Skip to content

Commit e21eb63

Browse files
fix: harden bridge release and MCP handling
1 parent febf42e commit e21eb63

22 files changed

Lines changed: 749 additions & 140 deletions

.github/workflows/ci.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,9 @@ jobs:
1414
- uses: actions/setup-go@v6
1515
with:
1616
go-version-file: go.mod
17+
- uses: actions/setup-node@v6
18+
with:
19+
node-version: "22"
1720
- name: Vet
1821
shell: bash
1922
run: go vet ./...
@@ -29,6 +32,21 @@ jobs:
2932
- name: Build
3033
shell: bash
3134
run: go build -trimpath -ldflags "-s -w" -o bin/codex-browser-bridge.exe ./cmd/bridge
35+
- name: Check npm package contents
36+
shell: bash
37+
run: |
38+
cd npm
39+
npm pack --dry-run --json > pack.json
40+
node - <<'NODE'
41+
const fs = require("fs");
42+
const pack = JSON.parse(fs.readFileSync("pack.json", "utf8"))[0];
43+
const files = new Set(pack.files.map((f) => f.path));
44+
for (const required of ["package.json", "scripts/install.js", "bin/codex-browser-bridge.js"]) {
45+
if (!files.has(required)) {
46+
throw new Error(`npm package is missing ${required}`);
47+
}
48+
}
49+
NODE
3250
3351
lint:
3452
runs-on: windows-latest

.github/workflows/release.yml

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@ on:
44
push:
55
tags: ["v*"]
66
workflow_dispatch:
7+
inputs:
8+
tag:
9+
description: "Release tag, for example v1.5.1"
10+
required: true
711

812
permissions:
913
contents: write
@@ -22,7 +26,14 @@ jobs:
2226

2327
- name: Get version
2428
id: version
25-
run: echo "tag=${{ github.ref_name }}" >> $env:GITHUB_OUTPUT
29+
shell: bash
30+
run: |
31+
TAG="${{ github.event.inputs.tag || github.ref_name }}"
32+
if [[ ! "$TAG" =~ ^v[0-9]+(\.[0-9]+){1,2}([-+][0-9A-Za-z.-]+)?$ ]]; then
33+
echo "Invalid release tag: $TAG" >&2
34+
exit 1
35+
fi
36+
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
2637
2738
- name: Build
2839
shell: bash

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
# Binaries
22
*.exe
33
bin/
4+
!npm/bin/
5+
!npm/bin/codex-browser-bridge.js
6+
npm/bin/codex-browser-bridge
47
/bridge
58
/codex-browser-bridge
69

CHANGELOG.md

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,19 @@
22

33
All notable changes to this project will be documented in this file.
44

5+
## [1.5.1] - 2026-06-09
6+
7+
### Fixed
8+
9+
- Serialized per-tab CDP detach, attach, and execute sequences to prevent concurrent actions on the same tab from detaching each other.
10+
- `codex_click` now returns an error when the selector is missing instead of reporting success after a JavaScript exception.
11+
- `codex_dom_click` now rejects short `DOM.getBoxModel` content arrays instead of panicking.
12+
- `codex_wait_for_load` now retries transient navigation-time CDP errors until the timeout.
13+
- Pipe discovery now ignores the bare `codex-browser-use` namespace entry and only returns concrete pipe names.
14+
- MCP JSON-RPC handling now ignores notifications, rejects malformed request envelopes, rejects zero-length frames, and validates required tool arguments before opening pipe calls.
15+
- The npm package now uses a committed JavaScript command wrapper, downloads release assets for the package version instead of `latest`, rejects unsupported CPU architectures, and checks package contents in CI.
16+
- Manual release workflow runs now require a valid `v*` release tag.
17+
518
## [1.5.0] - 2026-06-05
619

720
### Fixed
@@ -61,13 +74,13 @@ All notable changes to this project will be documented in this file.
6174
### Changed
6275

6376
- `codex_dom_get_visible` description clarified: returns human-readable DOM tree (not node IDs); use `codex_dom_snapshot` for accessibility node IDs usable with `codex_dom_click`
64-
- `codex_screenshot` `fullPage` parameter documented as reserved (not yet implemented always captures viewport)
77+
- `codex_screenshot` `fullPage` parameter documented as reserved (not yet implemented, always captures viewport)
6578

