Skip to content

sync#1

Open
aditya-silna wants to merge 34 commits into
aditya-silna:mainfrom
SawyerHood:main
Open

sync#1
aditya-silna wants to merge 34 commits into
aditya-silna:mainfrom
SawyerHood:main

Conversation

@aditya-silna

Copy link
Copy Markdown
Owner

No description provided.

SawyerHood and others added 30 commits March 19, 2026 13:21
* docs: note Windows is not currently supported

* chore: align marketplace version with package.json

* docs: rewrite CHANGELOG with 0.2.0 as initial CLI release

* docs: remove zero startup cost from README features

* feat: add install-skill interactive command

* chore: add rustfmt and prettier with CI checks

* docs: simplify changelog

* docs: add _snapshotForAI to help output

* docs: expand LLM usage guide in help output

* feat: add --timeout flag for script execution

* feat: add snapshot helper for LLM-friendly page inspection

* docs: document snapshotForAI, remove custom snapshot helper

* docs: add approach guidance to LLM help

* release: v0.2.1
* fix: gracefully close all connections on daemon stop

* refactor: extract help text to static file

* fix: install command properly extracts daemon and installs deps

* fix: improve postinstall binary download reliability
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(cli): add Windows IPC and daemon lifecycle support

* feat(release): add Windows x64 packaging and CI

* docs: document Windows installation and verification

* fix(windows): align pipe naming and shutdown detection
* chore: dead code cleanup and update CLAUDE.md

* fix: restore BrowserEntry export
* feat: add --ignore-https-errors flag for self-signed certs

* Preserve HTTPS settings on browser relaunch
* release: v0.2.4

* test: accept interrupted sandbox timeout on Windows
SawyerHood and others added 4 commits June 5, 2026 09:30
* fix: surface guest error messages dropped by headerless QuickJS stacks

QuickJS Error.stack contains only frame lines (no "Name: message"
header, unlike V8), so formatError's stack-first formatting dropped the
thrown message entirely from stderr. Compose the header in formatError
(extracted to format-error.ts), after #toError has applied its prefix,
and skip it when the stack already carries one. Also add Buffer.isBuffer
to the QuickJS Buffer polyfill.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat: add page.cua pixel/vision toolset

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* feat: add page.domCua DOM-id toolset

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: document cua and domCua toolsets

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix: address review findings on cua/domCua toolsets

- start the public id counter at a random high base whenever no inherited
  counter exists, so cross-origin navigations (empty sessionStorage) never
  reuse pre-navigation node ids
- key the sticky id map by a per-document token minted in the walker, so a
  navigated child frame gets fresh ids instead of recycling old ones
- track successfully-pressed modifier keys and release them in a finally
  covering the down loop, so an invalid key never leaves modifiers held on
  the persistent page
- pin clip screenshot semantics as viewport-relative by scrolling first

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* style: format dom-cua files with prettier

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix: accept numeric-string nodeId in domCua actions

Agents regex node ids out of the snapshot text, so they arrive as
strings; coerce digit-only strings instead of erroring.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix: downscale screenshots to css pixels when scale:css is ignored

Playwright ignores scale:'css' on viewport:null pages (headed and
connected Chrome), returning device-pixel images that break the 1:1
cua coordinate contract on Retina displays. Detect the mismatch by
parsing the JPEG dimensions and rescale in-page via OffscreenCanvas.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…, Chrome 147 CDP attach (#115)

* fix: cap daemon socket request frames at 10 MiB

The per-connection reader buffered incoming bytes with no bound until a
newline arrived, so a local client could OOM the daemon by streaming
data without a line terminator. Reject oversized frames with an error
response and drop the connection before any JSON parsing.

Fixes #112

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix: serialize browser-stop with the per-browser lock

execute requests hold withBrowserLock for the browser they target, but
browser-stop tore the browser down directly, so a second client could
kill a browser while another client's script was mid-flight. Acquire
the same keyed lock before stopping.

Fixes #111

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix: prevent duplicate daemons on concurrent cold start

Two CLI invocations racing on a cold start could both probe the socket,
find no daemon, and both spawn one. The second daemon then unlinked the
first daemon's live socket path (unlinking a bound Unix socket does not
stop the server), splitting clients between two daemons and orphaning
the first.

- CLI: hold an exclusive file lock around the probe-and-spawn section so
  concurrent invocations serialize; the loser re-probes and reuses the
  winner's daemon.
- Daemon: before unlinking an existing socket path, probe it and exit if
  a live daemon answers; only claim the pid file after binding succeeds.
- Daemon: only unlink the socket/pid files on shutdown if this process
  owns them, so a losing daemon cannot delete the winner's endpoint.

Fixes #110

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix: default PW_CHROMIUM_ATTACH_TO_OTHER=1 for Chrome 147 CDP attach

Chrome 147's built-in remote debugging does not emit
Target.attachedToTarget for some target types, which hangs Playwright's
connectOverCDP auto-attach walk indefinitely. Default the documented
Playwright escape hatch in the daemon process (where the Playwright
server runs) while respecting an explicit user override.

Fixes #103

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix: address review findings in daemon hardening

Follow-up to the four hardening fixes, from an adversarial review pass:

- Frame cap (#112): pause the socket synchronously on an oversized frame so
  the unparsed remainder cannot be smuggled in as fresh requests while the
  error response drains under write backpressure. Rename the limit to
  MAX_FRAME_CHARS and report "characters", since it bounds the retained JS
  string (UTF-16 code units), not wire bytes. Drop the dead destroyed-guard.
- Cold-start race (#110): claim the socket by binding first and only unlink
  on EADDRINUSE after confirming no live daemon answers, so a losing daemon
  can never unlink a live socket. Attach the runtime error handler only after
  a successful bind.
- CLI spawn lock (#110): use flock(2) via libc (already a dependency) instead
  of std::fs::File::lock, which would have silently raised the MSRV to 1.89.
- Runtime extraction: write daemon files via temp-file + atomic rename so a
  concurrent spawn never reads a truncated daemon.mjs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Replace the long-lived NPM_TOKEN secret with npm trusted publishing
(OIDC): add id-token write permission, upgrade npm to a version that
supports it, and drop NODE_AUTH_TOKEN. This also attaches build
provenance to the published package.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants