npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

agent-browser-priv

v0.31.1-priv.2

Published

Browser automation CLI for AI agents

Readme

agent-browser

Browser automation CLI for AI agents, distributed from the agent-browser-priv fork with Patchright as the default local backend. Fast native Rust CLI.

skills.sh

Installation

Global Installation (recommended)

Installs the native Rust binary:

npm install -g agent-browser-priv
agent-browser install  # Install Patchright browser artifacts (first time only)

Project Installation (local dependency)

For projects that want to pin the version in package.json:

npm install agent-browser-priv
agent-browser install

Then use via package.json scripts or by invoking agent-browser directly.

Homebrew (macOS)

brew install liuwen/agent-browser-priv/agent-browser
agent-browser install  # Install Patchright browser artifacts (first time only)

Cargo (Rust)

cargo install --git https://github.com/liuwen/agent-browser-priv
agent-browser install  # Install Patchright browser artifacts (first time only)

From Source

Requires Node.js 24+, pnpm 11+, and Rust.

git clone https://github.com/liuwen/agent-browser-priv
cd agent-browser-priv
pnpm install
pnpm build
pnpm build:native   # Requires Rust (https://rustup.rs)
pnpm link --global  # Makes agent-browser available globally
agent-browser install

Linux Dependencies

On Linux, install system dependencies:

agent-browser install --with-deps

This exits nonzero if the package manager cannot install every required browser library.

Updating

Upgrade to the latest version:

agent-browser upgrade

Detects your installation method (npm, Homebrew, or Cargo) and runs the appropriate update command automatically.

agent-browser doctor reports the installed Patchright backend version, the Patchright version pinned by the current agent-browser release, and npm latest when network checks are enabled. Patchright updates are release-controlled: after upgrading agent-browser, run agent-browser install to refresh the backend to the version pinned by that release.

Requirements

  • Patchright backend - Run agent-browser install to install pinned Patchright and its browser artifacts for the default local backend. Requires Node.js and npm for install and runtime launch.
  • Chrome backend - Use agent-browser install chrome to download Chrome from Chrome for Testing for --backend chrome. Existing Chrome, Brave, Playwright, and Puppeteer installations are detected automatically.
  • Node.js 24+ and pnpm 11+ - pnpm is only needed when building from source; Node.js is also needed by the default Patchright backend.
  • Rust - Only needed when building from source (see From Source above).

Quick Start

agent-browser open example.com
agent-browser snapshot                    # Get accessibility tree with refs
agent-browser click @e2                   # Click by ref from snapshot
agent-browser fill @e3 "[email protected]" # Fill by ref
agent-browser get text @e1                # Get text by ref
agent-browser screenshot page.png
agent-browser close

Clicks fail early when another element covers the target's click point, for example a consent banner or modal. Dismiss or interact with the reported covering element, then take a fresh snapshot before retrying the original ref.

Headless Chromium screenshots hide native scrollbars for consistent image output. Pass --hide-scrollbars false when launching to keep native scrollbars visible.

Traditional Selectors (also supported)

agent-browser click "#submit"
agent-browser fill "#email" "[email protected]"
agent-browser find role button click --name "Submit"

Commands

Core Commands

agent-browser open                    # Launch browser (no navigation); stays on about:blank
agent-browser open <url>              # Launch + navigate to URL (aliases: goto, navigate)
agent-browser open --wait-until none <url>  # Return immediately after navigation is sent
agent-browser read [url]              # Fetch agent-readable text, or read rendered active-tab DOM
agent-browser click <sel>             # Click element (--new-tab to open in new tab)
agent-browser dblclick <sel>          # Double-click element
agent-browser focus <sel>             # Focus element
agent-browser type <sel> <text>       # Type into element
agent-browser fill <sel> <text>       # Clear and fill
agent-browser press <key>             # Press key (Enter, Tab, Control+a) (alias: key)
agent-browser keyboard type <text>    # Type with real keystrokes (no selector, current focus)
agent-browser keyboard inserttext <text>  # Insert text without key events (no selector)
agent-browser keydown <key>           # Hold key down
agent-browser keyup <key>             # Release key
agent-browser hover <sel>             # Hover element
agent-browser select <sel> <val>      # Select dropdown option
agent-browser check <sel>             # Check checkbox
agent-browser uncheck <sel>           # Uncheck checkbox
agent-browser scroll <dir> [px]       # Scroll (up/down/left/right, --selector <sel>)
agent-browser scrollintoview <sel>    # Scroll element into view (alias: scrollinto)
agent-browser drag <src> <tgt>        # Drag and drop
agent-browser upload <sel> <files>    # Upload files
agent-browser screenshot [path]       # Take screenshot (--full for full page, saves to a temporary directory if no path)
agent-browser screenshot --annotate   # Annotated screenshot with numbered element labels
agent-browser screenshot --screenshot-dir ./shots    # Save to custom directory
agent-browser screenshot --screenshot-format jpeg --screenshot-quality 80
agent-browser pdf <path>              # Save as PDF
agent-browser snapshot                # Accessibility tree with refs (best for AI)
agent-browser eval <js>               # Run JavaScript (-b for base64, --stdin for piped input)
agent-browser connect <port>          # Connect to browser via CDP
agent-browser stream enable [--port <port>]  # Start runtime WebSocket streaming
agent-browser stream status           # Show runtime streaming state and bound port
agent-browser stream disable          # Stop runtime WebSocket streaming
agent-browser close                   # Close browser (aliases: quit, exit)
agent-browser close --all             # Close all active sessions
agent-browser chat "<instruction>"    # AI chat: natural language browser control (single-shot)
agent-browser chat                    # AI chat: interactive REPL mode

Get Info

agent-browser get text <sel>          # Get text content
agent-browser get html <sel>          # Get innerHTML
agent-browser get value <sel>         # Get input value
agent-browser get attr <sel> <attr>   # Get attribute
agent-browser get title               # Get page title
agent-browser get url                 # Get current URL
agent-browser get cdp-url             # Get CDP WebSocket URL (for DevTools, debugging)
agent-browser get count <sel>         # Count matching elements
agent-browser get box <sel>           # Get bounding box
agent-browser get styles <sel>        # Get computed styles

Read Agent-Friendly Text

agent-browser read
agent-browser read https://example.com/article
agent-browser read https://example.com/article --filter overview
agent-browser read https://example.com/article --outline
agent-browser read https://docs.example.com --llms index --filter auth
agent-browser read https://docs.example.com --llms full --filter auth
agent-browser read example.com/article --require-md
agent-browser read https://example.com/article --json

read fetches a URL without launching Chrome. Omit the URL to read the rendered DOM of the active tab in the current browser session, including browser auth state and client-side updates. Explicit URL reads send Accept: text/markdown by default, try the same URL with .md appended when the first response is not markdown, walk ancestor paths toward / to find the nearest llms.txt for a matching docs link, print markdown or plain text when available, and fall back to readable text extracted from HTML. --llms and --require-md with no URL use the active tab URL because they depend on HTTP resources. read does not read llms-full.txt unless you ask for it.

