pi-agent-browser-native 0.2.42 → 0.2.43

package/extensions/agent-browser/lib/results/presentation/batch.ts

@@ -11,15 +11,18 @@ import type {
 	AgentBrowserNextAction,
 	BatchFailurePresentationDetails,
 	BatchStepPresentationDetails,
+	NetworkRouteDiagnostic,
+	NetworkRouteRecord,
 	SessionArtifactManifest,
 	ToolPresentation,
 } from "../contracts.js";
+import { applyNetworkRouteRecords, buildNetworkRouteDiagnostics } from "../network-routes.js";
 import { withOptionalSessionArgs } from "../next-actions.js";
 import { stringifyModelFacing } from "./common.js";
 import { buildArtifactVerificationSummary, classifyPresentationSuccessCategory, manifestHasNewNoticeWorthyEntries, type ArtifactRequestContext } from "./artifacts.js";
 import { formatBatchStepCommand, getPresentationImages, getPresentationPaths, getPresentationText, isStringArray } from "./content.js";
 import { buildPageChangeSummary } from "./navigation.js";
-import { appendSelectorRecoveryHint } from "./errors.js";
+import { appendSelectorRecoveryHint, getClipboardWritePayloadCandidates, redactClipboardPermissionErrorValue } from "./errors.js";
 
 export interface BuildNestedToolPresentationOptions {
 	artifactManifest?: SessionArtifactManifest;
@@ -28,6 +31,7 @@ export interface BuildNestedToolPresentationOptions {
 	commandInfo: CommandInfo;
 	cwd: string;
 	envelope?: AgentBrowserEnvelope;
+	networkRouteDiagnostics?: NetworkRouteDiagnostic[];
 	persistentArtifactStore?: PersistentSessionArtifactStore;
 	sessionName?: string;
 }
@@ -120,16 +124,19 @@ async function buildBatchStepPresentation(options: {
 	cwd: string;
 	index: number;
 	item: AgentBrowserBatchResult;
+	networkRoutes?: NetworkRouteRecord[];
 	persistentArtifactStore?: PersistentSessionArtifactStore;
 	sessionName?: string;
 }): Promise<{ details: BatchStepPresentationDetails; presentation: ToolPresentation }> {
-	const { artifactManifest, artifactRequest, buildNestedToolPresentation, cwd, index, item, persistentArtifactStore, sessionName } = options;
+	const { artifactManifest, artifactRequest, buildNestedToolPresentation, cwd, index, item, networkRoutes, persistentArtifactStore, sessionName } = options;
 	const command = isStringArray(item.command) ? item.command : undefined;
 	const redactedCommand = command ? redactInvocationArgs(command) : undefined;
 	const commandText = formatBatchStepCommand(hasModelFacingArgRedaction(redactedCommand) ? redactedCommand : command, index);
 
 	if (item.success === false) {
-		const redactedErrorData = redactExactValues(item.error, getStatefulCommandSensitiveValues(command));
+		const redactedErrorData = command?.[0] === "clipboard"
+			? redactSensitiveValue(redactClipboardPermissionErrorValue({ command: "clipboard", subcommand: command[1] }, item.error, getClipboardWritePayloadCandidates(command)))
+			: redactExactValues(item.error, getStatefulCommandSensitiveValues(command));
 		const errorText = formatBatchStepError(redactedErrorData);
 		const failureCategory = classifyAgentBrowserFailureCategory({
 			args: command,
@@ -173,13 +180,18 @@ async function buildBatchStepPresentation(options: {
 		};
 	}
 
