safari-pilot 0.1.0

package/dist/engines/extension.d.ts

@@ -0,0 +1,34 @@
+import { BaseEngine } from './engine.js';
+import type { DaemonEngine } from './daemon.js';
+import type { Engine, EngineResult } from '../types.js';
+/**
+ * ExtensionEngine routes JavaScript execution through the Safari extension via the daemon.
+ *
+ * Execution path: MCP server → DaemonEngine → daemon ExtensionBridge → Safari extension
+ * background.js → content script (MAIN world) → result flows back the same way.
+ *
+ * The engine is only available when:
+ *   1. The daemon is running (DaemonEngine.isAvailable() returns true).
+ *   2. The Safari extension is installed and has established a native messaging connection.
+ *
+ * When the extension is not connected, isAvailable() returns false and the engine
+ * selector will fall back to the daemon (AppleScript) or applescript engine.
+ */
+export declare class ExtensionEngine extends BaseEngine {
+    readonly name: Engine;
+    private daemon;
+    constructor(daemon: DaemonEngine);
+    /**
+     * Returns true only when the daemon is running AND the extension is connected.
+     * The status check is routed through the daemon's extension_status command.
+     */
+    isAvailable(): Promise<boolean>;
+    /**
+     * Execute a JavaScript string in the Safari extension's MAIN world content script.
+     *
+     * The script is forwarded through the daemon's ExtensionBridge to background.js,
+     * which injects it into the active tab's MAIN world via chrome.scripting.executeScript.
+     * The result is returned as a string (JSON-serialised if the script returns an object).
+     */
+    execute(script: string, timeout?: number): Promise<EngineResult>;
+}

package/dist/engines/extension.js

@@ -0,0 +1,66 @@
+import { BaseEngine } from './engine.js';
+// Internal sentinel prefix used to distinguish extension bridge commands from
+// normal AppleScript execution commands routed through the same DaemonEngine.
+const INTERNAL_PREFIX = '__SAFARI_PILOT_INTERNAL__';
+/**
+ * ExtensionEngine routes JavaScript execution through the Safari extension via the daemon.
+ *
+ * Execution path: MCP server → DaemonEngine → daemon ExtensionBridge → Safari extension
+ * background.js → content script (MAIN world) → result flows back the same way.
+ *
+ * The engine is only available when:
+ *   1. The daemon is running (DaemonEngine.isAvailable() returns true).
+ *   2. The Safari extension is installed and has established a native messaging connection.
+ *
+ * When the extension is not connected, isAvailable() returns false and the engine
+ * selector will fall back to the daemon (AppleScript) or applescript engine.
+ */
+export class ExtensionEngine extends BaseEngine {
+    name = 'extension';
+    daemon;
+    constructor(daemon) {
+        super();
+        this.daemon = daemon;
+    }
+    /**
+     * Returns true only when the daemon is running AND the extension is connected.
+     * The status check is routed through the daemon's extension_status command.
+     */
+    async isAvailable() {
+        try {
+            const result = await this.daemon.execute(`${INTERNAL_PREFIX} extension_status`);
+            return result.ok && result.value === 'connected';
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Execute a JavaScript string in the Safari extension's MAIN world content script.
+     *
+     * The script is forwarded through the daemon's ExtensionBridge to background.js,
+     * which injects it into the active tab's MAIN world via chrome.scripting.executeScript.
+     * The result is returned as a string (JSON-serialised if the script returns an object).
