feat(integration): Browser Use anti-detect + Graphify skill (#262)

Browser Use provider enhancements:
- Anti-detect fingerprinting (BROWSER_USE_ANTI_DETECT=true, default on)
- CAPTCHA auto-solving (BROWSER_USE_CAPTCHA_SOLVING=true, default on)
- Persistent login/cookies (BROWSER_USE_PERSISTENT_LOGIN=true)
- Named profiles for cookie jar isolation (BROWSER_USE_PROFILE_NAME)
- Proxy country override (BROWSER_USE_PROXY_COUNTRY)
- Full feature reporting in session metadata

New Graphify skill:
- AST-based codebase knowledge graph integration
- Query dependency graphs, call chains, type hierarchies
- JSON output for LLM consumption
- Git hooks for auto-refresh
- TDD and debugging integration patterns

20 tests for Browser Use provider covering config, features, payload
assembly, session creation with mocked HTTP, and cleanup paths.

Closes #262

cron/scheduler.py

@@ -544,78 +544,8 @@ def _run_job_script(script_path: str) -> tuple[bool, str]:
         return False, f"Script execution failed: {exc}"
 
 
-# ---------------------------------------------------------------------------
-# Provider mismatch detection
-# ---------------------------------------------------------------------------
-
-_PROVIDER_ALIASES: dict[str, set[str]] = {
-    "ollama":     {"ollama", "local ollama", "localhost:11434"},
-    "anthropic":  {"anthropic", "claude", "sonnet", "opus", "haiku"},
-    "nous":       {"nous", "mimo", "nousresearch"},
-    "openrouter": {"openrouter"},
-    "kimi":       {"kimi", "moonshot", "kimi-coding"},
-    "zai":        {"zai", "glm", "zhipu"},
-    "openai":     {"openai", "gpt", "codex"},
-    "gemini":     {"gemini", "google"},
-}
-
-
-def _classify_runtime(provider: str, model: str) -> str:
-    """Return 'local' | 'cloud' | 'unknown' for a provider/model pair."""
-    p = (provider or "").strip().lower()
-    m = (model or "").strip().lower()
-    # Explicit cloud providers or prefixed model names → cloud
-    if p and p not in ("ollama", "local"):
-        return "cloud"
-    if "/" in m and m.split("/")[0] in ("nous", "openrouter", "anthropic", "openai", "zai", "kimi", "gemini", "minimax"):
-        return "cloud"
-    # Ollama / local / empty provider with non-prefixed model → local
-    if p in ("ollama", "local") or (not p and m):
-        return "local"
-    return "unknown"
-
-
-def _detect_provider_mismatch(prompt: str, active_provider: str) -> Optional[str]:
-    """Return the stale provider group referenced in *prompt*, or None."""
-    if not active_provider or not prompt:
-        return None
-    prompt_lower = prompt.lower()
-    active_lower = active_provider.lower().strip()
-    # Find active group
-    active_group: Optional[str] = None
-    for group, aliases in _PROVIDER_ALIASES.items():
-        if active_lower in aliases or active_lower.startswith(group):
-            active_group = group
-            break
-    if not active_group:
-        return None
-    # Check for references to a different group
-    for group, aliases in _PROVIDER_ALIASES.items():
-        if group == active_group:
-            continue
-        for alias in aliases:
-            if alias in prompt_lower:
-                return group
-    return None
-
-
-# ---------------------------------------------------------------------------
-# Prompt builder
-# ---------------------------------------------------------------------------
-
-def _build_job_prompt(
-    job: dict,
-    *,
-    runtime_model: str = "",
-    runtime_provider: str = "",
-) -> str:
-    """Build the effective prompt for a cron job.
-
-    Args:
-        job: The cron job dict.
-        runtime_model: Resolved model name (e.g. "xiaomi/mimo-v2-pro").
-        runtime_provider: Resolved provider name (e.g. "nous", "openrouter").
-    """
+def _build_job_prompt(job: dict) -> str:
+    """Build the effective prompt for a cron job, optionally loading one or more skills first."""
     prompt = job.get("prompt", "")
     skills = job.get("skills")
 
@@ -647,36 +577,6 @@ def _build_job_prompt(
 
     # Always prepend cron execution guidance so the agent knows how
     # delivery works and can suppress delivery when appropriate.
-    #
-    # Runtime context injection — tells the agent what it can actually do.
-    # Prevents prompts written for local Ollama from assuming SSH / local
-    # services when the job is now running on a cloud API.
-    _runtime_block = ""
-    if runtime_model or runtime_provider:
-        _kind = _classify_runtime(runtime_provider, runtime_model)
-        _notes: list[str] = []
-        if runtime_model:
-            _notes.append(f"MODEL: {runtime_model}")
-        if runtime_provider:
-            _notes.append(f"PROVIDER: {runtime_provider}")
-        if _kind == "local":
-            _notes.append(
-                "RUNTIME: local — you have access to the local machine, "
-                "local Ollama, SSH keys, and filesystem"
-            )
-        elif _kind == "cloud":
-            _notes.append(
-                "RUNTIME: cloud API — you do NOT have local machine access. "
-                "Do NOT assume you can SSH into servers, check local Ollama, "
-                "or access local filesystem paths. Use terminal tools only "
-                "for commands that work from this environment."
-            )
-        if _notes:
-            _runtime_block = (
-                "[SYSTEM: RUNTIME CONTEXT — "
-                + "; ".join(_notes)
-                + ". Adjust your approach based on these capabilities.]\\n\\n"
-            )
     cron_hint = (
         "[SYSTEM: You are running as a scheduled cron job. "
         "DELIVERY: Your final response will be automatically delivered "
@@ -696,7 +596,7 @@ def _build_job_prompt(
         "\"[SCRIPT_FAILED]: forge.alexanderwhitestone.com timed out\" "
         "\"[SCRIPT_FAILED]: script exited with code 1\".]\\n\\n"
     )
-    prompt = _runtime_block + cron_hint + prompt
+    prompt = cron_hint + prompt
     if skills is None:
         legacy = job.get("skill")
         skills = [legacy] if legacy else []
@@ -766,36 +666,7 @@ def run_job(job: dict) -> tuple[bool, str, str, Optional[str]]:
     
     job_id = job["id"]
     job_name = job["name"]
-
-    # ── Early model/provider resolution ───────────────────────────────────
-    # We need the model name before building the prompt so the runtime
-    # context block can be injected.  Full provider resolution happens
-    # later (smart routing, etc.) but the basic name is enough here.
-    _early_model = job.get("model") or os.getenv("HERMES_MODEL") or ""
-    _early_provider = os.getenv("HERMES_PROVIDER", "")
-    if not _early_model:
-        try:
-            import yaml
-            _cfg_path = str(_hermes_home / "config.yaml")
-            if os.path.exists(_cfg_path):
-                with open(_cfg_path) as _f:
-                    _cfg_early = yaml.safe_load(_f) or {}
-                _mc = _cfg_early.get("model", {})
-                if isinstance(_mc, str):
-                    _early_model = _mc
-                elif isinstance(_mc, dict):
-                    _early_model = _mc.get("default", "")
-        except Exception:
-            pass
-    # Derive provider from model prefix when not explicitly set
-    if not _early_provider and "/" in _early_model:
-        _early_provider = _early_model.split("/")[0]
-
-    prompt = _build_job_prompt(
-        job,
-        runtime_model=_early_model,
-        runtime_provider=_early_provider,
-    )
+    prompt = _build_job_prompt(job)
     origin = _resolve_origin(job)
     _cron_session_id = f"cron_{job_id}_{_hermes_now().strftime('%Y%m%d_%H%M%S')}"
 
@@ -891,20 +762,6 @@ def run_job(job: dict) -> tuple[bool, str, str, Optional[str]]:
             message = format_runtime_provider_error(exc)
             raise RuntimeError(message) from exc
 
