fix(browser): address PR review feedback — security, error handling, simplification

- Remove Gateway from AgentBrowser construct (unused; agent calls Lambda
  directly via boto3, avoids extra Cognito user pool)
- Add URL allowlist in browser-tool Lambda: HTTPS-only, github.com only,
  reject RFC1918/link-local/IMDS to prevent SSRF
- Use discriminated union type for BrowserToolResponse
- Sanitize taskId in S3 key path to [a-zA-Z0-9_-]
- Add persistent WebSocket error handler, wrap JSON.parse in try/catch,
  replace non-null assertions with descriptive error checks
- Log session cleanup failures instead of silently swallowing
- Increase presigned URL expiry to 7 days (bounded by credential lifetime)
- Distinguish config errors (ERROR) from transient errors (WARN) in
  browser.py; check FunctionError on Lambda invoke response
- Check gh pr edit return code; deduplicate ## Screenshots section on retry
- Log exception details in pipeline.py screenshot catch block
- Add 9 tests for capture_pr_screenshots and _append_screenshots_to_pr

Author: bgagent

agent/src/browser.py

@@ -31,18 +31,33 @@ def capture_screenshot(url: str, task_id: str = "") -> str | None:
         return None
     try:
         client = _get_lambda_client()
+    except ValueError as e:
+        print(f"[browser] [ERROR] Configuration error: {e}", flush=True)
+        return None
+    try:
         payload = json.dumps({"action": "screenshot", "url": url, "taskId": task_id})
         response = client.invoke(
             FunctionName=function_name,
             InvocationType="RequestResponse",
             Payload=payload,
         )
+        if "FunctionError" in response:
+            error_payload = json.loads(response["Payload"].read())
+            print(
+                f"[browser] [ERROR] Lambda function crashed: "
+                f"{response['FunctionError']} — {error_payload}",
+                flush=True,
+            )
+            return None
         result = json.loads(response["Payload"].read())
         if result.get("status") == "success":
             print(f"[browser] Screenshot captured: {result.get('screenshotS3Key')}", flush=True)
             return result.get("presignedUrl")
         print(f"[browser] Screenshot failed: {result.get('error', 'unknown')}", flush=True)
         return None
     except Exception as e:
-        print(f"[browser] [WARN] capture_screenshot failed: {type(e).__name__}: {e}", flush=True)
+        print(
+            f"[browser] [WARN] capture_screenshot failed (transient): {type(e).__name__}: {e}",
+            flush=True,
+        )
         return None

agent/src/pipeline.py

@@ -337,8 +337,11 @@ def run_task(
                         screenshot_urls = capture_pr_screenshots(pr_url, config.task_id)
                         if screenshot_urls:
                             _append_screenshots_to_pr(config, setup, screenshot_urls)
-                    except Exception:
-                        log("WARN", "Screenshot capture failed (non-fatal)")
+                    except Exception as exc:
+                        log(
+                            "WARN",
+                            f"Screenshot capture failed (non-fatal): {type(exc).__name__}: {exc}",
+                        )
 
                 post_span.set_attribute("build.passed", build_passed)
                 post_span.set_attribute("lint.passed", lint_passed)

agent/src/post_hooks.py

@@ -376,16 +376,33 @@ def _append_screenshots_to_pr(
         images_md = "\n".join(
             f"![Screenshot {i + 1}]({url})" for i, url in enumerate(screenshot_urls)
         )
-        updated_body = f"{current_body}\n\n## Screenshots\n\n{images_md}"
+        screenshots_section = f"## Screenshots\n\n{images_md}"
+
+        if re.search(r"## Screenshots", current_body):
+            updated_body = re.sub(
+                r"## Screenshots\n.*?(?=\n## |\Z)",
+                screenshots_section,
+                current_body,
+                flags=re.DOTALL,
+            )
+        else:
+            updated_body = f"{current_body}\n\n{screenshots_section}"
 
