Merge pull request #22 from browser-use/feat/per-session-bh-tmp-dir

feat(browser-execute): per-session BH_TMP_DIR scratch dir

Author: Alezander9

packages/bcode-browser/src/browser-execute.ts

@@ -13,15 +13,30 @@
 // pipe stdout+stderr back. BU_NAME is namespaced by sessionID so parallel
 // sub-agents (each with their own session) get isolated daemons + browsers.
 //
+// BH_TMP_DIR points at a per-session scratch dir so sock/port/pid/log + screenshot
+// output land somewhere predictable per session, instead of all sessions sharing
+// /tmp. The Level-2 wrapper supplies the cache root; we own the layout convention.
+//
 // Level 1 per decisions.md §1c — substantial implementation lives here. The
 // Level-2 hook in packages/opencode is a one-line wrapper.
 
+import fs from "fs/promises"
+import path from "path"
 import { Effect, Stream } from "effect"
 import { ChildProcess, ChildProcessSpawner } from "effect/unstable/process"
 import z from "zod"
 import { resolveHarnessDir } from "./harness"
 import { uvLocate } from "./uv-locate"
 
+// Canonical per-session scratch dir layout. Caller supplies dataDir
+// (e.g. opencode's Global.Path.data); we own the `sessions/<id>` shape.
+// AF_UNIX sun_path is 104 bytes on macOS — `<dataDir>/sessions/<sessionID>/bu-<sessionID>.sock`
+// must fit. SessionID is `ses_` + 26 chars (30 chars). The literal suffix is
+// `/sessions/` (10) + 30 + `/bu-` (4) + 30 + `.sock` (5) = 79 chars, leaving
+// 25 chars of headroom for dataDir. Typical XDG dataDir is well under that.
+export const sessionScratchDir = (dataDir: string, sessionID: string) =>
+  path.join(dataDir, "sessions", sessionID)
+
 const DEFAULT_TIMEOUT_MS = 60 * 1000
 const MAX_TIMEOUT_MS = 10 * 60 * 1000
 
@@ -37,6 +52,11 @@ export type Parameters = z.infer<typeof parameters>
 
 export interface ExecuteContext {
   readonly sessionID: string
+  // Per-session scratch dir, passed to the harness as BH_TMP_DIR. The harness
+  // mkdirs it on import, but we mkdir-p here too so failures surface as a
+  // direct effect error rather than a child-process exit. Pre-compute via
+  // sessionScratchDir(dataDir, sessionID).
+  readonly bhTmpDir: string
   // Optional progress callback invoked per output chunk (combined stdout+stderr).
   // Level-2 supplies this to drive TUI streaming via opencode's `ctx.metadata`.
   // The callback receives the fully accumulated output so far, not just the
@@ -72,14 +92,15 @@ export const make = Effect.fn("BrowserExecute.make")(function* () {
   const execute = (args: Parameters, ctx: ExecuteContext) =>
     Effect.gen(function* () {
       const harnessDir = yield* Effect.promise(() => resolveHarnessDir())
+      yield* Effect.promise(() => fs.mkdir(ctx.bhTmpDir, { recursive: true }))
       const uv = yield* locate
       const proc = ChildProcess.make(
         uv,
         ["run", "--project", harnessDir, "browser-harness", "-c", args.python],
         {
           cwd: harnessDir,
           extendEnv: true,
-          env: { BU_NAME: ctx.sessionID },
+          env: { BU_NAME: ctx.sessionID, BH_TMP_DIR: ctx.bhTmpDir },
           stdin: "ignore",
         },
       )

packages/opencode/src/agent/agent.ts

@@ -82,7 +82,11 @@ export const layer = Layer.effect(
       Effect.fn("Agent.state")(function* (_ctx) {
         const cfg = yield* config.get()
         const skillDirs = yield* skill.dirs()
-        const whitelistedDirs = [Truncate.GLOB, ...skillDirs.map((dir) => path.join(dir, "*"))]
+        // browser_execute writes per-session screenshots/logs under
+        // <Global.Path.data>/sessions/<sessionID>. Whitelist the parent so
+        // the agent can read its own screenshots back without permission prompts.
+        const browserSessionsGlob = path.join(Global.Path.data, "sessions", "*")
+        const whitelistedDirs = [Truncate.GLOB, browserSessionsGlob, ...skillDirs.map((dir) => path.join(dir, "*"))]
 
         const defaults = Permission.fromConfig({
           "*": "allow",

packages/opencode/src/tool/browser-execute.ts

@@ -5,6 +5,7 @@
 import { Effect } from "effect"
 import type z from "zod"
 import { BrowserExecute } from "@browser-use/bcode-browser/browser-execute"
+import { Global } from "@/global"
 import * as Tool from "./tool"
 import DESCRIPTION from "./browser-execute.txt"
 
@@ -33,6 +34,12 @@ export const BrowserExecuteTool = Tool.define(
 
           const result = yield* impl.execute(args, {
             sessionID: ctx.sessionID,
+            // Per-session scratch under Global.Path.data (not cache — survives
+            // CACHE_VERSION wipes). Harness writes sock/port/pid/log + screenshots
+            // here. Agent reads screenshots back via the read tool; the agent
+            // permission ruleset (agent.ts) allows <Global.Path.data>/sessions/*
+            // so that read doesn't prompt.
+            bhTmpDir: BrowserExecute.sessionScratchDir(Global.Path.data, ctx.sessionID),
             // Stream chunks to the TUI as they arrive — same pattern as bash.
             onChunk: (output) =>
               ctx.metadata({