energypantry/agent-browser-runtime

Agent Browser Runtime is a system for running AI agents inside a real Chrome browser instead of the lightweight headless sessions that many automation libraries use. The idea is that several agents share one visible browser, where each one gets its own Chrome Tab Group, a persistent profile that keeps cookies and login state between runs, and a path for a human to take over when the agent hits a login screen, a Captcha, or a multi-factor prompt. The project ships several pieces that run together through Docker Compose. A Node.js broker built on Fastify exposes an HTTP and WebSocket control plane for leases, jobs, and artifacts. The browser side is Chromium running in a Docker container together with a virtual display, x11vnc, and noVNC so a person can connect to the browser through a webpage at port 16080. A Chrome extension installed inside that browser owns the real tabs, takes screenshots, captures HTML, and exposes UI action primitives like move, click, type, press, scroll, and waitFor. A local TLS gateway proxy is optional. There is also a command-line tool at cli/brs.js for status checks, fetches, session probes, extractor jobs, artifacts, and leases. A continuous browsing mode lets one agent open a lease, navigate through a site over many steps, and capture HTML or full-page screenshots without spawning a new tab each time. The runtime offers different browser identity modes. The default, called trusted-real-browser, leaves the User-Agent, WebGL, canvas, audio, timezone, and other surfaces untouched so login-sensitive sites see a normal Chrome. Optional modes can either inject JavaScript overrides for things like webdriver detection or load a separately built fingerprint Chromium binary. Probe commands check whether a saved profile is still logged in on platforms such as LinkedIn or Reddit. The README is explicit about responsible use. The project is published for learning and research under the PolyForm Noncommercial License 1.0.0, commercial use needs a separate written license, and the README tells operators to comply with platform terms, rate limits, and account-safety rules, and to fall back to manual handoff over noVNC whenever a site asks for login, payment, Captcha, or MFA.