wb-browser-runtime 0.11.0 → 0.13.0

package/lib/providers/local.js

@@ -0,0 +1,120 @@
+// Local provider — drives a host-installed Playwright Chromium directly
+// instead of going to a cloud vendor. Use for dev iteration without
+// Browserbase / browser-use cost or latency. Selected via
+// WB_BROWSER_VENDOR=local.
+//
+// Differences from cloud providers:
+//   1. allocate() launches a real Chromium via `playwright-core`'s
+//      chromium.launch() and returns a pre-built Browser handle in
+//      `_browser`. The entry point checks for it and skips the
+//      connectOverCDP step that cloud providers require.
+//   2. getLiveUrl() returns null — there's no public live-inspector URL
+//      for a locally-launched browser. The Rust side just renders the
+//      "session started" line without a clickable URL.
+//   3. release() is a no-op. The shutdown path already does
+//      `info.browser.close()` on every cached session, which terminates
+//      the local Chromium process.
+//   4. Profile binding is not supported (logged + ignored). For persistent
+//      auth across runs use a vendor with profile support, or pin
+//      WB_BROWSER_LOCAL_EXECUTABLE_PATH at a Chrome instance with a
+//      pre-warmed user-data-dir (advanced; not the supported path).
+//
+// Resume-after-pause: not supported. The Browser is process-local memory
+// and dies with the sidecar; on resume the sidecar re-allocates a fresh
+// session. This matches the dev-iteration use case (you're running the
+// runbook end-to-end, not pausing on a real wait fence).
+
+import { chromium } from "playwright-core";
+import { log } from "../io.js";
+
+// Truthiness for env knobs that default to ON. "0" / "false" / "no" / "off"
+// disables; anything else enables. Mirrors the convention used elsewhere.
+function isOff(v) {
+  if (v === undefined || v === null) return false;
+  const s = String(v).trim().toLowerCase();
+  return s === "0" || s === "false" || s === "no" || s === "off";
+}
+
+export function createLocalProvider() {
+  return {
+    name: "local",
+
+    async allocate({ profile, sessionName: _sessionName } = {}) {
+      if (profile) {
+        log(
+          `[local] profile="${profile}" ignored — local vendor has no profile binding. ` +
+            `Use a cloud vendor or persist auth via WB_BROWSER_LOCAL_EXECUTABLE_PATH on a pre-warmed Chrome.`,
+        );
+      }
+
+      // Headless ON by default; flip with WB_BROWSER_LOCAL_HEADLESS=0 for
+      // visible-window dev. Operators debugging a brittle workbook can flip
+      // to headed without touching the runbook.
+      const headless = !isOff(process.env.WB_BROWSER_LOCAL_HEADLESS);
+
+      // executablePath: explicit override for system Chrome / Chromium.
+      // channel: "chrome" / "msedge" / "chrome-beta" — Playwright's named
+      // channels for OS-installed browsers (no separate download). At most
+      // one of executablePath / channel should be set; if both arrive,
+      // executablePath wins (Playwright honors it).
+      const executablePath =
+        process.env.WB_BROWSER_LOCAL_EXECUTABLE_PATH || undefined;
+      const channel = process.env.WB_BROWSER_LOCAL_CHANNEL || undefined;
+
+      log(
+        `[local] launching chromium headless=${headless}` +
+          ` executablePath=${executablePath ?? "<bundled>"}` +
+          ` channel=${channel ?? "<none>"}`,
+      );
+
+      let browser;
+      try {
+        browser = await chromium.launch({
+          headless,
+          executablePath,
+          channel,
+        });
+      } catch (e) {
+        // Most common cause: Playwright's chromium binary not installed.
+        // playwright-core ships the API but no browser; the user runs
+        // `npx playwright install chromium` once to fetch it. Surface the
+        // hint inline so this isn't a guessing game on first run.
+        const err = new Error(
+          `local browser launch failed: ${e.message}\n` +
+            `Hint: install Chromium with \`npx playwright install chromium\`, ` +
+            `or set WB_BROWSER_LOCAL_EXECUTABLE_PATH / WB_BROWSER_LOCAL_CHANNEL to use a system browser.`,
+        );
+        err.code = "SESSION_ALLOCATE_FAILED";
+        throw err;
+      }
+
+      // sid is for telemetry only — there's no remote session to release.
+      // Format: `local-<ms>-<rand>` so it's distinguishable from vendor sids
+      // in callback streams and logs.
+      const sid = `local-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+
+      return {
+        sid,
+        // No CDP URL — the entry point sees `_browser` and skips the
+        // connectOverCDP path that cloud providers go through.
+        cdpUrl: null,
+        // Stashed so getLiveUrl() is a sync property read like browser-use.
+        _liveUrl: null,
+        _browser: browser,
+      };
+    },
+
+    async getLiveUrl(_allocated) {
+      // No public inspector URL for local Chromium. Returning null tells
+      // the Rust side to render the "session started" line without a link.
+      return null;
+    },
+
+    async release(_sid) {
+      // Browser teardown happens in the entry-point shutdown loop via
+      // `info.browser.close()`, which kills the local Chromium process.
+      // Cloud providers need a separate vendor REST call here; local
+      // doesn't.
+    },
+  };
+}

