fixes

maticzav · maticzav · commit 562a0438bea5 · 2025-09-01T23:25:52.000+02:00
diff --git a/.fernignore b/.fernignore
@@ -1,7 +1,9 @@
 # Specify files that shouldn't be modified by Fern
 src/wrapper/
+test/wrapper/
 src/index.ts
 examples/
 .vscode/
 
-.gitignore
+.gitignore
+jest.config.mjs
diff --git a/README.md b/README.md
@@ -97,6 +97,43 @@ for await (const update of task.watch()) {
 }
 ```
 
+## Webhook Verification
+
+> We encourage you to use the SDK functions that verify and parse webhook events.
+
+```ts
+import { verifyWebhookEventSignature, type WebhookAgentTaskStatusUpdatePayload } from "browser-use-sdk";
+
+export async function POST(req: Request) {
+    const signature = req.headers["x-browser-use-signature"] as string;
+    const timestamp = req.headers["x-browser-use-timestamp"] as string;
+
+    const event = await verifyWebhookEventSignature(
+        {
+            body,
+            signature,
+            timestamp,
+        },
+        {
+            secret: SECRET_KEY,
+        },
+    );
+
+    if (!event.ok) {
+        return;
+    }
+
+    switch (event.event.type) {
+        case "agent.task.status_update":
+            break;
+        case "test":
+            break;
+        default:
+            break;
+    }
+}
+```
+
 ## Advanced Usage
 
 ## Handling errors
diff --git a/examples/stream.ts b/examples/stream.ts
@@ -55,8 +55,6 @@ async function basic() {
     console.log(result.output);
 }
 
-basic().catch(console.error);
-
 // Structured ----------------------------------------------------------------
 
 // Define Structured Output Schema
@@ -92,6 +90,6 @@ async function structured() {
     }
 }
 
-// basic()
-//     .then(() => structured())
-//     .catch(console.error);
+basic()
+    .then(() => structured())
+    .catch(console.error);
diff --git a/jest.config.mjs b/jest.config.mjs
@@ -11,7 +11,7 @@ export default {
                 "^(\.{1,2}/.*)\.js$": "$1",
             },
             roots: ["<rootDir>/tests"],
-            testPathIgnorePatterns: ["\.browser\.(spec|test)\.[jt]sx?$", "/tests/wire/"],
+            testPathIgnorePatterns: ["\.browser\.(spec|test)\.[jt]sx?$", "/tests/wire/", "/tests/wrapper"],
             setupFilesAfterEnv: [],
         },
         {
@@ -25,7 +25,6 @@ export default {
             testMatch: ["<rootDir>/tests/unit/**/?(*.)+(browser).(spec|test).[jt]s?(x)"],
             setupFilesAfterEnv: [],
         },
-        ,
         {
             displayName: "wire",
             preset: "ts-jest",
@@ -36,6 +35,13 @@ export default {
             roots: ["<rootDir>/tests/wire"],
             setupFilesAfterEnv: ["<rootDir>/tests/mock-server/setup.ts"],
         },
+        {
+            displayName: "wrapper",
+            preset: "ts-jest",
+            testEnvironment: "node",
+            moduleNameMapper: {},
+            roots: ["<rootDir>/tests/wrapper"],
+        },
     ],
     workerThreads: false,
     passWithNoTests: true,
diff --git a/src/index.ts b/src/index.ts
@@ -1,6 +1,7 @@
 export * as BrowserUse from "./api/index.js";
-export { BrowserUseError, BrowserUseTimeoutError } from "./errors/index.js";
 export { BrowserUseEnvironment } from "./environments.js";
+export { BrowserUseError, BrowserUseTimeoutError } from "./errors/index.js";
 export { BrowserUseClient } from "./wrapper/BrowserUseClient.js";
