mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-07 05:56:41 +02:00
Garry Tan
cf3582c637
* feat: add /cso skill — OWASP Top 10 + STRIDE security audit * fix: harden gstack-slug against shell injection via eval Whitelist safe characters (a-zA-Z0-9._-) in SLUG and BRANCH output to prevent shell metacharacter injection when used with eval. Only affects self-hosted git servers with lax naming rules — GitHub and GitLab enforce safe characters already. Defense-in-depth. * fix(security): sanitize gstack-slug output against shell injection The gstack-slug script is consumed via eval $(gstack-slug) throughout skill templates. If a git remote URL contains shell metacharacters like $(), backticks, or semicolons, they would be executed by eval. Fix: strip all characters except [a-zA-Z0-9._-] from both SLUG and BRANCH before output. This preserves normal values while neutralizing any injection payload in malicious remote URLs. Before: eval $(gstack-slug) with remote "foo/bar$(rm -rf /)" → executes rm After: eval $(gstack-slug) with remote "foo/bar$(rm -rf /)" → SLUG=foo-barrm-rf- * fix(security): redact sensitive values in storage command output The browse `storage` command dumps all localStorage and sessionStorage as JSON. This can expose tokens, API keys, JWTs, and session credentials in QA reports and agent transcripts. Fix: redact values where the key matches sensitive patterns (token, secret, key, password, auth, jwt, csrf) or the value starts with known credential prefixes (eyJ for JWT, sk- for Stripe, ghp_ for GitHub, etc.). Redacted values show length to aid debugging: [REDACTED — 128 chars] * fix(browse): kill old server before restart to prevent orphaned chromium processes When the health check fails or the server connection drops, `ensureServer()` and `sendCommand()` would call `startServer()` without first killing the previous server process. This left orphaned `chrome-headless-shell` renderer processes running at ~120% CPU each. After several reconnect cycles (e.g. pages that crash during hydration or trigger hard navigations via `window.location.href`), dozens of zombie chromium processes accumulate and exhaust system resources. Fix: call `killServer()` on the stale PID before spawning a new server in both the `ensureServer()` unhealthy path and the `sendCommand()` connection- lost retry path. Fixes #294 * Fix YAML linter error: nested mapping in compact sequence entries Having "Run: bun" inside a plain scalar is not allowed per YAML spec which states: Plain scalars must never contain the “: ” and “ #” character combinations. This simple fix switches to block scalars (|) to eliminate the ambiguity without changing runtime behavior. * fix(security): add Azure metadata endpoint to SSRF blocklist Add metadata.azure.internal to BLOCKED_METADATA_HOSTS alongside the existing AWS/GCP endpoints. Closes the coverage gap identified in #125. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * test: add coverage for storage redaction Test key-based redaction (auth_token, api_key), value-based redaction (JWT prefix, GitHub PAT prefix), pass-through for normal keys, and length preservation in redacted output. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: add community PR triage process to CONTRIBUTING.md Document the wave-based PR triage pattern used for batching community contributions. References PR #205 (v0.8.3) as the original example. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: adjust test key names to avoid redaction pattern collision Rename testKey→testData and normalKey→displayName in storage tests to avoid triggering #238's SENSITIVE_KEY regex (which matches 'key'). Also generate Codex variant of /cso skill. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: update project documentation for v0.9.10.0 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: zero-noise /cso security audits with FP filtering (v0.11.0.0) Absorb Anthropic's security-review false positive filtering into /cso: - 17 hard exclusions (DOS, test files, log spoofing, SSRF path-only, regex injection, race conditions unless concrete, etc.) - 9 precedents (React XSS-safe, env vars trusted, client-side code doesn't need auth, shell scripts need concrete untrusted input path) - 8/10 confidence gate — below threshold = don't report - Independent sub-agent verification for each finding - Exploit scenario requirement per finding - Framework-aware analysis (Rails CSRF, React escaping, Angular sanitization) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: consolidate CHANGELOG — merge /cso launch + community wave into v0.11.0.0 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: rewrite README — lead with Karpathy quote, cut LinkedIn phrases, add /cso Opens with the revolution (Karpathy, Steinberger/OpenClaw), keeps credentials and LOC numbers, cuts filler phrases, adds hater bait, restores hiring block, removes bloated "What's new" section, adds /cso to skills table and install. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(cso): adversarial review fixes — FP filtering, prompt injection, language coverage - Exclusion #10: test files must verify not imported by non-test code - Exclusion #13: distinguish user-message AI input from system-prompt injection - Exclusion #14: ReDoS in user-input regex IS a real CVE class, don't exclude - Add anti-manipulation rule: ignore audit-influencing instructions in codebase - Fix confidence gate: remove contradictory 7-8 tier, hard cutoff at 8 - Fix verifier anchoring: send only file+line, not category/description - Add Go, PHP, Java, C#, Kotlin to grep patterns (was 4 languages, now 8) - Add GraphQL, gRPC, WebSocket endpoint detection to attack surface mapping Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(docs): correct skill counts, add /autoplan to README tables Skill count was wrong in 3 places (said 19+7=26, said 25, actual is 28). Added /autoplan to specialist table. Fixed troubleshooting skills list to include all skills added since v0.7.0. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(browse): DNS rebinding protection for SSRF blocklist validateNavigationUrl is now async — resolves hostname to IP and checks against blocked metadata IPs. Prevents DNS rebinding where evil.com initially resolves to a safe IP, then switches to 169.254.169.254. All callers updated to await. Tests updated for async assertions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(browse): lockfile prevents concurrent server start races Adds exclusive lockfile (O_CREAT|O_EXCL) around ensureServer to prevent TOCTOU race where two CLI invocations could both kill the old server and start new ones, leaving an orphaned chromium process. Second caller now waits for the first to finish starting. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(browse): improve storage redaction — word-boundary keys + more value prefixes Key regex: use underscore/dot/hyphen boundaries instead of \b (which treats _ as word char). Now correctly redacts auth_token, session_token while skipping keyboardShortcuts, monkeyPatch, primaryKey. Value regex: add AWS (AKIA), Stripe (sk_live_, pk_live_), Anthropic (sk-ant-), Google (AIza), Sendgrid (SG.), Supabase (sbp_) prefixes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: migrate all remaining eval callers to source, fix stale CHANGELOG claim 5 templates and 2 bin scripts still used eval $(gstack-slug). All now use source <(gstack-slug). Updated gstack-slug comment to match. Fixed v0.8.3 CHANGELOG entry that falsely claimed eval was fully eliminated — it was the output sanitization that made it safe, not a calling convention change. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(docs): add /autoplan to install instructions, regen skill docs The install instruction blocks and troubleshooting section were missing /autoplan. All three skill list locations now include the complete 28-skill set. Regenerated codex/agents SKILL.md files to match template changes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: update project documentation for v0.11.0.0 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs(cso): add disclaimer — not a substitute for professional security audits LLMs can miss subtle vulns and produce false negatives. For production systems with sensitive data, hire a real firm. /cso is a first pass, not your only line of defense. Disclaimer appended to every report. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Arun Kumar Thiagarajan <arunkt.bm14@gmail.com> Co-authored-by: Tyrone Robb <tyrone.robb@icloud.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Orkun Duman <orkun1675@gmail.com>
421 lines
14 KiB
TypeScript
421 lines
14 KiB
TypeScript
/**
|
|
* gstack CLI — thin wrapper that talks to the persistent server
|
|
*
|
|
* Flow:
|
|
* 1. Read .gstack/browse.json for port + token
|
|
* 2. If missing or stale PID → start server in background
|
|
* 3. Health check + version mismatch detection
|
|
* 4. Send command via HTTP POST
|
|
* 5. Print response to stdout (or stderr for errors)
|
|
*/
|
|
|
|
import * as fs from 'fs';
|
|
import * as path from 'path';
|
|
import { resolveConfig, ensureStateDir, readVersionHash } from './config';
|
|
|
|
const config = resolveConfig();
|
|
const IS_WINDOWS = process.platform === 'win32';
|
|
const MAX_START_WAIT = IS_WINDOWS ? 15000 : 8000; // Node+Chromium takes longer on Windows
|
|
|
|
export function resolveServerScript(
|
|
env: Record<string, string | undefined> = process.env,
|
|
metaDir: string = import.meta.dir,
|
|
execPath: string = process.execPath
|
|
): string {
|
|
if (env.BROWSE_SERVER_SCRIPT) {
|
|
return env.BROWSE_SERVER_SCRIPT;
|
|
}
|
|
|
|
// Dev mode: cli.ts runs directly from browse/src
|
|
// On macOS/Linux, import.meta.dir starts with /
|
|
// On Windows, it starts with a drive letter (e.g., C:\...)