package/lib/stub-page.js

@@ -73,6 +73,22 @@ export function createStubPage(opts = {}) {
       record({ verb: "evaluate", script });
       return evalResult;
     },
+    async waitForLoadState(state, options) {
+      record({ verb: "waitForLoadState", state, options });
+    },
+    getByText(text, options) {
+      record({ verb: "getByText", text, options });
+      const locator = {
+        first() {
+          return {
+            async click(opts) {
+              record({ verb: "getByText.first.click", text, options: opts });
+            },
+          };
+        },
+      };
+      return locator;
+    },
   };
 }
 

package/lib/util.js

@@ -1,5 +1,6 @@
 import path from "node:path";
 import { randomUUID } from "node:crypto";
+import { existsSync } from "node:fs";
 
 // Resolve `candidate` inside `dir`, rejecting traversal and absolute paths.
 // Returns null when the resolved path escapes `dir` (or is `dir` itself).
@@ -14,6 +15,63 @@ export function resolveInside(dir, candidate) {
   return resolved;
 }
 
+// Collision-safe path inside `dir`. Returns the first path of the form
+// `<base><ext>`, `<base>-2<ext>`, `<base>-3<ext>`, ... that doesn't already
+// exist on disk. Playwright's `download.saveAs(path)` blindly overwrites,
+// so this is the only thing standing between two same-named downloads
+// (e.g. two `report.pdf` saves in one session) silently clobbering each
+// other. Returns null if `name` would resolve outside `dir`.
+//
+// The check is racy (two concurrent downloads with the same suggestedName
+// can both observe the same free slot before either writes) — acceptable
+// here because downloads in a single session serialize through the same
+// page in practice, and a stray collision would just produce one
+// overwritten file rather than corrupting state.
+export function uniquePathInside(dir, name) {
+  const safe = sanitizeArtifactName(name);
+  const first = resolveInside(dir, safe);
+  if (!first) return null;
+  if (!existsSync(first)) return first;
+  const ext = path.extname(safe);
+  const base = ext ? safe.slice(0, -ext.length) : safe;
+  for (let n = 2; n < 1000; n++) {
+    const candidate = resolveInside(dir, `${base}-${n}${ext}`);
+    if (!candidate) return null;
+    if (!existsSync(candidate)) return candidate;
+  }
+  // Fallback: append a random suffix. 1000 collisions on the same name in
+  // one session is unrealistic, but we'd rather degrade than throw.
+  const rand = randomUUID().slice(0, 8);
+  return resolveInside(dir, `${base}-${rand}${ext}`);
+}
+
+// Parse a comma-separated extension allowlist from raw env (e.g.
+// "pdf, xlsx,CSV"). Returns a Set of lowercase extensions without leading
+// dots, or null when the input is empty/unset (callers treat null as "no
+// filter — capture everything").
+export function parseExtensionAllowlist(raw) {
+  if (raw == null) return null;
+  const s = String(raw).trim();
+  if (!s) return null;
+  const parts = s
+    .split(",")
+    .map((x) => x.trim().toLowerCase().replace(/^\./, ""))
+    .filter(Boolean);
+  if (parts.length === 0) return null;
+  return new Set(parts);
+}
+
+// Match a filename against an extension allowlist. `null` allowlist means
+// no filter (anything passes). Files with no extension never pass a
+// non-null allowlist — the caller wanted a specific set, an unknown blob
+// isn't it.
+export function extensionAllowed(filename, allowlist) {
+  if (!allowlist) return true;
+  const ext = path.extname(String(filename || "")).toLowerCase().replace(/^\./, "");
+  if (!ext) return false;
+  return allowlist.has(ext);
+}
+
 export function sanitizeArtifactName(s) {
   // Keep author-chosen names readable but safe as filenames. Drop anything
   // that could escape the artifacts dir (slashes, NULs, etc.).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wb-browser-runtime",
-  "version": "0.11.0",
+  "version": "0.13.0",
   "description": "Browser sidecar runtime for wb — Playwright over CDP (Browserbase, browser-use) via the wb-sidecar/1 line-framed JSON protocol.",
   "bin": {
     "wb-browser-runtime": "bin/wb-browser-runtime.js"