+	const commandInfo = parseCommandInfo(command ?? []);
+	const networkRouteDiagnostics = commandInfo.command === "network" && commandInfo.subcommand === "requests"
+		? buildNetworkRouteDiagnostics(item.result, networkRoutes)
+		: undefined;
 	const presentation = await buildNestedToolPresentation({
 		artifactManifest,
 		artifactRequest,
-		commandInfo: parseCommandInfo(command ?? []),
+		commandInfo,
 		cwd,
 		args: command,
 		envelope: { data: item.result, success: true },
+		networkRouteDiagnostics,
 		persistentArtifactStore,
 		sessionName,
 	});
@@ -192,17 +204,19 @@ async function buildBatchStepPresentation(options: {
 		secondaryPaths: presentation.imagePaths,
 	});
 	const text = getPresentationText(presentation) || presentation.summary;
+	const stepSucceeded = presentation.resultCategory !== "failure";
 	const nextActions = presentation.nextActions ?? buildAgentBrowserNextActions({
 		artifacts: presentation.artifacts,
 		args: command,
 		command: command?.[0],
-		resultCategory: "success",
+		failureCategory: presentation.failureCategory,
+		resultCategory: stepSucceeded ? "success" : "failure",
 		savedFilePath: presentation.savedFilePath,
 		successCategory: presentation.successCategory,
 	});
 	const pageChangeSummary = buildPageChangeSummary({
 		artifacts: presentation.artifacts,
-		commandInfo: parseCommandInfo(command ?? []),
+		commandInfo,
 		data: presentation.data,
 		nextActions,
 		savedFilePath: presentation.savedFilePath,
@@ -216,18 +230,20 @@ async function buildBatchStepPresentation(options: {
 			command: redactedCommand,
 			commandText,
 			data: presentation.data,
+			failureCategory: stepSucceeded ? undefined : presentation.failureCategory,
 			fullOutputPath: fullOutputPaths[0],
 			fullOutputPaths: fullOutputPaths.length > 0 ? fullOutputPaths : undefined,
 			imagePath: imagePaths[0],
 			imagePaths: imagePaths.length > 0 ? imagePaths : undefined,
 			index,
+			networkRouteDiagnostics: presentation.networkRouteDiagnostics,
 			nextActions,
 			pageChangeSummary,
-			resultCategory: "success",
+			resultCategory: stepSucceeded ? "success" : "failure",
 			savedFile: presentation.savedFile,
 			savedFilePath: presentation.savedFilePath,
-			success: true,
-			successCategory: classifyPresentationSuccessCategory({ artifactVerification: presentation.artifactVerification, artifacts: presentation.artifacts, savedFile: presentation.savedFile }),
+			success: stepSucceeded,
+			successCategory: stepSucceeded ? classifyPresentationSuccessCategory({ artifactVerification: presentation.artifactVerification, artifacts: presentation.artifacts, savedFile: presentation.savedFile }) : undefined,
 			summary: presentation.summary,
 			text,
 		},
@@ -241,14 +257,16 @@ export async function buildBatchPresentation(options: {
 	buildNestedToolPresentation: BuildNestedToolPresentation;
 	cwd: string;
 	data: AgentBrowserBatchResult[];
+	networkRoutes?: NetworkRouteRecord[];
 	persistentArtifactStore?: PersistentSessionArtifactStore;
 	sessionName?: string;
 	summary: string;
 }): Promise<ToolPresentation> {
-	const { artifactRequests, buildNestedToolPresentation, cwd, data, persistentArtifactStore, sessionName, summary } = options;
+	const { artifactRequests, buildNestedToolPresentation, cwd, data, networkRoutes, persistentArtifactStore, sessionName, summary } = options;
 	const steps: Array<{ details: BatchStepPresentationDetails; presentation: ToolPresentation }> = [];
 	const protectedPersistentPaths: string[] = [];
 	let currentArtifactManifest = options.artifactManifest;
+	let currentNetworkRoutes = networkRoutes;
 	for (const [index, item] of data.entries()) {
 		const step = await buildBatchStepPresentation({
 			artifactManifest: currentArtifactManifest,
@@ -257,11 +275,13 @@ export async function buildBatchPresentation(options: {
 			cwd,
 			index,
 			item,
+			networkRoutes: currentNetworkRoutes,
 			persistentArtifactStore: persistentArtifactStore ? { ...persistentArtifactStore, protectedPaths: protectedPersistentPaths } : undefined,
 			sessionName,
 		});
 		steps.push(step);
 		currentArtifactManifest = step.presentation.artifactManifest ?? currentArtifactManifest;
+		currentNetworkRoutes = applyNetworkRouteRecords(currentNetworkRoutes, isStringArray(item.command) ? extractCommandTokens(item.command) : undefined, item.success !== false && step.details.success);
 		protectedPersistentPaths.push(
 			...getPresentationPaths({
 				primaryPath: step.presentation.fullOutputPath,
@@ -299,10 +319,13 @@ export async function buildBatchPresentation(options: {
 				return lines.join("\n");
 			})
 			.join("\n\n");
+	const batchSummary = batchFailure === undefined
+		? summary
+		: `Batch failed: ${batchFailure.successCount}/${batchFailure.totalCount} succeeded`;
 	const failureHeader = batchFailure === undefined
 		? undefined
 		: [
-			summary,
+			batchSummary,
 			`First failing step: ${batchFailure.failedStep.index + 1} — ${batchFailure.failedStep.commandText}`,
 			batchFailure.failureCount > 1 ? `${batchFailure.failureCount} steps failed. See the per-step results below.` : "See the per-step results below.",
 		].join("\n");
@@ -321,7 +344,7 @@ export async function buildBatchPresentation(options: {
 			commandInfo: { command: "batch" },
 			data,
 			nextActions,
-			summary,
+			summary: batchSummary,
 		})
 		: changedSteps.length > 0
 			? {
@@ -350,6 +373,6 @@ export async function buildBatchPresentation(options: {
 		pageChangeSummary,
 		resultCategory: batchFailure ? "failure" : "success",
 		successCategory: batchFailure ? undefined : classifyPresentationSuccessCategory({ artifactVerification, artifacts }),
-		summary,
+		summary: batchSummary,
 	};
 }

