granclaw 0.0.1-beta.55 → 0.0.1-beta.56

package/dist/backend/agent/captcha-detect.js

@@ -4,22 +4,19 @@
  *
  * A stringified IIFE we ship to `agent-browser eval` to decide whether the
  * currently-open page is blocked behind some kind of bot/captcha wall. The
- * runner polls this snippet after every navigation command so CapMonster and
- * the stealth extension have a chance to clear the challenge before the
- * agent starts reading the page.
+ * runner polls this snippet after every navigation command so the stealth
+ * extension has a chance to clear Cloudflare interstitials before the agent
+ * starts reading the page.
  *
- * It covers:
- *   - Cloudflare JS interstitials ("Just a moment...", "Checking your browser…",
- *     "Attention Required"), including the common localised titles.
- *   - Cloudflare managed-challenge DOM markers (#challenge-stage,
- *     #challenge-running, .cf-browser-verification, .cf-im-under-attack).
- *   - The classic widget iframes: reCaptcha, hCaptcha, Cloudflare Turnstile,
- *     DataDome, Arkose/FunCaptcha.
- *   - Inline widgets: .g-recaptcha, .h-captcha, [class*="captcha"].
- *   - PerimeterX / HUMAN bot check: #px-captcha.
+ * Returns one of three values:
+ *   'interstitial' — Cloudflare JS challenge ("Just a moment..."). The stealth
+ *                    extension can clear these; the runner should poll and wait.
+ *   'captcha'      — An actual captcha widget (reCAPTCHA, hCaptcha, Turnstile,
+ *                    etc.) that requires human intervention. The runner should
+ *                    request a takeover immediately.
+ *   'clear'        — No challenge detected.
  *
- * IMPORTANT: this runs as a string inside Chrome, NOT in Node. No ES features
- * newer than the detector's tested Chrome baseline, no TypeScript. Keep it
+ * IMPORTANT: this runs as a string inside Chrome, NOT in Node. Keep it
  * ES5-flavoured so it stays safe if the agent-browser build ever targets an
  * older chromium.
  */
@@ -27,21 +24,32 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.CAPTCHA_DETECT_JS = void 0;
 exports.CAPTCHA_DETECT_JS = `(function() {
   var title = (document.title || '').toLowerCase();
-  var titlePatterns = [
+
+  // Cloudflare JS interstitials — the stealth extension can clear these.
+  var cfTitlePatterns = [
     'just a moment',           // Cloudflare interstitial (EN)
     'un momento',              // CF Spanish
     'un instant',              // CF French
     'einen moment',            // CF German
     'checking your browser',   // CF older / generic anti-bot
-    'attention required',      // CF WAF block page
     'please wait',             // generic "please wait while we check"
   ];
-  for (var i = 0; i < titlePatterns.length; i++) {
-    if (title.indexOf(titlePatterns[i]) !== -1) return 'captcha';
+  var cfSelectors = [
+    '#challenge-stage',
+    '#challenge-running',
+    '#cf-challenge-running',
+    '.cf-browser-verification',
+    '.cf-im-under-attack',
+  ];
+  for (var i = 0; i < cfTitlePatterns.length; i++) {
+    if (title.indexOf(cfTitlePatterns[i]) !== -1) return 'interstitial';
+  }
+  for (var j = 0; j < cfSelectors.length; j++) {
+    if (document.querySelector(cfSelectors[j])) return 'interstitial';
   }
 
-  var selectors = [
-    // Widget iframes
+  // Actual captcha widgets — need human intervention.
+  var captchaSelectors = [
     'iframe[src*="captcha-delivery"]',        // DataDome
     'iframe[src*="geo.captcha"]',             // DataDome geo
     'iframe[src*="recaptcha"]',               // reCaptcha v2/v3
@@ -49,21 +57,15 @@ exports.CAPTCHA_DETECT_JS = `(function() {
     'iframe[src*="challenges.cloudflare"]',   // Cloudflare Turnstile
     'iframe[src*="arkoselabs"]',              // Arkose FunCaptcha
     'iframe[src*="funcaptcha"]',
-    // Inline widgets
     '.g-recaptcha',
     '.h-captcha',
     '[class*="captcha"]',
-    // Cloudflare interstitial / managed challenge
-    '#challenge-stage',
-    '#challenge-running',
-    '#cf-challenge-running',
-    '.cf-browser-verification',
-    '.cf-im-under-attack',
-    // PerimeterX / HUMAN
-    '#px-captcha',
+    '#px-captcha',                            // PerimeterX / HUMAN
   ];
-  for (var j = 0; j < selectors.length; j++) {
-    if (document.querySelector(selectors[j])) return 'captcha';
+  // "Attention Required" is a CF WAF block — not a JS interstitial, needs human.
+  if (title.indexOf('attention required') !== -1) return 'captcha';
+  for (var k = 0; k < captchaSelectors.length; k++) {
+    if (document.querySelector(captchaSelectors[k])) return 'captcha';
   }
   return 'clear';
 })()`;

