Skip to content

feat: add sensitiveData field to v3 SDK #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sauravpanda wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add sensitiveData field to v3 SDK #132

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
77fb17e
feat: add sensitiveData field to v3 SDK
sauravpanda Apr 10, 2026
1e58d20
fix: add missing sensitive_data param to AsyncBrowserUse.run() and bu…
sauravpanda Apr 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion browser-use-node/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "browser-use-sdk",
"version": "3.4.2",
"version": "3.4.3",
"description": "Official TypeScript SDK for the Browser Use API",
"author": "Browser Use",
"license": "MIT",
Expand Down
7 changes: 7 additions & 0 deletions browser-use-node/src/generated/v3/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1128,6 +1128,13 @@ export interface components {
* @default false
*/
enableScheduledTasks: boolean;
/**
* Sensitivedata
* @description Key-value pairs of sensitive data (e.g. passwords, API keys) that the agent can use via secure placeholders. Keys are exposed to the LLM; values are never shown. The agent uses `<secret>key</secret>` placeholders in browser_type_text to securely enter values. WARNING: sensitive data may be visible in screenshots if the page renders values in unmasked form fields.
*/
sensitiveData?: {
[key: string]: string;
} | null;
/**
* Enablerecording
* @description If true, records a video of the browser session. The recording URLs will be available in the `recordingUrls` field of the session response after the task completes.
Expand Down
2 changes: 1 addition & 1 deletion browser-use-python/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "hatchling.build"

[project]
name = "browser-use-sdk"
version = "3.4.2"
version = "3.4.3"
description = "Python SDK for the Browser Use cloud API"
readme = "README.md"
license = "MIT"
Expand Down
6 changes: 6 additions & 0 deletions browser-use-python/src/browser_use_sdk/generated/v3/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -747,6 +747,12 @@ class RunTaskRequest(BaseModel):
description='If true, the agent can create scheduled tasks that run on a recurring basis (e.g. "every Monday morning, check my inbox and summarize new emails"). Scheduled tasks are tied to your project and persist beyond the session. Note: all scheduled tasks are visible project-wide, so avoid enabling this in multi-user setups where task isolation is needed.',
title='Enablescheduledtasks',
)
sensitive_data: Dict[str, str] | None = Field(
None,
alias='sensitiveData',
description='Key-value pairs of sensitive data (e.g. passwords, API keys) that the agent can use via secure placeholders. Keys are exposed to the LLM; values are never shown. The agent uses `<secret>key</secret>` placeholders in browser_type_text to securely enter values. WARNING: sensitive data may be visible in screenshots if the page renders values in unmasked form fields.',
title='Sensitivedata',
)
enable_recording: bool | None = Field(
False,
alias='enableRecording',
Expand Down
7 changes: 7 additions & 0 deletions browser-use-python/src/browser_use_sdk/v3/client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ def run(
profile_id: str | None = ...,
proxy_country_code: str | None = ...,
workspace_id: str | None = ...,
sensitive_data: dict[str, str] | None = ...,
enable_recording: bool | None = ...,
cache_script: bool | None = ...,
**extra: Any,
Expand All @@ -114,6 +115,7 @@ def run(
profile_id: str | None = None,
proxy_country_code: str | None = _UNSET, # type: ignore[assignment]
workspace_id: str | None = None,
sensitive_data: dict[str, str] | None = None,
enable_recording: bool | None = None,
cache_script: bool | None = None,
**extra: Any,
Expand Down Expand Up @@ -156,6 +158,7 @@ def run(
proxy_country_code=proxy_country_code,
output_schema=schema_dict,
workspace_id=workspace_id,
sensitive_data=sensitive_data,
Comment thread
cubic-dev-ai[bot] marked this conversation as resolved.
enable_recording=enable_recording,
cache_script=cache_script,
**extra,
Expand All @@ -175,6 +178,7 @@ def stream(
profile_id: str | None = None,
proxy_country_code: str | None = _UNSET, # type: ignore[assignment]
workspace_id: str | None = None,
sensitive_data: dict[str, str] | None = None,
enable_recording: bool | None = None,
cache_script: bool | None = None,
**extra: Any,
Expand Down Expand Up @@ -222,6 +226,7 @@ def stream(
proxy_country_code=proxy_country_code,
output_schema=schema_dict,
workspace_id=workspace_id,
sensitive_data=sensitive_data,
enable_recording=enable_recording,
cache_script=cache_script,
**extra,
Expand Down Expand Up @@ -331,6 +336,7 @@ def run(
profile_id: str | None = None,
proxy_country_code: str | None = _UNSET, # type: ignore[assignment]
workspace_id: str | None = None,
sensitive_data: dict[str, str] | None = None,
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot Apr 10, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: sensitive_data was added to the concrete run() signature but not to all @overload signatures, causing incorrect type-checker errors for valid calls.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At browser-use-python/src/browser_use_sdk/v3/client.py, line 339:

<comment>`sensitive_data` was added to the concrete `run()` signature but not to all `@overload` signatures, causing incorrect type-checker errors for valid calls.</comment>

<file context>
@@ -336,6 +336,7 @@ def run(
         profile_id: str | None = None,
         proxy_country_code: str | None = _UNSET,  # type: ignore[assignment]
         workspace_id: str | None = None,
+        sensitive_data: dict[str, str] | None = None,
         enable_recording: bool | None = None,
         cache_script: bool | None = None,
</file context>
Fix with Cubic

enable_recording: bool | None = None,
cache_script: bool | None = None,
**extra: Any,
Expand Down Expand Up @@ -384,6 +390,7 @@ async def create_fn() -> SessionResponse:
proxy_country_code=proxy_country_code,
output_schema=schema_dict,
workspace_id=workspace_id,
sensitive_data=sensitive_data,
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Add missing sensitive_data parameter to AsyncBrowserUse.run

AsyncBrowserUse.run() now forwards sensitive_data into self.sessions.create(...), but the method signature never defines sensitive_data, so this name is unresolved in the closure and raises NameError when the async run is executed. This breaks AsyncBrowserUse.run() for normal usage (even when callers do not pass sensitive data), and also makes the new field unusable from the async client.

Useful? React with 👍 / 👎.

enable_recording=enable_recording,
cache_script=cache_script,
**extra,
Expand Down
6 changes: 6 additions & 0 deletions browser-use-python/src/browser_use_sdk/v3/resources/sessions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ def create(
output_schema: dict[str, Any] | None = None,
workspace_id: str | None = None,
enable_scheduled_tasks: bool | None = None,
sensitive_data: dict[str, str] | None = None,
enable_recording: bool | None = None,
cache_script: bool | None = None,
**extra: Any,
Expand All @@ -59,6 +60,8 @@ def create(
body["workspaceId"] = workspace_id
if enable_scheduled_tasks is not None:
body["enableScheduledTasks"] = enable_scheduled_tasks
if sensitive_data is not None:
body["sensitiveData"] = sensitive_data
if enable_recording is not None:
body["enableRecording"] = enable_recording
if cache_script is not None:
Expand Down Expand Up @@ -170,6 +173,7 @@ async def create(
output_schema: dict[str, Any] | None = None,
workspace_id: str | None = None,
enable_scheduled_tasks: bool | None = None,
sensitive_data: dict[str, str] | None = None,
enable_recording: bool | None = None,
cache_script: bool | None = None,
**extra: Any,
Expand All @@ -196,6 +200,8 @@ async def create(
body["workspaceId"] = workspace_id
if enable_scheduled_tasks is not None:
body["enableScheduledTasks"] = enable_scheduled_tasks
if sensitive_data is not None:
body["sensitiveData"] = sensitive_data
if enable_recording is not None:
body["enableRecording"] = enable_recording
if cache_script is not None:
Expand Down
2 changes: 1 addition & 1 deletion browser-use-python/uv.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

