[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-77221":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":8,"htmlUrl":8,"language":9,"languages":8,"totalLinesOfCode":8,"stars":10,"forks":11,"watchers":12,"openIssues":12,"contributorsCount":13,"subscribersCount":13,"size":13,"stars1d":12,"stars7d":14,"stars30d":15,"stars90d":13,"forks30d":13,"starsTrendScore":16,"compositeScore":17,"rankGlobal":8,"rankLanguage":8,"license":18,"archived":19,"fork":19,"defaultBranch":20,"hasWiki":21,"hasPages":19,"topics":22,"createdAt":8,"pushedAt":8,"updatedAt":23,"readmeContent":24,"aiSummary":25,"trendingCount":13,"starSnapshotCount":13,"syncStatus":26,"lastSyncTime":27,"discoverSource":28},77221,"agent-browser-runtime","energypantry\u002Fagent-browser-runtime","energypantry",null,"JavaScript",160,47,1,0,10,130,5,5.04,"Other",false,"main",true,[],"2026-06-12 02:03:42","# Agent Browser Runtime\n\nAgent Browser Runtime is a compose-managed real Chrome runtime for AI agents. It gives each agent a leased Chrome Tab Group, a persistent browser profile, noVNC human handoff, artifact capture, extractor jobs, humanized pacing, and an explicit browser-consistency layer.\n\nThe point is simple: agents work through a shared, visible browser runtime instead of fighting over ad hoc headless sessions.\n\n## Responsible use only\n\nThis project is published only for learning, research, and responsible technical exploration.\n\nYou must comply with applicable laws, platform terms, privacy rules, account-safety boundaries, and rate-limit or access-control policies. Do not use Agent Browser Runtime for illegal activity, unauthorized access, credential or session abuse, privacy-invasive collection, spam, fraud, harassment, or any attempt to harm, overload, or disrupt a service.\n\nIf a target requires login, consent, payment, Captcha, MFA, or another human\u002Faccount-safety checkpoint, use manual handoff and respect the outcome.\n\n## License and commercial use\n\nAgent Browser Runtime is source-available under the PolyForm Noncommercial License 1.0.0. Noncommercial learning, research, experimentation, and responsible technical exploration are permitted under the license terms.\n\nCommercial use, resale, commercial hosted service use, paid product integration, or use primarily intended to support commercial activity requires a separate written commercial license from the repository owner or copyright holder.\n\n## What is included\n\n- Broker: Node\u002FFastify HTTP + WebSocket control plane for leases, jobs, artifacts, pacing, and state.\n- Browser runtime: Chromium\u002FChrome in Docker with CDP, Xvfb, x11vnc, noVNC, and a persistent profile mount.\n- TLS gateway: local HTTP proxy service wired into Chromium at launch time, with gateway health\u002Fstats surfaced by the broker.\n- Companion extension: Chrome extension that owns real tabs, real Tab Groups, debugger\u002FCDP calls, screenshots, HTML capture, session probes, humanized primitives, and real UI action primitives.\n- CLI: `.\u002Fcli\u002Fbrs.js` for status, fetch, session probes, extractor jobs, artifacts, and leases.\n- Skills: Codex and OpenClaw compatible skill folders under `skills\u002F`.\n- Examples: generic extractor examples only. Site-specific\u002Fprivate extractors are intentionally out of tree.\n\n## Quick start\n\n```bash\ncp .env.example .env\ndocker compose up --build -d\n.