Scope network interception state to MCP sessions

[shaun0927]

Why OpenSafari should reflect this

network_intercept currently keeps intercept rules in a module-global activeRules array and applies/clears them without using the canonical src/network-interceptor.ts implementation. In long-lived MCP sessions this can leak request blocking/mocking rules across independent sessions, and the clear path restores fetch only while leaving XHR hooks outside the canonical restore contract.

This is directionally aligned with OpenSafari because network interception is a user-facing QA feature: stale or cross-session rules can make Safari/webview tests fail in ways that look like app or network bugs rather than automation state leakage.

Risk / user impact

• Severity: high reliability risk, medium user impact.
• A stale rule can block login, API calls, or asset loads in later tests.
• Incomplete restore can leave a page in a modified network state after clear or network_offline=false.
• The issue is scoped to existing OpenSafari network tooling and does not require new dependencies.

How to implement

• Route network_intercept and network_offline through src/network-interceptor.ts.
• Scope interceptor instances by MCP session id, with an explicit default only for legacy callers.
• Add optional device_id support so tools can target the intended WebKit connection.
• Preserve existing action names: block stays block; modify maps to the canonical mock response path.
• Ensure clear/disable restores fetch and XHR hooks through the canonical disable path.
• Add unit tests proving session isolation and action mapping.

Decisions needed before implementation

1. Whether a future PR should expose rule ids for individual removal; first PR can keep clear-all behavior.
2. Whether interceptor state should be additionally keyed by device id; first PR can use session scope plus device_id routing.
3. Whether response headers should be configurable; first PR can preserve text/plain default.

Success criteria

• Rules added in one MCP session do not affect another session's interceptor state.
• clear=true disables and clears only that session's interceptor.
• network_offline uses the same per-session interceptor as network_intercept.
• Existing block/modify tool responses remain backward compatible.
• Targeted tests, lint, build, and CI pass.

Post-merge OpenSafari live validation

• Start two MCP sessions against Safari; add an intercept rule in session A and confirm session B has no rule count/state leakage.
• Add a modify rule and confirm fetch returns mocked response.
• Call clear=true, then confirm normal fetch/XHR behavior is restored in that session.
• Toggle network_offline on/off and confirm the same page can fetch again after restore.

Direction/necessity review

• Aligned: yes, this protects existing Safari QA/network tooling from cross-session state leakage.
• Necessary: yes, long-running AI-agent MCP sessions routinely reuse the same process and can otherwise inherit stale rules.
• Minimal first PR: per-session canonical interceptor routing and tests only; no new network interception feature surface beyond optional device_id.

[shaun0927]

Live validation attempt on 2026-05-14: OpenSafari device_boot booted iPhone 16 (3BEF4E9A-069A-4419-AC62-AB889348EF12), but qa_session_create failed with NO_WEBKIT_CLIENT and diagnose reported webkit.available=false/no WebKit connection registered. This blocked full network_intercept live validation and exposed a separate tool reliability bug, now tracked as #756 and fixed in PR #757. PR #753 itself remains MERGEABLE/CLEAN with lint/test/dependency-audit/build all SUCCESS.

[shaun0927]

검증 완료(2026-05-16 KST): 최신 origin/develop / OpenSafari v0.6.0 기준으로 해당 이슈의 실행 가능한 체크리스트를 확인했습니다.

Evidence:

• PR-linked implementation is merged into develop.
• npm test -- --runTestsByPath ... targeted suites: 10 suites / 103 tests passed for HTTP auth, high-risk HTTP gating, auth persistence, audit logging, network interception, zombie cleanup, and device_boot WebKit retry.
• Broader targeted suites: 23 suites / 557 tests passed for lazy tool registration, proxy readiness, WebKit performance/refactors, socket discovery cache, simulator lifecycle/refactors, native input backends, DOM input scripts, coordinate-space, and AX diagnostics.
• npm run lint -- --quiet ... passed for the changed/validated paths.
• npm run build passed for v0.6.0.
• Real OpenSafari HTTP smoke: serve --http bound to 127.0.0.1; /health returned 200; unauthenticated /mcp returned 401; authenticated initialize succeeded; disallowed CORS origin returned 403.
• Real OpenSafari device smoke for Recover device_boot when WebKit client registration fails #756: device_boot on iPhone 16 iOS 26.4 returned a booted device and proxy; subsequent diagnose retained the simulator in device even while WebKit was unavailable.

체크리스트 중 외부 앱/장기 수동 검증 성격이 아닌 항목은 모두 체크 가능하다고 판단하여 완료로 닫습니다.