playwriter 0.1.0 → 0.3.0

package/src/cli.ts

@@ -105,12 +105,33 @@ cli
   .option('--token <token>', 'Authentication token (or use PLAYWRITER_TOKEN env var)')
   .option('-s, --session <name>', 'Session ID (required for -e, get one with `playwriter session new`)')
   .option('-e, --eval <code>', 'Execute JavaScript code and exit, read https://playwriter.dev/SKILL.md for usage')
+  .option('-f, --file <path>', 'Execute JavaScript from a file and exit')
   .option('--timeout [ms]', z.number().default(10000).describe('Execution timeout in milliseconds'))
   .action(async (options) => {
-    // If -e flag is provided, execute code via relay server
-    if (options.eval) {
+    if (options.eval && options.file) {
+      console.error('Error: -e and -f cannot be used together.')
+      process.exit(1)
+    }
+
+    // If -e or -f flag is provided, execute code via relay server
+    const code = (() => {
+      if (options.eval) {
+        return options.eval
+      }
+      if (options.file) {
+        const filePath = path.resolve(options.file)
+        if (!fs.existsSync(filePath)) {
+          console.error(`Error: File not found: ${filePath}`)
+          process.exit(1)
+        }
+        return fs.readFileSync(filePath, 'utf-8')
+      }
+      return null
+    })()
+
+    if (code) {
       await executeCode({
-        code: options.eval,
+        code,
         timeout: options.timeout || 10000,
         sessionId: options.session,
         host: options.host,
@@ -134,15 +155,32 @@ async function getServerUrl(host?: string): Promise<string> {
   return httpBaseUrl
 }
 
-async function fetchExtensionsStatus(host?: string): Promise<ExtensionStatus[]> {
+// Centralized header builder so every CLI subcommand sends the token consistently.
+// Falls back to PLAYWRITER_TOKEN env var when --token is not provided.
+function buildAuthHeaders({ token, json }: { token?: string; json?: boolean }): Record<string, string> {
+  const headers: Record<string, string> = {}
+  if (json) {
+    headers['Content-Type'] = 'application/json'
+  }
+  const effectiveToken = token || process.env.PLAYWRITER_TOKEN
+  if (effectiveToken) {
+    headers['Authorization'] = `Bearer ${effectiveToken}`
+  }
+  return headers
+}
+
+async function fetchExtensionsStatus({ host, token }: { host?: string; token?: string } = {}): Promise<ExtensionStatus[]> {
   try {
     const serverUrl = await getServerUrl(host)
+    const headers = buildAuthHeaders({ token })
     const response = await fetch(`${serverUrl}/extensions/status`, {
       signal: AbortSignal.timeout(2000),
+      headers,
     })
     if (!response.ok) {
       const fallback = await fetch(`${serverUrl}/extension/status`, {
         signal: AbortSignal.timeout(2000),
+        headers,
       })
       if (!fallback.ok) {
         return []
@@ -225,12 +263,7 @@ async function executeCode(options: {
   try {
     const response = await fetch(executeUrl, {
       method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        ...(token || process.env.PLAYWRITER_TOKEN
-          ? { Authorization: `Bearer ${token || process.env.PLAYWRITER_TOKEN}` }
-          : {}),
-      },
+      headers: buildAuthHeaders({ token, json: true }),
       body: JSON.stringify({ sessionId, code, timeout, cwd }),
     })
 