+     */
+    async execute(script, timeout) {
+        const start = Date.now();
+        try {
+            const payload = JSON.stringify({ script });
+            const result = await this.daemon.execute(`${INTERNAL_PREFIX} extension_execute ${payload}`, timeout);
+            return { ...result, elapsed_ms: Date.now() - start };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            return {
+                ok: false,
+                error: {
+                    code: 'EXTENSION_ERROR',
+                    message,
+                    retryable: true,
+                },
+                elapsed_ms: Date.now() - start,
+            };
+        }
+    }
+}
+//# sourceMappingURL=extension.js.map

package/dist/engines/extension.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"extension.js","sourceRoot":"","sources":["../../src/engines/extension.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAIzC,8EAA8E;AAC9E,8EAA8E;AAC9E,MAAM,eAAe,GAAG,2BAA2B,CAAC;AAEpD;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,eAAgB,SAAQ,UAAU;IACpC,IAAI,GAAW,WAAW,CAAC;IAC5B,MAAM,CAAe;IAE7B,YAAY,MAAoB;QAC9B,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,GAAG,eAAe,mBAAmB,CACtC,CAAC;YACF,OAAO,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,KAAK,KAAK,WAAW,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CAAC,MAAc,EAAE,OAAgB;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAC3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,GAAG,eAAe,sBAAsB,OAAO,EAAE,EACjD,OAAO,CACR,CAAC;YACF,OAAO,EAAE,GAAG,MAAM,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC;QACvD,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE;oBACL,IAAI,EAAE,iBAAiB;oBACvB,OAAO;oBACP,SAAS,EAAE,IAAI;iBAChB;gBACD,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/dist/errors.d.ts

@@ -0,0 +1,128 @@
+import type { Engine, ToolError } from './types.js';
+export declare const ERROR_CODES: {
+    readonly ELEMENT_NOT_FOUND: "ELEMENT_NOT_FOUND";
+    readonly ELEMENT_NOT_VISIBLE: "ELEMENT_NOT_VISIBLE";
+    readonly ELEMENT_NOT_INTERACTABLE: "ELEMENT_NOT_INTERACTABLE";
+    readonly TIMEOUT: "TIMEOUT";
+    readonly NAVIGATION_FAILED: "NAVIGATION_FAILED";
+    readonly CSP_BLOCKED: "CSP_BLOCKED";
+    readonly SHADOW_DOM_CLOSED: "SHADOW_DOM_CLOSED";
+    readonly CROSS_ORIGIN_FRAME: "CROSS_ORIGIN_FRAME";
+    readonly SAFARI_NOT_RUNNING: "SAFARI_NOT_RUNNING";
+    readonly SAFARI_CRASHED: "SAFARI_CRASHED";
+    readonly PERMISSION_DENIED: "PERMISSION_DENIED";
+    readonly TAB_NOT_FOUND: "TAB_NOT_FOUND";
+    readonly TAB_NOT_OWNED: "TAB_NOT_OWNED";
+    readonly DOMAIN_NOT_ALLOWED: "DOMAIN_NOT_ALLOWED";
+    readonly RATE_LIMITED: "RATE_LIMITED";
+    readonly EXTENSION_REQUIRED: "EXTENSION_REQUIRED";
+    readonly KILL_SWITCH_ACTIVE: "KILL_SWITCH_ACTIVE";
+    readonly HUMAN_APPROVAL_REQUIRED: "HUMAN_APPROVAL_REQUIRED";
+    readonly DIALOG_UNEXPECTED: "DIALOG_UNEXPECTED";
+    readonly FRAME_NOT_FOUND: "FRAME_NOT_FOUND";
+    readonly CIRCUIT_BREAKER_OPEN: "CIRCUIT_BREAKER_OPEN";
+    readonly INTERNAL_ERROR: "INTERNAL_ERROR";
+};
+export type ErrorCode = (typeof ERROR_CODES)[keyof typeof ERROR_CODES];
+export declare abstract class SafariPilotError extends Error {
+    abstract readonly code: ErrorCode;
+    abstract readonly retryable: boolean;
+    abstract readonly hints: string[];
+    readonly url?: string;
+    readonly selector?: string;
+    constructor(message: string, options?: {
+        url?: string;
+        selector?: string;
+    });
+}
+export declare class ElementNotFoundError extends SafariPilotError {
+    readonly code: "ELEMENT_NOT_FOUND";
+    readonly retryable = true;
+    readonly hints: string[];
+    constructor(selector: string, url: string);
+}
+export declare class ElementNotVisibleError extends SafariPilotError {
+    readonly code: "ELEMENT_NOT_VISIBLE";
+    readonly retryable = true;
+    readonly hints: string[];
+    constructor(selector: string, url: string);
+}
+export declare class TimeoutError extends SafariPilotError {
