Stealth-first fork of agent-browser for production browser automation under anti-bot pressure.
This README focuses on stealth architecture and principles. For full command coverage inherited from upstream, use:
- upstream docs: https://github.com/vercel-labs/agent-browser
- local help:
agent-browser --help
- Stealth is always on (legacy
launch.stealthis accepted but ignored). - Fingerprint surfaces are patched at multiple layers (launch args, CDP overrides, init scripts).
- Behavioral signals are humanized (typing cadence, cursor path, pacing, retry backoff).
- Region signals are auto-aligned (locale/timezone/Accept-Language) to reduce mismatch risk.
- Verification/captcha handling is policy-driven (
--risk-mode off|warn|block).
npm install -g agent-browser-stealth
agent-browser installagent-browser open https://example.com
agent-browser snapshot -i
agent-browser click @e2flowchart TD
A["Command Input"] --> B["Stealth Policy Resolver"]
B --> C["Connection Mode Detection"]
C --> D["Launch Layer: Chromium Args"]
C --> E["CDP Layer: UA + Metadata Override"]
C --> F["Context Layer: Init Script Patches"]
D --> G["Behavior Layer: Humanized Interaction"]
E --> G
F --> G
G --> H["Risk Layer: Verification Detection and Handling"]
H --> I["Response with warnings and riskSignals"]
| Mode | Stealth Capabilities | Notes |
|---|---|---|
| Local Chromium launch | Chromium launch args + CDP UA override + context init scripts | Most complete stack |
| Existing browser via CDP | CDP UA override + context init scripts | No local Chromium arg injection |
| Cloud provider (browserbase/browseruse) | Context init scripts | Remote browser runtime controls launch layer |
| Kernel provider | Context init scripts + provider-managed stealth | Provider-side stealth may also apply |
- Stealth defaults to enabled and does not depend on a runtime toggle.
- Project policy forbids:
--profile/AGENT_BROWSER_PROFILE--channel/AGENT_BROWSER_CHANNEL
- Default CLI policy expects an existing browser on CDP
localhost:9333unless explicit connection options are provided.
Injected Chromium args:
--disable-blink-features=AutomationControlled--use-gl=angle--use-angle=default
If no custom UA is set, the runtime UA is normalized to remove HeadlessChrome tokens.
- Uses
Emulation.setUserAgentOverrideto align:userAgentacceptLanguageuserAgentMetadatabrands and versions
- Applies overrides for existing/new targets, including worker-relevant contexts.
- Forces opaque white background (
Emulation.setDefaultBackgroundColorOverride) to avoid headless transparency fingerprints.
The init script patch set is injected before page scripts and currently includes:
navigator.webdriverremoval (including prototype-level cleanup).- CSS webdriver heuristic neutralization (
CSS.supports('border-end-end-radius: initial')probe). window.chrome.runtimebootstrap for missing runtime surfaces.- Locale/language normalization (
navigator.language,navigator.languages). - Realistic
navigator.pluginsandnavigator.mimeTypes. navigator.permissions.querynormalization for notifications.- WebGL vendor/renderer masking when SwiftShader indicators are present.
cdc_property cleanup on document/documentElement.- Window/screen dimension normalization (
outerWidth/outerHeight/screenX/screenY). - Screen availability patching (
availWidth/availHeight). - Hardware concurrency stabilization.
- Notification permission consistency.
- Active text color heuristic patching.
navigator.connectionnormalization.- Worker network signal normalization (
downlinkMax). prefers-color-schemelight-mode heuristic neutralization.navigator.shareexposure.navigator.contactsexposure.contentIndexexposure.navigator.pdfViewerEnablednormalization.- Media devices surface normalization.
navigator.userAgentcleanup (stripHeadlessChrome).navigator.userAgentDatabrand cleanup.performance.memorystabilization.- Default background color patching at script level.
- Navigation pacing jitter before
goto(short randomized delay). - Typing jitter for
type --delayandkeyboard type --delay:- per-character randomized delay around the requested base delay (about ±40%).
- Click path humanization:
- cursor moves on a Bezier-like curve before click.
- Wait supports random ranges (
wait min-max) for non-uniform timing.
Before navigation, the runtime derives region hints from target URL TLD and aligns:
- locale
- timezone
Accept-Language
Examples of built-in mappings include tw, jp, kr, sg, de, fr, uk, in, au.
Manual overrides are supported:
AGENT_BROWSER_LOCALEAGENT_BROWSER_TIMEZONE(orTZ)
When a navigation lands on verification/captcha pages, structured risk signals are generated from URL/title evidence.
riskSignals include:
codesource(urlortitle)evidenceconfidence
warn(default): retry with randomized backoff and return warnings +riskSignals.block: fail fast once verification/captcha interstitial is detected.off: skip detection/retry path.
agent-browser --risk-mode warn open https://example.com
agent-browser --risk-mode block open https://example.com
AGENT_BROWSER_RISK_MODE=off agent-browser open https://example.comflowchart TD
A["Navigate"] --> B["Collect URL and Title Signals"]
B --> C{"risk-mode"}
C -->|off| D["Return Success"]
C -->|block| E["Return Error with First Signal"]
C -->|warn| F["Retry up to 2 times"]
F --> G{"Signals Cleared"}
G -->|yes| H["Return Success + recovery warning + riskSignals"]
G -->|no| I["Return Success + warning + riskSignals"]
- Prefer
--headedfor high-friction targets. - Reuse session state with
--session-namefor continuity. - Keep locale/timezone consistent with target market.
- Use
--risk-mode blockin strict pipelines that require explicit operator intervention on verification pages. - For
cookies set, use either--url <url>, or--domain <domain> --path <path>together. - If
--url,--domain, and--pathare all omitted, the cookie is scoped from the current page URL.
Run public detector checks after stealth changes:
node scripts/check-sannysoft-webdriver.js --binary ./cli/target/release/agent-browser
node scripts/check-creepjs-headless.js --binary ./cli/target/release/agent-browserThis fork intentionally keeps command workflows close to upstream while concentrating custom behavior in stealth, policy, and anti-detection handling.
Apache-2.0