feat!: harden raw browser control and packaging
Testing / remote-protocol-compat (0.9.3) (push) Successful in 40s
Testing / remote-protocol-compat (0.9.5) (push) Successful in 38s
Testing / test (push) Failing after 1m3s
Package Extension / package-extension (push) Successful in 29s
Build & Publish Package / publish (push) Successful in 33s
Testing / remote-protocol-compat (0.9.3) (push) Successful in 40s
Testing / remote-protocol-compat (0.9.5) (push) Successful in 38s
Testing / test (push) Failing after 1m3s
Package Extension / package-extension (push) Successful in 29s
Build & Publish Package / publish (push) Successful in 33s
- Add safe-by-default policy gates for raw command surfaces: command, script, and serve-http /command. - Require explicit opt-ins for page reads, browser control, and high-risk commands such as dom.eval, storage.*, and screenshots. - Remove all cookies support from CLI, SDK, extension commands, permissions, constants, docs, and tests. - Add diagnostic, events, watch, workspace, remote, raw command, script, HTTP gateway, tree-view, session import/export, and extension info/capability commands. - Add Chrome Web Store packaging that strips manifest.key while keeping local packages with a stable native-messaging extension ID. - Bump browser-cli and extension version to 0.14.1 and cover the new behavior with pytest and extension packaging tests. BREAKING CHANGE: cookies commands and the b.cookies SDK namespace have been removed; generic raw command execution now blocks non-safe commands unless explicitly allowed.
This commit is contained in:
+16
-2
@@ -20,7 +20,6 @@ from browser_cli.commands.session import session_group
|
||||
from browser_cli.commands.search import search_group
|
||||
from browser_cli.commands.page import page_group
|
||||
from browser_cli.commands.storage import storage_group
|
||||
from browser_cli.commands.cookies import cookies_group
|
||||
from browser_cli.commands.perf import perf_group
|
||||
from browser_cli.commands.extension import extension_group
|
||||
from browser_cli.commands.serve import cmd_serve
|
||||
@@ -29,6 +28,14 @@ from browser_cli.commands.auth import auth_group
|
||||
from browser_cli.commands.clients import clients_group
|
||||
from browser_cli.commands.completion import cmd_completion
|
||||
from browser_cli.commands.install import cmd_install
|
||||
from browser_cli.commands.doctor import cmd_doctor
|
||||
from browser_cli.commands.events import cmd_events
|
||||
from browser_cli.commands.remote import remote_group
|
||||
from browser_cli.commands.script import cmd_script
|
||||
from browser_cli.commands.serve_http import cmd_serve_http
|
||||
from browser_cli.commands.watch import watch_group
|
||||
from browser_cli.commands.workspace import workspace_group
|
||||
from browser_cli.commands.raw import cmd_command
|
||||
|
||||
console = Console()
|
||||
|
||||
@@ -118,7 +125,6 @@ main.add_command(session_group)
|
||||
main.add_command(search_group)
|
||||
main.add_command(page_group)
|
||||
main.add_command(storage_group)
|
||||
main.add_command(cookies_group)
|
||||
main.add_command(perf_group)
|
||||
main.add_command(extension_group)
|
||||
main.add_command(cmd_serve)
|
||||
@@ -126,6 +132,14 @@ main.add_command(cmd_link_serve)
|
||||
main.add_command(clients_group)
|
||||
main.add_command(cmd_completion)
|
||||
main.add_command(cmd_install)
|
||||
main.add_command(cmd_doctor)
|
||||
main.add_command(cmd_events)
|
||||
main.add_command(remote_group)
|
||||
main.add_command(cmd_script)
|
||||
main.add_command(cmd_serve_http)
|
||||
main.add_command(watch_group)
|
||||
main.add_command(workspace_group)
|
||||
main.add_command(cmd_command)
|
||||
|
||||
# ── native-host (hidden, called by Chrome via native messaging) ────────────────
|
||||
|
||||
|
||||
Reference in New Issue
Block a user