Security:
- serve.py: server now sends nonce challenge before accepting any command;
clients sign nonce + SHA256(canonical_payload) with Ed25519 key
- New --authorized-keys FILE option for serve; token auth still works as fallback
- Connection limit: BoundedSemaphore(64) in serve.py
- Secure file creation with os.open(..., 0o600) for token/key files
- New auth.py module: keygen, file key load/save, SSH agent protocol (pure Python),
sign/verify helpers compatible with both file keys and agent-held keys (YubiKey,
TPM, gpg-agent)
Features:
- YubiKey support via SSH agent protocol — no new runtime deps, just $SSH_AUTH_SOCK
- New `browser-cli auth` command group: keygen, trust, show, keys
- Global --key PATH flag (or BROWSER_CLI_KEY env) selects signing key;
pass "agent" or "agent:<selector>" to use SSH agent key
- BrowserCLI Python API gains key= parameter
Bug fixes (11 issues across two review passes):
- client.py: check response is not None before json.loads
- native_host.py: _read_exact_stream loop handles EINTR short reads; fix Windows
Listener leak on accept error
- __init__.py: open_wait / tabs_watch_url raise RuntimeError instead of silent None
- extension/tabs.ts: dedupe skips tabs without URL; tabsSort uses pendingUrl fallback
- extension/session.ts: removeListener before addListener prevents duplicate handlers
Breaking: TCP serve protocol now sends a challenge frame first (v0.9.0)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- tabs.py: validate screenshot data URL prefix and catch binascii.Error
instead of silently writing a zero-byte file or crashing with a raw traceback
- serve.py: add 30 s recv timeout on client connections to prevent unbounded
thread accumulation; use hmac.compare_digest for constant-time token check
- native_host.py: bind Unix socket before _registry_add to eliminate the
window where the registry points to an unbound path; cap paging loop at
ceil(10000/PAGE_SIZE) iterations to guard against a misbehaving extension;
remove dead no-hello fast-path queue that was registered but never consumed
- __init__.py: narrow _apply_tab_filter except to (AttributeError, TypeError)
so broken filter functions raise instead of silently returning wrong results
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Exposes a local browser over a TCP socket so remote machines can
control it using the same CLI and Python API. Token auth (auto-generated
via secrets.token_urlsafe) is on by default; --no-auth disables it.
Profile routing via _route message field lets clients target specific
browser instances on the remote host. BROWSER_CLI_PROFILE is forwarded
automatically so --browser flag works transparently over remote.
- browser-cli serve [--host] [--port] [--token] [--no-auth]
- browser-cli --remote HOST:PORT --token TOKEN <command>
- BrowserCLI(remote="host:port", token="...").tabs_list()
daniel156161
