157 Commits

Author SHA1 Message Date
Tak Hoffman 4f00b76925 fix(context-window): Tighten context limits and bound memory excerpts (#67277)
* Tighten context limits and bound memory excerpts

* Align startup context defaults in config docs

* Align qmd memory_get bounds with shared limits

* Preserve qmd partial memory reads

* Fix shared memory read type import

* Add changelog entry for context bounds
2026-04-15 13:06:02 -05:00
Mason Huang 7eecfa411d fix(browser): unblock loopback CDP readiness under strict SSRF defaults (#66354)
Merged via squash.

Prepared head SHA: d9030ff2f05e4def509128af46171612e450fc43
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Co-authored-by: hxy91819 <8814856+hxy91819@users.noreply.github.com>
Reviewed-by: @hxy91819
2026-04-14 16:30:43 +08:00
Ayaan Zaidi 213c36cf51 fix(browser): preserve legacy strict SSRF alias 2026-04-14 12:50:02 +05:30
Ayaan Zaidi 1dabfef28d fix(browser): preserve explicit strict SSRF config 2026-04-14 12:42:59 +05:30
Ayaan Zaidi 1b76966f05 fix(browser): use loopback policy for json-new fallback 2026-04-14 12:42:59 +05:30
Ayaan Zaidi bf1d49093a fix(browser): relax default hostname SSRF guard 2026-04-14 12:42:59 +05:30
Peter Steinberger df84225504 test: align post-rebase full-suite drift 2026-04-13 20:49:39 -07:00
Pavan Kumar Gondhi b75ad800a5 fix(browser): enforce SSRF policy on snapshot, screenshot, and tab routes [AI] (#66040)
* fix: address issue

* fix: address review feedback

* fix: finalize issue changes

* fix: address review-pr skill feedback

* fix: address PR review feedback

* fix: address PR review feedback

* docs: add changelog entry for PR merge
2026-04-13 23:56:39 +05:30
Mariano 2c59ba24af fix(browser): detect local attachOnly loopback CDP sessions (#66080)
Merged via squash.

Prepared head SHA: 90c1c10cc95f3de905f997272e60251675180c17
Reviewed-by: @mbelinky
2026-04-13 19:46:56 +02:00
Mariano 8cfdc8dea1 fix(browser): unblock managed loopback CDP startup and control (#66043)
Merged via squash.

Prepared head SHA: c3d0a99ffa81f26ae3088be921c2979a530531ce
Reviewed-by: @mbelinky
2026-04-13 18:48:48 +02:00
Peter Steinberger 1a47660518 feat(browser): add qa web runtime support 2026-04-12 19:41:06 -07:00
Peter Steinberger 23e50859eb test(e2e): align release harness coverage 2026-04-12 16:08:12 +01:00
Vincent Koc 24051ddf38 test(browser): share existing-session route harness 2026-04-12 09:07:06 +01:00
Vincent Koc add2900520 test(browser): share control auth persistence checks 2026-04-12 05:33:09 +01:00
Peter Steinberger bf82a7c46e fix: keep browser cdp range wide for high ports 2026-04-11 13:55:08 +01:00
Peter Steinberger 5915d7cb6b perf: optimize messaging plugin tests 2026-04-11 13:55:07 +01:00
Vincent Koc 81535d394d fix(cycles): repair broken type surfaces 2026-04-11 13:42:17 +01:00
Vincent Koc 74e7b8d47b fix(cycles): bulk extract leaf type surfaces 2026-04-11 13:26:50 +01:00
Peter Steinberger 3e80bd33e4 refactor: simplify extension conversions 2026-04-11 01:37:23 +01:00
Peter Steinberger 11b0016e9e refactor: simplify provider channel conversions 2026-04-11 01:08:23 +01:00
Peter Steinberger a18c717add test: isolate browser network guards 2026-04-11 00:07:41 +01:00
Peter Steinberger 4ff237d776 refactor: simplify browser snapshot strings 2026-04-11 00:07:03 +01:00
Peter Steinberger f01469358f test: simplify browser download path checks 2026-04-10 23:48:27 +01:00
Peter Steinberger 405a920862 refactor: remove redundant browser helper conversions 2026-04-10 21:48:38 +01:00
Peter Steinberger 20849e7196 refactor: remove redundant browser session conversions 2026-04-10 21:46:52 +01:00
Peter Steinberger 3475404c7e refactor: remove redundant browser state conversions 2026-04-10 21:46:00 +01:00
Peter Steinberger b76f218c53 refactor: remove redundant browser screenshot conversions 2026-04-10 21:44:53 +01:00
Peter Steinberger 1560da7be2 refactor: remove redundant browser cdp conversions 2026-04-10 21:43:34 +01:00
Peter Steinberger d236cb4680 chore: enable redundant type constituent checks 2026-04-10 21:23:40 +01:00
Peter Steinberger d3cabde7b8 fix(browser): keep legacy ssrf alias raw-config only 2026-04-10 21:22:16 +01:00
Peter Steinberger 0ebeee8b0d chore: enable consistent-return 2026-04-10 20:56:43 +01:00
Peter Steinberger d015986265 fix: preserve browser cdp ssrf policy 2026-04-10 20:45:45 +01:00
Peter Steinberger 8e9e584b1e fix: validate browser profile driver before cdp policy 2026-04-10 20:31:27 +01:00
Peter Steinberger d2c0440fac ci: fix current main additional checks 2026-04-10 20:28:48 +01:00
Agustin Rivera 121c452d66 fix(browser): tighten strict browser hostname navigation (#64367)
* fix(browser): tighten strict browser hostname navigation