Options: --raw prints the response body without HTML extraction, --require-md fails unless the server returns Content-Type: text/markdown, --outline prints a compact heading outline for one page, --llms index prints a compact nearest-ancestor llms.txt link list, --llms full reads the nearest-ancestor llms-full.txt, --filter <text> narrows page sections, llms links/sections, or outline headings, and --timeout <ms> changes the request timeout. Global safeguards such as --allowed-domains, --content-boundaries, and --max-output also apply to read fetches and output.

Check State

agent-browser is visible <sel>        # Check if visible
agent-browser is enabled <sel>        # Check if enabled
agent-browser is checked <sel>        # Check if checked

Find Elements (Semantic Locators)

agent-browser find role <role> <action> [value]       # By ARIA role
agent-browser find text <text> <action>               # By text content
agent-browser find label <label> <action> [value]     # By label
agent-browser find placeholder <ph> <action> [value]  # By placeholder
agent-browser find alt <text> <action>                # By alt text
agent-browser find title <text> <action>              # By title attr
agent-browser find testid <id> <action> [value]       # By data-testid
agent-browser find first <sel> <action> [value]       # First match
agent-browser find last <sel> <action> [value]        # Last match
agent-browser find nth <n> <sel> <action> [value]     # Nth match

Actions: click, fill, type, hover, focus, check, uncheck, text

Options: --name <name> (filter role by accessible name), --exact (require exact text match)

Examples:

agent-browser find role button click --name "Submit"
agent-browser find text "Sign In" click
agent-browser find label "Email" fill "[email protected]"
agent-browser find first ".item" click
agent-browser find nth 2 "a" text

Wait

agent-browser wait <selector>         # Wait for element to be visible
agent-browser wait <ms>               # Wait for time (milliseconds)
agent-browser wait --text "Welcome"   # Wait for text to appear (substring match)
agent-browser wait --url "**/dash"    # Wait for URL pattern
agent-browser wait --load networkidle # Wait for load state
agent-browser wait --fn "window.ready === true"  # Wait for JS condition

# Wait for text/element to disappear
agent-browser wait --fn "!document.body.innerText.includes('Loading...')"
agent-browser wait "#spinner" --state hidden

Load states: load, domcontentloaded, networkidle

Batch Execution

Execute multiple commands in a single invocation. Commands can be passed as quoted arguments or piped as JSON via stdin. This avoids per-command process startup overhead when running multi-step workflows.

# Argument mode: each quoted argument is a full command
agent-browser batch "open https://example.com" "snapshot -i" "screenshot"

# With --bail to stop on first error
agent-browser batch --bail "open https://example.com" "click @e1" "screenshot"

# Stdin mode: pipe commands as JSON
echo '[
  ["open", "https://example.com"],
  ["snapshot", "-i"],
  ["click", "@e1"],
  ["screenshot", "result.png"]
]' | agent-browser batch --json

Clipboard

agent-browser clipboard read                      # Read text from clipboard
agent-browser clipboard write "Hello, World!"     # Write text to clipboard
agent-browser clipboard copy                      # Copy current selection (Ctrl+C)
agent-browser clipboard paste                     # Paste from clipboard (Ctrl+V)

Mouse Control

agent-browser mouse move <x> <y>      # Move mouse
agent-browser mouse down [button]     # Press button (left/right/middle)
agent-browser mouse up [button]       # Release button
agent-browser mouse wheel <dy> [dx]   # Scroll wheel

Browser Settings

agent-browser set viewport <w> <h> [scale]  # Set viewport size (scale for retina, e.g. 2)
agent-browser set device <name>       # Emulate device ("iPhone 14")
agent-browser set geo <lat> <lng>     # Set geolocation
agent-browser set offline [on|off]    # Toggle offline mode
agent-browser set headers <json>      # Extra HTTP headers
agent-browser set credentials <u> <p> # HTTP basic auth
agent-browser set media [dark|light]  # Emulate color scheme

Cookies & Storage

agent-browser cookies                 # Get all cookies
agent-browser cookies set <name> <val> # Set cookie
agent-browser cookies set --curl <file> # Import cookies from a Copy-as-cURL dump,
                                        # JSON array, or bare Cookie header (auto-detected)
agent-browser cookies clear           # Clear cookies

agent-browser storage local           # Get all localStorage
agent-browser storage local <key>     # Get specific key
agent-browser storage local set <k> <v>  # Set value
agent-browser storage local clear     # Clear all

agent-browser storage session         # Same for sessionStorage

Network

agent-browser network route <url>              # Intercept requests
agent-browser network route <url> --abort      # Block requests
agent-browser network route <url> --body <json>  # Mock response
agent-browser network route '*' --abort --resource-type script  # Block scripts only
agent-browser network unroute [url]            # Remove routes
agent-browser network requests                 # View tracked requests
agent-browser network requests --filter api    # Filter requests
agent-browser network requests --type xhr,fetch  # Filter by resource type
agent-browser network requests --method POST   # Filter by HTTP method
agent-browser network requests --status 2xx    # Filter by status (200, 2xx, 400-499)
agent-browser network request <requestId>      # View full request/response detail
agent-browser network har start                # Start HAR recording
agent-browser network har stop [output.har]    # Stop and save HAR (temp path if omitted)

Tabs & Windows

agent-browser tab                              # List tabs (shows `tabId` and optional label)
agent-browser tab new [url]                    # New tab (optionally with URL)
agent-browser tab new --label docs [url]       # New tab with a user-assigned label
agent-browser tab <t<N>|label>                 # Switch to a tab by id or label
agent-browser tab close [t<N>|label]           # Close a tab (defaults to active)
agent-browser window new                       # New window

Tab ids are stable strings of the form t1, t2, t3. They're never reused within a session, so scripts and agents can keep referring to the same tab even after other tabs are opened or closed. Positional integers like tab 2 are not accepted; the t prefix disambiguates handles from indices and mirrors the @e1 convention used for element refs.

You can also assign a memorable label (docs, app, admin) and use it interchangeably with the id. Labels are never auto-generated and never rewritten on navigation — they're yours to name and keep:

agent-browser tab new --label docs https://docs.example.com
agent-browser tab docs               # switch to the docs tab
agent-browser snapshot               # populate refs for docs
agent-browser click @e3              # click uses docs's refs
agent-browser tab close docs         # close by label

Frames

agent-browser frame <sel>             # Switch to iframe
agent-browser frame main              # Back to main frame

Dialogs

agent-browser dialog accept [text]    # Accept (with optional prompt text)
agent-browser dialog dismiss          # Dismiss
agent-browser dialog status           # Check if a dialog is currently open

By default, alert and beforeunload dialogs are automatically accepted so they never block the agent. confirm and prompt dialogs still require explicit handling. Use --no-auto-dialog (or AGENT_BROWSER_NO_AUTO_DIALOG=1) to disable automatic handling.

When a JavaScript dialog is pending, all command responses include a warning field with the dialog type and message.

