Skip to content

Commit 4bd04d1

Browse files
committed
feat(browser): enforce managed CloakBrowser skill boundary
Signed-off-by: Danil Silantyev <danilsilantyevwork@gmail.com>
1 parent 13e997a commit 4bd04d1

34 files changed

Lines changed: 797 additions & 216 deletions

File tree

.claude/CLAUDE.md

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -58,10 +58,13 @@ Do not treat OpenCode or Gemini command formats as native Codex runtime.
5858
## MCP and Security Notes
5959

6060
- MCP server definitions are portable in `plugins/rldyour-mcps/.mcp.json`.
61-
- Browser work must use the bootstrap-owned `$HOME/.local/bin/webwright`,
62-
`$HOME/.local/bin/playwright-cli`, and
63-
`$HOME/.local/bin/chrome-devtools-mcp` wrappers backed by CloakBrowser; no
64-
stock Chromium, in-app browser, or raw-browser fallback is allowed.
61+
- Before every browser action, run exactly
62+
`$HOME/.local/bin/cloakbrowser-cdp-health`; missing or nonzero health means
63+
stop with `NOT_PROVEN`. Browser work may then use only exact
64+
`$HOME/.local/bin/playwright-cli` (without `run-code` or `--filename`) or the
65+
approved exact Chrome DevTools MCP managed-wrapper transport. Webwright,
66+
stock/raw/in-app browser paths, browser/computer-use helpers, raw Playwright,
67+
direct packages, alternate CDP/config/executables, and fallbacks are banned.
6568
- System install keeps `browser@openai-bundled`, `node_repl`, and
6669
`computer-use` explicitly disabled; doctor rejects reinjected active copies
6770
and requires reinstall plus Codex restart.

.gitignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ node_modules/
1515
diagnostics/
1616
dist/
1717

18-
# Browser / Webwright / Playwright CLI runtime artifacts
18+
# Browser / Playwright CLI runtime artifacts, including retired Webwright residue
1919
browser/**
2020
!browser/
2121
!browser/.gitkeep

CHANGELOG.md

Lines changed: 79 additions & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -1,71 +1,32 @@
11
# Changelog
22

3-
## [1.7.15] - 2026-06-29
4-
5-
### Fixed
6-
7-
- Harden Ruff and Pyright baseline across adapter configs.
8-
9-
## [1.7.11] - 2026-06-27
10-
11-
### Changed
12-
13-
- Refresh Codex CLI runtime baseline to 0.142.4.
14-
15-
## [1.7.9] - 2026-06-27
16-
17-
### Changed
18-
19-
- Refresh shadcn MCP runtime pin to the latest published 4.12.0 release.
20-
21-
## [1.7.8] - 2026-06-26
22-
23-
### Changed
24-
25-
- Sync Serena release memories after runtime and MCP refresh.
26-
27-
## [1.7.7] - 2026-06-26
28-
29-
### Changed
30-
31-
- Refresh CLI runtime and MCP pins to latest stable versions.
32-
33-
## [1.7.6] - 2026-06-26
34-
35-
### Fixed
36-
37-
- Publish a clean follow-up release with a valid Conventional Commit head subject after the 1.7.5 release commit subject included literal quotes.
38-
39-
## [1.7.5] - 2026-06-26
40-
41-
### Fixed
42-
43-
- Replace non-ASCII punctuation in Flow tracked-context documentation so root ASCII hygiene passes.
44-
45-
## [1.7.4] - 2026-06-26
46-
47-
### Fixed
3+
All notable changes to this project are documented in this file.
484

49-
- Align README memory heading with the shared tracked-context adapter template.
5+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and marketplace/plugin versions follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
506

51-
## [1.7.3] - 2026-06-26
7+
## [Unreleased]
528

53-
### Fixed
9+
## [1.8.8] - 2026-07-10
5410

55-
- Pin the security-static workflow actionlint install to existing upstream `v1.7.12` instead of the invalid `v1.7.22` tag.
11+
### Security
5612

