LLM/BrowserOS
1
0
Fork 0
mirror of https://github.com/browseros-ai/BrowserOS.git synced 2026-05-21 12:55:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fix/patch-cli-sync
BrowserOS/packages/browseros-agent/apps/agent/lib/acl/storage.ts
Nikhil 77dcd37000 feat: ACLs and support enforcing (#583) 
* feat: add ACL rules for per-site element-level agent restrictions

Implement Access Control List (ACL) rules that let users block the agent
from interacting with specific elements on specific websites. Rules are
defined in a new Settings > ACL Rules page and enforced server-side in
executeTool() before any input tool handler runs.

- Shared ACL types and site pattern matching (packages/shared)
- Extension storage, settings UI with rule cards and add dialog
- Server-side guard in executeTool() checking tool+page+element
- Browser class extensions for element property resolution via CDP
- Visual overlay injection (red "BLOCKED" mask) via Runtime.evaluate
- Rules transported in chat request body alongside declinedApps

* fix: address review comments for ACL rules

- Add selector-to-property matching in matchesElement (tag, id, class)
- Remove scroll from guarded tools set (read-like action)

* fix: ACL site pattern matching fails on multi-segment URL paths

The glob-to-regex conversion used [^/]* for wildcard (*) which only
matches a single path segment. "*.amazon.com/*" failed to match
"www.amazon.com/cart/smart-wagon" because the trailing * couldn't
cross the slash between "cart" and "smart-wagon".

Fix: Split URL matching into hostname vs path parts. Path wildcards
now use .* to match across slashes. Also add simple domain matching
so users can just type "amazon.com" instead of "*.amazon.com/*".

* fix: wire up ACL overlay injection after take_snapshot

applyAclOverlays was defined but never called. Now triggers after
take_snapshot completes on pages matching ACL rules, so the agent
sees red "BLOCKED" overlays on restricted elements.

* refactor: rework 0326-acl_rules based on feedback
2026-04-13 09:42:45 -07:00

8 lines
200 B
TypeScript
Raw Permalink Blame History

import type { AclRule } from '@browseros/shared/types/acl'
import { storage } from '#imports'
export const aclRulesStorage = storage.defineItem<AclRule[]>(
'local:acl-rules',
{ fallback: [] },
)
Reference in New Issue View Git Blame Copy Permalink