human-browser 4.3.4 → 4.5.0

package/README.md

@@ -1,9 +1,10 @@
 # Human Browser — Cloud Stealth Browser for AI Agents
 
-> **No Mac Mini. No local machine. Your agent runs it anywhere.**  
+> **No Mac Mini. No local install. Your agent runs it anywhere.**
 > Residential IPs from 10+ countries. Bypasses Cloudflare, DataDome, PerimeterX.
 >
-> 🌐 **Product page:** https://humanbrowser.cloud  
+> 🌐 **Product page:** https://humanbrowser.cloud
+> 🤖 **A2A endpoint:** `https://agent.humanbrowser.cloud/a2a`
 > 💬 **Support:** https://t.me/virixlabs
 
 ---
@@ -15,115 +16,166 @@ Regular Playwright on a data-center server gets blocked **immediately** by:
 - DataDome (fingerprint analysis)
 - PerimeterX (behavioral analysis)
 - Instagram, LinkedIn, TikTok (residential IP requirement)
+- Google sign-in, Akamai BMP (TLS / WebRTC fingerprint matching)
 
-Human Browser solves this by combining:
-1. **Residential IP** — real ISP address from the target country (not a data center)
-2. **Real device fingerprint** — iPhone 15 Pro or Windows Chrome, complete with canvas, WebGL, fonts
-3. **Human-like behavior** — Bezier mouse curves, 60–220ms typing, natural scroll with jitter
-4. **Full anti-detection** — `webdriver=false`, no automation flags, correct timezone & geolocation
+Local stealth libraries (patchright, undetected-chromedriver, playwright-stealth) close some of these gaps in JS, but leak others — most notably **WebRTC ICE candidates** that surface the server's real datacenter IP regardless of your proxy.
 
----
+Human Browser's **cloud build** runs a custom forked Chromium with **C++-source-level fingerprint patches** (TLS ja3/ja4 matched to real Chrome, GPU vendor/renderer spoofing, WebRTC IP replacement, canvas/WebGL/audio noise) that you cannot get from any npm package. Plus residential proxies. Plus a live browser viewer. **Drive it via the Agent2Agent protocol — no install, no version pinning, no Linux build of Chromium for you to maintain.**
 
-## Quick Start
+---
 
-**No setup required** — just call `launchHuman()` and it automatically activates a free trial:
+## Agent2Agent (A2A) — recommended path
 
-```js
-const { launchHuman } = require('./scripts/browser-human');
+**Endpoint:** `https://agent.humanbrowser.cloud/a2a`
+**Auth:** `Authorization: Bearer hb_live_<your-token>`
+**Agent card:** `https://agent.humanbrowser.cloud/.well-known/agent.json`
 
-// 🚀 Zero config — auto-fetches trial credentials from humanbrowser.cloud
-const { browser, page, humanType, humanClick, humanScroll, sleep } = await launchHuman();
-// Output: 🎉 Human Browser trial activated! (~100MB Romania residential IP)
+Works with anything that speaks A2A — LangGraph, CrewAI, Google ADK, OpenAI Agents SDK, Claude/Anthropic agents, any hand-rolled JSON-RPC client.
 
-// Specific country
-const { page } = await launchHuman({ country: 'us' }); // US residential IP
-const { page } = await launchHuman({ country: 'gb' }); // UK residential IP
+### Submit + poll (recommended)
 
-// Desktop Chrome (Windows fingerprint)
-const { page } = await launchHuman({ mobile: false, country: 'us' });
+```bash
+# 1. Submit a goal — get back task_id and viewerUrl
+curl -sS https://agent.humanbrowser.cloud/a2a \
+  -H "Authorization: Bearer hb_live_<your-token>" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "jsonrpc": "2.0",
+    "id": 1,
+    "method": "message/send",
+    "params": {
+      "message": {
+        "role": "user",
+        "metadata": { "profile": "main", "model": "anthropic/claude-sonnet-4-6" },
+        "parts": [{ "kind": "text", "text": "Log into example.com and report the dashboard total" }]
+      }
+    }
+  }'
+# → { "result": {
+#       "id": "t_abc...",
+#       "metadata": { "viewerUrl": "https://humanbrowser.cloud/a/s_xyz?k=...", "cost": {...} }
+#     } }
+
+# 2. Poll task.metadata while running — every 5–10 s.
+#    metadata is enriched per step: step_count, current_url, last_thinking,
+#    last_eval, last_action, cost.
+curl -sS https://agent.humanbrowser.cloud/a2a \
+  -H "Authorization: Bearer hb_live_<your-token>" \
+  -H "Content-Type: application/json" \
+  -d '{"jsonrpc":"2.0","id":2,"method":"tasks/get","params":{"id":"t_abc..."}}'
+
+# 3. When task.state ∈ {completed, failed, canceled} → done.
+#    Final outcome is in task.metadata.outcome:
+#    { success, result, step_count, duration_ms, cost, files }
+#    Full artifact in task.artifacts[0].
+```
 
-await page.goto('https://example.com', { waitUntil: 'domcontentloaded' });
-await humanScroll(page, 'down');
-await humanType(page, 'input[type="email"]', 'user@example.com');
-await humanClick(page, 760, 400);
-await browser.close();
+### Or: webhook callback (no polling)
+
+Pass `callback_url` in `message.metadata` and we POST the final `Task` envelope to that URL when the task hits a terminal state. Signed with `X-HB-Signature: sha256=<HMAC>` when the server is configured with a webhook secret. Retries 3× on 5xx / network errors with 2 / 8 / 30 s backoff.
+
+```json
+{
+  "message": {
+    "role": "user",
+    "metadata": {
+      "profile": "main",
+      "callback_url": "https://your-agent.host/hb-callback"
+    },
+    "parts": [{ "kind": "text", "text": "..." }]
+  }
+}
 ```
 
-> **Trial exhausted?** Get a paid plan at https://humanbrowser.cloud, then set `PROXY_USER` / `PROXY_PASS` in your `.env`.
+### Or: SSE streaming
+
+`method: "message/stream"` returns Server-Sent Events; each step pushes a `status-update` event with the latest `task.metadata`. Use this if your client can hold a long-lived connection.
+
+### Live viewer
+
+Every spawned session ships a `viewerUrl` in `task.metadata`. Open it to:
+- Watch the browser live
+- See the agent timeline (👤 you · 🤖 caller-agent like dzeny · 🧠 hb-agent — color-coded)
+- Inject manual goals into a running session via the input box
+
+### Important: don't fire-and-await
+
+`message/send` resolves only on terminal state, and tasks routinely run 5–30 min. Don't hold an HTTP connection that long — NAT / load-balancer / proxy timeouts will sever it and your client loses context **while our server keeps running and billing**. Use polling or webhooks instead.
 
 ---
 
-## Setup
+## Sensitive data handling
 
-```bash
-npm install playwright
-npx playwright install chromium --with-deps
+Pass logins / passwords / API keys via the A2A `DataPart` with `metadata.sensitive=true` — they're injected as task input and are **stripped from logs, never written to artifacts, never echoed back in streams**.
 
-# Install via skill manager
-clawhub install al1enjesus/human-browser
+```json
+{
+  "message": {
+    "role": "user",
+    "parts": [
+      { "kind": "text", "text": "Log in and download the latest report" },
+      { "kind": "data", "data": { "email": "...", "password": "..." }, "metadata": { "sensitive": true } }
+    ]
+  }
+}
 ```
 
 ---
 
-## Supported Countries
+## Profile persistence + per-token defaults
 
-| Country | Code | Best for |
-|---------|------|----------|
-| 🇷🇴 Romania | `ro` | Polymarket, Instagram, Binance, Cloudflare |
-| 🇺🇸 United States | `us` | Netflix, DoorDash, US Banks, Amazon |
-| 🇬🇧 United Kingdom | `gb` | Polymarket, Binance, BBC iPlayer |
-| 🇩🇪 Germany | `de` | EU services, German e-commerce |
-| 🇳🇱 Netherlands | `nl` | Crypto, Polymarket, Web3 |
-| 🇯🇵 Japan | `jp` | Japanese e-commerce, Line |
-| 🇫🇷 France | `fr` | EU services, luxury brands |
-| 🇨🇦 Canada | `ca` | North American services |
-| 🇸🇬 Singapore | `sg` | APAC/SEA e-commerce |
-| 🇦🇺 Australia | `au` | Oceania content |
+Each session inherits a named **profile** that persists cookies / localStorage / IndexedDB / Service Worker storage between spawns. Pass it in `message.metadata.profile`:
+
+```json
+{ "message": { "metadata": { "profile": "polymarket-main" }, "role": "user", "parts": [...] } }
+```
+
+If you don't pass one, the server uses the token's `default_profile` (configurable per token via admin API) and falls back to `"default"`. Same profile across reconnects → same cookies, same fingerprint, same WebRTC IP. Up to 5 concurrent sessions per token by default.
 
 ---
 
-## Proxy Providers
+## Library mode (advanced — for self-hosting)
 
-### Option 1: Human Browser Managed (recommended)
-Buy directly at **humanbrowser.cloud** — we handle everything, from $13.99/mo.  
-Supports crypto (USDT/ETH/BTC/SOL) and card. AI agents can auto-purchase.
+If you want to skip the cloud entirely and drive your own Chromium with a residential proxy you supply yourself, the `human-browser` npm package exposes `launchHuman()` — a drop-in Playwright launcher with our humanizer helpers, geo-fingerprint plumbing, and built-in 2captcha integration.
 
-### Option 2: Bring Your Own Proxy
+**Note:** the library does NOT include our forked Chromium with C++ stealth patches — that binary is part of the cloud build only. Library mode is patchright-stealth-plus-helpers; expect lower pass-rate on Cloudflare BM / DataDome / Google sign-in / WebRTC-aware bot scoring than the cloud.
 
-Plug any residential proxy into Human Browser via env vars.
-**Recommended providers** (tested and verified):
+```js
+const { launchHuman } = require('human-browser');
 
-| Provider | Quality | Price | Best for |
-|---|---|---|---|
-| **[Decodo](https://decodo.com)** (ex-Smartproxy) | ⭐⭐⭐⭐⭐ | ~$2.5/GB | Cloudflare, DataDome, all-round. No KYC. |
-| **[Bright Data](https://get.brightdata.com/4ihj1kk8jt0v)** | ⭐⭐⭐⭐⭐ | ~$8.4/GB | Enterprise-grade, 72M+ IPs, 195 countries |
-| **[IPRoyal](https://iproyal.com)** | ⭐⭐⭐⭐ | ~$1.75/GB | High volume, budget, ethically sourced |
-| **[NodeMaven](https://nodemaven.com)** | ⭐⭐⭐⭐ | ~$3.5/GB | High success rate, pay-per-GB, no minimums |
-| **[Oxylabs](https://oxylabs.io)** | ⭐⭐⭐⭐⭐ | ~$8/GB | Business-grade, dedicated support |
+// Zero config — auto-fetches trial credentials from humanbrowser.cloud
+const { browser, page, humanType, humanClick, humanScroll, sleep } = await launchHuman();
 
-```env
-PROXY_HOST=your-proxy-host
-PROXY_PORT=22225
-PROXY_USER=your-username
-PROXY_PASS=your-password
+const { page } = await launchHuman({ country: 'us' });      // US residential IP
+const { page } = await launchHuman({ mobile: false });      // Desktop Chrome fingerprint
 ```
 
+```bash
+npm install human-browser playwright
+npx playwright install chromium --with-deps
+```
+
+For proxy-provider env vars (BYO Decodo / IPRoyal / Bright Data / NodeMaven / Oxylabs), see the [proxy setup notes](./references/brightdata-setup.md) and the env section of `scripts/browser-human.js`.
+
 ---
 
-## How it compares
+## Supported countries
 
-| Feature | Regular Playwright | Human Browser |
-|---------|-------------------|---------------|
-| IP type | Data center → blocked | Residential → clean |
-| Bot detection | Fails | Passes all |
-| Mouse movement | Instant teleport | Bezier curves |
-| Typing speed | Instant | 60–220ms/char |
-| Fingerprint | Detectable bot | iPhone 15 Pro |
-| Countries | None | 10+ residential |
-| Cloudflare | Blocked | Bypassed |
-| DataDome | Blocked | Bypassed |
+| Country | Code | Best for |
+|---------|------|----------|
+| 🇷🇴 Romania | `ro` | Polymarket, Instagram, Binance, Cloudflare |
+| 🇺🇸 United States | `us` | Netflix, DoorDash, US banks, Amazon |
+| 🇬🇧 United Kingdom | `gb` | Polymarket, Binance, BBC iPlayer |
+| 🇩🇪 Germany | `de` | EU services, German e-commerce |
+| 🇳🇱 Netherlands | `nl` | Crypto, Polymarket, Web3 |
+| 🇯🇵 Japan | `jp` | Japanese e-commerce, Line |
+| 🇫🇷 France | `fr` | EU services, luxury brands |
+| 🇨🇦 Canada | `ca` | North American services |
+| 🇸🇬 Singapore | `sg` | APAC/SEA e-commerce |
+| 🇦🇺 Australia | `au` | Oceania content |
 
 ---
 
-→ **Product page + pricing:** https://humanbrowser.cloud  
+→ **Buy a plan + pricing:** https://humanbrowser.cloud
 → **Support & questions:** https://t.me/virixlabs
+→ **Full spec for hand-rolled A2A clients:** [SKILL.md](./SKILL.md)

package/SKILL.md

@@ -954,4 +954,50 @@ curl -sX POST https://agent.humanbrowser.cloud/a2a \
 
 For live streaming, swap `message/send` → `message/stream` and read the response as `text/event-stream`. Each frame is a JSON-RPC notification carrying a `Task`, `TaskStatusUpdateEvent` or `TaskArtifactUpdateEvent` — exactly what `runOnCloud()` parses internally.
 
+#### Webhook callback (v77+)
+
+If you'd rather not poll, pass `callback_url` in `message.metadata` and we POST the final task envelope to that URL when the task hits a terminal state:
+
+```bash
+curl -sX POST https://agent.humanbrowser.cloud/a2a \
+  -H "Authorization: Bearer $HUMANBROWSER_API_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "jsonrpc":"2.0","id":1,"method":"message/send",
+    "params":{"message":{
+      "role":"user",
+      "metadata":{"callback_url":"https://your-host/hb-callback"},
+      "parts":[{"kind":"text","text":"..."}]
+    }}
+  }'
+```
+
+The POST carries the full `Task` JSON (status, history, artifacts, metadata) plus `kind: "task.final"` and a `deliveredAt` timestamp. Headers: `Content-Type: application/json`, `X-HB-Task-Id`, `X-HB-Task-State`, and `X-HB-Signature: sha256=<HMAC>` when the server is configured with `A2A_WEBHOOK_SECRET`. Retries 3× on 5xx / network error with 2 / 8 / 30 s backoff. HTTPS only; max URL length 1000 chars.
+
+#### Per-step metadata (v77+)
+
+`task.metadata` is now enriched on every step the agent takes, so polling `tasks/get` gives a rich progress snapshot without parsing `task.history`:
+
+| Field | When updated | Example |
+|---|---|---|
+| `step_count` | each step | `12` |
+| `current_url` | each step | `"https://featured.com/experts/questions"` |
+| `last_thinking` | each step | first ~2 KB of the agent's reasoning |
+| `last_next_goal` | each step | the planner's next-step intent |
+| `last_eval` | each step | the agent's own verdict on the last action |
+| `last_action` | each action | `{ "name": "click", "at": "2026-05-11T..." }` |
+| `cost` | each LLM call | `{ tokens_in, tokens_out, usd, model }` |
+| `outcome` | terminal `done` | `{ success, result, step_count, duration_ms, cost, files }` |
+| `viewerUrl` | initial | `https://humanbrowser.cloud/a/s_xyz?k=...` |
+
+A polling client thus renders a faithful "what's it doing right now" panel:
+
+```
+step 12/50 · https://featured.com/experts/questions
+last action: click on "Page 2"
+last eval: Successfully navigated to page 2 of 7
+cost: $0.58
+viewer: https://humanbrowser.cloud/a/s_xyz?k=...
+```
+
 > **Note on multi-turn**: the A2A spec describes an `input-required` state for tasks that need follow-up input. The current cloud build runs every task to terminal in one shot — multi-turn resumption is reserved in the protocol but not yet wired up server-side. Use `tasks/cancel` and submit a fresh task if you need to redirect.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "human-browser",
-  "version": "4.3.4",
+  "version": "4.5.0",
   "description": "Stealth browser for AI agents. Bypasses Cloudflare, DataDome, PerimeterX. Residential IPs from 10+ countries. iPhone 15 Pro fingerprint. Drop-in Playwright replacement — launchHuman() just works.",
   "keywords": [
     "browser-automation",

package/scripts/browser-human.js

@@ -25,20 +25,60 @@
 // ─── PLAYWRIGHT RESOLVER ──────────────────────────────────────────────────────
 // Works in any context: clawhub install, workspace, Clawster containers
 
+// Try patchright first (drop-in Playwright fork with CDP-leak patches:
+// no Runtime.enable, no HeadlessChrome UA, navigator.webdriver removed at
+// source level). Fall back to vanilla playwright if patchright is not
+// installed — keeps the npm package usable without the optional dep.
 function _requirePlaywright() {
+  const fs = require('fs');
   const tries = [
-    () => require('playwright'),
-    () => require(`${__dirname}/../node_modules/playwright`),
-    () => require(`${__dirname}/../../node_modules/playwright`),
-    () => require(`${process.env.HOME || '/root'}/.openclaw/workspace/node_modules/playwright`),
-    () => require('./node_modules/playwright'),
+    ['patchright',                                                            () => require('patchright')],
+    ['patchright (server/node_modules)',                                      () => require(`${__dirname}/../node_modules/patchright`)],
+    ['patchright (workspace)',                                                () => require(`${__dirname}/../../node_modules/patchright`)],
+    ['patchright (server/prototype/node_modules)',                            () => require(`${__dirname}/../prototype/node_modules/patchright`)],
+    ['patchright (/app/prototype)',                                           () => require('/app/prototype/node_modules/patchright')],
+    ['playwright',                                                            () => require('playwright')],
+    ['playwright (server/node_modules)',                                      () => require(`${__dirname}/../node_modules/playwright`)],
+    ['playwright (workspace)',                                                () => require(`${__dirname}/../../node_modules/playwright`)],
+    ['playwright (HOME workspace)',                                           () => require(`${process.env.HOME || '/root'}/.openclaw/workspace/node_modules/playwright`)],
+    ['playwright (./node_modules)',                                           () => require('./node_modules/playwright')],
   ];
-  for (const fn of tries) {
-    try { return fn(); } catch (_) {}
+  // Verify the chromium executable is actually present before accepting a
+  // module — patchright pins to a different chromium revision than playwright,
+  // and v48 production was broken because patchright was loadable but its
+  // chromium-1217 binary wasn't installed in the image.
+  function _executableExists(mod) {
+    try {
+      const exe = mod.chromium.executablePath();
+      return exe && fs.existsSync(exe);
+    } catch (_) {
+      return false;
+    }
+  }
+  let lastValid = null;
+  let lastValidLabel = null;
+  for (const [label, fn] of tries) {
+    try {
+      const mod = fn();
+      if (_executableExists(mod)) {
+        try { console.log(`[human-browser] launcher using ${label}`); } catch (_) {}
+        return mod;
+      }
+      // Module loadable but executable missing — keep looking for a usable backend.
+      if (!lastValid) { lastValid = mod; lastValidLabel = label; }
+      try { console.warn(`[human-browser] ${label} loaded but chromium binary missing — trying next`); } catch (_) {}
+    } catch (_) {}
+  }
+  // No backend has its chromium installed. Return the first loadable module
+  // anyway; the eventual launch() will throw a clear "Executable doesn't exist"
+  // message that surfaces in session-server logs.
+  if (lastValid) {
+    try { console.warn(`[human-browser] falling back to ${lastValidLabel} (chromium binary missing — launch will fail)`); } catch (_) {}
+    return lastValid;
   }
   throw new Error(
-    '[human-browser] playwright not found.\n' +
-    'Run: npm install playwright && npx playwright install chromium'
+    '[human-browser] neither patchright nor playwright found.\n' +
+    'Run: npm install patchright playwright && npx playwright install chromium && npx patchright install chromium'
   );
 }
 
@@ -111,9 +151,16 @@ function buildDevice(mobile, country = 'ro') {
 
 const PROXY_PRESETS = {
   decodo: {
-    // Sticky session via port number: each unique port = unique sticky IP
-    serverTemplate: (country, port) => `http://${country}.decodo.com:${port}`,
-    usernameTemplate: (user) => user,
+    // Canonical Decodo entrypoint: gate.decodo.com:7000 (rotating endpoint)
+    // with sticky session + country encoded in username (`user-` prefix +
+    // `-country-XX-session-Y-sessionduration-30`). Verified: country IS
+    // enforced this way; the port-range form (gate.decodo.com:10001..49999)
+    // pins sticky IP but IGNORES country in username — that's why us-zone was
+    // leaking UK Sky Broadband IPs. The country-subdomain form
+    // (us.decodo.com:port) is the same legacy soft-routing path.
+    serverTemplate: (country, port) => `http://gate.decodo.com:7000`,
+    usernameTemplate: (user, country, port) =>
+      `user-${user}-country-${country}-session-${port}-sessionduration-30`,
     defaultUser: null,
     defaultPass: null,
     defaultCountry: 'ro',
@@ -490,9 +537,35 @@ async function launchHuman(opts = {}) {
     '--disable-setuid-sandbox',
     '--ignore-certificate-errors',
     '--disable-blink-features=AutomationControlled',
-    '--disable-features=IsolateOrigins,site-per-process',
+    // QUIC over UDP can't traverse an HTTP CONNECT proxy; without this
+    // Chromium spends 30s+ retrying QUIC against google.com before TCP
+    // fallback, blowing the bubus NavigateToUrlEvent budget.
+    '--disable-quic',
+    // Kill startup chatter that races Playwright's CDP-based proxy auth
+    // interceptor (Chromium asks for Proxy-Authorization only after a 407;
+    // dozens of concurrent startup fetches all hit 407 simultaneously and
+    // some land on a tunnel the proxy already dropped → "duplicate response"
+    // CDP warnings + 60s+ NavigateToUrlEvent timeouts).
+    '--disable-features=IsolateOrigins,site-per-process,UseDnsHttpsSvcb,UseDnsHttpsSvcbAlpn,AsyncDns,OptimizationHints,OptimizationGuideModelDownloading,OptimizationTargetPrediction,InterestFeedContentSuggestions,Translate,MediaRouter',
+    '--disable-background-networking',
+    '--disable-component-update',
+    '--disable-sync',
+    '--disable-domain-reliability',
+    '--no-default-browser-check',
+    '--no-first-run',
+    '--no-pings',
+    // Belt-and-braces: tell Chrome to never bypass the proxy locally.
+    '--proxy-bypass-list=<-loopback>',
   ];
-  if (cdpPort) launchArgs.push(`--remote-debugging-port=${cdpPort}`);
+  if (cdpPort) {
+    launchArgs.push(`--remote-debugging-port=${cdpPort}`);
+    // Chrome 111+ already blocks page-origin DevTools WS by default, but make
+    // the policy explicit and future-proof: only allow connections from
+    // server-side WS clients (no Origin header) — anything claiming a real
+    // page origin is rejected. Setting an unreachable HTTPS sentinel keeps
+    // the spec-required allowlist non-empty without granting any real origin.
+    launchArgs.push('--remote-allow-origins=https://disabled.invalid');
+  }
 
   const effectiveHeadless = headed ? false : headless;
 
@@ -550,6 +623,84 @@ async function launchHuman(opts = {}) {
     }
   }, { mobile, locale: meta.locale });
 
+  // Bot-friendly URL rewrites: top-level navigations only, applied via
+  // ctx.route(). Reddit's www/new front-end is heavily Cloudflare-bot-blocked
+  // for fresh residential IPs; old.reddit.com is on the same auth/cookie space
+  // but ships a much lighter (and far less protected) HTML page. Net effect:
+  // higher pass-through rate without changing any user-visible profile state.
+  await ctx.route(/^https?:\/\/(www\.|new\.|m\.)?reddit\.com\//i, (route) => {
+    try {
+      const orig = route.request().url();
+      // Only rewrite navigation/document loads — leave XHR/static asset paths
+      // alone so login flows and OAuth don't break.
+      if (route.request().resourceType() !== 'document') return route.continue();
+      const rewritten = orig.replace(
+        /^(https?:\/\/)(?:www\.|new\.|m\.)?reddit\.com\//i,
+        '$1old.reddit.com/'
+      );
+      if (rewritten === orig) return route.continue();
+      console.warn(`[human-browser] rewrite reddit ${orig} -> ${rewritten}`);
+      return route.continue({ url: rewritten });
+    } catch (_) { try { route.continue(); } catch (_) {} }
+  });
+
+  // Anti-bot response logger. Catches main-frame responses with status that
+  // indicates a block/challenge (403/429/451/503) or known CF/Akamai/PerimeterX
+  // signatures, and emits a single-line log so the operator can see at a glance
+  // when sites are pushing back. Body sniffing is best-effort and bounded
+  // (first 4KB) to avoid memory issues on huge pages.
+  ctx.on('response', async (resp) => {
+    try {
+      const req = resp.request();
+      // Only main document loads — not images/fonts/scripts.
+      if (req.resourceType() !== 'document') return;
+      const url = req.url();
+      const status = resp.status();
+      let host = '';
+      try { host = new URL(url).host; } catch (_) {}
+
+      // Status-based ban signals.
+      const banStatus = status === 403 || status === 429 || status === 451 ||
+                         (status === 503 && host !== '127.0.0.1');
+
+      // Header signatures (Cloudflare's challenge / hCaptcha / Akamai BMP).
+      let banReason = null;
+      const hdrs = resp.headers();
+      const cfChlg = hdrs['cf-mitigated'] || hdrs['cf-chl-bypass'] || '';
+      const server = (hdrs['server'] || '').toLowerCase();
+      const xrh = (hdrs['x-robots-tag'] || '').toLowerCase();
+      if (cfChlg) banReason = `cf-mitigated:${cfChlg}`;
+      else if (server.includes('akamaighost') && status >= 400) banReason = 'akamai-block';
+      else if (banStatus) banReason = `status-${status}`;
+
+      if (!banReason) return;
+
+      // Best-effort body sniff for inline reason. Kept tiny.
+      let bodyHint = '';
+      try {
+        const buf = await resp.body();
+        const txt = buf.slice(0, 4096).toString('utf8').replace(/\s+/g, ' ');
+        // Pull a few telltale phrases.
+        const matchers = [
+          /just a moment/i, /attention required/i, /access denied/i,
+          /blocked.{0,40}network security/i, /verifying you are human/i,
+          /your request has been blocked/i, /unusual traffic/i,
+          /captcha/i, /perimeterx/i, /datadome/i, /forbidden/i,
+        ];
+        for (const re of matchers) {
+          const m = txt.match(re);
+          if (m) { bodyHint = m[0].slice(0, 80); break; }
+        }
+      } catch (_) {}
+
+      console.warn(
+        `[human-browser] BLOCKED host=${host} status=${status} reason=${banReason}` +
+        (bodyHint ? ` hint="${bodyHint}"` : '') +
+        ` url=${url.slice(0, 200)}`
+      );
+    } catch (_) { /* listener must never throw */ }
+  });
+
   // Persistent context launches with a default page; reuse it instead of
   // opening a second tab (ephemeral context starts with no pages).
   const existing = ctx.pages();
@@ -573,6 +724,12 @@ async function launchHuman(opts = {}) {
   return {
     browser, ctx, page,
     cdpHttpUrl, cdpWsUrl,
+    proxy, // resolved {server, username, password} or null — needed so callers
+           // (session-server.js → browser-use-runner.py) can hand the same creds
+           // to browser-use's root-CDP proxy auth handler. Without this, browser-use
+           // creates its own targets via raw CDP and Chromium returns 407 because
+           // patchright's Fetch.authRequired interceptor is bound per-CRPage, not
+           // browser-wide.
     humanClick, humanMouseMove, humanType, humanScroll, humanRead, sleep, rand,
   };
 }