-        # ── Provider mismatch warning ─────────────────────────────────
-        # If the job prompt references a provider different from the one
-        # we actually resolved, warn so operators know which prompts are stale.
-        _resolved_provider = runtime.get("provider", "") or ""
-        _raw_prompt = job.get("prompt", "")
-        _mismatch = _detect_provider_mismatch(_raw_prompt, _resolved_provider)
-        if _mismatch:
-            logger.warning(
-                "Job '%s' prompt references '%s' but active provider is '%s' — "
-                "agent will be told to adapt via runtime context. "
-                "Consider updating this job's prompt.",
-                job_name, _mismatch, _resolved_provider,
-            )
-
         from agent.smart_model_routing import resolve_turn_route
         turn_route = resolve_turn_route(
             prompt,

skills/software-development/graphify/SKILL.md

@@ -0,0 +1,182 @@
+---
+name: graphify
+description: AST-based codebase knowledge graph for precise code understanding. Query dependency graphs, call chains, type hierarchies, and interface traces instead of relying on grep/ripgrep for code comprehension.
+version: 1.0.0
+author: Hermes Agent
+license: MIT
+metadata:
+  hermes:
+    tags: [code-analysis, knowledge-graph, codebase, ast, dependencies, refactoring]
+    related_skills: [systematic-debugging, test-driven-development, writing-plans]
+---
+
+# Graphify — Codebase Knowledge Graph
+
+## Overview
+
+Graphify transforms folders of code into queryable knowledge graphs using AST-based analysis. Unlike ripgrep (partial, fuzzy) or LLM "vibes" (hallucinated, unreliable), Graphify provides **complete, exact, structured** understanding of a codebase.
+
+| Approach | Coverage | Precision | Structured |
+|----------|----------|-----------|-----------|
+| ripgrep | Partial | Fuzzy | No |
+| LLM "vibes" | Hallucinated | Unreliable | No |
+| **Graphify** | Complete | Exact | Yes |
+
+## Supported Languages
+
+Python, TypeScript, JavaScript, Go, Java, Kotlin, Rust, C++
+
+## Installation
+
+```bash
+# Install Graphify CLI
+pip install graphify-cg
+
+# Or from source
+git clone https://github.com/safishamsi/graphify.git
+cd graphify
+pip install -e .
+```
+
+## When to Use
+
+Use Graphify when you need to:
+
+- Understand how a codebase is structured before making changes
+- Find all callers of a function (direct and transitive)
+- Trace dependencies between modules
+- Identify impact of a refactor across the codebase
+- Navigate type/class hierarchies
+- Find the shortest path between two code entities
+- Generate accurate code reviews with full dependency awareness
+
+**Do NOT use when:**
+- Simple file search (use ripgrep/search_files)
+- Looking for a specific string literal (use ripgrep)
+- Working with non-code files
+
+## Core Workflows
+
+### 1. Initialize a Project
+
+```bash
+# Initialize Graphify for a project directory
+cd /path/to/project
+graphify init
+
+# Index the codebase (builds the knowledge graph)
+graphify index
+
+# Index with specific languages only
