Conversation
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: PR adds browser-scoped session client functionality but does not appear to modify API endpoints (packages/api/cmd/api/) or Temporal workflows (packages/api/lib/temporal) as specified in the filter. To monitor this PR anyway, reply with |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Bind browser subresource calls to a browser session's base_url and expose raw HTTP through request and stream helpers so metro-routed access feels like normal httpx usage. Made-with: Cursor
Prevent browser-scoped raw HTTP helpers from letting user params override internal routing query keys, and clean up wording around browser session base_url routing. Made-with: Cursor
Keep the browser-scoped request helpers aligned with repo linting and reserve internal raw-request query keys without exposing implementation details. Made-with: Cursor
Keep the browser-scoped test file aligned with the repo lint configuration so the follow-up typing fixes pass CI. Made-with: Cursor
Tighten browser-scoped helper typing and test casts so the Python SDK passes the repository's lint and pyright checks cleanly. Made-with: Cursor
Replace the handwritten Python browser-scoped façade with deterministic generated bindings from the browser resource graph, and enforce regeneration during lint. Made-with: Cursor
Keep the browser-scoped Python generator compatible with the repo lint pipeline by suppressing strict pyright diagnostics that are not meaningful for the AST-walking build script. Made-with: Cursor
Keep the Python generator and generated browser-scoped façade aligned with pyright and mypy so the deterministic regeneration path passes the repo lint pipeline. Made-with: Cursor
Sort the generator script imports and keep the deterministic browser-scoped generation path aligned with the repo lint pipeline. Made-with: Cursor
rgarcia
force-pushed
the
raf/browser-scoped-client
branch
from
8f1d506 to
a80716b
Compare
Turn the browser-scoped Python example into a runnable demonstration of both process execution and /curl/raw-backed request and stream usage. Made-with: Cursor
Move browser raw HTTP and direct-to-VM routing onto the main browsers resource so the SDK uses the shared browser route cache instead of a generated wrapper layer. Made-with: Cursor
Remove the public cache priming helpers, keep jwt-required routes, and rename the example and tests so the python browser routing diff stays focused on cache-backed direct-to-VM behavior. Made-with: Cursor
rgarcia
changed the title
Shorten the browser_routing allowlist field to subresources so the direct-to-VM configuration stays concise while keeping the same routing behavior. Made-with: Cursor
Move the handwritten routing helpers out of the old browser_scoped package, delete the unused browser session clone helper, warm the async browser list cache, and drop the generated type churn from the branch. Made-with: Cursor
Preserve browser routing settings across copy(), skip cache warming for raw response wrappers, and clean up the handwritten routing files so lint can pass on the current branch. Made-with: Cursor
Make the browser routing helpers type-check cleanly in CI, keep copy() signatures aligned with __init__, and avoid cache-warming errors on raw response wrappers. Made-with: Cursor
Encode string request bodies before building raw /curl/raw request options so the browser routing helpers satisfy CI type checks while preserving the public request API. Made-with: Cursor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issue. You can view the agent here.
Reviewed by Cursor Bugbot for commit 3ce80e7. Configure here.
Remove the public browser routing constructor config and derive direct-to-VM subresource routing from KERNEL_BROWSER_ROUTING_SUBRESOURCES instead, defaulting to curl while keeping the raw request helpers direct to the browser.
Store browser routes under a normalized session ID so cache lookups and deletes stay consistent when route data includes surrounding whitespace. Add a regression test to lock in the normalization behavior. Made-with: Cursor
Move browser route cache warming into the shared sync and async response hooks so browser metadata endpoints populate the cache consistently, including raw responses. Remove the handwritten browsers resource priming and cover the narrowed sniffing behavior with focused routing tests. Made-with: Cursor
Drop cached browser routes after successful DELETE /browsers/{id} responses so stale direct-to-VM session URLs are not reused. Cover both the success and failure paths with focused browser routing regressions.
Made-with: Cursor
Remove the leftover result/page wrappers from browser create, retrieve, update, and list now that route cache warming lives in the shared response hooks. Keep the actual curl and raw HTTP browser routing surface unchanged. Made-with: Cursor
Sayan-
approved these changes
Apr 24, 2026
Collaborator
Sayan-
left a comment
Sayan-
left a comment
There was a problem hiding this comment.
great stuff - thanks for iterating on the shape!
Keep the browser route cache in sync for pool acquire and release flows so leased sessions can use direct VM routing without resource-specific cache handling. Made-with: Cursor
Sayan-
approved these changes
Apr 24, 2026
Collaborator
Sayan-
left a comment
Sayan-
left a comment
There was a problem hiding this comment.
great stuff - thanks for iterating on the shape!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
browser_routing=client constructor config and move rollout control toKERNEL_BROWSER_ROUTING_SUBRESOURCEScurlwhen the env var is unset, and treat an explicit empty string as disabling browser subresource routingbrowser_route_cachepublic for inspection/debugging while deriving routing behavior internally from the environment onKernel/AsyncKernelbrowsers.request()andbrowsers.stream()cache-backed so raw HTTP continues to go directly to the browser VM’s/curl/rawpath with protectedurl/jwtparamsRollout behavior
curlsubresources directly to the browser VM"": disable browser subresource routing entirelybrowsers.request()/browsers.stream()still always go direct to the browser VM because they resolve through the cached browser route and/curl/rawTest plan
.venv/bin/pytest tests/test_browser_routing.py tests/test_client.py -o addopts=.venv/bin/ruff check src/kernel/_client.py src/kernel/lib/browser_routing/routing.py src/kernel/resources/browsers/browsers.py src/kernel/__init__.py tests/test_browser_routing.py examples/browser_routing.pyPYTHONPATH=src KERNEL_API_KEY=... KERNEL_BASE_URL=https://api.onkernel.com .venv/bin/python examples/browser_routing.pyNote
Medium Risk
Medium risk because it changes core HTTP request/response processing in
Kernel/AsyncKernel, including URL rewriting and strippingAuthorizationheaders based on cached routes, which could impact request routing or auth if misapplied.Overview
Adds a browser route cache to
Kernel/AsyncKerneland hooks it into the client lifecycle: responses from browser metadata endpoints populate the cache, successful browser deletes/pool releases evict it, and outgoing requests can be rewritten to hit the browser VM directly.Introduces env-controlled direct routing via
KERNEL_BROWSER_ROUTING_SUBRESOURCES(defaulting tocurl, empty string disables) and ensures routed requests injectjwtwhile removing APIAuthorizationheaders.Adds
browsers.request()/browsers.stream()(sync + async) to perform raw HTTP via the browser VM’s/curl/rawendpoint with reserved query keys (url,jwt) protected, plus an example script and comprehensive tests for cache warming/eviction and allowlisted routing behavior.Reviewed by Cursor Bugbot for commit 5328730. Bugbot is set up for automated code reviews on this repo. Configure here.