Diff

agent-browser diff snapshot                              # Compare current vs last snapshot
agent-browser diff snapshot --baseline before.txt        # Compare current vs saved snapshot file
agent-browser diff snapshot --selector "#main" --compact # Scoped snapshot diff
agent-browser diff screenshot --baseline before.png      # Visual pixel diff against baseline
agent-browser diff screenshot --baseline b.png -o d.png  # Save diff image to custom path
agent-browser diff screenshot --baseline b.png -t 0.2    # Adjust color threshold (0-1)
agent-browser diff url https://v1.com https://v2.com     # Compare two URLs (snapshot diff)
agent-browser diff url https://v1.com https://v2.com --screenshot  # Also visual diff
agent-browser diff url https://v1.com https://v2.com --wait-until networkidle  # Custom wait strategy
agent-browser diff url https://v1.com https://v2.com --selector "#main"  # Scope to element

Debug

agent-browser trace start             # Start recording trace
agent-browser trace stop [path]       # Stop and save trace
agent-browser profiler start          # Start Chrome DevTools profiling
agent-browser profiler stop [path]    # Stop and save profile (.json)
agent-browser console                 # View console messages (log, error, warn, info)
agent-browser console --json          # JSON output with raw CDP args for programmatic access
agent-browser console --clear         # Clear console
agent-browser errors                  # View page errors (uncaught JavaScript exceptions)
agent-browser errors --clear          # Clear errors
agent-browser highlight <sel>         # Highlight element
agent-browser inspect                 # Open Chrome DevTools for the active page
agent-browser state save <path>       # Save auth state
agent-browser state load <path>       # Load auth state
agent-browser state list              # List saved state files
agent-browser state show <file>       # Show state summary
agent-browser state rename <old> <new> # Rename state file
agent-browser state clear [name]      # Clear states for session
agent-browser state clear --all       # Clear all saved states
agent-browser state clean --older-than <days>  # Delete old states

Navigation

agent-browser back                    # Go back
agent-browser forward                 # Go forward
agent-browser reload                  # Reload page
agent-browser pushstate <url>         # SPA client-side nav; auto-detects window.next.router.push,
                                      # falls back to history.pushState + popstate

Pre-navigation setup

Some flows (SSR debug, auth cookies for protected origins, init scripts) need state set up before the first navigation. Use open with no URL to launch the browser, then stage cookies / routes / init scripts, then navigate. batch sends it all in one CLI call:

agent-browser batch \
  '["open"]' \
  '["network","route","*","--abort","--resource-type","script"]' \
  '["cookies","set","--curl","cookies.curl","--domain","localhost"]' \
  '["navigate","http://localhost:3000/target"]'

Without batch the same sequence is three commands that all reuse the same daemon (fast, but not one turn).

React / Web Vitals

Agent-browser ships with first-class React introspection and universal Web Vitals metrics. The React commands need the React DevTools hook installed at launch; Web Vitals and pushstate are framework-agnostic.

agent-browser open --enable react-devtools <url>   # Launch with React hook installed
agent-browser react tree                           # Full component tree
agent-browser react inspect <fiberId>              # props, hooks, state, source
agent-browser react renders start                  # Begin fiber render recording
agent-browser react renders stop [--json]          # Stop and print profile (--json for raw data)
agent-browser react suspense [--only-dynamic] [--json]  # Suspense boundaries + classifier
                                                         # --only-dynamic hides the "static" list
agent-browser vitals [url] [--json]                # LCP/CLS/TTFB/FCP/INP + hydration summary

Each react ... subcommand requires --enable react-devtools to have been passed at launch (the React DevTools installHook.js is embedded in the binary). Without it the commands error with `React DevTools hook not installed

  • relaunch with --enable react-devtools`.

Works on any React app — Next.js, Remix, Vite+React, CRA, TanStack Start, React Native Web, etc. vitals and pushstate are framework-agnostic. vitals prints a summary by default; pass --json for the full structured payload.

Init scripts

agent-browser open --init-script <path>           # Register page init script before first navigation
                                                  # (repeatable; also AGENT_BROWSER_INIT_SCRIPTS env)
agent-browser addinitscript <js>                  # Register at runtime (returns identifier)
agent-browser removeinitscript <identifier>       # Remove a previously registered init script

Setup

agent-browser install                 # Install Patchright browser artifacts
agent-browser install chrome          # Download Chrome from Chrome for Testing
agent-browser install --with-deps     # Also install system deps (Linux)
agent-browser upgrade                 # Upgrade agent-browser to the latest version
agent-browser doctor                  # Diagnose the install and auto-clean stale daemon files
agent-browser doctor --fix            # Also run destructive repairs
agent-browser doctor --offline --quick  # Skip network probes and the live launch test
agent-browser mcp                     # Start an MCP stdio server

doctor checks your environment, browser backend install, daemon state, config files, encryption key, providers, network reachability, and runs a live headless browser launch test. Stale socket/pid sidecar files are auto-cleaned. Output is also available as --json for agents.

Skills

agent-browser skills                  # List available skills
agent-browser skills list             # Same as above
agent-browser skills get <name>       # Output a skill's full content
agent-browser skills get <name> --full  # Include references and templates
agent-browser skills get --all        # Output every skill
agent-browser skills path [name]      # Print skill directory path

Serves bundled skill content that always matches the installed CLI version. AI agents use this to get current instructions rather than relying on cached copies. Binary-only installs hydrate bundled skills into ~/.agent-browser/skills/<version> when no package directory is available. Set AGENT_BROWSER_SKILLS_DIR to override the skills directory path.

MCP Server

agent-browser mcp
agent-browser mcp --tools all
agent-browser mcp --tools core,network,react

Starts a Model Context Protocol server over stdio. MCP clients launch this command as a subprocess and exchange newline-delimited JSON-RPC on stdin and stdout. The server defaults to MCP protocol 2025-11-25 and accepts older supported client protocol versions during initialization.

The default tools profile is core, which keeps MCP context small for everyday browser automation. Use --tools all for the full typed CLI parity surface, or combine profiles with commas, such as --tools core,network,react.

Profiles:

  • core — Default. Navigation, snapshots, interaction, waits, reads, screenshots, JavaScript eval, close, tab basics, and profile discovery
  • network — Network routes, request inspection, HAR, headers, credentials, offline
  • state — Cookies, storage, auth, saved state, sessions, profiles, skills
  • debug — Console/errors, tracing, profiling, recording, clipboard, plugins, doctor, dashboard, install, upgrade, chat, diff, batch, confirm/deny
  • tabs — Back/forward/reload, tabs, windows, frames, dialogs
  • react — React tree/inspect/renders/suspense, vitals, pushstate
  • mobile — Viewport/device/geolocation/media, touch, swipe, mouse, keyboard
  • all — Every MCP tool, including the full typed CLI parity surface

Common tools include:

  • agent_browser_tools_profiles
  • agent_browser_open
  • agent_browser_snapshot
  • agent_browser_click
  • agent_browser_fill
  • agent_browser_type
  • agent_browser_press
  • agent_browser_wait_for_selector
  • agent_browser_screenshot
  • agent_browser_get_url
  • agent_browser_eval
  • agent_browser_close

Each tool has typed fields such as url, selector, text, key, and session, so MCP clients show meaningful approval prompts instead of raw command arrays. Each tool also accepts extraArgs for advanced CLI flags and exact CLI parity. Tool discovery is paginated and includes read-only/open-world annotations so modern MCP clients can load the large typed surface incrementally.