|
|
if (!metaDir.includes('$bunfs')) {
|
|
const direct = path.resolve(metaDir, 'server.ts');
|
|
if (fs.existsSync(direct)) {
|
|
return direct;
|
|
}
|
|
}
|
|
|
|
// Compiled binary: derive the source tree from browse/dist/browse
|
|
if (execPath) {
|
|
const adjacent = path.resolve(path.dirname(execPath), '..', 'src', 'server.ts');
|
|
if (fs.existsSync(adjacent)) {
|
|
return adjacent;
|
|
}
|
|
}
|
|
|
|
throw new Error(
|
|
'Cannot find server.ts. Set BROWSE_SERVER_SCRIPT env or run from the browse source tree.'
|
|
);
|
|
}
|
|
|
|
const SERVER_SCRIPT = resolveServerScript();
|
|
|
|
/**
|
|
* On Windows, resolve the Node.js-compatible server bundle.
|
|
* Falls back to null if not found (server will use Bun instead).
|
|
*/
|
|
export function resolveNodeServerScript(
|
|
metaDir: string = import.meta.dir,
|
|
execPath: string = process.execPath
|
|
): string | null {
|
|
// Dev mode
|
|
if (!metaDir.includes('$bunfs')) {
|
|
const distScript = path.resolve(metaDir, '..', 'dist', 'server-node.mjs');
|
|
if (fs.existsSync(distScript)) return distScript;
|
|
}
|
|
|
|
// Compiled binary: browse/dist/browse → browse/dist/server-node.mjs
|
|
if (execPath) {
|
|
const adjacent = path.resolve(path.dirname(execPath), 'server-node.mjs');
|
|
if (fs.existsSync(adjacent)) return adjacent;
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
const NODE_SERVER_SCRIPT = IS_WINDOWS ? resolveNodeServerScript() : null;
|
|
|
|
interface ServerState {
|
|
pid: number;
|
|
port: number;
|
|
token: string;
|
|
startedAt: string;
|
|
serverPath: string;
|
|
binaryVersion?: string;
|
|
}
|
|
|
|
// ─── State File ────────────────────────────────────────────────
|
|
function readState(): ServerState | null {
|
|
try {
|
|
const data = fs.readFileSync(config.stateFile, 'utf-8');
|
|
return JSON.parse(data);
|
|
} catch {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
function isProcessAlive(pid: number): boolean {
|
|
try {
|
|
process.kill(pid, 0);
|
|
return true;
|
|
} catch {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// ─── Process Management ─────────────────────────────────────────
|
|
async function killServer(pid: number): Promise<void> {
|
|
if (!isProcessAlive(pid)) return;
|
|
|
|
try { process.kill(pid, 'SIGTERM'); } catch { return; }
|
|
|
|
// Wait up to 2s for graceful shutdown
|
|
const deadline = Date.now() + 2000;
|
|
while (Date.now() < deadline && isProcessAlive(pid)) {
|
|
await Bun.sleep(100);
|
|
}
|
|
|
|
// Force kill if still alive
|
|
if (isProcessAlive(pid)) {
|
|
try { process.kill(pid, 'SIGKILL'); } catch {}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Clean up legacy /tmp/browse-server*.json files from before project-local state.
|
|
* Verifies PID ownership before sending signals.
