MobiDev-Org · dependabot · Apr 17, 2026 · Apr 22, 2026 · Apr 23, 2026
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,16 @@
+## Summary
+
+- What changed:
+- Why:
+- Related issue:
+
+## Validation
+
+- [ ] Relevant tests were run locally
+- [ ] Docs were updated (if behavior/config changed)
+- [ ] No sensitive data added
+
+## Governance (required)
+
+- [ ] This PR has explicit approval from project administration/maintainers
+- [ ] This PR will be merged only by project administration/maintainers
diff --git a/.github/workflows/create_test_report.yml b/.github/workflows/create_test_report.yml
@@ -39,7 +39,7 @@ jobs:
         HTML_REPORT_URL: 'https://mspwblobreport.z1.web.core.windows.net/run-${{ github.event.workflow_run.id }}-${{ github.event.workflow_run.run_attempt }}-${{ github.sha }}/index.html'
 
     - name: Azure Login
-      uses: azure/login@v2
+      uses: azure/login@v3
       with:
         client-id: ${{ secrets.AZURE_BLOB_REPORTS_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_BLOB_REPORTS_TENANT_ID }}
@@ -57,7 +57,7 @@ jobs:
         AZCOPY_AUTO_LOGIN_TYPE: AZCLI
 
     - name: Publish Report URL as Commit Status
-      uses: actions/github-script@v8
+      uses: actions/github-script@v9
       with:
         script: |
           await github.rest.repos.createCommitStatus({

diff --git a/.github/workflows/pr_check_client_side_changes.yml b/.github/workflows/pr_check_client_side_changes.yml
@@ -16,7 +16,7 @@ jobs:
     if: github.repository == 'microsoft/playwright'
     steps:
       - uses: actions/checkout@v6
-      - uses: actions/create-github-app-token@v2
+      - uses: actions/create-github-app-token@v3
         id: app-token
         with:
           app-id: ${{ vars.PLAYWRIGHT_APP_ID }}
@@ -27,7 +27,7 @@ jobs:
             playwright-java
             playwright-dotnet
       - name: Create GitHub issue
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
         with:
           github-token: ${{ steps.app-token.outputs.token }}
           script: |

diff --git a/.github/workflows/publish_release.yml b/.github/workflows/publish_release.yml
@@ -54,7 +54,7 @@ jobs:
       run: utils/publish_all_packages.sh --release
 
     - name: Azure Login
-      uses: azure/login@v2
+      uses: azure/login@v3
       with:
         client-id: ${{ secrets.AZURE_PW_CDN_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_PW_CDN_TENANT_ID }}
@@ -75,7 +75,7 @@ jobs:
     - uses: actions/setup-node@v6
       with:
         node-version: 20
-    - uses: actions/create-github-app-token@v2
+    - uses: actions/create-github-app-token@v3
       id: app-token
       with:
         app-id: ${{ vars.PLAYWRIGHT_APP_ID }}

diff --git a/.github/workflows/publish_release_docker.yml b/.github/workflows/publish_release_docker.yml
@@ -30,7 +30,7 @@ jobs:
     - run: npm ci
     - run: npm run build
     - name: Azure Login
-      uses: azure/login@v2
+      uses: azure/login@v3
       with:
         client-id: ${{ secrets.AZURE_DOCKER_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_DOCKER_TENANT_ID }}

diff --git a/.github/workflows/roll_browser_into_playwright.yml b/.github/workflows/roll_browser_into_playwright.yml
@@ -52,13 +52,13 @@ jobs:
         git add .
         git commit -m "feat(${BROWSER}): roll to r${REVISION}"
         git push origin $BRANCH_NAME --force
-    - uses: actions/create-github-app-token@v2
+    - uses: actions/create-github-app-token@v3
       id: app-token
       with:
         app-id: ${{ vars.PLAYWRIGHT_APP_ID }}
         private-key: ${{ secrets.PLAYWRIGHT_PRIVATE_KEY }}
     - name: Create Pull Request
-      uses: actions/github-script@v8
+      uses: actions/github-script@v9
       if: ${{ steps.prepare-branch.outputs.exists == '0' }}
       with:
         github-token: ${{ steps.app-token.outputs.token }}

