Skip to content

Commit ece68db

Browse files
ci: gate release and harden npm install
1 parent eea54a7 commit ece68db

11 files changed

Lines changed: 129 additions & 21 deletions

File tree

.github/ISSUE_TEMPLATE/bug_report.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ body:
55
- type: markdown
66
attributes:
77
value: |
8-
Thanks for taking the time to file a bug. Please fill in as much as you can — the more reproducible, the faster it gets fixed.
8+
Thanks for taking the time to file a bug. Keep public issues free of screenshots, DOM snapshots, tab titles, full URLs from private pages, tokens, account IDs, and logged-in page content. Use GitHub private vulnerability reporting for sensitive repros.
99
1010
- type: textarea
1111
id: what-happened
@@ -71,6 +71,7 @@ body:
7171
id: discover-output
7272
attributes:
7373
label: Output of `codex-browser-bridge -mode discover`
74+
description: Redact private pipe names or local identifiers before posting.
7475
render: text
7576
validations:
7677
required: false
@@ -79,7 +80,7 @@ body:
7980
id: logs
8081
attributes:
8182
label: Bridge logs
82-
description: Stderr from the bridge (`[codex-bridge] ...` lines), if any.
83+
description: Stderr from the bridge (`[codex-bridge] ...` lines), with tokens, URLs, tab titles, DOM text, and account identifiers removed.
8384
render: text
8485
validations:
8586
required: false

.github/workflows/ci.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,11 @@ jobs:
3232
- name: Build
3333
shell: bash
3434
run: go build -trimpath -ldflags "-s -w" -o bin/codex-browser-bridge.exe ./cmd/bridge
35+
- name: Test npm installer helpers
36+
shell: bash
37+
run: |
38+
cd npm
39+
npm test
3540
- name: Check npm package contents
3641
shell: bash
3742
run: |

.github/workflows/release.yml

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,59 @@ permissions:
1313
contents: write
1414

1515
jobs:
16+
test:
17+
runs-on: windows-latest
18+
steps:
19+
- uses: actions/checkout@v6
20+
- uses: actions/setup-go@v6
21+
with:
22+
go-version-file: go.mod
23+
- uses: actions/setup-node@v6
24+
with:
25+
node-version: "22"
26+
- name: Vet
27+
shell: bash
28+
run: go vet ./...
29+
- name: Test with coverage
30+
shell: bash
31+
run: go test -race -coverprofile=coverage.out -covermode=atomic ./...
32+
- name: Build
33+
shell: bash
34+
run: go build -trimpath -ldflags "-s -w" -o bin/codex-browser-bridge.exe ./cmd/bridge
35+
- name: Test npm installer helpers
36+
shell: bash
37+
run: |
38+
cd npm
39+
npm test
40+
- name: Check npm package contents
41+
shell: bash
42+
run: |
43+
cd npm
44+
npm pack --dry-run --json > pack.json
45+
node - <<'NODE'
46+
const fs = require("fs");
47+
const pack = JSON.parse(fs.readFileSync("pack.json", "utf8"))[0];
48+
const files = new Set(pack.files.map((f) => f.path));
49+
for (const required of ["package.json", "scripts/install.js", "bin/codex-browser-bridge.js"]) {
50+
if (!files.has(required)) {
51+
throw new Error(`npm package is missing ${required}`);
52+
}
53+
}
54+
NODE
55+
56+
lint:
57+
runs-on: windows-latest
58+
steps:
59+
- uses: actions/checkout@v6
60+
- uses: actions/setup-go@v6
61+
with:
62+
go-version-file: go.mod
63+
- uses: golangci/golangci-lint-action@v9
64+
with:
65+
version: latest
66+
1667
release:
68+
needs: [test, lint]
1769
runs-on: windows-latest
1870
steps:
1971
- uses: actions/checkout@v6

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,11 @@ npm/bin/codex-browser-bridge
1010
# Test artifacts
1111
test_*.txt
1212
cover.out
13+
coverage.out
1314
coverage
1415
*.coverprofile
16+
npm/pack.json
17+
npm/*.tgz
1518

1619
# IDE
1720
.idea/

CHANGELOG.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,17 @@
22

33
All notable changes to this project will be documented in this file.
44

5+
## [1.5.2] - 2026-06-09
6+
7+
### Fixed
8+
9+
- Release tags now run test and lint jobs before GitHub Release assets are created.
10+
- CI now runs Node tests for installer checksum parsing.
11+
- Public issue and contributing docs now ask reporters to redact browser-local data before posting.
12+
- Ignore rules now cover generated coverage files, npm pack output, and package archives.
13+
- npm installer downloads from the project release for the package version by default. Development download overrides require `CODEX_BRIDGE_ALLOW_DEV_DOWNLOADS=1`.
14+
- README wording now states project relationships and browser-session permissions directly.
15+
516
## [1.5.1] - 2026-06-09
617

718
### Fixed

CONTRIBUTING.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,10 +7,12 @@ Thanks for taking the time to contribute. This is a small project, and issues an
77
Please open an issue using the bug report template. Include:
88

99
- The output of `codex-browser-bridge --version`
10-
- The output of `codex-browser-bridge -mode discover`
10+
- The output of `codex-browser-bridge -mode discover`, with local identifiers redacted
1111
- Codex Desktop version, Chrome version, Windows version
1212
- A minimal reproduction (which tool you called, what arguments, what response)
1313

14+
Public issues must not include screenshots, DOM snapshots, tab titles, full private URLs, logged-in page content, tokens, account IDs, or production admin pages. Use GitHub private vulnerability reporting for sensitive repros.
15+
1416
## Reporting security issues
1517

