agent-browser-stealth 0.17.0-fork.1 → 0.24.0-fork.1

package/README.md

@@ -1,336 +1,1354 @@
-# agent-browser-stealth
+# agent-browser
 
-Stealth-first fork of `agent-browser` for production browser automation under anti-bot pressure.
+Browser automation CLI for AI agents. Fast native Rust CLI.
 
-This README focuses on stealth architecture and principles. For full command coverage inherited from upstream, use:
+## Installation
 
-- upstream docs: <https://github.com/vercel-labs/agent-browser>
-- local help: `agent-browser --help` (short alias: `abs --help`)
+### Global Installation (recommended)
 
-## What This Fork Optimizes
+Installs the native Rust binary:
 
-- Stealth is always on (legacy `launch.stealth` is accepted but ignored).
-- Fingerprint surfaces are patched at multiple layers (launch args, CDP overrides, init scripts).
-- Behavioral signals are humanized (typing cadence, cursor path, pacing, retry backoff).
-- Region signals are auto-aligned (locale/timezone/Accept-Language) to reduce mismatch risk.
-- Verification/captcha handling is policy-driven (`--risk-mode off|warn|block`).
+```bash
+npm install -g agent-browser
+agent-browser install  # Download Chrome from Chrome for Testing (first time only)
+```
 
-## FAQ: `agent-browser` vs `agent-browser-stealth`
+### Project Installation (local dependency)
 
-People often ask this: "What's the anti-detection approach compared to `agent-browser-stealth` on npm?"
+For projects that want to pin the version in `package.json`:
 
-- `agent-browser-stealth` on npm is the package name for this fork.
-- The CLI keeps upstream-compatible command names (`agent-browser` is still the main executable, with `agent-browser-stealth` and `abs` as aliases).
-- The practical difference vs upstream `agent-browser` is not one single "stealth switch"; it is a defense-in-depth stack designed for anti-bot pressure.
+```bash
+npm install agent-browser
+agent-browser install
+```
+
+Then use via `package.json` scripts or by invoking `agent-browser` directly.
 
-The core idea is layered hardening across the full automation lifecycle:
+### Homebrew (macOS)
 
-1. Connection-aware policy: choose the best available stealth capability by mode (local launch/CDP/cloud provider).
-2. Fingerprint hardening: patch launch args, CDP metadata, and init-script surfaces before page code runs.
-3. Behavioral humanization: non-uniform typing/mouse/wait patterns instead of perfectly mechanical actions.
-4. Region coherence: auto-align locale/timezone/language signals to target geography.
-5. Risk-aware control loop: detect verification/captcha signals and handle them with explicit `risk-mode` policy.
+```bash
+brew install agent-browser
+agent-browser install  # Download Chrome from Chrome for Testing (first time only)
+```
 
-Goal: reduce detection probability and improve stability in production automation. Non-goal: "guaranteed bypass" on every target.
+### Cargo (Rust)
 
-## Quick Start
+```bash
+cargo install agent-browser
+agent-browser install  # Download Chrome from Chrome for Testing (first time only)
+```
 
-### Install
+### From Source
 
 ```bash
-npm install -g agent-browser-stealth
+git clone https://github.com/vercel-labs/agent-browser
+cd agent-browser
+pnpm install
+pnpm build
+pnpm build:native   # Requires Rust (https://rustup.rs)
+pnpm link --global  # Makes agent-browser available globally
 agent-browser install
-# same CLI, short alias
-abs install
 ```
 
