@agenticmail/enterprise 0.5.237 → 0.5.239

package/dist/runtime-2AQSHJKC.js

@@ -0,0 +1,45 @@
+import {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  runAgentLoop,
+  toolsToDefinitions
+} from "./chunk-FORLAPWB.js";
+import {
+  PROVIDER_REGISTRY,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider
+} from "./chunk-UF3ZJMJO.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  PROVIDER_REGISTRY,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider,
+  runAgentLoop,
+  toolsToDefinitions
+};

package/dist/runtime-A7DA7F74.js

@@ -0,0 +1,45 @@
+import {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  runAgentLoop,
+  toolsToDefinitions
+} from "./chunk-J3J5XEWS.js";
+import {
+  PROVIDER_REGISTRY,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider
+} from "./chunk-UF3ZJMJO.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  PROVIDER_REGISTRY,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider,
+  runAgentLoop,
+  toolsToDefinitions
+};

package/dist/server-IQME5P6B.js

@@ -0,0 +1,15 @@
+import {
+  createServer
+} from "./chunk-DD36VGKL.js";
+import "./chunk-OF4MUWWS.js";
+import "./chunk-UF3ZJMJO.js";
+import "./chunk-3OC6RH7W.js";
+import "./chunk-2DDKGTD6.js";
+import "./chunk-YVK6F5OD.js";
+import "./chunk-MKRNEM5A.js";
+import "./chunk-DRXMYYKN.js";
+import "./chunk-6WSX7QXF.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createServer
+};

package/dist/server-VXVRSEFL.js

@@ -0,0 +1,15 @@
+import {
+  createServer
+} from "./chunk-MCQ2Q4SC.js";
+import "./chunk-OF4MUWWS.js";
+import "./chunk-UF3ZJMJO.js";
+import "./chunk-3OC6RH7W.js";
+import "./chunk-2DDKGTD6.js";
+import "./chunk-YVK6F5OD.js";
+import "./chunk-MKRNEM5A.js";
+import "./chunk-DRXMYYKN.js";
+import "./chunk-6WSX7QXF.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createServer
+};

package/dist/setup-AEBSFYUE.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-TCQTHG7L.js";
+import "./chunk-ULRBF2T7.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/dist/setup-OBCJB3R6.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-T4DN77PH.js";
+import "./chunk-ULRBF2T7.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.237",
+  "version": "0.5.239",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {
@@ -16,7 +16,7 @@
     }
   },
   "scripts": {
-    "build": "tsup src/index.ts src/cli.ts src/registry/cli.ts --format esm --external better-sqlite3 --external mongodb --external mysql2 --external @libsql/client --external @aws-sdk/client-dynamodb --external @aws-sdk/lib-dynamodb --external @aws-sdk/client-s3 --external @aws-sdk/s3-request-presigner --external @google-cloud/storage --external @azure/storage-blob --external @mozilla/readability --external imapflow --external nodemailer --external linkedom --external postgres --external playwright-core --external ws --external express && mkdir -p dist/dashboard/components dist/dashboard/pages dist/dashboard/vendor dist/dashboard/assets dist/registry && cp src/dashboard/index.html dist/dashboard/ && cp src/dashboard/app.js dist/dashboard/ && cp src/dashboard/components/*.js dist/dashboard/components/ && cp src/dashboard/pages/*.js dist/dashboard/pages/ && rm -rf dist/dashboard/pages/agent-detail && cp -r src/dashboard/pages/agent-detail dist/dashboard/pages/agent-detail && cp src/dashboard/vendor/*.js dist/dashboard/vendor/ && cp -r src/dashboard/assets/* dist/dashboard/assets/ && mkdir -p dist/dashboard/data && cp src/dashboard/data/*.js dist/dashboard/data/ && mkdir -p dist/assets && cp src/engine/assets/* dist/assets/ && cp src/engine/soul-templates.json dist/",
+    "build": "tsup src/index.ts src/cli.ts src/registry/cli.ts --format esm --external better-sqlite3 --external mongodb --external mysql2 --external @libsql/client --external @aws-sdk/client-dynamodb --external @aws-sdk/lib-dynamodb --external @aws-sdk/client-s3 --external @aws-sdk/s3-request-presigner --external @google-cloud/storage --external @azure/storage-blob --external @mozilla/readability --external imapflow --external nodemailer --external linkedom --external postgres --external playwright-core --external ws --external express && mkdir -p dist/dashboard/components dist/dashboard/pages dist/dashboard/vendor dist/dashboard/assets dist/registry && cp src/dashboard/index.html dist/dashboard/ && cp src/dashboard/app.js dist/dashboard/ && cp src/dashboard/components/*.js dist/dashboard/components/ && cp src/dashboard/pages/*.js dist/dashboard/pages/ && rm -rf dist/dashboard/pages/agent-detail && cp -r src/dashboard/pages/agent-detail dist/dashboard/pages/agent-detail && cp src/dashboard/vendor/*.js dist/dashboard/vendor/ && cp -r src/dashboard/assets/* dist/dashboard/assets/ && mkdir -p dist/dashboard/data && cp src/dashboard/data/*.js dist/dashboard/data/ && mkdir -p dist/dashboard/docs && cp src/dashboard/docs/*.html dist/dashboard/docs/ && mkdir -p dist/assets && cp src/engine/assets/* dist/assets/ && cp src/engine/soul-templates.json dist/",
     "dev": "npm run build && node --watch start-live.mjs",
     "rebuild": "npm run build && pm2 restart enterprise"
   },

