The stdio tuple overload resolves differently across @types/node versions
(v20 vs v24/v25). Cast the spawn() result to ChildProcessWithoutNullStreams
to ensure proc.stderr?.on/off type-checks regardless of installed @types/node.
* fix(browser): harden existing-session driver validation, session lifecycle, and code quality
Fix config validation rejecting existing-session profiles that lack
cdpPort/cdpUrl (they use Chrome MCP auto-connect instead). Fix callTool
tearing down the MCP session on tool-level errors (element not found,
script error), which caused expensive npx re-spawns. Skip unnecessary
CDP port allocation for existing-session profiles. Remove redundant
ensureChromeMcpAvailable call in isReachable.
Extract shared ARIA role sets (INTERACTIVE_ROLES, CONTENT_ROLES,
STRUCTURAL_ROLES) into snapshot-roles.ts so both the Playwright and
Chrome MCP snapshot paths stay in sync. Add usesChromeMcp capability
flag and replace ~20 scattered driver === "existing-session" string
checks with the centralized flag.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(browser): harden existing-session driver validation and session lifecycle (#45682) (thanks @odysseus0)
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat(browser): add batch actions, CSS selector support, and click delayMs
Adds three improvements to the browser act tool:
1. CSS selector support: All element-targeting actions (click, type,
hover, drag, scrollIntoView, select) now accept an optional
'selector' parameter alongside 'ref'. When selector is provided,
Playwright's page.locator() is used directly, skipping the need
for a snapshot to obtain refs. This reduces roundtrips for agents
that already know the DOM structure.
2. Click delay (delayMs): The click action now accepts an optional
'delayMs' parameter. When set, the element is hovered first, then
after the specified delay, clicked. This enables human-like
hover-before-click in a single tool call instead of three
(hover + wait + click).
3. Batch actions: New 'batch' action kind that accepts an array of
actions to execute sequentially in a single tool call. Supports
'stopOnError' (default true) to control whether execution halts
on first failure. Results are returned as an array. This eliminates
the AI inference roundtrip between each action, dramatically
reducing latency and token cost for multi-step flows.
Addresses: #44431, #38844
* fix(browser): address security review — batch evaluateEnabled guard, input validation, recursion limit
Fixes all 4 issues raised by Greptile review:
1. Security: batch actions now respect evaluateEnabled flag.
executeSingleAction and batchViaPlaywright accept evaluateEnabled
param. evaluate and wait-with-fn inside batches are rejected
when evaluateEnabled=false, matching the direct route guards.
2. Security: batch input validation. Each action in body.actions
is validated as a plain object with a known kind string before
dispatch. Applies same normalization as direct action handlers.
3. Perf: SELECTOR_ALLOWED_KINDS moved to module scope as a
ReadonlySet<string> constant (was re-created on every request).
4. Security: max batch nesting depth of 5. Nested batch actions
track depth and throw if MAX_BATCH_DEPTH exceeded, preventing
call stack exhaustion from crafted payloads.
* fix(browser): normalize batch act dispatch
* fix(browser): tighten existing-session act typing
* fix(browser): preserve batch type text
* fix(browser): complete batch action execution
* test(browser): cover batch route normalization
* test(browser): cover batch interaction dispatch
* fix(browser): bound batch route action inputs
* fix(browser): harden batch interaction limits
* test(browser): cover batch security guardrails
---------
Co-authored-by: Diwakar <diwakarrankawat@gmail.com>
Peter Steinberger
Vincent Koc
Luke
Stephen Schoettler
Roger Deng
Radek Sienkiewicz
George Zhang
scoootscooob
Val Alexander
Matt Van Horn