* fix(browser): address review follow-ups

* chore(changelog): add strict browser hostname navigation entry

* fix(browser): remove stale state prop from SelectionDeps call site

The PR's SelectionDeps uses getSsrFPolicy instead of the full state
object; the state property was leftover from an earlier iteration.

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-04-10 13:18:53 -06:00
Peter Steinberger 04c8026d03 chore: enable no-unnecessary-type-arguments 2026-04-10 20:14:49 +01:00
Agustin Rivera 109267b82a Handle subframe document navigations in browser guards (#64371)
* fix(browser): guard subframe document navigations

Co-authored-by: zsx <git@zsxsoft.com>

* fix(browser): preserve quarantine on subframe blocks

* chore(changelog): add subframe SSRF guard entry

* fix(browser): fail closed when subframe frame resolution throws

isSubframeDocumentNavigationRequest now returns true (apply SSRF
check) instead of false (skip check) when request.frame() throws,
so transient renderer churn cannot bypass the subframe navigation
policy guard.

---------

Co-authored-by: zsx <git@zsxsoft.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-04-10 12:51:23 -06:00
Peter Steinberger b2df0ed4b7 fix: align browser ssrf policy typing 2026-04-10 19:49:46 +01:00
Peter Steinberger abc499ec49 fix: preserve cdp guarded fetch dispatchers 2026-04-10 19:49:09 +01:00
Peter Steinberger 81ead0bc5b fix(browser): keep legacy ssrf alias internal 2026-04-10 19:46:37 +01:00
Agustin Rivera 905f19230a Align external marker span mapping (#63885)
* fix(markers): align external marker spans

* fix(browser): ssrfPolicy defaults fail-closed for unconfigured installs (GHSA-53vx-pmqw-863c)

* fix(browser): enforce strict default SSRF policy

* chore(changelog): add browser SSRF default + marker alignment entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-04-10 12:35:20 -06:00
Agustin Rivera daeb74920d fix(browser): guard existing-session navigation (#64370)
* fix(browser): guard existing-session navigation

Co-authored-by: zsx <git@zsxsoft.com>

* fix(browser): tighten interaction navigation guard

* fix(browser): tighten existing-session nav guard

* fix(browser): fail closed on unstable existing-session probes

* fix(browser): add follow-up probe for late URL transitions in existing-session nav guard

* fix(browser): keep probing through full navigation window

* fix(browser): reset stability flag on probe error in existing-session nav guard

* chore(changelog): add Chrome MCP interaction SSRF guard entry

---------

Co-authored-by: zsx <git@zsxsoft.com>
Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-04-10 12:31:41 -06:00
Peter Steinberger 59925c1a74 chore: update dependencies and oxc tooling 2026-04-10 19:28:42 +01:00
Peter Steinberger 925a499d84 ci: fix additional guard failures 2026-04-10 19:23:10 +01:00
Peter Steinberger f6ed276f51 style: apply updated formatter output 2026-04-10 19:17:39 +01:00
Michael Appel e0b8ddc1a5 fix(browser): apply three-phase interaction navigation guard to pressKey and type(submit) [AI-assisted] (#63889)
* fix: address issue

* chore(changelog): add pressKey/type SSRF guard entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-04-10 11:27:53 -06:00
Agustin Rivera 8dfbf3268b fix(browser): gate sandbox noVNC helper auth
Require bridge auth before /sandbox/novnc token redemption and keep the noVNC observer URL out of model-visible prompt context.

Local verification:
- pnpm test extensions/browser/src/browser/bridge-server.auth.test.ts src/agents/sanitize-for-prompt.test.ts src/agents/pi-embedded-runner.buildembeddedsandboxinfo.test.ts

Note: pnpm check currently fails on latest main in unrelated files (src/agents/tools/message-tool.ts and src/gateway/mcp-http.test.ts), outside this PR diff.

Thanks @eleqtrizit.

Co-authored-by: eleqtrizit <31522568+eleqtrizit@users.noreply.github.com>
2026-04-10 18:01:26 +01:00
Peter Steinberger 81ae34c434 test: keep browser selection cdp guard profile-aware 2026-04-10 17:35:54 +01:00
Peter Steinberger 58ee5e48d1 test: fix browser and matrix verification 2026-04-10 17:25:04 +01:00
Peter Steinberger fa2ee2af85 test: enforce browser cdp policy before playwright 2026-04-10 17:21:19 +01:00