browser-login

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Browser Login

浏览器登录

Authenticate against a target site once, then vault the resulting session credentials so subsequent skills (

browser-extract

browser-form-fill

browser-test

) can reuse them without re-driving the auth flow. Borrows the pattern from Browserbase's

cookie-sync/SKILL.md

but stores the resulting context in AgentDB rather than on a hosted backend.

只需针对目标站点执行一次认证，然后存储生成的会话凭证，这样后续技能（

browser-extract

、

browser-form-fill

、

browser-test

）无需重新执行认证流程即可复用这些凭证。该模式借鉴自Browserbase的

cookie-sync/SKILL.md

，但将生成的上下文存储在AgentDB中，而非托管后端。

When to use

使用场景

Establishing reusable auth for a host the agent will visit repeatedly.
Refreshing a vaulted cookie set whose expiry has passed.
Capturing an MFA-protected session that requires interactive completion.

为Agent需要重复访问的主机建立可复用的认证机制。
刷新已过期的存储Cookie集合。
捕获需要交互式完成的MFA保护会话。

Steps

步骤

Open a recorded session via
```
browser-record
```
.
Drive the auth flow — fill credentials with
```
browser_fill
```
/
```
browser_type
```
. Credentials come from the user or environment; do not read them from
```
.env
```
or paste them into the trajectory args.
Handle MFA (when
```
--mfa
```
): pause for user input or invoke the user's TOTP helper; capture only the resulting redirect, not the code itself.

Capture cookies via

browser_eval

javascript

document.cookie  // returns the cookie string for the active document

Or use the Playwright context API where exposed.

AIDefence sanitize:
bash
```
# Each cookie value passes aidefence_scan to flag raw secrets / high-entropy tokens.
```
Tokens that look raw get vault-wrapped (an opaque handle) before AgentDB store; raw values never enter the namespace.

Store in
browser-cookies
:

bash

npx -y @claude-flow/cli@latest memory store --namespace browser-cookies \
  --key "<host>" \
  --value "{vault_handle:<opaque>, expiry:<iso>, aidefence_verdict:safe}"

Return the vault handle so downstream skills can mount it via the planned
```
browser_cookie_use
```
MCP tool.

通过
browser-record
打开录制会话。
执行认证流程——使用
```
browser_fill
```
/
```
browser_type
```
填写凭证。凭证来自用户或环境；请勿从
```
.env
```
读取或粘贴到轨迹参数中。
处理MFA（当使用
```
--mfa
```
参数时）：暂停等待用户输入或调用用户的TOTP助手；仅捕获最终的重定向，而非验证码本身。
通过
browser_eval
捕获Cookie：
javascript
```
document.cookie  // 返回当前文档的Cookie字符串
```
或使用已暴露的Playwright上下文API。
AIDefence清理：
bash
```
# 每个Cookie值都会经过aidefence_scan检查，标记原始密钥/高熵令牌。
```
看起来是原始值的令牌会先进行存储封装（一个不透明句柄），再存入AgentDB；原始值绝不会进入命名空间。

存储到
browser-cookies
：

bash

npx -y @claude-flow/cli@latest memory store --namespace browser-cookies \
  --key "<host>" \
  --value "{vault_handle:<opaque>, expiry:<iso>, aidefence_verdict:safe}"

返回存储句柄，以便下游技能通过规划中的
```
browser_cookie_use
```
MCP工具加载它。

Caveats

注意事项

Never log raw cookie values, tokens, or passwords. The trajectory step for the auth POST records only the form field names and a
```
<redacted>
```
placeholder for values.
The
```
browser_cookie_use
```
MCP tool is reserved (ADR-0001 §7) but not yet implemented. Until then, downstream skills mount the vaulted cookies via a helper bash function in
```
scripts/
```
(TBD).
Some sites bind cookies to a UA fingerprint; if a vaulted cookie fails on reuse, re-run
```
browser-login
```
. Do not attempt to fingerprint-match yourself.
This skill is not a credential storage solution. The vault-handle pattern protects against AgentDB leaks, not against compromise of the agent's environment.

切勿记录原始Cookie值、令牌或密码。认证POST的轨迹步骤仅记录表单字段名称，值则用
```
<redacted>
```
占位符替代。
```
browser_cookie_use
```
MCP工具已预留（ADR-0001 §7）但尚未实现。在此之前，下游技能通过
```
scripts/
```
中的辅助bash函数加载存储的Cookie（待完成）。
部分站点会将Cookie与UA指纹绑定；如果存储的Cookie复用失败，请重新运行
```
browser-login
```
。请勿尝试自行匹配指纹。
本技能并非凭证存储解决方案。存储句柄模式可防止AgentDB泄露，但无法防范Agent环境被攻陷的风险。