Conversation
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: PR modifies client library code (browser session client) rather than API endpoints or Temporal workflows in packages/api/ To monitor this PR anyway, reply with |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Bind browser subresource calls to a browser session's base_url and expose raw HTTP through fetch so metro-routed access feels like normal JavaScript networking. Made-with: Cursor
Fail fast when browser-scoped clients do not have a session base_url, route subresource calls through the browser session base directly, and clean up browser-vm wording. Made-with: Cursor
Fail fast when browser-scoped clients are missing a browser session base_url, route subresource calls through the session base consistently, and keep lint output clean. Made-with: Cursor
Replace the handwritten Node browser-scoped façade with deterministic generated bindings from the browser resource graph, and enforce regeneration during lint and build. Made-with: Cursor
rgarcia
force-pushed
the
raf/browser-scoped-client
branch
from
c5731cb to
e730af8
Compare
Route direct-to-VM browser requests through the shared client cache so the SDK no longer needs the generated browser session wrapper layer. Made-with: Cursor
Trim the node browser routing changes down to the cache/interceptor shape from PR #100 and remove the leftover browser-scoped example and priming surface. Made-with: Cursor
rgarcia
changed the title
Shorten the browserRouting allowlist field to subresources so the direct-to-VM configuration reads more cleanly without changing behavior. Made-with: Cursor
Keep the node browser-routing example showing both direct subresource routing and the cache-backed /curl/raw path. Made-with: Cursor
Bring back the cache-backed browser fetch helper so raw HTTP stays on the SDK's language-native surface instead of falling through to manual /curl/raw requests. Made-with: Cursor
Remove the unnecessary generated resource and dependency diffs from the node branch and keep BrowserRouteCache.set() as a direct assignment without trimming user input. Made-with: Cursor
Tighten the browser routing files to the repo's formatter expectations so the node CI lint job passes cleanly again. Made-with: Cursor
Split browser.fetch into its own helper, remove unused browser transport code, and simplify withOptions cache sharing so the routing layer stays easier to reason about. Made-with: Cursor
Remove the public browser routing constructor knobs and read direct-to-VM subresource rollout from KERNEL_BROWSER_ROUTING_SUBRESOURCES instead, defaulting to curl while leaving browser.fetch cache-backed.
Keep the routing wrapper from stripping runtime-specific fetch init options when requests fall through or route directly to the VM, and share the browser fetch helpers so routed methods stay type-safe and covered by regression tests. Made-with: Cursor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issue. You can view the agent here.
Reviewed by Cursor Bugbot for commit 9b24280. Configure here.
| const response = await routeRequest(innerFetch, { input, init, request }, apiOrigin, allowed, cache); | ||
| await sniffAndPopulateCache(response, cache); | ||
| return response; | ||
| }; |
There was a problem hiding this comment.
Every JSON response cloned and parsed unnecessarily
Medium Severity
sniffAndPopulateCache is await-ed on every single fetch response — including non-browser endpoints like deployments, invocations, credentials, etc. For every JSON response, the body is cloned and fully parsed before the response is returned to the caller. This blocks the caller until the entire response body has been received and parsed as JSON, adding latency proportional to response size on every API call. Only responses to browser-related paths (matching the /browsers/ pattern) can ever contain cacheable route data, so the work is wasted for all other endpoints.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 9b24280. Configure here.
2 participants
Summary
browserRoutingclient constructor config and move rollout control toKERNEL_BROWSER_ROUTING_SUBRESOURCEScurlwhen the env var is unset, and treat an explicit empty string as disabling browser subresource routingBrowserRouteCachepublic for debugging while making the routing fetch wrapper fully internal to the client constructor andwithOptions()browsers.fetch()cache-backed so raw HTTP continues to go directly to the browser VM’s/curl/rawpath with no control-plane fallbackRollout behavior
curlsubresources directly to the browser VM"": disable browser subresource routing entirelybrowsers.fetch()still always goes direct to the browser VM because it resolves through the shared browser route cache and/curl/rawTest plan
./node_modules/.bin/jest tests/lib/browser-routing.test.ts./node_modules/.bin/eslint src/client.ts src/lib/browser-routing.ts src/index.ts tests/lib/browser-routing.test.ts examples/browser-routing.ts./node_modules/.bin/tsc -p tsconfig.json --noEmitKERNEL_API_KEY=... KERNEL_BASE_URL=https://api.onkernel.com ./node_modules/.bin/ts-node examples/browser-routing.tsNote
Medium Risk
Wraps the client’s
fetchto transparently reroute some/browsers/{session}/{subresource}calls directly to the browser VM based on cached route data, which could affect request routing/headers and break integrations if misconfigured.Overview
Adds a shared
BrowserRouteCachethat is auto-populated by sniffing JSON API responses for browsersession_id/base_urland a JWT (fromjwtorcdp_ws_url). TheKernelclient now wraps its underlyingfetchto intercept allowlisted/browsers/{sessionId}/{subresource}requests and send them directly to the browser VMbase_url, strippingauthorizationand injectingjwtas a query param.Rollout is controlled by
KERNEL_BROWSER_ROUTING_SUBRESOURCES(unset defaults to routingcurl; empty string disables routing; comma-list routes those subresources). Addsbrowsers.fetch()implemented via newbrowserFetch()to always issue raw HTTP through the VM’s/curl/rawendpoint using the cache, expandsHTTPMethodto includehead/options, exports the new types, and includes an example and Jest coverage for routing/cache/withOptions()behavior.Reviewed by Cursor Bugbot for commit 9b24280. Bugbot is set up for automated code reviews on this repo. Configure here.