Conversation
Bind browser subresource calls to a browser session's base_url and expose raw HTTP through fetch so metro-routed access feels like normal JavaScript networking. Made-with: Cursor
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: PR modifies client library code (browser session client) rather than API endpoints or Temporal workflows in packages/api/ To monitor this PR anyway, reply with |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Fail fast when browser-scoped clients do not have a session base_url, route subresource calls through the browser session base directly, and clean up browser-vm wording. Made-with: Cursor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issues. You can view the agent here.
Reviewed by Cursor Bugbot for commit 7486cd4. Configure here.
| if (options.path.startsWith(prefix)) { | ||
| const rest = options.path.slice(prefix.length); | ||
| options.path = rest.startsWith('/') ? rest : `/${rest}`; | ||
| } |
There was a problem hiding this comment.
Path prefix matching ignores SDK URL encoding
Low Severity
The prepareOptions override builds the prefix with raw string interpolation (`/browsers/${transport.sessionId}/`), but the SDK's path tagged template in resource methods (e.g., path`/browsers/${id}/...`) runs path parameters through encodeURIPath. If a session_id ever contains characters outside the URI-safe set, the encoded path won't match the raw prefix, so the path won't be rewritten and requests will hit the wrong endpoint.
Reviewed by Cursor Bugbot for commit 7486cd4. Configure here.
Fail fast when browser-scoped clients are missing a browser session base_url, route subresource calls through the session base consistently, and keep lint output clean. Made-with: Cursor
Replace the handwritten Node browser-scoped façade with deterministic generated bindings from the browser resource graph, and enforce regeneration during lint and build. Made-with: Cursor
1 participant
Summary
kernel.forBrowser(...)to create a browser-scoped client from a browser session responsebase_urlso callers stop repeating the browser idbrowser.fetch(...)while keeping the internal/curl/rawtransport path hiddenTest plan
./node_modules/.bin/tsc --noEmit./node_modules/.bin/jest tests/lib/browser-transport.test.ts tests/lib/kernel-browser-session.test.tsMade with Cursor
Note
Medium Risk
Introduces a new request-routing mode that rewrites browser subresource paths and changes auth behavior (drops
Authorizationand relies on jwt query params), which could affect how browser-session requests are authenticated and routed.Overview
Adds a browser-scoped session client via
kernel.forBrowser(...), returningKernelBrowserSessionthat lets callers invoke browser subresources without repeatingsession_idand routes those calls through the browser sessionbase_url.Introduces
browser.fetch(...)to proxy HTTP through the browser VM network stack by calling internalPOST /curl/raw, and adds transport helpers to resolvebase_urland jwt (fromcdp_ws_urlor explicit) and inject jwt into query params.Adds a codegen script (
scripts/generate-browser-session.ts) and committed generated bindings for browser subresources, wires generation intobuild/lint, exports the new APIs fromsrc/index.ts, and adds tests plus an example demonstrating the new browser-scoped usage.Reviewed by Cursor Bugbot for commit c5731cb. Bugbot is set up for automated code reviews on this repo. Configure here.