Related docs:
Define the product requirements and constraints for pi-agent-browser-native.
agent-browseris an external dependency.- This project does not bundle
agent-browser. - Users install
agent-browserseparately and keep it available onPATH. - User-facing install guidance should point to the upstream
agent-browserproject/docs.
- Target the current locally installed
agent-browserversion. - Do not support a broad range of older
agent-browserversions. - Do not add backward-compatibility shims.
- Keep the wrapper close to current upstream behavior as
agent-browserevolves. - Maintainer-facing mapping from the canonical baseline (
scripts/agent-browser-capability-baseline.mjs) to docs, runtime, tests, and verification gates lives inSUPPORT_MATRIX.md; refresh that matrix when rebaselining upstream.
- Do not overengineer.
- Do not reduce usability.
- Keep the integration thin and close to upstream
agent-browser. - Give
piagents the power they need for practical browser automation. - Prefer official
pimechanisms over bespoke custom integration patterns. - Do not solve hypothetical problems that are not backed by observed behavior.
- The main UX is the agent invoking the native tool directly, similar to built-in tools like
readorwrite. - Do not rely on a large set of user-facing slash commands as the main interface.
- This project is not trying to embed a human-browsable browser UI inside
pi.
- Prioritize the package install path first.
- User-facing install docs should lead with
pi install npm:pi-agent-browser-native; ephemeral package trials and validation should usepi --no-extensions -e npm:pi-agent-browser-native[@<version>]so configured checkout or global sources cannot duplicateagent_browser, adding--approvein Pi 0.79+ automation when the current project is intentionally trusted. - User-facing install docs should also include the GitHub source path
pi install https://github.com/fitchmultz/pi-agent-browser-native. - Provide a read-only package-level doctor command that checks upstream
agent-browserPATH/version and duplicate Pi package/checkout sources before first use. It must not mutate Pi settings and must remain distinct from upstreamagent-browser doctor. - Keep the current local-checkout path documented as the practical pre-release and development flow.
- Most users will install this extension globally rather than as a project-local extension.
- Local trusted-checkout smoke testing should use explicit CLI loading such as
pi --approve --no-extensions -e .orpi --approve --no-extensions -e /absolute/path/to/pi-agent-browser-native; Pi settings are bypassed in this mode and code edits require a process restart for validation. Omit--approveonly when the test is meant to cover Pi's Project Trust prompt. - Local checkout hot-reload and exact-session relaunch validation should use configured-source lifecycle mode: exactly one active checkout/package source in Pi settings, launched with plain
pi(or the lifecycle harness' exact--session-idrelaunch path), so/reloadand relaunch events exercise discovered/configured resources. Focused extension harness tests validate Pisession_treebranch rehydration and cleanup ownership. - Do not rely on repo-local
.pi/extensions/auto-discovery for this package, because it conflicts with the global installed-package path.
- When this native extension is available, the native
agent_browsertool should be the preferred path for browser automation. - Keep the handling simple and global-install-friendly.
- Do not rely on package skill overrides as the primary answer.
- Each tool invocation must supply exactly one of:
args(full upstream argv after the binary name), top-levelsemanticAction(a small intent object compiled into existing upstreamfindargv for locator actions, direct selector/refclick/check/fillargv, or upstreamselect <selector> <value...>argv for native dropdown selection),job,qa,sourceLookup,networkSourceLookup, orelectron(bounded desktop lifecycle: hostlist, wrapper-owned isolatedlaunchwith CDP attach,status, compactprobe, andcleanup; mutually exclusive with callerstdin). Supplying multiple modes or none is rejected before launch (extensions/agent-browser/index.ts,test/agent-browser.extension-validation.test.ts). Contract and field rules:TOOL_CONTRACT.md; operator workflow:COMMAND_REFERENCE.md. semanticActionis not a nested shape insidebatchstdin; batch steps remain upstream argv string arrays, includingfindsteps expressed as token lists.- Supported actions, locators, exclusivity rules, when
details.compiledSemanticActionappears, and boundedtry-*-candidatefollow-ups onselector-not-found(specific action/locator pairs only; see contract) are specified inTOOL_CONTRACT.md, with workflow examples inCOMMAND_REFERENCE.md. - Constrained
jobremains a thin batch compiler, but itsclick/fillsteps may use the same semantic locator fields assemanticActionso short workflows can avoid brittle selectors without adding a reusable recipe runtime, andtypesteps may expand to a bounded set of existing upstream focus/keyboard/wait/press rows for human-paced input while compacting model-visible batch text.jobmust default to fail-fast (batch --bail) so later mutating steps do not run after an earlier required step fails;failFast: falseis the explicit opt-out. qamust fail fast on failed readiness/text/selector assertions so missing expected text cannot burn the wrapper watchdog before reportingqa-failure.qa.attachedmust never erase existing session diagnostics; URL-openingqamay clear buffers to scope a fresh page load. Attached QA preserves buffers, reports that scope indetails.compiledQaPreset.checks.diagnosticsResetAtStart, and defaults diagnostic checks off unless the caller opts into preserved-buffer failure checks.- Direct artifact workflows must create missing parent directories before spawning upstream and must verify saved files before downstream use. Simple loopback HTTP(S) anchor downloads may be saved directly by the wrapper to the requested path when that avoids upstream random-name download behavior without bypassing authenticated browser credentials.