-### Minimal Usage
+### Linux Dependencies
+
+On Linux, install system dependencies:
 
 ```bash
-agent-browser open https://example.com
-agent-browser snapshot -i
+agent-browser install --with-deps
+```
+
+### Updating
+
+Upgrade to the latest version:
+
+```bash
+agent-browser upgrade
+```
+
+Detects your installation method (npm, Homebrew, or Cargo) and runs the appropriate update command automatically.
+
+### Requirements
+
+- **Chrome** - Run `agent-browser install` to download Chrome from [Chrome for Testing](https://developer.chrome.com/blog/chrome-for-testing/) (Google's official automation channel). Existing Chrome, Brave, Playwright, and Puppeteer installations are detected automatically. No Playwright or Node.js required for the daemon.
+- **Rust** - Only needed when building from source (see From Source above).
+
+## Quick Start
+
+```bash
+agent-browser open example.com
+agent-browser snapshot                    # Get accessibility tree with refs
+agent-browser click @e2                   # Click by ref from snapshot
+agent-browser fill @e3 "test@example.com" # Fill by ref
+agent-browser get text @e1                # Get text by ref
+agent-browser screenshot page.png
+agent-browser close
+```
+
+### Traditional Selectors (also supported)
+
+```bash
+agent-browser click "#submit"
+agent-browser fill "#email" "test@example.com"
+agent-browser find role button click --name "Submit"
+```
+
+## Commands
+
+### Core Commands
+
+```bash
+agent-browser open <url>              # Navigate to URL (aliases: goto, navigate)
+agent-browser click <sel>             # Click element (--new-tab to open in new tab)
+agent-browser dblclick <sel>          # Double-click element
+agent-browser focus <sel>             # Focus element
+agent-browser type <sel> <text>       # Type into element
+agent-browser fill <sel> <text>       # Clear and fill
+agent-browser press <key>             # Press key (Enter, Tab, Control+a) (alias: key)
+agent-browser keyboard type <text>    # Type with real keystrokes (no selector, current focus)
+agent-browser keyboard inserttext <text>  # Insert text without key events (no selector)
+agent-browser keydown <key>           # Hold key down
+agent-browser keyup <key>             # Release key
+agent-browser hover <sel>             # Hover element
+agent-browser select <sel> <val>      # Select dropdown option
+agent-browser check <sel>             # Check checkbox
+agent-browser uncheck <sel>           # Uncheck checkbox
+agent-browser scroll <dir> [px]       # Scroll (up/down/left/right, --selector <sel>)
+agent-browser scrollintoview <sel>    # Scroll element into view (alias: scrollinto)
+agent-browser drag <src> <tgt>        # Drag and drop
+agent-browser upload <sel> <files>    # Upload files
+agent-browser screenshot [path]       # Take screenshot (--full for full page, saves to a temporary directory if no path)
+agent-browser screenshot --annotate   # Annotated screenshot with numbered element labels
+agent-browser screenshot --screenshot-dir ./shots    # Save to custom directory
+agent-browser screenshot --screenshot-format jpeg --screenshot-quality 80
+agent-browser pdf <path>              # Save as PDF
+agent-browser snapshot                # Accessibility tree with refs (best for AI)
+agent-browser eval <js>               # Run JavaScript (-b for base64, --stdin for piped input)
+agent-browser connect <port>          # Connect to browser via CDP
+agent-browser stream enable [--port <port>]  # Start runtime WebSocket streaming
+agent-browser stream status           # Show runtime streaming state and bound port
+agent-browser stream disable          # Stop runtime WebSocket streaming
+agent-browser close                   # Close browser (aliases: quit, exit)
+agent-browser close --all             # Close all active sessions
+```
+
+### Get Info
+
+```bash
+agent-browser get text <sel>          # Get text content
+agent-browser get html <sel>          # Get innerHTML
+agent-browser get value <sel>         # Get input value
+agent-browser get attr <sel> <attr>   # Get attribute
+agent-browser get title               # Get page title
+agent-browser get url                 # Get current URL
+agent-browser get cdp-url             # Get CDP WebSocket URL (for DevTools, debugging)
+agent-browser get count <sel>         # Count matching elements
+agent-browser get box <sel>           # Get bounding box
+agent-browser get styles <sel>        # Get computed styles
+```
+
+### Check State
+
+```bash
+agent-browser is visible <sel>        # Check if visible
+agent-browser is enabled <sel>        # Check if enabled
+agent-browser is checked <sel>        # Check if checked
+```
+
+### Find Elements (Semantic Locators)
+
+```bash
+agent-browser find role <role> <action> [value]       # By ARIA role
+agent-browser find text <text> <action>               # By text content
+agent-browser find label <label> <action> [value]     # By label
+agent-browser find placeholder <ph> <action> [value]  # By placeholder
+agent-browser find alt <text> <action>                # By alt text
+agent-browser find title <text> <action>              # By title attr
+agent-browser find testid <id> <action> [value]       # By data-testid
+agent-browser find first <sel> <action> [value]       # First match
+agent-browser find last <sel> <action> [value]        # Last match
+agent-browser find nth <n> <sel> <action> [value]     # Nth match
+```
+
+**Actions:** `click`, `fill`, `type`, `hover`, `focus`, `check`, `uncheck`, `text`
+
+**Options:** `--name <name>` (filter role by accessible name), `--exact` (require exact text match)
+
+**Examples:**
+
+```bash
+agent-browser find role button click --name "Submit"
+agent-browser find text "Sign In" click
+agent-browser find label "Email" fill "test@test.com"
+agent-browser find first ".item" click
+agent-browser find nth 2 "a" text
+```
+
+### Wait
+
+```bash
+agent-browser wait <selector>         # Wait for element to be visible
+agent-browser wait <ms>               # Wait for time (milliseconds)
+agent-browser wait --text "Welcome"   # Wait for text to appear (substring match)
+agent-browser wait --url "**/dash"    # Wait for URL pattern
+agent-browser wait --load networkidle # Wait for load state
+agent-browser wait --fn "window.ready === true"  # Wait for JS condition
+
+# Wait for text/element to disappear
+agent-browser wait --fn "!document.body.innerText.includes('Loading...')"
+agent-browser wait "#spinner" --state hidden
+```
+
+**Load states:** `load`, `domcontentloaded`, `networkidle`
+
+### Batch Execution
+
+Execute multiple commands in a single invocation by piping a JSON array of
+string arrays to `batch`. This avoids per-command process startup overhead
+when running multi-step workflows.
+
+```bash
+# Pipe commands as JSON
+echo '[
+  ["open", "https://example.com"],
+  ["snapshot", "-i"],
+  ["click", "@e1"],
+  ["screenshot", "result.png"]
+]' | agent-browser batch --json
+
+# Stop on first error
+agent-browser batch --bail < commands.json
+```
+
+### Clipboard
+
+```bash
+agent-browser clipboard read                      # Read text from clipboard
+agent-browser clipboard write "Hello, World!"     # Write text to clipboard
+agent-browser clipboard copy                      # Copy current selection (Ctrl+C)
+agent-browser clipboard paste                     # Paste from clipboard (Ctrl+V)
+```
+
+### Mouse Control
+
+```bash
+agent-browser mouse move <x> <y>      # Move mouse
+agent-browser mouse down [button]     # Press button (left/right/middle)
+agent-browser mouse up [button]       # Release button
+agent-browser mouse wheel <dy> [dx]   # Scroll wheel
+```
+
+### Browser Settings
+
+```bash
+agent-browser set viewport <w> <h> [scale]  # Set viewport size (scale for retina, e.g. 2)
+agent-browser set device <name>       # Emulate device ("iPhone 14")
+agent-browser set geo <lat> <lng>     # Set geolocation
+agent-browser set offline [on|off]    # Toggle offline mode
+agent-browser set headers <json>      # Extra HTTP headers
+agent-browser set credentials <u> <p> # HTTP basic auth
+agent-browser set media [dark|light]  # Emulate color scheme
+```
+
+### Cookies & Storage
+
+```bash
+agent-browser cookies                 # Get all cookies
+agent-browser cookies set <name> <val> # Set cookie
+agent-browser cookies clear           # Clear cookies
+
+agent-browser storage local           # Get all localStorage
+agent-browser storage local <key>     # Get specific key
+agent-browser storage local set <k> <v>  # Set value
+agent-browser storage local clear     # Clear all
+
+agent-browser storage session         # Same for sessionStorage
+```
+
+### Network
+
+```bash
+agent-browser network route <url>              # Intercept requests
+agent-browser network route <url> --abort      # Block requests
+agent-browser network route <url> --body <json>  # Mock response
+agent-browser network unroute [url]            # Remove routes
+agent-browser network requests                 # View tracked requests
+agent-browser network requests --filter api    # Filter requests
+agent-browser network requests --type xhr,fetch  # Filter by resource type
+agent-browser network requests --method POST   # Filter by HTTP method
+agent-browser network requests --status 2xx    # Filter by status (200, 2xx, 400-499)
+agent-browser network request <requestId>      # View full request/response detail
+agent-browser network har start                # Start HAR recording
+agent-browser network har stop [output.har]    # Stop and save HAR (temp path if omitted)
+```
+
+### Tabs & Windows
+
+```bash
+agent-browser tab                     # List tabs
+agent-browser tab new [url]           # New tab (optionally with URL)
+agent-browser tab <n>                 # Switch to tab n
+agent-browser tab close [n]           # Close tab
+agent-browser window new              # New window
+```
+
+### Frames
+
+```bash
+agent-browser frame <sel>             # Switch to iframe
+agent-browser frame main              # Back to main frame
+```
+
+### Dialogs
+
+```bash
+agent-browser dialog accept [text]    # Accept (with optional prompt text)
+agent-browser dialog dismiss          # Dismiss
+agent-browser dialog status           # Check if a dialog is currently open
+```
+
+By default, `alert` and `beforeunload` dialogs are automatically accepted so they never block the agent. `confirm` and `prompt` dialogs still require explicit handling. Use `--no-auto-dialog` (or `AGENT_BROWSER_NO_AUTO_DIALOG=1`) to disable automatic handling.
+
+When a JavaScript dialog is pending, all command responses include a `warning` field with the dialog type and message.
+
+### Diff
+
+```bash
+agent-browser diff snapshot                              # Compare current vs last snapshot
+agent-browser diff snapshot --baseline before.txt        # Compare current vs saved snapshot file
+agent-browser diff snapshot --selector "#main" --compact # Scoped snapshot diff
+agent-browser diff screenshot --baseline before.png      # Visual pixel diff against baseline
+agent-browser diff screenshot --baseline b.png -o d.png  # Save diff image to custom path
+agent-browser diff screenshot --baseline b.png -t 0.2    # Adjust color threshold (0-1)
+agent-browser diff url https://v1.com https://v2.com     # Compare two URLs (snapshot diff)
+agent-browser diff url https://v1.com https://v2.com --screenshot  # Also visual diff
+agent-browser diff url https://v1.com https://v2.com --wait-until networkidle  # Custom wait strategy
+agent-browser diff url https://v1.com https://v2.com --selector "#main"  # Scope to element
+```
+
+### Debug
+
+```bash
+agent-browser trace start [path]      # Start recording trace
+agent-browser trace stop [path]       # Stop and save trace
+agent-browser profiler start          # Start Chrome DevTools profiling
+agent-browser profiler stop [path]    # Stop and save profile (.json)