package/verbs/click.js

@@ -2,7 +2,29 @@ export default {
   name: "click",
   primaryKey: "selector",
   async execute(page, args) {
-    await page.click(args.selector, { timeout: args.timeout ?? 10_000 });
-    return `${args.selector}`;
+    const timeout = args.timeout ?? 10_000;
+    try {
+      await page.click(args.selector, { timeout });
+      return `${args.selector}`;
+    } catch (err) {
+      // Text-fallback: when the selector times out (typically a brittle
+      // class/id rename), retry against visible text. We DELIBERATELY
+      // re-throw the ORIGINAL error if the fallback also fails — the
+      // selector failure is the actionable signal for error classification
+      // upstream; the fallback's failure would obscure it.
+      const isTimeout = err && err.name === "TimeoutError";
+      if (isTimeout && args.text_fallback) {
+        try {
+          await page
+            .getByText(args.text_fallback, { exact: false })
+            .first()
+            .click({ timeout });
+          return `${args.selector} (via text="${args.text_fallback}")`;
+        } catch {
+          throw err;
+        }
+      }
+      throw err;
+    }
   },
 };

package/verbs/download.js

@@ -0,0 +1,410 @@
+// download — explicit "click and capture" verb.
+//
+// The passive listener in lib/download-capture.js already saves any file the
+// browser downloads, but it has no say over the filename and announces a
+// `slice.artifact_saved` frame asynchronously after `saveAs` resolves. Some
+// runbooks want stronger guarantees:
+//   - "the file lands at exactly $WB_ARTIFACTS_DIR/<path>"
+//   - "if it doesn't appear within ~10s, fail the slice with diagnostics"
+//   - works for SPAs that build the file in-page via fetch/XHR + Blob and
+//     don't always trip Playwright's `download` event reliably
+//
+// This verb installs capture hooks BEFORE clicking, races
+// `page.waitForEvent("download")` against an in-page blob/anchor capture
+// hook, and either saves the bytes itself (blob path) or hands the
+// Playwright Download to `saveAs` (download path). Whichever path wins,
+// the verb sets HANDLED_MARK on the Download (when applicable) so the
+// passive listener doesn't double-save.
+
+import path from "node:path";
+import { Buffer } from "node:buffer";
+import { promises as fsPromises } from "node:fs";
+import { send } from "../lib/io.js";
+import {
+  uniquePathInside,
+  parseExtensionAllowlist,
+  extensionAllowed,
+} from "../lib/util.js";
+import { HANDLED_MARK } from "../lib/download-capture.js";
+
+const DEFAULT_TIMEOUT_MS = 10_000;
+const POLL_INTERVAL_MS = 50;
+const FALLBACK_NAME = "download.bin";
+
+// Page-side hook that traps blob/data-URL anchor clicks the SPA performs
+// programmatically — `URL.createObjectURL(blob)` + `<a download>` + `.click()`.
+// Playwright's own `download` event normally catches these, but a handful
+// of SPAs trigger downloads via `window.open(blobUrl)` or
+// `window.location = blobUrl` which slip past. The hook re-fetches the blob
+// in-page, base64-encodes the bytes, and stashes them on
+// `window.__wbDownload` for the Node side to poll.
+//
+// Idempotent: re-installing on each verb invocation is a no-op after the
+// first. We never uninstall — leaves the page in a slightly altered state
+// but the wrapped click is functionally equivalent to the original.
+const PAGE_HOOK = `(() => {
+  if (window.__wbDownloadInstalled) return;
+  window.__wbDownloadInstalled = true;
+  window.__wbDownload = null;
+
+  const captureBlob = async (target, filename, mime) => {
+    try {
+      let blob;
+      if (typeof target === "string") {
+        const resp = await fetch(target);
+        blob = await resp.blob();
+      } else {
+        blob = target;
+      }
+      const buf = await blob.arrayBuffer();
+      const bin = new Uint8Array(buf);
+      let s = "";
+      for (let i = 0; i < bin.length; i++) s += String.fromCharCode(bin[i]);
+      window.__wbDownload = {
+        filename: filename || "download.bin",
+        bytes: btoa(s),
+        mimeType: mime || blob.type || "application/octet-stream",
+      };
+    } catch (e) {
+      window.__wbDownload = { error: String((e && e.message) || e) };
+    }
+  };
+
+  const origClick = HTMLAnchorElement.prototype.click;
+  HTMLAnchorElement.prototype.click = function () {
+    try {
+      const href = this.getAttribute("href") || this.href || "";
+      const hasDownload = this.hasAttribute("download");
+      if (hasDownload && (href.startsWith("blob:") || href.startsWith("data:"))) {
+        const fname = this.getAttribute("download") || this.download || "";
+        captureBlob(href, fname);
+      }
+    } catch {}
+    return origClick.apply(this, arguments);
+  };
+})()`;
+
+// Read-and-clear of `window.__wbDownload`. Returning the value AND nulling
+// it lets the page hook capture multiple downloads across separate verb
