pi-agent-browser-native 0.2.33 → 0.2.35

package/extensions/agent-browser/lib/playbook.ts

@@ -18,13 +18,14 @@ export function buildInstalledDocsGuideline(paths: { readmePath: string; command
 }
 
 export const QUICK_START_GUIDELINES = [
-	"Quick start mental model: use exactly one of args (exact agent-browser CLI args after the binary), semanticAction (a thin shorthand compiled to find argv for locator actions or select argv for native dropdowns), job (a constrained short-workflow schema compiled to batch), qa (a lightweight QA preset built on job/batch, including qa.attached for current sessions), electron (desktop Electron list/launch/status/cleanup/probe), or the experimental sourceLookup / networkSourceLookup helpers (each compiled to batch); stdin is only for batch, eval --stdin, auth save --password-stdin, and wrapper-generated batch stdin from job, qa, sourceLookup, or networkSourceLookup, and is rejected with electron; sessionMode=fresh switches the extension-managed pi-scoped session to a fresh upstream launch when you need new --profile, --session-name, --cdp, --state, --auto-connect, --init-script, --enable, -p/--provider, or iOS --device state.",
+	"Quick start mental model: use exactly one of args (exact agent-browser CLI args after the binary), semanticAction (a thin shorthand compiled to find argv for locator actions or select argv for native dropdowns), job (a constrained short-workflow schema compiled to batch), qa (a lightweight QA preset built on job/batch, including qa.attached for current sessions), electron (desktop Electron list/launch/status/cleanup/probe), or the experimental sourceLookup / networkSourceLookup helpers (candidates only; each compiled to batch); stdin is only for batch, eval --stdin, auth save --password-stdin, and wrapper-generated batch stdin from job, qa, sourceLookup, or networkSourceLookup, and is rejected with electron; sessionMode=fresh switches the extension-managed pi-scoped session to a fresh upstream launch when you need new --profile, --session-name, --cdp, --state, --auto-connect, --init-script, --enable, -p/--provider, or iOS --device state. Do not pass --json in args; the wrapper injects it.",
 	"There is no first-class reusable named browser recipe runtime above top-level job, the qa preset, and raw batch stdin; keep recurring flows in documentation examples or those inputs (closed RQ-0068; see docs/ARCHITECTURE.md#no-reusable-recipe-layer-yet).",
-	"Common first calls: { args: [\"open\", \"https://example.com\"] } then { args: [\"snapshot\", \"-i\"] }; after navigation, use { args: [\"click\", \"@e2\"] } then { args: [\"snapshot\", \"-i\"] }.",
+	"Common first calls (first-call recipe): { args: [\"open\", \"<url>\"] } → { args: [\"snapshot\", \"-i\"] } → { args: [\"click\", \"@eN\"] } or { args: [\"fill\", \"@eN\", \"<text>\"] } using @refs and visible labels from that snapshot, then { args: [\"snapshot\", \"-i\"] } after navigation or DOM changes. On https://example.com/ the main link label is Learn more (use exact snapshot text, not guessed link copy).",
 	"Locator-first clicks/fills and native select changes without hand-building argv: { semanticAction: { action: \"click\", locator: \"text\", value: \"Close\" } }, { semanticAction: { action: \"fill\", locator: \"label\", value: \"Email\", text: \"user@example.com\" } }, or { semanticAction: { action: \"select\", selector: \"#flavor\", value: \"chocolate\" } }; add semanticAction.session when targeting a named upstream browser session; details.compiledSemanticAction shows the semantic target, while details.effectiveArgs may show a resolved current @ref for active-session role/name click/check/uncheck actions to avoid hidden duplicate matches; selector-not-found failures may append bounded click try-*-candidate next actions or, for fill misses with current editable refs, details.richInputRecovery with focus/click actions that do not copy fill text; stale-ref failures can return retry-semantic-action-after-stale-ref for compiled find actions when retry safety is provable.",
-	"Common advanced calls: { args: [\"batch\"], stdin: \"[[\\\"open\\\",\\\"https://example.com\\\"],[\\\"snapshot\\\",\\\"-i\\\"]]\" }, { job: { steps: [{ action: \"open\", url: \"https://example.com\" }, { action: \"assertText\", text: \"Example Domain\" }, { action: \"screenshot\", path: \".dogfood/example.png\" }] } }, { qa: { url: \"https://example.com\", expectedText: \"Example Domain\", screenshotPath: \".dogfood/qa-example.png\" } }, { electron: { action: \"list\", query: \"code\" } }, { electron: { action: \"launch\", appName: \"Visual Studio Code\", handoff: \"snapshot\" } }, { electron: { action: \"probe\" } }, { qa: { attached: true, expectedText: \"Explorer\" } }, { args: [\"eval\", \"--stdin\"], stdin: \"document.title\" }, { args: [\"auth\", \"save\", \"name\", \"--password-stdin\"], stdin: \"<password from user-approved secret source>\" }, { args: [\"--profile\", \"Default\", \"open\", \"https://example.com/account\"], sessionMode: \"fresh\" }, and { args: [\"open\", \"--enable\", \"react-devtools\", \"https://example.com\"], sessionMode: \"fresh\" }. For app pages with a native dropdown, job steps can include { action: \"select\", selector: \"#flavor\", value: \"chocolate\" } before the dependent assertion.",
-	"High-value command reference: select <selector> <value...> changes native dropdown values; download <selector> <path> saves a file triggered by a click; get title/url/text/html/value/attr/count reads page state; screenshot [path] captures an image; pdf <path> saves a PDF; tab list and tab <tab-id-or-label> inspect or recover the active tab; react tree/inspect/renders/suspense introspect React after --enable react-devtools; vitals [url] measures Core Web Vitals; pushstate <url> performs SPA navigation.",
-	"For artifact-producing commands, read the visible artifact block and details.artifactVerification before using files: check requested path, absolute path, existence, size bytes, artifact kind, optional mediaType, status, optional limitation, and verified/missing/pending/unverified counts. details.artifacts contains per-file metadata. Browser close does not delete explicit saved files; if close reports details.artifactCleanup, use host file tools to remove paths listed in explicitArtifactPaths (when non-empty) after inspection. For annotated screenshots inside batch, put --annotate in top-level args (for example { args: [\"--annotate\", \"batch\"], stdin: \"[[\\\"screenshot\\\",\\\"/tmp/page.png\\\"]]\" }) rather than inside the screenshot step.",
+	`Common advanced calls: { args: ["batch"], stdin: "[[\"open\",\"https://example.com\"],[\"snapshot\",\"-i\"]]" }, { job: { steps: [{ action: "open", url: "https://example.com" }, { action: "assertText", text: "Example Domain" }, { action: "screenshot", path: ".dogfood/example.png" }] } }, { qa: { url: "https://example.com", expectedText: "Example Domain", screenshotPath: ".dogfood/qa-example.png" } } (example.com smoke only; elsewhere match exact visible text from snapshot -i), { electron: { action: "list", query: "code" } }, { electron: { action: "launch", appName: "Visual Studio Code", handoff: "snapshot" } }, { electron: { action: "probe" } }, { qa: { attached: true, expectedText: "Explorer" } }, { args: ["eval", "--stdin"], stdin: "document.title" }, { args: ["auth", "save", "name", "--password-stdin"], stdin: "<password from user-approved secret source>" }, { args: ["--profile", "Default", "open", "https://example.com/account"], sessionMode: "fresh" }, and { args: ["open", "--enable", "react-devtools", "https://example.com"], sessionMode: "fresh" }. For app pages with a native dropdown, job steps can include { action: "select", selector: "#flavor", value: "chocolate" } before the dependent assertion.`, 
+	"Constrained job navigation is explicit only: click (and select/submit flows that may navigate) does not prove the next page loaded; add assertUrl and/or assertText after navigation-prone steps before screenshot or later interactions. Example: { job: { steps: [{ action: \"open\", url: \"https://shop.example/checkout\" }, { action: \"fill\", selector: \"#email\", text: \"user@example.com\" }, { action: \"click\", selector: \"#continue\" }, { action: \"assertUrl\", url: \"**/shipping\" }, { action: \"assertText\", text: \"Shipping address\" }, { action: \"screenshot\", path: \".dogfood/shipping.png\" }] } }. Top-level click may add navigationSummary hints, but job never auto-inserts post-click asserts.",
+	"High-value command reference: click <selector> --new-tab opens link-like targets in a new tab; select <selector> <value...> changes native dropdown values; scroll <dir> [px] --selector <sel> targets nested scrollers; download <selector> <path> saves a file triggered by a click; get title/url/text/html/value/attr/count reads page state; screenshot [selector] [path] captures a page or element image; pdf <path> saves a PDF; tab list and tab <tab-id-or-label> inspect or recover the active tab; react tree/inspect/renders/suspense introspect React after --enable react-devtools; vitals [url] measures Core Web Vitals; pushstate <url> performs SPA navigation; tap <selector> and swipe <direction> [distance] support iOS/provider touch flows.",
+	"For artifact-producing commands, read the visible artifact block and details.artifactVerification before using files: check requested path, absolute path, existence, size bytes, artifact kind, optional mediaType, status, optional limitation, and verified/missing/pending/unverified counts. details.artifacts contains per-file metadata. Browser close does not delete explicit saved files; if close reports details.artifactCleanup, use host file tools to remove paths listed in explicitArtifactPaths (when non-empty) after inspection. If close fails with details.promptGuard.reason=requested-artifacts-missing-before-close, save the exact required artifact path before closing. For annotated screenshots inside batch, put --annotate in top-level args (for example { args: [\"--annotate\", \"batch\"], stdin: \"[[\\\"screenshot\\\",\\\"/tmp/page.png\\\"]]\" }) rather than inside the screenshot step.",
 	"When details.nextActions is present, prefer those exact native agent_browser follow-up payloads over prose guidance; they may include args, stdin, sessionMode, networkSourceLookup, safety notes, or artifactPath for saved files.",
 ] as const;
 
