pf-world 1.0.3

ProcessFork world layer: filesystem (overlayfs / APFS), env, in-flight processes (CRIU), browser DOM (CDP)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197

// SPDX-License-Identifier: MIT
//! Browser DOM capture via Chrome DevTools Protocol.
//!
//! Closes the §M2 World layer 'browser DOM via CDP for
//! Playwright/Puppeteer sandboxes' deliverable. Connects to a
//! Chromium instance launched with `--remote-debugging-port=<port>`
//! and snapshots every open page:
//!
//! - URL, title, viewport, scroll position, devicePixelRatio
//! - Page.captureSnapshot (MHTML) — the entire serialised page
//! - DOMStorage.getDOMStorageItems for localStorage AND sessionStorage
//! - Network.getCookies (subject to env-scrub regex if the operator wants)
//!
//! On restore we emit instructions for re-spawning Chromium with the
//! same flags and CDP-loading each MHTML; auto-spawn is operator-led
//! since headless flags vary widely.

use pf_core::cas::BlobStore;
use pf_core::digest::Digest256;
use serde::{Deserialize, Serialize};
use std::sync::Arc;

#[cfg(feature = "cdp-live")]
mod live;
#[cfg(feature = "cdp-live")]
pub use live::CdpClient;

/// Wire format of a captured browser session.
#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(tag = "kind")]
pub enum BrowserBlob {
    /// Real CDP capture from a Chromium instance.
    #[serde(rename = "browser.cdp.v1")]
    Cdp {
        /// CDP endpoint we connected to (e.g. http://127.0.0.1:9222).
        endpoint: String,
        /// One per open tab/page.
        pages: Vec<PageSnapshot>,
    },
    /// Placeholder for hosts where CDP capture is not available
    /// (no chromium running, no `cdp-live` feature compiled).
    #[serde(rename = "browser.unsupported.v1")]
    Unsupported { reason: String },
}

/// Snapshot of a single browser page/tab.
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct PageSnapshot {
    /// CDP page id (a UUID-like string).
    pub target_id: String,
    pub url: String,
    pub title: String,
    pub viewport_width: u32,
    pub viewport_height: u32,
    pub scroll_x: f64,
    pub scroll_y: f64,
    pub device_pixel_ratio: f64,
    /// Digest of the MHTML body (so duplicates dedup like every other
    /// blob in the .pfimg).
    pub mhtml_digest: Digest256,
    /// localStorage entries.
    pub local_storage: std::collections::BTreeMap<String, String>,
    /// sessionStorage entries.
    pub session_storage: std::collections::BTreeMap<String, String>,
    /// Cookies as a JSON-array of CDP CookieParam objects (we keep the
    /// shape opaque to avoid refighting the Cookie schema for every
    /// CDP minor revision).
    pub cookies_digest: Digest256,
}

/// Captures the (optional) attached-browser DOM.
///
/// Construct with [`BrowserCapture::new`] passing the CDP HTTP endpoint
/// (typically `http://127.0.0.1:9222`). Build the chromium with
/// `--remote-debugging-port=9222 --headless=new` (or omit `--headless`
/// for a visible browser). Then call [`BrowserCapture::capture`].
pub struct BrowserCapture {
    endpoint: Option<String>,
}

impl BrowserCapture {
    /// Construct from an explicit endpoint. `None` = capture is skipped
    /// and the resulting blob is `BrowserBlob::Unsupported`.
    #[must_use]
    pub fn new(endpoint: Option<String>) -> Self {
        Self { endpoint }
    }

    /// Construct from `$PF_BROWSER_CDP` env var. Same Unsupported
    /// fall-through if the env var is unset/empty.
    #[must_use]
    pub fn from_env() -> Self {
        Self {
            endpoint: std::env::var("PF_BROWSER_CDP")
                .ok()
                .filter(|s| !s.is_empty()),
        }
    }