+// calls without leaking state from a prior call into the next poll.
+const POLL_SCRIPT = `(() => {
+  const v = window.__wbDownload;
+  window.__wbDownload = null;
+  return v;
+})()`;
+
+export default {
+  name: "download",
+  primaryKey: "selector",
+  async execute(page, args, ctx) {
+    const artifactsDir = (process.env.WB_ARTIFACTS_DIR || "").trim();
+    if (!artifactsDir) {
+      throw new Error(
+        "download: $WB_ARTIFACTS_DIR is not set — run this workbook via `wb run` (wb exports the dir for you)",
+      );
+    }
+    if (!args.selector) {
+      throw new Error("download: `selector` is required");
+    }
+    const timeout = args.timeout ?? DEFAULT_TIMEOUT_MS;
+    const explicitPath =
+      typeof args.path === "string" && args.path.trim()
+        ? args.path.trim()
+        : null;
+    const allowlist = parseExtensionAllowlist(
+      process.env.WB_BROWSER_DOWNLOAD_EXTENSIONS,
+    );
+
+    // 1) Inject the page-side blob/anchor capture hook BEFORE the click so a
+    //    synchronously-dispatched anchor.click() inside the SPA's handler is
+    //    observed. Best-effort: a frame mid-navigation can reject evaluate;
+    //    the Playwright `download` event still works and is the primary
+    //    signal anyway.
+    try {
+      await page.evaluate(PAGE_HOOK);
+    } catch {}
+
+    // 2) Claim ownership of the next download synchronously — prepended to
+    //    BrowserContext listeners so it runs before lib/download-capture.js's
+    //    passive listener has a chance to start its async capture chain. The
+    //    HANDLED_MARK tells the passive listener to bail.
+    const claim = (download) => {
+      try {
+        download[HANDLED_MARK] = true;
+      } catch {}
+    };
+    const browserContext = safeContext(page);
+    let attached = false;
+    if (browserContext) {
+      if (typeof browserContext.prependListener === "function") {
+        browserContext.prependListener("download", claim);
+        attached = true;
+      } else if (typeof browserContext.on === "function") {
+        // Fallback: append. Race window is tiny (passive listener checks
+        // HANDLED_MARK before its first await), but ordering isn't
+        // guaranteed without prependListener.
+        browserContext.on("download", claim);
+        attached = true;
+      }
+    }
+
+    try {
+      // 3) Race the two capture sources against the click. The download event
+      //    AND the click run concurrently — Playwright's standard pattern,
+      //    since the click can resolve before or after the download fires.
+      const downloadPromise = page
+        .waitForEvent("download", { timeout })
+        .then((d) => ({ kind: "playwright", download: d }))
+        .catch((e) => ({ kind: "playwright_failed", error: e }));
+
+      const blobPromise = pollForBlob(page, timeout);
+
+      let clickError = null;
+      const clickPromise = (async () => {
+        try {
+          await page.click(args.selector, { timeout });
+        } catch (err) {
+          const isTimeout = err && err.name === "TimeoutError";
+          if (isTimeout && args.text_fallback) {
+            try {
+              await page
+                .getByText(args.text_fallback, { exact: false })
+                .first()
+                .click({ timeout });
+              return;
+            } catch {
+              clickError = err;
+              return;
+            }
+          }
+          clickError = err;
+        }
+      })();
+
+      const winner = await raceCaptures(downloadPromise, blobPromise);
+      // Wait for the click to settle so we surface its error (if any) over
+      // a generic "no file captured" — a click that never landed is the
+      // more actionable failure.
+      await clickPromise;
+      if (clickError) throw clickError;
+
+      if (winner.success && winner.kind === "playwright") {
+        return await savePlaywrightDownload({
+          download: winner.download,
+          artifactsDir,
+          allowlist,
+          explicitPath,
+          page,
+          ctx,
+        });
+      }
+      if (winner.success && winner.kind === "blob") {
+        return await saveBlobDownload({
+          blob: winner.blob,
+          artifactsDir,
+          allowlist,
+          explicitPath,
+          page,
+          ctx,
+        });
+      }
+
+      // No capture won — emit structured failure diagnostics.
+      const reasons = winner.failures
+        .map((f) => {
+          if (f.kind === "playwright_failed") {
+            return `playwright download: ${f.error?.message || f.error}`;
+          }
+          if (f.kind === "blob_failed") return `blob hook: ${f.error}`;
+          if (f.kind === "blob_timeout") return `blob hook: no capture within ${timeout}ms`;
+          return f.kind;
+        })
+        .join("; ");
+      send({
+        type: "slice.download_failed",
+        verb: "download",
+        verb_index: ctx?.index ?? null,
+        selector: args.selector,