Example MCP client config:

{
  "mcpServers": {
    "agent-browser": {
      "command": "agent-browser",
      "args": ["mcp"]
    }
  }
}

Full parity MCP client config:

{
  "mcpServers": {
    "agent-browser": {
      "command": "agent-browser",
      "args": ["mcp", "--tools", "all"]
    }
  }
}

Tool invocations use the same config files and environment variables as the CLI. Use session in the tool arguments, or set AGENT_BROWSER_SESSION, to isolate browser state.

Authentication

agent-browser provides multiple ways to persist login sessions so you don't re-authenticate every run.

Quick summary

| Approach | Best for | Flag / Env | |----------|----------|------------| | Chrome profile reuse | Reuse your existing Chrome login state (cookies, sessions) with zero setup | --profile <name> / AGENT_BROWSER_PROFILE | | Persistent profile | Full browser state (cookies, IndexedDB, service workers, cache) across restarts | --profile <path> / AGENT_BROWSER_PROFILE | | Session persistence | Auto-save/restore cookies + localStorage from a stable session key | --session <id> --restore / AGENT_BROWSER_RESTORE | | Import from your browser | Grab auth from a Chrome session you already logged into | --auto-connect + state save | | State file | Load a previously saved state JSON on launch | --state <path> / AGENT_BROWSER_STATE | | Auth vault | Store credentials locally (encrypted), login by name | auth save / auth login |

Import auth from your browser

If you are already logged in to a site in Chrome, you can grab that auth state and reuse it:

# 1. Launch Chrome with remote debugging enabled
#    macOS:
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" --remote-debugging-port=9222
#    Or use --auto-connect to discover an already-running Chrome

# 2. Connect and save the authenticated state
agent-browser --auto-connect state save ./my-auth.json

# 3. Use the saved auth in future sessions
agent-browser --state ./my-auth.json open https://app.example.com/dashboard

# 4. Or use --restore for automatic persistence
SESSION="$(agent-browser session id --scope worktree --prefix myapp)"
agent-browser --session "$SESSION" --restore --state ./my-auth.json open https://app.example.com/dashboard
# From now on, --session "$SESSION" --restore auto-saves/restores this state

Security notes:

  • --remote-debugging-port exposes full browser control on localhost. Any local process can connect. Only use on trusted machines and close Chrome when done.
  • State files contain session tokens in plaintext. Add them to .gitignore and delete when no longer needed. For encryption at rest, set AGENT_BROWSER_ENCRYPTION_KEY (see State Encryption).

For full details on login flows, OAuth, 2FA, cookie-based auth, and the auth vault, see the Authentication docs.

Sessions

Run multiple isolated browser instances:

# Different sessions
agent-browser --session agent1 open site-a.com
agent-browser --session agent2 open site-b.com

# Or via environment variable
AGENT_BROWSER_SESSION=agent1 agent-browser click "#btn"

# List active sessions
agent-browser session list
# Output:
# Active sessions:
# -> default
#    agent1

# Show current session
agent-browser session

# Generate a stable worktree-scoped session id
agent-browser session id --scope worktree --prefix next-dev-loop

# Inspect daemon, launch, and restore status
agent-browser session info --json

Each session has its own:

  • Browser instance
  • Cookies and storage
  • Navigation history
  • Authentication state

Chrome Profile Reuse

The fastest way to use your existing login state: pass a Chrome profile name to --profile:

# List available Chrome profiles
agent-browser profiles

# Reuse your default Chrome profile's login state
agent-browser --profile Default open https://gmail.com

# Use a named profile (by display name or directory name)
agent-browser --profile "Work" open https://app.example.com

# Or via environment variable
AGENT_BROWSER_PROFILE=Default agent-browser open https://gmail.com

This copies your Chrome profile to a temp directory (read-only snapshot, no changes to your original profile), so the browser launches with your existing cookies and sessions.

Note: On Windows, close Chrome before using --profile <name> if Chrome is running, as some profile files may be locked.

Persistent Profiles

For a persistent custom profile directory that stores state across browser restarts, pass a path to --profile:

# Use a persistent profile directory
agent-browser --profile ~/.myapp-profile open myapp.com

# Login once, then reuse the authenticated session
agent-browser --profile ~/.myapp-profile open myapp.com/dashboard

# Or via environment variable
AGENT_BROWSER_PROFILE=~/.myapp-profile agent-browser open myapp.com

The profile directory stores:

  • Cookies and localStorage
  • IndexedDB data
  • Service workers
  • Browser cache
  • Login sessions

Tip: Use different profile paths for different projects to keep their browser state isolated.

Session Persistence

Use --restore with a stable --session to automatically save and restore cookies and localStorage across browser restarts:

# Generate a stable id for this worktree and auto-save/load state
SESSION="$(agent-browser session id --scope worktree --prefix twitter)"
agent-browser --session "$SESSION" --restore open twitter.com

# Login once, then state persists automatically
# State files stored in ~/.agent-browser/sessions/

# Optional: validate restored state before auto-saving again
agent-browser --session "$SESSION" --restore --restore-check-text Dashboard open twitter.com

State Encryption

Encrypt saved session data at rest with AES-256-GCM:

# Generate key: openssl rand -hex 32
export AGENT_BROWSER_ENCRYPTION_KEY=<64-char-hex-key>

# State files are now encrypted automatically
agent-browser --session secure --restore open example.com

| Variable | Description | | --------------------------------- | -------------------------------------------------- | | AGENT_BROWSER_RESTORE | Auto-save/load state persistence name | | AGENT_BROWSER_RESTORE_SAVE | Restore save policy: auto, always, or never | | AGENT_BROWSER_NAMESPACE | Namespace for daemon sockets and restore state | | AGENT_BROWSER_SESSION_NAME | Legacy auto-save/load state persistence name | | AGENT_BROWSER_ENCRYPTION_KEY | 64-char hex key for AES-256-GCM encryption | | AGENT_BROWSER_STATE_EXPIRE_DAYS | Auto-delete states older than N days (default: 30) |

Security

agent-browser includes security features for safe AI agent deployments. All features are opt-in, and existing workflows are unaffected until you explicitly enable a feature:

  • Authentication Vault: Store credentials locally (always encrypted), reference by name. The LLM never sees passwords. auth login navigates with load and then waits for login form selectors to appear (SPA-friendly, timeout follows the default action timeout). A key is auto-generated at ~/.agent-browser/.encryption-key if AGENT_BROWSER_ENCRYPTION_KEY is not set: echo "pass" | agent-browser auth save github --url https://github.com/login --username user --password-stdin then agent-browser auth login github
  • Plugin System: Extend agent-browser with external executable plugins. Plugins run out-of-process over the agent-browser.plugin.v1 stdio JSON protocol and declare capabilities such as credential.read, browser.provider, launch.mutate, or command.run.
  • Content Boundary Markers: Wrap page output in delimiters so LLMs can distinguish tool output from untrusted content: --content-boundaries
  • Domain Allowlist: Restrict navigation to trusted domains (wildcards like *.example.com also match the bare domain): --allowed-domains "example.com,*.example.com". Sub-resource requests (scripts, images, fetch) and WebSocket/EventSource connections to non-allowed domains are also blocked. Include any CDN domains your target pages depend on (e.g., *.cdn.example.com).
  • Action Policy: Gate destructive actions with a static policy file: --action-policy ./policy.json
  • Action Confirmation: Require explicit approval for sensitive action categories: --confirm-actions eval,download
  • Output Length Limits: Prevent context flooding: --max-output 50000

| Variable | Description | | ----------------------------------- | ---------------------------------------- | | AGENT_BROWSER_CONTENT_BOUNDARIES | Wrap page output in boundary markers | | AGENT_BROWSER_MAX_OUTPUT | Max characters for page output | | AGENT_BROWSER_ALLOWED_DOMAINS | Comma-separated allowed domain patterns | | AGENT_BROWSER_ACTION_POLICY | Path to action policy JSON file | | AGENT_BROWSER_CONFIRM_ACTIONS | Action categories requiring confirmation | | AGENT_BROWSER_CONFIRM_INTERACTIVE | Enable interactive confirmation prompts | | AGENT_BROWSER_PLUGINS | JSON plugin registry override |

See Security documentation for details.

Plugin System

Plugins let third-party tools integrate without becoming built-in agent-browser dependencies. Add a plugin from npm or GitHub:

agent-browser plugin add agent-browser-plugin-captcha
agent-browser plugin add @company/agent-browser-plugin-vault --name vault
agent-browser plugin add org/agent-browser-plugin-cloud-browser

References are resolved by shape: name uses npm, @scope/name uses npm, and owner/repo uses GitHub. plugin add writes ./agent-browser.json by default; use --global for ~/.agent-browser/config.json.

Plugin packages should support plugin.manifest so plugin add can discover their name and capabilities automatically. If a plugin does not support manifests, pass --capability <name> during add.

Plugins can also be configured manually in agent-browser.json:

{
  "plugins": [
    {
      "name": "vault",
      "command": "agent-browser-plugin-vault",
      "capabilities": ["credential.read"]
    },
    {
      "name": "cloud-browser",
      "command": "agent-browser-plugin-cloud-browser",
      "capabilities": ["browser.provider"]
    },
    {
      "name": "stealth",
      "command": "agent-browser-plugin-stealth",
      "capabilities": ["launch.mutate"]
    },
    {
      "name": "captcha",
      "command": "agent-browser-plugin-captcha",
      "capabilities": ["command.run", "captcha.solve"]
    }
  ]
}

Inspect configured plugins:

agent-browser plugin list
agent-browser plugin show vault

Use a credential provider plugin for one login:

agent-browser auth login my-app --credential-provider vault --item "My App"
agent-browser auth login my-app --credential-provider vault --item "My App" --url https://app.example.com/login --username-selector "#email" --password-selector "#password" --submit-selector "button[type=submit]"

Use a browser provider plugin:

agent-browser --provider cloud-browser open https://example.com

Use a launch mutator plugin for stealth or local launch customization. The plugin can append Chrome args, extensions, and init scripts before the browser starts:

agent-browser open https://example.com

Use a generic plugin command for domain-specific tools such as CAPTCHA solvers:

agent-browser plugin run captcha captcha.solve --payload '{"siteKey":"...","url":"https://example.com"}'

The protocol request always includes protocol, type, capability, and request. A credential plugin receives credential.resolve, a browser provider receives browser.launch, a launch mutator receives launch.mutate, and generic commands receive the supplied request type. plugin run is for command.run and custom capabilities; core capabilities and protocol request types use their dedicated command paths. agent-browser keeps browser automation, redaction-sensitive output, and policy enforcement in core.

Gate plugin access by capability action:

agent-browser --confirm-actions plugin:vault:credential.read auth login my-app --credential-provider vault --item "My App"
agent-browser --confirm-actions plugin:cloud-browser:browser.provider --provider cloud-browser open https://example.com
agent-browser --confirm-actions plugin:stealth:launch.mutate open https://example.com

Do not put vault tokens or passwords in plugin command args. Use the vault vendor's own login/session mechanism or environment outside agent-browser config.

Snapshot Options

The snapshot command supports filtering to reduce output size:

agent-browser snapshot                    # Full accessibility tree
agent-browser snapshot -i                 # Interactive elements only (buttons, inputs, links)
agent-browser snapshot -i --urls          # Interactive elements with link URLs
agent-browser snapshot -c                 # Compact (remove empty structural elements)
agent-browser snapshot -d 3               # Limit depth to 3 levels
agent-browser snapshot -s "#main"         # Scope to CSS selector
agent-browser snapshot -i -c -d 5         # Combine options

| Option | Description | | ---------------------- | ----------------------------------------------------------------------- | | -i, --interactive | Only show interactive elements (buttons, links, inputs) | | -u, --urls | Include href URLs for link elements | | -c, --compact | Remove empty structural elements | | -d, --depth <n> | Limit tree depth | | -s, --selector <sel> | Scope to CSS selector |

Annotated Screenshots

The --annotate flag overlays numbered labels on interactive elements in the screenshot. Each label [N] corresponds to ref @eN, so the same refs work for both visual and text-based workflows.

Annotated screenshots are supported on the CDP-backed browser path (Chrome/Lightpanda). The Safari/WebDriver backend does not yet support --annotate.

agent-browser screenshot --annotate
# -> Screenshot saved to /tmp/screenshot-2026-02-17T12-00-00-abc123.png
#    [1] @e1 button "Submit"
#    [2] @e2 link "Home"
#    [3] @e3 textbox "Email"

After an annotated screenshot, refs are cached so you can immediately interact with elements:

agent-browser screenshot --annotate ./page.png
agent-browser click @e2     # Click the "Home" link labeled [2]

This is useful for multimodal AI models that can reason about visual layout, unlabeled icon buttons, canvas elements, or visual state that the text accessibility tree cannot capture.