    /// Capture the current browser state. Always returns a digest
    /// pointing at the on-disk JSON serialization of [`BrowserBlob`].
    pub async fn capture(&self, blobs: &Arc<dyn BlobStore>) -> pf_core::Result<Digest256> {
        let blob = match (&self.endpoint, cfg!(feature = "cdp-live")) {
            (Some(endpoint), true) => self.capture_cdp(endpoint, blobs).await?,
            (Some(_endpoint), false) => BrowserBlob::Unsupported {
                reason: "pf-world built without `cdp-live` feature".into(),
            },
            (None, _) => BrowserBlob::Unsupported {
                reason:
                    "no CDP endpoint configured (set PF_BROWSER_CDP or pass to BrowserCapture::new)"
                        .into(),
            },
        };
        blobs.put(&serde_json::to_vec(&blob)?)
    }

    #[cfg(feature = "cdp-live")]
    async fn capture_cdp(
        &self,
        endpoint: &str,
        blobs: &Arc<dyn BlobStore>,
    ) -> pf_core::Result<BrowserBlob> {
        let client = live::CdpClient::new(endpoint.to_owned());
        match client.capture(blobs.clone()).await {
            Ok(pages) => Ok(BrowserBlob::Cdp {
                endpoint: endpoint.to_owned(),
                pages,
            }),
            Err(e) => {
                tracing::warn!(?e, "CDP capture failed; emitting Unsupported placeholder");
                Ok(BrowserBlob::Unsupported {
                    reason: format!("CDP capture failed: {e}"),
                })
            }
        }
    }

    #[cfg(not(feature = "cdp-live"))]
    #[allow(clippy::unused_async, clippy::unused_self)]
    async fn capture_cdp(
        &self,
        _endpoint: &str,
        _blobs: &Arc<dyn BlobStore>,
    ) -> pf_core::Result<BrowserBlob> {
        unreachable!("capture_cdp only called when cdp-live is on")
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use pf_core::cas::MemBlobStore;

    #[tokio::test]
    async fn browser_capture_no_endpoint_returns_unsupported() {
        let blobs: Arc<dyn BlobStore> = Arc::new(MemBlobStore::new());
        let cap = BrowserCapture::new(None);
        let digest = cap.capture(&blobs).await.unwrap();
        let bytes = blobs.get(&digest).unwrap();
        let blob: BrowserBlob = serde_json::from_slice(&bytes).unwrap();
        match blob {
            BrowserBlob::Unsupported { reason } => {
                assert!(reason.contains("CDP endpoint"), "{reason}");
            }
            BrowserBlob::Cdp { .. } => panic!("expected Unsupported, got Cdp"),
        }
    }

    #[test]
    fn page_snapshot_round_trips_through_json() {
        let p = PageSnapshot {
            target_id: "T-1".into(),
            url: "https://example.com".into(),
            title: "Example".into(),
            viewport_width: 1280,
            viewport_height: 800,
            scroll_x: 0.0,
            scroll_y: 42.5,
            device_pixel_ratio: 2.0,
            mhtml_digest: Digest256::of(b"mhtml"),
            local_storage: [("k".to_owned(), "v".to_owned())].into(),
            session_storage: std::collections::BTreeMap::default(),
            cookies_digest: Digest256::of(b"[]"),
        };
        let s = serde_json::to_string(&p).unwrap();
        let p2: PageSnapshot = serde_json::from_str(&s).unwrap();
        assert_eq!(p.url, p2.url);
        assert_eq!(p.viewport_width, p2.viewport_width);
        assert_eq!(p.local_storage.get("k").map(String::as_str), Some("v"));
    }

    // Note: from_env() is exercised end-to-end by the operator-side
    // CDP integration test (operator sets PF_BROWSER_CDP before
    // running pf snapshot). We deliberately don't test it here
    // because env mutation is `unsafe` since Rust 1.85 and pf-world
    // has `#![deny(unsafe_code)]`.
}