evaluate(
-      new Function('...args', action.script),
-      ...action.args
+    const script = typeof action.script === 'string' ? action.script : '';
+    const args = Array.isArray(action.args) ? action.args : [];
+    // Defense-in-depth: bound script size before evaluating.
+    if (script.length > JS_MAX_SCRIPT_LENGTH) {
+      throw new Error(
+        `JavaScript execution rejected: script length ${script.length} exceeds limit of ${JS_MAX_SCRIPT_LENGTH} ` +
+        `(set JS_MAX_SCRIPT_LENGTH to raise it).`
+      );
+    }
+    // Structured audit log to stderr (stdout is reserved for the MCP JSON-RPC stream).
+    const scriptHash = createHash('sha256').update(script).digest('hex').slice(0, 16);
+    let targetUrl = 'unknown';
+    try { targetUrl = page.url(); } catch { /* page may be closed */ }
+    console.warn(
+      '[security] executeJavaScript ' + JSON.stringify({
+        ts: new Date().toISOString(),
+        url: targetUrl,
+        scriptSha256: scriptHash,
+        scriptLength: script.length,
+        argCount: args.length
+      })
     );
+    // Bound execution time independent of the generic per-action timeout.
+    let timer;
+    const timeout = new Promise((_, reject) => {
+      timer = setTimeout(
+        () => reject(new Error(`JavaScript execution timed out after ${JS_EXECUTION_TIMEOUT_MS}ms`)),
+        JS_EXECUTION_TIMEOUT_MS
+      );
+    });
+    let result;
+    try {
+      result = await Promise.race([
+        page.evaluate(new Function('...args', script), ...args),
+        timeout
+      ]);
+    } finally {
+      clearTimeout(timer);
+    }
     return {
-      script: action.script,
-      args: action.args,
+      script,
+      args,
       result: action.returnResult ? result : undefined
     };
   }

package/src/core/ElicitationHelper.js CHANGED Viewed

@@ -24,7 +24,16 @@ export class ElicitationHelper {
    * @returns {boolean}
    */
   get supported() {
-    return !!(this._mcpServer?.server?.elicit);
+    const server = this._mcpServer?.server;
+    // The MCP SDK exposes elicitation via Server.elicitInput(); it is only
+    // usable when the connected CLIENT advertised the `elicitation` capability.
+    if (typeof server?.elicitInput !== 'function') return false;
+    try {
+      const caps = server.getClientCapabilities?.();
+      return !!caps?.elicitation;
+    } catch {
+      return false;
+    }
   }
   /**
@@ -48,7 +57,7 @@ export class ElicitationHelper {
         .join('\n');
       const fullMessage = detailLines ? `${message}\n\n${detailLines}` : message;
-      const result = await this._mcpServer.server.elicit({
+      const result = await this._mcpServer.server.elicitInput({
         message: fullMessage,
         requestedSchema: {
           type: 'object',
@@ -63,7 +72,8 @@ export class ElicitationHelper {
         },
       });
-      return result?.content?.confirmed === true;
+      // Only an explicit accept + confirmed=true proceeds; decline/cancel = stop.
+      return result?.action === 'accept' && result?.content?.confirmed === true;
     } catch (err) {
       this._logger.warn('Elicitation request failed — proceeding without confirmation', { error: err.message });
       return true; // fail-open
@@ -87,7 +97,7 @@ export class ElicitationHelper {
     }
     try {
-      const result = await this._mcpServer.server.elicit({
+      const result = await this._mcpServer.server.elicitInput({
         message,
         requestedSchema: {
           type: 'object',
@@ -103,7 +113,10 @@ export class ElicitationHelper {
         },
       });
-      return result?.content?.[fieldName] || defaultValue || null;
+      if (result?.action === 'accept' && result?.content?.[fieldName] != null) {
+        return result.content[fieldName];
+      }
+      return defaultValue || null;
     } catch (err) {
       this._logger.warn('Elicitation request failed', { error: err.message });
       return defaultValue || null;

package/src/core/LLMsTxtAnalyzer.js CHANGED Viewed

@@ -4,6 +4,7 @@ import { MapSiteTool } from '../tools/crawl/mapSite.js';
 import { CrawlDeepTool } from '../tools/crawl/crawlDeep.js';
 import { normalizeUrl, getBaseUrl } from '../utils/urlNormalizer.js';
 import { Logger } from '../utils/Logger.js';
+import { safeFetch } from '../utils/ssrfGuard.js';
 const logger = new Logger('LLMsTxtAnalyzer');
@@ -442,7 +443,7 @@ export class LLMsTxtAnalyzer {
     const timeoutId = setTimeout(() => controller.abort(), timeout);
     try {
-      const response = await fetch(url, {
+      const response = await safeFetch(url, {
         signal: controller.signal,
         headers: {
           'User-Agent': this.options.userAgent