package/src/agent-tools/tools/browser.ts

@@ -217,6 +217,373 @@ export async function ensureBrowser(headless: boolean, agentId: string, useChrom
   }
 }
 
+// ═══════════════════════════════════════════════════════════
+// Cloud/Remote Browser Provider Integration
+// ═══════════════════════════════════════════════════════════
+
+/** Browser config from managed agent settings */
+export interface BrowserProviderConfig {
+  provider?: 'local' | 'remote-cdp' | 'browserless' | 'browserbase' | 'steel' | 'scrapingbee';
+  enabled?: boolean;
+  headless?: boolean;
+  // Remote CDP
+  cdpUrl?: string;
+  cdpAuthToken?: string;
+  cdpTimeout?: number;
+  sshTunnel?: string;
+  // Browserless
+  browserlessToken?: string;
+  browserlessEndpoint?: string;
+  browserlessConcurrency?: number;
+  browserlessStealth?: boolean;
+  browserlessProxy?: string;
+  // Browserbase
+  browserbaseApiKey?: string;
+  browserbaseProjectId?: string;
+  browserbaseRecording?: boolean;
+  browserbaseKeepAlive?: boolean;
+  // Steel
+  steelApiKey?: string;
+  steelEndpoint?: string;
+  steelSessionDuration?: number;
+  // ScrapingBee
+  scrapingbeeApiKey?: string;
+  scrapingbeeJsRendering?: boolean;
+  scrapingbeePremiumProxy?: boolean;
+  scrapingbeeCountry?: string;
+  // Local overrides
+  executablePath?: string;
+  userDataDir?: string;
+  extraArgs?: string[];
+  // Security
+  timeoutMs?: number;
+  maxPages?: number;
+  blockedDomains?: string[];
+  allowedDomains?: string[];
+}
+
+/** Active SSH tunnel process tracking */
+var activeSshTunnels = new Map<string, any>();
+
+/**
+ * Establish SSH tunnel if configured. Runs ssh in background and waits
+ * for the port to become available. Kills stale tunnels automatically.
+ */
+async function ensureSshTunnel(tunnelCmd: string, agentId: string): Promise<void> {
+  var tunnelKey = `ssh-tunnel:${agentId}`;
+  var existing = activeSshTunnels.get(tunnelKey);
+  if (existing && !existing.killed) {
+    // Tunnel already running — verify it's alive
+    try {
+      existing.kill(0); // Signal 0 just checks process existence
+      return;
+    } catch {
+      activeSshTunnels.delete(tunnelKey);
+    }
+  }
+
+  console.log(`[browser] Establishing SSH tunnel for ${agentId}: ${tunnelCmd}`);
+  const { spawn } = await import('node:child_process');
+  
+  // Parse tunnel command — extract just the SSH args, ignore "ssh" prefix
+  var args = tunnelCmd.replace(/^ssh\s+/, '').split(/\s+/).filter(Boolean);
+  // Add -N (no remote command) and -f would daemonize but we manage it ourselves
+  if (!args.includes('-N')) args.push('-N');
+  // Add StrictHostKeyChecking=accept-new for first-time connections
+  if (!args.some(a => a.includes('StrictHostKeyChecking'))) {
+    args.push('-o', 'StrictHostKeyChecking=accept-new');
+  }
+  // Add ServerAliveInterval to keep tunnel alive
+  if (!args.some(a => a.includes('ServerAliveInterval'))) {
+    args.push('-o', 'ServerAliveInterval=30');
+  }
+
+  var proc = spawn('ssh', args, { stdio: 'pipe', detached: false });
+  activeSshTunnels.set(tunnelKey, proc);
+
+  proc.on('exit', () => { activeSshTunnels.delete(tunnelKey); });
+  proc.on('error', (err: any) => {
+    console.error(`[browser] SSH tunnel error for ${agentId}:`, err.message);
+    activeSshTunnels.delete(tunnelKey);
+  });
+
+  // Wait for tunnel to be ready (port becomes connectable)
+  // Extract local port from -L flag: -L localPort:host:remotePort
+  var localPortMatch = tunnelCmd.match(/-L\s*(\d+):/);