\u002Fscripts\u002Fsmoke-test.sh\n```\n\nTo enable a mounted `fingerprint-chromium` binary, set `BRS_FINGERPRINT_CHROMIUM_HOST_PATH` to a host directory containing `chrome-wrapper` or `chrome`, then start with the overlay:\n\n```bash\ndocker compose -f docker-compose.yml -f docker-compose.fingerprint.yml up --build -d\n```\n\nOpen noVNC when a login, challenge, or manual inspection is needed:\n\n```bash\nopen 'http:\u002F\u002F127.0.0.1:16080\u002Fvnc.html?autoconnect=true&resize=remote'\n```\n\nQuick manual checks:\n\n```bash\n.\u002Fcli\u002Fbrs.js status\n.\u002Fcli\u002Fbrs.js fetch https:\u002F\u002Fexample.com --agent demo-agent --task smoke --screenshot --humanize enhanced\n```\n\nExpected outputs: broker status, TLS gateway health, HTML artifact, screenshot artifact, and a real Chrome Tab Group visible in noVNC.\n\n`.\u002Fcli\u002Fbrs.js status` also reports `stealth.enabled`, fingerprint header\u002Fpatch toggles, and whether the startup-level TLS gateway proxy is configured and active.\nThe default runtime preset is `chrome124-macos`, which aligns the browser identity around a Chrome 124 macOS profile to match the bundled TLS gateway profile. This preset applies to regular browser work across sites unless an environment override changes it. When the fingerprint overlay is used, `status.browserRuntime.fingerprintChromium.active` reports whether the mounted binary was actually selected.\nIt now also reports the loaded runtime fingerprint summary from the extension, including generated UA family, UA-CH header keys, platform, WebGL, and hardware-surface values.\nThe `BRS_*` environment prefix is kept as the stable Browser Runtime Service config surface.\n\n## Anti-bot and browser-consistency stack\n\nThe runtime has a default-on anti-bot\u002Frisk-control compatibility layer so browser automation looks internally coherent across launch args, request headers, JS-visible surfaces, pacing, and manual handoff.\n\n- Real browser runtime instead of pure headless fetches.\n- Persistent Chrome profile for login-state reuse, cookies, localStorage, and extension state.\n- noVNC human handoff for login, Captcha, slider, MFA, and account-safety checkpoints.\n- Real Chrome Tab Groups so concurrent agents have visible, lease-scoped workspaces.\n- Seed-based fingerprint generation: user agent, UA-CH, Accept-Language, platform, WebGL, hardware concurrency, device memory, and touch points move together.\n- CDP header and emulation overrides before navigation: UA\u002FUA-CH, locale, timezone, Accept-Language, and optional extra headers.\n- Main-world stealth patching at `document_start`: webdriver, languages, platform, vendor, plugins\u002FmimeTypes, Chrome runtime stubs, permissions, media codecs, WebGL, canvas, and audio surfaces.\n- Canvas\u002Faudio noise controls and explicit WebGL\u002Fuser-agent\u002Fplatform overrides for compatibility testing.\n- Platform cooldowns plus per-job humanized warmup, mousemove, scroll, and pause primitives.\n- All-site browser interaction discipline: after the initial exact URL\u002Fprobe entry point, agents must complete workflows through visible UI controls with keyboard input, cursor movement\u002Fclicking, scrolling, hover, and pauses instead of synthesized URL jumps, querystring shortcuts, DOM-click dispatch, or backend\u002FAPI shortcuts.\n- Runtime UI action primitives exposed through `\u002Ftabs\u002F:tabId\u002Fui\u002F*` and extractor `ui` helpers: `move`, `click`, `type`, `press`, `scroll`, and `waitFor`.\n- Startup-level proxy\u002FTLS-gateway integration with QUIC disabled on the proxied path and health\u002Fstats surfacing in `status`.\n- High-trust login-host exclusions through `BRS_STEALTH_EXCLUDED_HOSTS`; `accounts.google.com` is excluded by default because spoofing can harm account login flows.