agent-browser-priv 0.27.3-priv.8 → 0.28.0-priv.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -74,6 +74,12 @@ agent-browser upgrade
74
74
 
75
75
  Detects your installation method (npm, Homebrew, or Cargo) and runs the appropriate update command automatically.
76
76
 
77
+ `agent-browser doctor` reports the installed Patchright backend version, the
78
+ Patchright version pinned by the current `agent-browser` release, and npm latest
79
+ when network checks are enabled. Patchright updates are release-controlled:
80
+ after upgrading `agent-browser`, run `agent-browser install` to refresh the
81
+ backend to the version pinned by that release.
82
+
77
83
  ### Requirements
78
84
 
79
85
  - **Patchright backend** - Run `agent-browser install` to install pinned Patchright and its browser artifacts for the default local backend. Requires Node.js and npm for install and runtime launch.
@@ -468,6 +474,7 @@ agent-browser upgrade # Upgrade agent-browser to the latest vers
468
474
  agent-browser doctor # Diagnose the install and auto-clean stale daemon files
469
475
  agent-browser doctor --fix # Also run destructive repairs
470
476
  agent-browser doctor --offline --quick # Skip network probes and the live launch test
477
+ agent-browser mcp # Start an MCP stdio server
471
478
  ```
472
479
 
473
480
  `doctor` checks your environment, browser backend install, daemon state,
@@ -488,6 +495,74 @@ agent-browser skills path [name] # Print skill directory path
488
495
 
489
496
  Serves bundled skill content that always matches the installed CLI version. AI agents use this to get current instructions rather than relying on cached copies. Set `AGENT_BROWSER_SKILLS_DIR` to override the skills directory path.
490
497
 
498
+ ### MCP Server
499
+
500
+ ```bash
501
+ agent-browser mcp
502
+ agent-browser mcp --tools all
503
+ agent-browser mcp --tools core,network,react
504
+ ```
505
+
506
+ Starts a Model Context Protocol server over stdio. MCP clients launch this command as a subprocess and exchange newline-delimited JSON-RPC on stdin and stdout. The server defaults to MCP protocol 2025-11-25 and accepts older supported client protocol versions during initialization.
507
+
508
+ The default tools profile is `core`, which keeps MCP context small for everyday browser automation. Use `--tools all` for the full typed CLI parity surface, or combine profiles with commas, such as `--tools core,network,react`.
509
+
510
+ Profiles:
511
+
512
+ - `core` — Default. Navigation, snapshots, interaction, waits, reads, screenshots, JavaScript eval, close, tab basics, and profile discovery
513
+ - `network` — Network routes, request inspection, HAR, headers, credentials, offline
514
+ - `state` — Cookies, storage, auth, saved state, sessions, profiles, skills
515
+ - `debug` — Console/errors, tracing, profiling, recording, clipboard, plugins, doctor, dashboard, install, upgrade, chat, diff, batch, confirm/deny
516
+ - `tabs` — Back/forward/reload, tabs, windows, frames, dialogs
517
+ - `react` — React tree/inspect/renders/suspense, vitals, pushstate
518
+ - `mobile` — Viewport/device/geolocation/media, touch, swipe, mouse, keyboard
519
+ - `all` — Every MCP tool, including the full typed CLI parity surface
520
+
521
+ Common tools include:
522
+
523
+ - `agent_browser_tools_profiles`
524
+ - `agent_browser_open`
525
+ - `agent_browser_snapshot`
526
+ - `agent_browser_click`
527
+ - `agent_browser_fill`
528
+ - `agent_browser_type`
529
+ - `agent_browser_press`
530
+ - `agent_browser_wait_for_selector`
531
+ - `agent_browser_screenshot`
532
+ - `agent_browser_get_url`
533
+ - `agent_browser_eval`
534
+ - `agent_browser_close`
535
+
536
+ Each tool has typed fields such as `url`, `selector`, `text`, `key`, and `session`, so MCP clients show meaningful approval prompts instead of raw command arrays. Each tool also accepts `extraArgs` for advanced CLI flags and exact CLI parity. Tool discovery is paginated and includes read-only/open-world annotations so modern MCP clients can load the large typed surface incrementally.
537
+
538
+ Example MCP client config:
539
+
540
+ ```json
541
+ {
542
+ "mcpServers": {
543
+ "agent-browser": {
544
+ "command": "agent-browser",
545
+ "args": ["mcp"]
546
+ }
547
+ }
548
+ }
549
+ ```
550
+
551
+ Full parity MCP client config:
552
+
553
+ ```json
554
+ {
555
+ "mcpServers": {
556
+ "agent-browser": {
557
+ "command": "agent-browser",
558
+ "args": ["mcp", "--tools", "all"]
559
+ }
560
+ }
561
+ }
562
+ ```
563
+
564
+ Tool invocations use the same config files and environment variables as the CLI. Use `session` in the tool arguments, or set `AGENT_BROWSER_SESSION`, to isolate browser state.
565
+
491
566
  ## Authentication
492
567
 
493
568
  agent-browser provides multiple ways to persist login sessions so you don't re-authenticate every run.