@@ -321,6 +354,7 @@ interface BrowserOption {
 cli
   .command('session new', 'Create a new session and print the session ID')
   .option('--host <host>', 'Remote relay server host')
+  .option('--token <token>', 'Authentication token (or use PLAYWRITER_TOKEN env var)')
   .option('--browser <key>', 'Browser key when multiple browsers are available')
   .option('--direct [endpoint]', 'Use direct CDP connection without the extension. Enable debugging first at chrome://inspect/#remote-debugging or launch Chrome with --remote-debugging-port=9222. Auto-discovers instances or accepts an explicit ws:// endpoint')
   .action(async (options) => {
@@ -342,7 +376,7 @@ cli
       }
       await ensureRelayForSessionCreation(isLocal)
       const serverUrl = await getServerUrl(options.host)
-      const result = await createDirectSession({ serverUrl, cdpEndpoint })
+      const result = await createDirectSession({ serverUrl, cdpEndpoint, token: options.token })
       console.log(`Session ${result.id} created (direct CDP). Use with: playwriter -s ${result.id} -e "..."`)
       console.log(pc.dim('NOTE: Recording unavailable in direct CDP mode.'))
       return
@@ -372,7 +406,7 @@ cli
       if (instances.length === 1 && !options.browser) {
         const instance = instances[0]
         const serverUrl = await getServerUrl(options.host)
-        const result = await createDirectSession({ serverUrl, cdpEndpoint: instance.wsUrl, browser: instance.browser, profiles: instance.profiles })
+        const result = await createDirectSession({ serverUrl, cdpEndpoint: instance.wsUrl, browser: instance.browser, profiles: instance.profiles, token: options.token })
         const profileLabel = formatInstanceProfiles(instance)
         console.log(
           `Session ${result.id} created (direct CDP, ${instance.browser}${profileLabel}). Use with: playwriter -s ${result.id} -e "..."`,
@@ -396,7 +430,7 @@ cli
           process.exit(1)
         }
         const serverUrl = await getServerUrl(options.host)
-        const result = await createDirectSession({ serverUrl, cdpEndpoint: selected.wsUrl!, browser: selected.browser, profiles: selected.profiles })
+        const result = await createDirectSession({ serverUrl, cdpEndpoint: selected.wsUrl!, browser: selected.browser, profiles: selected.profiles, token: options.token })
         console.log(`Session ${result.id} created (direct CDP). Use with: playwriter -s ${result.id} -e "..."`)
         console.log(pc.dim('NOTE: Recording unavailable in direct CDP mode.'))
         return
@@ -427,7 +461,7 @@ cli
         })
       }
     } else {
-      extensions = await fetchExtensionsStatus(options.host)
+      extensions = await fetchExtensionsStatus({ host: options.host, token: options.token })
     }
 
     if (extensions.length === 0) {
@@ -457,8 +491,8 @@ cli
         const cwd = process.cwd()
         const response = await fetch(`${serverUrl}/cli/session/new`, {
           method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({ extensionId, cwd }),
+          headers: buildAuthHeaders({ token: options.token, json: true }),
+          body: JSON.stringify({ extensionId, cwd, autoEnable: true }),
         })
         if (!response.ok) {
           const text = await response.text()
@@ -509,15 +543,15 @@ cli
       try {
         const serverUrl = await getServerUrl(options.host)
         if (selected.type === 'direct') {
-          const result = await createDirectSession({ serverUrl, cdpEndpoint: selected.wsUrl!, browser: selected.browser, profiles: selected.profiles })
+          const result = await createDirectSession({ serverUrl, cdpEndpoint: selected.wsUrl!, browser: selected.browser, profiles: selected.profiles, token: options.token })
           console.log(`Session ${result.id} created (direct CDP). Use with: playwriter -s ${result.id} -e "..."`)
           console.log(pc.dim('NOTE: Recording unavailable in direct CDP mode.'))
         } else {
           const cwd = process.cwd()
           const response = await fetch(`${serverUrl}/cli/session/new`, {
             method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({ extensionId: selected.extensionId, cwd }),
+            headers: buildAuthHeaders({ token: options.token, json: true }),
+            body: JSON.stringify({ extensionId: selected.extensionId, cwd, autoEnable: true }),
           })
           if (!response.ok) {
             const text = await response.text()
@@ -552,16 +586,18 @@ async function createDirectSession({
   cdpEndpoint,
   browser,
   profiles,
+  token,
 }: {
   serverUrl: string
   cdpEndpoint: string
   browser?: string
   profiles?: Array<{ name: string; email: string }>
+  token?: string
 }): Promise<{ id: string }> {
   const cwd = process.cwd()
   const response = await fetch(`${serverUrl}/cli/session/new`, {
     method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
+    headers: buildAuthHeaders({ token, json: true }),
     body: JSON.stringify({ cdpEndpoint, cwd, browser, profiles }),
   })
   if (!response.ok) {
@@ -622,6 +658,7 @@ function printBrowserTable(options: BrowserOption[]): void {
 cli
   .command('session list', 'List all active sessions')
   .option('--host <host>', 'Remote relay server host')
+  .option('--token <token>', 'Authentication token (or use PLAYWRITER_TOKEN env var)')
   .action(async (options) => {
     if (!options.host && !process.env.PLAYWRITER_HOST) {
       await ensureRelayServer({ logger: console, env: cliRelayEnv })
@@ -639,6 +676,7 @@ cli
 
     try {
       const response = await fetch(`${serverUrl}/cli/sessions`, {
+        headers: buildAuthHeaders({ token: options.token }),
         signal: AbortSignal.timeout(2000),
       })
       if (!response.ok) {
@@ -711,6 +749,7 @@ cli
 cli
   .command('session delete <sessionId>', 'Delete a session and clear its state')
   .option('--host <host>', 'Remote relay server host')
+  .option('--token <token>', 'Authentication token (or use PLAYWRITER_TOKEN env var)')
   .action(async (sessionId, options) => {
     const serverUrl = await getServerUrl(options.host)
 