+agent-browser console                 # View console messages (log, error, warn, info)
+agent-browser console --json          # JSON output with raw CDP args for programmatic access
+agent-browser console --clear         # Clear console
+agent-browser errors                  # View page errors (uncaught JavaScript exceptions)
+agent-browser errors --clear          # Clear errors
+agent-browser highlight <sel>         # Highlight element
+agent-browser inspect                 # Open Chrome DevTools for the active page
+agent-browser state save <path>       # Save auth state
+agent-browser state load <path>       # Load auth state
+agent-browser state list              # List saved state files
+agent-browser state show <file>       # Show state summary
+agent-browser state rename <old> <new> # Rename state file
+agent-browser state clear [name]      # Clear states for session
+agent-browser state clear --all       # Clear all saved states
+agent-browser state clean --older-than <days>  # Delete old states
+```
+
+### Navigation
+
+```bash
+agent-browser back                    # Go back
+agent-browser forward                 # Go forward
+agent-browser reload                  # Reload page
+```
+
+### Setup
+
+```bash
+agent-browser install                 # Download Chrome from Chrome for Testing (Google's official automation channel)
+agent-browser install --with-deps     # Also install system deps (Linux)
+agent-browser upgrade                 # Upgrade agent-browser to the latest version
+```
+
+## Authentication
+
+agent-browser provides multiple ways to persist login sessions so you don't re-authenticate every run.
+
+### Quick summary
+
+| Approach | Best for | Flag / Env |
+|----------|----------|------------|
+| **Persistent profile** | Full browser state (cookies, IndexedDB, service workers, cache) across restarts | `--profile <path>` / `AGENT_BROWSER_PROFILE` |
+| **Session persistence** | Auto-save/restore cookies + localStorage by name | `--session-name <name>` / `AGENT_BROWSER_SESSION_NAME` |
+| **Import from your browser** | Grab auth from a Chrome session you already logged into | `--auto-connect` + `state save` |
+| **State file** | Load a previously saved state JSON on launch | `--state <path>` / `AGENT_BROWSER_STATE` |
+| **Auth vault** | Store credentials locally (encrypted), login by name | `auth save` / `auth login` |
+
+### Import auth from your browser
+
+If you are already logged in to a site in Chrome, you can grab that auth state and reuse it:
+
+```bash
+# 1. Launch Chrome with remote debugging enabled
+#    macOS:
+"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" --remote-debugging-port=9222
+#    Or use --auto-connect to discover an already-running Chrome
+
+# 2. Connect and save the authenticated state
+agent-browser --auto-connect state save ./my-auth.json
+
+# 3. Use the saved auth in future sessions
+agent-browser --state ./my-auth.json open https://app.example.com/dashboard
+
+# 4. Or use --session-name for automatic persistence
+agent-browser --session-name myapp state load ./my-auth.json
+# From now on, --session-name myapp auto-saves/restores this state
+```
+
+> **Security notes:**
+> - `--remote-debugging-port` exposes full browser control on localhost. Any local process can connect. Only use on trusted machines and close Chrome when done.
+> - State files contain session tokens in plaintext. Add them to `.gitignore` and delete when no longer needed. For encryption at rest, set `AGENT_BROWSER_ENCRYPTION_KEY` (see [State Encryption](#state-encryption)).
+
+For full details on login flows, OAuth, 2FA, cookie-based auth, and the auth vault, see the [Authentication](docs/src/app/sessions/page.mdx) docs.
+
+## Sessions
+
+Run multiple isolated browser instances:
+
+```bash
+# Different sessions
+agent-browser --session agent1 open site-a.com
+agent-browser --session agent2 open site-b.com
+
+# Or via environment variable
+AGENT_BROWSER_SESSION=agent1 agent-browser click "#btn"
+
+# List active sessions
+agent-browser session list
+# Output:
+# Active sessions:
+# -> default
+#    agent1
+
+# Show current session
+agent-browser session
+```
+
+Each session has its own:
+
+- Browser instance
+- Cookies and storage
+- Navigation history
+- Authentication state
+
+## Persistent Profiles
+
+By default, browser state (cookies, localStorage, login sessions) is ephemeral and lost when the browser closes. Use `--profile` to persist state across browser restarts:
+
+```bash
+# Use a persistent profile directory
+agent-browser --profile ~/.myapp-profile open myapp.com
+
+# Login once, then reuse the authenticated session
+agent-browser --profile ~/.myapp-profile open myapp.com/dashboard
+
+# Or via environment variable
+AGENT_BROWSER_PROFILE=~/.myapp-profile agent-browser open myapp.com
+```
+
+The profile directory stores:
+
+- Cookies and localStorage
+- IndexedDB data
+- Service workers
+- Browser cache
+- Login sessions
+
+**Tip**: Use different profile paths for different projects to keep their browser state isolated.
+
+## Session Persistence
+
+Alternatively, use `--session-name` to automatically save and restore cookies and localStorage across browser restarts:
+
+```bash
+# Auto-save/load state for "twitter" session
+agent-browser --session-name twitter open twitter.com
+
+# Login once, then state persists automatically
+# State files stored in ~/.agent-browser/sessions/
+
+# Or via environment variable
+export AGENT_BROWSER_SESSION_NAME=twitter
+agent-browser open twitter.com
+```
+
+### State Encryption
+
+Encrypt saved session data at rest with AES-256-GCM:
+
+```bash
+# Generate key: openssl rand -hex 32
+export AGENT_BROWSER_ENCRYPTION_KEY=<64-char-hex-key>
+
+# State files are now encrypted automatically
+agent-browser --session-name secure open example.com
+```
+
+| Variable                          | Description                                        |
+| --------------------------------- | -------------------------------------------------- |
+| `AGENT_BROWSER_SESSION_NAME`      | Auto-save/load state persistence name              |
+| `AGENT_BROWSER_ENCRYPTION_KEY`    | 64-char hex key for AES-256-GCM encryption         |
+| `AGENT_BROWSER_STATE_EXPIRE_DAYS` | Auto-delete states older than N days (default: 30) |
+
+## Security
+
+agent-browser includes security features for safe AI agent deployments. All features are opt-in -- existing workflows are unaffected until you explicitly enable a feature:
+
+- **Authentication Vault** -- Store credentials locally (always encrypted), reference by name. The LLM never sees passwords. `auth login` navigates with `load` and then waits for login form selectors to appear (SPA-friendly, timeout follows the default action timeout). A key is auto-generated at `~/.agent-browser/.encryption-key` if `AGENT_BROWSER_ENCRYPTION_KEY` is not set: `echo "pass" | agent-browser auth save github --url https://github.com/login --username user --password-stdin` then `agent-browser auth login github`
+- **Content Boundary Markers** -- Wrap page output in delimiters so LLMs can distinguish tool output from untrusted content: `--content-boundaries`
+- **Domain Allowlist** -- Restrict navigation to trusted domains (wildcards like `*.example.com` also match the bare domain): `--allowed-domains "example.com,*.example.com"`. Sub-resource requests (scripts, images, fetch) and WebSocket/EventSource connections to non-allowed domains are also blocked. Include any CDN domains your target pages depend on (e.g., `*.cdn.example.com`).
+- **Action Policy** -- Gate destructive actions with a static policy file: `--action-policy ./policy.json`
+- **Action Confirmation** -- Require explicit approval for sensitive action categories: `--confirm-actions eval,download`
+- **Output Length Limits** -- Prevent context flooding: `--max-output 50000`
+
+| Variable                            | Description                              |
+| ----------------------------------- | ---------------------------------------- |
+| `AGENT_BROWSER_CONTENT_BOUNDARIES`  | Wrap page output in boundary markers     |
+| `AGENT_BROWSER_MAX_OUTPUT`          | Max characters for page output           |
+| `AGENT_BROWSER_ALLOWED_DOMAINS`     | Comma-separated allowed domain patterns  |
+| `AGENT_BROWSER_ACTION_POLICY`       | Path to action policy JSON file          |
+| `AGENT_BROWSER_CONFIRM_ACTIONS`     | Action categories requiring confirmation |
+| `AGENT_BROWSER_CONFIRM_INTERACTIVE` | Enable interactive confirmation prompts  |
+
+See [Security documentation](https://agent-browser.dev/security) for details.
+
+## Snapshot Options
+
+The `snapshot` command supports filtering to reduce output size:
+
+```bash
+agent-browser snapshot                    # Full accessibility tree
+agent-browser snapshot -i                 # Interactive elements only (buttons, inputs, links)
+agent-browser snapshot -c                 # Compact (remove empty structural elements)
+agent-browser snapshot -d 3               # Limit depth to 3 levels
+agent-browser snapshot -s "#main"         # Scope to CSS selector
+agent-browser snapshot -i -c -d 5         # Combine options
+```
+
+| Option                 | Description                                                             |
+| ---------------------- | ----------------------------------------------------------------------- |
+| `-i, --interactive`    | Only show interactive elements (buttons, links, inputs)                 |
+| `-c, --compact`        | Remove empty structural elements                                        |
+| `-d, --depth <n>`      | Limit tree depth                                                        |
+| `-s, --selector <sel>` | Scope to CSS selector                                                   |
+
+## Annotated Screenshots
+
+The `--annotate` flag overlays numbered labels on interactive elements in the screenshot. Each label `[N]` corresponds to ref `@eN`, so the same refs work for both visual and text-based workflows.
+
+Annotated screenshots are supported on the CDP-backed browser path (Chrome/Lightpanda). The Safari/WebDriver backend does not yet support `--annotate`.
+
+```bash
+agent-browser screenshot --annotate
+# -> Screenshot saved to /tmp/screenshot-2026-02-17T12-00-00-abc123.png
+#    [1] @e1 button "Submit"
+#    [2] @e2 link "Home"
+#    [3] @e3 textbox "Email"
+```
+
+After an annotated screenshot, refs are cached so you can immediately interact with elements:
+
+```bash
+agent-browser screenshot --annotate ./page.png
+agent-browser click @e2     # Click the "Home" link labeled [2]
+```
+
+This is useful for multimodal AI models that can reason about visual layout, unlabeled icon buttons, canvas elements, or visual state that the text accessibility tree cannot capture.
+
+## Options
+
+| Option | Description |
+|--------|-------------|
+| `--session <name>` | Use isolated session (or `AGENT_BROWSER_SESSION` env) |
+| `--session-name <name>` | Auto-save/restore session state (or `AGENT_BROWSER_SESSION_NAME` env) |
+| `--profile <path>` | Persistent browser profile directory (or `AGENT_BROWSER_PROFILE` env) |
+| `--state <path>` | Load storage state from JSON file (or `AGENT_BROWSER_STATE` env) |
+| `--headers <json>` | Set HTTP headers scoped to the URL's origin |
+| `--executable-path <path>` | Custom browser executable (or `AGENT_BROWSER_EXECUTABLE_PATH` env) |
+| `--extension <path>` | Load browser extension (repeatable; or `AGENT_BROWSER_EXTENSIONS` env) |
+| `--args <args>` | Browser launch args, comma or newline separated (or `AGENT_BROWSER_ARGS` env) |
+| `--user-agent <ua>` | Custom User-Agent string (or `AGENT_BROWSER_USER_AGENT` env) |
+| `--proxy <url>` | Proxy server URL with optional auth (or `AGENT_BROWSER_PROXY` env) |
+| `--proxy-bypass <hosts>` | Hosts to bypass proxy (or `AGENT_BROWSER_PROXY_BYPASS` env) |