|
|
*/
|
|
function cleanupLegacyState(): void {
|
|
try {
|
|
const files = fs.readdirSync('/tmp').filter(f => f.startsWith('browse-server') && f.endsWith('.json'));
|
|
for (const file of files) {
|
|
const fullPath = `/tmp/${file}`;
|
|
try {
|
|
const data = JSON.parse(fs.readFileSync(fullPath, 'utf-8'));
|
|
if (data.pid && isProcessAlive(data.pid)) {
|
|
// Verify this is actually a browse server before killing
|
|
const check = Bun.spawnSync(['ps', '-p', String(data.pid), '-o', 'command='], {
|
|
stdout: 'pipe', stderr: 'pipe', timeout: 2000,
|
|
});
|
|
const cmd = check.stdout.toString().trim();
|
|
if (cmd.includes('bun') || cmd.includes('server.ts')) {
|
|
try { process.kill(data.pid, 'SIGTERM'); } catch {}
|
|
}
|
|
}
|
|
fs.unlinkSync(fullPath);
|
|
} catch {
|
|
// Best effort — skip files we can't parse or clean up
|
|
}
|
|
}
|
|
// Clean up legacy log files too
|
|
const logFiles = fs.readdirSync('/tmp').filter(f =>
|
|
f.startsWith('browse-console') || f.startsWith('browse-network') || f.startsWith('browse-dialog')
|
|
);
|
|
for (const file of logFiles) {
|
|
try { fs.unlinkSync(`/tmp/${file}`); } catch {}
|
|
}
|
|
} catch {
|
|
// /tmp read failed — skip legacy cleanup
|
|
}
|
|
}
|
|
|
|
// ─── Server Lifecycle ──────────────────────────────────────────
|
|
async function startServer(): Promise<ServerState> {
|
|
ensureStateDir(config);
|
|
|
|
// Clean up stale state file
|
|
try { fs.unlinkSync(config.stateFile); } catch {}
|
|
|
|
// Start server as detached background process.
|
|
// On Windows, Bun can't launch/connect to Playwright's Chromium (oven-sh/bun#4253, #9911).
|
|
// Fall back to running the server under Node.js with Bun API polyfills.
|
|
const useNode = IS_WINDOWS && NODE_SERVER_SCRIPT;
|
|
const serverCmd = useNode
|
|
? ['node', NODE_SERVER_SCRIPT]
|
|
: ['bun', 'run', SERVER_SCRIPT];
|
|
const proc = Bun.spawn(serverCmd, {
|
|
stdio: ['ignore', 'pipe', 'pipe'],
|
|
env: { ...process.env, BROWSE_STATE_FILE: config.stateFile },
|
|
});
|
|
|
|
// Don't hold the CLI open
|
|
proc.unref();
|
|
|
|
// Wait for state file to appear
|
|
const start = Date.now();
|
|
while (Date.now() - start < MAX_START_WAIT) {
|
|
const state = readState();
|
|
if (state && isProcessAlive(state.pid)) {
|
|
return state;
|
|
}
|
|
await Bun.sleep(100);
|
|
}
|
|
|
|
// If we get here, server didn't start in time
|
|
// Try to read stderr for error message
|
|
const stderr = proc.stderr;
|
|
if (stderr) {
|
|
const reader = stderr.getReader();
|
|
const { value } = await reader.read();
|
|
if (value) {
|
|
const errText = new TextDecoder().decode(value);
|
|
throw new Error(`Server failed to start:\n${errText}`);
|
|
}
|
|
}
|
|
throw new Error(`Server failed to start within ${MAX_START_WAIT / 1000}s`);
|
|
}
|
|
|
|
/**
|
|
* Acquire an exclusive lockfile to prevent concurrent ensureServer() races (TOCTOU).
|
|
* Returns a cleanup function that releases the lock.