+    readonly code: "TIMEOUT";
+    readonly retryable = true;
+    readonly hints: string[];
+    constructor(operation: string, timeoutMs: number);
+}
+export declare class TabNotFoundError extends SafariPilotError {
+    readonly code: "TAB_NOT_FOUND";
+    readonly retryable = false;
+    readonly hints: string[];
+    constructor(tabUrl: string);
+}
+export declare class TabNotOwnedError extends SafariPilotError {
+    readonly code: "TAB_NOT_OWNED";
+    readonly retryable = false;
+    readonly hints: string[];
+    constructor(tabId: number);
+}
+export declare class DomainNotAllowedError extends SafariPilotError {
+    readonly code: "DOMAIN_NOT_ALLOWED";
+    readonly retryable = false;
+    readonly hints: string[];
+    constructor(domain: string);
+}
+export declare class RateLimitedError extends SafariPilotError {
+    readonly code: "RATE_LIMITED";
+    readonly retryable = true;
+    readonly hints: string[];
+    constructor(domain: string, maxPerMinute: number);
+}
+export declare class CspBlockedError extends SafariPilotError {
+    readonly code: "CSP_BLOCKED";
+    readonly retryable = false;
+    readonly hints: string[];
+    constructor(url: string);
+}
+export declare class ShadowDomClosedError extends SafariPilotError {
+    readonly code: "SHADOW_DOM_CLOSED";
+    readonly retryable = false;
+    readonly hints: string[];
+    constructor(selector: string);
+}
+export declare class KillSwitchActiveError extends SafariPilotError {
+    readonly code: "KILL_SWITCH_ACTIVE";
+    readonly retryable = false;
+    readonly hints: string[];
+    constructor(reason: string);
+}
+export declare class HumanApprovalRequiredError extends SafariPilotError {
+    readonly code: "HUMAN_APPROVAL_REQUIRED";
+    readonly retryable = true;
+    readonly hints: string[];
+    constructor(action: string, domain: string);
+}
+export declare class EngineRequiredError extends SafariPilotError {
+    readonly code: "EXTENSION_REQUIRED";
+    readonly retryable = false;
+    readonly hints: string[];
+    constructor(capability: string);
+}
+export declare class CircuitBreakerOpenError extends SafariPilotError {
+    readonly code: "CIRCUIT_BREAKER_OPEN";
+    readonly retryable = true;
+    readonly hints: string[];
+    constructor(domain: string, cooldownSeconds: number);
+}
+export declare class NavigationFailedError extends SafariPilotError {
+    readonly code: "NAVIGATION_FAILED";
+    readonly retryable = true;
+    readonly hints: string[];
+    constructor(url: string, reason?: string);
+}
+export declare class InternalError extends SafariPilotError {
+    readonly code: "INTERNAL_ERROR";
+    readonly retryable = false;
+    readonly hints: string[];
+    constructor(message: string);
+}
+export declare function formatToolError(error: SafariPilotError, engine: Engine, elapsed_ms: number): ToolError;

package/dist/errors.js

@@ -0,0 +1,250 @@
+// ─── Error Codes ─────────────────────────────────────────────────────────────
+export const ERROR_CODES = {
+    ELEMENT_NOT_FOUND: 'ELEMENT_NOT_FOUND',
+    ELEMENT_NOT_VISIBLE: 'ELEMENT_NOT_VISIBLE',
+    ELEMENT_NOT_INTERACTABLE: 'ELEMENT_NOT_INTERACTABLE',
+    TIMEOUT: 'TIMEOUT',
+    NAVIGATION_FAILED: 'NAVIGATION_FAILED',
+    CSP_BLOCKED: 'CSP_BLOCKED',
+    SHADOW_DOM_CLOSED: 'SHADOW_DOM_CLOSED',
+    CROSS_ORIGIN_FRAME: 'CROSS_ORIGIN_FRAME',
+    SAFARI_NOT_RUNNING: 'SAFARI_NOT_RUNNING',
+    SAFARI_CRASHED: 'SAFARI_CRASHED',
+    PERMISSION_DENIED: 'PERMISSION_DENIED',
+    TAB_NOT_FOUND: 'TAB_NOT_FOUND',
+    TAB_NOT_OWNED: 'TAB_NOT_OWNED',
+    DOMAIN_NOT_ALLOWED: 'DOMAIN_NOT_ALLOWED',
+    RATE_LIMITED: 'RATE_LIMITED',
+    EXTENSION_REQUIRED: 'EXTENSION_REQUIRED',
+    KILL_SWITCH_ACTIVE: 'KILL_SWITCH_ACTIVE',
+    HUMAN_APPROVAL_REQUIRED: 'HUMAN_APPROVAL_REQUIRED',
+    DIALOG_UNEXPECTED: 'DIALOG_UNEXPECTED',
+    FRAME_NOT_FOUND: 'FRAME_NOT_FOUND',
+    CIRCUIT_BREAKER_OPEN: 'CIRCUIT_BREAKER_OPEN',
+    INTERNAL_ERROR: 'INTERNAL_ERROR',
+};
+// ─── Abstract Base ────────────────────────────────────────────────────────────