package/dist/backend/agent/runner-pi.js

@@ -29,17 +29,6 @@ const child_process_1 = require("child_process");
 const util_1 = require("util");
 const node_html_markdown_1 = require("node-html-markdown");
 const undici_1 = require("undici");
-// Cache ProxyAgent instances by URL so the same connection pool (and exit IP)
-// is reused across all fetch_website calls for the same proxy.
-const proxyAgentCache = new Map();
-function getProxyAgent(proxyUrl) {
-    let agent = proxyAgentCache.get(proxyUrl);
-    if (!agent) {
-        agent = new undici_1.ProxyAgent(proxyUrl);
-        proxyAgentCache.set(proxyUrl, agent);
-    }
-    return agent;
-}
 const os_1 = require("os");
 const crypto_1 = require("crypto");
 const takeover_state_js_1 = require("../takeover-state.js");
@@ -337,37 +326,6 @@ function getLanIp() {
     }
     return 'localhost';
 }
-/**
- * Stable hash of an agent ID string → non-negative integer.
- * Used so proxy assignment is deterministic by agent ID, not config order.
- */
-function hashAgentId(id) {
-    let h = 0;
-    for (const c of id)
-        h = (Math.imul(31, h) + c.charCodeAt(0)) | 0;
-    return Math.abs(h);
-}
-/**
- * Resolve the proxy for an agent.
- * Priority: agent.proxy config → GRANCLAW_PROXY_LIST (stable hash by agent ID) → undefined.
- * Hash-based assignment means the same agent always gets the same proxy even if
- * agents.config.json is reordered or new agents are added — so the Chrome daemon
- * always restarts on the same IP.
- * Only applies when GRANCLAW_PROXY_ENABLE=true or agent.proxy is explicitly set.
- */
-function resolveAgentProxy(agentId, configProxy) {
-    if (configProxy)
-        return configProxy;
-    if (process.env.GRANCLAW_PROXY_ENABLE !== 'true')
-        return undefined;
-    const proxyList = process.env.GRANCLAW_PROXY_LIST;
-    if (!proxyList)
-        return undefined;
-    const proxies = proxyList.split(',').map(p => p.trim()).filter(Boolean);
-    if (proxies.length === 0)
-        return undefined;
-    return proxies[hashAgentId(agentId) % proxies.length];
-}
 async function runAgent(agent, message, onChunk, options) {
     const workspaceDir = path_1.default.resolve(config_js_1.REPO_ROOT, agent.workspaceDir);
     const channelId = options?.channelId ?? 'ui';
@@ -752,38 +710,43 @@ async function runAgent(agent, message, onChunk, options) {
         // Privileged commands (record, close, tab close for session 0,
         // session management) are rejected — the runtime owns those.
         /**
-         * After a navigation command, check whether the page is blocked by any
-         * bot/captcha wall (widget captcha OR Cloudflare-style JS interstitial)
-         * and poll until CapMonster + the stealth extension have cleared it.
+         * After a navigation command, check whether the page is blocked.
          *
-         * Budget is 45s — Cloudflare's "Just a moment..." managed challenge often
-         * takes 15–20s on a cold datacenter IP, and CapMonster-solved widgets can
-         * take another pass, so shorter deadlines were causing real unblocks to
-         * be reported as "unsolved" (regression verified on mariados 2026-04-15).
-         *
-         * Returns 'clear' (no captcha / solved), 'unsolved' (still blocked after timeout).
+         * 'interstitial' → Cloudflare JS challenge; stealth can clear it, poll up to 45s.
+         * 'captcha'       → Actual captcha widget; no auto-solver, request takeover immediately.
+         * 'clear'         → No challenge detected.
          */
         async function waitForCaptchaResolution(bin, sessionId) {
             const evalArgv = (id) => ['--session', id, 'eval', captcha_detect_js_1.CAPTCHA_DETECT_JS];
             const check = async () => {
                 try {
                     const { stdout } = await execFileAsync(bin, evalArgv(sessionId), { timeout: 8_000 });
-                    return stdout.includes('"captcha"') || stdout.includes("'captcha'") || stdout.trim() === 'captcha';
+                    const out = stdout.trim();
+                    if (out.includes('captcha'))
+                        return 'captcha';
+                    if (out.includes('interstitial'))
+                        return 'interstitial';
+                    return 'clear';
                 }
                 catch {
-                    return false;
+                    return 'clear';
                 }
             };
-            // Initial check — short delay to let page settle
             await new Promise(r => setTimeout(r, 1500));
-            if (!await check())
+            const initial = await check();
+            if (initial === 'clear')
                 return 'clear';
-            // Challenge detected — poll every 2s until the page clears or 45s elapses.
+            if (initial === 'captcha')
+                return 'captcha';
+            // Cloudflare interstitial — poll every 2s until cleared or 45s elapses.
             const deadline = Date.now() + 45_000;
             while (Date.now() < deadline) {
                 await new Promise(r => setTimeout(r, 2_000));
-                if (!await check())
+                const result = await check();
+                if (result === 'clear')
                     return 'clear';
+                if (result === 'captcha')
+                    return 'captcha';
             }
             return 'unsolved';
         }