|
|
*/
|
|
function acquireServerLock(): (() => void) | null {
|
|
const lockPath = `${config.stateFile}.lock`;
|
|
try {
|
|
// O_CREAT | O_EXCL — fails if file already exists (atomic check-and-create)
|
|
const fd = fs.openSync(lockPath, fs.constants.O_CREAT | fs.constants.O_EXCL | fs.constants.O_WRONLY);
|
|
fs.writeSync(fd, `${process.pid}\n`);
|
|
fs.closeSync(fd);
|
|
return () => { try { fs.unlinkSync(lockPath); } catch {} };
|
|
} catch {
|
|
// Lock already held — check if the holder is still alive
|
|
try {
|
|
const holderPid = parseInt(fs.readFileSync(lockPath, 'utf8').trim(), 10);
|
|
if (holderPid && isProcessAlive(holderPid)) {
|
|
return null; // Another live process holds the lock
|
|
}
|
|
// Stale lock — remove and retry
|
|
fs.unlinkSync(lockPath);
|
|
return acquireServerLock();
|
|
} catch {
|
|
return null;
|
|
}
|
|
}
|
|
}
|
|
|
|
async function ensureServer(): Promise<ServerState> {
|
|
const state = readState();
|
|
|
|
if (state && isProcessAlive(state.pid)) {
|
|
// Check for binary version mismatch (auto-restart on update)
|
|
const currentVersion = readVersionHash();
|
|
if (currentVersion && state.binaryVersion && currentVersion !== state.binaryVersion) {
|
|
console.error('[browse] Binary updated, restarting server...');
|
|
await killServer(state.pid);
|
|
return startServer();
|
|
}
|
|
|
|
// Server appears alive — do a health check
|
|
try {
|
|
const resp = await fetch(`http://127.0.0.1:${state.port}/health`, {
|
|
signal: AbortSignal.timeout(2000),
|
|
});
|
|
if (resp.ok) {
|
|
const health = await resp.json() as any;
|
|
if (health.status === 'healthy') {
|
|
return state;
|
|
}
|
|
}
|
|
} catch {
|
|
// Health check failed — server is dead or unhealthy
|
|
}
|
|
}
|
|
|
|
// Acquire lock to prevent concurrent restart races (TOCTOU)
|
|
const releaseLock = acquireServerLock();
|
|
if (!releaseLock) {
|
|
// Another process is starting the server — wait for it
|
|
console.error('[browse] Another instance is starting the server, waiting...');
|
|
const start = Date.now();
|
|
while (Date.now() - start < MAX_START_WAIT) {
|
|
const freshState = readState();
|
|
if (freshState && isProcessAlive(freshState.pid)) return freshState;
|
|
await Bun.sleep(200);
|
|
}
|
|
throw new Error('Timed out waiting for another instance to start the server');
|
|
}
|
|
|
|
try {
|
|
// Re-read state under lock in case another process just started the server
|
|
const freshState = readState();
|
|
if (freshState && isProcessAlive(freshState.pid)) {
|
|
return freshState;
|
|
}
|
|
|
|
// Kill the old server to avoid orphaned chromium processes
|
|
if (state && state.pid) {
|
|
await killServer(state.pid);
|
|
}
|
|
console.error('[browse] Starting server...');
|
|
return await startServer();
|
|
} finally {
|
|
releaseLock();
|
|
}
|
|
}
|
|
|
|
// ─── Command Dispatch ──────────────────────────────────────────
|
|
async function sendCommand(state: ServerState, command: string, args: string[], retries = 0): Promise<void> {
|
|
const body = JSON.stringify({ command, args });
|
|
|
|
try {
|
|
const resp = await fetch(`http://127.0.0.1:${state.port}/command`, {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'Authorization': `Bearer ${state.token}`,
|
|
},
|
|
body,
|
|
signal: AbortSignal.timeout(30000),
|
|
});
|
|
|
|
if (resp.status === 401) {
|
|
// Token mismatch — server may have restarted
|
|
console.error('[browse] Auth failed — server may have restarted. Retrying...');
|
|
const newState = readState();
|
|
if (newState && newState.token !== state.token) {
|
|
return sendCommand(newState, command, args);
|
|
}
|
|
