feat: add browser_execute CLI IPC route for daemon-side browser operations#26200
Merged
noanflaherty merged 1 commit intoApr 17, 2026
Conversation
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8ed33a1915
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+75
to
+77
| workingDir: process.cwd(), | ||
| conversationId, | ||
| trustClass: "guardian", |
There was a problem hiding this comment.
This route hardcodes trustClass: "guardian" for every browser_execute request, but the CLI IPC protocol itself does not authenticate callers (the socket server dispatches any JSON request it receives). As a result, any process that can connect to assistant-cli.sock can execute privileged browser operations (including sensitive ones like fill_credential) with guardian-level trust, bypassing the trust boundary expected for non-guardian actors. Please derive trust from an authenticated IPC identity or explicitly restrict high-risk operations on this route.
Useful? React with 👍 / 👎.
noanflaherty
merged commit 21c9729
into
noanflaherty/assistant-browser-cli-decoupling
12 checks passed
noanflaherty
added a commit
that referenced
this pull request
Apr 17, 2026
…26235) * refactor: add browser operations contract decoupled from tool wrappers (#26193) * refactor: add browser operations contract decoupled from tool wrappers * fix: remove TOOLS.json literal from doc comment to pass static analysis guard * fix: remove bundled-skills reference from doc comment to pass static analysis guard * refactor: make browser skill wrappers thin adapters over browser operations (#26199) * feat: add browser_execute CLI IPC route for daemon-side browser operations (#26200) * feat: add `assistant browser` command namespace with 17 browser subcommands (#26207) * feat: add assistant browser command namespace with 17 browser subcommands * fix: address review feedback — daemon terminology, help text examples, boolean flags, write error handling 1. Replace "daemon" and "CLI IPC socket" with user-friendly terminology in all user-facing text per AGENTS.md guidelines. 2. Add optional `helpText` field to `BrowserOperationMeta` type and populate it for all 16 operations with behavioral notes and 2-3 concrete examples per CLI AGENTS.md Help Text Standards. `buildSubcommand` now calls `subcmd.addHelpText("after", ...)`. 3. Fix boolean flags to support explicit `false` values via Commander's `--no-<flag>` negation pattern. `fieldToFlag` now emits `--flag, --no-flag` for booleans, and `parseFieldValue` passes through the actual boolean value instead of always coercing to `true`. 4. Wrap `writeFileSync` for screenshot `--output` in try/catch, producing structured error output (JSON or log) instead of an unhandled stack trace on invalid path or permission errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: add enum choices validation and fix boolean option negation for Commander 13 - Use Commander's Option class with .choices() when field.enum is defined, enforcing valid values at the CLI level and showing allowed choices in --help. Required enum fields also call .makeOptionMandatory(true). - Fix boolean option negation by declaring only --flag (not --flag, --no-flag). Commander 13 auto-generates --no-flag; the dual-declaration pattern caused --flag to parse as false. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: centralize browser identifier sets across permissions and side-effects (#26223) * fix: stale comment and error message wording for wait_for_download (#26234) * fix: IPC timeout for browser operations, JSDoc accuracy, and misleading comments (#26233) * fix: update stale JSDoc on executeWaitForDownload to describe current state --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
browser_executeIPC method withoperation/input/sessionIdparamsbrowser-cli:<sessionId>)executeBrowserOperationwith structured result payload including screenshot extractionPart of plan: assistant-browser-cli-decoupling.md (PR 3 of 5)