Files
Paul Klein 9c601ca172 feat: Add Stagehand-powered browser subagent (#1648)
* Add Stagehand-powered browser subagent

Adds a `browser` subagent that drives a real Chromium via the Stagehand
Python SDK directly (no MCP subprocess), exposing browser_navigate,
browser_act, browser_observe, browser_extract, and browser_close.

- Defaults to LOCAL mode (bundled engine + local Chromium); set
  STAGEHAND_ENV=BROWSERBASE to run the browser on Browserbase cloud.
- One session per agent thread, reused across tool calls.
- Tools are a no-op unless a model key (LOCAL) or Browserbase
  credentials are configured.
- Dockerfile installs chromium for LOCAL mode; docs in CUSTOMIZATION.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Harden Stagehand browser tools

* Format browser subagent wiring

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: open-swe[bot] <johannes@langchain.dev>
2026-06-30 12:33:25 -07:00

106 lines
4.2 KiB
Docker

FROM python:3.14.5-slim-trixie
ARG DOCKER_CLI_VERSION=5:29.1.5-1~debian.13~trixie
ARG NODEJS_VERSION=22.22.0-1nodesource1
ARG UV_VERSION=0.9.26
ARG YARN_VERSION=4.12.0
ARG GH_VERSION=2.83.1
ARG SFW_VERSION=2.0.6
ENV DEBIAN_FRONTEND=noninteractive
# Skip sfw's daily background update check at runtime. The check hits
# api.github.com/repos/SocketDev/sfw-free, which the sandbox proxy authenticates
# with the GitHub App installation token (no access to that repo), so it fails
# and the wrapper can't fall back to a binary it never managed to fetch. The
# initial download still runs at build time below, where egress is unrestricted.
ENV SFW_SKIP_UPDATE_CHECK=1
RUN apt-get update && apt-get install -y \
git \
curl \
wget \
ca-certificates \
gnupg \
lsb-release \
build-essential \
openssh-client \
jq \
unzip \
zip \
&& rm -rf /var/lib/apt/lists/*
RUN install -m 0755 -d /etc/apt/keyrings \
&& curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \
&& chmod a+r /etc/apt/keyrings/docker.asc \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo \"$VERSION_CODENAME\") stable" \
| tee /etc/apt/sources.list.d/docker.list > /dev/null \
&& apt-get update \
&& apt-get install -y "docker-ce-cli=${DOCKER_CLI_VERSION}" \
&& rm -rf /var/lib/apt/lists/*
RUN set -eux; \
arch="$(dpkg --print-architecture)"; \
case "${arch}" in \
amd64) gh_arch="amd64" ;; \
arm64) gh_arch="arm64" ;; \
*) echo "unsupported architecture: ${arch}" >&2; exit 1 ;; \
esac; \
curl -fsSL "https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_${gh_arch}.deb" -o /tmp/gh.deb; \
apt-get update; \
apt-get install -y /tmp/gh.deb; \
rm -rf /tmp/gh.deb /var/lib/apt/lists/*
RUN set -eux; \
arch="$(dpkg --print-architecture)"; \
case "${arch}" in \
amd64) uv_arch="x86_64-unknown-linux-gnu"; uv_sha256="30ccbf0a66dc8727a02b0e245c583ee970bdafecf3a443c1686e1b30ec4939e8" ;; \
arm64) uv_arch="aarch64-unknown-linux-gnu"; uv_sha256="f71040c59798f79c44c08a7a1c1af7de95a8d334ea924b47b67ad6b9632be270" ;; \
*) echo "unsupported architecture: ${arch}" >&2; exit 1 ;; \
esac; \
curl -fsSL "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-${uv_arch}.tar.gz" -o /tmp/uv.tar.gz; \
echo "${uv_sha256} /tmp/uv.tar.gz" | sha256sum -c -; \
tar -xzf /tmp/uv.tar.gz -C /tmp; \
install -m 0755 -d /root/.local/bin; \
install -m 0755 "/tmp/uv-${uv_arch}/uv" /root/.local/bin/uv; \
install -m 0755 "/tmp/uv-${uv_arch}/uvx" /root/.local/bin/uvx; \
rm -rf /tmp/uv.tar.gz "/tmp/uv-${uv_arch}"
ENV PATH=/root/.local/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
&& apt-get install -y "nodejs=${NODEJS_VERSION}" \
&& rm -rf /var/lib/apt/lists/* \
&& corepack enable \
&& corepack prepare "yarn@${YARN_VERSION}" --activate \
&& npm i -g "sfw@${SFW_VERSION}" \
&& sfw --version \
&& test -e "$(npm root -g)/sfw/.sfw-cache/latest"
# Chromium for Stagehand LOCAL browser mode (STAGEHAND_ENV=LOCAL). Skipped at
# runtime when STAGEHAND_ENV=BROWSERBASE (browser runs on Browserbase cloud).
RUN apt-get update \
&& apt-get install -y --no-install-recommends chromium \
&& rm -rf /var/lib/apt/lists/*
ENV STAGEHAND_LOCAL_CHROME_PATH=/usr/bin/chromium
ENV GO_VERSION=1.23.5
RUN curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-$(dpkg --print-architecture).tar.gz" | tar -C /usr/local -xz
ENV PATH=/usr/local/go/bin:/root/.local/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV GOPATH=/root/go
ENV PATH=/root/go/bin:/usr/local/go/bin:/root/.local/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
WORKDIR /workspace
RUN echo "=== Installed versions ===" \
&& python --version \
&& uv --version \
&& node --version \
&& yarn --version \
&& sfw --version \
&& go version \
&& docker --version \
&& git --version \
&& gh --version