feat!: harden raw browser control and packaging

- Add safe-by-default policy gates for raw command surfaces: command, script, and serve-http /command. - Require explicit opt-ins for page reads, browser control, and high-risk commands such as dom.eval, storage.*, and screenshots. - Remove all cookies support from CLI, SDK, extension commands, permissions, constants, docs, and tests. - Add diagnostic, events, watch, workspace, remote, raw command, script, HTTP gateway, tree-view, session import/export, and extension info/capability commands. - Add Chrome Web Store packaging that strips manifest.key while keeping local packages with a stable native-messaging extension ID. - Bump browser-cli and extension version to 0.14.1 and cover the new behavior with pytest and extension packaging tests. BREAKING CHANGE: cookies commands and the b.cookies SDK namespace have been removed; generic raw command execution now blocks non-safe commands unless explicitly allowed.
2026-06-14 14:33:15 +02:00
parent 3e3b8d529c
commit 5cec57e06d
43 changed files with 1184 additions and 375 deletions
@@ -6,6 +6,14 @@ from browser_cli.sdk.base import Namespace, sdk_command
 class ExtensionNS(Namespace):
  """Control the browser-cli extension itself."""

+  @sdk_command("extension.info", default={})
+  def info(self) -> dict:
+    """Return extension version, runtime metadata, and capabilities."""
+
+  @sdk_command("extension.capabilities", default=[])
+  def capabilities(self) -> list[str]:
+    """Return feature capability strings advertised by the extension."""
+
  @sdk_command("extension.reload")
  def reload(self) -> None:
    """Reload the browser-cli extension service worker.