+export class SafariPilotError extends Error {
+    url;
+    selector;
+    constructor(message, options) {
+        super(message);
+        this.name = this.constructor.name;
+        this.url = options?.url;
+        this.selector = options?.selector;
+    }
+}
+// ─── Concrete Error Classes ───────────────────────────────────────────────────
+export class ElementNotFoundError extends SafariPilotError {
+    code = ERROR_CODES.ELEMENT_NOT_FOUND;
+    retryable = true;
+    hints;
+    constructor(selector, url) {
+        super(`Element not found: ${selector}`, { url, selector });
+        this.hints = [
+            `Selector "${selector}" matched no elements on the page`,
+            'Check if the element is inside a shadow DOM or cross-origin iframe',
+            'Wait for page to fully load before querying',
+        ];
+    }
+}
+export class ElementNotVisibleError extends SafariPilotError {
+    code = ERROR_CODES.ELEMENT_NOT_VISIBLE;
+    retryable = true;
+    hints;
+    constructor(selector, url) {
+        super(`Element not visible: ${selector}`, { url, selector });
+        this.hints = [
+            `Element "${selector}" exists but is not visible`,
+            'Element may be hidden, off-screen, or have zero dimensions',
+            'Scroll element into view or wait for visibility',
+        ];
+    }
+}
+export class TimeoutError extends SafariPilotError {
+    code = ERROR_CODES.TIMEOUT;
+    retryable = true;
+    hints;
+    constructor(operation, timeoutMs) {
+        super(`Timeout after ${timeoutMs}ms waiting for: ${operation}`);
+        this.hints = [
+            `Operation "${operation}" exceeded ${timeoutMs}ms limit`,
+            'Consider increasing the timeout for slow pages',
+            'Check network conditions and page load state',
+        ];
+    }
+}
+export class TabNotFoundError extends SafariPilotError {
+    code = ERROR_CODES.TAB_NOT_FOUND;
+    retryable = false;
+    hints;
+    constructor(tabUrl) {
+        super(`Tab not found: ${tabUrl}`, { url: tabUrl });
+        this.hints = [
+            `No tab found matching URL: ${tabUrl}`,
+            'The tab may have been closed or navigated away',
+            'Use list_tabs to find current open tabs',
+        ];
+    }
+}
+export class TabNotOwnedError extends SafariPilotError {
+    code = ERROR_CODES.TAB_NOT_OWNED;
+    retryable = false;
+    hints;
+    constructor(tabId) {
+        super(`Tab not owned by agent: ${tabId}`);
+        this.hints = [
+            `Tab ${tabId} was not opened by this agent session`,
+            'Only tabs opened via open_tab can be controlled',
+            'Use open_tab to create a new controllable tab',
+        ];
+    }
+}
+export class DomainNotAllowedError extends SafariPilotError {
+    code = ERROR_CODES.DOMAIN_NOT_ALLOWED;
+    retryable = false;
+    hints;
+    constructor(domain) {
+        super(`Domain not in allowlist: ${domain}`);
+        this.hints = [
+            `Domain "${domain}" is not permitted by policy`,
+            'Contact your administrator to add this domain to the allowlist',
+            'Use list_allowed_domains to see permitted domains',
+        ];
+    }
+}
+export class RateLimitedError extends SafariPilotError {
+    code = ERROR_CODES.RATE_LIMITED;
+    retryable = true;
+    hints;
+    constructor(domain, maxPerMinute) {
+        super(`Rate limit exceeded for domain: ${domain} (max ${maxPerMinute}/min)`);
+        this.hints = [
+            `Domain "${domain}" has exceeded ${maxPerMinute} actions per minute`,
+            'Slow down request frequency to stay within rate limits',
+            'Wait at least 60 seconds before retrying',
+        ];
+    }
+}
+export class CspBlockedError extends SafariPilotError {
+    code = ERROR_CODES.CSP_BLOCKED;
+    retryable = false;
+    hints;
+    constructor(url) {
+        super(`Content Security Policy blocked script execution on: ${url}`, { url });
+        this.hints = [