@@ -817,7 +780,7 @@ async function runAgent(agent, message, onChunk, options) {
                     'Do not call `record start`, `record stop`, `close`, or `session` — the runtime manages those.',
                     'You do not need to screenshot for audit — the whole session is recorded as video automatically.',
                     'Saved logins persist automatically when the user has set up a profile via the dashboard Browser view.',
-                    'CAPTCHA & Cloudflare handling: the browser ships an automatic CapMonster extension plus a stealth extension. After `open` or `reload` the runtime automatically polls for up to ~45 seconds while any captcha widget OR Cloudflare JS interstitial ("Just a moment...", "Checking your browser…", "Attention Required") clears — do NOT bail out early, do NOT call request_human_browser_takeover just because the first snapshot shows the interstitial. If, after your tool call returns, the response still contains the "CAPTCHA detected and not auto-solved" warning, THEN call request_human_browser_takeover.',
+                    'CAPTCHA & Cloudflare handling: the browser ships a stealth extension that handles Cloudflare JS interstitials ("Just a moment…") automatically (waits up to ~45s). If an actual CAPTCHA widget is detected (reCAPTCHA, hCaptcha, Turnstile, etc.), the runtime returns immediately with a warning — call request_human_browser_takeover right away.',
                     'Examples: {"command":"open","args":["https://example.com"]}, {"command":"click","args":["--ref","e12"]}, {"command":"fill","args":["--ref","e5","Alice"]}',
                 ],
                 parameters: {
@@ -870,11 +833,7 @@ async function runAgent(agent, message, onChunk, options) {
                     if (fs_1.default.existsSync(profileDir)) {
                         argv.push('--profile', profileDir);
                     }
-                    const stealthOpts = {
-                        proxy: resolveAgentProxy(agent.id, agent.proxy),
-                        capmonsterKey: agent.capmonsterKey,
-                    };
-                    argv.push(...(0, stealth_js_1.stealthArgv)(stealthOpts));
+                    argv.push(...(0, stealth_js_1.stealthArgv)());
                     argv.push(command, ...args);
                     try {
                         const { stdout, stderr } = await execFileAsync(agentBrowserBin, argv, {
@@ -884,15 +843,22 @@ async function runAgent(agent, message, onChunk, options) {
                         });
                         (0, session_manager_js_1.appendCommand)(browserState.handle, `${command} ${args.join(' ')}`.trim());
                         const out = stdout.trim() || stderr.trim() || 'ok';
-                        // After navigation, check for CAPTCHA and wait up to 30s for the
-                        // CapMonster extension to auto-solve it before returning to the agent.
                         if (command === 'open' || command === 'reload') {
                             const captchaResult = await waitForCaptchaResolution(agentBrowserBin, agent.id);
+                            if (captchaResult === 'captcha') {
+                                return {
+                                    content: [{
+                                            type: 'text',
+                                            text: out + '\n\n⚠️ CAPTCHA detected. ' +
+                                                'Use request_human_browser_takeover to let the user solve it, or try a different URL.',
+                                        }],
+                                };
+                            }
                             if (captchaResult === 'unsolved') {
                                 return {
                                     content: [{
                                             type: 'text',
-                                            text: out + '\n\n⚠️ CAPTCHA detected and not auto-solved after 45s. ' +
+                                            text: out + '\n\n⚠️ Cloudflare interstitial not cleared after 45s. ' +
                                                 'Use request_human_browser_takeover to let the user solve it, or try a different URL.',
                                         }],
                                 };
@@ -1140,9 +1106,7 @@ async function runAgent(agent, message, onChunk, options) {
                             return { content: [{ type: 'text', text: `fetch_website (unblocker) error: ${err instanceof Error ? err.message : String(err)}` }] };
                         }
                     }
-                    // Plain HTTP fetch — route through proxy if configured
                     try {
-                        const agentProxy = resolveAgentProxy(agent.id, agent.proxy);
                         const fetchOpts = {
                             headers: {
                                 'User-Agent': 'Mozilla/5.0 (compatible; GranClaw/1.0; +https://granclaw.com)',
@@ -1150,7 +1114,6 @@ async function runAgent(agent, message, onChunk, options) {
                             },
                             signal: AbortSignal.timeout(60_000),
                             redirect: 'follow',
-                            ...(agentProxy ? { dispatcher: getProxyAgent(agentProxy) } : {}),
                         };
                         const res = await (0, undici_1.fetch)(params.url, fetchOpts);
                         if (!res.ok) {