@@ -646,6 +721,7 @@ agent-browser --session-name secure open example.com
646
721
  agent-browser includes security features for safe AI agent deployments. All features are opt-in, and existing workflows are unaffected until you explicitly enable a feature:
647
722
 
648
723
  - **Authentication Vault**: Store credentials locally (always encrypted), reference by name. The LLM never sees passwords. `auth login` navigates with `load` and then waits for login form selectors to appear (SPA-friendly, timeout follows the default action timeout). A key is auto-generated at `~/.agent-browser/.encryption-key` if `AGENT_BROWSER_ENCRYPTION_KEY` is not set: `echo "pass" | agent-browser auth save github --url https://github.com/login --username user --password-stdin` then `agent-browser auth login github`
724
+ - **Plugin System**: Extend agent-browser with external executable plugins. Plugins run out-of-process over the `agent-browser.plugin.v1` stdio JSON protocol and declare capabilities such as `credential.read`, `browser.provider`, `launch.mutate`, or `command.run`.
649
725
  - **Content Boundary Markers**: Wrap page output in delimiters so LLMs can distinguish tool output from untrusted content: `--content-boundaries`
650
726
  - **Domain Allowlist**: Restrict navigation to trusted domains (wildcards like `*.example.com` also match the bare domain): `--allowed-domains "example.com,*.example.com"`. Sub-resource requests (scripts, images, fetch) and WebSocket/EventSource connections to non-allowed domains are also blocked. Include any CDN domains your target pages depend on (e.g., `*.cdn.example.com`).
651
727
  - **Action Policy**: Gate destructive actions with a static policy file: `--action-policy ./policy.json`
@@ -660,9 +736,97 @@ agent-browser includes security features for safe AI agent deployments. All feat
660
736
  | `AGENT_BROWSER_ACTION_POLICY` | Path to action policy JSON file |
661
737
  | `AGENT_BROWSER_CONFIRM_ACTIONS` | Action categories requiring confirmation |
662
738
  | `AGENT_BROWSER_CONFIRM_INTERACTIVE` | Enable interactive confirmation prompts |
739
+ | `AGENT_BROWSER_PLUGINS` | JSON plugin registry override |
663
740
 
664
741
  See [Security documentation](https://agent-browser.dev/security) for details.
665
742
 
743
+ ### Plugin System
744
+
745
+ Plugins let third-party tools integrate without becoming built-in agent-browser dependencies. Add a plugin from npm or GitHub:
746
+
747
+ ```bash
748
+ agent-browser plugin add agent-browser-plugin-captcha
749
+ agent-browser plugin add @company/agent-browser-plugin-vault --name vault
750
+ agent-browser plugin add org/agent-browser-plugin-cloud-browser
751
+ ```
752
+
753
+ References are resolved by shape: `name` uses npm, `@scope/name` uses npm, and `owner/repo` uses GitHub. `plugin add` writes `./agent-browser.json` by default; use `--global` for `~/.agent-browser/config.json`.
754
+
755
+ Plugin packages should support `plugin.manifest` so `plugin add` can discover their name and capabilities automatically. If a plugin does not support manifests, pass `--capability <name>` during add.
756
+
757
+ Plugins can also be configured manually in `agent-browser.json`:
758
+
759
+ ```json
760
+ {
761
+ "plugins": [
762
+ {
763
+ "name": "vault",
764
+ "command": "agent-browser-plugin-vault",
765
+ "capabilities": ["credential.read"]
766
+ },
767
+ {
768
+ "name": "cloud-browser",
769
+ "command": "agent-browser-plugin-cloud-browser",
770
+ "capabilities": ["browser.provider"]
771
+ },
772
+ {
773
+ "name": "stealth",
774
+ "command": "agent-browser-plugin-stealth",
775
+ "capabilities": ["launch.mutate"]
776
+ },
777
+ {
778
+ "name": "captcha",
779
+ "command": "agent-browser-plugin-captcha",
780
+ "capabilities": ["command.run", "captcha.solve"]
781
+ }
782
+ ]
783
+ }
784
+ ```
785
+
786
+ Inspect configured plugins:
787
+
788
+ ```bash
789
+ agent-browser plugin list
790
+ agent-browser plugin show vault
791
+ ```
792
+
793
+ Use a credential provider plugin for one login:
794
+
795
+ ```bash
796
+ agent-browser auth login my-app --credential-provider vault --item "My App"
797
+ agent-browser auth login my-app --credential-provider vault --item "My App" --url https://app.example.com/login --username-selector "#email" --password-selector "#password" --submit-selector "button[type=submit]"
798
+ ```
799
+
800
+ Use a browser provider plugin:
801
+
802
+ ```bash
803
+ agent-browser --provider cloud-browser open https://example.com
804
+ ```
805
+
806
+ Use a launch mutator plugin for stealth or local launch customization. The plugin can append Chrome args, extensions, and init scripts before the browser starts:
807
+
808
+ ```bash
809
+ agent-browser open https://example.com
810
+ ```
811
+
812
+ Use a generic plugin command for domain-specific tools such as CAPTCHA solvers:
813
+
814
+ ```bash
815
+ agent-browser plugin run captcha captcha.solve --payload '{"siteKey":"...","url":"https://example.com"}'
816
+ ```
817
+
818
+ The protocol request always includes `protocol`, `type`, `capability`, and `request`. A credential plugin receives `credential.resolve`, a browser provider receives `browser.launch`, a launch mutator receives `launch.mutate`, and generic commands receive the supplied request type. `plugin run` is for `command.run` and custom capabilities; core capabilities and protocol request types use their dedicated command paths. agent-browser keeps browser automation, redaction-sensitive output, and policy enforcement in core.