+  if (localPortMatch) {
+    var port = parseInt(localPortMatch[1]);
+    var maxWait = 15000;
+    var start = Date.now();
+    const net = await import('node:net');
+    while (Date.now() - start < maxWait) {
+      var connected = await new Promise<boolean>((resolve) => {
+        var sock = net.connect({ port, host: '127.0.0.1' }, () => { sock.destroy(); resolve(true); });
+        sock.on('error', () => resolve(false));
+        sock.setTimeout(1000, () => { sock.destroy(); resolve(false); });
+      });
+      if (connected) {
+        console.log(`[browser] SSH tunnel ready on port ${port} for ${agentId}`);
+        return;
+      }
+      await new Promise(r => setTimeout(r, 500));
+    }
+    console.warn(`[browser] SSH tunnel port ${port} not ready after ${maxWait}ms — proceeding anyway`);
+  } else {
+    // No -L flag found, just wait a bit for the tunnel to establish
+    await new Promise(r => setTimeout(r, 3000));
+  }
+}
+
+/**
+ * Connect to a remote browser via Chrome DevTools Protocol.
+ * Supports direct WebSocket connections and SSH tunneling.
+ */
+async function connectRemoteCDP(cfg: BrowserProviderConfig, agentId: string): Promise<{ page: any }> {
+  var contextKey = `${agentId}:remote-cdp`;
+  var existing = agentContexts.get(contextKey);
+  if (existing) { existing.lastUsed = Date.now(); return { page: existing.page }; }
+
+  // Establish SSH tunnel if configured
+  if (cfg.sshTunnel) {
+    await ensureSshTunnel(cfg.sshTunnel, agentId);
+  }
+
+  var pw = await import('playwright');
+  var cdpUrl = cfg.cdpUrl;
+  if (!cdpUrl) throw new Error('CDP WebSocket URL not configured. Go to Settings → Browser → Remote CDP and enter the WebSocket URL.');
+
+  // If user provided a bare host:port, auto-discover the WebSocket URL
+  if (!cdpUrl.startsWith('ws://') && !cdpUrl.startsWith('wss://')) {
+    // Treat as http endpoint — query /json/version for the real WS URL
+    var httpUrl = cdpUrl.startsWith('http') ? cdpUrl : `http://${cdpUrl}`;
+    if (!httpUrl.includes('/json/version')) httpUrl = httpUrl.replace(/\/$/, '') + '/json/version';
+    try {
+      var resp = await fetch(httpUrl, {
+        signal: AbortSignal.timeout(cfg.cdpTimeout || 10000),
+        headers: cfg.cdpAuthToken ? { 'Authorization': `Bearer ${cfg.cdpAuthToken}` } : {},
+      });
+      var versionData = await resp.json() as any;
+      cdpUrl = versionData.webSocketDebuggerUrl;
+      if (!cdpUrl) throw new Error('No webSocketDebuggerUrl in /json/version response');
+      console.log(`[browser] Auto-discovered CDP WebSocket: ${cdpUrl}`);
+    } catch (e: any) {
+      throw new Error(`Cannot discover CDP endpoint from ${httpUrl}: ${e.message}. Provide a full ws:// URL instead.`);
+    }
+  }
+
+  var timeout = cfg.cdpTimeout || 30000;
+  var headers: Record<string, string> = {};
+  if (cfg.cdpAuthToken) headers['Authorization'] = `Bearer ${cfg.cdpAuthToken}`;
+
+  console.log(`[browser] Connecting to remote CDP: ${cdpUrl} (agent: ${agentId})`);
+  var browser = await pw.chromium.connectOverCDP(cdpUrl, { timeout, headers });
+  var contexts = browser.contexts();
+  var context = contexts[0] || await browser.newContext({
+    viewport: { width: DEFAULT_VIEWPORT_WIDTH, height: DEFAULT_VIEWPORT_HEIGHT },
+  });
+  var page = context.pages()[0] || await context.newPage();
+
+  agentContexts.set(contextKey, { context: browser, page, lastUsed: Date.now() });
+  startIdleCleanup();
+  console.log(`[browser] Connected to remote CDP for ${agentId}`);