+        timeout_ms: timeout,
+        page_url: safePageUrl(page),
+        reason: reasons,
+      });
+      throw new Error(
+        `download: no file captured within ${timeout}ms after clicking ${args.selector} (page=${safePageUrl(page) || "?"}). ${reasons}`,
+      );
+    } finally {
+      if (attached && browserContext && typeof browserContext.off === "function") {
+        try {
+          browserContext.off("download", claim);
+        } catch {}
+      }
+    }
+  },
+};
+
+async function savePlaywrightDownload({
+  download,
+  artifactsDir,
+  allowlist,
+  explicitPath,
+  page,
+  ctx,
+}) {
+  const suggested = explicitPath || safeSuggestedFilename(download);
+  const sourceUrl = safeUrl(download);
+  if (!extensionAllowed(suggested, allowlist)) {
+    try {
+      await download.cancel();
+    } catch {}
+    throw new Error(
+      `download: file "${suggested}" rejected by WB_BROWSER_DOWNLOAD_EXTENSIONS`,
+    );
+  }
+  const target = uniquePathInside(artifactsDir, suggested);
+  if (!target) {
+    throw new Error(
+      `download: refusing to save "${suggested}" — resolves outside $WB_ARTIFACTS_DIR`,
+    );
+  }
+  await fsPromises.mkdir(artifactsDir, { recursive: true });
+  await download.saveAs(target);
+  let bytes = null;
+  try {
+    bytes = (await fsPromises.stat(target)).size;
+  } catch {}
+  send({
+    type: "slice.artifact_saved",
+    filename: path.basename(target),
+    path: target,
+    bytes,
+    source: "download",
+    provenance: {
+      url: sourceUrl,
+      suggested_filename: suggested,
+      page_url: safePageUrl(page),
+      verb_index: ctx?.index ?? null,
+      verb_name: "download",
+      ts: Date.now(),
+    },
+  });
+  return `→ ${path.basename(target)}`;
+}
+
+async function saveBlobDownload({
+  blob,
+  artifactsDir,
+  allowlist,
+  explicitPath,
+  page,
+  ctx,
+}) {
+  const suggested = explicitPath || blob.filename || FALLBACK_NAME;
+  if (!extensionAllowed(suggested, allowlist)) {
+    throw new Error(
+      `download: file "${suggested}" rejected by WB_BROWSER_DOWNLOAD_EXTENSIONS`,
+    );
+  }
+  const target = uniquePathInside(artifactsDir, suggested);
+  if (!target) {
+    throw new Error(
+      `download: refusing to save "${suggested}" — resolves outside $WB_ARTIFACTS_DIR`,
+    );
+  }
+  const buf = Buffer.from(blob.bytes, "base64");
+  await fsPromises.mkdir(artifactsDir, { recursive: true });
+  await fsPromises.writeFile(target, buf);
+  send({
+    type: "slice.artifact_saved",
+    filename: path.basename(target),
+    path: target,
+    bytes: buf.length,
+    source: "download",
+    provenance: {
+      url: null,
+      suggested_filename: suggested,
+      page_url: safePageUrl(page),
+      verb_index: ctx?.index ?? null,
+      verb_name: "download",
+      mime_type: blob.mimeType || null,
+      capture: "blob",
+      ts: Date.now(),
+    },
+  });
+  return `→ ${path.basename(target)}`;
+}
+
+// Race two capture promises. First to report success wins. Both must report
+// before we declare failure, so the diagnostics frame can list every reason
+// the verb didn't see a file. (Promise.race would shortcut on a fast failure
+// and discard the slower success.)
+function raceCaptures(downloadPromise, blobPromise) {
+  return new Promise((resolve) => {
+    let outstanding = 2;
+    const failures = [];
+    const finish = (settled) => {
+      if (settled.success) {
+        resolve(settled);
+        return;
+      }
+      failures.push(settled);
+      if (--outstanding === 0) resolve({ success: false, failures });
+    };
+    downloadPromise.then((r) => {
+      if (r.kind === "playwright") finish({ success: true, ...r });
+      else finish({ success: false, ...r });
+    });
+    blobPromise.then((r) => {
+      if (r.kind === "blob") finish({ success: true, ...r });
+      else finish({ success: false, ...r });
+    });
+  });
+}
+
+async function pollForBlob(page, timeoutMs) {
+  const deadline = Date.now() + timeoutMs;
+  while (true) {
+    let result;
+    try {
+      result = await page.evaluate(POLL_SCRIPT);
+    } catch {
+      result = null;
+    }
+    if (result && result.bytes) return { kind: "blob", blob: result };
+    if (result && result.error) return { kind: "blob_failed", error: result.error };
+    if (Date.now() >= deadline) return { kind: "blob_timeout" };
+    await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
+  }
+}
+
+function safePageUrl(page) {
+  try {
+    return page.url();
+  } catch {
+    return null;
+  }
+}
+
+function safeContext(page) {
+  try {
+    return page.context();
+  } catch {
+    return null;
+  }
+}
+
+function safeSuggestedFilename(download) {
+  try {
+    const s = download.suggestedFilename();
+    return s && s.trim() ? s : FALLBACK_NAME;
+  } catch {
+    return FALLBACK_NAME;
+  }
+}
+
+function safeUrl(download) {
+  try {
+    return download.url();
+  } catch {
+    return null;
+  }
+}