-        subprocess.run(
+        edit_result = subprocess.run(
             ["gh", "pr", "edit", setup.branch, "--repo", config.repo_url, "--body", updated_body],
             cwd=setup.repo_dir,
             capture_output=True,
             text=True,
             timeout=30,
         )
-        log("POST", f"Appended {len(screenshot_urls)} screenshot(s) to PR body")
+        if edit_result.returncode == 0:
+            log("POST", f"Appended {len(screenshot_urls)} screenshot(s) to PR body")
+        else:
+            log(
+                "WARN",
+                f"gh pr edit failed (rc={edit_result.returncode}): "
+                f"{edit_result.stderr.strip()[:200]}",
+            )
     except Exception as e:
         log("WARN", f"Failed to append screenshots to PR: {type(e).__name__}: {e}")
 

agent/tests/test_post_hooks.py

@@ -0,0 +1,81 @@
+"""Unit tests for post_hooks screenshot functions."""
+
+from unittest.mock import MagicMock, patch
+
+from post_hooks import _append_screenshots_to_pr, capture_pr_screenshots
+
+
+class TestCapturePrScreenshots:
+    def test_returns_urls_on_success(self):
+        with patch("browser.capture_screenshot", return_value="https://s3/img.png"):
+            result = capture_pr_screenshots("https://github.com/owner/repo/pull/1", "task-1")
+        assert result == ["https://s3/img.png"]
+
+    def test_returns_empty_list_when_pr_url_empty(self):
+        result = capture_pr_screenshots("", "task-1")
+        assert result == []
+
+    def test_returns_empty_list_when_pr_url_not_github(self):
+        result = capture_pr_screenshots("https://gitlab.com/owner/repo/pull/1", "task-1")
+        assert result == []
+
+    def test_returns_empty_list_on_exception(self):
+        with patch("browser.capture_screenshot", side_effect=RuntimeError("boom")):
+            result = capture_pr_screenshots("https://github.com/owner/repo/pull/1", "task-1")
+        assert result == []
+
+
+class TestAppendScreenshotsToPr:
+    def _make_mocks(self):
+        config = MagicMock()
+        config.repo_url = "https://github.com/owner/repo"
+        setup = MagicMock()
+        setup.branch = "bgagent/task-1"
+        setup.repo_dir = "/tmp/repo"
+        return config, setup
+
+    def test_appends_screenshots_section(self):
+        config, setup = self._make_mocks()
+        view_result = MagicMock(returncode=0, stdout="## Summary\n\nSome PR body")
+        edit_result = MagicMock(returncode=0, stderr="")
+        with patch("post_hooks.subprocess.run", side_effect=[view_result, edit_result]) as mock_run:
+            _append_screenshots_to_pr(config, setup, ["https://s3/img1.png"])
+        edit_call = mock_run.call_args_list[1]
+        body_arg = edit_call[0][0][edit_call[0][0].index("--body") + 1]
+        assert "## Screenshots" in body_arg
+        assert "![Screenshot 1](https://s3/img1.png)" in body_arg
+
+    def test_replaces_existing_screenshots_section(self):
+        config, setup = self._make_mocks()
+        existing_body = "## Summary\n\nBody\n\n## Screenshots\n\n![Screenshot 1](https://old.png)"
+        view_result = MagicMock(returncode=0, stdout=existing_body)
+        edit_result = MagicMock(returncode=0, stderr="")
+        with patch("post_hooks.subprocess.run", side_effect=[view_result, edit_result]) as mock_run:
+            _append_screenshots_to_pr(config, setup, ["https://s3/new.png"])
+        edit_call = mock_run.call_args_list[1]
+        body_arg = edit_call[0][0][edit_call[0][0].index("--body") + 1]
+        assert "![Screenshot 1](https://s3/new.png)" in body_arg
+        assert "https://old.png" not in body_arg
+        # Should only have one ## Screenshots section
+        assert body_arg.count("## Screenshots") == 1
+
+    def test_handles_gh_pr_view_failure(self):
+        config, setup = self._make_mocks()
+        view_result = MagicMock(returncode=1, stdout="", stderr="not found")
+        with patch("post_hooks.subprocess.run", return_value=view_result):
+            # Should not raise
+            _append_screenshots_to_pr(config, setup, ["https://s3/img.png"])
+
+    def test_handles_gh_pr_edit_failure(self):
+        config, setup = self._make_mocks()
+        view_result = MagicMock(returncode=0, stdout="## Summary\n\nBody")
+        edit_result = MagicMock(returncode=1, stderr="permission denied")
+        with patch("post_hooks.subprocess.run", side_effect=[view_result, edit_result]):
+            # Should not raise
+            _append_screenshots_to_pr(config, setup, ["https://s3/img.png"])
+
+    def test_does_nothing_when_urls_empty(self):
+        config, setup = self._make_mocks()
+        with patch("post_hooks.subprocess.run") as mock_run:
+            _append_screenshots_to_pr(config, setup, [])
+        mock_run.assert_not_called()