6679
## [0.2.0] - 2026-05-16
6780

6881
### Added
6982
- `codex_navigate_back` and `codex_navigate_forward` MCP tools (history navigation was already in the client; now exposed)
70-
- `codex_wait_for_load` MCP tool polls `document.readyState` until `complete` or timeout
83+
- `codex_wait_for_load` MCP tool: polls `document.readyState` until `complete` or timeout
7184
- `codex_screenshot` now returns MCP `image` content so agents can view the screenshot directly (previously only base64 text)
7285
- `MCPServer.SetVersion` so the build version flows into the MCP `initialize` handshake (`serverInfo.version`)
7386
- Unit tests across `protocol`, `client`, `discovery`, and `mcp` packages

CONTRIBUTING.md

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Contributing
22

3-
Thanks for taking the time to contribute. This is a small project issues and PRs are both welcome.
3+
Thanks for taking the time to contribute. This is a small project, and issues and PRs are both welcome.
44

55
## Reporting bugs
66

@@ -13,7 +13,7 @@ Please open an issue using the bug report template. Include:
1313

1414
## Reporting security issues
1515

16-
See [SECURITY.md](SECURITY.md) — please don't file these as public issues.
16+
See [SECURITY.md](SECURITY.md). Please don't file these as public issues.
1717

1818
## Development setup
1919

@@ -32,11 +32,11 @@ make build
3232
make test
3333
```
3434

35-
The full test suite is hermetic — it uses `net.Pipe` to simulate the Codex pipe, so you don't need Codex Desktop running to run `go test ./...`.
35+
The full test suite is hermetic. It uses `net.Pipe` to simulate the Codex pipe, so you don't need Codex Desktop running to run `go test ./...`.
3636

3737
## Code style
3838

39-
- Run `gofmt`/`goimports` before committing CI enforces this.
39+
- Run `gofmt`/`goimports` before committing. CI enforces this.
4040
- `make test` runs `go vet ./...` and `go test -race -cover ./...`.
4141
- `golangci-lint run` is wired into CI; install it locally with [the official instructions](https://golangci-lint.run/usage/install/) and run it before pushing.
4242

@@ -50,18 +50,18 @@ The full test suite is hermetic — it uses `net.Pipe` to simulate the Codex pip
5050

5151
- Branch from `main`.
5252
- Reference the related issue in the PR description, if any.
53-
- Add or update tests for behavior changes. The wire-format invariants in `internal/client/browser_rpc_test.go` exist because we discovered them the hard way — please don't break them silently.
53+
- Add or update tests for behavior changes. The wire-format invariants in `internal/client/browser_rpc_test.go` exist because previous regressions were hard to diagnose. Please don't break them silently.
5454
- Update `CHANGELOG.md` under `## [Unreleased]`.
5555
- Update both `README.md` and `README.zh-CN.md` if you add or remove tools.
5656

5757
## Adding a new MCP tool
5858

5959
There are typically four places to touch:
6060

61-
1. `internal/client/browser.go` add the client method. If it's a CDP-based tool, use `cdpWithAttach` so the debugger is attached first.
62-
2. `internal/mcp/server.go` register the tool in `registerTools()` and add a handler that returns `[]Content`.
63-
3. `internal/client/browser_rpc_test.go` lock in the wire format with a `withRecordingServer`-based test.
64-
4. `internal/mcp/handlers_test.go`add an integration test that exercises the full clienthandler path.
61+
1. `internal/client/browser.go`: add the client method. If it's a CDP-based tool, use `cdpWithAttach` so the debugger is attached first.
62+
2. `internal/mcp/server.go`: register the tool in `registerTools()` and add a handler that returns `[]Content`.
63+
3. `internal/client/browser_rpc_test.go`: lock in the wire format with a `withRecordingServer`-based test.
64+
4. `internal/mcp/handlers_test.go`: add an integration test that exercises the full client-to-handler path.
6565

6666
Then update the count in `internal/mcp/server_test.go:TestRegisteredToolCount` and document the tool in both READMEs.
6767

README.md

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -54,9 +54,12 @@ Useful when an agent needs to work with pages that require a real browser sessio
5454

5555
## Status
5656

57-
Experimental.
57+
Version 1.5.1 is a local Windows tool for Codex Desktop and the Codex Chrome Extension. It supports both known Codex browser pipe name formats:
5858

59-
The current version is designed for local Windows environments where Codex Desktop and the Codex Chrome Extension are already installed and running.
59+
- `codex-browser-use-<uuid>`
60+
- `codex-browser-use\<uuid>`
61+
62+
The bridge is still intended for local development and controlled automation, not remote or multi-user deployment.
6063

6164
## Features
6265

@@ -116,7 +119,7 @@ make build
116119
The binary will be generated at:
117120

118121
```text
119-
bin/codex-browser-bridge
122+
bin/codex-browser-bridge.exe
120123
```
121124

122125
## Quick Start with Claude Code
@@ -253,7 +256,7 @@ quit
253256

254257
| Tool | Description |
255258
| ----------------------- | -------------------------------------------- |
256-
| `codex_screenshot` | Capture a screenshot (returns MCP image). `fullPage` parameter is reserved for future implementation — currently always captures the viewport. |
259+
| `codex_screenshot` | Capture a screenshot (returns MCP image). `fullPage` is reserved for a future release. The current implementation captures the viewport. |
257260
| `codex_dom_snapshot` | Get an accessibility tree snapshot |
258261
| `codex_dom_get_visible` | Get a simplified visible DOM tree (human-readable; use codex_dom_snapshot for node IDs usable with codex_dom_click) |
259262
| `codex_evaluate` | Evaluate JavaScript in the page context |
@@ -375,11 +378,11 @@ make clean # remove build output
375378

376379
## Roadmap
377380

378-
Possible next steps:
381+
Planned or open work:
379382

380-
- richer error messages for common pipe / extension failures
383+
- clearer error messages for common pipe / extension failures
381384
- non-Windows fallback or explicit platform guards
382-
- better screenshot output handling for MCP clients
385+
- screenshot output handling across MCP clients
383386
- typed tool result schemas
384387
- optional allowlist / confirmation layer for sensitive domains
385388
- examples for Claude Code, Cursor, Codex CLI, and other MCP clients

README.zh-CN.md

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -54,9 +54,12 @@ Agent 因此可以:
5454

5555
## 状态
5656

57-
实验性。
57+
v1.5.1 是面向本地 Windows 的工具,需要 Codex Desktop 和 Codex Chrome 扩展已安装并运行。当前版本支持两种已知的 Codex 浏览器 pipe 名称格式:
5858

59-
当前版本专为本地 Windows 环境设计,需要已安装并运行 Codex Desktop 和 Codex Chrome 扩展。
59+
- `codex-browser-use-<uuid>`
60+
- `codex-browser-use\<uuid>`
61+
62+
桥接器仍然只适合本地开发和受控自动化,不适合作为远程服务或多人共享服务部署。
6063

6164
## 特性
6265

@@ -105,7 +108,7 @@ https://github.com/DeliciousBuding/codex-browser-bridge/releases
105108

106109
`codex-browser-bridge.exe` 放到 `PATH` 中的任意位置。
107110

108-
### 方式三:从源码构建
111+
### 方式四:从源码构建
109112

110113
```bash
111114
git clone https://github.com/DeliciousBuding/codex-browser-bridge.git
@@ -233,7 +236,7 @@ info ping try <method> [json] quit
233236