+            `Page at "${url}" has a strict CSP that blocks injection`,
+            'Use the extension engine which has CSP bypass capability',
+            'Switch to a non-injected approach if extension is unavailable',
+        ];
+    }
+}
+export class ShadowDomClosedError extends SafariPilotError {
+    code = ERROR_CODES.SHADOW_DOM_CLOSED;
+    retryable = false;
+    hints;
+    constructor(selector) {
+        super(`Closed shadow DOM at selector: ${selector}`, { selector });
+        this.hints = [
+            `Element "${selector}" is inside a closed shadow root`,
+            'Closed shadow roots cannot be penetrated by standard scripts',
+            'The extension engine may be able to access closed shadow DOM',
+        ];
+    }
+}
+export class KillSwitchActiveError extends SafariPilotError {
+    code = ERROR_CODES.KILL_SWITCH_ACTIVE;
+    retryable = false;
+    hints;
+    constructor(reason) {
+        super(`Kill switch active: ${reason}`);
+        this.hints = [
+            `All automation is halted: ${reason}`,
+            'Human intervention is required to deactivate the kill switch',
+            'Contact your administrator for resolution',
+        ];
+    }
+}
+export class HumanApprovalRequiredError extends SafariPilotError {
+    code = ERROR_CODES.HUMAN_APPROVAL_REQUIRED;
+    retryable = true;
+    hints;
+    constructor(action, domain) {
+        super(`Human approval required for "${action}" on ${domain}`);
+        this.hints = [
+            `Action "${action}" on domain "${domain}" requires human sign-off`,
+            'Wait for user to approve this action before retrying',
+            'Use request_approval to initiate the approval flow',
+        ];
+    }
+}
+export class EngineRequiredError extends SafariPilotError {
+    code = ERROR_CODES.EXTENSION_REQUIRED;
+    retryable = false;
+    hints;
+    constructor(capability) {
+        super(`Extension engine required for capability: ${capability}`);
+        this.hints = [
+            `Capability "${capability}" is only available via the extension engine`,
+            'Install and activate the Safari Pilot browser extension',
+            'See docs for extension installation instructions',
+        ];
+    }
+}
+export class CircuitBreakerOpenError extends SafariPilotError {
+    code = ERROR_CODES.CIRCUIT_BREAKER_OPEN;
+    retryable = true;
+    hints;
+    constructor(domain, cooldownSeconds) {
+        super(`Circuit breaker open for domain: ${domain} (cooldown: ${cooldownSeconds}s)`);
+        this.hints = [
+            `Domain "${domain}" circuit breaker is open due to repeated failures`,
+            `Retry after ${cooldownSeconds} seconds cooldown`,
+            'Investigate the root cause before the circuit auto-closes',
+        ];
+    }
+}
+export class NavigationFailedError extends SafariPilotError {
+    code = ERROR_CODES.NAVIGATION_FAILED;
+    retryable = true;
+    hints;
+    constructor(url, reason) {
+        const detail = reason ? `: ${reason}` : '';
+        super(`Navigation failed to ${url}${detail}`, { url });
+        this.hints = [
+            `Failed to navigate to "${url}"${detail}`,
+            'Check that the URL is reachable and valid',
+            'Verify network connectivity and DNS resolution',
+        ];
+    }
+}
+export class InternalError extends SafariPilotError {
+    code = ERROR_CODES.INTERNAL_ERROR;
+    retryable = false;
+    hints;
+    constructor(message) {
+        super(`Internal error: ${message}`);
+        this.hints = [
+            'An unexpected internal error occurred',
+            'This is likely a bug — please report it',
+            'Include the full error message and stack trace in the report',
+        ];
+    }
+}
+// ─── formatToolError ──────────────────────────────────────────────────────────
+export function formatToolError(error, engine, elapsed_ms) {
+    return {
+        code: error.code,
+        message: error.message,
+        retryable: error.retryable,
+        hints: error.hints,