Options

| Option | Description | |--------|-------------| | --session <name> | Use isolated session (or AGENT_BROWSER_SESSION env) | | --restore [name] | Auto-save/restore session state. Bare --restore uses --session as the key | | --restore-save <policy> | Restore save policy: auto, always, or never | | --restore-check-url <glob> | Validate restored state against a URL pattern | | --restore-check-text <text> | Validate restored state against page text | | --restore-check-fn <js> | Validate restored state against a truthy JavaScript expression | | --namespace <name> | Isolate daemon sockets and restore-state directories | | --session-name <name> | Legacy alias for restore persistence key | | --profile <name\|path> | Chrome profile name or persistent directory path (or AGENT_BROWSER_PROFILE env) | | --state <path> | Load storage state from JSON file (or AGENT_BROWSER_STATE env) | | --headers <json> | Set HTTP headers scoped to the URL's origin | | --executable-path <path> | Custom browser executable (or AGENT_BROWSER_EXECUTABLE_PATH env) | | --extension <path> | Load browser extension (repeatable; or AGENT_BROWSER_EXTENSIONS env) | | --init-script <path> | Register a page init script before the first navigation (repeatable; or AGENT_BROWSER_INIT_SCRIPTS env) | | --enable <feature> | Built-in init scripts: react-devtools (repeatable or comma-list; or AGENT_BROWSER_ENABLE env) | | --args <args> | Browser launch args, comma or newline separated (or AGENT_BROWSER_ARGS env) | | --user-agent <ua> | Custom User-Agent string (or AGENT_BROWSER_USER_AGENT env) | | --proxy <url> | Proxy server URL with optional auth (or AGENT_BROWSER_PROXY env) | | --proxy-bypass <hosts> | Hosts to bypass proxy (or AGENT_BROWSER_PROXY_BYPASS env) | | --ignore-https-errors | Ignore HTTPS certificate errors (useful for self-signed certs) | | --allow-file-access | Allow file:// URLs to access local files (Chromium only) | | --hide-scrollbars <bool> | Hide native scrollbars in headless Chromium screenshots, enabled by default (or AGENT_BROWSER_HIDE_SCROLLBARS env) | | -p, --provider <name> | Browser provider, including configured browser.provider plugins (or AGENT_BROWSER_PROVIDER env) | | --device <name> | iOS device name, e.g. "iPhone 15 Pro" (or AGENT_BROWSER_IOS_DEVICE env) | | --json | JSON output (for agents) | | --annotate | Annotated screenshot with numbered element labels (or AGENT_BROWSER_ANNOTATE env) | | --screenshot-dir <path> | Default screenshot output directory (or AGENT_BROWSER_SCREENSHOT_DIR env) | | --screenshot-quality <n> | JPEG quality 0-100 (or AGENT_BROWSER_SCREENSHOT_QUALITY env) | | --screenshot-format <fmt> | Screenshot format: png, jpeg (or AGENT_BROWSER_SCREENSHOT_FORMAT env) | | --headed | Show browser window (not headless) (or AGENT_BROWSER_HEADED env) | | --cdp <port\|url> | Connect via Chrome DevTools Protocol (port or WebSocket URL) | | --auto-connect | Auto-discover and connect to running Chrome (or AGENT_BROWSER_AUTO_CONNECT env) | | --color-scheme <scheme> | Color scheme: dark, light, no-preference (or AGENT_BROWSER_COLOR_SCHEME env) | | --download-path <path> | Default download directory (or AGENT_BROWSER_DOWNLOAD_PATH env) | | --content-boundaries | Wrap page output in boundary markers for LLM safety (or AGENT_BROWSER_CONTENT_BOUNDARIES env) | | --max-output <chars> | Truncate page output to N characters (or AGENT_BROWSER_MAX_OUTPUT env) | | --allowed-domains <list> | Comma-separated allowed domain patterns (or AGENT_BROWSER_ALLOWED_DOMAINS env) | | --action-policy <path> | Path to action policy JSON file (or AGENT_BROWSER_ACTION_POLICY env) | | --confirm-actions <list> | Action categories requiring confirmation (or AGENT_BROWSER_CONFIRM_ACTIONS env) | | --confirm-interactive | Interactive confirmation prompts; auto-denies if stdin is not a TTY (or AGENT_BROWSER_CONFIRM_INTERACTIVE env) | | --engine <name> | Browser engine: chrome (default), lightpanda (or AGENT_BROWSER_ENGINE env) | | --backend <name> | Local Chrome backend: patchright (default), chrome (or AGENT_BROWSER_BACKEND env) | | --no-auto-dialog | Disable automatic dismissal of alert/beforeunload dialogs (or AGENT_BROWSER_NO_AUTO_DIALOG env) | | --model <name> | AI model for chat command (or AI_GATEWAY_MODEL env) | | -v, --verbose | Show tool commands and their raw output (chat) | | -q, --quiet | Show only AI text responses, hide tool calls (chat) | | --config <path> | Use a custom config file (or AGENT_BROWSER_CONFIG env) | | --debug | Debug output |

Patchright fork behavior

This fork keeps the upstream agent-browser command surface and adds a backend choice for local Chrome-compatible launches. Normal commands remain the same:

agent-browser open https://example.com
agent-browser snapshot -i
agent-browser get title
agent-browser close

The fork-specific default is --backend patchright for local Chrome launches. Patchright launches the browser process and exposes a localhost CDP endpoint; the Rust daemon still drives the page through CDP after launch. This gives a more realistic local browser lane for development, sandboxes, and CI without making agents learn a separate wrapper command.

Fork-specific command surface:

agent-browser install                  # install default Patchright backend
agent-browser install patchright       # same, explicit target
agent-browser install chrome           # install Chrome for Testing for --backend chrome
agent-browser install --with-deps      # Linux system deps plus default backend
agent-browser --backend patchright open https://example.com
agent-browser --backend chrome open https://example.com
AGENT_BROWSER_BACKEND=chrome agent-browser open https://example.com
agent-browser doctor                   # includes Patchright/backend checks
agent-browser doctor --offline --quick

Install or refresh Patchright

For fresh remote hosts, sandboxes, and CI environments, install the default backend once:

agent-browser install

That installs the Patchright npm package pinned by this agent-browser release and downloads Patchright's Chromium artifacts. On Linux, add system packages when needed:

agent-browser install --with-deps

After upgrading agent-browser, run agent-browser install again to refresh the backend to the Patchright version pinned by the new release.

Switch backend per command

Use Patchright explicitly:

agent-browser --backend patchright open https://example.com

Use the upstream-style built-in Chrome launcher when a site behaves better on that lane or when you want to avoid Node/Patchright at runtime:

agent-browser install chrome
agent-browser --backend chrome open https://example.com
AGENT_BROWSER_BACKEND=chrome agent-browser open https://example.com

For a durable default, use config:

{
  "backend": "chrome"
}

Put that in ~/.agent-browser/config.json for your user default or ./agent-browser.json for a project default. Command-line flags override env vars, env vars override config, project config overrides user config, and a missing auto-discovered config file is ignored.

Diagnose backend state

doctor is extended in this fork:

agent-browser doctor
agent-browser doctor --offline --quick
agent-browser doctor --fix
agent-browser doctor --json

It reports:

  • installed Patchright backend path and installed Patchright npm version;
  • Patchright release pin embedded in the current binary;
  • npm latest Patchright version when network checks are enabled;
  • Chrome/Chrome for Testing availability;
  • stale daemons and version-mismatched sessions;
  • config files, encryption key, provider env, network reachability, and a live launch test unless --quick is used.

If doctor warns that the installed Patchright backend differs from the release pin, run:

agent-browser install

What Patchright helps and does not help

Patchright is not CAPTCHA solving, Turnstile solving, decaptcha, proxy rotation, or a guarantee of access. It still cannot pass pages that require a human action or a third-party solver, including the public Turnstile demo at https://nopecha.com/captcha/turnstile.

What it does provide is a stronger local development browser lane than vanilla headless Chrome in many real-world challenge environments. In practice it has performed better than ordinary automation-flavored browsers on many Cloudflare and AWS WAF-style interstitials, especially when used headed with a persistent profile. If a challenge remains, preserve the page, screenshot/text, and network evidence for human handoff instead of trying to bypass it in code.