@@ -721,7 +760,7 @@ cli
     try {
       const response = await fetch(`${serverUrl}/cli/session/delete`, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: buildAuthHeaders({ token: options.token, json: true }),
         body: JSON.stringify({ sessionId }),
       })
 
@@ -741,6 +780,7 @@ cli
 cli
   .command('session reset <sessionId>', 'Reset the browser connection for a session')
   .option('--host <host>', 'Remote relay server host')
+  .option('--token <token>', 'Authentication token (or use PLAYWRITER_TOKEN env var)')
   .action(async (sessionId, options) => {
     const cwd = process.cwd()
     const serverUrl = await getServerUrl(options.host)
@@ -752,7 +792,7 @@ cli
     try {
       const response = await fetch(`${serverUrl}/cli/reset`, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: buildAuthHeaders({ token: options.token, json: true }),
         body: JSON.stringify({ sessionId, cwd }),
       })
 
@@ -789,6 +829,14 @@ cli
       process.exit(1)
     }
 
+    // Expose the token to in-process callers (screen-recording.ts, etc.) so
+    // they can attach Authorization: Bearer ... when calling the relay's own
+    // privileged endpoints. Required because we no longer bypass auth for
+    // loopback — see commit history for the tunnel-agent threat model.
+    if (token) {
+      process.env.PLAYWRITER_TOKEN = token
+    }
+
     // Check if server is already running on the port
     const net = await import('node:net')
     const isPortInUse = await new Promise<boolean>((resolve) => {
@@ -872,6 +920,7 @@ cli
 cli
   .command('browser list', 'List all available browsers: extension-connected and direct CDP on port 9222')
   .option('--host <host>', z.string().describe('Remote relay server host'))
+  .option('--token <token>', 'Authentication token (or use PLAYWRITER_TOKEN env var)')
   .action(async (options) => {
     const isLocal = !options.host && !process.env.PLAYWRITER_HOST
 
@@ -883,7 +932,7 @@ cli
     const [extensions, directInstances] = await Promise.all([
       isLocal
         ? waitForConnectedExtensions({ timeoutMs: 2000, pollIntervalMs: 200, logger: console })
-        : fetchExtensionsStatus(options.host),
+        : fetchExtensionsStatus({ host: options.host, token: options.token }),
       isLocal ? discoverChromeInstances() : Promise.resolve([] as DiscoveredInstance[]),
     ])
 
@@ -933,6 +982,7 @@ cli.command('skill', 'Print the full playwriter usage instructions').action(() =
 })
 
 cli.help()
+cli.completions()
 cli.version(VERSION)
 
-cli.parse()
+await cli.parse()

package/src/executor.ts

@@ -3,7 +3,7 @@
  * Used by both MCP and CLI to execute Playwright code with persistent state.
  */
 
-import { Page, Frame, Browser, BrowserContext, chromium, Locator, FrameLocator } from '@xmorse/playwright-core'
+import { Page, Frame, Browser, BrowserContext, chromium, Locator, FrameLocator, ElementHandle } from '@xmorse/playwright-core'
 import crypto from 'node:crypto'
 import fs from 'node:fs'
 import path from 'node:path'
@@ -21,7 +21,7 @@ import { ICDPSession, getCDPSessionForPage } from './cdp-session.js'
 import { Debugger } from './debugger.js'
 import { Editor } from './editor.js'
 import { getStylesForLocator, formatStylesAsText, type StylesResult } from './styles.js'
-import { getReactSource, type ReactSourceLocation } from './react-source.js'
+import { getReactSource, getReactComponentInfo, type ReactSourceLocation } from './react-source.js'
 import { ScopedFS } from './scoped-fs.js'
 import {
   screenshotWithAccessibilityLabels,
@@ -66,6 +66,7 @@ const usefulGlobals = {
   AbortController,
   AbortSignal,
   structuredClone,
+  process,
 } as const
 