package/verbs/index.js

@@ -13,6 +13,7 @@ import fillVerb from "./fill.js";
 import clickVerb from "./click.js";
 import pressVerb from "./press.js";
 import waitForVerb from "./wait_for.js";
+import waitForNetworkIdleVerb from "./wait_for_network_idle.js";
 import screenshotVerb from "./screenshot.js";
 import extractVerb from "./extract.js";
 import assertVerb from "./assert.js";
@@ -21,6 +22,7 @@ import saveVerb from "./save.js";
 import pauseForHumanVerb from "./pause_for_human.js";
 import waitForDropVerb from "./wait_for_drop.js";
 import announceArtifactVerb from "./announce_artifact.js";
+import downloadVerb from "./download.js";
 
 const VERBS = [
   gotoVerb,
@@ -28,6 +30,7 @@ const VERBS = [
   clickVerb,
   pressVerb,
   waitForVerb,
+  waitForNetworkIdleVerb,
   screenshotVerb,
   extractVerb,
   assertVerb,
@@ -36,6 +39,7 @@ const VERBS = [
   pauseForHumanVerb,
   waitForDropVerb,
   announceArtifactVerb,
+  downloadVerb,
 ];
 
 export const VERB_REGISTRY = Object.fromEntries(VERBS.map((v) => [v.name, v]));