+  return { page };
+}
+
+/**
+ * Connect to Browserless.io cloud browser service.
+ * Creates a new session via WebSocket using the API token.
+ */
+async function connectBrowserless(cfg: BrowserProviderConfig, agentId: string): Promise<{ page: any }> {
+  var contextKey = `${agentId}:browserless`;
+  var existing = agentContexts.get(contextKey);
+  if (existing) { existing.lastUsed = Date.now(); return { page: existing.page }; }
+
+  if (!cfg.browserlessToken) throw new Error('Browserless API token not configured. Go to Settings → Browser and enter your token.');
+
+  var pw = await import('playwright');
+  var endpoint = cfg.browserlessEndpoint || 'wss://chrome.browserless.io';
+  // Normalize endpoint — ensure it's a WebSocket URL
+  if (endpoint.startsWith('http://')) endpoint = endpoint.replace('http://', 'ws://');
+  if (endpoint.startsWith('https://')) endpoint = endpoint.replace('https://', 'wss://');
+  if (!endpoint.startsWith('ws://') && !endpoint.startsWith('wss://')) endpoint = 'wss://' + endpoint;
+
+  // Build connection URL with token and options
+  var connectUrl = `${endpoint}?token=${encodeURIComponent(cfg.browserlessToken)}`;
+  if (cfg.browserlessStealth) connectUrl += '&stealth';
+  if (cfg.browserlessProxy) connectUrl += `&--proxy-server=${encodeURIComponent(cfg.browserlessProxy)}`;
+
+  console.log(`[browser] Connecting to Browserless for ${agentId}`);
+  var browser = await pw.chromium.connectOverCDP(connectUrl, { timeout: 30000 });
+  var context = await browser.newContext({
+    viewport: { width: DEFAULT_VIEWPORT_WIDTH, height: DEFAULT_VIEWPORT_HEIGHT },
+  });
+  var page = await context.newPage();
+
+  agentContexts.set(contextKey, { context: browser, page, lastUsed: Date.now() });
+  startIdleCleanup();
+  console.log(`[browser] Connected to Browserless for ${agentId}`);
+  return { page };
+}
+
+/**
+ * Connect to Browserbase cloud browser.
+ * Creates a session via REST API, then connects via CDP WebSocket.
+ */
+async function connectBrowserbase(cfg: BrowserProviderConfig, agentId: string): Promise<{ page: any }> {
+  var contextKey = `${agentId}:browserbase`;
+  var existing = agentContexts.get(contextKey);
+  if (existing) { existing.lastUsed = Date.now(); return { page: existing.page }; }
+
+  if (!cfg.browserbaseApiKey) throw new Error('Browserbase API key not configured. Go to Settings → Browser and enter your API key.');
+  if (!cfg.browserbaseProjectId) throw new Error('Browserbase Project ID not configured. Go to Settings → Browser and enter your project ID.');
+
+  // Step 1: Create a session via REST
+  console.log(`[browser] Creating Browserbase session for ${agentId}`);
+  var sessionResp = await fetch('https://www.browserbase.com/v1/sessions', {
+    method: 'POST',
+    headers: { 'x-bb-api-key': cfg.browserbaseApiKey, 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      projectId: cfg.browserbaseProjectId,
+      browserSettings: {
+        recordSession: cfg.browserbaseRecording !== false,
+      },
+      keepAlive: cfg.browserbaseKeepAlive || false,
+    }),
+    signal: AbortSignal.timeout(15000),
+  });
+  if (!sessionResp.ok) {
+    var errBody = await sessionResp.text().catch(() => '');
+    throw new Error(`Browserbase session creation failed (${sessionResp.status}): ${errBody}`);
+  }
+  var sessionData = await sessionResp.json() as any;
+  var connectUrl = sessionData.connectUrl || `wss://connect.browserbase.com?apiKey=${cfg.browserbaseApiKey}&sessionId=${sessionData.id}`;