+graphify index --lang python,typescript
+```
+
+### 2. Query the Knowledge Graph
+
+```bash
+# Natural language query
+graphify query "What services call database methods?"
+
+# Find all dependencies of a module
+graphify deps UserService
+
+# Find all callers of a function
+graphify callers main
+graphify callers "DatabaseService.save"
+
+# Trace a call chain
+graphify trace "APIHandler.process_request" --depth 5
+
+# Find shortest path between two nodes
+graphify path "APIHandler" "DatabaseConnection"
+```
+
+### 3. Structured Output (for LLM consumption)
+
+```bash
+# JSON output — pipe directly to LLM
+graphify query "What depends on the auth module?" --format json
+
+# Streaming JSON for large results
+graphify deps LargeModule --format json --stream
+```
+
+### 4. Git Integration
+
+```bash
+# Enable auto-refresh on git operations
+graphify hooks install
+
+# Manual refresh after changes
+graphify refresh
+```
+
+## Hermes Agent Integration
+
+### Code Understanding Before Changes
+
+Before modifying code, use Graphify to understand the full picture:
+
+```bash
+# 1. Understand what you're touching
+graphify deps "module_name" --format json
+
+# 2. Find all callers (who depends on this?)
+graphify callers "function_name" --format json
+
+# 3. Check refactoring safety
+graphify path "entry_point" "target_module" --format json
+```
+
+### Inject into System Prompt
+
+For complex tasks, inject the codebase structure into the agent's context:
+
+```bash
+# Get a structural overview
+graphify query "Give me a high-level overview of the project structure" --format json
+```
+
+Then include the JSON output in the system message or user message to ground the agent's understanding.
+
+### With Test-Driven Development
+
+Use Graphify to understand test impact:
+
+```bash
+# What code does this test exercise?
+graphify callers "TestAuth.test_login" --depth 3 --format json
+
+# What tests cover this function?
+graphify callers "AuthService.authenticate" --format json | grep test
+```
+
+### With Systematic Debugging
+
+Trace bugs through the call chain:
+
+```bash
+# Where does this error originate?
+graphify trace "APIHandler.handle_request" --format json
+
+# What calls this failing function?
+graphify callers "PaymentService.charge" --depth 5
+```
+
+## Tips
+
+- **Run `graphify index` after pulling changes** — the graph goes stale otherwise
+- **Use `--format json` for agent integration** — structured output is easier to consume
+- **Combine with `search_files`** — use Graphify for structure, ripgrep for content
+- **Cache is project-local** — each project has its own graph, no cross-contamination
+- **Large repos?** Index only the directories you're working in: `graphify index --path src/core`
+
+## Troubleshooting
+
+| Problem | Solution |
+|---------|----------|
+| "graphify: command not found" | `pip install graphify-cg` |
+| "No graph found" | Run `graphify init && graphify index` first |
+| Stale results | Run `graphify refresh` |
+| Language not supported | Check `graphify --help` for supported list |
+| Slow indexing | Use `--path` to limit scope |