@@ -34,7 +35,7 @@ export const BRAVE_SEARCH_PROMPT_GUIDELINE =
 export const SHARED_BROWSER_PLAYBOOK_GUIDELINES = [
 	"Standard workflow: open the page, snapshot -i, interact using current @refs from that snapshot, and re-snapshot after navigation, scrolling, rerendering, or other major DOM changes because refs are page-scoped; the wrapper fails mutation-prone stale/recycled refs before upstream can silently target a different current-page element.",
 	"For ordinary forms from one snapshot, batch multiple fill @refs before the submit/click step to avoid serial tool calls; if a fill may autosubmit, navigate, or rerender later fields, split the flow and refresh refs first.",
-	"When snapshot -i compacts because the tree is oversized, scan visible output for Omitted high-value controls and optional details.data.highValueControlRefIds before opening the spill file: those list bounded searchboxes, textboxes, comboboxes, buttons, tabs, checkboxes, radios, options, and menuitems that did not fit the key/other ref previews.",
+	"Snapshot choice: prefer snapshot -i for routine clicks/fills (interactive @refs, main-content-first). Use snapshot --compact when you need a denser same-page tree without full spill; use full snapshot (no -i) only when you need the complete accessibility tree. Re-snapshot after navigation or major DOM changes. When snapshot -i compacts because the tree is oversized, scan visible output for Omitted high-value controls and optional details.data.highValueControlRefIds before opening the spill file: those list bounded searchboxes, textboxes, comboboxes, buttons, tabs, checkboxes, radios, options, and menuitems that did not fit the key/other ref previews.",
 	"When a visible text or accessible-name target should survive ref churn, prefer find locators such as role, text, label, placeholder, alt, title, or testid with the intended action instead of guessing a CSS selector.",
 	"For desktop or host-controlled rich inputs, if semanticAction fill misses, refresh refs and prefer a current editable @ref from details.richInputRecovery or the latest snapshot; focus or click that ref, then use keyboard inserttext or keyboard type with the intended text. Do not auto-submit with Enter or a submit button unless the user flow explicitly calls for it.",
 	"Do not assume Playwright selector dialects such as text=Close or button:has-text('Close') are supported wrapper syntax unless current upstream agent-browser behavior has been verified.",
@@ -44,13 +45,13 @@ export const SHARED_BROWSER_PLAYBOOK_GUIDELINES = [
 	"If you already used the implicit session and now need launch-scoped flags like --profile, --session-name, --cdp, --state, --auto-connect, --init-script, --enable, -p/--provider, or iOS --device, retry with sessionMode set to fresh or pass an explicit --session for the new launch. After a successful unnamed fresh launch, later auto calls follow that new session.",
 	"For React introspection, launch the page with --enable react-devtools before first navigation, then use react tree, react inspect <fiberId>, sourceLookup candidates for local UI source hints, react renders start/stop, or react suspense; sourceLookup is experimental and reports confidence/evidence instead of guaranteed DOM-to-file mappings. For failed fetches and APIs, networkSourceLookup (experimental) correlates failed network requests with initiator metadata and bounded workspace URL literals—candidates only, not definitive blame. Use vitals [url] for Core Web Vitals and hydration timing, and pushstate <url> for client-side SPA navigation.",
 	"For first-navigation setup, use open without a URL plus network route --resource-type <csv>, cookies set --curl <file>, or --init-script/--enable before navigate/opening the target page.",
-	"For stateful browser context work, prefer purpose-specific page actions before dumping browser data: use auth save --password-stdin with the tool stdin field for credentials, state save/load for portable test state, cookies get/set/clear and storage local|session only when the task needs those values, and expect cookie/storage/auth/state summaries to redact credential-like fields.",
+	"For stateful browser context work, prefer purpose-specific page actions before dumping browser data: use auth save --password-stdin with the tool stdin field for credentials, auth list/show/delete/remove for local auth-profile maintenance, auth login when you need the browser to fill a saved profile, state save/load for portable test state, state list/show/rename/clear/clear -a/clean for saved-state lifecycle cleanup, cookies get/set/clear and storage local|session only when the task needs those values, and expect cookie/storage/auth/state summaries to redact credential-like fields.",
 	"For batch chains that touch cookies, storage, auth, or other secret-bearing commands, use details.batchSteps for per-step artifacts, categories, spill paths, and full structured errors; top-level details.data on batch is only a compact redacted step matrix (success, argv-redacted command, redacted result or scrubbed error text) built from the same presentation rules as standalone calls.",
-	"For non-core families, pass current upstream commands through the native tool directly: network route/requests/har, diff snapshot/screenshot/url, trace/profiler/record, console/errors/highlight/inspect/clipboard, stream enable/disable/status, dashboard start/stop, and chat. For compact network requests output, prefer details.nextActions for request detail, actionable failed-request networkSourceLookup, filtering, or HAR capture follow-ups instead of guessing request-id syntax. Artifact-producing commands report details.artifacts and verification state; long-running starts such as stream, dashboard, trace/profiler, and record should be paired with the matching stop/disable command when the task is done.",
-	"For Electron desktop apps, prefer top-level electron for wrapper-owned discovery, isolated launch, status, compact probe, and cleanup: list first, treat likely-sensitive annotations as hints rather than enforcement, launch with the default snapshot handoff unless handoff: \"tabs\" is the safer diagnostic starting point, use electron.probe or snapshot -i/qa.attached for current-session state, and always cleanup the returned launchId when done. electron.launch uses an isolated temporary profile; it does not reuse the app's normal signed-in profile or attach to an already-running authenticated app. For signed-in local app state, host-launch the normal app with --remote-debugging-port when appropriate, then use raw args connect <port|url>; after connect, inspect tab list, select the stable tab id such as tab t2, then run a condition wait or snapshot -i before using refs. close only closes the browser/CDP session; leave manually launched app shutdown, profile cleanup, and explicit artifacts to the host owner.",
-	"For provider or specialized app workflows, load version-matched upstream guidance with skills get agentcore|electron|slack|dogfood|vercel-sandbox through the native tool. Provider launches such as -p ios, --provider browserbase/kernel/browseruse/browserless/agentcore, and iOS --device are upstream-owned setup paths; use sessionMode fresh when switching providers and expect external credentials or local Appium/Xcode setup to be required.",