package/extensions/agent-browser/lib/results/presentation/diagnostics.ts

@@ -6,8 +6,8 @@
 
 import { isRecord } from "../../parsing.js";
 import { redactSensitiveText, redactSensitiveValue, type CommandInfo } from "../../runtime.js";
-import type { AgentBrowserNextAction } from "../contracts.js";
-import { classifyNetworkRequestFailure, summarizeNetworkFailures } from "../network.js";
+import type { AgentBrowserNextAction, NetworkRouteDiagnostic } from "../contracts.js";
+import { classifyNetworkRequestFailure, isApiLikeNetworkRequest, summarizeNetworkFailures } from "../network.js";
 import { withOptionalSessionArgs } from "../next-actions.js";
 import { stringifyUnknown, truncateText } from "../text.js";
 import {
@@ -29,10 +29,24 @@ const NETWORK_BODY_PREVIEW_MAX_CHARS = 280;
 
 const NETWORK_ERROR_PREVIEW_MAX_CHARS = 220;
 
-const NETWORK_NEXT_ACTION_LIMIT = 4;
+const NETWORK_NEXT_ACTION_LIMIT = 6;
 
 const NETWORK_FILTER_MAX_CHARS = 160;
 
+const STORAGE_VALUE_PREVIEW_MAX_CHARS = 160;
+
+const STORAGE_SECRET_KEY_PATTERN = /(?:access(?:_|-)?token|account|api(?:_|-)?key|auth(?:orization)?|bearer|client(?:_|-)?secret|cookie|credential|csrf|email|id(?:_|-)?token|jwt|pass(?:word)?|private(?:_|-)?key|profile|refresh(?:_|-)?token|secret|session|sid|sig(?:nature)?|token|user(?:name)?|x(?:_|-)?api(?:_|-)?key|xsrf)/i;
+
+const STORAGE_BENIGN_KEY_PATTERN = /^(?:color(?:scheme)?|debug|dev|experiment|feature(?:flag)?|flag|language|layout|locale|mode|onboarding|sort|tab|theme|timezone|tour|variant|view)$/i;
+
+const STORAGE_TOKEN_VALUE_PATTERN = /(?:\bBearer\s+[A-Za-z0-9._~-]+|\bBasic\s+[A-Za-z0-9+/=]+|^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$|(?=.*[A-Za-z])(?=.*\d)[A-Za-z0-9_~+/=-]{32,})/;
+
+const STORAGE_SECRET_VALUE_WORD_PATTERN = /(?:secret|token|password|passwd|bearer|credential|authorization|cookie|session[-_ ]?id)/i;
+
+const STORAGE_EMAIL_VALUE_PATTERN = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+
+const STORAGE_IDENTITY_VALUE_PATTERN = /(?:^|[\s:=/_-])(?:account|profile|session|sid|user(?:id|name)?)(?:[\s:=/_-]|$)/i;
+
 const NETWORK_FILTER_SENSITIVE_SEGMENT_TERMS = [
 	"apikey",
 	"api-key",
@@ -86,6 +100,15 @@ export function getTabSummary(data: Record<string, unknown>): string | undefined
 }
 
 export function getStreamSummary(data: Record<string, unknown>): string | undefined {
+	if (data.alreadyEnabled === true) {
+		const lines = ["Stream already enabled (idempotent no-op)."];
+		if (typeof data.port === "number") {
+			lines.push(`Port: ${data.port}`);
+			lines.push(`WebSocket URL: ${getStreamWebSocketUrl(data.port)}`);
+		}
+		lines.push("Run stream status for current connection details or stream disable when streaming is no longer needed.");
+		return lines.join("\n");
+	}
 	if (typeof data.enabled !== "boolean" || typeof data.connected !== "boolean") {
 		return undefined;
 	}
@@ -211,6 +234,7 @@ export function formatDiagnosticSummary(commandInfo: CommandInfo, data: Record<s
 
 	if (commandInfo.command === "stream") {
 		if (commandInfo.subcommand === "enable") {
+			if (data.alreadyEnabled === true) return "Stream already enabled";
 			const port = typeof data.port === "number" ? ` on port ${data.port}` : "";
 			return `Stream enabled${port}`;
 		}
@@ -416,14 +440,6 @@ function getNetworkRequestPathFilter(item: Record<string, unknown>): string | un
 	return getSafeNetworkActionValue(filter);
 }
 