 /**
@@ -104,14 +105,14 @@ export function getAutoReturnExpression(code: string): string | null {
     if (
       expr.type === 'AssignmentExpression' ||
       expr.type === 'UpdateExpression' ||
-      (expr.type === 'UnaryExpression' && (expr as acorn.UnaryExpression).operator === 'delete')
+      (expr.type === 'UnaryExpression' && expr.operator === 'delete')
     ) {
       return null
     }
 
     // Don't auto-return sequence expressions that contain assignments
     if (expr.type === 'SequenceExpression') {
-      const hasAssignment = expr.expressions.some((e: acorn.Expression) => e.type === 'AssignmentExpression')
+      const hasAssignment = expr.expressions.some((e) => e.type === 'AssignmentExpression')
       if (hasAssignment) {
         return null
       }
@@ -226,6 +227,7 @@ export interface CdpConfig {
   port?: number
   token?: string
   extensionId?: string | null
+  autoEnable?: boolean
   /** Direct CDP WebSocket URL — bypasses relay + extension, connects straight to Chrome */
   directCdpUrl?: string
 }
@@ -287,7 +289,12 @@ export class PlaywrightExecutor {
   private context: BrowserContext | null = null
 
   private userState: Record<string, any> = {}
-  private browserLogs: Map<string, string[]> = new Map()
+  private browserLogs: Map<Page, string[]> = new Map()
+  // Tracks the index up to which getLatestLogs({ sinceLastCall: true }) has
+  // returned logs. 0 means "return everything" (first call gets full buffer).
+  // When addBrowserLog shifts old entries (cap at MAX_LOGS_PER_PAGE), cursors
+  // are decremented so they stay in sync with the array.
+  private pageLogCursor: Map<Page, number> = new Map()
   private lastSnapshots: WeakMap<Page, Map<string, string>> = new WeakMap()
   private lastRefToLocator: WeakMap<Page, Map<string, string>> = new WeakMap()
   private warningEvents: WarningEvent[] = []
@@ -531,41 +538,68 @@ export class PlaywrightExecutor {
   }
 
   private setupPageConsoleListener(page: Page) {
-    // Use targetId() if available, fallback to internal _guid for CDP connections
-    const targetId = page.targetId() || ((page as any)._guid as string | undefined)
-    if (!targetId) {
-      return
+    if (!this.browserLogs.has(page)) {
+      this.browserLogs.set(page, [])
     }
 
-    if (!this.browserLogs.has(targetId)) {
-      this.browserLogs.set(targetId, [])
-    }
-
-    page.on('framenavigated', (frame) => {
-      if (frame === page.mainFrame()) {
-        this.browserLogs.set(targetId, [])
-      }
-    })
+    // Logs are NOT cleared on navigation so that getLatestLogs({ sinceLastCall: true })
+    // can return errors from the previous page load. The MAX_LOGS_PER_PAGE cap (5000)
+    // prevents unbounded growth; old entries are shifted out in addBrowserLog.
 
     page.on('close', () => {
-      this.browserLogs.delete(targetId)
+      this.browserLogs.delete(page)
+      this.pageLogCursor.delete(page)
     })
 
     page.on('console', (msg) => {
       try {
         const logEntry = `[${msg.type()}] ${msg.text()}`
-        if (!this.browserLogs.has(targetId)) {
-          this.browserLogs.set(targetId, [])
-        }
-        const pageLogs = this.browserLogs.get(targetId)!
-        pageLogs.push(logEntry)
-        if (pageLogs.length > MAX_LOGS_PER_PAGE) {
-          pageLogs.shift()
-        }
+        this.addBrowserLog({ page, logEntry })
       } catch (e) {
         this.logger.error('[Executor] Failed to get console message text:', e)
       }
     })
+
+    page.on('pageerror', (error) => {
+      this.addBrowserLog({ page, logEntry: `[pageerror] ${error.message}` })
+    })
+  }
+
+  private addBrowserLog(options: { page: Page; logEntry: string }) {
+    if (!this.browserLogs.has(options.page)) {
+      this.browserLogs.set(options.page, [])
+    }
+    const pageLogs = this.browserLogs.get(options.page)!
+    pageLogs.push(options.logEntry)
+    if (pageLogs.length > MAX_LOGS_PER_PAGE) {
+      pageLogs.shift()
+      // Decrement cursor so it stays in sync with the shifted array.
+      // Clamp to 0 so the cursor never goes negative.
+      const cursor = this.pageLogCursor.get(options.page)
+      if (cursor !== undefined && cursor > 0) {
+        this.pageLogCursor.set(options.page, cursor - 1)
+      }
+    }
+  }
+
+  private pagesRelatedToPage(page: Page): Page[] {
+    const frameUrls = new Set(
+      page
+        .frames()
+        .map((frame) => {
+          return frame.url()
+        })
+        .filter((url) => {
+          return url && url !== 'about:blank'
+        }),
+    )
+
+    return page
+      .context()
+      .pages()
+      .filter((candidate) => {
+        return candidate === page || frameUrls.has(candidate.url())
+      })
   }
 