-export type { WrappedTaskFnsWithoutSchema } from "./wrapper/lib/parse.js";
-export type { WrappedTaskFnsWithSchema } from "./wrapper/lib/parse.js";
+export type { WrappedTaskFnsWithoutSchema, WrappedTaskFnsWithSchema } from "./wrapper/lib/parse.js";
+export { createWebhookSignature, verifyWebhookEventSignature } from "./wrapper/lib/webhooks.js";
+export type { Webhook, WebhookAgentTaskStatusUpdatePayload, WebhookTestPayload } from "./wrapper/lib/webhooks.js";
diff --git a/src/wrapper/lib/webhooks.ts b/src/wrapper/lib/webhooks.ts
@@ -0,0 +1,119 @@
+import { createHmac } from "crypto";
+import stringify from "fast-json-stable-stringify";
+import { z } from "zod";
+
+// https://docs.browser-use.com/cloud/webhooks
+
+//
+
+export const zWebhookTimestamp = z.iso.datetime({ offset: true, local: true });
+
+// test
+
+export const zWebhookTestPayload = z.object({
+    test: z.literal("ok"),
+});
+
+export type WebhookTestPayload = z.infer<typeof zWebhookTestPayload>;
+
+export const zWebhookTest = z.object({
+    type: z.literal("test"),
+    timestamp: zWebhookTimestamp,
+    payload: zWebhookTestPayload,
+});
+
+// agent.task.status_update
+
+export const zWebhookAgentTaskStatusUpdatePayloadMetadata = z.record(z.string(), z.unknown()).optional();
+
+export const zWebhookAgentTaskStatusUpdatePayloadStatus = z.literal([
+    "initializing",
+    "started",
+    "paused",
+    "stopped",
+    "finished",
+]);
+
+export const zWebhookAgentTaskStatusUpdatePayload = z.object({
+    session_id: z.string(),
+    task_id: z.string(),
+    status: zWebhookAgentTaskStatusUpdatePayloadStatus,
+    metadata: zWebhookAgentTaskStatusUpdatePayloadMetadata,
+});
+
+export type WebhookAgentTaskStatusUpdatePayload = z.infer<typeof zWebhookAgentTaskStatusUpdatePayload>;
+
+export const zWebhookAgentTaskStatusUpdate = z.object({
+    type: z.literal("agent.task.status_update"),
+    timestamp: zWebhookTimestamp,
+    payload: zWebhookAgentTaskStatusUpdatePayload,
+});
+
+//
+
+export const zWebhookSchema = z.discriminatedUnion("type", [
+    //
+    zWebhookTest,
+    zWebhookAgentTaskStatusUpdate,
+]);
+
+export type Webhook = z.infer<typeof zWebhookSchema>;
+
+// Signature
+
+/**
+ * Utility function that validates the received Webhook event/
+ */
+export async function verifyWebhookEventSignature(
+    evt: {
+        body: string | object;
+        signature: string;
+        timestamp: string;
+    },
+    cfg: { secret: string },
+): Promise<{ ok: true; event: Webhook } | { ok: false }> {
+    try {
+        const json = typeof evt.body === "string" ? JSON.parse(evt.body) : evt.body;
+        const event = await zWebhookSchema.safeParseAsync(json);
+
+        if (event.success === false) {
+            return { ok: false };
+        }
+
+        const signature = createWebhookSignature({
+            payload: event.data.payload,
+            timestamp: evt.timestamp,
+            secret: cfg.secret,
+        });
+
+        // Compare signatures using timing-safe comparison
+        if (evt.signature !== signature) {
+            return { ok: false };
+        }
+
+        return { ok: true, event: event.data };
+    } catch (err) {
+        console.error(err);
+        return { ok: false };
+    }
+}
+
+/**
+ * Creates a webhook signature for the given payload, timestamp, and secret.