+	"For non-core families, pass current upstream commands through the native tool directly: network route/requests/har (including request filters like --type/--method/--status), diff snapshot/screenshot/url with scoped/baseline options, trace/profiler/record, console/errors/highlight/inspect/clipboard, stream enable/disable/status, dashboard start/stop, device list for iOS simulator inventory, and chat. For compact network requests output, prefer details.nextActions for request detail, actionable failed-request networkSourceLookup, filtering, or HAR capture follow-ups instead of guessing request-id syntax. Artifact-producing commands report details.artifacts and verification state; long-running starts such as stream, dashboard, trace/profiler, and record should be paired with the matching stop/disable command when the task is done.",
+	"For Electron desktop apps, prefer top-level electron for wrapper-owned discovery, isolated launch, status, compact probe, and cleanup: list first, treat likely-sensitive annotations as hints rather than enforcement, launch with the default snapshot handoff unless handoff: \"tabs\" is the safer diagnostic starting point, use electron.probe or snapshot -i/qa.attached for current-session state, and always cleanup the returned launchId when done. electron.launch uses an isolated temporary profile; it does not reuse the app's normal signed-in profile or attach to an already-running authenticated app. For signed-in local app state, host-launch the normal app with --remote-debugging-port when appropriate, then use raw args connect <port|url>; after connect, inspect tab list, select the stable tab id such as tab t2, then run a condition wait or snapshot -i before using refs. close commands (`close`, `quit`, or `exit`) only close the browser/CDP session; leave manually launched app shutdown, profile cleanup, and explicit artifacts to the host owner.",
+	"For provider or specialized app workflows, load version-matched upstream guidance with skills get agentcore|electron|slack|dogfood|vercel-sandbox through the native tool; add --full when you need references/templates, and use skills get --all only for broad skill audits. Provider launches such as -p ios, --provider browserbase/kernel/browseruse/browserless/agentcore, and iOS --device are upstream-owned setup paths; use sessionMode fresh when switching providers and expect external credentials or local Appium/Xcode setup to be required.",
 	"For dialogs and frames, use dialog status/accept/dismiss and frame <selector|main> through native args; when --confirm-actions produces a pending confirmation, use details.nextActions or exact confirm <id> / deny <id> calls instead of inventing ids.",
-	"If a session lands on the wrong page or tab, an interaction changes origin unexpectedly, or an open call returns blocked, blank, or otherwise unexpected results, use tab list / tab <tab-id-or-label> / snapshot -i to recover state before retrying different URLs or fallback strategies. For desktop readiness, prefer real conditions first: wait --text, wait --url, wait --fn, wait --load <state>, wait --download, or qa.attached; use electron.probe/status for wrapper-owned launch health or target mismatch. Fixed waits are a last resort, must stay below the wrapper IPC budget (wait 30000 is intentionally blocked), and a successful payload like \"waited\":\"timeout\" means elapsed time only—verify completion with an observed condition, fresh snapshot, or screenshot.",
+	"If a session lands on the wrong page or tab, an interaction changes origin unexpectedly, or an open call returns blocked, blank, or otherwise unexpected results, use tab list / tab <tab-id-or-label> / snapshot -i to recover state before retrying different URLs or fallback strategies. For desktop readiness, prefer real conditions first: wait --text, wait --url, wait --fn, wait --load <state>, wait --download, or qa.attached; for disappearance checks in agent-browser 0.27.0, use wait --fn predicates instead of stale upstream-help examples like wait <selector> --state hidden. Use electron.probe/status for wrapper-owned launch health or target mismatch. Fixed waits are a last resort, must stay below the wrapper IPC budget (wait 30000 is intentionally blocked), and a successful payload like \"waited\":\"timeout\" means elapsed time only—verify completion with an observed condition, fresh snapshot, or screenshot.",
 	"For feed, timeline, or inbox reading tasks, focus on the main timeline/list region and read the first item there rather than unrelated composer or sidebar content.",
 	"For read-only browsing tasks, prefer extracting the answer from the current snapshot, structured ref labels, or eval --stdin on the current page before navigating away. Only click into media viewers, detail routes, or new pages when the current view does not contain the needed information.",
 	"For downloads, prefer download <selector> <path> when an element click should save a file. Do not rely on click alone when you need the downloaded file on disk.",
@@ -59,13 +60,16 @@ export const SHARED_BROWSER_PLAYBOOK_GUIDELINES = [
 	"When using eval --stdin for extraction, return the value you want instead of relying on console.log as the primary result channel. Prefer plain expressions like ({ title: document.title }) or explicitly invoked functions like (() => ({ title: document.title }))(); if a function-shaped snippet returns {}, details.evalStdinHint may warn that the function was serialized instead of called. If get text on a CSS selector surfaces details.selectorTextVisibility or selectorTextVisibilityAll, prefer a visible @ref, a more specific selector, or the inspect-visible-text-candidates nextAction over hidden tab content.",
 	"When details.pageChangeSummary is present, use changeType and summary as a compact signal for navigation, DOM mutation, confirmations, or artifacts; when nextActionIds is set, match those ids to entries in details.nextActions (or per-step nextActions inside batch) for concrete follow-up payloads instead of inferring from prose alone. If a no-navigation click surfaces details.overlayBlockers, inspect the fresh snapshot evidence before using a close/dismiss candidate nextAction; ordinary page chrome without dialog/alertdialog evidence should not trigger this diagnostic.",
 	"When commands save or spill files (screenshots, downloads, PDFs, traces, recordings, HAR, large snapshot spills), use the user's exact requested paths when given and treat paths as provisional until details.artifactVerification shows every row verified: branch on missingCount, pendingCount, unverifiedCount, per-entry state, and optional limitation before downstream file use or PASS/FAIL reporting.",
+	"For evidence-only screenshots, QA captures, or other audit artifacts, save to an explicit path and branch on details.artifactVerification plus details.artifacts before reporting PASS/FAIL; do not require vision review of inline image attachments unless the user asked for visual inspection.",
+	"Respect explicit user stop boundaries: if the user says to stop before order/post/purchase/submit, do not click that final action. If the wrapper returns details.promptGuard.reason=explicit-user-stop-boundary, gather evidence on the current page instead of retrying the blocked final action.",
+	"Successful record stop needs ffmpeg on PATH; the wrapper may warn after record start when ffmpeg is missing.",
 	"Do not call --help or other exploratory inspection commands unless the user explicitly asks for them or debugging the browser integration is necessary.",
 ] as const;
 
