agent-browser 0.21.3 → 0.21.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/bin/agent-browser-darwin-arm64 +0 -0
- package/bin/agent-browser-darwin-x64 +0 -0
- package/bin/agent-browser-linux-arm64 +0 -0
- package/bin/agent-browser-linux-musl-arm64 +0 -0
- package/bin/agent-browser-linux-musl-x64 +0 -0
- package/bin/agent-browser-linux-x64 +0 -0
- package/bin/agent-browser-win32-x64.exe +0 -0
- package/package.json +1 -1
- package/skills/agent-browser/SKILL.md +4 -0
package/README.md
CHANGED
|
@@ -486,7 +486,7 @@ agent-browser --session-name secure open example.com
|
|
|
486
486
|
|
|
487
487
|
agent-browser includes security features for safe AI agent deployments. All features are opt-in -- existing workflows are unaffected until you explicitly enable a feature:
|
|
488
488
|
|
|
489
|
-
- **Authentication Vault** -- Store credentials locally (always encrypted), reference by name. The LLM never sees passwords. A key is auto-generated at `~/.agent-browser/.encryption-key` if `AGENT_BROWSER_ENCRYPTION_KEY` is not set: `echo "pass" | agent-browser auth save github --url https://github.com/login --username user --password-stdin` then `agent-browser auth login github`
|
|
489
|
+
- **Authentication Vault** -- Store credentials locally (always encrypted), reference by name. The LLM never sees passwords. `auth login` navigates with `load` and then waits for login form selectors to appear (SPA-friendly, timeout follows the default action timeout). A key is auto-generated at `~/.agent-browser/.encryption-key` if `AGENT_BROWSER_ENCRYPTION_KEY` is not set: `echo "pass" | agent-browser auth save github --url https://github.com/login --username user --password-stdin` then `agent-browser auth login github`
|
|
490
490
|
- **Content Boundary Markers** -- Wrap page output in delimiters so LLMs can distinguish tool output from untrusted content: `--content-boundaries`
|
|
491
491
|
- **Domain Allowlist** -- Restrict navigation to trusted domains (wildcards like `*.example.com` also match the bare domain): `--allowed-domains "example.com,*.example.com"`. Sub-resource requests (scripts, images, fetch) and WebSocket/EventSource connections to non-allowed domains are also blocked. Include any CDN domains your target pages depend on (e.g., `*.cdn.example.com`).
|
|
492
492
|
- **Action Policy** -- Gate destructive actions with a static policy file: `--action-policy ./policy.json`
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
package/package.json
CHANGED
|
@@ -90,6 +90,8 @@ echo "$PASSWORD" | agent-browser auth save myapp --url https://app.example.com/l
|
|
|
90
90
|
agent-browser auth login myapp
|
|
91
91
|
```
|
|
92
92
|
|
|
93
|
+
`auth login` navigates with `load` and then waits for login form selectors to appear before filling/clicking, which is more reliable on delayed SPA login screens.
|
|
94
|
+
|
|
93
95
|
**Option 5: State file (manual save/load)**
|
|
94
96
|
|
|
95
97
|
```bash
|
|
@@ -230,6 +232,8 @@ agent-browser auth show github
|
|
|
230
232
|
agent-browser auth delete github
|
|
231
233
|
```
|
|
232
234
|
|
|
235
|
+
`auth login` waits for username/password/submit selectors before interacting, with a timeout tied to the default action timeout.
|
|
236
|
+
|
|
233
237
|
### Authentication with State Persistence
|
|
234
238
|
|
|
235
239
|
```bash
|