diff --git a/.github/workflows/roll_nodejs.yml b/.github/workflows/roll_nodejs.yml
@@ -33,14 +33,14 @@ jobs:
           git add .
           git commit -m "chore: roll driver/Dockerfile to recent Node.js LTS version"
           git push origin $BRANCH_NAME
-      - uses: actions/create-github-app-token@v2
+      - uses: actions/create-github-app-token@v3
         id: app-token
         with:
           app-id: ${{ vars.PLAYWRIGHT_APP_ID }}
           private-key: ${{ secrets.PLAYWRIGHT_PRIVATE_KEY }}
       - name: Create Pull Request
         if: ${{ steps.prepare-branch.outputs.HAS_CHANGES == '1' }}
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
         with:
           github-token: ${{ steps.app-token.outputs.token }}
           script: |

diff --git a/.github/workflows/roll_stable_test_runner.yml b/.github/workflows/roll_stable_test_runner.yml
@@ -38,14 +38,14 @@ jobs:
           git add .
           git commit -m "test: roll stable-test-runner to ${{ steps.bump.outputs.VERSION }}"
           git push origin $BRANCH_NAME
-      - uses: actions/create-github-app-token@v2
+      - uses: actions/create-github-app-token@v3
         id: app-token
         with:
           app-id: ${{ vars.PLAYWRIGHT_APP_ID }}
           private-key: ${{ secrets.PLAYWRIGHT_PRIVATE_KEY }}
       - name: Create Pull Request
         if: ${{ steps.prepare-branch.outputs.HAS_CHANGES == '1' }}
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
         with:
           github-token: ${{ steps.app-token.outputs.token }}
           script: |

diff --git a/.github/workflows/tests_bidi.yml b/.github/workflows/tests_bidi.yml
@@ -78,7 +78,7 @@ jobs:
 
     - name: Azure Login
       if: ${{ !cancelled() && github.ref == 'refs/heads/main' }}
-      uses: azure/login@v2
+      uses: azure/login@v3
       with:
         client-id: ${{ secrets.AZURE_BLOB_REPORTS_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_BLOB_REPORTS_TENANT_ID }}

diff --git a/.github/workflows/trigger_tests.yml b/.github/workflows/trigger_tests.yml
@@ -11,7 +11,7 @@ jobs:
     name: "trigger"
     runs-on: ubuntu-24.04
     steps:
-    - uses: actions/create-github-app-token@v2
+    - uses: actions/create-github-app-token@v3
       id: app-token
       with:
         app-id: ${{ vars.PLAYWRIGHT_APP_ID }}

diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -1,9 +1,22 @@
-# Microsoft Open Source Code of Conduct
-
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-
-Resources:
-
-- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
-- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
-- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
+# Code of Conduct
+
+This project expects respectful and constructive collaboration.
+
+## Expected behavior
+
+- Be respectful and professional.
+- Focus on technical facts, not personal attacks.
+- Assume good intent, ask clarifying questions, and provide actionable feedback.
+- Keep discussions inclusive and relevant to the project.
+
+## Unacceptable behavior
+
+- Harassment, insults, discrimination, or intimidation.
+- Repeated off-topic disruption or deliberate trolling.
+- Publishing private/sensitive information without consent.
+
+## Enforcement
+
+Maintainers may edit, hide, lock, or remove content that violates this code, and may restrict participation for repeated or severe violations.
+
+For concerns, contact repository maintainers privately through GitHub repository administration channels.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,158 +1,104 @@
 # Contributing
 
-## Choose an issue
+Thanks for contributing to Treegress Browser Core.
 