+| `--ignore-https-errors` | Ignore HTTPS certificate errors (useful for self-signed certs) |
+| `--allow-file-access` | Allow file:// URLs to access local files (Chromium only) |
+| `-p, --provider <name>` | Cloud browser provider (or `AGENT_BROWSER_PROVIDER` env) |
+| `--device <name>` | iOS device name, e.g. "iPhone 15 Pro" (or `AGENT_BROWSER_IOS_DEVICE` env) |
+| `--json` | JSON output (for agents) |
+| `--annotate` | Annotated screenshot with numbered element labels (or `AGENT_BROWSER_ANNOTATE` env) |
+| `--screenshot-dir <path>` | Default screenshot output directory (or `AGENT_BROWSER_SCREENSHOT_DIR` env) |
+| `--screenshot-quality <n>` | JPEG quality 0-100 (or `AGENT_BROWSER_SCREENSHOT_QUALITY` env) |
+| `--screenshot-format <fmt>` | Screenshot format: `png`, `jpeg` (or `AGENT_BROWSER_SCREENSHOT_FORMAT` env) |
+| `--headed` | Show browser window (not headless) (or `AGENT_BROWSER_HEADED` env) |
+| `--cdp <port\|url>` | Connect via Chrome DevTools Protocol (port or WebSocket URL) |
+| `--auto-connect` | Auto-discover and connect to running Chrome (or `AGENT_BROWSER_AUTO_CONNECT` env) |
+| `--color-scheme <scheme>` | Color scheme: `dark`, `light`, `no-preference` (or `AGENT_BROWSER_COLOR_SCHEME` env) |
+| `--download-path <path>` | Default download directory (or `AGENT_BROWSER_DOWNLOAD_PATH` env) |
+| `--content-boundaries` | Wrap page output in boundary markers for LLM safety (or `AGENT_BROWSER_CONTENT_BOUNDARIES` env) |
+| `--max-output <chars>` | Truncate page output to N characters (or `AGENT_BROWSER_MAX_OUTPUT` env) |
+| `--allowed-domains <list>` | Comma-separated allowed domain patterns (or `AGENT_BROWSER_ALLOWED_DOMAINS` env) |
+| `--action-policy <path>` | Path to action policy JSON file (or `AGENT_BROWSER_ACTION_POLICY` env) |
+| `--confirm-actions <list>` | Action categories requiring confirmation (or `AGENT_BROWSER_CONFIRM_ACTIONS` env) |
+| `--confirm-interactive` | Interactive confirmation prompts; auto-denies if stdin is not a TTY (or `AGENT_BROWSER_CONFIRM_INTERACTIVE` env) |
+| `--engine <name>` | Browser engine: `chrome` (default), `lightpanda` (or `AGENT_BROWSER_ENGINE` env) |
+| `--no-auto-dialog` | Disable automatic dismissal of `alert`/`beforeunload` dialogs (or `AGENT_BROWSER_NO_AUTO_DIALOG` env) |
+| `--config <path>` | Use a custom config file (or `AGENT_BROWSER_CONFIG` env) |
+| `--debug` | Debug output |
+
+## Observability Dashboard
+
+Monitor agent-browser sessions in real time with a local web dashboard showing a live viewport and command activity feed.
+
+```bash
+# Install the dashboard (one time)
+agent-browser dashboard install
+
+# Start the dashboard server (runs in background on port 4848)
+agent-browser dashboard start
+agent-browser dashboard start --port 8080   # Custom port
+
+# All sessions are automatically visible in the dashboard
+agent-browser open example.com
+
+# Stop the dashboard
+agent-browser dashboard stop
+```
+
+The dashboard runs as a standalone background process on port 4848, independent of browser sessions. It stays available even when no sessions are running. All sessions automatically stream to the dashboard.
+
+The dashboard displays:
+- **Live viewport** -- real-time JPEG frames from the browser
+- **Activity feed** -- chronological command/result stream with timing and expandable details
+- **Console output** -- browser console messages (log, warn, error)
+- **Session creation** -- create new sessions from the UI with local engines (Chrome, Lightpanda) or cloud providers (AgentCore, Browserbase, Browserless, Browser Use, Kernel)
+
+## Configuration
+
+Create an `agent-browser.json` file to set persistent defaults instead of repeating flags on every command.
+
+**Locations (lowest to highest priority):**
+
+1. `~/.agent-browser/config.json` -- user-level defaults
+2. `./agent-browser.json` -- project-level overrides (in working directory)
+3. `AGENT_BROWSER_*` environment variables override config file values
+4. CLI flags override everything
+
+**Example `agent-browser.json`:**
+
+```json
+{
+  "headed": true,
+  "proxy": "http://localhost:8080",
+  "profile": "./browser-data",
+  "userAgent": "my-agent/1.0",
+  "ignoreHttpsErrors": true
+}
+```
+
+Use `--config <path>` or `AGENT_BROWSER_CONFIG` to load a specific config file instead of the defaults:
+
+```bash
+agent-browser --config ./ci-config.json open example.com
+AGENT_BROWSER_CONFIG=./ci-config.json agent-browser open example.com
+```
+
+All options from the table above can be set in the config file using camelCase keys (e.g., `--executable-path` becomes `"executablePath"`, `--proxy-bypass` becomes `"proxyBypass"`). Unknown keys are ignored for forward compatibility.
+
+Boolean flags accept an optional `true`/`false` value to override config settings. For example, `--headed false` disables `"headed": true` from config. A bare `--headed` is equivalent to `--headed true`.
+
+Auto-discovered config files that are missing are silently ignored. If `--config <path>` points to a missing or invalid file, agent-browser exits with an error. Extensions from user and project configs are merged (concatenated), not replaced.
+
+> **Tip:** If your project-level `agent-browser.json` contains environment-specific values (paths, proxies), consider adding it to `.gitignore`.
+
+## Default Timeout
+
+The default timeout for standard operations (clicks, waits, fills, etc.) is 25 seconds. This is intentionally below the CLI's 30-second IPC read timeout so that the daemon returns a proper error instead of the CLI timing out with EAGAIN.
+
+Override the default timeout via environment variable:
+
+```bash
+# Set a longer timeout for slow pages (in milliseconds)
+export AGENT_BROWSER_DEFAULT_TIMEOUT=45000
+```
+
+> **Note:** Setting this above 30000 (30s) may cause EAGAIN errors on slow operations because the CLI's read timeout will expire before the daemon responds. The CLI retries transient errors automatically, but response times will increase.
+
+| Variable                        | Description                              |
+| ------------------------------- | ---------------------------------------- |
+| `AGENT_BROWSER_DEFAULT_TIMEOUT` | Default operation timeout in ms (default: 25000) |
+
+## Selectors
+
+### Refs (Recommended for AI)
+
+Refs provide deterministic element selection from snapshots:
+
+```bash
+# 1. Get snapshot with refs
+agent-browser snapshot
+# Output:
+# - heading "Example Domain" [ref=e1] [level=1]
+# - button "Submit" [ref=e2]
+# - textbox "Email" [ref=e3]
+# - link "Learn more" [ref=e4]
+
+# 2. Use refs to interact
+agent-browser click @e2                   # Click the button
+agent-browser fill @e3 "test@example.com" # Fill the textbox
+agent-browser get text @e1                # Get heading text
+agent-browser hover @e4                   # Hover the link
+```
+
+**Why use refs?**
+
+- **Deterministic**: Ref points to exact element from snapshot
+- **Fast**: No DOM re-query needed
+- **AI-friendly**: Snapshot + ref workflow is optimal for LLMs
+
+### CSS Selectors
+
+```bash
+agent-browser click "#id"
+agent-browser click ".class"
+agent-browser click "div > button"
+```
+
+### Text & XPath
+
+```bash
+agent-browser click "text=Submit"
+agent-browser click "xpath=//button"
+```
+
+### Semantic Locators
+
+```bash
+agent-browser find role button click --name "Submit"
+agent-browser find label "Email" fill "test@test.com"
+```
+
+## Agent Mode
+
+Use `--json` for machine-readable output:
+
+```bash
+agent-browser snapshot --json
+# Returns: {"success":true,"data":{"snapshot":"...","refs":{"e1":{"role":"heading","name":"Title"},...}}}
+
+agent-browser get text @e1 --json
+agent-browser is visible @e2 --json
+```
+
+### Optimal AI Workflow
+
+```bash
+# 1. Navigate and get snapshot
+agent-browser open example.com
+agent-browser snapshot -i --json   # AI parses tree and refs
+
+# 2. AI identifies target refs from snapshot
+# 3. Execute actions using refs
 agent-browser click @e2
+agent-browser fill @e3 "input text"
+
+# 4. Get new snapshot if page changed
+agent-browser snapshot -i --json
+```
+
+### Command Chaining
+
+Commands can be chained with `&&` in a single shell invocation. The browser persists via a background daemon, so chaining is safe and more efficient:
+
+```bash
+# Open, wait for load, and snapshot in one call
+agent-browser open example.com && agent-browser wait --load networkidle && agent-browser snapshot -i
+
+# Chain multiple interactions
+agent-browser fill @e1 "user@example.com" && agent-browser fill @e2 "pass" && agent-browser click @e3
+
+# Navigate and screenshot
+agent-browser open example.com && agent-browser wait --load networkidle && agent-browser screenshot page.png
+```
+
+Use `&&` when you don't need intermediate output. Run commands separately when you need to parse output first (e.g., snapshot to discover refs before interacting).
+
+## Headed Mode
+
+Show the browser window for debugging:
+
+```bash
+agent-browser open example.com --headed
+```
+
+This opens a visible browser window instead of running headless.
+
+> **Note:** Browser extensions work in both headed and headless mode (Chrome's `--headless=new`).
+
+## Authenticated Sessions
+
+Use `--headers` to set HTTP headers for a specific origin, enabling authentication without login flows:
+
+```bash
+# Headers are scoped to api.example.com only
+agent-browser open api.example.com --headers '{"Authorization": "Bearer <token>"}'
+
+# Requests to api.example.com include the auth header
+agent-browser snapshot -i --json
+agent-browser click @e2
+
+# Navigate to another domain - headers are NOT sent (safe!)
+agent-browser open other-site.com
+```
+
+This is useful for:
+
+- **Skipping login flows** - Authenticate via headers instead of UI
+- **Switching users** - Start new sessions with different auth tokens
+- **API testing** - Access protected endpoints directly
+- **Security** - Headers are scoped to the origin, not leaked to other domains
+
+To set headers for multiple origins, use `--headers` with each `open` command:
+
+```bash
+agent-browser open api.example.com --headers '{"Authorization": "Bearer token1"}'
+agent-browser open api.acme.com --headers '{"Authorization": "Bearer token2"}'
+```
+
+For global headers (all domains), use `set headers`:
+
+```bash
+agent-browser set headers '{"X-Custom-Header": "value"}'
+```
+
+## Custom Browser Executable
+
+Use a custom browser executable instead of the bundled Chromium. This is useful for:
+
+- **Serverless deployment**: Use lightweight Chromium builds like `@sparticuz/chromium` (~50MB vs ~684MB)
+- **System browsers**: Use an existing Chrome/Chromium installation
+- **Custom builds**: Use modified browser builds
+
+### CLI Usage
+
+```bash
+# Via flag
+agent-browser --executable-path /path/to/chromium open example.com
+
+# Via environment variable
+AGENT_BROWSER_EXECUTABLE_PATH=/path/to/chromium agent-browser open example.com
+```
+
+### Serverless (Vercel)
+
+Run agent-browser + Chrome in an ephemeral Vercel Sandbox microVM. No external server needed:
+
+```typescript
+import { Sandbox } from "@vercel/sandbox";
+
+const sandbox = await Sandbox.create({ runtime: "node24" });
+await sandbox.runCommand("agent-browser", ["open", "https://example.com"]);
+const result = await sandbox.runCommand("agent-browser", ["screenshot", "--json"]);
+await sandbox.stop();
+```
+
+See the [environments example](examples/environments/) for a working demo with a UI and deploy-to-Vercel button.
+
+### Serverless (AWS Lambda)
+
+```typescript
+import chromium from '@sparticuz/chromium';
+import { execSync } from 'child_process';
+
+export async function handler() {
+  const executablePath = await chromium.executablePath();
+  const result = execSync(
+    `AGENT_BROWSER_EXECUTABLE_PATH=${executablePath} agent-browser open https://example.com && agent-browser snapshot -i --json`,
+    { encoding: 'utf-8' }
+  );
+  return JSON.parse(result);
+}
 ```
 