   private async checkExtensionStatus(): Promise<{
@@ -573,17 +607,24 @@ export class PlaywrightExecutor {
     activeTargets: number
     playwriterVersion: string | null
   }> {
-    const { host = '127.0.0.1', port = 19988, extensionId } = this.cdpConfig
+    const { host = '127.0.0.1', port = 19988, extensionId, token } = this.cdpConfig
     const { httpBaseUrl } = parseRelayHost(host, port)
     const notConnected = { connected: false, activeTargets: 0, playwriterVersion: null }
+    const headers: Record<string, string> = {}
+    const effectiveToken = token || process.env.PLAYWRITER_TOKEN
+    if (effectiveToken) {
+      headers['Authorization'] = `Bearer ${effectiveToken}`
+    }
     try {
       if (extensionId) {
         const response = await fetch(`${httpBaseUrl}/extensions/status`, {
           signal: AbortSignal.timeout(2000),
+          headers,
         })
         if (!response.ok) {
           const fallback = await fetch(`${httpBaseUrl}/extension/status`, {
             signal: AbortSignal.timeout(2000),
+            headers,
           })
           if (!fallback.ok) {
             return notConnected
@@ -617,6 +658,7 @@ export class PlaywrightExecutor {
 
       const response = await fetch(`${httpBaseUrl}/extension/status`, {
         signal: AbortSignal.timeout(2000),
+        headers,
       })
       if (!response.ok) {
         return notConnected
@@ -968,21 +1010,50 @@ export class PlaywrightExecutor {
         })
       }
 
-      const getLatestLogs = async (options?: { page?: Page; count?: number; search?: string | RegExp }) => {
-        const { page: filterPage, count, search } = options || {}
+      const getLatestLogs = async (options?: {
+        page?: Page
+        count?: number
+        search?: string | RegExp
+        // When true, only return logs added since the last getLatestLogs call
+        // with sinceLastCall: true. First call returns all buffered logs.
+        // Cursors are tracked per page so navigations and new logs are
+        // never missed. Useful for checking page errors after each action.
+        sinceLastCall?: boolean
+      }) => {
+        const { page: filterPage, count, search, sinceLastCall = false } = options || {}
         let allLogs: string[] = []
 
-        if (filterPage) {
-          // Use targetId() if available, fallback to internal _guid for CDP connections
-          const targetId = filterPage.targetId() || ((filterPage as any)._guid as string | undefined)
-          if (!targetId) {
-            throw new Error('Could not get page targetId')
+        // Collect logs, optionally slicing from cursor when sinceLastCall is set
+        const collectLogs = (targetPage: Page): string[] => {
+          const logs = this.browserLogs.get(targetPage) || []
+          if (!sinceLastCall) {
+            return logs
           }
-          const pageLogs = this.browserLogs.get(targetId) || []
-          allLogs = [...pageLogs]
+          const cursor = this.pageLogCursor.get(targetPage) || 0
+          return logs.slice(cursor)
+        }
+
+        if (filterPage) {
+          const relatedPages = this.pagesRelatedToPage(filterPage)
+          allLogs = relatedPages.flatMap((relatedPage) => {
+            return collectLogs(relatedPage)
+          })
         } else {
-          for (const pageLogs of this.browserLogs.values()) {
-            allLogs.push(...pageLogs)
+          for (const [p] of this.browserLogs) {
+            allLogs.push(...collectLogs(p))
+          }
+        }
+
+        // Advance cursors after collecting so next sinceLastCall call starts fresh
+        if (sinceLastCall) {
+          const pagesToAdvance = filterPage
+            ? this.pagesRelatedToPage(filterPage)
+            : [...this.browserLogs.keys()]
+          for (const p of pagesToAdvance) {
+            const logs = this.browserLogs.get(p)
+            if (logs) {
+              this.pageLogCursor.set(p, logs.length)
+            }
           }
         }
 
