Conversation
Adds a CLI command that makes HTTP requests through a browser session's
Chrome network stack, inheriting TLS fingerprint, cookies, proxy config,
and headers. Mirrors real curl UX with -X, -H, -d flags.
Two modes:
- Structured (default): POST /browsers/{id}/curl with JSON response
- Raw (--raw or -o): GET /browsers/{id}/curl/raw for streaming
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The API expects single-value headers (map[string]string), not
multi-value (map[string][]string). The previous type would serialize
as {"Content-Type": ["application/json"]} causing a runtime unmarshal
error on the server.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
|
I'll monitor the rollout of the new What I'll watch for:
This is a low-risk change since it's a CLI-only addition that depends on existing API endpoints. The main thing to watch is whether the backend |
…ser curl
Replace the hand-rolled POST /browsers/{id}/curl with the generated
BrowserCurlParams/BrowserCurlResponse types from the Stainless preview
SDK. The raw/streaming mode (curlRaw) remains custom HTTP as before.
Also updates ProxyService.Check interface to match the new SDK signature
(added ProxyCheckParams parameter).
Uses a temporary replace directive pointing kernel-go-sdk at the
stainless-sdks/kernel-go preview module.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
🔧 CI Fix Available |
| golang.org/x/sync v0.19.0 | ||
| ) | ||
|
|
||
| replace github.com/kernel/kernel-go-sdk => github.com/stainless-sdks/kernel-go v0.0.0-20260410014529-98c58b154bb9 |
There was a problem hiding this comment.
Development SDK replace directive left in go.mod
High Severity
The replace directive redirects github.com/kernel/kernel-go-sdk to a pre-release commit from the private github.com/stainless-sdks/kernel-go repository. This is development scaffolding generated by scripts/go-mod-replace-kernel.sh (as documented in DEVELOPMENT.md) and needs to be removed before merging. Shipping with this replace ties the build to an unreleased private SDK commit, breaking builds for anyone without access to that private repo.
Reviewed by Cursor Bugbot for commit 7f8cece. Configure here.
- Pass encoding param to /curl/raw endpoint (was silently ignored) - Print response headers to stdout when -i and -o are combined - Remove unused client field from BrowsersCmd Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
There are 3 total unresolved issues (including 1 from previous review).
Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issues. You can view the agent here.
Reviewed by Cursor Bugbot for commit d112191. Configure here.
| if resp.StatusCode == http.StatusNotFound { | ||
| respBody, _ := io.ReadAll(resp.Body) | ||
| return fmt.Errorf("not found (%d): %s", resp.StatusCode, strings.TrimSpace(string(respBody))) | ||
| } |
There was a problem hiding this comment.
Raw mode error checks intercept proxied target responses
Medium Severity
In curlRaw, the status code checks for 401/403/404 cannot distinguish between API-level errors (e.g., invalid session) and legitimate proxied responses from the target URL. If the target URL itself returns a 401, 403, or 404, the CLI will incorrectly report it as an authentication or "not found" error instead of streaming the proxied response body to the user. This breaks the core "raw mode" contract of transparently piping the proxied response.
Reviewed by Cursor Bugbot for commit d112191. Configure here.
| return "" | ||
| } | ||
| return tokens.AccessToken | ||
| } |
There was a problem hiding this comment.
Raw mode uses expired OAuth tokens without refreshing
High Severity
getAuthToken loads OAuth tokens via auth.LoadTokens() and returns tokens.AccessToken without checking whether the token is expired or attempting a refresh. The main auth path in auth.GetAuthenticatedClient checks tokens.IsExpired() and calls RefreshTokens when needed. In raw/streaming mode, users with expired (but refreshable) OAuth tokens will get authentication errors even though they're properly logged in, while JSON mode works fine via the SDK client.
Reviewed by Cursor Bugbot for commit d112191. Configure here.
1 participant
Summary
Adds a curl-like command for making HTTP requests through a browser session's Chrome network stack. Requests inherit the browser's TLS fingerprint, cookies, proxy configuration, and headers.
Usage
Flags
-X, --request-H, --header"Key: Value"format)-d, --data--data-file--timeout--encodingutf8orbase64-o, --output--raw-i, --include-s, --silent--jsonImplementation notes
/browsers/{id}/curland/browsers/{id}/curl/rawAPI endpoints (the Go SDK doesn't have the curl method yet)--rawor-o) pipes the proxied response directlyTest plan
kernel browsers curl <id> https://example.comreturns page body-X POST -d '...'sends POST with body-H "Key: Value"sets custom headers-o output.htmlsaves response to file-iprints response headers before body--jsonreturns full JSON with status, headers, body, duration--rawstreams response without JSON wrapper--data-filereads body from file🤖 Generated with Claude Code
Note
Medium Risk
Adds a new command that performs authenticated raw HTTP requests and file output/streaming, plus updates the Kernel SDK dependency via a
replace; mistakes here could break CLI networking/auth behavior or compatibility with the API.Overview
Adds
kernel browsers curl <session-id> <url>to make HTTP requests through an existing browser session, supporting headers/method/body (-X,-H,-d/--data-file), timeouts, optional response encoding, and optional header-inclusive output.Implements two execution paths: a default SDK-backed JSON response mode and a raw/streaming mode (
--rawor-o) that hits/browsers/{id}/curl/rawdirectly, including bearer auth token resolution fromKERNEL_API_KEYor stored tokens.Updates proxy health-check calls to match an SDK signature change (
Check(..., kernel.ProxyCheckParams{})), extends fakes accordingly, and pins the SDK viago.modreplacetogithub.com/stainless-sdks/kernel-go(with correspondinggo.sumupdates).Reviewed by Cursor Bugbot for commit d112191. Bugbot is set up for automated code reviews on this repo. Configure here.