-### Parallel AI Runs (Isolated Runtime Channel)
+## Local Files
 
-Use `--parallel <name>` to run multiple AI flows concurrently without fighting over the same runtime channel.
+Open and interact with local files (PDFs, HTML, etc.) using `file://` URLs:
 
 ```bash
-agent-browser --parallel worker-a open https://example.com
-agent-browser --parallel worker-b open https://example.org
+# Enable file access (required for JavaScript to access local files)
+agent-browser --allow-file-access open file:///path/to/document.pdf
+agent-browser --allow-file-access open file:///path/to/page.html
+
+# Take screenshot of a local PDF
+agent-browser --allow-file-access open file:///Users/me/report.pdf
+agent-browser screenshot report.png
 ```
 
-`--parallel` is designed for stateless throughput tasks (navigation, extraction, checks). For authenticated flows, keep using one stable `--session-name`.
+The `--allow-file-access` flag adds Chromium flags (`--allow-file-access-from-files`, `--allow-file-access`) that allow `file://` URLs to:
 
-Default session isolation policy:
-- Running a default-session command reaps all non-default daemon sessions (`parallel-*` and legacy named channels).
-- This avoids stale daemon reuse and keeps stealth behavior consistent on the primary channel.
+- Load and render local files
+- Access other local files via JavaScript (XHR, fetch)
+- Load local resources (images, scripts, stylesheets)
 
-| Option | Purpose | Typical Usage |
-| --- | --- | --- |
-| `--parallel <name>` | Isolate runtime channel for concurrent AI tasks | Stateless/no-login parallel jobs |
-| `--session-name <name>` | Persist cookies/localStorage across restarts | Login/auth continuity |
-| `--engine <name>` | Choose local browser engine (`chrome`, `lightpanda`) | Native-only engine experiments |
+**Note:** This flag only works with Chromium. For security, it's disabled by default.
 
-### Daemon Lifecycle
+## CDP Mode
 
-- Daemons auto-shutdown after 10 minutes of inactivity by default.
-- Use `--resident` to keep a daemon alive until an explicit `close`.
+Connect to an existing browser via Chrome DevTools Protocol:
 
 ```bash
-agent-browser --resident open https://example.com
-# ... long-lived background workflow ...
+# Start Chrome with: google-chrome --remote-debugging-port=9222
+
+# Connect once, then run commands without --cdp
+agent-browser connect 9222
+agent-browser snapshot
+agent-browser tab
 agent-browser close
+
+# Or pass --cdp on each command
+agent-browser --cdp 9222 snapshot
+
+# Connect to remote browser via WebSocket URL
+agent-browser --cdp "wss://your-browser-service.com/cdp?token=..." snapshot
 ```
 
-### Browser Engine Selection
+The `--cdp` flag accepts either:
+
+- A port number (e.g., `9222`) for local connections via `http://localhost:{port}`
+- A full WebSocket URL (e.g., `wss://...` or `ws://...`) for remote browser services
+
+This enables control of:
+
+- Electron apps
+- Chrome/Chromium instances with remote debugging
+- WebView2 applications
+- Any browser exposing a CDP endpoint
 
