fix: land contributor PR #39516 from @Imhermes1

macOS app/chat/browser/cron/permissions fixes. Co-authored-by: ImHermes1 <lukeforn@gmail.com>
2026-04-25 12:18:37 +00:00 · 2026-03-08 06:11:20 +00:00
parent 05217845a7
commit d15b6af77b
22 changed files with 1202 additions and 64 deletions
--- a/apps/macos/Sources/OpenClaw/NodeMode/MacNodeBrowserProxy.swift
+++ b/apps/macos/Sources/OpenClaw/NodeMode/MacNodeBrowserProxy.swift
@@ -0,0 +1,234 @@
+import Foundation
+import OpenClawProtocol
+import UniformTypeIdentifiers
+
+actor MacNodeBrowserProxy {
+    static let shared = MacNodeBrowserProxy()
+
+    struct Endpoint {
+        let baseURL: URL
+        let token: String?
+        let password: String?
+    }
+
+    private struct RequestParams: Decodable {
+        let method: String?
+        let path: String?
+        let query: [String: OpenClawProtocol.AnyCodable]?
+        let body: OpenClawProtocol.AnyCodable?
+        let timeoutMs: Int?
+        let profile: String?
+    }
+
+    private struct ProxyFilePayload {
+        let path: String
+        let base64: String
+        let mimeType: String?
+
+        func asJSON() -> [String: Any] {
+            var json: [String: Any] = [
+                "path": self.path,
+                "base64": self.base64,
+            ]
+            if let mimeType = self.mimeType {
+                json["mimeType"] = mimeType
+            }
+            return json
+        }
+    }
+
+    private static let maxProxyFileBytes = 10 * 1024 * 1024
+    private let endpointProvider: @Sendable () -> Endpoint
+    private let performRequest: @Sendable (URLRequest) async throws -> (Data, URLResponse)
+
+    init(
+        session: URLSession = .shared,
+        endpointProvider: (@Sendable () -> Endpoint)? = nil,
+        performRequest: (@Sendable (URLRequest) async throws -> (Data, URLResponse))? = nil)
+    {
+        self.endpointProvider = endpointProvider ?? MacNodeBrowserProxy.defaultEndpoint
+        self.performRequest = performRequest ?? { request in
+            try await session.data(for: request)
+        }
+    }
+
+    func request(paramsJSON: String?) async throws -> String {
+        let params = try Self.decodeRequestParams(from: paramsJSON)
+        let request = try Self.makeRequest(params: params, endpoint: self.endpointProvider())
+        let (data, response) = try await self.performRequest(request)
+        let http = try Self.requireHTTPResponse(response)
+        guard (200..<300).contains(http.statusCode) else {
+            throw NSError(domain: "MacNodeBrowserProxy", code: http.statusCode, userInfo: [
+                NSLocalizedDescriptionKey: Self.httpErrorMessage(statusCode: http.statusCode, data: data),
+            ])
+        }
+
+        let result = try JSONSerialization.jsonObject(with: data, options: [.fragmentsAllowed])
+        let files = try Self.loadProxyFiles(from: result)
+        var payload: [String: Any] = ["result": result]
+        if !files.isEmpty {
+            payload["files"] = files.map { $0.asJSON() }
+        }
+        let payloadData = try JSONSerialization.data(withJSONObject: payload)
+        guard let payloadJSON = String(data: payloadData, encoding: .utf8) else {
+            throw NSError(domain: "MacNodeBrowserProxy", code: 2, userInfo: [
+                NSLocalizedDescriptionKey: "browser proxy returned invalid UTF-8",
+            ])
+        }
+        return payloadJSON
+    }
+
+    private static func defaultEndpoint() -> Endpoint {
+        let config = GatewayEndpointStore.localConfig()
+        let controlPort = GatewayEnvironment.gatewayPort() + 2
+        let baseURL = URL(string: "http://127.0.0.1:\(controlPort)")!
