fix(types): align callers with removed legacy config aliases

extensions/browser/src/browser/config.test.ts

@@ -1,4 +1,5 @@
 import { describe, expect, it } from "vitest";
+import type { BrowserConfig } from "../config/config.js";
 import { resolveUserPath } from "../utils.js";
 import { resolveBrowserConfig, resolveProfile, shouldStartLocalBrowserServer } from "./config.js";
 import { getBrowserProfileCapabilities } from "./profile-capabilities.js";
@@ -298,7 +299,7 @@ describe("browser config", () => {
         allowedHostnames: [" localhost ", ""],
         hostnameAllowlist: [" *.trusted.example ", " "],
       },
-    });
+    } as unknown as BrowserConfig);
     expect(resolved.ssrfPolicy).toEqual({
       dangerouslyAllowPrivateNetwork: true,
       allowedHostnames: ["localhost"],

extensions/browser/src/browser/config.ts

@@ -100,10 +100,13 @@ function normalizeStringList(raw: string[] | undefined): string[] | undefined {
 }
 
 function resolveBrowserSsrFPolicy(cfg: BrowserConfig | undefined): SsrFPolicy | undefined {
-  const allowPrivateNetwork = cfg?.ssrfPolicy?.allowPrivateNetwork;
-  const dangerouslyAllowPrivateNetwork = cfg?.ssrfPolicy?.dangerouslyAllowPrivateNetwork;
-  const allowedHostnames = normalizeStringList(cfg?.ssrfPolicy?.allowedHostnames);
-  const hostnameAllowlist = normalizeStringList(cfg?.ssrfPolicy?.hostnameAllowlist);
+  const rawPolicy = cfg?.ssrfPolicy as
+    | (BrowserConfig["ssrfPolicy"] & { allowPrivateNetwork?: boolean })
+    | undefined;
+  const allowPrivateNetwork = rawPolicy?.allowPrivateNetwork;
+  const dangerouslyAllowPrivateNetwork = rawPolicy?.dangerouslyAllowPrivateNetwork;
+  const allowedHostnames = normalizeStringList(rawPolicy?.allowedHostnames);
+  const hostnameAllowlist = normalizeStringList(rawPolicy?.hostnameAllowlist);
   const hasExplicitPrivateSetting =
     allowPrivateNetwork !== undefined || dangerouslyAllowPrivateNetwork !== undefined;
   // Browser defaults to trusted-network mode unless explicitly disabled by policy.