819
+
820
+ Gate plugin access by capability action:
821
+
822
+ ```bash
823
+ agent-browser --confirm-actions plugin:vault:credential.read auth login my-app --credential-provider vault --item "My App"
824
+ agent-browser --confirm-actions plugin:cloud-browser:browser.provider --provider cloud-browser open https://example.com
825
+ agent-browser --confirm-actions plugin:stealth:launch.mutate open https://example.com
826
+ ```
827
+
828
+ Do not put vault tokens or passwords in plugin command args. Use the vault vendor's own login/session mechanism or environment outside agent-browser config.
829
+
666
830
  ## Snapshot Options
667
831
 
668
832
  The `snapshot` command supports filtering to reduce output size:
@@ -728,7 +892,7 @@ This is useful for multimodal AI models that can reason about visual layout, unl
728
892
  | `--ignore-https-errors` | Ignore HTTPS certificate errors (useful for self-signed certs) |
729
893
  | `--allow-file-access` | Allow file:// URLs to access local files (Chromium only) |
730
894
  | `--hide-scrollbars <bool>` | Hide native scrollbars in headless Chromium screenshots, enabled by default (or `AGENT_BROWSER_HIDE_SCROLLBARS` env) |
731
- | `-p, --provider <name>` | Cloud browser provider (or `AGENT_BROWSER_PROVIDER` env) |
895
+ | `-p, --provider <name>` | Browser provider, including configured `browser.provider` plugins (or `AGENT_BROWSER_PROVIDER` env) |
732
896
  | `--device <name>` | iOS device name, e.g. "iPhone 15 Pro" (or `AGENT_BROWSER_IOS_DEVICE` env) |
733
897
  | `--json` | JSON output (for agents) |
734
898
  | `--annotate` | Annotated screenshot with numbered element labels (or `AGENT_BROWSER_ANNOTATE` env) |
@@ -859,7 +1023,14 @@ Create an `agent-browser.json` file to set persistent defaults instead of repeat
859
1023
  "profile": "./browser-data",
860
1024
  "userAgent": "my-agent/1.0",
861
1025
  "hideScrollbars": false,
862
- "ignoreHttpsErrors": true
1026
+ "ignoreHttpsErrors": true,
1027
+ "plugins": [
1028
+ {
1029
+ "name": "vault",
1030
+ "command": "agent-browser-plugin-vault",
1031
+ "capabilities": ["credential.read"]
1032
+ }
1033
+ ]
863
1034
  }
864
1035
  ```
865
1036
 
@@ -870,7 +1041,7 @@ agent-browser --config ./ci-config.json open example.com
870
1041
  AGENT_BROWSER_CONFIG=./ci-config.json agent-browser open example.com
871
1042
  ```
872
1043
 
873
- All options from the table above can be set in the config file using camelCase keys (e.g., `--executable-path` becomes `"executablePath"`, `--proxy-bypass` becomes `"proxyBypass"`). Unknown keys are ignored for forward compatibility.
1044
+ All options from the table above can be set in the config file using camelCase keys (e.g., `--executable-path` becomes `"executablePath"`, `--proxy-bypass` becomes `"proxyBypass"`). Plugins are configured with the `"plugins"` array shown above. Unknown keys are ignored for forward compatibility.
874
1045
 
875
1046
  A [JSON Schema](agent-browser.schema.json) is available for IDE autocomplete and validation. Add a `$schema` key to your config file to enable it:
876
1047
 
@@ -1277,6 +1448,7 @@ The daemon starts automatically on first command and persists between commands f
1277
1448
  | Platform | Binary |
1278
1449
  | ----------- | ----------- |
1279
1450
  | macOS ARM64 | Native Rust |
1451
+ | macOS x64 | Native Rust |
1280
1452
  | Linux ARM64 | Native Rust |
1281
1453
  | Linux x64 | Native Rust |
1282
1454
 
Binary file
Binary file
Binary file
@@ -38,12 +38,7 @@ function getBinaryName() {
38
38
  osKey = 'darwin';
39
39
  break;
40
40
  case 'linux':
41
- if (isMusl()) {
42
- console.error('Error: agent-browser-priv does not publish musl Linux binaries.');
43
- console.error('Use a glibc-based Linux environment or build locally with npm run build:native.');
44
- process.exit(1);
45
- }
46
- osKey = 'linux';
41
+ osKey = isMusl() ? 'linux-musl' : 'linux';
47
42
  break;
48
43
  case 'win32':
49
44
  osKey = 'win32';
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agent-browser-priv",
3
- "version": "0.27.3-priv.8",
3
+ "version": "0.28.0-priv.2",
4
4
  "description": "Browser automation CLI for AI agents",
5
5
  "type": "module",
6
6
  "packageManager": "pnpm@11.1.3",
@@ -29,7 +29,9 @@
29
29
  "build:docker": "docker build --platform linux/amd64 -t agent-browser-builder -f docker/Dockerfile.build .",
30
30
  "release": "pnpm run version:sync && pnpm run build:all-platforms",
31
31
  "postinstall": "node scripts/postinstall.js",
32
- "build:dashboard": "cd packages/dashboard && pnpm build"
32
+ "build:dashboard": "cd packages/dashboard && pnpm build",
33