234237
| 工具 | 说明 |
235238
|------|------|
236-
| `codex_screenshot` | 截取页面截图(返回 MCP image 内容)。`fullPage` 参数保留供未来实现——当前始终截取视口|
239+
| `codex_screenshot` | 截取页面截图(返回 MCP image 内容)。`fullPage` 参数保留给后续版本,当前实现截取视口|
237240
| `codex_dom_snapshot` | 获取无障碍树快照 |
238241
| `codex_dom_get_visible` | 获取简化版可见 DOM 树(人类可读;如需可用于 codex_dom_click 的节点 ID,请使用 codex_dom_snapshot) |
239242
| `codex_evaluate` | 在页面上下文中执行 JavaScript |
@@ -303,7 +306,7 @@ Chrome 标签页
303306
- 不要为不受信任的 MCP 客户端运行
304307
- 在允许敏感操作前检查 Agent 的行为
305308
- 避免在包含密码、支付信息、私有令牌或生产管理后台的页面上使用
306-
- 请记住被接管的标签页可能已经登录
309+
- 被接管的标签页可能已经登录,请按已登录会话处理
307310

308311
本项目仅用于本地开发和受控自动化。
309312

@@ -344,11 +347,11 @@ make build
344347

345348
## 路线图
346349

347-
可能的下一步
350+
计划或待处理工作
348351

349-
- 更丰富的错误信息(pipe / 扩展常见故障)
352+
- 更清晰的错误信息(pipe / 扩展常见故障)
350353
- 非 Windows 平台的回退或明确平台限制
351-
- 更好的截图输出处理
354+
- 面向不同 MCP 客户端的截图输出处理
352355
- 类型化的工具结果 schema
353356
- 敏感域名的可选白名单 / 确认层
354357
- Claude Code、Cursor、Codex CLI 等 MCP 客户端的使用示例

0 commit comments

Comments
 (0)