-`chrome` remains the default engine. If you want to try [Lightpanda](https://lightpanda.io/docs/open-source/installation), use `--engine lightpanda`; this automatically routes through the native daemon.
+### Auto-Connect
+
+Use `--auto-connect` to automatically discover and connect to a running Chrome instance without specifying a port:
 
 ```bash
-agent-browser --engine lightpanda open https://example.com
+# Auto-discover running Chrome with remote debugging
+agent-browser --auto-connect open example.com
+agent-browser --auto-connect snapshot
+
+# Or via environment variable
+AGENT_BROWSER_AUTO_CONNECT=1 agent-browser snapshot
+```
+
+Auto-connect discovers Chrome by:
+
+1. Reading Chrome's `DevToolsActivePort` file from the default user data directory
+2. Falling back to probing common debugging ports (9222, 9229)
+3. If HTTP-based discovery (`/json/version`, `/json/list`) fails, falling back to a direct WebSocket connection
+
+This is useful when:
+
+- Chrome 144+ has remote debugging enabled via `chrome://inspect/#remote-debugging` (which uses a dynamic port)
+- You want a zero-configuration connection to your existing browser
+- You don't want to track which port Chrome is using
+
+## Streaming (Browser Preview)
+
+Stream the browser viewport via WebSocket for live preview or "pair browsing" where a human can watch and interact alongside an AI agent.
+
+### Streaming
+
+Every session automatically starts a WebSocket stream server on an OS-assigned port. Use `stream status` to see the bound port and connection state:
+
+```bash
+agent-browser stream status
+```
+
+To bind to a specific port, set `AGENT_BROWSER_STREAM_PORT`:
+
+```bash
+AGENT_BROWSER_STREAM_PORT=9223 agent-browser open example.com
+```
+
+You can also manage streaming at runtime with `stream enable`, `stream disable`, and `stream status`:
+
+```bash
+agent-browser stream enable --port 9223   # Re-enable on a specific port
+agent-browser stream disable              # Stop streaming for the session
+```
+
+The WebSocket server streams the browser viewport and accepts input events.
+
+### WebSocket Protocol
+
+Connect to `ws://localhost:9223` to receive frames and send input:
+
+**Receive frames:**
+
+```json
+{
+  "type": "frame",
+  "data": "<base64-encoded-jpeg>",
+  "metadata": {
+    "deviceWidth": 1280,
+    "deviceHeight": 720,
+    "pageScaleFactor": 1,
+    "offsetTop": 0,
+    "scrollOffsetX": 0,
+    "scrollOffsetY": 0
+  }
+}
+```
+
+**Send mouse events:**
+
+```json
+{
+  "type": "input_mouse",
+  "eventType": "mousePressed",
+  "x": 100,
+  "y": 200,
+  "button": "left",
+  "clickCount": 1
+}
+```
+
+**Send keyboard events:**
+
+```json
+{
+  "type": "input_keyboard",
+  "eventType": "keyDown",
+  "key": "Enter",
+  "code": "Enter"
+}
+```
+
+**Send touch events:**
+
+```json
+{
+  "type": "input_touch",
+  "eventType": "touchStart",
+  "touchPoints": [{ "x": 100, "y": 200 }]
+}
+```
+
+## Architecture
+
+agent-browser uses a client-daemon architecture:
+
+1. **Rust CLI** - Parses commands, communicates with daemon
+2. **Rust Daemon** - Pure Rust daemon using direct CDP, no Node.js required
+
+The daemon starts automatically on first command and persists between commands for fast subsequent operations. To auto-shutdown the daemon after a period of inactivity, set `AGENT_BROWSER_IDLE_TIMEOUT_MS` (value in milliseconds). When set, the daemon closes the browser and exits after receiving no commands for the specified duration.
+
+**Browser Engine:** Uses Chrome (from Chrome for Testing) by default. The `--engine` flag selects between `chrome` and `lightpanda`. Supported browsers: Chromium/Chrome (via CDP) and Safari (via WebDriver for iOS).
+
+## Platforms
+
+| Platform    | Binary      |
+| ----------- | ----------- |
+| macOS ARM64 | Native Rust |
+| macOS x64   | Native Rust |
+| Linux ARM64 | Native Rust |
+| Linux x64   | Native Rust |
+| Windows x64 | Native Rust |
+
+## Usage with AI Agents
+
+### Just ask the agent
+
+The simplest approach -- just tell your agent to use it:
 
-export AGENT_BROWSER_ENGINE=lightpanda
-agent-browser open https://example.com
+```
+Use agent-browser to test the login flow. Run agent-browser --help to see available commands.
+```
+
+The `--help` output is comprehensive and most agents can figure it out from there.
+
+### AI Coding Assistants (recommended)
+
+Add the skill to your AI coding assistant for richer context:
+
+```bash
+npx skills add vercel-labs/agent-browser
 ```
 
-Lightpanda is headless-only and does not support `--extension`, `--state`, `--profile`, or `--allow-file-access`.
+This works with Claude Code, Codex, Cursor, Gemini CLI, GitHub Copilot, Goose, OpenCode, and Windsurf. The skill is fetched from the repository, so it stays up to date automatically -- do not copy `SKILL.md` from `node_modules` as it will become stale.
 
-### Headed Mode
+### Claude Code
 
-Use `--headed` when you want a visible browser window:
+Install as a Claude Code skill:
 
 ```bash
-agent-browser --headed open https://example.com
+npx skills add vercel-labs/agent-browser
+```
+
+This adds the skill to `.claude/skills/agent-browser/SKILL.md` in your project. The skill teaches Claude Code the full agent-browser workflow, including the snapshot-ref interaction pattern, session management, and timeout handling.
+
+### AGENTS.md / CLAUDE.md
+
+For more consistent results, add to your project or global instructions file:
+
+```markdown
+## Browser Automation
+
+Use `agent-browser` for web automation. Run `agent-browser --help` for all commands.
+
+Core workflow:
 
-AGENT_BROWSER_HEADED=1 agent-browser open https://example.com
-AGENT_BROWSER_HEADED=true agent-browser open https://example.com
+1. `agent-browser open <url>` - Navigate to page
+2. `agent-browser snapshot -i` - Get interactive elements with refs (@e1, @e2)
+3. `agent-browser click @e1` / `fill @e2 "text"` - Interact using refs
+4. Re-snapshot after page changes
 ```
 
-In this fork, local launches default to headed mode unless headless is explicitly requested. Extension launches also stay headed by default so the stealth/runtime policy remains stable.
+## Integrations
+
+### iOS Simulator
+
+Control real Mobile Safari in the iOS Simulator for authentic mobile web testing. Requires macOS with Xcode.
+
+**Setup:**
+
+```bash
+# Install Appium and XCUITest driver
+npm install -g appium
+appium driver install xcuitest
+```
+
+**Usage:**
+
+```bash
+# List available iOS simulators
+agent-browser device list
+
+# Launch Safari on a specific device
+agent-browser -p ios --device "iPhone 16 Pro" open https://example.com
+
+# Same commands as desktop
+agent-browser -p ios snapshot -i
+agent-browser -p ios tap @e1
+agent-browser -p ios fill @e2 "text"
+agent-browser -p ios screenshot mobile.png
+
+# Mobile-specific commands
+agent-browser -p ios swipe up
+agent-browser -p ios swipe down 500
+
+# Close session
+agent-browser -p ios close
+```
 