+        return Endpoint(baseURL: baseURL, token: config.token, password: config.password)
+    }
+
+    private static func decodeRequestParams(from raw: String?) throws -> RequestParams {
+        guard let raw else {
+            throw NSError(domain: "MacNodeBrowserProxy", code: 3, userInfo: [
+                NSLocalizedDescriptionKey: "INVALID_REQUEST: paramsJSON required",
+            ])
+        }
+        return try JSONDecoder().decode(RequestParams.self, from: Data(raw.utf8))
+    }
+
+    private static func makeRequest(params: RequestParams, endpoint: Endpoint) throws -> URLRequest {
+        let method = (params.method ?? "GET").trimmingCharacters(in: .whitespacesAndNewlines).uppercased()
+        let path = (params.path ?? "").trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !path.isEmpty else {
+            throw NSError(domain: "MacNodeBrowserProxy", code: 1, userInfo: [
+                NSLocalizedDescriptionKey: "INVALID_REQUEST: path required",
+            ])
+        }
+
+        let normalizedPath = path.hasPrefix("/") ? path : "/\(path)"
+        guard var components = URLComponents(
+            url: endpoint.baseURL.appendingPathComponent(String(normalizedPath.dropFirst())),
+            resolvingAgainstBaseURL: false)
+        else {
+            throw NSError(domain: "MacNodeBrowserProxy", code: 4, userInfo: [
+                NSLocalizedDescriptionKey: "INVALID_REQUEST: invalid browser proxy URL",
+            ])
+        }
+
+        var queryItems: [URLQueryItem] = []
+        if let query = params.query {
+            for key in query.keys.sorted() {
+                let value = query[key]?.value
+                guard value != nil, !(value is NSNull) else { continue }
+                queryItems.append(URLQueryItem(name: key, value: Self.stringValue(for: value)))
+            }
+        }
+        let profile = params.profile?.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
+        if !profile.isEmpty && !queryItems.contains(where: { $0.name == "profile" }) {
+            queryItems.append(URLQueryItem(name: "profile", value: profile))
+        }
+        if !queryItems.isEmpty {
+            components.queryItems = queryItems
+        }
+        guard let url = components.url else {
+            throw NSError(domain: "MacNodeBrowserProxy", code: 5, userInfo: [
+                NSLocalizedDescriptionKey: "INVALID_REQUEST: invalid browser proxy URL",
+            ])
+        }
+
+        var request = URLRequest(url: url)
+        request.httpMethod = method
+        request.timeoutInterval = params.timeoutMs.map { TimeInterval(max($0, 1)) / 1000 } ?? 5
+        request.setValue("application/json", forHTTPHeaderField: "Accept")
+        if let token = endpoint.token?.trimmingCharacters(in: .whitespacesAndNewlines), !token.isEmpty {
+            request.setValue("Bearer \(token)", forHTTPHeaderField: "Authorization")
+        } else if let password = endpoint.password?.trimmingCharacters(in: .whitespacesAndNewlines),
+                  !password.isEmpty
+        {
+            request.setValue(password, forHTTPHeaderField: "x-openclaw-password")
+        }
+
+        if method != "GET", let body = params.body?.value {
+            request.httpBody = try JSONSerialization.data(withJSONObject: body, options: [.fragmentsAllowed])
+            request.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        }
+
+        return request
+    }
+
+    private static func requireHTTPResponse(_ response: URLResponse) throws -> HTTPURLResponse {
+        guard let http = response as? HTTPURLResponse else {
+            throw NSError(domain: "MacNodeBrowserProxy", code: 6, userInfo: [