57-
## [1.7.2] - 2026-06-26
13+
- Require every browser-capable skill to run the exact
14+
`$HOME/.local/bin/cloakbrowser-cdp-health` preflight before every browser
15+
action and fail closed as `NOT_PROVEN` when it is missing or unhealthy.
16+
- Restrict browser execution to exact managed Playwright CLI and the approved
17+
Chrome DevTools MCP wrapper transport; forbid Playwright executable escape
18+
flags, raw/in-app/computer-use providers, direct packages, alternate CDP or
19+
config paths, and all fallbacks while preserving the 1.8.7 app-managed
20+
surface disabling.
21+
- Convert `webwright-task` into a compatibility-only route that decomposes old
22+
prompts across managed Playwright CLI and Chrome DevTools MCP without a
23+
Webwright or Python runtime, and enforce the boundary in policy validation
24+
plus mutation tests for every browser skill.
5825

5926
### Fixed
6027

61-
- Sync generated cmux worker/orchestrator skill projections with the tracked-context branch model.
62-
63-
All notable changes to this project are documented in this file.
64-
65-
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and marketplace/plugin versions follow [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
66-
67-
## [Unreleased]
68-
28+
- Keep runtime validation portable to macOS Bash 3.2 by passing a non-empty
29+
installer argument array under `set -u`, including non-strict static mode.
6930

7031
## [1.8.7] - 2026-07-10
7132

@@ -86,7 +47,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
8647
remove every workflow path that creates or pushes a tag and keep publication
8748
centralized behind `gh release --verify-tag`.
8849

89-
9050
## [1.8.6] - 2026-07-10
9151

9252
### Fixed
@@ -101,7 +61,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
10161
`0.144.1`, CloakBrowser `0.4.10`, MCP package pins, managed transport, or
10262
reusable CI `0.5.1`.
10363

104-
10564
## [1.8.5] - 2026-07-10
10665

10766
### Fixed
@@ -112,7 +71,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
11271
- Preserve Codex CLI `0.144.1`, bootstrap-owned CloakBrowser `0.4.10`, the exact
11372
managed Chrome DevTools transport, and reusable CI `0.5.1` unchanged.
11473

115-
11674
## [1.8.4] - 2026-07-10
11775

11876
### Changed
@@ -124,7 +82,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
12482
- Repin every reusable `nddev-ci-workflows` caller to the signed `0.5.1`
12583
release and add an exact pin regression test.
12684

127-
12885
## [1.8.3] - 2026-07-10
12986

13087
### Changed
@@ -133,7 +90,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
13390
health-gated CloakBrowser wrapper and align Playwright CLI to `0.1.17`.
13491
- Adopt the published Codex CLI `0.144.0` stable runtime baseline.
13592

136-
13793
## [1.8.2] - 2026-07-08
13894

13995
### Changed
@@ -225,6 +181,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
225181

226182
- Fix Codex published SBOM checksum and attestation proof.
227183

184+
## [1.7.15] - 2026-06-29
185+
186+
### Fixed
187+
188+
- Harden Ruff and Pyright baseline across adapter configs.
189+
228190
## [1.7.14] - 2026-06-29
229191

230192
### Fixed
@@ -243,6 +205,60 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
243205

244206
- Fix Codex CodeQL regex anchor alerts.
245207

208+
## [1.7.11] - 2026-06-27
209+
210+
### Changed
211+
212+
- Refresh Codex CLI runtime baseline to 0.142.4.
213+
214+
## [1.7.9] - 2026-06-27
215+
216+
### Changed
217+
218+
- Refresh shadcn MCP runtime pin to the latest published 4.12.0 release.
219+
220+
## [1.7.8] - 2026-06-26
221+
222+
### Changed
223+
224+
- Sync Serena release memories after runtime and MCP refresh.
225+
226+
## [1.7.7] - 2026-06-26
227+
228+
### Changed
229+
230+
- Refresh CLI runtime and MCP pins to latest stable versions.
231+
232+
## [1.7.6] - 2026-06-26
233+
234+
### Fixed
235+
236+
- Publish a clean follow-up release with a valid Conventional Commit head subject after the 1.7.5 release commit subject included literal quotes.
237+
238+
## [1.7.5] - 2026-06-26
239+
240+
### Fixed
241+
242+
- Replace non-ASCII punctuation in Flow tracked-context documentation so root ASCII hygiene passes.
243+
244+
## [1.7.4] - 2026-06-26
245+
246+
### Fixed
247+
248+
- Align README memory heading with the shared tracked-context adapter template.
249+
250+
## [1.7.3] - 2026-06-26
251+
252+
### Fixed
253+
254+
- Pin the security-static workflow actionlint install to existing upstream `v1.7.12` instead of the invalid `v1.7.22` tag.
255+
256+
## [1.7.2] - 2026-06-26
257+
258+
### Fixed
259+
260+
- Sync generated cmux worker/orchestrator skill projections with the tracked-context branch model.
261+
246262
## [1.7.1] - 2026-06-25
247263