-function isApiLikeNetworkRequest(item: Record<string, unknown>): boolean {
-	const method = (getStringField(item, "method") ?? "GET").toUpperCase();
-	const resourceType = (getStringField(item, "resourceType") ?? "").toLowerCase();
-	const mimeType = (getStringField(item, "mimeType") ?? "").toLowerCase();
-	const filter = getNetworkRequestPathFilter(item) ?? "";
-	return resourceType === "fetch" || resourceType === "xhr" || mimeType.includes("json") || /\/(?:api|graphql|rpc)(?:\/|$)/i.test(filter) || !["GET", "HEAD"].includes(method);
-}
-
 function getNetworkRequestActionCandidate(item: Record<string, unknown>): NetworkRequestActionCandidate | undefined {
 	const requestId = getNetworkRequestId(item);
 	if (!requestId) return undefined;
@@ -458,7 +474,41 @@ function getNetworkRequestDetailActionId(candidate: NetworkRequestActionCandidat
 	return "inspect-network-request";
 }
 
-export function buildNetworkRequestsNextActions(data: unknown, sessionName: string | undefined): AgentBrowserNextAction[] | undefined {
+export function formatNetworkRouteDiagnosticsText(diagnostics: NetworkRouteDiagnostic[] | undefined): string | undefined {
+	if (!diagnostics || diagnostics.length === 0) return undefined;
+	const lines = ["Network route diagnostics:"];
+	for (const diagnostic of diagnostics) {
+		const target = diagnostic.requestId ? `[${diagnostic.requestId}] ${diagnostic.requestUrl ?? "request"}` : diagnostic.requestUrl ?? "request";
+		lines.push(`- ${diagnostic.reason}: ${target} matched route ${diagnostic.routePattern} (${diagnostic.mode}).`);
+	}
+	lines.push("If this route is intended as a mock, verify the page origin/CORS headers and inspect the request before assuming the mock fulfilled normally.");
+	return lines.join("\n");
+}
+
+export function buildNetworkRouteDiagnosticsNextActions(diagnostics: NetworkRouteDiagnostic[] | undefined, sessionName: string | undefined): AgentBrowserNextAction[] | undefined {
+	const diagnostic = diagnostics?.find((item) => item.requestId) ?? diagnostics?.[0];
+	if (!diagnostic) return undefined;
+	const actions: AgentBrowserNextAction[] = [];
+	if (diagnostic.requestId) {
+		actions.push({
+			id: "inspect-pending-routed-network-request",
+			params: { args: withOptionalSessionArgs(sessionName, ["network", "request", diagnostic.requestId]) },
+			reason: `Inspect the routed request ${diagnostic.requestId} before assuming the route mock fulfilled normally.`,
+			safety: "Read-only request diagnostic; look for pending state, CORS/preflight errors, response status, and headers.",
+			tool: "agent_browser",
+		});
+	}
+	actions.push({
+		id: "start-network-har-capture-for-route-mock",
+		params: { args: withOptionalSessionArgs(sessionName, ["network", "har", "start"]) },
+		reason: "Capture a HAR before reproducing the route mock so pending/CORS behavior has request and response headers.",
+		safety: "HARs can contain URLs and headers; stop to an explicit path and avoid sharing sensitive captures.",
+		tool: "agent_browser",
+	});
+	return actions;
+}
+
+export function buildNetworkRequestsNextActions(data: unknown, sessionName: string | undefined, routeDiagnostics?: NetworkRouteDiagnostic[]): AgentBrowserNextAction[] | undefined {
 	if (!isRecord(data)) return undefined;
 	const requests = getArrayField(data, "requests");
 	if (!requests) return undefined;
@@ -504,7 +554,27 @@ export function buildNetworkRequestsNextActions(data: unknown, sessionName: stri
 		safety: "HARs can contain URLs and headers; stop to an explicit path, inspect metadata, and avoid sharing sensitive captures.",
 		tool: "agent_browser",
 	});
-	return actions.slice(0, NETWORK_NEXT_ACTION_LIMIT);
+	return [...(buildNetworkRouteDiagnosticsNextActions(routeDiagnostics, sessionName) ?? []), ...actions].slice(0, NETWORK_NEXT_ACTION_LIMIT);
+}
+
+export function buildStreamNextActions(commandInfo: CommandInfo, data: unknown, sessionName: string | undefined): AgentBrowserNextAction[] | undefined {
+	if (commandInfo.command !== "stream" || commandInfo.subcommand !== "enable" || !isRecord(data) || data.alreadyEnabled !== true) return undefined;
+	return [
+		{
+			id: "check-stream-status-after-noop",
+			params: { args: withOptionalSessionArgs(sessionName, ["stream", "status"]) },
+			reason: "Read current stream port and connection details after the idempotent enable no-op.",
+			safety: "Read-only stream diagnostic.",
+			tool: "agent_browser",
+		},
+		{
+			id: "disable-existing-stream-when-done",
+			params: { args: withOptionalSessionArgs(sessionName, ["stream", "disable"]) },
+			reason: "Disable the existing stream when it is no longer needed.",
+			safety: "Only run when no other workflow is relying on the current stream.",
+			tool: "agent_browser",
+		},
+	];
 }
 
 function formatConsoleText(data: Record<string, unknown>): string | undefined {
@@ -602,6 +672,74 @@ function formatCookiesText(data: Record<string, unknown>): string | undefined {
 	return undefined;
 }
 