+                NSLocalizedDescriptionKey: "browser proxy returned a non-HTTP response",
+            ])
+        }
+        return http
+    }
+
+    private static func httpErrorMessage(statusCode: Int, data: Data) -> String {
+        if let object = try? JSONSerialization.jsonObject(with: data, options: [.fragmentsAllowed]) as? [String: Any],
+           let error = object["error"] as? String,
+           !error.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            return error
+        }
+        if let text = String(data: data, encoding: .utf8)?
+            .trimmingCharacters(in: .whitespacesAndNewlines),
+           !text.isEmpty
+        {
+            return text
+        }
+        return "HTTP \(statusCode)"
+    }
+
+    private static func stringValue(for value: Any?) -> String? {
+        guard let value else { return nil }
+        if let string = value as? String { return string }
+        if let bool = value as? Bool { return bool ? "true" : "false" }
+        if let number = value as? NSNumber { return number.stringValue }
+        return String(describing: value)
+    }
+
+    private static func loadProxyFiles(from result: Any) throws -> [ProxyFilePayload] {
+        let paths = self.collectProxyPaths(from: result)
+        return try paths.map(self.loadProxyFile)
+    }
+
+    private static func collectProxyPaths(from payload: Any) -> [String] {
+        guard let object = payload as? [String: Any] else { return [] }
+
+        var paths = Set<String>()
+        if let path = object["path"] as? String, !path.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
+            paths.insert(path.trimmingCharacters(in: .whitespacesAndNewlines))
+        }
+        if let imagePath = object["imagePath"] as? String,
+           !imagePath.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            paths.insert(imagePath.trimmingCharacters(in: .whitespacesAndNewlines))
+        }
+        if let download = object["download"] as? [String: Any],
+           let path = download["path"] as? String,
+           !path.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+        {
+            paths.insert(path.trimmingCharacters(in: .whitespacesAndNewlines))
+        }
+        return paths.sorted()
+    }
+
+    private static func loadProxyFile(path: String) throws -> ProxyFilePayload {
+        let url = URL(fileURLWithPath: path)
+        let values = try url.resourceValues(forKeys: [.isRegularFileKey, .fileSizeKey])
+        guard values.isRegularFile == true else {
+            throw NSError(domain: "MacNodeBrowserProxy", code: 7, userInfo: [
+                NSLocalizedDescriptionKey: "browser proxy file not found: \(path)",
+            ])
+        }
+        if let fileSize = values.fileSize, fileSize > Self.maxProxyFileBytes {
+            throw NSError(domain: "MacNodeBrowserProxy", code: 8, userInfo: [
+                NSLocalizedDescriptionKey: "browser proxy file exceeds 10MB: \(path)",
+            ])
+        }
+
+        let data = try Data(contentsOf: url)
+        let mimeType = UTType(filenameExtension: url.pathExtension)?.preferredMIMEType
+        return ProxyFilePayload(path: path, base64: data.base64EncodedString(), mimeType: mimeType)
+    }
+}
--- a/apps/macos/Sources/OpenClaw/NodeMode/MacNodeModeCoordinator.swift
+++ b/apps/macos/Sources/OpenClaw/NodeMode/MacNodeModeCoordinator.swift
@@ -32,6 +32,7 @@ final class MacNodeModeCoordinator {
    private func run() async {
        var retryDelay: UInt64 = 1_000_000_000
        var lastCameraEnabled: Bool?
+        var lastBrowserControlEnabled: Bool?
        let defaults = UserDefaults.standard

