github-mirrors/openclaw
1
0
Fork 0
mirror of https://fastgit.cc/github.com/openclaw/openclaw synced 2026-04-21 21:31:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,151 Commits 1,079 Branches 112 Tags
main
Commit Graph

236 Commits

Author SHA1 Message Date
Peter Steinberger
7b1871b99b fix(browser): clarify DevToolsActivePort attach failures 2026-04-21 08:11:41 +01:00
Peter Steinberger
5945d4145a fix(test): keep browser vitest mock out of runtime scan 2026-04-20 20:45:42 +01:00
Peter Steinberger
84d8cb0826 test: share browser security mock 2026-04-20 20:36:23 +01:00
Peter Steinberger
d033662145 test: share browser cdp fixtures 2026-04-20 20:33:22 +01:00
Peter Steinberger
28f7745a5e test: share browser route fixtures 2026-04-20 20:30:06 +01:00
Peter Steinberger
975b989de6 test: reduce module reload churn 2026-04-20 20:28:47 +01:00
Peter Steinberger
76052a4e01 refactor: share browser runtime helpers 2026-04-20 16:32:28 +01:00
Peter Steinberger
0010b246c0 test: share browser tab route fixtures 2026-04-20 16:29:20 +01:00
Peter Steinberger
74967abd51 refactor: share browser path helpers 2026-04-20 16:27:11 +01:00
Peter Steinberger
c067c16360 perf(test): shorten browser chrome timeout probes 2026-04-20 16:09:37 +01:00
Peter Steinberger
1148f245c8 build(deps): declare extension runtime dependencies 2026-04-20 16:07:14 +01:00
Peter Steinberger
3a99b8b9e1 perf(test): preload browser server harness 2026-04-20 15:22:42 +01:00
Peter Steinberger
795a8042a1 perf(test): tighten chrome internal timeouts 2026-04-20 15:12:20 +01:00
Peter Steinberger
8116e638f3 chore: release 2026.4.20 2026-04-20 13:16:40 +01:00
Mariano
8cb73844c8 browser: route existing-session user profile through browser nodes (#68891) 
* browser: route user profile through browser nodes

* browser: align existing-session node docs

* browser: preserve host fallback on node discovery errors

* browser: preserve configured node pin errors

* browser: widen config mock in node pin test
 2026-04-19 12:21:23 +02:00
Viz
4cfc8cd5be fix(browser): discover CDP websocket from bare ws:// URL before attach (#68715) 
* fix(browser): discover CDP websocket from bare ws:// URL before attach

When browser.cdpUrl is set to a bare ws://host:port (no /devtools/ path), ensureBrowserAvailable would call isChromeReachable -> canOpenWebSocket against the URL verbatim. Chrome only accepts WebSocket upgrades at the specific path returned by /json/version, so the handshake failed immediately with HTTP 400. With attachOnly: true, that surfaced as:

  Browser attachOnly is enabled and profile "openclaw" is not running.

even though the CDP endpoint was reachable and the profile was healthy. Reproduced by the new tests in chrome.test.ts and cdp.test.ts (#68027).

Fix: introduce isDirectCdpWebSocketEndpoint(url) — true only when a ws/wss URL has a /devtools/<kind>/<id> handshake path. Route any other ws/wss cdpUrl (including the bare ws://host:port shape) through HTTP /json/version discovery by normalising the scheme via the existing normalizeCdpHttpBaseForJsonEndpoints helper. Apply this in isChromeReachable, getChromeWebSocketUrl, and createTargetViaCdp. Direct WS endpoints with a /devtools/ path are still opened without an extra discovery round-trip.

Fixes #68027

* test(browser): add seeded fuzz coverage for CDP URL helpers

Adds property-based / seeded-fuzz tests for the URL helpers the
attachOnly CDP fix depends on (#68027):

  - isWebSocketUrl
  - isDirectCdpWebSocketEndpoint
  - normalizeCdpHttpBaseForJsonEndpoints
  - parseBrowserHttpUrl
  - redactCdpUrl
  - appendCdpPath
  - getHeadersWithAuth

Follows the existing repo convention (see
src/gateway/http-common.fuzz.test.ts): no fast-check dep, small
mulberry32 PRNG + hand-rolled generators, deterministic per-describe
seeds so failures are reproducible.