+ "runtime:update-check": "node scripts/check-runtime-updates.mjs",
34
+ "runtime:update-patchright": "node scripts/update-patchright-version.mjs"
33
35
  },
34
36
  "keywords": [
35
37
  "browser",
@@ -67,9 +67,18 @@ build_target "aarch64-unknown-linux-gnu" "aarch64-unknown-linux-gnu.2.28" "agent
67
67
  # is re-enabled:
68
68
  # build_target "x86_64-pc-windows-gnu" "x86_64-pc-windows-gnu" "agent-browser-priv-win32-x64.exe"
69
69
 
70
+ # macOS x64 (via zig for cross-compilation)
71
+ build_target "x86_64-apple-darwin" "x86_64-apple-darwin" "agent-browser-priv-darwin-x64"
72
+
70
73
  # macOS ARM64 (via zig for cross-compilation)
71
74
  build_target "aarch64-apple-darwin" "aarch64-apple-darwin" "agent-browser-priv-darwin-arm64"
72
75
 
76
+ # Linux musl x64 (Alpine)
77
+ build_target "x86_64-unknown-linux-musl" "x86_64-unknown-linux-musl" "agent-browser-priv-linux-musl-x64"
78
+
79
+ # Linux musl ARM64 (Alpine)
80
+ build_target "aarch64-unknown-linux-musl" "aarch64-unknown-linux-musl" "agent-browser-priv-linux-musl-arm64"
81
+
73
82
  echo ""
74
83
  echo -e "${GREEN}Build complete!${NC}"
75
84
  echo ""
@@ -0,0 +1,139 @@
1
+ #!/usr/bin/env node
2
+
3
+ import { execFileSync } from 'node:child_process';
4
+ import { readFileSync } from 'node:fs';
5
+ import { dirname, join } from 'node:path';
6
+ import { fileURLToPath } from 'node:url';
7
+
8
+ const rootDir = join(dirname(fileURLToPath(import.meta.url)), '..');
9
+ const installRsPath = join(rootDir, 'cli/src/install.rs');
10
+ const trackingPath = join(rootDir, 'priv/version-tracking.json');
11
+
12
+ function readJson(path) {
13
+ return JSON.parse(readFileSync(path, 'utf8'));
14
+ }
15
+
16
+ function readPatchrightPin() {
17
+ const source = readFileSync(installRsPath, 'utf8');
18
+ const match = source.match(/pub const PATCHRIGHT_VERSION:\s*&str\s*=\s*"([^"]+)"/);
19
+ if (!match) {
20
+ throw new Error('Could not find PATCHRIGHT_VERSION in cli/src/install.rs');
21
+ }
22
+ return match[1];
23
+ }
24
+
25
+ function npmLatest(packageName) {
26
+ return execFileSync('npm', ['view', packageName, 'version'], {
27
+ cwd: rootDir,
28
+ encoding: 'utf8',
29
+ timeout: 20_000,
30
+ stdio: ['ignore', 'pipe', 'pipe'],
31
+ }).trim();
32
+ }
33
+
34
+ function upstreamTags() {
35
+ const output = execFileSync(
36
+ 'git',
37
+ [
38
+ 'ls-remote',
39
+ '--tags',
40
+ '--refs',
41
+ 'https://github.com/vercel-labs/agent-browser.git',
42
+ 'refs/tags/v*',
43
+ ],
44
+ {
45
+ cwd: rootDir,
46
+ encoding: 'utf8',
47
+ timeout: 20_000,
48
+ stdio: ['ignore', 'pipe', 'pipe'],
49
+ },
50
+ );
51
+ return output
52
+ .trim()
53
+ .split('\n')
54
+ .filter(Boolean)
55
+ .map((line) => line.split(/\s+/)[1]?.replace('refs/tags/', ''))
56
+ .filter(Boolean)
57
+ .filter((tag) => /^v\d+\.\d+\.\d+/.test(tag));
58
+ }
59
+
60
+ function parseVersion(version) {
61
+ const cleaned = version.replace(/^v/, '').split('-')[0];
62
+ const parts = cleaned.split('.').map((part) => Number.parseInt(part, 10));
63
+ return [parts[0] || 0, parts[1] || 0, parts[2] || 0];
64
+ }
65
+
66
+ function compareVersions(a, b) {
67
+ const pa = parseVersion(a);
68
+ const pb = parseVersion(b);
69
+ for (let i = 0; i < 3; i += 1) {
70
+ if (pa[i] !== pb[i]) return pa[i] - pb[i];
71
+ }
72
+ return a.localeCompare(b);
73
+ }
74
+
75
+ function latestTag(tags) {
76
+ if (tags.length === 0) return null;
77
+ return [...tags].sort(compareVersions).at(-1);
78
+ }
79
+
80
+ function buildReport() {
81
+ const tracking = readJson(trackingPath);
82
+ const patchrightPinned = readPatchrightPin();
83
+ const patchrightLatest = npmLatest('patchright');
84
+ const latestUpstreamTag = latestTag(upstreamTags());
85
+
86
+ return {
87
+ patchright: {
88
+ pinned: patchrightPinned,
89
+ latest: patchrightLatest,
90
+ outdated: patchrightPinned !== patchrightLatest,
91
+ tracking_matches_source: tracking.patchright_pin === patchrightPinned,
92
+ },
93
+ agent_browser: {
94
+ tracked_upstream_tag: tracking.agent_browser_upstream_tag,
95
+ latest_upstream_tag: latestUpstreamTag,
96
+ outdated: Boolean(
97
+ latestUpstreamTag &&
98
+ compareVersions(latestUpstreamTag, tracking.agent_browser_upstream_tag) > 0,
99
+ ),
100
+ },
101
+ tracking: {
102
+ path: 'priv/version-tracking.json',
103
+ policy: tracking.policy,
104
+ },
105
+ };
106
+ }
107
+
108
+ function printHuman(report) {
109
+ console.log('Runtime update check');
110
+ console.log('');
111
+ console.log(
112
+ `Patchright: pinned ${report.patchright.pinned}, npm latest ${report.patchright.latest}`,
113
+ );
114
+ console.log(
115
+ ` status: ${report.patchright.outdated ? 'outdated' : 'current'}`,