27 changes: 27 additions & 0 deletions docs/cloud/openapi/v3.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2998,6 +2998,21 @@
"description": "If true, the agent can create scheduled tasks that run on a recurring basis (e.g. \"every Monday morning, check my inbox and summarize new emails\"). Scheduled tasks are tied to your project and persist beyond the session. Note: all scheduled tasks are visible project-wide, so avoid enabling this in multi-user setups where task isolation is needed.",
"default": false
},
"sensitiveData": {
"anyOf": [
{
"additionalProperties": {
"type": "string"
},
"type": "object"
},
{
"type": "null"
}
],
"title": "Sensitivedata",
"description": "Key-value pairs of sensitive data (e.g. passwords, API keys) that the agent can use via secure placeholders. Keys are exposed to the LLM; values are never shown. The agent uses `<secret>key</secret>` placeholders in browser_type_text to securely enter values. WARNING: sensitive data may be visible in screenshots if the page renders values in unmasked form fields."
},
"enableRecording": {
"type": "boolean",
"title": "Enablerecording",
Expand Down Expand Up @@ -3027,6 +3042,18 @@
],
"title": "Cachescript",
"description": "Controls deterministic script caching. `null` (default): auto-detected \u2014 enabled when the task contains `@{{value}}` brackets and a workspace is attached. `true`: force-enable script caching even without brackets (caches the exact task). `false`: force-disable, even if brackets are present. When active, the first call runs the full agent and saves a reusable script. Subsequent calls with the same task template execute the cached script with $0 LLM cost. Requires workspace_id when enabled. Example: \"Get prices from @{{https://example.com}} for @{{electronics}}\"."
},
"useOwnKey": {
"type": "boolean",
"title": "Useownkey",
"description": "If true, uses your own LLM API key (configured in project settings) instead of Browser Use managed keys. You pay your provider directly for inference; Browser Use charges a reduced orchestration fee (0.2\u00d7 of provider list prices). If no key is configured for the model's provider, the request is rejected.",
"default": false
},
"autoHeal": {
"type": "boolean",
"title": "Autoheal",
"description": "When cache_script is active, controls whether a lightweight LLM validates the cached script output. If the output looks incorrect (empty, error, wrong structure), the system automatically re-triggers the full agent to generate a new version of the script. Set to false to disable validation and always return the raw script output.",
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot Apr 10, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P3: The new autoHeal description references cache_script, but the request field is cacheScript; use the actual camelCase field name to avoid misleading API docs.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At docs/cloud/openapi/v3.json, line 3055:

<comment>The new `autoHeal` description references `cache_script`, but the request field is `cacheScript`; use the actual camelCase field name to avoid misleading API docs.</comment>

<file context>
@@ -3027,6 +3042,18 @@
+                    "autoHeal": {
+                        "type": "boolean",
+                        "title": "Autoheal",
+                        "description": "When cache_script is active, controls whether a lightweight LLM validates the cached script output. If the output looks incorrect (empty, error, wrong structure), the system automatically re-triggers the full agent to generate a new version of the script. Set to false to disable validation and always return the raw script output.",
+                        "default": true
                     }
</file context>
Suggested change
"description": "When cache_script is active, controls whether a lightweight LLM validates the cached script output. If the output looks incorrect (empty, error, wrong structure), the system automatically re-triggers the full agent to generate a new version of the script. Set to false to disable validation and always return the raw script output.",
"description": "When cacheScript is active, controls whether a lightweight LLM validates the cached script output. If the output looks incorrect (empty, error, wrong structure), the system automatically re-triggers the full agent to generate a new version of the script. Set to false to disable validation and always return the raw script output.",
Fix with Cubic

"default": true
}
},
"type": "object",
Expand Down
15 changes: 15 additions & 0 deletions docs/openapi/v3.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2999,6 +2999,21 @@
"description": "If true, the agent can create scheduled tasks that run on a recurring basis (e.g. \"every Monday morning, check my inbox and summarize new emails\"). Scheduled tasks are tied to your project and persist beyond the session. Note: all scheduled tasks are visible project-wide, so avoid enabling this in multi-user setups where task isolation is needed.",
"default": false
},
"sensitiveData": {
"anyOf": [
{
"additionalProperties": {
"type": "string"
},
"type": "object"
},
{
"type": "null"
}
],
"title": "Sensitivedata",
"description": "Key-value pairs of sensitive data (e.g. passwords, API keys) that the agent can use via secure placeholders. Keys are exposed to the LLM; values are never shown. The agent uses `<secret>key</secret>` placeholders in browser_type_text to securely enter values. WARNING: sensitive data may be visible in screenshots if the page renders values in unmasked form fields."
},
"enableRecording": {
"type": "boolean",
"title": "Enablerecording",
Expand Down
Loading