Lifts cdp.helpers.ts coverage from 77.77% -> 89.54% statements,
67.9% -> 80.24% branches, 78% -> 90% lines. Remaining uncovered
lines are inside the WS sender internals (createCdpSender,
withCdpSocket, fetchCdpChecked rate-limit branch), which require
integration-style mocks and are unrelated to the attachOnly fix.

* test(browser): drive cdp.helpers/cdp/chrome to 100% coverage

Lifts the three files touched by the #68027 attachOnly fix to 100% statements/branches/functions/lines across the extensions test suite. Adds cdp.helpers.internal.test.ts, cdp.internal.test.ts, and chrome.internal.test.ts covering error paths, branch matrices, CDP session helpers, Chrome spawn/launch/stop flows, and canRunCdpHealthCommand. Defensively unreachable guards are annotated with c8 ignore + inline justifications.

* fix(browser): restore WS fallback for non-/devtools ws:// CDP URLs

When /json/version discovery is unavailable (or returns no
webSocketDebuggerUrl), fall back to treating the original bare ws/wss
URL as a direct WebSocket endpoint. This preserves the #68027 fix for
Chrome's debug port while restoring compatibility with Browserless/
Browserbase-style providers that expose a direct WebSocket root without
a /json/version endpoint.

Priority order for bare ws/wss cdpUrl inputs:
  1. /devtools/<kind>/<id> URL \u2192 direct handshake, no discovery (unchanged)
  2. bare ws/wss root \u2192 try HTTP discovery first; if discovery returns a
     webSocketDebuggerUrl use it; otherwise fall back to the original URL
     as a direct WS endpoint
  3. HTTP/HTTPS URL \u2192 HTTP discovery only, no fallback (unchanged)

Affected call sites: isChromeReachable, getChromeWebSocketUrl,
createTargetViaCdp.

Also renames a misleading test ('still enforces SSRF policy for direct
WebSocket URLs') to accurately describe what it tests: SSRF enforcement
on the navigation target URL, not on the CDP endpoint.

New tests added for all three fallback paths. Coverage remains 100% on
all three touched files (238 tests).

* fix: browser attachOnly bare ws CDP follow-ups (#68715) (thanks @visionik)
 2026-04-19 05:43:39 -04:00
Peter Steinberger
ac8f0c9c0d chore: prepare 2026.4.19-beta.1 release 2026-04-19 02:09:43 +01:00
Peter Steinberger
58da2f5897 fix(browser): improve CDP startup diagnostics 2026-04-18 23:44:27 +01:00
Peter Steinberger
73728127b6 refactor(browser): share SSRF hostname allowlist helper 2026-04-18 23:28:37 +01:00
Peter Steinberger
1fd049e307 fix: scope remote CDP host allowlist (#68207) 2026-04-18 22:54:54 +01:00
HansY
e90c89cf8b fix(browser): auto-allowlist configured CDP hostnames in SSRF policy 2026-04-18 22:54:54 +01:00
Peter Steinberger
a5d6330f87 refactor: cache remaining runtime imports 2026-04-18 20:08:04 +01:00
Peter Steinberger
1f1ff0567a refactor(lint): reduce map spread patterns 2026-04-18 19:27:43 +01:00
Peter Steinberger
cc919db83b chore(lint): enable async endpoint handler rule 2026-04-18 19:27:43 +01:00
Peter Steinberger
df525b90f2 chore(lint): enable unnecessary type parameter rule 2026-04-18 18:31:13 +01:00
Peter Steinberger
66385670e4 refactor: reduce unnecessary dynamic imports 2026-04-18 16:15:33 +01:00
Peter Steinberger
3f2e73b723 chore(release): bump version to 2026.4.18 2026-04-18 15:46:33 +01:00
Ziy
4b5987829d fix: redact credentials in browser.cdpUrl config paths (#67679) 
Merged via squash.