116
+ );
117
+ console.log(
118
+ ` tracking: ${report.patchright.tracking_matches_source ? 'matches source' : 'does not match source'}`,
119
+ );
120
+ console.log('');
121
+ console.log(
122
+ `agent-browser upstream: tracked ${report.agent_browser.tracked_upstream_tag}, latest ${report.agent_browser.latest_upstream_tag ?? 'unknown'}`,
123
+ );
124
+ console.log(
125
+ ` status: ${report.agent_browser.outdated ? 'sync available' : 'current'}`,
126
+ );
127
+ }
128
+
129
+ const report = buildReport();
130
+
131
+ if (process.argv.includes('--json')) {
132
+ console.log(JSON.stringify(report, null, 2));
133
+ } else {
134
+ printHuman(report);
135
+ }
136
+
137
+ if (!report.patchright.tracking_matches_source) {
138
+ process.exitCode = 1;
139
+ }
@@ -0,0 +1,112 @@
1
+ #!/usr/bin/env node
2
+
3
+ import { execFileSync } from 'node:child_process';
4
+ import { mkdtempSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
5
+ import { tmpdir } from 'node:os';
6
+ import { dirname, join } from 'node:path';
7
+ import { fileURLToPath } from 'node:url';
8
+
9
+ const rootDir = join(dirname(fileURLToPath(import.meta.url)), '..');
10
+ const installRsPath = join(rootDir, 'cli/src/install.rs');
11
+ const trackingPath = join(rootDir, 'priv/version-tracking.json');
12
+
13
+ function usage() {
14
+ console.error('Usage: node scripts/update-patchright-version.mjs <version|latest>');
15
+ }
16
+
17
+ function npmLatest() {
18
+ return execFileSync('npm', ['view', 'patchright', 'version'], {
19
+ cwd: rootDir,
20
+ encoding: 'utf8',
21
+ timeout: 20_000,
22
+ stdio: ['ignore', 'pipe', 'pipe'],
23
+ }).trim();
24
+ }
25
+
26
+ function validateVersion(version) {
27
+ if (!/^\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/.test(version)) {
28
+ throw new Error(`Invalid Patchright version: ${version}`);
29
+ }
30
+ }
31
+
32
+ function buildPackageFiles(version) {
33
+ const packageJson = {
34
+ name: 'patchright',
35
+ private: true,
36
+ type: 'module',
37
+ dependencies: {
38
+ patchright: version,
39
+ },
40
+ };
41
+
42
+ const dir = mkdtempSync(join(tmpdir(), 'agent-browser-patchright-'));
43
+ try {
44
+ writeFileSync(join(dir, 'package.json'), `${JSON.stringify(packageJson, null, 2)}\n`);
45
+ execFileSync(
46
+ 'npm',
47
+ [
48
+ 'install',
49
+ '--package-lock-only',
50
+ '--ignore-scripts',
51
+ '--omit=dev',
52
+ '--no-audit',
53
+ '--fund=false',
54
+ ],
55
+ {
56
+ cwd: dir,
57
+ stdio: 'inherit',
58
+ timeout: 60_000,
59
+ },
60
+ );
61
+ const packageLock = JSON.parse(readFileSync(join(dir, 'package-lock.json'), 'utf8'));
62
+ if (packageLock.packages?.['']) {
63
+ delete packageLock.packages[''].name;
64
+ }
65
+ return {
66
+ packageJson: `${JSON.stringify(packageJson, null, 2)}\n`,
67
+ packageLock: `${JSON.stringify(packageLock, null, 2)}\n`,
68
+ };
69
+ } finally {
70
+ rmSync(dir, { recursive: true, force: true });
71
+ }
72
+ }
73
+
74
+ function replaceRawString(source, name, value) {
75
+ const pattern = new RegExp(`let ${name} = r#"(.*?)"#;`, 's');
76
+ if (!pattern.test(source)) {
77
+ throw new Error(`Could not find raw string ${name} in cli/src/install.rs`);
78
+ }
79
+ return source.replace(pattern, `let ${name} = r#"${value}"#;`);
80
+ }
81
+
82
+ function updateInstallRs(version, packageJson, packageLock) {
83
+ let source = readFileSync(installRsPath, 'utf8');
84
+ source = source.replace(
85
+ /pub const PATCHRIGHT_VERSION:\s*&str\s*=\s*"[^"]+";/,
86
+ `pub const PATCHRIGHT_VERSION: &str = "${version}";`,
87
+ );
88
+ source = replaceRawString(source, 'package_json', packageJson);
89
+ source = replaceRawString(source, 'package_lock', packageLock);
90
+ writeFileSync(installRsPath, source);
91
+ }
92
+
93
+ function updateTracking(version) {
94
+ const tracking = JSON.parse(readFileSync(trackingPath, 'utf8'));
95
+ tracking.patchright_pin = version;
96
+ writeFileSync(trackingPath, `${JSON.stringify(tracking, null, 2)}\n`);
97
+ }
98
+
99
+ const requested = process.argv[2];
100
+ if (!requested) {
101
+ usage();
102
+ process.exit(1);
103
+ }
104
+
105
+ const version = requested === 'latest' ? npmLatest() : requested;
106
+ validateVersion(version);
107
+
108
+ const { packageJson, packageLock } = buildPackageFiles(version);
109
+ updateInstallRs(version, packageJson, packageLock);
110
+ updateTracking(version);
111
+
112
+ console.log(`Updated Patchright backend pin to ${version}`);
@@ -66,6 +66,29 @@ agent-browser screenshot result.png
66
66
  The browser stays running across commands so these feel like a single
67
67
  session. Use `agent-browser close` (or `close --all`) when you're done.
