[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-80313":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":15,"stars7d":15,"stars30d":17,"stars90d":16,"forks30d":16,"starsTrendScore":18,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":24,"readmeContent":25,"aiSummary":26,"trendingCount":16,"starSnapshotCount":16,"syncStatus":17,"lastSyncTime":27,"discoverSource":28},80313,"chatgpt-portal","DenisSergeevitch\u002Fchatgpt-portal","DenisSergeevitch","Local browser bridge for exposing sanitized authenticated page snapshots to ChatGPT via Cloudflare Tunnel.","https:\u002F\u002Fshir-man.com\u002Fchatgpt-portal\u002F",null,"TypeScript",71,6,69,1,0,2,3,42.24,false,"main",true,[],"2026-06-12 04:01:27","# ChatGPT Portal Browser Bridge\n\nExpose sanitized authenticated browser snapshots to ChatGPT without sharing cookies, passwords, localStorage, or a raw reverse proxy into a private app. The tool is made for GPT Pro-series browsing and coding agents that need to inspect private pages through a local bridge with structured Markdown snapshots and controlled navigation\u002Fform-wizard actions.\n\nThe bridge runs locally on `127.0.0.1`, controls a dedicated Chrome profile through Chrome DevTools Protocol, and publishes only a tokenized HTML portal. For temporary public access, use share mode:\n\n```bash\nCHATGPT_PORTAL_ALLOWLIST=https:\u002F\u002Fintranet.example.com npm run share\n```\n\nDo not commit or share the generated session token, crawl database, Chrome profile, logs, or any `trycloudflare.com` URL after the session is over.\n\n## Install\n\n```bash\nnpm install\n```\n\n## Run\n\nSet an allowlist for the private origin or path you want this session to inspect, then run share mode:\n\n```bash\nCHATGPT_PORTAL_ALLOWLIST=https:\u002F\u002Fintranet.example.com npm run share\n```\n\nOptional settings:\n\n```bash\nCHATGPT_PORTAL_TARGET=https:\u002F\u002Fintranet.example.com\u002Fdashboard\nCHATGPT_PORTAL_PORT=7777\nCHATGPT_PORTAL_CDP_PORT=9222\nCHATGPT_PORTAL_ALLOW_SUBDOMAINS=1\nCHATGPT_PORTAL_UPLOAD_DIR=.local\u002Fuploads\nCHATGPT_PORTAL_TOKEN_TTL_MINUTES=240\nCHATGPT_PORTAL_NO_LAUNCH=1\n```\n\nAllowlisted hosts include their subdomains by default. For example, allowing `https:\u002F\u002Fexample.com` also allows `https:\u002F\u002Fapp.example.com`. Set `CHATGPT_PORTAL_ALLOW_SUBDOMAINS=0` when a session must stay on exact hostnames only.\n\nShare mode starts the local bridge, starts `cloudflared`, and prints the final URL to give ChatGPT:\n\n```text\nShare this URL with ChatGPT:\nhttps:\u002F\u002F\u003Crandom-name>.trycloudflare.com\u002Fs\u002F\u003Csession-token>\u002Fview\n```\n\n## ChatGPT Handoff Prompt\n\nReplace `\u003Ctokenized-portal-url>` with the exact URL printed by share mode:\n\n```text\nUse this ChatGPT Portal link to inspect the browser page I opened:\n\n\u003Ctokenized-portal-url>\n\nInstructions:\n- Start by opening the link and reading the current `\u002Fview` snapshot.\n- Prefer the `Structured markdown` section over flat visible text; it marks headings, links, buttons, forms, radio choices, inputs, selects, and upload fields.\n- Use only the portal's rendered links and actions, such as `\u002Fpage`, `\u002Fopen`, `\u002Flinks`, `\u002Fsearch`, `\u002Fcrawl`, safe `\u002Fclick` navigation controls, `\u002Fselect`, `\u002Ffill`, `\u002Ffiles`, and `\u002Fupload`.\n- You may select visible radio\u002Fcheckbox\u002Fselect controls, fill non-secret text fields and textareas, upload a file only after it has been prepared in the portal upload staging folder, and click navigation-like Continue\u002FNext controls when the user asks.