 export const TOOL_PROMPT_GUIDELINES_SUFFIX = [
 	"Prefer agent_browser over bash for opening sites, reading docs on the web, clicking, filling, screenshots, eval, and batch workflows.",
 	"Do not fall back to osascript, AppleScript, or generic browser-driving bash commands when agent_browser can do the job.",
-	"Pass exact agent-browser CLI arguments in args when you are not using semanticAction, job, or qa, excluding the binary name.",
+	"Pass exact agent-browser CLI arguments in args when you are not using semanticAction, job, or qa, excluding the binary name and --json (the wrapper injects --json automatically).",
 	"Use stdin only for eval --stdin, batch, auth save --password-stdin, or wrapper-generated job/qa batches instead of shell heredocs or password args; other command/stdin combinations are rejected before launch.",
 	"Let the extension-managed session handle the common path unless you explicitly need a fresh launch for upstream flags like --profile, --session-name, --cdp, --state, --auto-connect, --init-script, --enable, -p/--provider, or iOS --device.",
 	"Use sessionMode=fresh when switching from an existing implicit session to a new profile/debug/init-script/provider launch without inventing a fixed explicit session name; later auto calls will follow that new session.",
@@ -91,17 +95,14 @@ export function buildSharedBrowserPlaybookGuidelines(options: { includeBraveSear
 	];
 }
 