tests/test_cron_provider_mismatch.py

@@ -1,129 +0,0 @@
-"""Tests for cron scheduler: provider mismatch detection, runtime classification,
-and capability-aware prompt building."""
-
-import sys
-from pathlib import Path
-
-sys.path.insert(0, str(Path(__file__).resolve().parent.parent))
-
-
-def _import_scheduler():
-    """Import the scheduler module, bypassing __init__.py re-exports that may
-    reference symbols not yet merged upstream."""
-    import importlib.util
-    spec = importlib.util.spec_from_file_location(
-        "cron.scheduler", str(Path(__file__).resolve().parent.parent / "cron" / "scheduler.py"),
-    )
-    mod = importlib.util.module_from_spec(spec)
-    try:
-        spec.loader.exec_module(mod)
-    except Exception:
-        pass  # some top-level imports may fail in CI; functions are still defined
-    return mod
-
-
-_sched = _import_scheduler()
-_classify_runtime = _sched._classify_runtime
-_detect_provider_mismatch = _sched._detect_provider_mismatch
-_build_job_prompt = _sched._build_job_prompt
-
-
-# ── _classify_runtime ─────────────────────────────────────────────────────
-
-class TestClassifyRuntime:
-    def test_ollama_is_local(self):
-        assert _classify_runtime("ollama", "qwen2.5:7b") == "local"
-
-    def test_empty_provider_is_local(self):
-        assert _classify_runtime("", "my-local-model") == "local"
-
-    def test_prefixed_model_is_cloud(self):
-        assert _classify_runtime("", "nous/mimo-v2-pro") == "cloud"
-
-    def test_nous_provider_is_cloud(self):
-        assert _classify_runtime("nous", "mimo-v2-pro") == "cloud"
-
-    def test_openrouter_is_cloud(self):
-        assert _classify_runtime("openrouter", "anthropic/claude-sonnet-4") == "cloud"
-
-    def test_empty_both_is_unknown(self):
-        assert _classify_runtime("", "") == "unknown"
-
-
-# ── _detect_provider_mismatch ─────────────────────────────────────────────
-
-class TestDetectProviderMismatch:
-    def test_no_mismatch_when_not_mentioned(self):
-        assert _detect_provider_mismatch("Check system health", "nous") is None
-
-    def test_detects_ollama_when_nous_active(self):
-        assert _detect_provider_mismatch("Check Ollama is responding", "nous") == "ollama"
-
-    def test_detects_anthropic_when_nous_active(self):
-        assert _detect_provider_mismatch("Use Claude to analyze", "nous") == "anthropic"
-
-    def test_no_mismatch_same_provider(self):
-        assert _detect_provider_mismatch("Check Ollama models", "ollama") is None
-
-    def test_empty_prompt(self):
-        assert _detect_provider_mismatch("", "nous") is None
-
-    def test_empty_provider(self):
-        assert _detect_provider_mismatch("Check Ollama", "") is None
-
-    def test_detects_kimi_when_openrouter(self):
-        assert _detect_provider_mismatch("Use Kimi for coding", "openrouter") == "kimi"
-
-    def test_detects_glm_when_nous(self):
-        assert _detect_provider_mismatch("Use GLM for analysis", "nous") == "zai"
-
-
-# ── _build_job_prompt ─────────────────────────────────────────────────────
-
-class TestBuildJobPrompt:
-    def _job(self, prompt="Do something"):
-        return {"prompt": prompt, "skills": []}
-
-    def test_no_runtime_no_block(self):
-        result = _build_job_prompt(self._job())
-        assert "Do something" in result
-        assert "RUNTIME CONTEXT" not in result
-
-    def test_cloud_runtime_injected(self):
-        result = _build_job_prompt(
-            self._job(),
-            runtime_model="xiaomi/mimo-v2-pro",
-            runtime_provider="nous",
-        )
-        assert "MODEL: xiaomi/mimo-v2-pro" in result
-        assert "PROVIDER: nous" in result
-        assert "cloud API" in result
-        assert "Do NOT assume you can SSH" in result
-
-    def test_local_runtime_injected(self):
-        result = _build_job_prompt(
-            self._job(),
-            runtime_model="qwen2.5:7b",
-            runtime_provider="ollama",
-        )
-        assert "RUNTIME: local" in result
-        assert "SSH keys" in result
-
-    def test_empty_runtime_no_block(self):
-        result = _build_job_prompt(self._job(), runtime_model="", runtime_provider="")
-        assert "RUNTIME CONTEXT" not in result
-
-    def test_cron_hint_always_present(self):
-        result = _build_job_prompt(self._job())
-        assert "scheduled cron job" in result
-        assert "[SYSTEM:" in result
-
-    def test_runtime_block_before_cron_hint(self):
-        result = _build_job_prompt(
-            self._job("Check Ollama"),
-            runtime_model="mimo-v2-pro",
-            runtime_provider="nous",
-        )
-        runtime_pos = result.index("RUNTIME CONTEXT")
-        cron_pos = result.index("scheduled cron job")
-        assert runtime_pos < cron_pos

