Skip to content

Commit c03e948

Browse files
authored
Add agent-browser skill (#239)
1 parent f8be261 commit c03e948

13 files changed

Lines changed: 2322 additions & 0 deletions

File tree

.agents/skills/agent-browser/SKILL.md

Lines changed: 632 additions & 0 deletions
Large diffs are not rendered by default.
Lines changed: 303 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,303 @@
1+
# Authentication Patterns
2+
3+
Login flows, session persistence, OAuth, 2FA, and authenticated browsing.
4+
5+
**Related**: [session-management.md](session-management.md) for state persistence details, [SKILL.md](../SKILL.md) for quick start.
6+
7+
## Contents
8+
9+
- [Import Auth from Your Browser](#import-auth-from-your-browser)
10+
- [Persistent Profiles](#persistent-profiles)
11+
- [Session Persistence](#session-persistence)
12+
- [Basic Login Flow](#basic-login-flow)
13+
- [Saving Authentication State](#saving-authentication-state)
14+
- [Restoring Authentication](#restoring-authentication)
15+
- [OAuth / SSO Flows](#oauth--sso-flows)
16+
- [Two-Factor Authentication](#two-factor-authentication)
17+
- [HTTP Basic Auth](#http-basic-auth)
18+
- [Cookie-Based Auth](#cookie-based-auth)
19+
- [Token Refresh Handling](#token-refresh-handling)
20+
- [Security Best Practices](#security-best-practices)
21+
22+
## Import Auth from Your Browser
23+
24+
The fastest way to authenticate is to reuse cookies from a Chrome session you are already logged into.
25+
26+
**Step 1: Start Chrome with remote debugging**
27+
28+
```bash
29+
# macOS
30+
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" --remote-debugging-port=9222
31+
32+
# Linux
33+
google-chrome --remote-debugging-port=9222
34+
35+
# Windows
36+
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222
37+
```
38+
39+
Log in to your target site(s) in this Chrome window as you normally would.
40+
41+
> **Security note:** `--remote-debugging-port` exposes full browser control on localhost. Any local process can connect and read cookies, execute JS, etc. Only use on trusted machines and close Chrome when done.
42+
43+
**Step 2: Grab the auth state**
44+
45+
```bash
46+
# Auto-discover the running Chrome and save its cookies + localStorage
47+
agent-browser --auto-connect state save ./my-auth.json
48+
```
49+
50+
**Step 3: Reuse in automation**
51+
52+
```bash
53+
# Load auth at launch
54+
agent-browser --state ./my-auth.json open https://app.example.com/dashboard
55+
56+
# Or load into an existing session
57+
agent-browser state load ./my-auth.json
58+
agent-browser open https://app.example.com/dashboard
59+
```
60+
61+
This works for any site, including those with complex OAuth flows, SSO, or 2FA -- as long as Chrome already has valid session cookies.
62+
63+
> **Security note:** State files contain session tokens in plaintext. Add them to `.gitignore`, delete when no longer needed, and set `AGENT_BROWSER_ENCRYPTION_KEY` for encryption at rest. See [Security Best Practices](#security-best-practices).
64+
65+
**Tip:** Combine with `--session-name` so the imported auth auto-persists across restarts:
66+
67+
```bash
68+
agent-browser --session-name myapp state load ./my-auth.json
69+
# From now on, state is auto-saved/restored for "myapp"
70+
```
71+
72+
## Persistent Profiles
73+
74+
Use `--profile` to point agent-browser at a Chrome user data directory. This persists everything (cookies, IndexedDB, service workers, cache) across browser restarts without explicit save/load:
75+
76+
```bash
77+
# First run: login once
78+
agent-browser --profile ~/.myapp-profile open https://app.example.com/login
79+
# ... complete login flow ...
80+
81+
# All subsequent runs: already authenticated
82+
agent-browser --profile ~/.myapp-profile open https://app.example.com/dashboard
83+
```
84+
85+
Use different paths for different projects or test users:
86+
87+
```bash
88+
agent-browser --profile ~/.profiles/admin open https://app.example.com
89+
agent-browser --profile ~/.profiles/viewer open https://app.example.com
90+
```
91+
92+
Or set via environment variable:
93+
94+
```bash
95+
export AGENT_BROWSER_PROFILE=~/.myapp-profile
96+
agent-browser open https://app.example.com/dashboard
97+
```
98+
99+
## Session Persistence
100+
101+
Use `--session-name` to auto-save and restore cookies + localStorage by name, without managing files:
102+
103+
```bash
104+
# Auto-saves state on close, auto-restores on next launch
105+
agent-browser --session-name twitter open https://twitter.com
106+
# ... login flow ...
107+
agent-browser close # state saved to ~/.agent-browser/sessions/
108+
109+
# Next time: state is automatically restored
110+
agent-browser --session-name twitter open https://twitter.com
111+
```
112+
113+
Encrypt state at rest:
114+
115+
```bash
116+
export AGENT_BROWSER_ENCRYPTION_KEY=$(openssl rand -hex 32)
117+
agent-browser --session-name secure open https://app.example.com
118+
```
119+
120+
## Basic Login Flow
121+
122+
```bash
123+
# Navigate to login page
124+