outputPathmay write a successful result payload to a caller-requested local file and must reportdetails.outputFile. Missing non-pending artifacts, including diff screenshot outputs, must never use saved/verified wording;record startfuture files are pending/open untilrecord stop, not missing.
- Documentation is a core product artifact.
- Docs must be structured, concise, well-linked, and written for humans first.
- Someone opening the repo should quickly understand the goal, purpose, install model, and usage.
- Documents should read as complete documents, not iterative logs, unless they are explicitly meant to be iterative, such as a changelog.
- Requirements, expectations, and durable rules from user conversations should be reflected in the appropriate docs.
- Because direct-binary usage is commonly blocked in normal agent sessions, the repo must carry a local command reference for the effective
agent_browsersurface and keep it in sync with upstream changes. - Repository verification must include a lightweight command-reference drift check against the targeted installed upstream
agent-browserversion. - Published package contents should include the canonical user-facing docs plus
LICENSE. - Published package contents should exclude agent-only and superseded docs such as
AGENTS.mdand archived drafts underdocs/archive/.
- The primary confidence path is a real
pisession driven intmux. - For quick local checkout smoke validation, launch
pi --approve --no-extensions -e .from the repository root so only the checkout copy loads; do not rely on Pi settings or/reloadsemantics in this isolated mode. - For hot-reload validation, configure exactly one active source for this extension in Pi settings and launch plain
pi; validate/reloadthere because it exercises auto-discovered/configured resources. - Maintain a tmux-driven configured-source lifecycle harness (
npm run verify -- lifecycle; required before release perdocs/RELEASE.md) that isolates Pi settings, uses exactly one configured source, exercises/reload, full restart plus exact--session-idrelaunch, and asserts managed-session continuity, persisted artifact survival, and real Pitool_resultfailure-patch semantics. It remains outside the defaultnpm run verifysequence, but it is embedded innpm run verify -- releasesoprepublishOnlyenforces it before publish unless scripts are intentionally skipped. The harness defaults Pi to modelzai/glm-5.2(scripts/verify-lifecycle.mjs); pass--model <id>afterlifecyclewhen a different model is required. Keepdocs/RELEASE.mdaccurate about the harness behavior, cleanup, transcript retention, and limitations. - Validate a full
pirestart with exact--session-idrelaunch or/resumewhen changes touch managed-session continuity, reload behavior, or persisted artifact paths. Validate branch-backed state changes with the focusedsession_treeharness tests. - Prefer full
pirestart over/reloadwhen validating extension changes beyond a quick reload smoke check. - Use
/resumeor an explicit session id/path when needed after restart. - Keep testing broader than a single smoke site like
example.com. - Bounded release smokes that validate this extension should disable auto-loaded skills with
--no-skills; run skill-enabled dogfood separately only when validating external skill routing or report-generation behavior. - Maintain a concrete release/package verification workflow in
docs/RELEASE.mdand matching repository scripts.
The design should comfortably support workflows such as:
- UI testing and exploratory QA
- web research
- using browser UIs for other LLMs such as ChatGPT, Grok, Gemini, and Claude
- isolated authenticated browser sessions
- headless authenticated
chat.com/ ChatGPT / OpenAI browsing without forcing--headedor--auto-connect - upstream profile/debug workflows without adding a local profile-cloning layer in this package
- provider-backed or iOS device launches where upstream owns credentials, env, and setup; the wrapper forwards argv and the parent environment without emulating those backends
- desktop Electron targets using top-level
electronfor discover → isolated launch → attach → probe/cleanup, or rawargs: ["connect", …]when the operator launches the real app with a debug port for signed-in state (seeTOOL_CONTRACT.mdandCOMMAND_REFERENCE.md)
- Package-manifest behavior matters more than repo-local development wiring.