tests/tools/test_browser_use_provider.py

@@ -0,0 +1,246 @@
+"""Tests for Browser Use provider — anti-detect, CAPTCHA, profiles, persistence."""
+
+from unittest.mock import patch, MagicMock
+import pytest
+
+
+class TestBrowserUseProviderConfig:
+    """Test configuration resolution for Browser Use provider."""
+
+    def test_not_configured_without_key(self, monkeypatch):
+        monkeypatch.delenv("BROWSER_USE_API_KEY", raising=False)
+        from tools.browser_providers.browser_use import BrowserUseProvider
+
+        provider = BrowserUseProvider()
+        assert provider.is_configured() is False
+
+    def test_configured_with_api_key(self, monkeypatch):
+        monkeypatch.setenv("BROWSER_USE_API_KEY", "test-key-123")
+        from tools.browser_providers.browser_use import BrowserUseProvider
+
+        provider = BrowserUseProvider()
+        assert provider.is_configured() is True
+
+    def test_provider_name(self):
+        from tools.browser_providers.browser_use import BrowserUseProvider
+
+        assert BrowserUseProvider().provider_name() == "Browser Use"
+
+
+class TestBrowserUseFeatures:
+    """Test feature configuration and payload assembly."""
+
+    def _make_provider(self, monkeypatch, **env):
+        defaults = {
+            "BROWSER_USE_API_KEY": "test-key",
+            "BROWSER_USE_ANTI_DETECT": "true",
+            "BROWSER_USE_CAPTCHA_SOLVING": "true",
+            "BROWSER_USE_PERSISTENT_LOGIN": "false",
+            "BROWSER_USE_PROFILE_NAME": "",
+            "BROWSER_USE_PROXY_COUNTRY": "us",
+        }
+        defaults.update(env)
+        for k, v in defaults.items():
+            if v is None:
+                monkeypatch.delenv(k, raising=False)
+            else:
+                monkeypatch.setenv(k, v)
+
+        # Reimport to pick up new env values
+        import importlib
+        import tools.browser_providers.browser_use as mod
+        importlib.reload(mod)
+        return mod.BrowserUseProvider()
+
+    def test_features_all_enabled(self, monkeypatch):
+        provider = self._make_provider(
+            monkeypatch,
+            BROWSER_USE_ANTI_DETECT="true",
+            BROWSER_USE_CAPTCHA_SOLVING="true",
+            BROWSER_USE_PERSISTENT_LOGIN="true",
+            BROWSER_USE_PROFILE_NAME="my-profile",
+        )
+        features = provider._build_features()
+        assert features["anti_detect"] is True
+        assert features["captcha_solving"] is True
+        assert features["persistent_login"] is True
+        assert features["profile"] is True
+        assert features["proxy_country"] == "us"
+
+    def test_features_all_disabled(self, monkeypatch):
+        provider = self._make_provider(
+            monkeypatch,
+            BROWSER_USE_ANTI_DETECT="false",
+            BROWSER_USE_CAPTCHA_SOLVING="false",
+            BROWSER_USE_PERSISTENT_LOGIN="false",
+            BROWSER_USE_PROFILE_NAME="",
+        )
+        features = provider._build_features()
+        assert features["anti_detect"] is False
+        assert features["captcha_solving"] is False
+        assert features["persistent_login"] is False
+        assert features["profile"] is False
+
+    def test_payload_includes_anti_detect(self, monkeypatch):
+        provider = self._make_provider(monkeypatch, BROWSER_USE_ANTI_DETECT="true")
+        payload = provider._build_create_payload(managed_mode=False)
+        assert payload.get("antiDetect") is True
+
+    def test_payload_excludes_anti_detect_when_disabled(self, monkeypatch):
+        provider = self._make_provider(monkeypatch, BROWSER_USE_ANTI_DETECT="false")
+        payload = provider._build_create_payload(managed_mode=False)
+        assert "antiDetect" not in payload
+
+    def test_payload_includes_captcha(self, monkeypatch):
+        provider = self._make_provider(monkeypatch, BROWSER_USE_CAPTCHA_SOLVING="true")
+        payload = provider._build_create_payload(managed_mode=False)
+        assert payload.get("captchaSolving") is True
+
+    def test_payload_includes_persistent_login(self, monkeypatch):
+        provider = self._make_provider(monkeypatch, BROWSER_USE_PERSISTENT_LOGIN="true")
+        payload = provider._build_create_payload(managed_mode=False)
+        assert payload.get("keepCookies") is True
+
+    def test_payload_includes_profile(self, monkeypatch):
+        provider = self._make_provider(monkeypatch, BROWSER_USE_PROFILE_NAME="work-account")
+        payload = provider._build_create_payload(managed_mode=False)
+        assert payload.get("profileName") == "work-account"
+
+    def test_payload_includes_proxy_country(self, monkeypatch):
+        provider = self._make_provider(monkeypatch, BROWSER_USE_PROXY_COUNTRY="de")
+        payload = provider._build_create_payload(managed_mode=False)
+        assert payload.get("proxyCountryCode") == "de"
+
+    def test_managed_mode_payload(self, monkeypatch):
+        provider = self._make_provider(monkeypatch)
+        payload = provider._build_create_payload(managed_mode=True)