-Playwright **requires an issue** for every contribution, except for minor documentation updates. We strongly recommend
-to pick an issue
-labeled [open-to-a-pull-request](https://github.com/microsoft/playwright/issues?q=is%3Aissue%20state%3Aopen%20label%3Aopen-to-a-pull-request)
-for your first contribution to the project.
+## Before you start
 
-If you are passionate about a bug/feature, but cannot find an issue describing it, **file an issue first**. This will
-facilitate the discussion, and you might get some early feedback from project maintainers before spending your time on
-creating a pull request.
+1. Create or pick an issue first (except for small typo/docs-only fixes).
+2. Confirm your change belongs in this repository:
+- `treegress-browser-core` is the source of truth for snapshot, formatter, locator-plan and ref-resolution runtime behavior.
+- MCP wiring-only changes should usually go to `treegress-browser-mcp`.
 
-## Make a change
+## Local setup
+
+Requires Node.js 18+.
 
-Make sure you're running Node.js 20 or later.
 ```bash
 node --version
 ```
 
-Clone the repository. If you plan to send a pull request, it might be better to [fork the repository](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) first.
+Clone this repository:
+
 ```bash
-git clone https://github.com/microsoft/playwright
-cd playwright
+git clone https://github.com/MobiDev-Org/treegress-browser-core.git
+cd treegress-browser-core
 ```
 
-Install dependencies and run the build in watch mode.
+Install dependencies and start watch build:
+
 ```bash
 npm ci
 npm run watch
 npx playwright install
 ```
 
-Playwright is a multi-package repository that uses npm workspaces. For browser APIs, look at [`packages/playwright-core`](https://github.com/microsoft/playwright/blob/main/packages/playwright-core). For test runner, see [`packages/playwright`](https://github.com/microsoft/playwright/blob/main/packages/playwright).
-
-Note that some files are generated by the build, so the watch process might override your changes if done in the wrong file. For example, TypeScript types for the API are generated from the [`docs/src`](https://github.com/microsoft/playwright/blob/main/docs/src).
-
-Coding style is fully defined in [eslint.config.mjs](https://github.com/microsoft/playwright/blob/main/eslint.config.mjs). Before creating a pull request, or at any moment during development, run linter to check all kinds of things:
-  ```bash
-  npm run lint
-  ```
-
-Comments should have an explicit purpose and should improve readability rather than hinder it. If the code would not be understood without comments, consider re-writing the code to make it self-explanatory.
-
-### Write documentation
-
-Every part of the public API should be documented in [`docs/src`](https://github.com/microsoft/playwright/blob/main/docs/src), in the same change that adds/changes the API. We use markdown files with custom structure to specify the API. Take a look around for an example.
-
-Various other files are generated from the API specification. If you are running `npm run watch`, these will be re-generated automatically.
-
-Larger changes will require updates to the documentation guides as well. This will be made clear during the code review.
-
-## Add a test
-
-Playwright requires a test for almost any new or modified functionality. An exception would be a pure refactoring, but chances are you are doing more than that.
-
-There are multiple [test suites](https://github.com/microsoft/playwright/blob/main/tests) in Playwright that will be executed on the CI. The two most important that you need to run locally are:
-
-- Library tests cover APIs not related to the test runner.
-  ```bash
-  # fast path runs all tests in Chromium
-  npm run ctest
+## Where to make changes
 
-  # slow path runs all tests in three browsers
-  npm run test
-  ```
+Primary runtime areas:
 
-- Test runner tests.
-  ```bash
-  npm run ttest
-  ```
+- `packages/injected/src/*`
+- `packages/playwright-core/src/server/*`
+- `packages/playwright-core/src/tools/*`
 
-Since Playwright tests are using Playwright under the hood, everything from our documentation applies, for example [this guide on running and debugging tests](https://playwright.dev/docs/running-tests#running-tests).
+Do not duplicate long-term custom-dom runtime logic in other repositories when it can live here.
 
-Note that tests should be *hermetic*, and not depend on external services. Tests should work on all three platforms: macOS, Linux and Windows.
+## Tests
 
-## Write a commit message
+Run relevant tests before opening a PR.
 