+
+  // Step 2: Connect via CDP
+  var pw = await import('playwright');
+  var browser = await pw.chromium.connectOverCDP(connectUrl, { timeout: 30000 });
+  var context = browser.contexts()[0] || await browser.newContext({
+    viewport: { width: DEFAULT_VIEWPORT_WIDTH, height: DEFAULT_VIEWPORT_HEIGHT },
+  });
+  var page = context.pages()[0] || await context.newPage();
+
+  agentContexts.set(contextKey, { context: browser, page, lastUsed: Date.now() });
+  startIdleCleanup();
+  console.log(`[browser] Connected to Browserbase session ${sessionData.id} for ${agentId}`);
+  return { page };
+}
+
+/**
+ * Connect to Steel.dev browser API.
+ * Creates a session, then connects via CDP WebSocket.
+ */
+async function connectSteel(cfg: BrowserProviderConfig, agentId: string): Promise<{ page: any }> {
+  var contextKey = `${agentId}:steel`;
+  var existing = agentContexts.get(contextKey);
+  if (existing) { existing.lastUsed = Date.now(); return { page: existing.page }; }
+
+  if (!cfg.steelApiKey) throw new Error('Steel API key not configured. Go to Settings → Browser and enter your API key.');
+
+  var endpoint = cfg.steelEndpoint || 'https://api.steel.dev';
+  var duration = (cfg.steelSessionDuration || 15) * 60; // convert min to seconds
+
+  // Step 1: Create session
+  console.log(`[browser] Creating Steel session for ${agentId}`);
+  var sessionResp = await fetch(`${endpoint}/v1/sessions`, {
+    method: 'POST',
+    headers: { 'Authorization': `Bearer ${cfg.steelApiKey}`, 'Content-Type': 'application/json' },
+    body: JSON.stringify({ timeout: duration, useProxy: false }),
+    signal: AbortSignal.timeout(15000),
+  });
+  if (!sessionResp.ok) {
+    var errBody = await sessionResp.text().catch(() => '');
+    throw new Error(`Steel session creation failed (${sessionResp.status}): ${errBody}`);
+  }
+  var sessionData = await sessionResp.json() as any;
+  var connectUrl = sessionData.connectUrl || sessionData.websocketUrl || sessionData.cdpUrl;
+  if (!connectUrl) throw new Error('Steel session created but no connection URL returned');
+
+  // Step 2: Connect via CDP
+  var pw = await import('playwright');
+  var browser = await pw.chromium.connectOverCDP(connectUrl, { timeout: 30000 });
+  var context = browser.contexts()[0] || await browser.newContext({
+    viewport: { width: DEFAULT_VIEWPORT_WIDTH, height: DEFAULT_VIEWPORT_HEIGHT },
+  });
+  var page = context.pages()[0] || await context.newPage();
+
+  agentContexts.set(contextKey, { context: browser, page, lastUsed: Date.now() });
+  startIdleCleanup();
+  console.log(`[browser] Connected to Steel session ${sessionData.id} for ${agentId}`);
+  return { page };
+}
+
+/**
+ * ScrapingBee proxy-based browser. Uses ScrapingBee's rendering API
+ * as a fetch proxy rather than a CDP connection (ScrapingBee doesn't expose CDP).
+ * For browser tool compatibility, we launch a local Chromium and route
+ * requests through ScrapingBee's proxy endpoint.
+ */
+async function connectScrapingBee(cfg: BrowserProviderConfig, agentId: string): Promise<{ page: any }> {
+  var contextKey = `${agentId}:scrapingbee`;
+  var existing = agentContexts.get(contextKey);
+  if (existing) { existing.lastUsed = Date.now(); return { page: existing.page }; }
+
+  if (!cfg.scrapingbeeApiKey) throw new Error('ScrapingBee API key not configured. Go to Settings → Browser and enter your API key.');
+