+function valueContainsStorageSecret(value: unknown): boolean {
+	if (typeof value === "string") {
+		const trimmed = value.trim();
+		if (trimmed.length === 0) return false;
+		if (STORAGE_TOKEN_VALUE_PATTERN.test(trimmed) || STORAGE_SECRET_VALUE_WORD_PATTERN.test(trimmed) || STORAGE_EMAIL_VALUE_PATTERN.test(trimmed) || STORAGE_IDENTITY_VALUE_PATTERN.test(trimmed)) return true;
+		try {
+			const url = new URL(trimmed);
+			if (url.protocol === "http:" || url.protocol === "https:" || url.username || url.password || url.search) return true;
+		} catch {}
+		if (redactSensitiveText(trimmed) !== trimmed || redactModelFacingTextIfSensitive(trimmed) !== trimmed) return true;
+		try {
+			return valueContainsStorageSecret(JSON.parse(trimmed));
+		} catch {
+			return false;
+		}
+	}
+	if (Array.isArray(value)) return value.some((item) => valueContainsStorageSecret(item));
+	if (!isRecord(value)) return false;
+	return Object.entries(value).some(([key, entryValue]) => STORAGE_SECRET_KEY_PATTERN.test(key) || valueContainsStorageSecret(entryValue));
+}
+
+function shouldRevealStorageValue(key: string | undefined, value: unknown): boolean {
+	if (!key || STORAGE_SECRET_KEY_PATTERN.test(key) || !STORAGE_BENIGN_KEY_PATTERN.test(key)) return false;
+	if (valueContainsStorageSecret(value)) return false;
+	if (typeof value === "string") return value.length <= STORAGE_VALUE_PREVIEW_MAX_CHARS;
+	return value === null || typeof value === "number" || typeof value === "boolean";
+}
+
+function formatStorageValue(key: string | undefined, value: unknown): string {
+	if (!shouldRevealStorageValue(key, value)) return "[REDACTED]";
+	if (typeof value === "string") return redactModelFacingText(value);
+	return stringifyModelFacing(value);
+}
+
+function redactStorageEntryValue(item: Record<string, unknown>): Record<string, unknown> {
+	if (!Object.hasOwn(item, "value")) return redactStructuredPresentationValue(item) as Record<string, unknown>;
+	const key = getStringField(item, "key") ?? getStringField(item, "name");
+	const value = item.value;
+	if (shouldRevealStorageValue(key, value)) return redactStructuredPresentationValue(item) as Record<string, unknown>;
+	return {
+		...redactStructuredPresentationValue({ ...item, value: undefined }) as Record<string, unknown>,
+		value: "[REDACTED]",
+		valueRedacted: true,
+		valueRedactionReason: key && STORAGE_SECRET_KEY_PATTERN.test(key) ? "sensitive-key" : "sensitive-value",
+	};
+}
+
+function redactStorageData(value: unknown): unknown {
+	if (Array.isArray(value)) return value.map((item) => redactStorageData(item));
+	if (!isRecord(value)) return redactStructuredPresentationValue(value);
+	const entries = Object.fromEntries(Object.entries(value).map(([key, entryValue]) => {
+		if ((key === "entries" || key === "items") && Array.isArray(entryValue)) return [key, entryValue.map((item) => isRecord(item) ? redactStorageEntryValue(item) : redactStructuredPresentationValue(item))];
+		if (key === "value") {
+			const itemKey = getStringField(value, "key") ?? getStringField(value, "name");
+			return [key, shouldRevealStorageValue(itemKey, entryValue) ? redactStructuredPresentationValue(entryValue) : "[REDACTED]"];
+		}
+		return [key, redactStructuredPresentationValue(entryValue)];
+	}));
+	if (Object.hasOwn(value, "value")) {
+		const key = getStringField(value, "key") ?? getStringField(value, "name");
+		if (!shouldRevealStorageValue(key, value.value)) {
+			entries.valueRedacted = true;
+			entries.valueRedactionReason = key && STORAGE_SECRET_KEY_PATTERN.test(key) ? "sensitive-key" : "sensitive-value";
+		}
+	}
+	return entries;
+}
+
 function formatStorageText(data: Record<string, unknown>): string | undefined {
 	const type = getStringField(data, "type") ?? getStringField(data, "storage") ?? "storage";
 	const entries = getArrayField(data, "entries") ?? getArrayField(data, "items");
@@ -612,12 +750,12 @@ function formatStorageText(data: Record<string, unknown>): string | undefined {
 				if (!isRecord(item)) return `${index + 1}. [REDACTED]`;
 				const rawKey = getStringField(item, "key") ?? getStringField(item, "name") ?? `(entry ${index + 1})`;
 				const key = redactModelFacingText(rawKey);
-				return Object.hasOwn(item, "value") ? `${key}: [REDACTED]` : key;
+				return Object.hasOwn(item, "value") ? `${key}: ${formatStorageValue(rawKey, item.value)}` : key;
 			})
 			.join("\n");
 	}
 	const key = getStringField(data, "key");
-	if (key && Object.hasOwn(data, "value")) return `${type} ${redactModelFacingText(key)}: [REDACTED]`;
+	if (key && Object.hasOwn(data, "value")) return `${type} ${redactModelFacingText(key)}: ${formatStorageValue(key, data.value)}`;
 	if (key && data.set === true) return `${type} set: ${redactModelFacingText(key)}`;
 	if (data.cleared === true || data.clear === true) return `${type} cleared.`;
 	return undefined;
@@ -690,7 +828,7 @@ function redactStatefulValues(value: unknown, sensitiveKeys: Set<string>): unkno
 