cdk/src/constructs/agent-browser.ts

@@ -34,7 +34,6 @@ export interface AgentBrowserProps {
 
 export class AgentBrowser extends Construct {
   public readonly browser: agentcore.BrowserCustom;
-  public readonly gateway: agentcore.Gateway;
   public readonly browserToolFn: lambda.NodejsFunction;
   public readonly screenshotBucket: s3.Bucket;
 
@@ -108,79 +107,6 @@ export class AgentBrowser extends Construct {
       },
     ], true);
 
-    // --- Gateway with Lambda target ---
-    this.gateway = new agentcore.Gateway(this, 'Gateway');
-
-    const toolSchema = agentcore.ToolSchema.fromInline([
-      {
-        name: 'screenshot',
-        description: 'Capture a screenshot of a web page at the given URL',
-        inputSchema: {
-          type: agentcore.SchemaDefinitionType.OBJECT,
-          properties: {
-            action: {
-              type: agentcore.SchemaDefinitionType.STRING,
-              description: 'The action to perform. Must be "screenshot".',
-            },
-            url: {
-              type: agentcore.SchemaDefinitionType.STRING,
-              description: 'The URL of the web page to capture',
-            },
-            taskId: {
-              type: agentcore.SchemaDefinitionType.STRING,
-              description: 'Optional task ID for organizing screenshots',
-            },
-          },
-          required: ['action', 'url'],
-        },
-        outputSchema: {
-          type: agentcore.SchemaDefinitionType.OBJECT,
-          properties: {
-            status: {
-              type: agentcore.SchemaDefinitionType.STRING,
-              description: 'Result status: success or error',
-            },
-            screenshotS3Key: {
-              type: agentcore.SchemaDefinitionType.STRING,
-              description: 'S3 key of the stored screenshot',
-            },
-            presignedUrl: {
-              type: agentcore.SchemaDefinitionType.STRING,
-              description: 'Presigned URL to download the screenshot',
-            },
-            error: {
-              type: agentcore.SchemaDefinitionType.STRING,
-              description: 'Error message if the action failed',
-            },
-          },
-        },
-      },
-    ]);
-
-    this.gateway.addLambdaTarget('BrowserToolTarget', {
-      lambdaFunction: this.browserToolFn,
-      toolSchema,
-    });
-
-    NagSuppressions.addResourceSuppressions(this.gateway, [
-      {
-        id: 'AwsSolutions-IAM5',
-        reason: 'Gateway execution role requires wildcard permissions — generated by CDK L2 construct',
-      },
-      {
-        id: 'AwsSolutions-COG1',
-        reason: 'Gateway default Cognito user pool uses M2M client credentials flow — password policy not applicable',
-      },
-      {
-        id: 'AwsSolutions-COG2',
-        reason: 'Gateway default Cognito user pool uses M2M client credentials flow — MFA not applicable',
-      },
-      {
-        id: 'AwsSolutions-COG3',
-        reason: 'Gateway default Cognito user pool uses M2M client credentials flow — advanced security not required',
-      },
-    ], true);
-
     NagSuppressions.addResourceSuppressions(this.browser, [
       {
         id: 'AwsSolutions-IAM5',