package/dist/backend/browser/stealth.js

@@ -33,11 +33,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.STEALTH_EXTENSION_DIR = void 0;
-exports.capmonsterExtensionDir = capmonsterExtensionDir;
 exports.stealthArgv = stealthArgv;
 exports.__resetStealthCacheForTests = __resetStealthCacheForTests;
 const fs_1 = __importDefault(require("fs"));
-const os_1 = __importDefault(require("os"));
 const path_1 = __importDefault(require("path"));
 const child_process_1 = require("child_process");
 // ── Extension dir ─────────────────────────────────────────────────────────────
@@ -59,55 +57,6 @@ function resolveExtensionDir() {
     return null;
 }
 exports.STEALTH_EXTENSION_DIR = resolveExtensionDir();
-// ── CapMonster extension ──────────────────────────────────────────────────────
-/**
- * Resolve the CapMonster extension directory (bundled in assets).
- * Returns null if not found.
- */
-function resolveCapmonsterExtensionDir() {
-    const candidates = [
-        path_1.default.resolve(__dirname, '../../assets/capmonster-extension'),
-        path_1.default.resolve(__dirname, '../assets/capmonster-extension'),
-    ];
-    for (const candidate of candidates) {
-        if (fs_1.default.existsSync(path_1.default.join(candidate, 'manifest.json')))
-            return candidate;
-    }
-    return null;
-}
-const CAPMONSTER_BASE_DIR = resolveCapmonsterExtensionDir();
-/**
- * Return a CapMonster extension directory pre-configured with the given API key.
- * Writes a patched copy to os.tmpdir() so the base assets stay clean.
- * Result is cached per process — re-patched only if the key changes.
- */
-let _patchedCapmonsterDir = null;
-let _patchedCapmonsterKey = null;
-function capmonsterExtensionDir(apiKey) {
-    if (!CAPMONSTER_BASE_DIR)
-        return null;
-    if (_patchedCapmonsterDir && _patchedCapmonsterKey === apiKey) {
-        return _patchedCapmonsterDir;
-    }
-    try {
-        const dest = path_1.default.join(os_1.default.tmpdir(), 'granclaw-capmonster-ext');
-        // Copy base extension
-        fs_1.default.cpSync(CAPMONSTER_BASE_DIR, dest, { recursive: true });
-        // Patch defaultSettings.json with the API key
-        const settingsPath = path_1.default.join(dest, 'defaultSettings.json');
-        if (fs_1.default.existsSync(settingsPath)) {
-            const settings = JSON.parse(fs_1.default.readFileSync(settingsPath, 'utf-8'));
-            settings.clientKey = apiKey;
-            fs_1.default.writeFileSync(settingsPath, JSON.stringify(settings, null, 2));
-        }
-        _patchedCapmonsterDir = dest;
-        _patchedCapmonsterKey = apiKey;
-        return dest;
-    }
-    catch {
-        return null;
-    }
-}
 // ── Chrome binary detection + UA derivation ───────────────────────────────────
 let cachedChromePath;
 function detectChromePath() {
@@ -234,24 +183,10 @@ function stealthArgv(options = {}) {
     if (exports.STEALTH_EXTENSION_DIR) {
         argv.push('--extension', exports.STEALTH_EXTENSION_DIR);
     }
-    const capmonsterKey = options.capmonsterKey
-        || process.env.CAPMONSTER_KEY
-        || process.env.CAPMONSTER_API_KEY;
-    const capmonsterEnabled = process.env.CAPMONSTER_ENABLED !== 'false';
-    if (capmonsterKey && capmonsterEnabled) {
-        const capmonsterDir = capmonsterExtensionDir(capmonsterKey);
-        if (capmonsterDir)
-            argv.push('--extension', capmonsterDir);
-    }
     const chrome = detectChromePath();
     if (chrome) {
         argv.push('--executable-path', chrome);
     }
-    // Route browser traffic through the agent's proxy if configured
-    const proxy = options.proxy || process.env.GRANCLAW_PROXY;
-    if (proxy) {
-        argv.push('--proxy', proxy);
-    }
     return argv;
 }
 // ── Test helpers ──────────────────────────────────────────────────────────────