agent-browser open https://app.example.com/login
125+
agent-browser wait --load networkidle
126+
127+
# Get form elements
128+
agent-browser snapshot -i
129+
# Output: @e1 [input type="email"], @e2 [input type="password"], @e3 [button] "Sign In"
130+
131+
# Fill credentials
132+
agent-browser fill @e1 "user@example.com"
133+
agent-browser fill @e2 "password123"
134+
135+
# Submit
136+
agent-browser click @e3
137+
agent-browser wait --load networkidle
138+
139+
# Verify login succeeded
140+
agent-browser get url # Should be dashboard, not login
141+
```
142+
143+
## Saving Authentication State
144+
145+
After logging in, save state for reuse:
146+
147+
```bash
148+
# Login first (see above)
149+
agent-browser open https://app.example.com/login
150+
agent-browser snapshot -i
151+
agent-browser fill @e1 "user@example.com"
152+
agent-browser fill @e2 "password123"
153+
agent-browser click @e3
154+
agent-browser wait --url "**/dashboard"
155+
156+
# Save authenticated state
157+
agent-browser state save ./auth-state.json
158+
```
159+
160+
## Restoring Authentication
161+
162+
Skip login by loading saved state:
163+
164+
```bash
165+
# Load saved auth state
166+
agent-browser state load ./auth-state.json
167+
168+
# Navigate directly to protected page
169+
agent-browser open https://app.example.com/dashboard
170+
171+
# Verify authenticated
172+
agent-browser snapshot -i
173+
```
174+
175+
## OAuth / SSO Flows
176+
177+
For OAuth redirects:
178+
179+
```bash
180+
# Start OAuth flow
181+
agent-browser open https://app.example.com/auth/google
182+
183+
# Handle redirects automatically
184+
agent-browser wait --url "**/accounts.google.com**"
185+
agent-browser snapshot -i
186+
187+
# Fill Google credentials
188+
agent-browser fill @e1 "user@gmail.com"
189+
agent-browser click @e2 # Next button
190+
agent-browser wait 2000
191+
agent-browser snapshot -i
192+
agent-browser fill @e3 "password"
193+
agent-browser click @e4 # Sign in
194+
195+
# Wait for redirect back
196+
agent-browser wait --url "**/app.example.com**"
197+
agent-browser state save ./oauth-state.json
198+
```
199+
200+
## Two-Factor Authentication
201+
202+
Handle 2FA with manual intervention:
203+
204+
```bash
205+
# Login with credentials
206+
agent-browser open https://app.example.com/login --headed # Show browser
207+
agent-browser snapshot -i
208+
agent-browser fill @e1 "user@example.com"
209+
agent-browser fill @e2 "password123"
210+
agent-browser click @e3
211+
212+
# Wait for user to complete 2FA manually
213+
echo "Complete 2FA in the browser window..."
214+
agent-browser wait --url "**/dashboard" --timeout 120000
215+
216+
# Save state after 2FA
217+
agent-browser state save ./2fa-state.json
218+
```
219+
220+
## HTTP Basic Auth
221+
222+
For sites using HTTP Basic Authentication:
223+
224+
```bash
225+
# Set credentials before navigation
226+
agent-browser set credentials username password
227+
228+
# Navigate to protected resource
229+
agent-browser open https://protected.example.com/api
230+
```
231+
232+
## Cookie-Based Auth
233+
234+
Manually set authentication cookies:
235+
236+
```bash
237+
# Set auth cookie
238+
agent-browser cookies set session_token "abc123xyz"
239+
240+
# Navigate to protected page
241+
agent-browser open https://app.example.com/dashboard
242+
```
243+
244+
## Token Refresh Handling
245+
246+
For sessions with expiring tokens:
247+
248+
```bash
249+
#!/bin/bash
250+
# Wrapper that handles token refresh
251+
252+
STATE_FILE="./auth-state.json"
253+
254+
# Try loading existing state
255+
if [[ -f "$STATE_FILE" ]]; then
256+
agent-browser state load "$STATE_FILE"
257+
agent-browser open https://app.example.com/dashboard
258+
259+
# Check if session is still valid
260+
URL=$(agent-browser get url)
261+
if [[ "$URL" == *"/login"* ]]; then
262+
echo "Session expired, re-authenticating..."
263+
# Perform fresh login
264+
agent-browser snapshot -i
265+
agent-browser fill @e1 "$USERNAME"
266+
agent-browser fill @e2 "$PASSWORD"
267+
agent-browser click @e3
268+
agent-browser wait --url "**/dashboard"
269+
agent-browser state save "$STATE_FILE"
270+
fi
271+
else
272+
# First-time login
273+
agent-browser open https://app.example.com/login
274+
# ... login flow ...
275+
fi
276+
```
277+
278+
## Security Best Practices
279+
280+
1. **Never commit state files** - They contain session tokens
281+
```bash
282+
echo "*.auth-state.json" >> .gitignore
283+
```
284+
285+
2. **Use environment variables for credentials**
286+
```bash
287+
agent-browser fill @e1 "$APP_USERNAME"
288+
agent-browser fill @e2 "$APP_PASSWORD"
289+
```
290+
291+
3. **Clean up after automation**
292+
```bash
293+
agent-browser cookies clear
294+
rm -f ./auth-state.json
295+
```
296+
297+
4. **Use short-lived sessions for CI/CD**
298+
```bash
299+
# Don't persist state in CI
300+
agent-browser open https://app.example.com/login
301+
# ... login and perform actions ...
302+
agent-browser close # Session ends, nothing persisted
303+
```

0 commit comments

Comments
 (0)