+ */
+export function createWebhookSignature({
+    payload,
+    timestamp,
+    secret,
+}: {
+    payload: unknown;
+    timestamp: string;
+    secret: string;
+}): string {
+    const dump = stringify(payload);
+    const message = `${timestamp}.${dump}`;
+
+    const hmac = createHmac("sha256", secret);
+    hmac.update(message);
+    return hmac.digest("hex");
+}
diff --git a/tests/wrapper/webhooks.test.ts b/tests/wrapper/webhooks.test.ts
@@ -0,0 +1,114 @@
+import {
+    createWebhookSignature,
+    verifyWebhookEventSignature,
+    zWebhookSchema,
+    zWebhookTimestamp,
+} from "../../src/wrapper/lib/webhooks";
+
+describe("webhooks", () => {
+    describe("parse", () => {
+        test("timestamp", () => {
+            expect(zWebhookTimestamp.parse("2025-05-25T09:22:22.269116+00:00")).toBeDefined();
+            expect(zWebhookTimestamp.parse("2025-08-15T18:09:11.881540")).toBeDefined();
+        });
+
+        test("agent.task.status_update", () => {
+            const MOCK: unknown = {
+                type: "agent.task.status_update",
+                timestamp: "2025-05-25T09:22:22.269116+00:00",
+                payload: {
+                    session_id: "cd9cc7bf-e3af-4181-80a2-73f083bc94b4",
+                    task_id: "5b73fb3f-a3cb-4912-be40-17ce9e9e1a45",
+                    status: "finished",
+                    metadata: {
+                        campaign: "q4-automation",
+                        team: "marketing",
+                    },
+                },
+            };
+
+            const response = zWebhookSchema.parse(MOCK);
+
+            expect(response).toBeDefined();
+        });
+
+        test("test", () => {
+            const MOCK: unknown = {
+                type: "test",
+                timestamp: "2025-05-25T09:22:22.269116+00:00",
+                payload: { test: "ok" },
+            };
+
+            const response = zWebhookSchema.parse(MOCK);
+
+            expect(response).toBeDefined();
+        });
+
+        test("invalid", () => {
+            const MOCK: unknown = {
+                type: "invalid",
+                timestamp: "2025-05-25T09:22:22.269116+00:00",
+                payload: { test: "ok" },
+            };
+
+            expect(() => zWebhookSchema.parse(MOCK)).toThrow();
+        });
+    });
+
+    describe("verify", () => {
+        test("correctly calculates signature", async () => {
+            const timestamp = "2025-05-26:22:22.269116+00:00";
+
+            const MOCK = {
+                type: "agent.task.status_update",
+                timestamp: "2025-05-25T09:22:22.269116+00:00",
+                payload: {
+                    session_id: "cd9cc7bf-e3af-4181-80a2-73f083bc94b4",
+                    task_id: "5b73fb3f-a3cb-4912-be40-17ce9e9e1a45",
+                    status: "finished",
+                    metadata: {
+                        campaign: "q4-automation",
+                        team: "marketing",
+                    },
+                },
+            };
+
+            const signature = createWebhookSignature({
+                payload: MOCK.payload,
+                secret: "secret",
+                timestamp,
+            });
+
+            const validJSON = await verifyWebhookEventSignature(
+                {
+                    body: MOCK,
+                    signature: signature,
+                    timestamp,
+                },
+                { secret: "secret" },
+            );
+
+            const validString = await verifyWebhookEventSignature(
+                {
+                    body: JSON.stringify(MOCK),
+                    signature: signature,
+                    timestamp,
+                },
+                { secret: "secret" },
+            );
+
+            const invalid = await verifyWebhookEventSignature(
+                {
+                    body: JSON.stringify(MOCK),
+                    signature: "invalid",
+                    timestamp,
+                },
+                { secret: "secret" },
+            );
+
+            expect(validJSON.ok).toBe(true);
+            expect(validString.ok).toBe(true);
+            expect(invalid.ok).toBe(false);
+        });
+    });
+});

Original file line number	Diff line number	Diff line change
`@@ -55,8 +55,6 @@ async function basic() {`
`55`	`55`	`console.log(result.output);`
`56`	`56`	`}`
`57`	`57`
`58`		`-basic().catch(console.error);`
`59`		`-`
`60`	`58`	`// Structured ----------------------------------------------------------------`
`61`	`59`
`62`	`60`	`// Define Structured Output Schema`
`@@ -92,6 +90,6 @@ async function structured() {`
`92`	`90`	`}`
`93`	`91`	`}`
`94`	`92`
`95`		`-// basic()`
`96`		`-// .then(() => structured())`
`97`		`-// .catch(console.error);`
	`93`	`+basic()`
	`94`	`+ .then(() => structured())`
	`95`	`+ .catch(console.error);`