\n\nThis is compatibility infrastructure for legitimate real-browser agent work, not a promise that any platform will accept automation. Use noVNC for login, Captcha, slider, or account-safety handoff.\nRuntime upgrades preserve the persisted browser profile by default; set `BRS_RESET_PROFILE_ON_SIGNATURE_CHANGE=1` only when you intentionally want to wipe cookies\u002Fprofile state after a signature change.\n\n## Session probes\n\nUse the shared probe endpoint to check whether a persisted browser profile still looks logged in on a platform:\n\n```bash\n.\u002Fcli\u002Fbrs.js probe-session linkedin --humanize off\n.\u002Fcli\u002Fbrs.js probe-session reddit --screenshot --save-html\n```\n\nThe probe writes a `session-probe` artifact and returns `connected`, `reason`, `errorCode`, auth cookie names, expiry, current URL, and lightweight page signals. Cookie values are omitted unless `--include-cookies` is passed.\nUse `--include-storage-state` only when you intentionally need a Playwright-style export with cookie and storage values. Platform cooldowns are enabled by default (`reddit=45s`, `facebook=60s`, `linkedin=180s`, `instagram=240s`) and can be bypassed per probe with `--cooldown false`.\n\n## Extractor smoke\n\n```bash\n.\u002Fcli\u002Fbrs.js extract example.extract.js https:\u002F\u002Fexample.com --agent demo-agent --task extractor-smoke --screenshot --save-html\n```\n\nDefault host CDP port is `19223` to avoid conflicts with other local browser services.\n\n## Files\n\n- `docs\u002FSPEC.md` — architecture and API spec\n- `docker-compose.yml` — tls-gateway + broker + chrome-runtime\n- `docker-compose.fingerprint.yml` — optional fingerprint-chromium mount overlay\n- `broker\u002F` — HTTP\u002FWS control plane\n- `extension\u002F` — Chrome companion extension for real Tab Groups + debugger CDP\n- `runtime\u002Fchrome\u002F` — Chromium + noVNC container\n- `tls-gateway\u002F` — local gateway service used by Chromium's startup proxy path\n- `cli\u002Fbrs.js` — small operator\u002Fclient CLI\n- `scripts\u002Fsmoke-test.sh` — full local runtime regression test\n- `extractors\u002F` — generic extractor scripts with optional params schema\n- `skills\u002Fcodex\u002Fagent-browser-runtime\u002F` — Codex skill for using the runtime\n- `skills\u002Fcodex\u002Fagent-browser-runtime-deploy\u002F` — Codex skill for deploying\u002Fverifying the runtime\n- `skills\u002Fopenclaw\u002Fagent-browser-runtime\u002F` — OpenClaw-compatible skill for using the runtime\n- `skills\u002Fopenclaw\u002Fagent-browser-runtime-deploy\u002F` — OpenClaw-compatible skill for deploying\u002Fverifying the runtime\n- `data\u002F`, `artifacts\u002F`, `runtime\u002Fprofile\u002F` — runtime state, gitignored\n\n## Operator APIs\n\n```bash\n.\u002Fcli\u002Fbrs.js jobs\n.\u002Fcli\u002Fbrs.js job \u003CjobId>\n.\u002Fcli\u002Fbrs.js artifacts --leaseId \u003CleaseId>\n.\u002Fcli\u002Fbrs.js artifact \u003CartifactId>\n.\u002Fcli\u002Fbrs.js artifact-download \u003CartifactId> \u002Ftmp\u002Fresult.json\n.\u002Fcli\u002Fbrs.js cleanup-artifacts --olderThanDays 7\n```\n\nExtractors may export `schema` \u002F `paramsSchema`; pass params with `--params '{\"includeLength\":true}'`. Use `--max-attempts 2` or `--retries 1` for retry. Failed extractor attempts write `error` artifacts for debugging.\n","Agent Browser Runtime 是一个基于真实Chrome运行环境的AI代理管理工具，通过Docker容器化技术为每个代理分配独立且持久化的浏览器标签组，并支持人工接管、数据捕获等功能。其核心功能包括：提供共享可见的浏览器运行时以替代临时无头浏览器会话，实现对网页内容的人工化访问节奏控制，以及确保浏览器行为的一致性。该项目特别适用于需要在透明可控环境下进行网络自动化操作的研究场景或学习用途，比如数据抓取、网站测试等，但明确禁止用于任何非法活动。采用Node.js\u002FFastify构建控制平面，并结合Chromium\u002FChrome、noVNC等技术栈，提供了丰富的API接口和CLI命令行工具来管理代理任务。",2,"2026-06-11 03:55:13","CREATED_QUERY"]