+        context: {
+            engine,
+            url: error.url ?? '',
+            ...(error.selector !== undefined ? { selector: error.selector } : {}),
+            elapsed_ms,
+        },
+        ...(error.cause ? { cause_chain: [String(error.cause)] } : {}),
+    };
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAEA,gFAAgF;AAEhF,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,iBAAiB,EAAE,mBAAmB;IACtC,mBAAmB,EAAE,qBAAqB;IAC1C,wBAAwB,EAAE,0BAA0B;IACpD,OAAO,EAAE,SAAS;IAClB,iBAAiB,EAAE,mBAAmB;IACtC,WAAW,EAAE,aAAa;IAC1B,iBAAiB,EAAE,mBAAmB;IACtC,kBAAkB,EAAE,oBAAoB;IACxC,kBAAkB,EAAE,oBAAoB;IACxC,cAAc,EAAE,gBAAgB;IAChC,iBAAiB,EAAE,mBAAmB;IACtC,aAAa,EAAE,eAAe;IAC9B,aAAa,EAAE,eAAe;IAC9B,kBAAkB,EAAE,oBAAoB;IACxC,YAAY,EAAE,cAAc;IAC5B,kBAAkB,EAAE,oBAAoB;IACxC,kBAAkB,EAAE,oBAAoB;IACxC,uBAAuB,EAAE,yBAAyB;IAClD,iBAAiB,EAAE,mBAAmB;IACtC,eAAe,EAAE,iBAAiB;IAClC,oBAAoB,EAAE,sBAAsB;IAC5C,cAAc,EAAE,gBAAgB;CACxB,CAAC;AAIX,iFAAiF;AAEjF,MAAM,OAAgB,gBAAiB,SAAQ,KAAK;IAIzC,GAAG,CAAU;IACb,QAAQ,CAAU;IAE3B,YAAY,OAAe,EAAE,OAA6C;QACxE,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;QAClC,IAAI,CAAC,GAAG,GAAG,OAAO,EAAE,GAAG,CAAC;QACxB,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;IACpC,CAAC;CACF;AAED,iFAAiF;AAEjF,MAAM,OAAO,oBAAqB,SAAQ,gBAAgB;IAC/C,IAAI,GAAG,WAAW,CAAC,iBAAiB,CAAC;IACrC,SAAS,GAAG,IAAI,CAAC;IACjB,KAAK,CAAW;IAEzB,YAAY,QAAgB,EAAE,GAAW;QACvC,KAAK,CAAC,sBAAsB,QAAQ,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC3D,IAAI,CAAC,KAAK,GAAG;YACX,aAAa,QAAQ,mCAAmC;YACxD,oEAAoE;YACpE,6CAA6C;SAC9C,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,gBAAgB;IACjD,IAAI,GAAG,WAAW,CAAC,mBAAmB,CAAC;IACvC,SAAS,GAAG,IAAI,CAAC;IACjB,KAAK,CAAW;IAEzB,YAAY,QAAgB,EAAE,GAAW;QACvC,KAAK,CAAC,wBAAwB,QAAQ,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,GAAG;YACX,YAAY,QAAQ,6BAA6B;YACjD,4DAA4D;YAC5D,iDAAiD;SAClD,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,YAAa,SAAQ,gBAAgB;IACvC,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC;IAC3B,SAAS,GAAG,IAAI,CAAC;IACjB,KAAK,CAAW;IAEzB,YAAY,SAAiB,EAAE,SAAiB;QAC9C,KAAK,CAAC,iBAAiB,SAAS,mBAAmB,SAAS,EAAE,CAAC,CAAC;QAChE,IAAI,CAAC,KAAK,GAAG;YACX,cAAc,SAAS,cAAc,SAAS,UAAU;YACxD,gDAAgD;YAChD,8CAA8C;SAC/C,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,gBAAiB,SAAQ,gBAAgB;IAC3C,IAAI,GAAG,WAAW,CAAC,aAAa,CAAC;IACjC,SAAS,GAAG,KAAK,CAAC;IAClB,KAAK,CAAW;IAEzB,YAAY,MAAc;QACxB,KAAK,CAAC,kBAAkB,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,KAAK,GAAG;YACX,8BAA8B,MAAM,EAAE;YACtC,gDAAgD;YAChD,yCAAyC;SAC1C,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,gBAAiB,SAAQ,gBAAgB;IAC3C,IAAI,GAAG,WAAW,CAAC,aAAa,CAAC;IACjC,SAAS,GAAG,KAAK,CAAC;IAClB,KAAK,CAAW;IAEzB,YAAY,KAAa;QACvB,KAAK,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG;YACX,OAAO,KAAK,uCAAuC;YACnD,iDAAiD;YACjD,+CAA+C;SAChD,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,qBAAsB,SAAQ,gBAAgB;IAChD,IAAI,GAAG,WAAW,CAAC,kBAAkB,CAAC;IACtC,SAAS,GAAG,KAAK,CAAC;IAClB,KAAK,CAAW;IAEzB,YAAY,MAAc;QACxB,KAAK,CAAC,4BAA4B,MAAM,EAAE,CAAC,CAAC;QAC5C,IAAI,CAAC,KAAK,GAAG;YACX,WAAW,MAAM,8BAA8B;YAC/C,gEAAgE;YAChE,mDAAmD;SACpD,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,gBAAiB,SAAQ,gBAAgB;IAC3C,IAAI,GAAG,WAAW,CAAC,YAAY,CAAC;IAChC,SAAS,GAAG,IAAI,CAAC;IACjB,KAAK,CAAW;IAEzB,YAAY,MAAc,EAAE,YAAoB;QAC9C,KAAK,CAAC,mCAAmC,MAAM,SAAS,YAAY,OAAO,CAAC,CAAC;QAC7E,IAAI,CAAC,KAAK,GAAG;YACX,WAAW,MAAM,kBAAkB,YAAY,qBAAqB;YACpE,wDAAwD;YACxD,0CAA0C;SAC3C,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,eAAgB,SAAQ,gBAAgB;IAC1C,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC;IAC/B,SAAS,GAAG,KAAK,CAAC;IAClB,KAAK,CAAW;IAEzB,YAAY,GAAW;QACrB,KAAK,CAAC,wDAAwD,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC9E,IAAI,CAAC,KAAK,GAAG;YACX,YAAY,GAAG,0CAA0C;YACzD,0DAA0D;YAC1D,+DAA+D;SAChE,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,gBAAgB;IAC/C,IAAI,GAAG,WAAW,CAAC,iBAAiB,CAAC;IACrC,SAAS,GAAG,KAAK,CAAC;IAClB,KAAK,CAAW;IAEzB,YAAY,QAAgB;QAC1B,KAAK,CAAC,kCAAkC,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClE,IAAI,CAAC,KAAK,GAAG;YACX,YAAY,QAAQ,kCAAkC;YACtD,8DAA