68
68
 
69
+ ## MCP integration
70
+
71
+ For tools that support Model Context Protocol servers, start the stdio server:
72
+
73
+ ```bash
74
+ agent-browser mcp
75
+ agent-browser mcp --tools all
76
+ agent-browser mcp --tools core,network,react
77
+ ```
78
+
79
+ Configure the MCP client to launch `agent-browser` with `["mcp"]`. The server
80
+ defaults to MCP protocol 2025-11-25 and accepts older supported client protocol
81
+ versions during initialization. The default tools profile is `core`, which
82
+ keeps MCP context small for everyday browser automation. Use `--tools all` for
83
+ the full typed CLI parity surface, or combine profiles with commas, such as
84
+ `--tools core,network,react`. Profiles are `core`, `network`, `state`, `debug`,
85
+ `tabs`, `react`, `mobile`, and `all`; the `debug` profile includes plugin
86
+ registry and command.run tools. Each tool accepts typed arguments plus
87
+ `extraArgs` for advanced CLI flags and exact CLI parity. Tool discovery is
88
+ paginated and includes read-only/open-world annotations so modern MCP clients
89
+ can load the large typed surface incrementally. Use the tool `session` argument
90
+ or `AGENT_BROWSER_SESSION` to isolate browser sessions.
91
+
69
92
  ## Reading a page
70
93
 
71
94
  ```bash
@@ -204,6 +227,27 @@ agent-browser auth save my-app --url https://app.example.com/login \
204
227
  agent-browser auth login my-app # fills + clicks, waits for form
205
228
  ```
206
229
 
230
+ If credentials live in an external vault, use a configured credential provider
231
+ plugin instead of putting secrets in the command line:
232
+
233
+ ```bash
234
+ agent-browser plugin add agent-browser-plugin-vault --name vault
235
+ agent-browser plugin list
236
+ agent-browser auth login my-app --credential-provider vault --item "My App"
237
+ agent-browser auth login my-app --credential-provider vault --item "My App" --url https://app.example.com/login --username-selector "#email" --password-selector "#password"
238
+ ```
239
+
240
+ Plugins can also provide browser providers, launch mutators such as stealth
241
+ setup, and arbitrary namespaced commands:
242
+
243
+ ```bash
244
+ agent-browser --provider cloud-browser open https://example.com
245
+ agent-browser plugin run captcha captcha.solve --payload '{"siteKey":"...","url":"https://example.com"}'
246
+ ```
247
+
248
+ `plugin run` is for `command.run` and custom capabilities. Core capabilities
249
+ and protocol request types use their dedicated command paths.
250
+
207
251
  ### Persist session across runs
208
252
 
209
253
  ```bash
@@ -358,6 +402,8 @@ agent-browser doctor --json # structured output for programmatic co
358
402
  ```
359
403
 
360
404
  `doctor` auto-cleans stale socket/pid/version sidecar files on every run.
405
+ For the default Patchright backend, it also reports the installed Patchright
406
+ version, the release pin, and npm latest when network checks are enabled.
361
407
  Destructive actions require `--fix`. Exit code is `0` if all checks pass
362
408
  (warnings OK), `1` if any fail.
363
409
 
@@ -484,7 +530,7 @@ That pulls in:
484
530
 
485
531
  - `references/commands.md` — every command, flag, alias
486
532
  - `references/snapshot-refs.md` — deep dive on the snapshot + ref model
487
- - `references/authentication.md` — auth vault, credential handling
533
+ - `references/authentication.md` — auth vault, credential plugins, credential handling
488
534
  - `references/trust-boundaries.md` — safety rules for driving a real browser
489
535
  - `references/session-management.md` — persistence, multi-session workflows
490
536
  - `references/profiling.md` — Chrome DevTools tracing and profiling
@@ -10,6 +10,7 @@ Login flows, session persistence, OAuth, 2FA, and authenticated browsing.