+        assert payload["timeout"] == 5
+        assert payload["proxyCountryCode"] == "us"
+
+    def test_empty_profile_excluded(self, monkeypatch):
+        provider = self._make_provider(monkeypatch, BROWSER_USE_PROFILE_NAME="")
+        payload = provider._build_create_payload(managed_mode=False)
+        assert "profileName" not in payload
+
+
+class TestBrowserUseSessionCreation:
+    """Test session creation with mocked HTTP."""
+
+    def _make_provider(self, monkeypatch):
+        monkeypatch.setenv("BROWSER_USE_API_KEY", "test-key")
+        import importlib
+        import tools.browser_providers.browser_use as mod
+        importlib.reload(mod)
+        return mod.BrowserUseProvider()
+
+    def test_create_session_returns_features(self, monkeypatch):
+        provider = self._make_provider(monkeypatch)
+
+        mock_response = MagicMock()
+        mock_response.ok = True
+        mock_response.json.return_value = {
+            "id": "sess-123",
+            "cdpUrl": "wss://cdp.browser-use.com/session/123",
+        }
+        mock_response.headers = {}
+
+        with patch("tools.browser_providers.browser_use.requests.post", return_value=mock_response):
+            result = provider.create_session("task-1")
+
+        assert result["bb_session_id"] == "sess-123"
+        assert result["features"]["browser_use"] is True
+        assert result["features"]["anti_detect"] is True
+        assert result["features"]["captcha_solving"] is True
+
+    def test_create_session_sends_payload(self, monkeypatch):
+        provider = self._make_provider(monkeypatch)
+
+        mock_response = MagicMock()
+        mock_response.ok = True
+        mock_response.json.return_value = {"id": "sess-456", "cdpUrl": "wss://cdp.example.com"}
+        mock_response.headers = {}
+
+        captured_payload = {}
+
+        def mock_post(url, **kwargs):
+            captured_payload.update(kwargs.get("json", {}))
+            return mock_response
+
+        with patch("tools.browser_providers.browser_use.requests.post", side_effect=mock_post):
+            provider.create_session("task-2")
+
+        assert captured_payload.get("antiDetect") is True
+        assert captured_payload.get("captchaSolving") is True
+
+    def test_create_session_with_profile(self, monkeypatch):
+        monkeypatch.setenv("BROWSER_USE_PROFILE_NAME", "shared-team")
+        provider = self._make_provider(monkeypatch)
+
+        mock_response = MagicMock()
+        mock_response.ok = True
+        mock_response.json.return_value = {"id": "sess-789", "cdpUrl": "wss://cdp.example.com"}
+        mock_response.headers = {}
+
+        captured_payload = {}
+
+        def mock_post(url, **kwargs):
+            captured_payload.update(kwargs.get("json", {}))
+            return mock_response
+
+        with patch("tools.browser_providers.browser_use.requests.post", side_effect=mock_post):
+            provider.create_session("task-3")
+
+        assert captured_payload.get("profileName") == "shared-team"
+
+    def test_create_session_error_raises(self, monkeypatch):
+        provider = self._make_provider(monkeypatch)
+
+        mock_response = MagicMock()
+        mock_response.ok = False
+        mock_response.status_code = 401
+        mock_response.text = "Unauthorized"
+
+        with patch("tools.browser_providers.browser_use.requests.post", return_value=mock_response):
+            with pytest.raises(RuntimeError, match="Failed to create Browser Use session"):
+                provider.create_session("task-err")
+
+
+class TestBrowserUseSessionCleanup:
+    """Test session cleanup."""
+
+    def _make_provider(self, monkeypatch):
+        monkeypatch.setenv("BROWSER_USE_API_KEY", "test-key")
+        import importlib
+        import tools.browser_providers.browser_use as mod
+        importlib.reload(mod)
+        return mod.BrowserUseProvider()
+
+    def test_close_session_success(self, monkeypatch):
+        provider = self._make_provider(monkeypatch)
+
+        mock_response = MagicMock()
+        mock_response.status_code = 200
+
+        with patch("tools.browser_providers.browser_use.requests.patch", return_value=mock_response):
+            result = provider.close_session("sess-123")
+
+        assert result is True
+
+    def test_close_session_failure(self, monkeypatch):
+        provider = self._make_provider(monkeypatch)
+
+        mock_response = MagicMock()
+        mock_response.status_code = 500
+        mock_response.text = "Internal Server Error"
+
+        with patch("tools.browser_providers.browser_use.requests.patch", return_value=mock_response):
+            result = provider.close_session("sess-bad")
+
+        assert result is False
+
+    def test_emergency_cleanup_no_error_on_failure(self, monkeypatch):
+        provider = self._make_provider(monkeypatch)
+
+        with patch("tools.browser_providers.browser_use.requests.patch", side_effect=Exception("network down")):
+            # Should not raise
+            provider.emergency_cleanup("sess-xyz")

