sync#1
Open
aditya-silna wants to merge 34 commits into
Open
Conversation
* docs: note Windows is not currently supported * chore: align marketplace version with package.json * docs: rewrite CHANGELOG with 0.2.0 as initial CLI release * docs: remove zero startup cost from README features * feat: add install-skill interactive command * chore: add rustfmt and prettier with CI checks * docs: simplify changelog * docs: add _snapshotForAI to help output * docs: expand LLM usage guide in help output * feat: add --timeout flag for script execution * feat: add snapshot helper for LLM-friendly page inspection * docs: document snapshotForAI, remove custom snapshot helper * docs: add approach guidance to LLM help * release: v0.2.1
* fix: gracefully close all connections on daemon stop * refactor: extract help text to static file * fix: install command properly extracts daemon and installs deps * fix: improve postinstall binary download reliability
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(cli): add Windows IPC and daemon lifecycle support * feat(release): add Windows x64 packaging and CI * docs: document Windows installation and verification * fix(windows): align pipe naming and shutdown detection
* chore: dead code cleanup and update CLAUDE.md * fix: restore BrowserEntry export
* feat: add --ignore-https-errors flag for self-signed certs * Preserve HTTPS settings on browser relaunch
* release: v0.2.4 * test: accept interrupted sandbox timeout on Windows
* fix: surface guest error messages dropped by headerless QuickJS stacks QuickJS Error.stack contains only frame lines (no "Name: message" header, unlike V8), so formatError's stack-first formatting dropped the thrown message entirely from stderr. Compose the header in formatError (extracted to format-error.ts), after #toError has applied its prefix, and skip it when the stack already carries one. Also add Buffer.isBuffer to the QuickJS Buffer polyfill. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * feat: add page.cua pixel/vision toolset Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * feat: add page.domCua DOM-id toolset Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * docs: document cua and domCua toolsets Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix: address review findings on cua/domCua toolsets - start the public id counter at a random high base whenever no inherited counter exists, so cross-origin navigations (empty sessionStorage) never reuse pre-navigation node ids - key the sticky id map by a per-document token minted in the walker, so a navigated child frame gets fresh ids instead of recycling old ones - track successfully-pressed modifier keys and release them in a finally covering the down loop, so an invalid key never leaves modifiers held on the persistent page - pin clip screenshot semantics as viewport-relative by scrolling first Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * style: format dom-cua files with prettier Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix: accept numeric-string nodeId in domCua actions Agents regex node ids out of the snapshot text, so they arrive as strings; coerce digit-only strings instead of erroring. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix: downscale screenshots to css pixels when scale:css is ignored Playwright ignores scale:'css' on viewport:null pages (headed and connected Chrome), returning device-pixel images that break the 1:1 cua coordinate contract on Retina displays. Detect the mismatch by parsing the JPEG dimensions and rescale in-page via OffscreenCanvas. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…, Chrome 147 CDP attach (#115) * fix: cap daemon socket request frames at 10 MiB The per-connection reader buffered incoming bytes with no bound until a newline arrived, so a local client could OOM the daemon by streaming data without a line terminator. Reject oversized frames with an error response and drop the connection before any JSON parsing. Fixes #112 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix: serialize browser-stop with the per-browser lock execute requests hold withBrowserLock for the browser they target, but browser-stop tore the browser down directly, so a second client could kill a browser while another client's script was mid-flight. Acquire the same keyed lock before stopping. Fixes #111 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix: prevent duplicate daemons on concurrent cold start Two CLI invocations racing on a cold start could both probe the socket, find no daemon, and both spawn one. The second daemon then unlinked the first daemon's live socket path (unlinking a bound Unix socket does not stop the server), splitting clients between two daemons and orphaning the first. - CLI: hold an exclusive file lock around the probe-and-spawn section so concurrent invocations serialize; the loser re-probes and reuses the winner's daemon. - Daemon: before unlinking an existing socket path, probe it and exit if a live daemon answers; only claim the pid file after binding succeeds. - Daemon: only unlink the socket/pid files on shutdown if this process owns them, so a losing daemon cannot delete the winner's endpoint. Fixes #110 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix: default PW_CHROMIUM_ATTACH_TO_OTHER=1 for Chrome 147 CDP attach Chrome 147's built-in remote debugging does not emit Target.attachedToTarget for some target types, which hangs Playwright's connectOverCDP auto-attach walk indefinitely. Default the documented Playwright escape hatch in the daemon process (where the Playwright server runs) while respecting an explicit user override. Fixes #103 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix: address review findings in daemon hardening Follow-up to the four hardening fixes, from an adversarial review pass: - Frame cap (#112): pause the socket synchronously on an oversized frame so the unparsed remainder cannot be smuggled in as fresh requests while the error response drains under write backpressure. Rename the limit to MAX_FRAME_CHARS and report "characters", since it bounds the retained JS string (UTF-16 code units), not wire bytes. Drop the dead destroyed-guard. - Cold-start race (#110): claim the socket by binding first and only unlink on EADDRINUSE after confirming no live daemon answers, so a losing daemon can never unlink a live socket. Attach the runtime error handler only after a successful bind. - CLI spawn lock (#110): use flock(2) via libc (already a dependency) instead of std::fs::File::lock, which would have silently raised the MSRV to 1.89. - Runtime extraction: write daemon files via temp-file + atomic rename so a concurrent spawn never reads a truncated daemon.mjs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Replace the long-lived NPM_TOKEN secret with npm trusted publishing (OIDC): add id-token write permission, upgrade npm to a version that supports it, and drop NODE_AUTH_TOKEN. This also attaches build provenance to the published package.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.