1618
See [SECURITY.md](SECURITY.md). Please don't file these as public issues.

README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ Useful when an agent needs to work with pages that require a real browser sessio
5454

5555
## Status
5656

57-
Version 1.5.1 is a local Windows tool for Codex Desktop and the Codex Chrome Extension. It supports both known Codex browser pipe name formats:
57+
Version 1.5.2 is a local Windows tool for Codex Desktop and the Codex Chrome Extension. It supports both known Codex browser pipe name formats:
5858

5959
- `codex-browser-use-<uuid>`
6060
- `codex-browser-use\<uuid>`
@@ -391,9 +391,9 @@ Planned or open work:
391391

392392
MIT License.
393393

394-
## Disclaimer
394+
## Project Relationship
395395

396-
This is an independent third-party project. It is not affiliated with, endorsed by, or connected to OpenAI, Codex Desktop, Anthropic, Claude Code, Google, or Chrome.
396+
Maintained independently from OpenAI, Codex Desktop, Anthropic, Claude Code, Google, and Chrome.
397397

398398
## Acknowledgments
399399

README.zh-CN.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ Codex Desktop 通过本地 named pipe 与其 Chrome 扩展通信。其他 Agent
4040

4141
本项目复用你机器上已经存在的浏览器桥接能力,并将其包装为 MCP 服务器。
4242

43-
Agent 因此可以
43+
Agent 可以
4444

4545
- 查看你当前的浏览器标签页
4646
- 接管(claim)现有标签页
@@ -54,7 +54,7 @@ Agent 因此可以:
5454

5555
## 状态
5656

57-
v1.5.1 是面向本地 Windows 的工具,需要 Codex Desktop 和 Codex Chrome 扩展已安装并运行。当前版本支持两种已知的 Codex 浏览器 pipe 名称格式:
57+
v1.5.2 是面向本地 Windows 的工具,需要 Codex Desktop 和 Codex Chrome 扩展已安装并运行。当前版本支持两种已知的 Codex 浏览器 pipe 名称格式:
5858

5959
- `codex-browser-use-<uuid>`
6060
- `codex-browser-use\<uuid>`
@@ -300,10 +300,10 @@ Chrome 标签页
300300

301301
本工具赋予 Agent 访问你活跃浏览器会话的能力。
302302

303-
请像使用其他浏览器自动化工具一样谨慎使用
303+
按本地浏览器自动化工具处理它的权限
304304

305-
- 不要将桥接器暴露到网络端口
306-
- 不要为不受信任的 MCP 客户端运行
305+
- 只在本机 stdio MCP 连接中运行
306+
- 只连接可信 MCP 客户端
307307
- 在允许敏感操作前检查 Agent 的行为
308308
- 避免在包含密码、支付信息、私有令牌或生产管理后台的页面上使用
309309
- 被接管的标签页可能已经登录,请按已登录会话处理
@@ -360,9 +360,9 @@ make build
360360

361361
MIT License
362362

363-
## 免责声明
363+
## 项目关系
364364

365-
本项目为独立第三方项目,与 OpenAI、Codex Desktop、Anthropic、Claude Code、Google Chrome 无关联、无认可、无从属关系
365+
本项目独立维护,与 OpenAI、Codex Desktop、Anthropic、Claude Code、Google Chrome 分属不同项目
366366

367367
## 致谢
368368

npm/package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
{
22
"name": "@delicious233/codex-browser-bridge",
3-
"version": "1.5.1",
3+
"version": "1.5.2",
44
"private": false,
55
"description": "MCP server that exposes Codex Desktop's Chrome browser bridge for Claude Code and other agents.",
66
"bin": {
77
"codex-browser-bridge": "bin/codex-browser-bridge.js"
88
},
99
"scripts": {
10+
"test": "node scripts/install.test.js",
1011
"postinstall": "node scripts/install.js"
1112
},
1213
"files": [

npm/scripts/install.js

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,11 @@
11
#!/usr/bin/env node
22

33
const fs = require("fs");
4-
const os = require("os");
54
const path = require("path");
65
const crypto = require("crypto");
76
const https = require("https");
87

9-
const repo = process.env.CODEX_BRIDGE_REPO || "DeliciousBuding/codex-browser-bridge";
8+
const defaultRepo = "DeliciousBuding/codex-browser-bridge";
109
const binDir = path.join(__dirname, "..", "bin");
1110
const packageJson = require("../package.json");
1211

@@ -61,7 +60,9 @@ async function main() {
6160
process.exit(1);
6261
}
6362

64-
const tag = process.env.CODEX_BRIDGE_TAG || `v${packageJson.version}`;
63+
const devDownloads = process.env.CODEX_BRIDGE_ALLOW_DEV_DOWNLOADS === "1";
64+
const repo = devDownloads && process.env.CODEX_BRIDGE_REPO ? process.env.CODEX_BRIDGE_REPO : defaultRepo;
65+
const tag = devDownloads && process.env.CODEX_BRIDGE_TAG ? process.env.CODEX_BRIDGE_TAG : `v${packageJson.version}`;
6566
const exeName = "codex-browser-bridge.exe";
6667
const asset = arch === "arm64" ? "codex-browser-bridge-arm64.exe" : "codex-browser-bridge.exe";
6768

@@ -93,7 +94,14 @@ async function main() {
9394
console.log(`Installed: ${target}`);
9495
}
9596

96-
main().catch((err) => {
97-
console.error(`install failed: ${err.message}`);
98-
process.exit(1);
99-
});
97+
if (require.main === module) {
98+
main().catch((err) => {
99+
console.error(`install failed: ${err.message}`);
100+
process.exit(1);
101+
});
102+
}
103+
104+
module.exports = {
105+
parseChecksumLine,
106+
sha256,
107+
};

0 commit comments

Comments
 (0)