throw new Error('Authentication failed');
|
|
}
|
|
|
|
const text = await resp.text();
|
|
|
|
if (resp.ok) {
|
|
process.stdout.write(text);
|
|
if (!text.endsWith('\n')) process.stdout.write('\n');
|
|
} else {
|
|
// Try to parse as JSON error
|
|
try {
|
|
const err = JSON.parse(text);
|
|
console.error(err.error || text);
|
|
if (err.hint) console.error(err.hint);
|
|
} catch {
|
|
console.error(text);
|
|
}
|
|
process.exit(1);
|
|
}
|
|
} catch (err: any) {
|
|
if (err.name === 'AbortError') {
|
|
console.error('[browse] Command timed out after 30s');
|
|
process.exit(1);
|
|
}
|
|
// Connection error — server may have crashed
|
|
if (err.code === 'ECONNREFUSED' || err.code === 'ECONNRESET' || err.message?.includes('fetch failed')) {
|
|
if (retries >= 1) throw new Error('[browse] Server crashed twice in a row — aborting');
|
|
console.error('[browse] Server connection lost. Restarting...');
|
|
// Kill the old server to avoid orphaned chromium processes
|
|
const oldState = readState();
|
|
if (oldState && oldState.pid) {
|
|
await killServer(oldState.pid);
|
|
}
|
|
const newState = await startServer();
|
|
return sendCommand(newState, command, args, retries + 1);
|
|
}
|
|
throw err;
|
|
}
|
|
}
|
|
|
|
// ─── Main ──────────────────────────────────────────────────────
|
|
async function main() {
|
|
const args = process.argv.slice(2);
|
|
|
|
if (args.length === 0 || args[0] === '--help' || args[0] === '-h') {
|
|
console.log(`gstack browse — Fast headless browser for AI coding agents
|
|
|
|
Usage: browse <command> [args...]
|
|
|
|
Navigation: goto <url> | back | forward | reload | url
|
|
Content: text | html [sel] | links | forms | accessibility
|
|
Interaction: click <sel> | fill <sel> <val> | select <sel> <val>
|
|
hover <sel> | type <text> | press <key>
|
|
scroll [sel] | wait <sel|--networkidle|--load> | viewport <WxH>
|
|
upload <sel> <file1> [file2...]
|
|
cookie-import <json-file>
|
|
cookie-import-browser [browser] [--domain <d>]
|
|
Inspection: js <expr> | eval <file> | css <sel> <prop> | attrs <sel>
|
|
console [--clear|--errors] | network [--clear] | dialog [--clear]
|
|
cookies | storage [set <k> <v>] | perf
|
|
is <prop> <sel> (visible|hidden|enabled|disabled|checked|editable|focused)
|
|
Visual: screenshot [--viewport] [--clip x,y,w,h] [@ref|sel] [path]
|
|
pdf [path] | responsive [prefix]
|
|
Snapshot: snapshot [-i] [-c] [-d N] [-s sel] [-D] [-a] [-o path] [-C]
|
|
-D/--diff: diff against previous snapshot
|
|
-a/--annotate: annotated screenshot with ref labels
|
|
-C/--cursor-interactive: find non-ARIA clickable elements
|
|
Compare: diff <url1> <url2>
|
|
Multi-step: chain (reads JSON from stdin)
|
|
Tabs: tabs | tab <id> | newtab [url] | closetab [id]
|
|
Server: status | cookie <n>=<v> | header <n>:<v>
|
|
useragent <str> | stop | restart
|
|
Dialogs: dialog-accept [text] | dialog-dismiss
|
|
|
|
Refs: After 'snapshot', use @e1, @e2... as selectors:
|
|
click @e3 | fill @e4 "value" | hover @e1
|
|
@c refs from -C: click @c1`);
|
|
process.exit(0);
|
|
}
|
|
|
|
// One-time cleanup of legacy /tmp state files
|
|
cleanupLegacyState();
|
|
|
|
const command = args[0];
|
|
const commandArgs = args.slice(1);
|
|
|
|
// Special case: chain reads from stdin
|
|
if (command === 'chain' && commandArgs.length === 0) {
|
|
const stdin = await Bun.stdin.text();
|
|
commandArgs.push(stdin.trim());
|
|
}
|
|
|
|
const state = await ensureServer();
|
|
await sendCommand(state, command, commandArgs);
|
|
}
|
|
|
|
if (import.meta.main) {
|
|
main().catch((err) => {
|
|
console.error(`[browse] ${err.message}`);
|
|
process.exit(1);
|
|
});
|
|
}
|