\n- Do not ask for credentials, cookies, localStorage, sessionStorage, bearer tokens, CSRF values, browser profile files, or raw request headers.\n- Do not enter credentials or secrets into forms. Do not click final submit\u002Fsend\u002Fsave\u002Fpublish\u002Fapprove\u002Fdelete\u002Fcharge\u002Frefund\u002Finvite controls or other destructive\u002Fstate-changing controls.\n- If you need broader exploration, ask before using `\u002Fcrawl` with a large limit.\n- Summarize what you can see from sanitized snapshots and say when something is blocked by the portal safety model.\n```\n\nManual mode is still available if you want to run `cloudflared` yourself:\n\n```bash\nCHATGPT_PORTAL_ALLOWLIST=https:\u002F\u002Fintranet.example.com npm run dev\ncloudflared tunnel --url http:\u002F\u002F127.0.0.1:7777\n```\n\n## Routes\n\n```text\nGET \u002Fhealth\nGET \u002Fs\u002F:token\u002Fview\nGET \u002Fs\u002F:token\u002Fpage?url=\u003Cabsolute-or-relative-url>\nGET \u002Fs\u002F:token\u002Fopen?url=\u003Cabsolute-or-relative-url>\nGET \u002Fs\u002F:token\u002Flinks?url=\u003Cabsolute-or-relative-url>\nGET \u002Fs\u002F:token\u002Fcrawl?scope=\u003Curl-or-path>&limit=\u003Cnumber>\nGET \u002Fs\u002F:token\u002Fsearch?q=\u003Cquery>\nGET \u002Fs\u002F:token\u002Fclick?id=\u003Celement-id>\nGET \u002Fs\u002F:token\u002Fselect?id=\u003Ccontrol-id>[&value=\u003Coption-value>]\nGET \u002Fs\u002F:token\u002Ffill?id=\u003Ccontrol-id>&value=\u003Ctext>\nGET \u002Fs\u002F:token\u002Ffiles\nGET \u002Fs\u002F:token\u002Fupload?id=\u003Ccontrol-id>&file=\u003Cstaged-filename>\nPOST \u002Fshutdown?token=SESSION_TOKEN\n```\n\n## Safety Model\n\n- No raw reverse proxy into the authenticated site.\n- Snapshots expose structured Markdown plus plain visible text fallback, and strip cookies, bearer tokens, auth headers, localStorage, sessionStorage, hidden inputs, CSRF fields, password fields, scripts, and raw forms.\n- URL actions are restricted to the configured allowlist. Allowlisted hosts include subdomains by default; set `CHATGPT_PORTAL_ALLOW_SUBDOMAINS=0` for exact-host-only sessions.\n- Clicks are limited to navigation-like links, tabs, menus, pagination, and disclosure controls.\n- Controlled form actions can select radio\u002Fcheckbox\u002Fselect controls, fill non-secret text inputs and textareas, and set file inputs from the upload staging folder.\n- File uploads reject absolute paths and only accept filenames inside `CHATGPT_PORTAL_UPLOAD_DIR` (`.local\u002Fuploads` by default). Prepare the file there before using `\u002Fupload`.\n- Destructive\u002Faction controls are blocked by default, including delete, remove, send, invite, approve, charge, refund, reset, publish, save, submit, and download.\n- Local crawl\u002Fsearch state stays under `.local\u002F`, which is ignored by git.\n\n## Test\n\n```bash\nnpm run check\n```\n\nThis runs TypeScript compilation and Node tests for redaction, URL policy, action classification, controlled form rendering, and HTML escaping.\n","ChatGPT Portal Browser Bridge 是一个本地浏览器桥接工具，用于通过 Cloudflare Tunnel 向 ChatGPT 提供经过清理的认证页面快照。其核心功能包括在不共享 cookies、密码或 localStorage 的情况下，使 GPT Pro 系列浏览和编码代理能够检查私有页面，并通过结构化的 Markdown 快照进行受控导航和表单向导操作。该工具使用 TypeScript 编写，运行于本地环境，控制专用 Chrome 配置文件并通过 Chrome DevTools Protocol 与之交互。适用于需要在保证隐私安全的前提下，让 AI 模型辅助处理内部网络资源或敏感数据的场景。","2026-06-11 04:00:18","CREATED_QUERY"]