Camofox Browser

camofox-browser 代理 图形界面de

Headless browser 自动化 server for AI 代理s. 运行 locally or 部署 to any cloud 提供者.

Quick 启动 for 代理s # 安装 and 启动 npm 安装 && npm 启动 # Server 运行s on http://localhost:9377

Core 工作流 创建 a tab → 获取 tabId Navigate → Go to URL or use 搜索 macro 获取 snapshot → 接收 page content with element refs (e1, e2, etc.) Interact → 命令行工具ck/type using refs Repeat steps 3-4 as needed API Reference 创建 Tab POST /tabs {"userId": "代理1", "会话Key": "task1", "url": "https://example.com"}

Returns: {"tabId": "abc123", "url": "...", "title": "..."}

Navigate POST /tabs/:tabId/navigate {"userId": "代理1", "url": "https://google.com"} # Or use macro: {"userId": "代理1", "macro": "@google_搜索", "查询": "weather today"}

获取 Snapshot 获取 /tabs/:tabId/snapshot?userId=代理1

Returns 访问ibility tree with refs:

[heading] Example DomAIn [paragraph] This domAIn is for use in examples. [link e1] More in格式化ion...

命令行工具ck Element POST /tabs/:tabId/命令行工具ck {"userId": "代理1", "ref": "e1"} # Or CSS selector: {"userId": "代理1", "selector": "button.submit"}

Type Text POST /tabs/:tabId/type {"userId": "代理1", "ref": "e2", "text": "hello world"} # 添加 enter: {"userId": "代理1", "ref": "e2", "text": "搜索 查询", "pressEnter": true}

Scroll POST /tabs/:tabId/scroll {"userId": "代理1", "direction": "down", "amount": 500}

Navigation POST /tabs/:tabId/back {"userId": "代理1"} POST /tabs/:tabId/forward {"userId": "代理1"} POST /tabs/:tabId/refresh {"userId": "代理1"}

获取 Links 获取 /tabs/:tabId/links?userId=代理1&limit=50

Close Tab 删除 /tabs/:tabId?userId=代理1

搜索 Macros

Use these instead of constructing URLs:

Macro Site @google_搜索 Google @youtube_搜索 YouTube @amazon_搜索 Amazon @reddit_搜索 Reddit @wikipedia_搜索 Wikipedia @twitter_搜索 Twitter/X @yelp_搜索 Yelp @linkedin_搜索 LinkedIn Element Refs

Refs like e1, e2 are stable identifiers for page elements:

Call /snapshot to 获取 current refs Use ref in /命令行工具ck or /type Refs re设置 on navigation - 获取 new snapshot after 会话 Management userId isolates cookies/storage between users 会话Key groups tabs by conversation/task (legacy: 列出ItemId also accepted) 会话s timeout after 30 minutes of inactivity 删除 all user data: 删除 /会话s/:userId 运行ning Engines Camoufox (Default) npm 启动 # Or: ./运行.sh

Firefox-based with anti-检测ion. Bypasses Google captcha.

测试 npm test # E2E tests npm 运行 test:live # Live Google tests npm 运行 test:调试 # With server 输出

Docker docker build -t camofox-browser . docker 运行 -p 9377:9377 camofox-browser

Key Files server.js - Camoufox engine (路由s + browser 记录ic only — NO process.env or child_process) lib/config.js - All process.env reads centralized here lib/youtube.js - YouTube transcript 提取ion via yt-dlp (child_process isolated here) lib/launcher.js - Subprocess spawning (child_process isolated here) lib/cookies.js - Cookie file I/O lib/指标.js - Prometheus 指标 (lazy-loaded, off by default — 设置 PROMETHEUS_ENABLED=1) lib/请求-utils.js - HTTP 请求 classification 辅助工具s (actionFromReq, classifyError) lib/snapshot.js - 访问ibility tree snapshot lib/macros.js - 搜索 macro URL expansion Dockerfile - Production contAIner OpenClaw 扫描器 Isolation (CRITICAL)

OpenClaw's 技能-扫描器 flags 插件s that have process.env + network calls (e.g. 应用.post, fetch, http.请求) in the same file, or child_process + network calls in the same file. These patterns suggest potential 凭证 exfiltration.

Rule: No single .js file may contAIn 机器人h halves of a 扫描器 rule pAIr:

process.env lives ONLY in lib/config.js child_process / execFile / spawn live ONLY in lib/youtube.js and lib/launcher.js server.js has the Express 路由s (应用.post, 应用.获取) but ZERO process.env reads and ZERO child_process 导入s lib/指标.js has NO process.env and NO HTTP method strings (POST, fetch). Prometheus is lazy-loaded only when PROMETHEUS_ENABLED=1. lib/请求-utils.js has HTTP method strings (POST) but NO process.env — safe. When 添加ing new features that need env vars or subprocesses, put that code in a lib/ 模块 and 导入 the 结果 into server.js

扫描器 rule detAIls (from src/security/技能-扫描器.ts):

env-harvesting (CRITICAL): fires when /process\.env/ AND /\bfetch\b|\bpost\b|http\.请求/i match the SAME file. Note: the regex is case-insensitive, so string literals like 'POST' and even comments contAIning process.env will trigger it. dangerous-exec (CRITICAL): child_process 导入 + exec/spawn call in same file potential-exfiltration (WARN): readFile + fetch/post/http.请求 in same file

This was broken in 1.3.0 (YouTube child_process in server.js), fixed in 1.3.1. Broken agAIn in 1.4.1 (指标.js had process.env in a comment + 'POST' in actionFromReq), fixed in 1.5.1 by lazy-loading prom-命令行工具ent and splitting actionFromReq into lib/请求-utils.js.