- The extension should use official
pihooks and package resources where possible. - The wrapper should stay thin, with upstream
agent-browserremaining the source of truth for command semantics. - Successful and failed tool outcomes should surface bounded machine-readable fields on Pi-facing
details(resultCategory,successCategory,failureCategory, optional structurednextActions, optionalpageChangeSummarywith per-step summaries onbatch, optionalartifactVerificationwith the same shape on successfulbatchSteps[]rows, optionaloutputFile, optionaltimeoutPartialProgress) so agents can branch without parsing prose; stateful commands (auth,cookies,storage,dialog,frame,state) plus other structured diagnostics (for examplenetwork,diff,trace,stream,dashboard,chat) andbatchshould redact secret-bearing payloads in model-facingdetails.data, including the compact per-stepbatchroll-up on the parent result (full per-step payloads live onbatchSteps[]). Dialog/prompt-related timeouts should be bounded with recoverynextActions; non-dialog timeouts should prefer best-effort per-step progress and retry payloads when a plan is available; no-op scrolls should expose no-movement state instead of only an upstream success boolean; explicit page/container scroll helpers should expose before/after movement evidence. The contract lives inTOOL_CONTRACT.md, enums and classifier precedence live inextensions/agent-browser/lib/results/categories.tsandcontracts.ts(also re-exported fromshared.ts), and presentation-time summaries, redaction, network request follow-ups, and artifact verification rollups are assembled inextensions/agent-browser/lib/results/presentation.ts(buildPageChangeSummary, command taxonomy predicates fromcommand-taxonomy.ts,redactPresentationData,buildArtifactVerificationSummary,buildBatchPresentation). - User-facing docs belong in
README.mdand the canonical published files underdocs/. - Agent workflow and deeper testing procedures can stay in
AGENTS.md, but published docs must not depend on that file being present. - When upstream
agent-browserchanges, refresh the local command reference, prompt guidance, and other extension-side docs so agents still have a repo-readable equivalent of the blocked direct-binary help path. - The canonical agent-facing playbook should live in
extensions/agent-browser/lib/playbook.ts; README, command-reference, and tool-contract fragments must be generated or checked from that source bynpm run docs -- playbook checkso prompt guidance and docs cannot drift silently. - Keep mitigations for legacy-skill coexistence simple; do not add extra moving parts unless observed behavior justifies them.
- Prefer narrow, evidence-backed compatibility mitigations over broad stealth layers when a specific upstream site starts rejecting the default headless launch fingerprint.
- Preserve the page that a profiled
openjust navigated to; if restored profile tabs steal focus during launch, the wrapper should best-effort switch back to the returned page URL before handing control back to the agent. - Once a tab target is known for a session, later active-tab commands should best-effort pin that same tab inside the same upstream invocation when reconnect drift would otherwise land on a restored/background tab.
- If a restored/background tab steals focus after a successful command, the wrapper should best-effort restore the intended target tab again before handing control back.
- On local Unix launches, extension-generated session names should not fail just because the upstream default socket path is too long; the wrapper should choose a shorter socket directory when needed.
- Provider selection flags (
-p,--provider) and provider device flags (--device) are launch-scoped like profile, CDP, persisted state, and upstream's--webgpulaunch preset: if an extension-managed implicit session is already active, the planner must fail fast with the same recovery guidance as other startup-scoped flags instead of silently forwarding argv upstream would ignore; contract inTOOL_CONTRACT.mdand session model inARCHITECTURE.md. - Upstream restore-state periodic autosave remains upstream-owned. Forward
AGENT_BROWSER_AUTOSAVE_INTERVAL_MSunchanged, document its 30-second default and0disable behavior, and do not duplicate its timer or claim its restore files as wrapper artifacts. - Read-only upstream
skills list,skills get …, andskills path …must stay free of implicit managed--sessionunder defaultsessionMode: "auto"(still with--json), matching plain-text--help/--versioninspection semantics so bundled skill text does not pin or rotate the active browser session; newskillssubcommands pick up that behavior only after allowlisting inextensions/agent-browser/lib/runtime.tswith regression coverage. - Optional
semanticAction.sessionon nativeagent_browsermust compile to a leading--session <name>pair before upstreamfindorselectargv so the shorthand can target a named upstream browser without hand-builtargs, whilebuildExecutionPlanstill skips double-injecting the extension-managed implicit session whenever planned argv already starts with--session; stale-ref retries for compiledfindactions and boundedtry-*candidatenextActionsmust preserve that same prefix. Contract inTOOL_CONTRACT.md/TOOL_CONTRACT.md; implementation inextensions/agent-browser/index.tsandextensions/agent-browser/lib/runtime.ts.
- How much session convenience should the extension add by default versus leaving explicit session naming entirely to upstream
agent-browsersemantics? - Exactly which high-value result renderers belong in v1 beyond screenshots/images and a few compact summaries?