Prepared head SHA: 77bc2c50ce
Co-authored-by: Ziy1-Tan <49604965+Ziy1-Tan@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-18 14:22:58 +08:00
Peter Steinberger
5817a76236 test: merge browser contract server suites 2026-04-17 07:15:27 +01:00
Peter Steinberger
daaebb8558 test: split browser snapshot target helper 2026-04-17 07:15:27 +01:00
Peter Steinberger
132d3c76a0 test: reuse browser server harness imports 2026-04-17 07:15:27 +01:00
Peter Steinberger
0dc4c4076c chore: bump version to 2026.4.16 2026-04-17 00:45:04 +01:00
Tak Hoffman
4f00b76925 fix(context-window): Tighten context limits and bound memory excerpts (#67277) 
* Tighten context limits and bound memory excerpts

* Align startup context defaults in config docs

* Align qmd memory_get bounds with shared limits

* Preserve qmd partial memory reads

* Fix shared memory read type import

* Add changelog entry for context bounds
 2026-04-15 13:06:02 -05:00
Peter Steinberger
b3fa5880dd build(extensions): bump bundled plugin versions to 2026.4.15-beta.1 2026-04-15 15:06:13 +01:00
Mason Huang
7eecfa411d fix(browser): unblock loopback CDP readiness under strict SSRF defaults (#66354) 
Merged via squash.

Prepared head SHA: d9030ff2f0
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
 2026-04-14 16:30:43 +08:00
Ayaan Zaidi
213c36cf51 fix(browser): preserve legacy strict SSRF alias 2026-04-14 12:50:02 +05:30
Ayaan Zaidi
1dabfef28d fix(browser): preserve explicit strict SSRF config 2026-04-14 12:42:59 +05:30
Ayaan Zaidi
1b76966f05 fix(browser): use loopback policy for json-new fallback 2026-04-14 12:42:59 +05:30
Ayaan Zaidi
bf1d49093a fix(browser): relax default hostname SSRF guard 2026-04-14 12:42:59 +05:30
Peter Steinberger
df84225504 test: align post-rebase full-suite drift 2026-04-13 20:49:39 -07:00
Pavan Kumar Gondhi
b75ad800a5 fix(browser): enforce SSRF policy on snapshot, screenshot, and tab routes [AI] (#66040) 
* fix: address issue

* fix: address review feedback

* fix: finalize issue changes

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
 2026-04-13 23:56:39 +05:30
Mariano
2c59ba24af fix(browser): detect local attachOnly loopback CDP sessions (#66080) 
Merged via squash.

Prepared head SHA: 90c1c10cc9
Reviewed-by: @mbelinky
 2026-04-13 19:46:56 +02:00
Mariano
8cfdc8dea1 fix(browser): unblock managed loopback CDP startup and control (#66043) 
Merged via squash.

Prepared head SHA: c3d0a99ffa
Reviewed-by: @mbelinky
 2026-04-13 18:48:48 +02:00
Peter Steinberger
1a47660518 feat(browser): add qa web runtime support 2026-04-12 19:41:06 -07:00
Peter Steinberger
a8e140e395 chore: bump version to 2026.4.12 2026-04-12 10:37:18 -07:00
Peter Steinberger
23e50859eb test(e2e): align release harness coverage 2026-04-12 16:08:12 +01:00
Vincent Koc
24051ddf38 test(browser): share existing-session route harness 2026-04-12 09:07:06 +01:00
Vincent Koc
add2900520 test(browser): share control auth persistence checks 2026-04-12 05:33:09 +01:00
Peter Steinberger
bf82a7c46e fix: keep browser cdp range wide for high ports 2026-04-11 13:55:08 +01:00
Peter Steinberger
5915d7cb6b perf: optimize messaging plugin tests 2026-04-11 13:55:07 +01:00