+  // ScrapingBee uses a proxy approach: we route the local browser through their proxy
+  // This gives us full Playwright control while ScrapingBee handles anti-detection + proxies
+  var pw = await import('playwright');
+  var proxyUrl = `http://${cfg.scrapingbeeApiKey}:${cfg.scrapingbeeJsRendering !== false ? 'render_js' : 'norender'}${cfg.scrapingbeePremiumProxy ? '&premium_proxy=true' : ''}${cfg.scrapingbeeCountry ? `&country_code=${cfg.scrapingbeeCountry}` : ''}@proxy.scrapingbee.com:8886`;
+
+  console.log(`[browser] Launching browser with ScrapingBee proxy for ${agentId}`);
+  var browser = await pw.chromium.launch({
+    headless: true,
+    proxy: { server: proxyUrl },
+  });
+  var context = await browser.newContext({
+    viewport: { width: DEFAULT_VIEWPORT_WIDTH, height: DEFAULT_VIEWPORT_HEIGHT },
+    ignoreHTTPSErrors: true, // ScrapingBee proxy uses self-signed certs
+  });
+  var page = await context.newPage();
+
+  agentContexts.set(contextKey, { context: browser, page, lastUsed: Date.now() });
+  startIdleCleanup();
+  console.log(`[browser] ScrapingBee proxy browser ready for ${agentId}`);
+  return { page };
+}
+
+/**
+ * Unified browser provider router. Reads config and dispatches to the correct
+ * connection method. Falls back to local Chromium if provider is unset or 'local'.
+ */
+export async function ensureBrowserFromConfig(
+  cfg: BrowserProviderConfig | undefined,
+  agentId: string,
+  modeOverride?: BrowserMode
+): Promise<{ page: any }> {
+  var provider = cfg?.provider || 'local';
+
+  // Mode override (e.g., agent explicitly requested chrome mode) takes precedence
+  if (modeOverride === 'chrome' || modeOverride === 'headed') {
+    return ensureBrowser(false, agentId, modeOverride === 'chrome');
+  }
+
+  switch (provider) {
+    case 'remote-cdp':
+      return connectRemoteCDP(cfg!, agentId);
+    case 'browserless':
+      return connectBrowserless(cfg!, agentId);
+    case 'browserbase':
+      return connectBrowserbase(cfg!, agentId);
+    case 'steel':
+      return connectSteel(cfg!, agentId);
+    case 'scrapingbee':
+      return connectScrapingBee(cfg!, agentId);
+    case 'local':
+    default:
+      return ensureBrowser(cfg?.headless !== false, agentId, false);
+  }
+}
+
 export function createBrowserTool(options?: ToolCreationOptions & {
   ssrfGuard?: SsrfGuard;
 }): AnyAgentTool | null {
@@ -228,6 +595,8 @@ export function createBrowserTool(options?: ToolCreationOptions & {
   var agentId = options?.agentId || 'default';
   var sandboxed = options?.sandboxed ?? false;
   var ssrfGuard = options?.ssrfGuard;
+  // Full browser provider config (from managed agent settings)
+  var providerConfig = browserConfig as BrowserProviderConfig | undefined;
 
   return {
     name: 'browser',
@@ -286,7 +655,12 @@ export function createBrowserTool(options?: ToolCreationOptions & {
           }
         }
 
-        var { page } = await ensureBrowser(useHeadless, agentId, useChrome);
+        // Use provider-aware connection if a cloud/remote provider is configured
+        var modeOverride: BrowserMode | undefined = useChrome ? 'chrome' : (!useHeadless ? 'headed' : undefined);
+        var hasCloudProvider = providerConfig?.provider && providerConfig.provider !== 'local';
+        var { page } = hasCloudProvider && !modeOverride
+          ? await ensureBrowserFromConfig(providerConfig, agentId)
+          : await ensureBrowser(useHeadless, agentId, useChrome);
 
         switch (action) {
           case 'navigate': {