Supported launch options

The default Patchright backend honors --proxy, --proxy-bypass, --user-agent, --ignore-https-errors, --download-path, and custom launch args. Remote-debugging address and port args are reserved by agent-browser and are forced to localhost.

Patchright is only valid with the Chrome engine:

agent-browser --engine chrome --backend patchright open https://example.com
agent-browser --engine lightpanda open https://example.com      # separate engine, no Patchright

Observability Dashboard

Monitor agent-browser sessions in real time with a local web dashboard showing a live viewport and command activity feed.

# Start the dashboard server (runs in background on port 4848)
agent-browser dashboard start
agent-browser dashboard start --port 8080   # Custom port

# All sessions are automatically visible in the dashboard
agent-browser open example.com

# Stop the dashboard
agent-browser dashboard stop

The dashboard runs as a standalone background process on port 4848, independent of browser sessions. It stays available even when no sessions are running, and it works from http://localhost:4848 or a proxied/forwarded URL that reaches the dashboard server, such as https://dashboard.agent-browser.localhost or a Coder workspace URL. The browser stays on the dashboard origin; session-specific tabs, status, and stream traffic are proxied internally, so session ports do not need to be exposed.

The dashboard displays:

  • Live viewport: real-time JPEG frames from the browser
  • Activity feed: chronological command/result stream with timing and expandable details
  • Console output: browser console messages (log, warn, error)
  • Session creation: create new sessions from the UI with local engines (Chrome, Lightpanda) or cloud providers (AgentCore, Browserbase, Browserless, Browser Use, Kernel)
  • AI Chat: chat with an AI assistant directly in the dashboard (requires Vercel AI Gateway configuration)

AI Chat

The dashboard includes an optional AI chat panel powered by the Vercel AI Gateway. The same functionality is available directly from the CLI via the chat command. Set these environment variables to enable AI chat:

export AI_GATEWAY_API_KEY=gw_your_key_here
export AI_GATEWAY_MODEL=anthropic/claude-sonnet-4.6           # optional, this is the default
export AI_GATEWAY_URL=https://ai-gateway.vercel.sh           # optional, this is the default

CLI usage:

agent-browser chat "open google.com and search for cats"     # Single-shot
agent-browser chat                                           # Interactive REPL
agent-browser -q chat "summarize this page"                  # Quiet mode (text only)
agent-browser -v chat "fill in the login form"               # Verbose (show command output)
agent-browser --model openai/gpt-4o chat "take a screenshot" # Override model

The chat command translates natural language instructions into agent-browser commands, executes them, and streams the AI response. In interactive mode, type quit to exit. Use --json for structured output suitable for agent consumption.

Dashboard usage:

The Chat tab is always visible in the dashboard. When AI_GATEWAY_API_KEY is set, the Rust server proxies requests to the gateway and streams responses back using the Vercel AI SDK's UI Message Stream protocol. Without the key, sending a message shows an error inline.

Configuration

Create an agent-browser.json file to set persistent defaults instead of repeating flags on every command.

Locations (lowest to highest priority):

  1. ~/.agent-browser/config.json: user-level defaults
  2. ./agent-browser.json: project-level overrides (in working directory)
  3. AGENT_BROWSER_* environment variables override config file values
  4. CLI flags override everything

Example agent-browser.json:

{
  "headed": true,
  "backend": "chrome",
  "proxy": "http://localhost:8080",
  "profile": "./browser-data",
  "userAgent": "my-agent/1.0",
  "hideScrollbars": false,
  "ignoreHttpsErrors": true,
  "plugins": [
    {
      "name": "vault",
      "command": "agent-browser-plugin-vault",
      "capabilities": ["credential.read"]
    }
  ]
}

Use --config <path> or AGENT_BROWSER_CONFIG to load a specific config file instead of the defaults:

agent-browser --config ./ci-config.json open example.com
AGENT_BROWSER_CONFIG=./ci-config.json agent-browser open example.com

All options from the table above can be set in the config file using camelCase keys (e.g., --executable-path becomes "executablePath", --proxy-bypass becomes "proxyBypass"). Use "backend": "chrome" if you want the original built-in Chrome launcher as your default instead of this fork's Patchright backend. Plugins are configured with the "plugins" array shown above. Unknown keys are ignored for forward compatibility.

A JSON Schema is available for IDE autocomplete and validation. Add a $schema key to your config file to enable it:

{
  "$schema": "https://agent-browser.dev/schema.json",
  "headed": true
}

Boolean flags accept an optional true/false value to override config settings. For example, --headed false disables "headed": true from config. A bare --headed is equivalent to --headed true.

Auto-discovered config files that are missing are silently ignored. If --config <path> points to a missing or invalid file, agent-browser exits with an error. Extensions from user and project configs are merged (concatenated), not replaced.

Tip: If your project-level agent-browser.json contains environment-specific values (paths, proxies), consider adding it to .gitignore.

Default Timeout

The default timeout for standard operations (clicks, waits, fills, etc.) is 25 seconds. This is intentionally below the CLI's 30-second IPC read timeout so that the daemon returns a proper error instead of the CLI timing out with EAGAIN.

Override the default timeout via environment variable:

# Set a longer timeout for slow pages (in milliseconds)
export AGENT_BROWSER_DEFAULT_TIMEOUT=45000

Note: Setting this above 30000 (30s) may cause EAGAIN errors on slow operations because the CLI's read timeout will expire before the daemon responds. The CLI retries transient errors automatically, but response times will increase.

| Variable | Description | | ------------------------------- | ---------------------------------------- | | AGENT_BROWSER_DEFAULT_TIMEOUT | Default operation timeout in ms (default: 25000) |

Selectors

Refs (Recommended for AI)

Refs provide deterministic element selection from snapshots:

# 1. Get snapshot with refs
agent-browser snapshot
# Output:
# - heading "Example Domain" [ref=e1] [level=1]
# - button "Submit" [ref=e2]
# - textbox "Email" [ref=e3]
# - link "Learn more" [ref=e4]

# 2. Use refs to interact
agent-browser click @e2                   # Click the button
agent-browser fill @e3 "[email protected]" # Fill the textbox
agent-browser get text @e1                # Get heading text
agent-browser hover @e4                   # Hover the link

When a ref click is blocked by an overlay, the error includes the covering element, such as covered by <div#consent-banner>. Click the banner or dialog control first, then run snapshot again before reusing refs.

Why use refs?