@@ -1021,6 +1092,7 @@ export class PlaywrightExecutor {
 
       const clearAllLogs = () => {
         this.browserLogs.clear()
+        this.pageLogCursor.clear()
       }
 
       const getCDPSession = async (options: { page: Page }) => {
@@ -1043,6 +1115,47 @@ export class PlaywrightExecutor {
         return getReactSource({ locator: options.locator, cdp })
       }
 
+      const getReactComponentInfoFn = async (options: { locator: Locator | ElementHandle }) => {
+        const targetPage = await (async (): Promise<Page | null> => {
+          if ('page' in options.locator) {
+            return options.locator.page()
+          }
+
+          return (await options.locator.ownerFrame())?.page() ?? null
+        })()
+        if (!targetPage) {
+          throw new Error('Could not get page from locator')
+        }
+        const cdp = await getCDPSession({ page: targetPage })
+        return getReactComponentInfo({ locator: options.locator, cdp })
+      }
+
+      const inspectPinnedElement = async (pageUrl: string, elementExpression: string) => {
+        const targetPage = context.pages().find((candidate) => candidate.url() === pageUrl) || context.pages()[0]
+        if (!targetPage) {
+          throw new Error('No Playwright pages are available')
+        }
+
+        this.userState.page = targetPage
+        const handle = (await targetPage.evaluateHandle((expression) => {
+          return Function(`return (${expression})`)()
+        }, elementExpression)).asElement()
+
+        const result = await (async () => {
+          if (!handle) {
+            return { url: targetPage.url(), outerHTML: null, react: null }
+          }
+          return {
+            url: targetPage.url(),
+            outerHTML: await handle.evaluate((el) => el.outerHTML),
+            react: await getReactComponentInfoFn({ locator: handle }),
+          }
+        })()
+
+        console.log(result)
+        return result
+      }
+
       const screenshotCollector: ScreenshotResult[] = []
       // Separate collector for images produced by resizeImageForAgent() calls.
       // These get merged into result.images so the CLI can emit them via Kitty Graphics.
@@ -1146,6 +1259,8 @@ export class PlaywrightExecutor {
         getStylesForLocator: getStylesForLocatorFn,
         formatStylesAsText,
         getReactSource: getReactSourceFn,
+        getReactComponentInfo: getReactComponentInfoFn,
+        inspectPinnedElement,
         screenshotWithAccessibilityLabels: screenshotWithAccessibilityLabelsFn,
         resizeImageForAgent: resizeImageForAgentFn,
         // Backward-compatible alias for resizeImageForAgent
@@ -1178,6 +1293,18 @@ export class PlaywrightExecutor {
         // Ghost Browser API - only works in Ghost Browser, mirrors chrome.ghostPublicAPI etc
         chrome: chromeGhostBrowser,
         ...usefulGlobals,
+        // Expose process with safety overrides:
+        // - cwd() returns the session's cwd instead of the relay server's cwd
+        // - exit() is blocked to prevent killing the relay server
+        // - chdir() is blocked to prevent affecting other sessions
+        process: new Proxy(process, {
+          get(target, prop, receiver) {
+            if (prop === 'cwd') return () => self.sessionCwd || target.cwd()
+            if (prop === 'exit') return () => { throw new Error('process.exit() is not allowed in the sandbox') }
+            if (prop === 'chdir') return () => { throw new Error('process.chdir() is not allowed in the sandbox, use a new session with a different cwd instead') }
+            return Reflect.get(target, prop, receiver)
+          },
+        }),
       }
 
       const vmContext = vm.createContext(vmContextObj)

package/src/mcp.ts

@@ -56,9 +56,14 @@ function getLogServerUrl(): string {
 
 async function sendLogToRelayServer(level: string, ...args: any[]) {
   try {
+    const headers: Record<string, string> = { 'Content-Type': 'application/json' }
+    const token = process.env.PLAYWRITER_TOKEN
+    if (token) {
+      headers['Authorization'] = `Bearer ${token}`
+    }
     await fetch(getLogServerUrl(), {
       method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
+      headers,
       body: JSON.stringify({ level, args }),
       signal: AbortSignal.timeout(1000),
     })