-const RUNTIME_PROMPT_GUIDELINES = [
-	"Use exactly one input mode: args, semanticAction, job, qa, sourceLookup, networkSourceLookup, or electron. Use stdin only for batch, eval --stdin, auth save --password-stdin, or wrapper-generated batch modes; electron rejects caller stdin.",
-	"Common flow: open, snapshot -i, interact with current @refs or semanticAction, then re-snapshot after navigation, scrolling, rerenders, or DOM changes. Batch same-snapshot form fills unless a fill may submit, navigate, or rerender. If semanticAction fill misses on a rich host input, use richInputRecovery/current editable refs, focus/click, then keyboard inserttext/type; do not auto-submit. Respect explicit stop boundaries: if the user says to stop before order/post/purchase/submit, do not click that final action.",
-	"Prefer stable locators for visible text/names: semanticAction or find role/text/label/placeholder/alt/title/testid. For native selects, use select <selector> <value...> or semanticAction/job select. Use current @refs only from the latest same-page snapshot.",
-	"For signed-in/account-specific content on the web, start with --profile Default plus sessionMode=fresh unless asked otherwise; visible content is model-visible. For desktop/Electron apps, use electron.list first. electron.launch is isolated; for signed-in desktop content, host-launch with --remote-debugging-port, connect, tab list, select the stable tab id, then condition-wait or snapshot -i. Use sessionMode=fresh for other launch-scoped state; otherwise keep implicit continuity.",
-	"For screenshots, recordings, downloads, PDFs, or HARs, save the exact user path and check details.artifactVerification before claiming success. record stop needs ffmpeg on PATH. close does not delete saved files; cleanup is host-owned. Electron cleanup only covers wrapper-launched launchIds. For desktop readiness, prefer condition waits, qa.attached, electron.probe/status, tab list/tab tN, snapshot, or screenshot; wait 30000 is blocked, and \"waited\":\"timeout\" is not completion evidence.",
-	"When details.nextActions is present, prefer those exact follow-up payloads over prose or guessed selectors; diagnostics may include request detail, networkSourceLookup, HAR capture, Electron status/cleanup, tab selection, rich-input focus/click recovery, or snapshot actions.",
-	"For dense snapshots, check Omitted high-value controls and details.data.highValueControlRefIds before opening large spill files.",
-	"For dashboards, verify scroll with screenshot/snapshot; if nothing moved, use scrollintoview <@ref> or target the real scroll region. Native selects need select/semanticAction/job select; custom comboboxes may need re-snapshot, type, Enter/arrows, or visible option refs.",
-	"For extraction, prefer get title/url/text/html/value/attr/count or eval --stdin with a plain expression; do not rely on console.log. When reading several known refs/selectors, use batch JSON-array stdin (for example [[\"get\",\"text\",\"@e1\"]]) or eval --stdin instead of many serial gets. If selector visibility warnings appear, prefer visible @refs or nextActions.",
-	"For non-core debugging, pass upstream commands through args: network, diff, trace/profiler/record, console/errors, stream, dashboard, chat, react, vitals, pushstate, dialog, frame, tab.",
+/** Tier A: always-on tool promptGuidelines (keep small; Tier B lives in SHARED_BROWSER_PLAYBOOK_GUIDELINES and docs). */
+export const RUNTIME_PROMPT_GUIDELINES = [
+	"Use exactly one input mode: args (open→snapshot -i→@refs), semanticAction, job, qa, sourceLookup/networkSourceLookup (candidate hints), or electron. stdin only for batch/eval/auth or wrapper batch; electron rejects stdin. Do not pass --json in args; wrapper injects it.",
+	"Common flow: open, snapshot -i, use current @refs or semanticAction, then re-snapshot after navigation/scroll/rerender/DOM change. Batch same-snapshot fills unless they may submit/navigate/rerender. Respect explicit stop boundaries: if the user says stop before order/post/purchase/submit, do not click the final action.",
+	"Use sessionMode=fresh for launch-scoped flags on an active implicit session. For signed-in/account-specific content, start with --profile Default plus sessionMode=fresh unless asked otherwise; visible content is model-visible.",
+	"For artifacts, save the exact user path and check details.artifactVerification/details.artifacts before claiming success. If close is blocked by details.promptGuard, save the required artifact first. record stop needs ffmpeg on PATH; close does not delete saved files; \"waited\":\"timeout\" is not proof.",
+	"When details.nextActions is present, prefer exact payloads over prose/guessed selectors. For dense snapshots, check Omitted high-value controls/details.data.highValueControlRefIds. For dashboards, verify scroll with screenshot/snapshot; if nothing moved, target the real scroll region.",
+	"For extraction, prefer get title/url/text/html/value/attr/count or eval --stdin with plain expression, not console.log. Batch three or more known refs/selectors (e.g. [[\"get\",\"text\",\"@e1\"],[\"get\",\"text\",\"@e2\"]]); selector visibility warnings → visible @refs/nextActions.",
 ] as const;
 
 export function buildToolPromptGuidelines(options: { includeBraveSearch: boolean; docs?: { readmePath: string; commandReferencePath: string; toolContractPath: string } }): string[] {

package/extensions/agent-browser/lib/prompt-policy.ts

@@ -0,0 +1,122 @@
+/**
+ * Purpose: Derive operator prompt constraints for browser-run preflight guards and legacy bash policy.
+ * Responsibilities: Parse the latest user message into stop boundaries, requested artifact paths, and legacy bash allowance.
+ * Scope: Pure prompt-text policy; enforcement lives in orchestration prompt-guards and the extension entrypoint.
+ */
+
+export interface PromptRequestedArtifact {
+	kind: "recording" | "screenshot";
+	path: string;
+	required: boolean;
+}
+
+export interface PromptStopBoundary {
+	reason: "avoid-final-submit-action";
+}
+
+export interface PromptPolicy {
+	allowLegacyAgentBrowserBash: boolean;
+	requestedArtifacts: PromptRequestedArtifact[];
+	stopBoundary?: PromptStopBoundary;
+}
+
+const BROWSER_PROMPT_PATTERNS = [
+	/\b(?:agent[_ -]?browser|browser automation|eval\s+--stdin|screenshot|snapshot|tab\s+list)\b/i,
+	/\b(?:react\s+(?:tree|inspect|renders|suspense)|web\s+vitals|core\s+web\s+vitals|pushstate)\b/i,
+	/\b(?:live\s+docs?|online\s+research|research\s+(?:online|the\s+web)|search\s+(?:online|the\s+web)|web\s+research)\b/i,
+	/\bbrowser\b.*\b(?:automation|click|fill|navigate|open|page|screenshot|site|snapshot|tab|url|visit|web(?:site| page)?)\b/i,
+	/\b(?:browse|click|fill|login|navigate|open|visit)\b.*\b(?:https?:\/\/\S+|page|site|tab|url|web(?:site| page)?)\b/i,
+];
+
+const LEGACY_BASH_ALLOW_PATTERNS = [
+	/\b(?:bash-oriented workflow|bash workflow)\b/i,
+	/\b(?:use|via|through|with)\s+bash\b/i,
+	/\bnpx\s+agent-browser\b/i,
+	/\bagent-browser\s+--(?:help|version)\b/i,
+	/\bdebug(?:ging)?\b.*\b(?:agent[_ -]?browser|agent_browser|browser integration)\b/i,
+];
+
+const STOP_BOUNDARY_PATTERNS = [
+	/\b(?:do\s+not|don't|dont|never)\s+(?:place|submit|complete|finish|finali[sz]e|confirm)\s+(?:the\s+)?(?:order|purchase|checkout|payment)\b/i,
+	/\b(?:do\s+not|don't|dont|never)\s+click\s+(?:the\s+)?(?:finish|submit|place\s+order|complete\s+order|confirm\s+order|buy\s+now|pay\s+now)\b/i,
+	/\bstop\s+(?:on|at|before)\b[^.\n]*(?:checkout\s+overview|finish|place\s+(?:the\s+)?order|submit\s+(?:the\s+)?order|complete\s+(?:the\s+)?order|purchase|payment)\b/i,
+	/\bwithout\s+(?:placing|submitting|completing|finishing|confirming)\s+(?:the\s+)?(?:order|purchase|payment)\b/i,
+];
+
+const PROMPT_ARTIFACT_PATH_PATTERN = /(?:^|[\s"'`(:])((?:\/[^\s"'`),;]+|[A-Za-z]:[\\/][^\s"'`),;]+|\.{1,2}[\\/][^\s"'`),;]+|[^\s"'`),;:\\/]+(?:[\\/][^\s"'`),;]+)+|[^\s"'`),;:\\/]+)\.(?:png|jpe?g|webp|gif|webm|mp4|har|pdf|trace|json))(?:[\s"'`),;.]|$)/gi;
+
+function buildPromptStopBoundary(prompt: string): PromptStopBoundary | undefined {
+	return STOP_BOUNDARY_PATTERNS.some((pattern) => pattern.test(prompt)) ? { reason: "avoid-final-submit-action" } : undefined;
+}
+
+function extractPromptRequestedArtifacts(prompt: string): PromptRequestedArtifact[] {
+	const artifacts: PromptRequestedArtifact[] = [];
+	const seen = new Set<string>();
+	for (const line of prompt.split(/\r?\n/)) {
+		const lowerLine = line.toLowerCase();
+		const kind = lowerLine.includes("screenshot")
+			? "screenshot"
+			: /\b(?:screen\s+recording|recording|webm|video)\b/.test(lowerLine)
+				? "recording"
+				: undefined;
+		if (!kind) continue;
+		PROMPT_ARTIFACT_PATH_PATTERN.lastIndex = 0;
+		for (const match of line.matchAll(PROMPT_ARTIFACT_PATH_PATTERN)) {
+			const path = match[1]?.trim();
+			if (!path) continue;
+			const key = `${kind}:${path}`;
+			if (seen.has(key)) continue;
+			seen.add(key);
+			artifacts.push({
+				kind,
+				path,
+				required: kind === "screenshot" || !/\b(?:if|when)\s+(?:recording\s+)?(?:is\s+)?available\b/i.test(line),
+			});
+		}
+	}
+	return artifacts;
+}
+
+export function buildPromptPolicy(prompt: string): PromptPolicy {
+	return {
+		allowLegacyAgentBrowserBash: LEGACY_BASH_ALLOW_PATTERNS.some((pattern) => pattern.test(prompt)),
+		requestedArtifacts: extractPromptRequestedArtifacts(prompt),
+		stopBoundary: buildPromptStopBoundary(prompt),
+	};
+}
+
+function getMessageText(content: unknown): string {
+	if (typeof content === "string") return content;
+	if (!Array.isArray(content)) return "";
+
+	return content
+		.map((item) => {
+			if (typeof item !== "object" || item === null) return "";
+			return item.type === "text" && typeof item.text === "string" ? item.text : "";
+		})
+		.filter((text) => text.length > 0)
+		.join("\n");
+}
+
+export function shouldAppendBrowserSystemPrompt(prompt: string): boolean {
+	const normalizedPrompt = prompt.trim();
+	if (normalizedPrompt.length === 0) {
+		return false;
+	}
+	return BROWSER_PROMPT_PATTERNS.some((pattern) => pattern.test(normalizedPrompt));
+}
+
+export function getLatestUserPrompt(branch: unknown[]): string {
+	for (let index = branch.length - 1; index >= 0; index -= 1) {
+		const entry = branch[index];
+		if (typeof entry !== "object" || entry === null || !("type" in entry) || entry.type !== "message") {
+			continue;
+		}
+		const message = "message" in entry ? entry.message : undefined;
+		if (typeof message !== "object" || message === null || !("role" in message) || message.role !== "user") {
+			continue;
+		}
+		return getMessageText("content" in message ? message.content : undefined);
+	}
+	return "";
+}

package/extensions/agent-browser/lib/results/action-recommendations.ts

@@ -6,6 +6,7 @@
  * Invariants/Assumptions: Action ids are public machine-readable contracts; preserve first-observed order.
  */
 
+import { isOpenNavigationCommand, isPageMutationCommand } from "../command-taxonomy.js";
 import { isPendingRecordingArtifact } from "./artifact-state.js";
 import type {
 	AgentBrowserFailureCategory,
@@ -56,27 +57,6 @@ function buildElectronToolAction(options: {
 	};
 }
 
-const MUTATING_COMMANDS = new Set([
-	"back",
-	"check",
-	"click",
-	"dblclick",
-	"dialog",
-	"fill",
-	"forward",
-	"hover",
-	"press",
-	"pushstate",
-	"reload",
-	"scroll",
-	"scrollintoview",
-	"select",
-	"swipe",
-	"tap",
-	"type",
-	"uncheck",
-]);
-
 function getDownloadRetryPath(args: string[] | undefined, fallback: string | undefined): string | undefined {
 	if (fallback) return fallback;
 	if (!args || args.length === 0) return undefined;
@@ -170,13 +150,13 @@ export function buildAgentBrowserNextActions(options: {
 		}
 	}
 	if (options.resultCategory === "success") {
-		if (options.command === "open") {
+		if (isOpenNavigationCommand(options.command)) {
 			actions.push(buildNextToolAction({
 				args: ["snapshot", "-i"],
 				id: "inspect-opened-page",
 				reason: "Inspect the opened page before choosing interactive refs.",
 			}));
-		} else if (options.command && MUTATING_COMMANDS.has(options.command)) {
+		} else if (isPageMutationCommand(options.command)) {
 			actions.push(buildNextToolAction({
 				args: ["snapshot", "-i"],
 				id: "inspect-after-mutation",

package/extensions/agent-browser/lib/results/categories.ts

@@ -52,6 +52,7 @@ export function classifyAgentBrowserFailureCategory(options: {
 	if (/aborted/i.test(text)) return "aborted";
 	if (/policy[- ]blocked|blocked by caller policy|caller deny policy|caller allow policy/i.test(text)) return "policy-blocked";
 	if (/cleanup failed|cleanup.*partial|partial cleanup|remaining resources/i.test(text)) return "cleanup-failed";
+	if (options.validationError) return "validation-error";
 	if (options.tabDrift || /could not re-select the intended tab|about:blank|selected tab looks wrong|tab drift|tab.*wrong/i.test(text)) return "tab-drift";
 	if (/\bUnknown ref\b|\bstale ref\b|@ref may be stale|\bref\b.*\b(?:not found|missing|expired)\b/i.test(text)) return "stale-ref";
 	if (usedRef && /could not locate element|element not found|no element/i.test(text)) return "stale-ref";
@@ -72,7 +73,6 @@ export function classifyAgentBrowserFailureCategory(options: {
 	if ((command === "download" || text.includes("wait --download") || /\bdownload\b/i.test(text)) && /missing|not verified|not found|failed|timeout|timed out/i.test(text)) {
 		return "download-not-verified";
 	}
-	if (options.validationError) return "validation-error";
 	return "upstream-error";
 }
 

package/extensions/agent-browser/lib/results/presentation/navigation.ts

@@ -4,41 +4,13 @@
  * Scope: Navigation and get/eval extraction formatting only.
  */
 
+import { isNavigationObservableCommandName, isPageChangeSummaryCommand } from "../../command-taxonomy.js";
 import { isRecord } from "../../parsing.js";
 import type { CommandInfo } from "../../runtime.js";
 import { detectConfirmationRequired } from "../confirmation.js";
 import type { AgentBrowserPageChangeSummary, FileArtifactMetadata } from "../contracts.js";
 import { redactModelFacingText, stringifyModelFacing } from "./common.js";
 
-const NAVIGATION_SUMMARY_COMMANDS = new Set(["back", "click", "dblclick", "forward", "reload"]);
-
-const PAGE_CHANGE_SUMMARY_COMMANDS = new Set([
-	"back",
-	"check",
-	"click",
-	"dblclick",
-	"dialog",
-	"download",
-	"fill",
-	"forward",
-	"goto",
-	"hover",
-	"navigate",
-	"open",
-	"pdf",
-	"press",
-	"pushstate",
-	"reload",
-	"screenshot",
-	"scroll",
-	"scrollintoview",
-	"select",
-	"swipe",
-	"tap",
-	"type",
-	"uncheck",
-]);
-
 const NAVIGATION_SUMMARY_FIELD = "navigationSummary";
 
 interface NavigationSummary {
@@ -108,7 +80,7 @@ export function formatExtractionText(commandInfo: CommandInfo, data: Record<stri
 }
 
 export function isNavigationObservableCommand(command: string | undefined): boolean {
-	return command !== undefined && NAVIGATION_SUMMARY_COMMANDS.has(command);
+	return isNavigationObservableCommandName(command);
 }
 
 function isNavigationSummary(value: unknown): value is NavigationSummary {
@@ -142,10 +114,6 @@ export function formatNavigationSummary(summary: NavigationSummary): string | un
 	return normalized.title ?? normalized.url;
 }
 
-function isPageChangeSummaryCommand(command: string | undefined): boolean {
-	return command !== undefined && PAGE_CHANGE_SUMMARY_COMMANDS.has(command);
-}
-
 export function buildPageChangeSummary(options: {
 	artifacts?: FileArtifactMetadata[];
 	commandInfo: CommandInfo;

package/extensions/agent-browser/lib/results/presentation/registry.ts

@@ -1,3 +1,4 @@
+import type { CompiledAgentBrowserSemanticAction } from "../../input-modes/types.js";
 import { isRecord } from "../../parsing.js";
 import type { CommandInfo } from "../../runtime.js";
 import { detectConfirmationRequired, type ConfirmationRequiredPresentation } from "../confirmation.js";
@@ -14,6 +15,11 @@ import {
 	getNavigationSummary,
 	isNavigationObservableCommand,
 } from "./navigation.js";
+import {
+	formatSemanticActionPresentationSummary,
+	formatSemanticActionPresentationText,
+	resolvePresentationCommandInfo,
+} from "./semantic-action.js";
 
 function getPageSummary(data: Record<string, unknown>): string | undefined {
 	const title = typeof data.title === "string" ? data.title : undefined;
@@ -91,20 +97,32 @@ function formatBatchSummary(data: unknown): string | undefined {
 		: `Batch failed: ${successCount}/${data.length} succeeded`;
 }
 
-export function formatPresentationSummary(commandInfo: CommandInfo, data: unknown): string {
+export function formatPresentationSummary(
+	commandInfo: CommandInfo,
+	data: unknown,
+	compiledSemanticAction?: CompiledAgentBrowserSemanticAction,
+): string {
 	const confirmationRequired = detectConfirmationRequired(data);
 	if (confirmationRequired) return formatConfirmationRequiredSummary(confirmationRequired);
 
+	const presentationCommandInfo = resolvePresentationCommandInfo(commandInfo, compiledSemanticAction);
+
 	if (commandInfo.command === "batch") {
 		const batchSummary = formatBatchSummary(data);
 		if (batchSummary) return batchSummary;
 	}
 
 	if (isRecord(data)) {
+		if (compiledSemanticAction) {
+			const semanticSummary = formatSemanticActionPresentationSummary(compiledSemanticAction, data);
+			if (semanticSummary) return semanticSummary;
+		}
 		const navigationSummary = getNavigationSummary(data);
-		if (navigationSummary && isNavigationObservableCommand(commandInfo.command)) {
+		if (navigationSummary && isNavigationObservableCommand(presentationCommandInfo.command)) {
 			const navigationText = formatNavigationSummary(navigationSummary);
-			if (navigationText) return `${commandInfo.command ?? "navigation"} → ${navigationText.split("\n", 1)[0] ?? navigationText}`;
+			if (navigationText) {
+				return `${presentationCommandInfo.command ?? "navigation"} → ${navigationText.split("\n", 1)[0] ?? navigationText}`;
+			}
 		}
 	}
 
@@ -121,10 +139,14 @@ export function formatPresentationSummary(commandInfo: CommandInfo, data: unknow
 	}
 
 	if (typeof data === "string" && data.length > 0) return data.split("\n", 1)[0] ?? data;
-	return `${commandInfo.command ?? "agent-browser"} completed`;
+	return `${presentationCommandInfo.command ?? commandInfo.command ?? "agent-browser"} completed`;
 }
 
-export function formatPresentationContentText(commandInfo: CommandInfo, data: unknown): string {
+export function formatPresentationContentText(
+	commandInfo: CommandInfo,
+	data: unknown,
+	compiledSemanticAction?: CompiledAgentBrowserSemanticAction,
+): string {
 	const confirmationRequired = detectConfirmationRequired(data);
 	if (confirmationRequired) return formatConfirmationRequiredText(confirmationRequired);
 
@@ -135,8 +157,14 @@ export function formatPresentationContentText(commandInfo: CommandInfo, data: un
 	if (typeof data === "number" || typeof data === "boolean") return String(data);
 	if (!isRecord(data)) return stringifyModelFacing(data);
 
+	if (compiledSemanticAction) {
+		const semanticText = formatSemanticActionPresentationText(compiledSemanticAction, data);
+		if (semanticText) return semanticText;
+	}
+
+	const presentationCommandInfo = resolvePresentationCommandInfo(commandInfo, compiledSemanticAction);
 	const navigationSummary = getNavigationSummary(data);
-	if (navigationSummary && isNavigationObservableCommand(commandInfo.command)) {
+	if (navigationSummary && isNavigationObservableCommand(presentationCommandInfo.command)) {
 		const navigationText = formatNavigationSummary(navigationSummary);
 		if (navigationText) {
 			const actionText = formatNavigationActionResult(data);

package/extensions/agent-browser/lib/results/presentation/semantic-action.ts

@@ -0,0 +1,133 @@
+/**
+ * Purpose: Map successful semanticAction results to the same presentation signals as direct ref commands.
+ * Responsibilities: Resolve presentation command names, compact action prose, and navigation-summary probe gates.
+ * Scope: semanticAction success presentation only.
+ */
+
+import {
+	getCompiledSemanticActionCommandIndex,
+	isCompiledSemanticActionFindCommand,
+} from "../../input-modes/semantic-action.js";
+import type { CompiledAgentBrowserSemanticAction } from "../../input-modes/types.js";
+import { isRecord } from "../../parsing.js";
+import type { CommandInfo } from "../../runtime.js";
+import {
+	formatNavigationSummary,
+	getNavigationSummary,
+	isNavigationObservableCommand,
+} from "./navigation.js";
+import { redactModelFacingText } from "./common.js";
+
+const SEMANTIC_NAVIGATION_PROBE_ACTIONS = new Set(["check", "click", "uncheck"]);
+
+const SEMANTIC_PRESENTATION_ACTIONS = new Set(["check", "click", "fill", "select", "uncheck"]);
+
+function getPageSummary(data: Record<string, unknown>): string | undefined {
+	const title = typeof data.title === "string" ? data.title : undefined;
+	const url = typeof data.url === "string" ? data.url : undefined;
+	if (!title && !url) return undefined;
+	if (title && url) return `${title}\n${url}`;
+	return title ?? url;
+}
+
+function formatSemanticActionTarget(compiled: CompiledAgentBrowserSemanticAction): string {
+	if (compiled.action === "select") {
+		const selector = compiled.selector ?? "selector";
+		const values = compiled.values?.length ? compiled.values.join(", ") : "";
+		return values ? `${selector} → ${values}` : selector;
+	}
+	const commandIndex = getCompiledSemanticActionCommandIndex(compiled);
+	const locator = compiled.locator ?? compiled.args[commandIndex + 1] ?? "locator";
+	const locatorValue = compiled.args[commandIndex + 2];
+	const nameIndex = compiled.args.indexOf("--name");
+	const name = nameIndex >= 0 ? compiled.args[nameIndex + 1] : undefined;
+	const quotedValue = JSON.stringify(locatorValue ?? "");
+	const target = `${locator} ${quotedValue}`;
+	return name ? `${target} (name ${JSON.stringify(name)})` : target;
+}
+
+export function formatSemanticActionCompactLine(compiled: CompiledAgentBrowserSemanticAction): string {
+	const target = formatSemanticActionTarget(compiled);
+	switch (compiled.action) {
+		case "click":
+			return `Clicked: ${target}`;
+		case "fill":
+			return `Filled: ${target}`;
+		case "check":
+			return `Checked: ${target}`;
+		case "uncheck":
+			return `Unchecked: ${target}`;
+		case "select":
+			return `Selected: ${target}`;
+		default:
+			return `${compiled.action}: ${target}`;
+	}
+}
+
+export function resolveSemanticPresentationCommand(
+	compiled: CompiledAgentBrowserSemanticAction | undefined,
+): string | undefined {
+	if (!compiled || !SEMANTIC_PRESENTATION_ACTIONS.has(compiled.action)) return undefined;
+	if (compiled.action === "select") return "select";
+	if (isCompiledSemanticActionFindCommand(compiled)) return compiled.action;
+	return undefined;
+}
+
+export function resolvePresentationCommandInfo(
+	commandInfo: CommandInfo,
+	compiledSemanticAction?: CompiledAgentBrowserSemanticAction,
+): CommandInfo {
+	const presentationCommand = resolveSemanticPresentationCommand(compiledSemanticAction);
+	if (!presentationCommand) return commandInfo;
+	return { ...commandInfo, command: presentationCommand };
+}
+
+export function shouldCaptureSemanticActionNavigationSummary(
+	compiled: CompiledAgentBrowserSemanticAction | undefined,
+	data: unknown,
+): boolean {
+	if (!compiled || !SEMANTIC_NAVIGATION_PROBE_ACTIONS.has(compiled.action)) return false;
+	if (!isCompiledSemanticActionFindCommand(compiled)) return false;
+	return !isRecord(data) || (typeof data.title !== "string" && typeof data.url !== "string");
+}
+
+export function formatSemanticActionPresentationText(
+	compiled: CompiledAgentBrowserSemanticAction,
+	data: Record<string, unknown>,
+): string | undefined {
+	const presentationCommand = resolveSemanticPresentationCommand(compiled);
+	if (!presentationCommand) return undefined;
+
+	const actionLine = formatSemanticActionCompactLine(compiled);
+	const navigationSummary = getNavigationSummary(data);
+	if (navigationSummary && isNavigationObservableCommand(presentationCommand)) {
+		const navigationText = formatNavigationSummary(navigationSummary);
+		if (navigationText) return `${actionLine}\n\nCurrent page:\n${navigationText}`;
+	}
+
+	const pageSummary = getPageSummary(data);
+	if (pageSummary) return `${actionLine}\n\nCurrent page:\n${redactModelFacingText(pageSummary)}`;
+
+	return actionLine;
+}
+
+export function formatSemanticActionPresentationSummary(
+	compiled: CompiledAgentBrowserSemanticAction,
+	data: Record<string, unknown>,
+): string | undefined {
+	const presentationCommand = resolveSemanticPresentationCommand(compiled);
+	if (!presentationCommand) return undefined;
+
+	const navigationSummary = getNavigationSummary(data);
+	if (navigationSummary && isNavigationObservableCommand(presentationCommand)) {
+		const navigationText = formatNavigationSummary(navigationSummary);
+		if (navigationText) {
+			return `${presentationCommand} → ${navigationText.split("\n", 1)[0] ?? navigationText}`;
+		}
+	}
+
+	const pageSummary = getPageSummary(data);
+	if (pageSummary) return `${presentationCommand} → ${pageSummary.split("\n", 1)[0] ?? pageSummary}`;
+
+	return `${presentationCommand} → ${formatSemanticActionTarget(compiled)}`;
+}