 export function redactPresentationData(commandInfo: CommandInfo, data: unknown): unknown {
 	if (commandInfo.command === "cookies") return redactStatefulValues(data, new Set(["value"]));
-	if (commandInfo.command === "storage") return redactStatefulValues(data, new Set(["value"]));
+	if (commandInfo.command === "storage") return redactStorageData(data);
 	return redactStructuredPresentationValue(data);
 }
 

package/extensions/agent-browser/lib/results/presentation/errors.ts

@@ -1,5 +1,5 @@
 import { isOpenNavigationCommand } from "../../command-taxonomy.js";
-import type { CommandInfo } from "../../runtime.js";
+import { redactSensitiveText, type CommandInfo } from "../../runtime.js";
 import { buildBrowserProfileConfigRecovery } from "./browser-profile-recovery.js";
 import { redactModelFacingText } from "./common.js";
 import { buildAgentBrowserNextActions } from "../action-recommendations.js";
@@ -17,6 +17,17 @@ const SELECTOR_DIALECT_ERROR_HINT = [
 	"Prefer refs from `snapshot -i`, or use supported `find role|text|label|placeholder|alt|title|testid ...` locators; use `scrollintoview` before interacting with off-screen elements.",
 ].join(" ");
 
+const CLIPBOARD_PERMISSION_ERROR_HINT = [
+	"Agent-browser clipboard hint: Clipboard read/write access is environment-dependent and often fails in headless, managed, remote-profile, or file:// sessions.",
+	"If you see `NotAllowedError` or `permission denied`, treat it as a browser/OS permission limitation rather than proof that page state changed.",
+	"When possible, prefer page-native reads (`snapshot -i`, `get text`, `eval --stdin`) or direct input (`keyboard inserttext` / `keyboard type`) instead of relying on OS clipboard access.",
+	"If true clipboard access is required, retry in a browser/profile/session with explicit clipboard permission on a normal http(s) page.",
+].join(" ");
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+	return typeof value === "object" && value !== null;
+}
+
 function getSelectorRecoveryHint(errorText: string): string | undefined {
 	const normalized = errorText.trim();
 	if (normalized.length === 0) return undefined;
@@ -42,6 +53,51 @@ function getSelectorRecoveryHint(errorText: string): string | undefined {
 	return undefined;
 }
 