10
10
  - [Persistent Profiles](#persistent-profiles)
11
11
  - [Session Persistence](#session-persistence)
12
12
  - [Basic Login Flow](#basic-login-flow)
13
+ - [Plugins](#plugins)
13
14
  - [Saving Authentication State](#saving-authentication-state)
14
15
  - [Restoring Authentication](#restoring-authentication)
15
16
  - [OAuth / SSO Flows](#oauth--sso-flows)
@@ -140,6 +141,80 @@ agent-browser wait --load networkidle
140
141
  agent-browser get url # Should be dashboard, not login
141
142
  ```
142
143
 
144
+ ## Plugins
145
+
146
+ Use credential provider plugins when credentials live in external vault software. Plugins are configured in `agent-browser.json` and run as external executables over the `agent-browser.plugin.v1` stdio JSON protocol.
147
+
148
+ Add a plugin with `plugin add`. A plain `name` or `@scope/name` resolves from npm; `owner/repo` resolves from GitHub:
149
+
150
+ ```bash
151
+ agent-browser plugin add agent-browser-plugin-vault --name vault
152
+ agent-browser plugin add @company/agent-browser-plugin-vault --name vault
153
+ agent-browser plugin add org/agent-browser-plugin-cloud-browser
154
+ ```
155
+
156
+ ```json
157
+ {
158
+ "plugins": [
159
+ {
160
+ "name": "vault",
161
+ "command": "agent-browser-plugin-vault",
162
+ "capabilities": ["credential.read"]
163
+ },
164
+ {
165
+ "name": "cloud-browser",
166
+ "command": "agent-browser-plugin-cloud-browser",
167
+ "capabilities": ["browser.provider"]
168
+ },
169
+ {
170
+ "name": "stealth",
171
+ "command": "agent-browser-plugin-stealth",
172
+ "capabilities": ["launch.mutate"]
173
+ },
174
+ {
175
+ "name": "captcha",
176
+ "command": "agent-browser-plugin-captcha",
177
+ "capabilities": ["command.run", "captcha.solve"]
178
+ }
179
+ ]
180
+ }
181
+ ```
182
+
183
+ Inspect configured plugins before use:
184
+
185
+ ```bash
186
+ agent-browser plugin list
187
+ agent-browser plugin show vault
188
+ ```
189
+
190
+ Resolve credentials just-in-time for one login:
191
+
192
+ ```bash
193
+ agent-browser auth login my-app --credential-provider vault --item "My App"
194
+ ```
195
+
196
+ Use a plugin as a browser provider or a generic domain command:
197
+
198
+ ```bash
199
+ agent-browser --provider cloud-browser open https://example.com
200
+ agent-browser plugin run captcha captcha.solve --payload '{"siteKey":"...","url":"https://example.com"}'
201
+ ```
202
+
203
+ `plugin run` is for `command.run` and custom capabilities. Core capabilities
204
+ and protocol request types use their dedicated command paths.
205
+
206
+ Use `--url`, `--username-selector`, `--password-selector`, and `--submit-selector` on `auth login` to override plugin-provided metadata for the current login only.
207
+
208
+ Gate plugin secret access separately from normal login automation:
209
+
210
+ ```bash
211
+ agent-browser --confirm-actions plugin:vault:credential.read auth login my-app --credential-provider vault --item "My App"
212
+ agent-browser --confirm-actions plugin:cloud-browser:browser.provider --provider cloud-browser open https://example.com
213
+ agent-browser --confirm-actions plugin:stealth:launch.mutate open https://example.com
214
+ ```
215
+
216
+ Do not put vault tokens or passwords in plugin command args. Use the vault vendor's own login/session mechanism or environment outside agent-browser config.
217
+
143
218
  ## Saving Authentication State
144
219
 
145
220
  After logging in, save state for reuse:
@@ -297,6 +297,36 @@ Array.from(links).map(a => a.href);
297
297
  EOF
298
298
  ```
299
299
 
300
+ ## Authentication and Plugins
301
+
302
+ ```bash
303
+ agent-browser auth save <name> --url <url> --username <user> --password-stdin
304
+ agent-browser auth login <name> # Login using saved credentials
305
+ agent-browser auth login <name> --credential-provider <plugin> [--item <ref>] [--url <url>]
306
+ agent-browser auth login <name> --username-selector <s> --password-selector <s> [--submit-selector <s>]
307
+ agent-browser auth list # List saved auth profiles
308
+ agent-browser auth show <name> # Show profile metadata, no passwords
309
+ agent-browser auth delete <name> # Delete a saved profile
310
+ agent-browser plugin add <ref> # Add a plugin from npm or GitHub
311
+ agent-browser plugin list # List configured plugins
312
+ agent-browser plugin show <name> # Show one configured plugin
313
+ agent-browser plugin run <name> <type> --payload <json>
314
+ # Run an arbitrary plugin request
315
+ ```
316
+
317
+ Credential provider plugins run out-of-process over the
318
+ `agent-browser.plugin.v1` stdio JSON protocol and must declare
319
+ `credential.read`. Use `--confirm-actions plugin:<name>:credential.read`
320
+ to require explicit approval before a plugin resolves secrets.
