refactor: route browser control via gateway/node

2026-06-28 17:01:53 +03:00 · 2026-01-27 03:23:42 +00:00
parent b151b8d196
commit e7fdccce39
91 changed files with 1909 additions and 1608 deletions
@@ -274,41 +274,13 @@ describe("security audit", () => {
    );
  });

-  it("flags remote browser control without token as critical", async () => {
-    const prev = process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN;
-    delete process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN;
-    try {
-      const cfg: ClawdbotConfig = {
-        browser: {
-          controlUrl: "http://example.com:18791",
-        },
-      };
-
-      const res = await runSecurityAudit({
-        config: cfg,
-        includeFilesystem: false,
-        includeChannelSecurity: false,
-      });
-
-      expect(res.findings).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            checkId: "browser.control_remote_no_token",
-            severity: "critical",
-          }),
-        ]),
-      );
-    } finally {
-      if (prev === undefined) delete process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN;
-      else process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN = prev;
-    }
-  });
-
-  it("warns when browser control token matches gateway auth token", async () => {
-    const token = "0123456789abcdef0123456789abcdef";
+  it("warns when remote CDP uses HTTP", async () => {
    const cfg: ClawdbotConfig = {
-      gateway: { auth: { token } },
-      browser: { controlUrl: "https://browser.example.com", controlToken: token },
+      browser: {
+        profiles: {
+          remote: { cdpUrl: "http://example.com:9222", color: "#0066CC" },
+        },
+      },
    };

    const res = await runSecurityAudit({
@@ -319,42 +291,11 @@ describe("security audit", () => {

    expect(res.findings).toEqual(
      expect.arrayContaining([
-        expect.objectContaining({
-          checkId: "browser.control_token_reuse_gateway_token",
-          severity: "warn",
-        }),
+        expect.objectContaining({ checkId: "browser.remote_cdp_http", severity: "warn" }),
      ]),
    );
  });

-  it("warns when remote browser control uses HTTP", async () => {
-    const prev = process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN;
-    delete process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN;
-    try {
-      const cfg: ClawdbotConfig = {
-        browser: {
-          controlUrl: "http://example.com:18791",
-          controlToken: "0123456789abcdef01234567",
-        },
-      };
-
-      const res = await runSecurityAudit({
-        config: cfg,
-        includeFilesystem: false,
-        includeChannelSecurity: false,
-      });
-
-      expect(res.findings).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ checkId: "browser.control_remote_http", severity: "warn" }),
-        ]),
-      );
-    } finally {
-      if (prev === undefined) delete process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN;
-      else process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN = prev;
-    }
-  });
-
  it("warns when control UI allows insecure auth", async () => {
    const cfg: ClawdbotConfig = {
      gateway: {