Conversation
Bind browser subresource calls to a browser session's base_url and expose raw HTTP through request and stream helpers so metro-routed access feels like normal httpx usage. Made-with: Cursor
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: PR adds browser-scoped session client functionality but does not appear to modify API endpoints (packages/api/cmd/api/) or Temporal workflows (packages/api/lib/temporal) as specified in the filter. To monitor this PR anyway, reply with |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Prevent browser-scoped raw HTTP helpers from letting user params override internal routing query keys, and clean up wording around browser session base_url routing. Made-with: Cursor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issue. You can view the agent here.
Reviewed by Cursor Bugbot for commit cfa07c9. Configure here.
Keep the browser-scoped request helpers aligned with repo linting and reserve internal raw-request query keys without exposing implementation details. Made-with: Cursor
Keep the browser-scoped test file aligned with the repo lint configuration so the follow-up typing fixes pass CI. Made-with: Cursor
Tighten browser-scoped helper typing and test casts so the Python SDK passes the repository's lint and pyright checks cleanly. Made-with: Cursor
Replace the handwritten Python browser-scoped façade with deterministic generated bindings from the browser resource graph, and enforce regeneration during lint. Made-with: Cursor
Keep the browser-scoped Python generator compatible with the repo lint pipeline by suppressing strict pyright diagnostics that are not meaningful for the AST-walking build script. Made-with: Cursor
Keep the Python generator and generated browser-scoped façade aligned with pyright and mypy so the deterministic regeneration path passes the repo lint pipeline. Made-with: Cursor
Sort the generator script imports and keep the deterministic browser-scoped generation path aligned with the repo lint pipeline. Made-with: Cursor
1 participant
Summary
kernel.for_browser(...)andasync_kernel.for_browser(...)to create browser-scoped clients from browser session responsesbase_urlso callers stop repeating the browser idbrowser.request(...)andbrowser.stream(...)while keeping the internal/curl/rawtransport path hiddenTest plan
uv run python -m pytest tests/test_browser_scoped.py -o addopts= -qMade with Cursor
Note
Medium Risk
Adds a new client surface (
Kernel.for_browser) that rewrites request routing to per-sessionbase_urland injects JWT/query params, which could impact request correctness and auth if mis-generated or mis-parsed.Overview
Adds
Kernel.for_browser(...)/AsyncKernel.for_browser(...)to create a browser-scoped client that calls browser session subresources (e.g.process,fs,computer, etc.) without requiring an explicitid, by injecting the session id and routing requests via the session’sbase_url.Introduces
kernel.lib.browser_scopedwith a session-local HTTP client that strips the/browsers/{id}prefix, plusrequest()/stream()helpers that proxy arbitrary HTTP via the internal/curl/rawendpoint while preventing user params from overriding reservedjwt/urlquery keys.Adds an AST-based generator (
scripts/generate_browser_scoped.py) and committedgenerated_bindings.pyfor the bound resources, wires generation intoscripts/lint, updates browser response docstrings forbase_url, and adds targeted tests for routing, JWT extraction, and reserved-param behavior.Reviewed by Cursor Bugbot for commit 8f1d506. Bugbot is set up for automated code reviews on this repo. Configure here.