321
+
322
+ Other capabilities use the same protocol:
323
+ - `browser.provider`: `agent-browser --provider <name> open <url>`
324
+ - `launch.mutate`: append local launch args, extensions, or init scripts
325
+ - `command.run`: `agent-browser plugin run <name> <type> --payload <json>`
326
+
327
+ `plugin run` is for `command.run` and custom capabilities. Core capabilities
328
+ and protocol request types use their dedicated command paths.
329
+
300
330
  ## State Management
301
331
 
302
332
  ```bash
@@ -304,6 +334,56 @@ agent-browser state save auth.json # Save cookies, storage, auth state
304
334
  agent-browser state load auth.json # Restore saved state
305
335
  ```
306
336
 
337
+ ## MCP Server
338
+
339
+ ```bash
340
+ agent-browser mcp
341
+ agent-browser mcp --tools all
342
+ agent-browser mcp --tools core,network,react
343
+ ```
344
+
345
+ Starts a stdio Model Context Protocol server. MCP clients should configure the
346
+ server command as `agent-browser` with args `["mcp"]`. The server defaults to
347
+ MCP protocol 2025-11-25 and accepts older supported client protocol versions
348
+ during initialization.
349
+
350
+ The default tools profile is `core`, which keeps MCP context small for everyday
351
+ browser automation. Use `--tools all` for the full typed CLI parity surface, or
352
+ combine profiles with commas, such as `--tools core,network,react`.
353
+
354
+ Profiles:
355
+
356
+ - `core` - Default. Navigation, snapshots, interaction, waits, reads, screenshots, JavaScript eval, close, tab basics, and profile discovery
357
+ - `network` - Network routes, request inspection, HAR, headers, credentials, offline
358
+ - `state` - Cookies, storage, auth, saved state, sessions, profiles, skills
359
+ - `debug` - Console/errors, tracing, profiling, recording, clipboard, plugins, doctor, dashboard, install, upgrade, chat, diff, batch, confirm/deny
360
+ - `tabs` - Back/forward/reload, tabs, windows, frames, dialogs
361
+ - `react` - React tree/inspect/renders/suspense, vitals, pushstate
362
+ - `mobile` - Viewport/device/geolocation/media, touch, swipe, mouse, keyboard
363
+ - `all` - Every MCP tool, including the full typed CLI parity surface
364
+
365
+ Common tools include:
366
+
367
+ - `agent_browser_tools_profiles`
368
+ - `agent_browser_open`
369
+ - `agent_browser_snapshot`
370
+ - `agent_browser_click`
371
+ - `agent_browser_fill`
372
+ - `agent_browser_type`
373
+ - `agent_browser_press`
374
+ - `agent_browser_wait_for_selector`
375
+ - `agent_browser_screenshot`
376
+ - `agent_browser_get_url`
377
+ - `agent_browser_eval`
378
+ - `agent_browser_close`
379
+
380
+ Tool calls use the same config files and environment variables as the CLI. Each
381
+ tool accepts typed arguments plus `extraArgs` for advanced CLI flags and exact
382
+ CLI parity. Tool discovery is paginated and includes read-only/open-world
383
+ annotations so modern MCP clients can load the large typed surface
384
+ incrementally. Use the `session` tool argument or `AGENT_BROWSER_SESSION` to
385
+ isolate browser state.
386
+
307
387
  ## Global Options
308
388
 
309
389
  ```bash
@@ -312,7 +392,7 @@ agent-browser --json ... # JSON output for parsing
312
392
  agent-browser --headed ... # Show browser window (not headless)
313
393
  agent-browser --cdp <port> ... # Connect via Chrome DevTools Protocol
314
394
  agent-browser --backend <name> ... # Local backend: patchright (default), chrome
315
- agent-browser -p <provider> ... # Cloud browser provider (--provider)
395
+ agent-browser -p <provider> ... # Browser provider or configured provider plugin
316
396
  agent-browser --proxy <url> ... # Use proxy server
317
397
  agent-browser --proxy-bypass <hosts> # Hosts to bypass proxy
318
398
  agent-browser --wait-until <state> # Navigation wait: none, domcontentloaded, load, networkidle
@@ -399,8 +479,9 @@ AGENT_BROWSER_EXTENSIONS="/ext1,/ext2" # Comma-separated extension paths
399
479
  AGENT_BROWSER_INIT_SCRIPTS="/a.js,/b.js" # Comma-separated init script paths
400
480
  AGENT_BROWSER_ENABLE="react-devtools" # Comma-separated built-in init script features
401
481
  AGENT_BROWSER_HIDE_SCROLLBARS="false" # Keep native scrollbars visible in headless Chromium screenshots
402
- AGENT_BROWSER_PROVIDER="browserbase" # Cloud browser provider
482
+ AGENT_BROWSER_PROVIDER="browserbase" # Browser provider or configured provider plugin
403
483
  AGENT_BROWSER_STREAM_PORT="9223" # Override WebSocket streaming port (default: OS-assigned)
404
484
  AGENT_BROWSER_CONFIG="./agent-browser.json" # Custom config file
405
485
  AGENT_BROWSER_CDP="9222" # Connect daemon to CDP port or WebSocket URL
486
+ AGENT_BROWSER_PLUGINS='[{"name":"vault","command":"agent-browser-plugin-vault","capabilities":["credential.read"]},{"name":"stealth","command":"agent-browser-plugin-stealth","capabilities":["launch.mutate"]}]'
406
487
  ```