        while !Task.isCancelled {
@@ -48,6 +49,14 @@ final class MacNodeModeCoordinator {
                await self.session.disconnect()
                try? await Task.sleep(nanoseconds: 200_000_000)
            }
+            let browserControlEnabled = OpenClawConfigFile.browserControlEnabled()
+            if lastBrowserControlEnabled == nil {
+                lastBrowserControlEnabled = browserControlEnabled
+            } else if lastBrowserControlEnabled != browserControlEnabled {
+                lastBrowserControlEnabled = browserControlEnabled
+                await self.session.disconnect()
+                try? await Task.sleep(nanoseconds: 200_000_000)
+            }

            do {
                let config = try await GatewayEndpointStore.shared.requireConfig()
@@ -108,6 +117,9 @@ final class MacNodeModeCoordinator {

    private func currentCaps() -> [String] {
        var caps: [String] = [OpenClawCapability.canvas.rawValue, OpenClawCapability.screen.rawValue]
+        if OpenClawConfigFile.browserControlEnabled() {
+            caps.append(OpenClawCapability.browser.rawValue)
+        }
        if UserDefaults.standard.object(forKey: cameraEnabledKey) as? Bool ?? false {
            caps.append(OpenClawCapability.camera.rawValue)
        }
@@ -142,6 +154,9 @@ final class MacNodeModeCoordinator {
        ]

        let capsSet = Set(caps)
+        if capsSet.contains(OpenClawCapability.browser.rawValue) {
+            commands.append(OpenClawBrowserCommand.proxy.rawValue)
+        }
        if capsSet.contains(OpenClawCapability.camera.rawValue) {
            commands.append(OpenClawCameraCommand.list.rawValue)
            commands.append(OpenClawCameraCommand.snap.rawValue)
--- a/apps/macos/Sources/OpenClaw/NodeMode/MacNodeRuntime.swift
+++ b/apps/macos/Sources/OpenClaw/NodeMode/MacNodeRuntime.swift
@@ -6,6 +6,7 @@ import OpenClawKit
 actor MacNodeRuntime {
    private let cameraCapture = CameraCaptureService()
    private let makeMainActorServices: () async -> any MacNodeRuntimeMainActorServices
+    private let browserProxyRequest: @Sendable (String?) async throws -> String
    private var cachedMainActorServices: (any MacNodeRuntimeMainActorServices)?
    private var mainSessionKey: String = "main"
    private var eventSender: (@Sendable (String, String?) async -> Void)?
@@ -13,9 +14,13 @@ actor MacNodeRuntime {
    init(
        makeMainActorServices: @escaping () async -> any MacNodeRuntimeMainActorServices = {
            await MainActor.run { LiveMacNodeRuntimeMainActorServices() }
+        },
+        browserProxyRequest: @escaping @Sendable (String?) async throws -> String = { paramsJSON in
+            try await MacNodeBrowserProxy.shared.request(paramsJSON: paramsJSON)
        })
    {
        self.makeMainActorServices = makeMainActorServices
+        self.browserProxyRequest = browserProxyRequest
    }

    func updateMainSessionKey(_ sessionKey: String) {
@@ -50,6 +55,8 @@ actor MacNodeRuntime {
                 OpenClawCanvasA2UICommand.push.rawValue,
                 OpenClawCanvasA2UICommand.pushJSONL.rawValue:
                return try await self.handleA2UIInvoke(req)
+            case OpenClawBrowserCommand.proxy.rawValue:
+                return try await self.handleBrowserProxyInvoke(req)
            case OpenClawCameraCommand.snap.rawValue,
                 OpenClawCameraCommand.clip.rawValue,
                 OpenClawCameraCommand.list.rawValue:
@@ -165,6 +172,19 @@ actor MacNodeRuntime {
        }
    }

+    private func handleBrowserProxyInvoke(_ req: BridgeInvokeRequest) async throws -> BridgeInvokeResponse {
+        guard OpenClawConfigFile.browserControlEnabled() else {
+            return BridgeInvokeResponse(
+                id: req.id,
+                ok: false,
+                error: OpenClawNodeError(
+                    code: .unavailable,
+                    message: "BROWSER_DISABLED: enable Browser in Settings"))
+        }
+        let payloadJSON = try await self.browserProxyRequest(req.paramsJSON)
+        return BridgeInvokeResponse(id: req.id, ok: true, payloadJSON: payloadJSON)
+    }
+
    private func handleCameraInvoke(_ req: BridgeInvokeRequest) async throws -> BridgeInvokeResponse {
        guard Self.cameraEnabled() else {
            return BridgeInvokeResponse(