npm - granclaw - Versions diffs - 0.0.1-beta.35 → 0.0.1-beta.37 - Mend

granclaw 0.0.1-beta.35 → 0.0.1-beta.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/backend/browser/stealth.js +40 -29
package/dist/backend/orchestrator/server.js +1 -1
package/package.json +2 -1

package/dist/backend/browser/stealth.js CHANGED Viewed

@@ -6,17 +6,19 @@
  *
  *   stealthArgv() returns an argv fragment for the `agent-browser` boot command:
  *
- *   --args --load-extension=<dir>
- *     Loads the GranClaw stealth MV3 extension. The extension content script
- *     runs at document_start in world=MAIN — before any page JS — patching
- *     navigator.webdriver, UA, plugins, WebGL, canvas, audio, and more.
- *     Works in Chrome 112+ new headless mode without a display (no Xvfb needed).
+ *   --extension <dir>
+ *     Loads the GranClaw stealth MV3 extension (repeatable). The extension
+ *     content script runs at document_start in world=MAIN — before any page
+ *     JS — patching navigator.webdriver, UA, plugins, WebGL, canvas, audio.
+ *     MUST use --extension (not --args --load-extension=…): agent-browser's
+ *     --args flag is NOT repeatable and silently drops all but the LAST value,
+ *     which is how the stealth extension was leaking in production.
  *
- *   --args --enable-extensions
- *     Required to activate extension loading in headless mode.
- *
- *   --args --disable-blink-features=AutomationControlled
- *     Removes navigator.webdriver = true at the Chrome level, the #1 signal.
+ *   --args "--disable-blink-features=AutomationControlled,--headless=new,…"
+ *     ALL chromium flags must live inside a SINGLE --args value, comma-joined.
+ *     agent-browser collapses repeated --args to the last one and splits each
+ *     value on commas before forwarding to Chrome. --headless=new is required
+ *     here because agent-browser does not auto-add it when --extension is set.
  *
  *   --executable-path <path>
  *     Uses real installed Chrome/Chromium instead of Playwright's bundled
@@ -198,26 +200,40 @@ function detectChromeUA() {
 function stealthArgv(options = {}) {
     if (process.env.GRANCLAW_STEALTH_DISABLED === '1')
         return [];
-    const argv = [
-        '--args', '--disable-blink-features=AutomationControlled',
-        '--args', '--enable-extensions',
-        // Enable the V8 heap memory API (performance.memory) — disabled by default in headless.
-        '--args', '--enable-precise-memory-info',
+    const argv = [];
+    // All Chromium command-line switches MUST live inside a single --args value.
+    // agent-browser's --args flag is NOT repeatable: only the LAST value survives,
+    // and that value is comma-split before being forwarded to Chrome. Emitting
+    // several --args flags was how every stealth switch except the last silently
+    // vanished in production, leaving navigator.webdriver detectable.
+    const chromeFlags = [
+        '--disable-blink-features=AutomationControlled',
+        // V8 heap memory API (performance.memory) — disabled by default in headless.
+        '--enable-precise-memory-info',
     ];
-    // Override the UA using agent-browser's dedicated --user-agent flag (not via
-    // --args). navigator.userAgent in Chrome 120+ has a non-configurable prototype
+    // agent-browser does not auto-add --headless=new once --extension is set,
+    // so headless contexts must request it explicitly. Headed previews must NOT
+    // include it (the orchestrator also passes --headed and Chrome refuses both).
+    if (options.headless !== false) {
+        chromeFlags.push('--headless=new');
+    }
+    argv.push('--args', chromeFlags.join(','));
+    // Override the UA using agent-browser's dedicated --user-agent flag.
+    // navigator.userAgent in Chrome 120+ has a non-configurable prototype
     // property that JS Object.defineProperty cannot patch, so the only reliable
-    // fix is to set it at the browser level. We use the top-level flag rather than
-    // --args because --args values are comma-separated and a UA string contains
+    // fix is to set it at the browser level. We use the top-level flag rather
+    // than --args because --args values are comma-split and a UA string contains
     // commas/spaces that would be mis-parsed.
     const ua = detectChromeUA();
     if (ua) {
         argv.push('--user-agent', ua);
     }
-    // Build extension list: stealth + optional CapMonster
-    const extDirs = [];
-    if (exports.STEALTH_EXTENSION_DIR)
-        extDirs.push(exports.STEALTH_EXTENSION_DIR);
+    // Extensions go through agent-browser's dedicated (repeatable) --extension
+    // flag — NOT via --args --load-extension=… which is silently dropped by the
+    // single-value --args collapse described above.
+    if (exports.STEALTH_EXTENSION_DIR) {
+        argv.push('--extension', exports.STEALTH_EXTENSION_DIR);
+    }
     const capmonsterKey = options.capmonsterKey
         || process.env.CAPMONSTER_KEY
         || process.env.CAPMONSTER_API_KEY;
@@ -225,12 +241,7 @@ function stealthArgv(options = {}) {
     if (capmonsterKey && capmonsterEnabled) {
         const capmonsterDir = capmonsterExtensionDir(capmonsterKey);
         if (capmonsterDir)
-            extDirs.push(capmonsterDir);
-    }
-    if (extDirs.length > 0) {
-        const extList = extDirs.join(',');
-        argv.push('--args', `--load-extension=${extList}`);
-        argv.push('--args', `--disable-extensions-except=${extList}`);
+            argv.push('--extension', capmonsterDir);
     }
     const chrome = detectChromePath();
     if (chrome) {

package/dist/backend/orchestrator/server.js CHANGED Viewed

@@ -1397,7 +1397,7 @@ function createServer() {
                 '--session', req.params.id,
                 '--headed',
                 '--profile', profileDir,
-                ...(0, stealth_js_1.stealthArgv)(),
+                ...(0, stealth_js_1.stealthArgv)({ headless: false }),
                 'open', url,
             ];
             execFileSync('agent-browser', argv, {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "granclaw",
-  "version": "0.0.1-beta.35",
+  "version": "0.0.1-beta.37",
   "description": "A personal AI assistant you run on your own machine.",
   "license": "MIT",
   "repository": {
@@ -43,6 +43,7 @@
     "express": "^4.19.2",
     "node-html-markdown": "^2.0.0",
     "posthog-node": "^5.29.2",
+    "telegramify-markdown": "^1.3.3",
     "undici": "^7.0.0",
     "ws": "^8.17.1"
   },