Skip to content

fix(workspace): guard downloadAndSave against non-browser environments#247

Open
VascoSch92 wants to merge 1 commit into
mainfrom
vasco/guard-downloadandsave-node
Open

fix(workspace): guard downloadAndSave against non-browser environments#247
VascoSch92 wants to merge 1 commit into
mainfrom
vasco/guard-downloadandsave-node

Conversation

@VascoSch92

Copy link
Copy Markdown
Member

Problem

RemoteWorkspace.downloadAndSave() uses browser-only DOM APIs (document.createElement, document.body, URL.createObjectURL) with no environment check. In Node.js — a common environment for RemoteWorkspace automation — it throws a cryptic ReferenceError: document is not defined.

Closes #114.

Change

Add a runtime guard at the top of downloadAndSave():

if (typeof document === 'undefined') {
  throw new Error(
    'downloadAndSave() is only available in browser environments. ' +
      'Use downloadAsBlob() or downloadAsText() in Node.js.'
  );
}
  • Non-breaking: browser behavior is unchanged; Node.js callers get a clear, actionable error instead of a cryptic ReferenceError. The suggested fallbacks (downloadAsBlob(), downloadAsText()) already exist and are Node-safe.

Tests

New src/__tests__/remote-workspace-download.test.ts:

  • throws the guard error in the Node (testEnvironment: 'node') suite and confirms the network is never touched;
  • with a stubbed browser-like document/URL, the anchor download still fires (createElement('a'), href, click, appendChild/removeChild, revokeObjectURL);
  • honors an explicit saveAsFileName.

Full unit suite green (274 tests), tsc build clean, eslint + prettier clean.

RemoteWorkspace.downloadAndSave() uses browser-only DOM APIs
(document.createElement, document.body, URL.createObjectURL). In a
Node.js environment these throw a cryptic "ReferenceError: document is
not defined".

Add a runtime guard that throws a clear, actionable error pointing
Node.js callers to downloadAsBlob() / downloadAsText() instead. Browser
behavior is unchanged.

Closes #114
@github-actions github-actions Bot added the type: fix A bug fix label Jun 29, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Endpoint audit

❌ 7 off-contract call(s) — not on the agent-server · classifiers: cloud

Category Count
❌ Off-contract (not on agent-server) 7
  ⛔ no known backend 6
  ↗️ served by cloud 1
➕ Missing API (agent-server has, client lacks) 7
agent-server endpoints 112
client endpoints 110

❌ Not on agent-server (gated, 7)

⛔ (no known backend) — served by no backend we can see (6)

  • DELETE /api/meta-profiles/{}
  • GET /api/meta-profiles
  • GET /api/meta-profiles/{}
  • POST /api/cloud-proxy
  • POST /api/meta-profiles/{}
  • POST /api/meta-profiles/{}/activate

↗️ served by cloud (1)

  • GET /api/shared-events/search

➕ Missing API — agent-server exposes it, client does not implement (7)

  • GET /
  • GET /api/conversations
  • GET /api/conversations/{}/events
  • GET /api/conversations/{}/workspace
  • GET /api/conversations/{}/workspace/{}
  • GET /api/init
  • POST /api/init

@VascoSch92 VascoSch92 requested a review from all-hands-bot June 29, 2026 11:51
@VascoSch92 VascoSch92 marked this pull request as ready for review June 30, 2026 07:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Guard downloadAndSave() against Node.js environments (uses browser-only DOM APIs)

1 participant