-### Default: Auto Group Agent Tabs (CDP + Plugin)
+Or use environment variables:
 
 ```bash
+export AGENT_BROWSER_PROVIDER=ios
+export AGENT_BROWSER_IOS_DEVICE="iPhone 16 Pro"
 agent-browser open https://example.com
-# In CDP mode, tabs are grouped when the tab-group extension is installed
-
-# Override group title
-agent-browser --tab-group "My Agent Group" open https://example.com
-```
-
-- CDP (`--cdp` / `--auto-connect`) keeps working unchanged.
-- If the extension is installed and handshake succeeds, agent tabs are grouped by session:
-  - session=`default`: `Agent Browser Stealth`
-  - other sessions: `Agent Browser Stealth • <session>`
-- If the extension is missing/unavailable, commands continue normally with silent no-op (no warning/error unless `AGENT_BROWSER_DEBUG=1`).
-- Env overrides:
-  - `AGENT_BROWSER_TAB_GROUP` for base title
-  - `AGENT_BROWSER_TAB_GROUP_PLUGIN_ID` for expected extension ID
-
-Install once in Chrome: load unpacked extension from `extensions/tab-group-cdp/` (extension name: `agent-browser-stealth`).
-
-### Extension Capabilities (`agent-browser-stealth`)
-
-- Session window isolation: tabs are kept in their session window when possible.
-- Configurable isolation controls: side panel can toggle `strictWindowIsolation` and cross-window activation guard.
-- Session-aware grouping: deterministic group color, default session expanded, non-default sessions collapsed.
-- Download archive routing: downloads from managed tabs are routed to `agent-browser-stealth/<session>/...`.
-- Domain allowlist fallback: when allowlist is configured for a session, extension can force-block out-of-policy tabs to `about:blank`.
-- Risk hints (debug only): suspicious host/TLD hints are returned via handshake and printed only when `AGENT_BROWSER_DEBUG=1`.
-- Side panel browser controls: open/back/forward/reload, click/fill/press by CSS selector, run shortcut commands, and switch/close tabs.
-- Side panel developer signals: capture page console errors/warnings, fetch/xhr network events, command history, and live DOM snapshots.
-- Workflow automation: record actions into workflows, run workflows, map workflows to slash shortcuts, and schedule runs (daily/weekly/monthly/yearly).
-- Side panel operations console: view session/tab/group mapping, focus a session, keep only one session, clean empty groups, edit session allowlist, and toggle auto-clean.
-
-## Stealth Architecture
-
-```mermaid
-flowchart TD
-  A["Command Input"] --> B["Stealth Policy Resolver"]
-  B --> C["Connection Mode Detection"]
-  C --> D["Launch Layer: Chromium Args"]
-  C --> E["CDP Layer: UA + Metadata Override"]
-  C --> F["Context Layer: Init Script Patches"]
-  D --> G["Behavior Layer: Humanized Interaction"]
-  E --> G
-  F --> G
-  G --> H["Risk Layer: Verification Detection and Handling"]
-  H --> I["Response with warnings and riskSignals"]
-```
-
-### Policy by Connection Mode
-
-| Mode                                    | Stealth Capabilities                                          | Notes                                        |
-| --------------------------------------- | ------------------------------------------------------------- | -------------------------------------------- |
-| Local Chromium launch                   | Chromium launch args + CDP UA override + context init scripts | Most complete stack                          |
-| Existing browser via CDP                | CDP UA override + context init scripts                        | No local Chromium arg injection              |
-| Cloud provider (browserbase/browseruse) | Context init scripts                                          | Remote browser runtime controls launch layer |
-| Kernel provider                         | Context init scripts + provider-managed stealth               | Provider-side stealth may also apply         |
+```
+
+| Variable                   | Description                                     |
+| -------------------------- | ----------------------------------------------- |
+| `AGENT_BROWSER_PROVIDER`   | Set to `ios` to enable iOS mode                 |
+| `AGENT_BROWSER_IOS_DEVICE` | Device name (e.g., "iPhone 16 Pro", "iPad Pro") |
+| `AGENT_BROWSER_IOS_UDID`   | Device UDID (alternative to device name)        |
+
+**Supported devices:** All iOS Simulators available in Xcode (iPhones, iPads), plus real iOS devices.
+
+**Note:** The iOS provider boots the simulator, starts Appium, and controls Safari. First launch takes ~30-60 seconds; subsequent commands are fast.
+
+#### Real Device Support
+
+Appium also supports real iOS devices connected via USB. This requires additional one-time setup:
 
-## Principle 1: Always-On Stealth with Explicit Boundaries
+**1. Get your device UDID:**
 
-- Stealth defaults to enabled and does not depend on a runtime toggle.
-- Project policy forbids:
-  - `--profile` / `AGENT_BROWSER_PROFILE`
-  - `--channel` / `AGENT_BROWSER_CHANNEL`
-- Default CLI policy uses a dedicated automation browser on CDP `localhost:9333`. If `:9333` is unavailable, agent-browser auto-starts Chrome with the persistent profile `~/.agent-browser/chrome-bot-profile`.
+```bash
+xcrun xctrace list devices
+# or
+system_profiler SPUSBDataType | grep -A 5 "iPhone\|iPad"
+```
 
-## Principle 2: Multi-Layer Fingerprint Hardening
+**2. Sign WebDriverAgent (one-time):**
 
-### 2.1 Launch Layer (Local Chromium)
+```bash
+# Open the WebDriverAgent Xcode project
+cd ~/.appium/node_modules/appium-xcuitest-driver/node_modules/appium-webdriveragent
+open WebDriverAgent.xcodeproj
+```
 
-Injected Chromium args:
-
-- `--disable-blink-features=AutomationControlled`
-- `--use-gl=angle`
-- `--use-angle=default`
+In Xcode:
 
-If no custom UA is set, the runtime UA is normalized to remove `HeadlessChrome` tokens.
+- Select the `WebDriverAgentRunner` target
+- Go to Signing & Capabilities
+- Select your Team (requires Apple Developer account, free tier works)
+- Let Xcode manage signing automatically
+
+**3. Use with agent-browser:**
+
+```bash
+# Connect device via USB, then:
+agent-browser -p ios --device "<DEVICE_UDID>" open https://example.com
 
-### 2.2 CDP Layer (Browser/Page Targets)
+# Or use the device name if unique
+agent-browser -p ios --device "John's iPhone" open https://example.com
+```
+
+**Real device notes:**
+
+- First run installs WebDriverAgent to the device (may require Trust prompt)
+- Device must be unlocked and connected via USB
+- Slightly slower initial connection than simulator
+- Tests against real Safari performance and behavior
+
+### Browserless
+
+[Browserless](https://browserless.io) provides cloud browser infrastructure with a Sessions API. Use it when running agent-browser in environments where a local browser isn't available.
+
+To enable Browserless, use the `-p` flag:
+
+```bash
+export BROWSERLESS_API_KEY="your-api-token"
+agent-browser -p browserless open https://example.com
+```
+
+Or use environment variables for CI/scripts:
+
+```bash
+export AGENT_BROWSER_PROVIDER=browserless
+export BROWSERLESS_API_KEY="your-api-token"
+agent-browser open https://example.com
+```
 
-- Uses `Emulation.setUserAgentOverride` to align:
-  - `userAgent`
-  - `acceptLanguage`
-  - `userAgentMetadata` brands and versions
-- Applies overrides for existing/new targets, including worker-relevant contexts.
-- Forces opaque white background (`Emulation.setDefaultBackgroundColorOverride`) to avoid headless transparency fingerprints.
-
-### 2.3 Context Init-Script Layer (Patch Inventory)
-
-The init script patch set is injected before page scripts and currently includes:
-
-1. `navigator.webdriver` removal (including prototype-level cleanup).
-2. CSS webdriver heuristic neutralization (`CSS.supports('border-end-end-radius: initial')` probe).
-3. `window.chrome.runtime` bootstrap for missing runtime surfaces.
-4. Locale/language normalization (`navigator.language`, `navigator.languages`).
-5. Realistic `navigator.plugins` and `navigator.mimeTypes`.
-6. `navigator.permissions.query` normalization for notifications.
-7. WebGL vendor/renderer masking when SwiftShader indicators are present.
-8. `cdc_` property cleanup on document/documentElement.
-9. Window/screen dimension normalization (`outerWidth/outerHeight/screenX/screenY`).
-10. Screen availability patching (`availWidth/availHeight`).
-11. Hardware concurrency stabilization.
-12. Notification permission consistency.
-13. Active text color heuristic patching.
-14. `navigator.connection` normalization.
-15. Worker network signal normalization (`downlinkMax`).
-16. `prefers-color-scheme` light-mode heuristic neutralization.
-17. `navigator.share` exposure.
-18. `navigator.contacts` exposure.
-19. `contentIndex` exposure.
-20. `navigator.pdfViewerEnabled` normalization.
-21. Media devices surface normalization.
-22. `navigator.userAgent` cleanup (strip `HeadlessChrome`).
-23. `navigator.userAgentData` brand cleanup.
-24. `performance.memory` stabilization.
-25. Default background color patching at script level.
+Optional configuration via environment variables:
 
-## Principle 3: Behavioral Humanization
+| Variable                   | Description                                      | Default                                 |
+| -------------------------- | ------------------------------------------------ | --------------------------------------- |
+| `BROWSERLESS_API_URL`      | Base API URL (for custom regions or self-hosted) | `https://production-sfo.browserless.io` |
+| `BROWSERLESS_BROWSER_TYPE` | Type of browser to use (chromium or chrome)      | chromium                                |
+| `BROWSERLESS_TTL`          | Session TTL in milliseconds                      | `300000`                                |
+| `BROWSERLESS_STEALTH`      | Enable stealth mode (`true`/`false`)             | `true`                                  |
 
-- Navigation pacing jitter before `goto` (short randomized delay).
-- Typing jitter for `type --delay` and `keyboard type --delay`:
-  - per-character randomized delay around the requested base delay (about ±40%).
-- Click path humanization:
-  - cursor moves on a Bezier-like curve before click.
-- Wait supports random ranges (`wait min-max`) for non-uniform timing.
+When enabled, agent-browser connects to a Browserless cloud session instead of launching a local browser. All commands work identically.
 
-## Principle 4: Region Signal Alignment
+Get your API token from the [Browserless Dashboard](https://browserless.io).
 
-Before navigation, the runtime derives region hints from target URL TLD and aligns:
+### Browserbase
 
-- locale
-- timezone
-- `Accept-Language`
+[Browserbase](https://browserbase.com) provides remote browser infrastructure to make deployment of agentic browsing agents easy. Use it when running the agent-browser CLI in an environment where a local browser isn't feasible.
 
-Examples of built-in mappings include `tw`, `jp`, `kr`, `sg`, `de`, `fr`, `uk`, `in`, `au`.
+To enable Browserbase, use the `-p` flag:
 
-Manual overrides are supported:
+```bash
+export BROWSERBASE_API_KEY="your-api-key"
+agent-browser -p browserbase open https://example.com
+```
 
-- `AGENT_BROWSER_LOCALE`
-- `AGENT_BROWSER_TIMEZONE` (or `TZ`)
+Or use environment variables for CI/scripts:
 
-## Principle 5: Verification-Aware Risk Control
+```bash
+export AGENT_BROWSER_PROVIDER=browserbase
+export BROWSERBASE_API_KEY="your-api-key"
+agent-browser open https://example.com
+```
 
-When a navigation lands on verification/captcha pages, structured risk signals are generated from URL/title/page-text evidence.
+When enabled, agent-browser connects to a Browserbase session instead of launching a local browser. All commands work identically.
 
-`riskSignals` include:
+Get your API key from the [Browserbase Dashboard](https://browserbase.com/overview).
 
-- `code`
-- `source` (`url` or `title`)
-- `evidence`
-- `confidence`
+### Browser Use
 
-### Risk Mode
+[Browser Use](https://browser-use.com) provides cloud browser infrastructure for AI agents. Use it when running agent-browser in environments where a local browser isn't available (serverless, CI/CD, etc.).
 
-- `warn` (default): wait for auto-clear, then retry with randomized backoff and return warnings + `riskSignals`.
-- `block`: fail fast once verification/captcha interstitial is detected.
-- `off`: skip detection/retry path.
+To enable Browser Use, use the `-p` flag:
 
