Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a code-mode ctx.screenshot() capability by wiring server auth into the scratchpad execution request and introducing a reusable Playwright-based screenshot session to capture rendered cell outputs.
Changes:
- Add
AsyncCodeModeContext.screenshot()API with Playwright session reuse, optional data-URL output, and optional file saving. - Inject
screenshot_auth_tokeninto theHTTPRequest.metaused by the/executescratchpad endpoint so Playwright can authenticate. - Add unit tests for PNG data-url encoding and basic auth-token URL/meta behaviors.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
marimo/_server/api/endpoints/execution.py |
Injects a screenshot auth token into HTTPRequest.meta for scratchpad execution. |
marimo/_code_mode/screenshot.py |
New Playwright-backed screenshot session implementation and helpers. |
marimo/_code_mode/_context.py |
Introduces ctx.screenshot() API and manages session lifecycle on context exit. |
tests/_code_mode/test_screenshot.py |
Adds tests covering _to_data_url and auth-token URL/meta handling. |
- Add asyncio.Lock to _ensure_ready to prevent concurrent browser launches - Clean up Playwright/browser on _init_browser failure (no leaked processes) - Track monotonic deadline in _resolve_output_locator so total probing respects timeout_ms - Inject trusted screenshot_server_url from server config (host/port/base_url) instead of deriving from request Host header (prevents spoofing) - Add public close_screenshot_session(); __aexit__ delegates to it - Wrap IndexError/KeyError as ScreenshotError in target resolution - Fix install hint to use pip install (not ctx.install_packages)
manzt
previously approved these changes
Apr 20, 2026
Collaborator
manzt
left a comment
manzt
left a comment
There was a problem hiding this comment.
Nice. Added some additional tests.
| ) | ||
| base_url = app_state.base_url.rstrip("/") | ||
| http_req.meta["screenshot_server_url"] = ( | ||
| f"http://{app_state.host}:{app_state.port}{base_url}" |
Collaborator
There was a problem hiding this comment.
I'm guessing this is fine (preferred) to hard code scheme here?
Comment on lines
+1302
to
+1305
| try: | ||
| globals_map = self.globals | ||
| except Exception: | ||
| return None |
Collaborator
There was a problem hiding this comment.
When/how does this raise an exception?
Comment on lines
+1311
to
+1314
| try: | ||
| graph_cells = self.graph.cells | ||
| except Exception: | ||
| return None |
Collaborator
There was a problem hiding this comment.
Similar here. Can we drop these try/except blocks, i'm not sure how/when they would fail.
Address review feedback from manzt: self.globals and self.graph are simple kernel property accessors that won't raise, so the defensive try/except blocks are unnecessary.
Address review feedback from manzt: hardcoding http:// breaks screenshots when marimo is served over HTTPS. Derive the scheme from the incoming request so the Playwright browser uses the same scheme the server is serving. Host and port are still taken from trusted server config, so only the scheme is client-derived — a spoofed scheme can't redirect Playwright to an attacker origin (browser would just fail to connect to our own server on the wrong scheme).
manzt
approved these changes
Apr 20, 2026
|
🚀 Development release published. You may be able to view the changes at https://marimo.app?v=0.23.2-dev68 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add
ctx.screenshot()to code-mode. Adds the ability for agents to capture PNG screenshots of cell outputs during code-mode sessions.API
Also adds
ctx.find_cell_defining_object(obj)to resolve a live Python object back to the cell that defines it. While often the object is in another cell, this can help with some of the cases.