8D;YAC9D,8DAA8D;SAC/D,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,qBAAsB,SAAQ,gBAAgB;IAChD,IAAI,GAAG,WAAW,CAAC,kBAAkB,CAAC;IACtC,SAAS,GAAG,KAAK,CAAC;IAClB,KAAK,CAAW;IAEzB,YAAY,MAAc;QACxB,KAAK,CAAC,uBAAuB,MAAM,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,GAAG;YACX,6BAA6B,MAAM,EAAE;YACrC,8DAA8D;YAC9D,2CAA2C;SAC5C,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,0BAA2B,SAAQ,gBAAgB;IACrD,IAAI,GAAG,WAAW,CAAC,uBAAuB,CAAC;IAC3C,SAAS,GAAG,IAAI,CAAC;IACjB,KAAK,CAAW;IAEzB,YAAY,MAAc,EAAE,MAAc;QACxC,KAAK,CAAC,gCAAgC,MAAM,QAAQ,MAAM,EAAE,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,GAAG;YACX,WAAW,MAAM,gBAAgB,MAAM,2BAA2B;YAClE,sDAAsD;YACtD,oDAAoD;SACrD,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,gBAAgB;IAC9C,IAAI,GAAG,WAAW,CAAC,kBAAkB,CAAC;IACtC,SAAS,GAAG,KAAK,CAAC;IAClB,KAAK,CAAW;IAEzB,YAAY,UAAkB;QAC5B,KAAK,CAAC,6CAA6C,UAAU,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,KAAK,GAAG;YACX,eAAe,UAAU,8CAA8C;YACvE,yDAAyD;YACzD,kDAAkD;SACnD,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,uBAAwB,SAAQ,gBAAgB;IAClD,IAAI,GAAG,WAAW,CAAC,oBAAoB,CAAC;IACxC,SAAS,GAAG,IAAI,CAAC;IACjB,KAAK,CAAW;IAEzB,YAAY,MAAc,EAAE,eAAuB;QACjD,KAAK,CAAC,oCAAoC,MAAM,eAAe,eAAe,IAAI,CAAC,CAAC;QACpF,IAAI,CAAC,KAAK,GAAG;YACX,WAAW,MAAM,oDAAoD;YACrE,eAAe,eAAe,mBAAmB;YACjD,2DAA2D;SAC5D,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,qBAAsB,SAAQ,gBAAgB;IAChD,IAAI,GAAG,WAAW,CAAC,iBAAiB,CAAC;IACrC,SAAS,GAAG,IAAI,CAAC;IACjB,KAAK,CAAW;IAEzB,YAAY,GAAW,EAAE,MAAe;QACtC,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3C,KAAK,CAAC,wBAAwB,GAAG,GAAG,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK,GAAG;YACX,0BAA0B,GAAG,IAAI,MAAM,EAAE;YACzC,2CAA2C;YAC3C,gDAAgD;SACjD,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,gBAAgB;IACxC,IAAI,GAAG,WAAW,CAAC,cAAc,CAAC;IAClC,SAAS,GAAG,KAAK,CAAC;IAClB,KAAK,CAAW;IAEzB,YAAY,OAAe;QACzB,KAAK,CAAC,mBAAmB,OAAO,EAAE,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,GAAG;YACX,uCAAuC;YACvC,yCAAyC;YACzC,8DAA8D;SAC/D,CAAC;IACJ,CAAC;CACF;AAED,iFAAiF;AAEjF,MAAM,UAAU,eAAe,CAC7B,KAAuB,EACvB,MAAc,EACd,UAAkB;IAElB,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,OAAO,EAAE;YACP,MAAM;YACN,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,EAAE;YACpB,GAAG,CAAC,KAAK,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,UAAU;SACX;QACD,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/D,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+import { createServer } from './server.js';
+async function main() {
+    const server = await createServer();
+    await server.start();
+}
+main().catch((error) => {
+    console.error('Safari Pilot failed to start:', error);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;IACpC,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;AACvB,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;IACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/security/audit-log.d.ts

@@ -0,0 +1,23 @@
+import type { AuditEntry } from '../types.js';
+interface AuditLogOptions {
+    /** Maximum number of entries to keep in memory (FIFO eviction). Default 10 000. */
+    maxEntries?: number;
+}
+export declare class AuditLog {
+    private entries;
+    private readonly maxEntries;
+    constructor(options?: AuditLogOptions);
+    /**
+     * Record a tool invocation. timestamp is auto-injected; all other fields
+     * must be provided by the caller.
+     */
+    record(entry: Omit<AuditEntry, 'timestamp'>): void;
+    /**
+     * Return entries, optionally limited to the most-recent `limit` entries.
+     */
+    getEntries(limit?: number): AuditEntry[];
+    getEntriesForSession(session: string): AuditEntry[];
+    clear(): void;
+    private redactParams;
+}
+export {};

package/dist/security/audit-log.js

@@ -0,0 +1,68 @@
+// Tools that pass a cleartext value that should always be redacted.
+const REDACT_VALUE_TOOLS = new Set([
+    'safari_fill',
+    'safari_set_cookie',
+    'safari_clipboard_write',
+]);
+// Tools whose script payloads are truncated (they can be megabytes long).