 ```bash
-agent-browser --risk-mode warn open https://example.com
-agent-browser --risk-mode block open https://example.com
-AGENT_BROWSER_RISK_MODE=off agent-browser open https://example.com
+export BROWSER_USE_API_KEY="your-api-key"
+agent-browser -p browseruse open https://example.com
 ```
 
-```mermaid
-flowchart TD
-  A["Navigate"] --> B["Collect URL/Title/Text Signals"]
-  B --> C{"risk-mode"}
-  C -->|off| D["Return Success"]
-  C -->|block| E["Return Error with First Signal"]
-  C -->|warn| F["Wait for auto-clear, then retry up to 2 times"]
-  F --> G{"Signals Cleared"}
-  G -->|yes| H["Return Success + recovery warning + riskSignals"]
-  G -->|no| I["Return Success + warning + riskSignals"]
+Or use environment variables for CI/scripts:
+
+```bash
+export AGENT_BROWSER_PROVIDER=browseruse
+export BROWSER_USE_API_KEY="your-api-key"
+agent-browser open https://example.com
 ```
 
-## Operational Recommendations
+When enabled, agent-browser connects to a Browser Use cloud session instead of launching a local browser. All commands work identically.
 
-- Prefer `--headed` for high-friction targets.
-- Reuse session state with one stable `--session-name` for continuity (when omitted, it defaults to `default`).
-- Use `--parallel <name>` only for stateless parallel workloads where higher throughput matters.
-- Default-session commands will reap all non-default daemon sessions, so keep parallel workers short-lived.
-- Use `--resident` only for deliberate long-running workflows, and close when done.
-- Keep locale/timezone consistent with target market.
-- For challenge-heavy pages, prefer `--wait-until domcontentloaded` on `open`/`navigate` to avoid `load` stalls.
-- Use `--risk-mode block` in strict pipelines that require explicit operator intervention on verification pages.
-- For `cookies set`, use either `--url <url>`, or `--domain <domain> --path <path>` together.
-- If `--url`, `--domain`, and `--path` are all omitted, the cookie is scoped from the current page URL.
+Get your API key from the [Browser Use Cloud Dashboard](https://cloud.browser-use.com/settings?tab=api-keys). Free credits are available to get started, with pay-as-you-go pricing after.
 
-## Validation Scripts
+### Kernel
 
-Run public detector checks after stealth changes:
+[Kernel](https://www.kernel.sh) provides cloud browser infrastructure for AI agents with features like stealth mode and persistent profiles.
+
+To enable Kernel, use the `-p` flag:
 
 ```bash
-node scripts/check-sannysoft-webdriver.js --binary ./cli/target/release/agent-browser
-node scripts/check-creepjs-headless.js --binary ./cli/target/release/agent-browser
-node scripts/check-stealth-regression.js --binary ./cli/target/release/agent-browser
-pnpm run check:turnstile-testkey
+export KERNEL_API_KEY="your-api-key"
+agent-browser -p kernel open https://example.com
 ```
 
-## Doctor Diagnostics
+Or use environment variables for CI/scripts:
+
+```bash
+export AGENT_BROWSER_PROVIDER=kernel
+export KERNEL_API_KEY="your-api-key"
+agent-browser open https://example.com
+```
 
-Use `doctor` to quickly diagnose local CDP, sourceURL sanitization, and tab-group plugin readiness:
+Optional configuration via environment variables:
+
+| Variable                 | Description                                                                      | Default |
+| ------------------------ | -------------------------------------------------------------------------------- | ------- |
+| `KERNEL_HEADLESS`        | Run browser in headless mode (`true`/`false`)                                    | `false` |
+| `KERNEL_STEALTH`         | Enable stealth mode to avoid bot detection (`true`/`false`)                      | `true`  |
+| `KERNEL_TIMEOUT_SECONDS` | Session timeout in seconds                                                       | `300`   |
+| `KERNEL_PROFILE_NAME`    | Browser profile name for persistent cookies/logins (created if it doesn't exist) | (none)  |
+
+When enabled, agent-browser connects to a Kernel cloud session instead of launching a local browser. All commands work identically.
+
+**Profile Persistence:** When `KERNEL_PROFILE_NAME` is set, the profile will be created if it doesn't already exist. Cookies, logins, and session data are automatically saved back to the profile when the browser session ends, making them available for future sessions.
+
+Get your API key from the [Kernel Dashboard](https://dashboard.onkernel.com).
+
+### AgentCore
+
+[AWS Bedrock AgentCore](https://aws.amazon.com/bedrock/agentcore/) provides cloud browser sessions with SigV4 authentication.
+
+To enable AgentCore, use the `-p` flag:
 
 ```bash
-agent-browser doctor
-agent-browser --json doctor
+agent-browser -p agentcore open https://example.com
 ```
 
-`doctor` checks:
+Or use environment variables for CI/scripts:
+
+```bash
+export AGENT_BROWSER_PROVIDER=agentcore
+agent-browser open https://example.com
+```
+
+Credentials are automatically resolved from environment variables (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`) or the AWS CLI (`aws configure export-credentials`), which supports SSO, profiles, and IAM roles.
+
+Optional configuration via environment variables:
 
-- CDP probe status (preferred `:9333` plus common ports)
-- DevToolsActivePort discovery from local Chrome profiles
-- CDP Runtime.evaluate sourceURL sanitization probe
-- Plugin handshake page context check (internal page vs normal `http(s)` page)
-- Tab-group extension handshake (when currently attached in CDP mode)
+| Variable                   | Description                                                          | Default          |
+| -------------------------- | -------------------------------------------------------------------- | ---------------- |
+| `AGENTCORE_REGION`         | AWS region for the AgentCore endpoint                                | `us-east-1`      |
+| `AGENTCORE_BROWSER_ID`     | Browser identifier                                                   | `aws.browser.v1` |
+| `AGENTCORE_PROFILE_ID`     | Browser profile for persistent state (cookies, localStorage)         | (none)           |
+| `AGENTCORE_SESSION_TIMEOUT`| Session timeout in seconds                                           | `3600`           |
+| `AWS_PROFILE`              | AWS CLI profile for credential resolution                            | `default`        |
 
-## Upstream Compatibility
+**Browser profiles:** When `AGENTCORE_PROFILE_ID` is set, browser state (cookies, localStorage) is persisted across sessions automatically.
 
-This fork intentionally keeps command workflows close to upstream while concentrating custom behavior in stealth, policy, and anti-detection handling.
+When enabled, agent-browser connects to an AgentCore cloud browser session instead of launching a local browser. All commands work identically.
 
 ## License