+function getClipboardPermissionHint(commandInfo: CommandInfo, errorText: string): string | undefined {
+	if (commandInfo.command !== "clipboard") return undefined;
+	if (!/\bNotAllowedError\b|\bclipboard\b.*\bpermission denied\b|\bpermission denied\b.*\bclipboard\b/i.test(errorText)) {
+		return undefined;
+	}
+	return CLIPBOARD_PERMISSION_ERROR_HINT;
+}
+
+export function redactClipboardPermissionEcho(commandInfo: CommandInfo, errorText: string): string {
+	if (commandInfo.command !== "clipboard") return errorText;
+	return errorText
+		.replace(/(\b(?:read|write)\s+permission denied\b(?:\s+for)?\s+)([\s\S]+)$/gi, "$1[REDACTED]")
+		.replace(/(\bFailed to execute '[^']+' on 'Clipboard':\s*)([\s\S]+)$/gi, (match, prefix: string, suffix: string) => {
+			if (!/\bpermission denied\b/i.test(suffix)) return match;
+			return `${prefix}${suffix.replace(/(\bpermission denied\b(?:\s+for)?\s+)([\s\S]+)$/i, "$1[REDACTED]")}`;
+		});
+}
+
+export function getClipboardWritePayloadCandidates(commandTokens: readonly string[]): string[] {
+	if (commandTokens[0] !== "clipboard" || commandTokens[1] !== "write") return [];
+	const payloadTokens = commandTokens.slice(2).filter((value) => value.length > 0);
+	return [...new Set([...payloadTokens, payloadTokens.join(" ")].filter((value) => value.length > 0))];
+}
+
+function shouldRedactClipboardPayloadField(key: string, value: string, payloadCandidates: readonly string[]): boolean {
+	return payloadCandidates.some((candidate) => {
+		if (value === candidate) return true;
+		if (candidate.length < 8 || !/payload|clipboard|argument/i.test(key)) return false;
+		return value.includes(candidate);
+	});
+}
+
+export function redactClipboardPermissionErrorValue(commandInfo: CommandInfo, value: unknown, payloadCandidates: readonly string[] = []): unknown {
+	if (commandInfo.command !== "clipboard") return value;
+	if (typeof value === "string") return payloadCandidates.includes(value) ? "[REDACTED]" : redactClipboardPermissionEcho(commandInfo, value);
+	if (Array.isArray(value)) return value.map((item) => redactClipboardPermissionErrorValue(commandInfo, item, payloadCandidates));
+	if (!isRecord(value)) return value;
+	return Object.fromEntries(Object.entries(value).map(([key, entryValue]) => [
+		key,
+		typeof entryValue === "string" && shouldRedactClipboardPayloadField(key, entryValue, payloadCandidates)
+			? "[REDACTED]"
+			: redactClipboardPermissionErrorValue(commandInfo, entryValue, payloadCandidates),
+	]));
+}
+
 interface CommandSuggestion {
 	args?: string[];
 	description: string;
@@ -116,17 +172,21 @@ export function buildErrorPresentation(options: {
 	sessionName?: string;
 }): ToolPresentation {
 	const { args, commandInfo, errorText, sessionName } = options;
-	const safeErrorText = redactModelFacingText(errorText);
+	const safeErrorText = redactModelFacingText(
+		redactSensitiveText(redactClipboardPermissionEcho(commandInfo, errorText)),
+	);
 	const selectorHintedErrorText = appendSelectorRecoveryHint(safeErrorText);
 	const unknownCommandSuggestions = getUnknownCommandSuggestions(commandInfo.command, safeErrorText);
 	const unknownCommandSuggestionText = formatUnknownCommandSuggestionText(unknownCommandSuggestions);
 	const browserProfileConfigRecovery = buildBrowserProfileConfigRecovery({ args, commandInfo, errorText: safeErrorText });
 	const localhostNavigationHint = getLocalhostNavigationHint(commandInfo, safeErrorText);
+	const clipboardPermissionHint = getClipboardPermissionHint(commandInfo, safeErrorText);
 	const hintedErrorParts = [
 		selectorHintedErrorText,
 		unknownCommandSuggestionText && !selectorHintedErrorText.includes("Agent-browser hint:") ? unknownCommandSuggestionText : undefined,
 		browserProfileConfigRecovery?.hint,
 		localhostNavigationHint,
+		clipboardPermissionHint,
 	].filter((part): part is string => Boolean(part));
 	const hintedErrorText = hintedErrorParts.join("\n\n");
 	const categoryDetails = buildAgentBrowserResultCategoryDetails({

package/extensions/agent-browser/lib/results/presentation/semantic-action.ts

@@ -18,9 +18,9 @@ import {
 } from "./navigation.js";
 import { redactModelFacingText } from "./common.js";
 
-const SEMANTIC_NAVIGATION_PROBE_ACTIONS = new Set(["check", "click", "uncheck"]);
+const SEMANTIC_NAVIGATION_PROBE_ACTIONS = new Set(["check", "click"]);
 
-const SEMANTIC_PRESENTATION_ACTIONS = new Set(["check", "click", "fill", "select", "uncheck"]);
+const SEMANTIC_PRESENTATION_ACTIONS = new Set(["check", "click", "fill", "select"]);
 
 function getPageSummary(data: Record<string, unknown>): string | undefined {
 	const title = typeof data.title === "string" ? data.title : undefined;
@@ -55,8 +55,6 @@ export function formatSemanticActionCompactLine(compiled: CompiledAgentBrowserSe
 			return `Filled: ${target}`;
 		case "check":
 			return `Checked: ${target}`;
-		case "uncheck":
-			return `Unchecked: ${target}`;
 		case "select":
 			return `Selected: ${target}`;
 		default:

package/extensions/agent-browser/lib/results/presentation.ts

@@ -14,6 +14,7 @@ import { detectConfirmationRequired } from "./confirmation.js";
 import type {
 	AgentBrowserEnvelope,
 	AgentBrowserNextAction,
+	NetworkRouteDiagnostic,
 	SessionArtifactManifest,
 	ToolPresentation,
 } from "./contracts.js";
@@ -29,7 +30,9 @@ import {
 	extractImagePath,
 	formatArtifactMetadataLines,
 	formatArtifactSummary,
+	formatMissingArtifactFailureText,
 	getSavedFileDetails,
+	hasMissingFileArtifact,
 	isManifestFileArtifact,
 	type ArtifactRequestContext,
 } from "./presentation/artifacts.js";
@@ -37,7 +40,9 @@ import { buildBatchPresentation, isAgentBrowserBatchResultArray } from "./presen
 import { getPresentationPaths } from "./presentation/content.js";
 import {
 	buildNetworkRequestsNextActions,
+	buildStreamNextActions,
 	enrichStreamStatusData,
+	formatNetworkRouteDiagnosticsText,
 	redactPresentationData,
 } from "./presentation/diagnostics.js";
 import { buildErrorPresentation } from "./presentation/errors.js";
@@ -71,6 +76,8 @@ export async function buildToolPresentation(options: {
 	cwd: string;
 	envelope?: AgentBrowserEnvelope;
 	errorText?: string;
+	networkRouteDiagnostics?: NetworkRouteDiagnostic[];
+	networkRoutes?: import("./contracts.js").NetworkRouteRecord[];
 	persistentArtifactStore?: PersistentSessionArtifactStore;
 	sessionName?: string;
 }): Promise<ToolPresentation> {
@@ -83,6 +90,8 @@ export async function buildToolPresentation(options: {
 		cwd,
 		envelope,
 		errorText,
+		networkRouteDiagnostics,
+		networkRoutes,
 		persistentArtifactStore,
 		sessionName,
 	} = options;
@@ -108,6 +117,7 @@ export async function buildToolPresentation(options: {
 			buildNestedToolPresentation: buildToolPresentation,
 			cwd,
 			data,
+			networkRoutes,
 			persistentArtifactStore,
 			sessionName,
 			summary,
@@ -124,6 +134,11 @@ export async function buildToolPresentation(options: {
 		};
 	}
 
+	if (networkRouteDiagnostics && networkRouteDiagnostics.length > 0 && presentation.content[0]?.type === "text") {
+		const diagnosticText = formatNetworkRouteDiagnosticsText(networkRouteDiagnostics);
+		if (diagnosticText) presentation.content[0] = { ...presentation.content[0], text: `${diagnosticText}\n\n${presentation.content[0].text}` };
+		presentation.networkRouteDiagnostics = networkRouteDiagnostics;
+	}
 	if (artifacts.length > 0 && !presentation.artifacts) {
 		presentation.artifacts = artifacts;
 	}
@@ -161,6 +176,19 @@ export async function buildToolPresentation(options: {
 	) ?? presentationWithManifest.artifactVerification;
 
 	const confirmationRequired = detectConfirmationRequired(data);
+	const missingArtifactFailureText = formatMissingArtifactFailureText(presentationWithManifest.artifacts);
+	if (missingArtifactFailureText && hasMissingFileArtifact(presentationWithManifest.artifacts)) {
+		presentationWithManifest.resultCategory = "failure";
+		presentationWithManifest.failureCategory = "artifact-missing";
+		presentationWithManifest.successCategory = undefined;
+		presentationWithManifest.summary = missingArtifactFailureText;
+		if (presentationWithManifest.content[0]?.type === "text") {
+			presentationWithManifest.content[0] = { ...presentationWithManifest.content[0], text: `${missingArtifactFailureText}\n\n${presentationWithManifest.content[0].text}` };
+		} else {
+			presentationWithManifest.content.unshift({ type: "text", text: missingArtifactFailureText });
+		}
+	}
+
 	if (!presentationWithManifest.resultCategory) {
 		const categoryDetails = buildAgentBrowserResultCategoryDetails({
 			artifacts: presentationWithManifest.artifacts,
@@ -199,12 +227,14 @@ export async function buildToolPresentation(options: {
 		successCategory: presentationWithManifest.successCategory,
 	});
 	const networkNextActions = commandInfo.command === "network" && commandInfo.subcommand === "requests" && presentationWithManifest.resultCategory === "success"
-		? buildNetworkRequestsNextActions(data, sessionName)
+		? buildNetworkRequestsNextActions(data, sessionName, presentationWithManifest.networkRouteDiagnostics)
 		: undefined;
+	const streamNextActions = presentationWithManifest.resultCategory === "success" ? buildStreamNextActions(commandInfo, data, sessionName) : undefined;
 	presentationWithManifest.nextActions = mergeNextActions(
 		presentationWithManifest.nextActions,
 		genericNextActions,
 		networkNextActions,
+		streamNextActions,
 	);
 	presentationWithManifest.pageChangeSummary = presentationWithManifest.pageChangeSummary ?? buildPageChangeSummary({
 		artifacts: presentationWithManifest.artifacts,