+const TRUNCATE_SCRIPT_TOOLS = new Set([
+    'safari_evaluate',
+]);
+const SCRIPT_MAX_LEN = 200;
+export class AuditLog {
+    entries = [];
+    maxEntries;
+    constructor(options = {}) {
+        this.maxEntries = options.maxEntries ?? 10_000;
+    }
+    // ── Write ───────────────────────────────────────────────────────────────────
+    /**
+     * Record a tool invocation. timestamp is auto-injected; all other fields
+     * must be provided by the caller.
+     */
+    record(entry) {
+        const redactedParams = this.redactParams(entry.tool, { ...entry.params });
+        const fullEntry = {
+            ...entry,
+            params: redactedParams,
+            timestamp: new Date().toISOString(),
+        };
+        this.entries.push(fullEntry);
+        // Evict oldest entries if over the cap
+        if (this.entries.length > this.maxEntries) {
+            this.entries = this.entries.slice(-this.maxEntries);
+        }
+    }
+    // ── Read ────────────────────────────────────────────────────────────────────
+    /**
+     * Return entries, optionally limited to the most-recent `limit` entries.
+     */
+    getEntries(limit) {
+        if (limit !== undefined && limit > 0) {
+            return this.entries.slice(-limit);
+        }
+        return [...this.entries];
+    }
+    getEntriesForSession(session) {
+        return this.entries.filter((e) => e.session === session);
+    }
+    clear() {
+        this.entries = [];
+    }
+    // ── Redaction ───────────────────────────────────────────────────────────────
+    redactParams(tool, params) {
+        // Redact cleartext value fields (passwords, cookie values, clipboard)
+        if (REDACT_VALUE_TOOLS.has(tool) && 'value' in params) {
+            params['value'] = '[REDACTED]';
+        }
+        // Truncate long script payloads to keep log files manageable
+        if (TRUNCATE_SCRIPT_TOOLS.has(tool) && typeof params['script'] === 'string') {
+            const script = params['script'];
+            if (script.length > SCRIPT_MAX_LEN) {
+                params['script'] = script.slice(0, SCRIPT_MAX_LEN) + '...';
+            }
+        }
+        return params;
+    }
+}
+//# sourceMappingURL=audit-log.js.map

package/dist/security/audit-log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-log.js","sourceRoot":"","sources":["../../src/security/audit-log.ts"],"names":[],"mappings":"AAaA,oEAAoE;AACpE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,aAAa;IACb,mBAAmB;IACnB,wBAAwB;CACzB,CAAC,CAAC;AAEH,0EAA0E;AAC1E,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,iBAAiB;CAClB,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,GAAG,CAAC;AAE3B,MAAM,OAAO,QAAQ;IACX,OAAO,GAAiB,EAAE,CAAC;IAClB,UAAU,CAAS;IAEpC,YAAY,UAA2B,EAAE;QACvC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,MAAM,CAAC;IACjD,CAAC;IAED,+EAA+E;IAE/E;;;OAGG;IACH,MAAM,CAAC,KAAoC;QACzC,MAAM,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAE1E,MAAM,SAAS,GAAe;YAC5B,GAAG,KAAK;YACR,MAAM,EAAE,cAAc;YACtB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE7B,uCAAuC;QACvC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,+EAA+E;IAE/E;;OAEG;IACH,UAAU,CAAC,KAAc;QACvB,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED,oBAAoB,CAAC,OAAe;QAClC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK;QACH,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;IACpB,CAAC;IAED,+EAA+E;IAEvE,YAAY,CAClB,IAAY,EACZ,MAA+B;QAE/B,sEAAsE;QACtE,IAAI,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;YACtD,MAAM,CAAC,OAAO,CAAC,GAAG,YAAY,CAAC;QACjC,CAAC;QAED,6DAA6D;QAC7D,IAAI,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC5E,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAW,CAAC;YAC1C,IAAI,MAAM,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;gBACnC,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,GAAG,KAAK,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/dist/security/circuit-breaker.d.ts

@@ -0,0 +1,29 @@
+export type CircuitState = 'closed' | 'open' | 'half-open';
+export declare class CircuitBreaker {
+    private states;
+    /**
+     * Record a successful call. Resets the failure counter and closes the circuit.
+     */
+    recordSuccess(domain: string): void;
+    /**
+     * Record a failed call. May open the circuit if the threshold is reached.
+     */
+    recordFailure(domain: string): void;
+    /**
+     * Returns true when the circuit is open (calls should be rejected).
+     * Half-open circuits return false — a probe is permitted.
+     */
+    isOpen(domain: string): boolean;
+    /**
+     * Compute the current circuit state for a domain.
+     */
+    getState(domain: string): CircuitState;
+    /**
+     * Assert the circuit is not open before executing a call.
+     * Call this at the entry point of any guarded operation.
+     * Throws CircuitBreakerOpenError when the circuit is open.
+     * In half-open state, marks the probe as issued and allows one call through.
+     */
+    assertClosed(domain: string): void;
+    private getState_;
+}