-Commit messages should follow the [Semantic Commit Messages](https://www.conventionalcommits.org/en/v1.0.0/) format:
+Core/library path:
 
+```bash
+npm run ctest
+npm run ttest
 ```
-label(namespace): title
 
-description
+If you changed custom-dom runtime behavior, also run:
 
-footer
+```bash
+npm run test-custom-dom-prod-path
 ```
 
-1. *label* is one of the following:
-    - `fix` - bug fixes
-    - `feat` - new features
-    - `docs` - documentation-only changes
-    - `test` - test-only changes
-    - `devops` - changes to the CI or build
-    - `chore` - everything that doesn't fall under previous categories
-2. *namespace* is put in parentheses after label and is optional. Must be lowercase.
-3. *title* is a brief summary of changes.
-4. *description* is **optional**, new-line separated from title and is in present tense.
-5. *footer* is **optional**, new-line separated from *description* and contains "fixes" / "references" attribution to GitHub issues.
+## Documentation
 
-Example:
+If behavior or public-facing workflow changes, update docs in the same PR.
 
-```
-feat(trace viewer): network panel filtering
-
-This patch adds a filtering toolbar to the network panel.
-<link to a screenshot>
-
-Fixes #123, references #234.
-```
+At minimum, review:
 
-## Send a pull request
+- `README.md`
+- `DEVELOPING.md`
+- package README files under `packages/*`
 
-All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose.
-Make sure to keep your PR (diff) small and readable. If necessary, split your contribution into multiple PRs.
-Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests.
+## Commit messages
 
-After a successful code review, one of the maintainers will merge your pull request. Congratulations!
+Use conventional commits:
 
-## More details
-
-**No new dependencies**
-
-There is a very high bar for new dependencies, including updating to a new version of an existing dependency. We recommend to explicitly discuss this in an issue and get a green light from a maintainer, before creating a pull request that updates dependencies.
+```text
+label(namespace): title
+```
 
-**Custom browser build**
+Recommended labels: `fix`, `feat`, `docs`, `test`, `devops`, `chore`.
 
-To run tests with custom browser executable, specify `CRPATH`, `WKPATH` or `FFPATH` env variable that points to browser executable:
-```bash
-CRPATH=<path-to-executable> npm run ctest
-```
+## Pull request policy (strict)
 
-You will also find `DEBUG=pw:browser` useful for debugging custom-builds.
+All submissions require pull requests.
 
-**Building documentation site**
+Required for merge:
 
-The [playwright.dev](https://playwright.dev/) documentation site lives in a separate repository, and documentation from [`docs/src`](https://github.com/microsoft/playwright/blob/main/docs/src) is frequently rolled there.
+1. CI is green.
+2. Issue is linked.
+3. At least one explicit approval from project administration/maintainers.
+4. PR is merged by project administration/maintainers.
 
-Most of the time this should not concern you. However, if you are doing something unusual in the docs, you can build locally and test how your changes will look in practice:
-1. Clone the [microsoft/playwright.dev](https://github.com/microsoft/playwright.dev) repo.
-1. Follow [the playwright.dev README instructions to "roll docs"](https://github.com/microsoft/playwright.dev/#roll-docs) against your local `playwright` repo with your changes in progress.
-1. Follow [the playwright.dev README instructions to "run dev server"](https://github.com/microsoft/playwright.dev/#run-dev-server) to view your changes.
+Repository administrators must enforce this with branch protection rules on protected branches.
 
-## Contributor License Agreement
+## Dependency policy
 
-This project welcomes contributions and suggestions.  Most contributions require you to agree to a
-Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+There is a high bar for new dependencies and dependency upgrades.
 
-When you submit a pull request, a CLA bot will automatically determine whether you need to provide
-a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
-provided by the bot. You will only need to do this once across all repos using our CLA.
+Discuss dependency changes in an issue first and get maintainer approval before final review.
 
-### Code of Conduct
+## Security and conduct
 
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
-For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
-contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+- Security reports: see `SECURITY.md`.
+- Community behavior: see `CODE_OF_CONDUCT.md`.