  • Deterministic: Ref points to exact element from snapshot
  • Fast: No DOM re-query needed
  • AI-friendly: Snapshot + ref workflow is optimal for LLMs

CSS Selectors

agent-browser click "#id"
agent-browser click ".class"
agent-browser click "div > button"

Text & XPath

agent-browser click "text=Submit"
agent-browser click "xpath=//button"

Semantic Locators

agent-browser find role button click --name "Submit"
agent-browser find label "Email" fill "[email protected]"

Agent Mode

Use --json for machine-readable output:

agent-browser snapshot --json
# Returns: {"success":true,"data":{"snapshot":"...","refs":{"e1":{"role":"heading","name":"Title"},...}}}

agent-browser get text @e1 --json
agent-browser is visible @e2 --json

Optimal AI Workflow

# 1. Navigate and get snapshot
agent-browser open example.com
agent-browser snapshot -i --json   # AI parses tree and refs

# 2. AI identifies target refs from snapshot
# 3. Execute actions using refs
agent-browser click @e2
agent-browser fill @e3 "input text"

# 4. Get new snapshot if page changed
agent-browser snapshot -i --json

Command Chaining

Commands can be chained with && in a single shell invocation. The browser persists via a background daemon, so chaining is safe and more efficient:

# Open, wait for load, and snapshot in one call
agent-browser open example.com && agent-browser wait --load networkidle && agent-browser snapshot -i

# Chain multiple interactions
agent-browser fill @e1 "[email protected]" && agent-browser fill @e2 "pass" && agent-browser click @e3

# Navigate and screenshot
agent-browser open example.com && agent-browser wait --load networkidle && agent-browser screenshot page.png

Use && when you don't need intermediate output. Run commands separately when you need to parse output first (e.g., snapshot to discover refs before interacting).

Headed Mode

Show the browser window for debugging:

agent-browser open example.com --headed

This opens a visible browser window instead of running headless.

Note: Browser extensions work in both headed and headless mode (Chrome's --headless=new).

Authenticated Sessions

Use --headers to set HTTP headers for a specific origin, enabling authentication without login flows:

# Headers are scoped to api.example.com only
agent-browser open api.example.com --headers '{"Authorization": "Bearer <token>"}'

# Requests to api.example.com include the auth header
agent-browser snapshot -i --json
agent-browser click @e2

# Navigate to another domain - headers are NOT sent (safe!)
agent-browser open other-site.com

This is useful for:

  • Skipping login flows - Authenticate via headers instead of UI
  • Switching users - Start new sessions with different auth tokens
  • API testing - Access protected endpoints directly
  • Security - Headers are scoped to the origin, not leaked to other domains

To set headers for multiple origins, use --headers with each open command:

agent-browser open api.example.com --headers '{"Authorization": "Bearer token1"}'
agent-browser open api.acme.com --headers '{"Authorization": "Bearer token2"}'

For global headers (all domains), use set headers:

agent-browser set headers '{"X-Custom-Header": "value"}'

Custom Browser Executable

Use a custom browser executable instead of the bundled Chromium. This is useful for:

  • Serverless deployment: Use lightweight Chromium builds like @sparticuz/chromium (~50MB vs ~684MB)
  • System browsers: Use an existing Chrome/Chromium installation
  • Custom builds: Use modified browser builds

CLI Usage

# Via flag
agent-browser --executable-path /path/to/chromium open example.com

# Via environment variable
AGENT_BROWSER_EXECUTABLE_PATH=/path/to/chromium agent-browser open example.com

Serverless (Vercel)

Run agent-browser + Chrome in an ephemeral Vercel Sandbox microVM. No external server needed:

import { runAgentBrowserCommand, withAgentBrowserSandbox } from "@agent-browser/sandbox/vercel";

const result = await withAgentBrowserSandbox(async (sandbox) => {
  await runAgentBrowserCommand(sandbox, ["open", "https://example.com"]);
  return runAgentBrowserCommand(sandbox, ["screenshot"]);
});

Install @agent-browser/sandbox and @vercel/sandbox in the consuming app. See the sandbox helper example for minimal Eve and Vercel Sandbox usage, or the environments example for a full UI demo with a deploy-to-Vercel button.

Fresh Vercel and Eve sandboxes install Chromium system dependencies by default. Pass installSystemDependencies: false only when your sandbox image already includes those libraries.

Serverless (AWS Lambda)

import chromium from '@sparticuz/chromium';
import { execSync } from 'child_process';

export async function handler() {
  const executablePath = await chromium.executablePath();
  const result = execSync(
    `AGENT_BROWSER_EXECUTABLE_PATH=${executablePath} agent-browser open https://example.com && agent-browser snapshot -i --json`,
    { encoding: 'utf-8' }
  );
  return JSON.parse(result);
}

Local Files

Open and interact with local files (PDFs, HTML, etc.) using file:// URLs:

# Enable file access (required for JavaScript to access local files)
agent-browser --allow-file-access open file:///path/to/document.pdf
agent-browser --allow-file-access open file:///path/to/page.html

# Take screenshot of a local PDF
agent-browser --allow-file-access open file:///Users/me/report.pdf
agent-browser screenshot report.png

The --allow-file-access flag adds Chromium flags (--allow-file-access-from-files, --allow-file-access) that allow file:// URLs to:

  • Load and render local files
  • Access other local files via JavaScript (XHR, fetch)
  • Load local resources (images, scripts, stylesheets)

Note: This flag only works with Chromium. For security, it's disabled by default.

CDP Mode

Connect to an existing browser via Chrome DevTools Protocol:

# Start Chrome with: google-chrome --remote-debugging-port=9222

# Connect once, then run commands without --cdp
agent-browser connect 9222
agent-browser snapshot
agent-browser tab
agent-browser close

# Or pass --cdp on each command
agent-browser --cdp 9222 snapshot

# Connect to remote browser via WebSocket URL
agent-browser --cdp "wss://your-browser-service.com/cdp?token=..." snapshot

The --cdp flag accepts either:

  • A port number (e.g., 9222) for local connections via http://localhost:{port}
  • A full WebSocket URL (e.g., wss://... or ws://...) for remote browser services

This enables control of:

  • Electron apps
  • Chrome/Chromium instances with remote debugging
  • WebView2 applications
  • Any browser exposing a CDP endpoint

Auto-Connect

Use --auto-connect to automatically discover and connect to a running Chrome instance without specifying a port:

# Auto-discover running Chrome with remote debugging
agent-browser --auto-connect open example.com
agent-browser --auto-connect snapshot

# Or via environment variable
AGENT_BROWSER_AUTO_CONNECT=1 agent-browser snapshot

Auto-connect discovers Chrome by:

  1. Reading Chrome's DevToolsActivePort file from the default user data directory
  2. Falling back to probing common debugging ports (9222, 9229)
  3. If HTTP-based discovery (/json/version, /json/list) fails, falling back to a direct WebSocket connection

This is useful when:

  • Chrome 144+ has remote debugging enabled via chrome://inspect/#remote-debugging (which uses a dynamic port)
  • You want a zero-configuration connection to your existing browser
  • You don't want to track which port Chrome is using

Streaming (Browser Preview)

Stream the browser viewport via WebSocket for live preview or "pair browsing" where a human can watch and interact alongside an AI agent.

Streaming

Every session automatically starts a WebSocket stream server on an OS-assigned port. Use stream status to see the bound port and connection state:

agent-browser stream status

To bind to a specific port, set AGENT_BROWSER_STREAM_PORT:

AGENT_BROWSER_STREAM_PORT=9223 agent-browser open example.com

You can also manage streaming at runtime with stream enable, stream disable, and stream status:

agent-brows