248264
### Fixed
@@ -518,7 +534,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
518534

519535
- Make `/ry-repair` and launcher planning OS/mode aware for standard and macOS cmux orchestrator installs.
520536

521-
522537
## [1.1.25] - 2026-06-06
523538

524539
### Fixed

README.md

Lines changed: 22 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,10 @@ It is not a generic preset, not an automatic configuration takeover, and not a b
1717

1818
| Field | Value |
1919
|---|---|
20-
| Adapter version | `1.8.7` |
20+
| Adapter version | `1.8.8` |
2121
| Runtime baseline | Codex CLI 0.144.1 (`@openai/codex`) |
2222
| Browser wrapper baseline | CloakBrowser 0.4.10 (`cloakbrowser`; bootstrap-owned) |
23-
| GitHub release tag | `1.8.7` |
23+
| GitHub release tag | `1.8.8` |
2424

2525
The runtime baseline reference is `references/codex-baseline.json`, verified 2026-07-10. The npm package is `@openai/codex`; the upstream release artifact is at `https://github.com/openai/codex/releases/tag/rust-v0.144.1`.
2626

@@ -47,12 +47,14 @@ MCP launcher packages are pinned in `.mcp.json` and mirrored in `config/mcp-runt
4747
**Runtime install or update** - on machines that need a Codex CLI install or update:
4848

4949
```bash
50-
curl -fsSL https://chatgpt.com/codex/install.sh | CODEX_NON_INTERACTIVE=1 sh
5150
bun add -g @openai/codex@0.144.1
5251
codex --version
5352
codex doctor
5453
```
5554

55+
The repository bootstrap owns verified system installation. This adapter does
56+
not recommend piping a mutable network response into a shell.
57+
5658
**System config install** - dry-run first, then apply:
5759

