Browser Bridge server and CLI for controlling a Chrome extension over WebSocket

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gregorypotemkin from gravatar.com gregorypotemkin

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags browser , bridge , automation , websocket , fastapi , cli
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

browser-agent-bridge

WebSocket-only browser bridge for remotely controlling a local Chrome extension.

Architecture (WS-only)

Operator CLI (remote/local)
    |
    |  ws(s)://.../ws/operator   (auth)
    v
Bridge Server
    ^
    |  ws(s)://.../ws/client     (auth)
    |
Chrome Extension (local browser)
    |
    +-- content script commands: observe/click/type/get_html/ping_tab/etc.

The extension connects outbound to server. Operator sends commands through server to a specific (instance_id, client_id).

Protocol

Client -> Server

  • auth: {kind, instance_id, client_id, token}
  • result: {kind, command_id, ok, result|error}
  • ping

Server -> Client

  • auth_ok / auth_error
  • command: {kind, command_id, type, payload, request_id, sent_at}
  • pong

Operator -> Server

  • auth: {kind, token}
  • list_clients
  • connect_status: {kind, instance_id, client_id}
  • send_command: {kind, instance_id, client_id, type, payload, timeout_s, request_id}
  • ping

Server -> Operator

  • auth_ok / auth_error
  • clients
  • connect_status
  • command_result
  • pong

Auth Modes

Set BRIDGE_AUTH_MODE:

  • static (default): compare token against BRIDGE_SHARED_TOKEN (for clients) and BRIDGE_OPERATOR_TOKEN (for operator; defaults to shared token).
  • jwt: validate JWT with BRIDGE_JWT_SECRET/BRIDGE_JWT_ALG.
    • Client JWT should include matching instance_id and client_id claims.
    • Operator JWT should include role=operator.

Production safety

  • BRIDGE_ENV=production enforces strong auth config:
    • static mode: BRIDGE_SHARED_TOKEN must not be empty/dev default.
    • jwt mode: BRIDGE_JWT_SECRET must not be default.

Install (pipx recommended)

python3 -m pip install --user pipx
python3 -m pipx ensurepath
pipx install browser-agent-bridge

Quick Start

1) (Optional) Generate local JWT secret file

browser-bridge setup-secret

If BRIDGE_AUTH_MODE=jwt and BRIDGE_JWT_SECRET is still default, server startup auto-loads/creates local secret file (~/.browser_bridge/jwt_secret or BRIDGE_JWT_SECRET_FILE).

2) Start server

# static mode example
export BRIDGE_AUTH_MODE=static
export BRIDGE_SHARED_TOKEN='change-me-strong-token'
export BRIDGE_OPERATOR_TOKEN='change-me-strong-operator-token'
browser-bridge-server

3) Load extension

  1. Open chrome://extensions
  2. Enable Developer mode
  3. Load unpacked extension/
  4. In popup fill:
    • Bridge Server WS URL: ws://127.0.0.1:8765/ws/client (or wss://.../ws/client)
    • Instance ID: e.g. local-instance
    • Client ID: e.g. chrome-main
    • Auth Token / JWT: client token
  5. Save + Connect

4) Operator CLI usage

browser-bridge --server-ws-url ws://127.0.0.1:8765/ws/operator --token 'change-me-strong-operator-token' list-clients
browser-bridge --server-ws-url ws://127.0.0.1:8765/ws/operator --token 'change-me-strong-operator-token' connect-status --instance-id local-instance --client-id chrome-main
browser-bridge --server-ws-url ws://127.0.0.1:8765/ws/operator --token 'change-me-strong-operator-token' ping-tab --instance-id local-instance --client-id chrome-main
browser-bridge --server-ws-url ws://127.0.0.1:8765/ws/operator --token 'change-me-strong-operator-token' observe --instance-id local-instance --client-id chrome-main

Raw command:

browser-bridge --server-ws-url ws://127.0.0.1:8765/ws/operator --token '...' \
  send-command --instance-id local-instance --client-id chrome-main \
  --type get_html --payload '{"max_chars":40000}'

Security Hardening

  • Use TLS in non-local deployments (wss://).
  • Use strong static tokens or JWT secret.
  • Optional command allowlist: BRIDGE_COMMAND_ALLOWLIST=observe,ping_tab,get_html.
  • Optional allowed clients allowlist in static mode: BRIDGE_ALLOWED_CLIENTS=instance1:client1,instance2:client2.
  • Request idempotency/replay guard is enforced by request_id dedup window.
  • Max payload limit is enforced by BRIDGE_MAX_MESSAGE_BYTES.

Deprecated HTTP Endpoints

Old session-based HTTP endpoints are deprecated and disabled by default:

  • POST /api/sessions
  • GET /api/sessions/{session_id}
  • POST /api/sessions/{session_id}/command

Behavior:

  • default (BRIDGE_ENABLE_HTTP_COMPAT=0): returns 410 Gone with migration hint.
  • compatibility flag on: currently returns 501 stub in this build.

Migration from HTTP Session Model

Old flow:

  • create session over HTTP
  • paste session_id + token into extension
  • send commands over HTTP per session

New flow:

  • extension directly authenticates to /ws/client with instance_id + client_id + token/JWT
  • operator authenticates to /ws/operator
  • commands routed over WS by (instance_id, client_id)

No session creation API is required.

Testing

pytest -v

Coverage includes WS auth success/failure, command routing, disconnect handling, wrong target routing, CLI failure paths, and reconnect replacement behavior.

License

MIT (see LICENSE).

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for gregorypotemkin from gravatar.com gregorypotemkin

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags browser , bridge , automation , websocket , fastapi , cli
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

This version

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

browser_agent_bridge-0.2.0.tar.gz (14.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

browser_agent_bridge-0.2.0-py3-none-any.whl (13.9 kB view details)

Uploaded Python 3

File details

Details for the file browser_agent_bridge-0.2.0.tar.gz.

File metadata

  • Download URL: browser_agent_bridge-0.2.0.tar.gz
  • Upload date:
  • Size: 14.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for browser_agent_bridge-0.2.0.tar.gz
Algorithm Hash digest
SHA256 23bba52bfa5991dd4c2e2d8a85c57af27cfdf10c7239662428a2a18ec0d8c0ec
MD5 3b1de1c02a4b40bbfe7fe5cf9384edd1
BLAKE2b-256 381ce93136fea7ee1ffa1e72f06f41dd87ce045dc52787d851b1bf74a3f585dd

See more details on using hashes here.

Provenance

The following attestation bundles were made for browser_agent_bridge-0.2.0.tar.gz:

Publisher: publish.yml on NmadeleiDev/browser_agent_bridge

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file browser_agent_bridge-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for browser_agent_bridge-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 4f056a0f5a39930a47bcd706765466d0adcf4702c63332928d4920001a1908e9
MD5 b10009849d98345e6d303405615b20cb
BLAKE2b-256 7b26e001f4d3c18c31bdddefa64aa73ad22dec4ccdab3b25e8d3d6134bcaf763

See more details on using hashes here.

Provenance

The following attestation bundles were made for browser_agent_bridge-0.2.0-py3-none-any.whl:

Publisher: publish.yml on NmadeleiDev/browser_agent_bridge

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page