Open
Conversation
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: PR adds browser-scoped session client functionality but does not appear to modify API endpoints (packages/api/cmd/api/) or Temporal workflows (packages/api/lib/temporal) as specified in the filter. To monitor this PR anyway, reply with |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Bind browser subresource calls to a browser session's base_url and expose raw HTTP through request and stream helpers so metro-routed access feels like normal httpx usage. Made-with: Cursor
Prevent browser-scoped raw HTTP helpers from letting user params override internal routing query keys, and clean up wording around browser session base_url routing. Made-with: Cursor
Keep the browser-scoped request helpers aligned with repo linting and reserve internal raw-request query keys without exposing implementation details. Made-with: Cursor
Keep the browser-scoped test file aligned with the repo lint configuration so the follow-up typing fixes pass CI. Made-with: Cursor
Tighten browser-scoped helper typing and test casts so the Python SDK passes the repository's lint and pyright checks cleanly. Made-with: Cursor
Replace the handwritten Python browser-scoped façade with deterministic generated bindings from the browser resource graph, and enforce regeneration during lint. Made-with: Cursor
Keep the browser-scoped Python generator compatible with the repo lint pipeline by suppressing strict pyright diagnostics that are not meaningful for the AST-walking build script. Made-with: Cursor
Keep the Python generator and generated browser-scoped façade aligned with pyright and mypy so the deterministic regeneration path passes the repo lint pipeline. Made-with: Cursor
Sort the generator script imports and keep the deterministic browser-scoped generation path aligned with the repo lint pipeline. Made-with: Cursor
rgarcia
force-pushed
the
raf/browser-scoped-client
branch
from
8f1d506 to
a80716b
Compare
Turn the browser-scoped Python example into a runnable demonstration of both process execution and /curl/raw-backed request and stream usage. Made-with: Cursor
Move browser raw HTTP and direct-to-VM routing onto the main browsers resource so the SDK uses the shared browser route cache instead of a generated wrapper layer. Made-with: Cursor
Remove the public cache priming helpers, keep jwt-required routes, and rename the example and tests so the python browser routing diff stays focused on cache-backed direct-to-VM behavior. Made-with: Cursor
rgarcia
changed the title
Shorten the browser_routing allowlist field to subresources so the direct-to-VM configuration stays concise while keeping the same routing behavior. Made-with: Cursor
Move the handwritten routing helpers out of the old browser_scoped package, delete the unused browser session clone helper, warm the async browser list cache, and drop the generated type churn from the branch. Made-with: Cursor
Preserve browser routing settings across copy(), skip cache warming for raw response wrappers, and clean up the handwritten routing files so lint can pass on the current branch. Made-with: Cursor
Make the browser routing helpers type-check cleanly in CI, keep copy() signatures aligned with __init__, and avoid cache-warming errors on raw response wrappers. Made-with: Cursor
Encode string request bodies before building raw /curl/raw request options so the browser routing helpers satisfy CI type checks while preserving the public request API. Made-with: Cursor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issue. You can view the agent here.
Reviewed by Cursor Bugbot for commit 3ce80e7. Configure here.
Remove the public browser routing constructor config and derive direct-to-VM subresource routing from KERNEL_BROWSER_ROUTING_SUBRESOURCES instead, defaulting to curl while keeping the raw request helpers direct to the browser.
Store browser routes under a normalized session ID so cache lookups and deletes stay consistent when route data includes surrounding whitespace. Add a regression test to lock in the normalization behavior. Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
browser_routing=client constructor config and move rollout control toKERNEL_BROWSER_ROUTING_SUBRESOURCEScurlwhen the env var is unset, and treat an explicit empty string as disabling browser subresource routingbrowser_route_cachepublic for inspection/debugging while deriving routing behavior internally from the environment onKernel/AsyncKernelbrowsers.request()andbrowsers.stream()cache-backed so raw HTTP continues to go directly to the browser VM’s/curl/rawpath with protectedurl/jwtparamsRollout behavior
curlsubresources directly to the browser VM"": disable browser subresource routing entirelybrowsers.request()/browsers.stream()still always go direct to the browser VM because they resolve through the cached browser route and/curl/rawTest plan
.venv/bin/pytest tests/test_browser_routing.py tests/test_client.py -o addopts=.venv/bin/ruff check src/kernel/_client.py src/kernel/lib/browser_routing/routing.py src/kernel/resources/browsers/browsers.py src/kernel/__init__.py tests/test_browser_routing.py examples/browser_routing.pyPYTHONPATH=src KERNEL_API_KEY=... KERNEL_BASE_URL=https://api.onkernel.com .venv/bin/python examples/browser_routing.pyNote
Medium Risk
Changes request preparation to rewrite certain
/browsers/{id}/...calls to a browser VM base URL and stripsAuthorizationheaders on those requests, which could affect routing/auth behavior if misconfigured. Adds new raw HTTP APIs (browsers.request/browsers.stream) that depend on cached routes and env-based allowlisting.Overview
Introduces direct-to-VM browser subresource routing driven by
KERNEL_BROWSER_ROUTING_SUBRESOURCES(defaults to routingcurl, empty string disables), backed by a new publicbrowser_route_cachestored onKernel/AsyncKernel.The client now rewrites matching
/browsers/{session_id}/{subresource}/...request URLs to the cached browser VMbase_urland injects ajwtquery param, while removingAuthorizationfor direct-to-VM requests.Adds new
browsers.request()andbrowsers.stream()(sync/async) APIs that proxy raw HTTP via the browser VM’s/curl/raw, sanitizing userparamssourl/jwtcannot be overridden, plus an example and targeted tests covering allowlisting, auth stripping, and param sanitization.Reviewed by Cursor Bugbot for commit f4c247b. Bugbot is set up for automated code reviews on this repo. Configure here.