5860
```bash
@@ -121,7 +123,7 @@ The active marketplace contains 11 plugins and 45 skills:
121123
- `rldyour-explore`: research skills for technical MCP research and authoritative web research.
122124
- `rldyour-serena-mcp`: Serena-first semantic code workflow, fact-only `.serena` memory sync, plans, research archive, and lifecycle hooks.
123125
- `rldyour-security`: non-blocking OWASP Top 10 2025 secure-implementation guidance and `ry-sec-review` security review skill.
124-
- `rldyour-browser`: provider-routed browser workflows for Webwright, Playwright CLI, and Chrome DevTools MCP.
126+
- `rldyour-browser`: fail-closed CloakBrowser workflows through managed Playwright CLI and Chrome DevTools MCP.
125127
- `rldyour-design`: Figma → code, centralized i18n, dynamic/static content classification, token-based design system, reusable UI kit, strict FSD frontend architecture, shadcn/ui, ReactBits, and browser validation workflows.
126128
- `rldyour-lsps`: language-server routing, health checks, brew-first setup profiles, and Serena LSP integration guidance.
127129
- `rldyour-flow`: autonomous SDLC workflows for `ry-init`, `ry-start`, `ry-newp`, `ry-review`, `ry-repair`, `ry-deploy`, scoped context packs, context sufficiency gates, instruction docs sync, fast offline SessionStart worktree bootstrap/context dispatcher hooks, cwd-safe PreToolUse guardrails, advisory commit hooks, reviewer tracks, and post-task synchronization.
@@ -146,13 +148,19 @@ Architecture decisions:
146148

147149
## Browser / Design / DevTools Routing
148150

149-
Browser automation uses three active providers, routed by task type per `config/browser-automation-policy.json`:
151+
Browser automation uses two active providers, routed by task type per the root
152+
control-plane `config/browser-automation-policy.json`:
150153

151-
- **Webwright** (`rldyour-browser`): task-harness provider for full autonomous browser workflows. Adapter-owned CLI wrapper; upstream-native availability is NOT_PROVEN in this adapter.
152-
- **Playwright CLI** (`rldyour-browser`): CLI provider for Playwright test execution and browser-driven validation.
154+
- **Playwright CLI** (`rldyour-browser`): exact
155+
`$HOME/.local/bin/playwright-cli` for browser-driven validation and
156+
decomposed long-horizon workflows; `run-code` and `--filename` are forbidden.
153157
- **Chrome DevTools MCP** (`plugins/rldyour-mcps`): MCP provider for DevTools protocol access - screenshots, network inspection, console, performance traces, and heap snapshots - via the `chrome-devtools` MCP server.
154158

155-
The required browser engine is the bootstrap-managed CloakBrowser wrapper. Its
159+
Before every browser action, the skill contract executes exactly
160+
`$HOME/.local/bin/cloakbrowser-cdp-health`; missing or nonzero health fails
161+
closed as `NOT_PROVEN`. Chrome DevTools MCP is allowed only through the exact
162+
managed `/bin/sh -c` wrapper transport. The required browser engine is the
163+
bootstrap-managed CloakBrowser wrapper. Its
156164
adapter policy pin is `CLOAKBROWSER_VERSION=0.4.10`; the adapter rejects a
157165
stock-Chromium fallback and keeps Chrome DevTools MCP on the exact
158166
`~/.local/bin/chrome-devtools-mcp` transport. Installation and browser-binary
@@ -162,6 +170,12 @@ entry point without changing the browser binaries; see the
162170
[`v0.4.10` tag](https://github.com/CloakHQ/CloakBrowser/tree/v0.4.10)
163171
and [PyPI package](https://pypi.org/project/cloakbrowser/0.4.10/).
164172

173+
The historical `webwright-task` skill name is compatibility-only and routes to
174+
managed Playwright CLI/Chrome DevTools MCP; Webwright runtime, Python
175+
Webwright, stock/raw/in-app Browser, `browser_agent`, `node_repl`,
176+
`computer-use`, Playwright MCP/raw Playwright, direct `bunx`/`npx` packages,
177+
alternate CDP/config/executables, and all browser fallbacks are forbidden.
178+
165179
The `rldyour-design` plugin provides Figma → code workflows, FSD frontend architecture, token-based design system implementation, shadcn/ui integration, ReactBits, and browser validation workflows layered on top of these browser providers.
166180

167181
Managed subagents (`browser-tester`) handle browser-tester review tracks. Specialist MCP servers (`figma`, `chrome-devtools`, `dart-flutter`, `shadcn`) are disabled inside managed subagents and remain parent-session tools for explicit design, browser, Flutter, or shadcn work.

SECURITY.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,8 @@ historical patch in the line.
1212

1313
| Version | Supported |
1414
|---|---|
15-
| Current exact tag `1.8.7` | yes |
16-
| Older `1.1.*` tags | no; upgrade to current exact tag |
15+
| Current exact tag `1.8.8` | yes |
16+
| Older patch tags | no; upgrade to current exact tag |
1717
| Older minor / major lines | no |
1818

1919
## Reporting a Vulnerability

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.8.7
1+
1.8.8

config/mcp-runtime-versions.env

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,3 @@ SHADCN_VERSION=4.13.0
1717
# Browser providers outside MCP.
1818
CLOAKBROWSER_VERSION=0.4.10
1919
PLAYWRIGHT_CLI_VERSION=0.1.17
20-
WEBWRIGHT_VERSION=0.1.0
21-
WEBWRIGHT_INSTALL_SOURCE=github:microsoft/Webwright
22-
WEBWRIGHT_PIN=4a46f282ec37f27d6003cc498a977939d62d9015

0 commit comments

Comments
 (0)