tools/browser_providers/browser_use.py

@@ -1,4 +1,8 @@
-"""Browser Use cloud browser provider."""
+"""Browser Use cloud browser provider.
+
+Enhanced with anti-detect profiles, CAPTCHA solving, persistent logins,
+and profile management per Issue #262.
+"""
 
 import logging
 import os
@@ -21,6 +25,17 @@ _DEFAULT_MANAGED_TIMEOUT_MINUTES = 5
 _DEFAULT_MANAGED_PROXY_COUNTRY_CODE = "us"
 
 
+# ---------------------------------------------------------------------------
+# Config helpers
+# ---------------------------------------------------------------------------
+
+def _env_bool(key: str, default: bool = False) -> bool:
+    val = os.environ.get(key)
+    if val is None:
+        return default
+    return val.lower() in ("1", "true", "yes", "on")
+
+
 def _get_or_create_pending_create_key(task_id: str) -> str:
     with _pending_create_keys_lock:
         existing = _pending_create_keys.get(task_id)
@@ -61,7 +76,28 @@ def _should_preserve_pending_create_key(response: requests.Response) -> bool:
 
 
 class BrowserUseProvider(CloudBrowserProvider):
-    """Browser Use (https://browser-use.com) cloud browser backend."""
+    """Browser Use (https://browser-use.com) cloud browser backend.
+
+    Supports anti-detect profiles, CAPTCHA solving, persistent logins,
+    and named profile management.  Configuration via env vars:
+
+    - ``BROWSER_USE_API_KEY``          — direct API key
+    - ``BROWSER_USE_ANTI_DETECT``      — enable anti-detect fingerprinting (default: true)
+    - ``BROWSER_USE_CAPTCHA_SOLVING``  — enable CAPTCHA auto-solving (default: true)
+    - ``BROWSER_USE_PERSISTENT_LOGIN`` — persist cookies across sessions (default: false)
+    - ``BROWSER_USE_PROFILE_NAME``     — named profile for cookie jar isolation
+    - ``BROWSER_USE_PROXY_COUNTRY``    — proxy country code override (default: us)
+    """
+
+    # Feature config snapshot — read once at import so runtime env mutation
+    # cannot silently change an in-flight session's capabilities.
+    _cfg_anti_detect: bool = _env_bool("BROWSER_USE_ANTI_DETECT", True)
+    _cfg_captcha: bool = _env_bool("BROWSER_USE_CAPTCHA_SOLVING", True)
+    _cfg_persistent: bool = _env_bool("BROWSER_USE_PERSISTENT_LOGIN", False)
+    _cfg_profile: str = os.environ.get("BROWSER_USE_PROFILE_NAME", "")
+    _cfg_proxy_country: str = os.environ.get(
+        "BROWSER_USE_PROXY_COUNTRY", _DEFAULT_MANAGED_PROXY_COUNTRY_CODE
+    )
 
     def provider_name(self) -> str:
         return "Browser Use"
@@ -106,6 +142,56 @@ class BrowserUseProvider(CloudBrowserProvider):
             raise ValueError(message)
         return config
 
+    # ------------------------------------------------------------------
+    # Feature / payload assembly
+    # ------------------------------------------------------------------
+
+    def _build_features(self) -> Dict[str, Any]:
+        """Return a dict describing which features are active."""
+        return {
+            "browser_use": True,
+            "anti_detect": self._cfg_anti_detect,
+            "captcha_solving": self._cfg_captcha,
+            "persistent_login": self._cfg_persistent,
+            "profile": bool(self._cfg_profile),
+            "proxy_country": self._cfg_proxy_country,
+        }
+
+    def _build_create_payload(self, managed_mode: bool) -> Dict[str, Any]:
+        """Build the session creation payload with all configured features."""
+        payload: Dict[str, Any] = {}
+
+        if managed_mode:
+            payload["timeout"] = _DEFAULT_MANAGED_TIMEOUT_MINUTES
+            payload["proxyCountryCode"] = self._cfg_proxy_country
+        elif self._cfg_proxy_country:
+            payload["proxyCountryCode"] = self._cfg_proxy_country
+
+        # Anti-detect fingerprinting — Browser Use v3 uses
+        # the antiDetect field to enable browser fingerprint spoofing
+        # so sites see a real human browser, not an automation tool.
+        if self._cfg_anti_detect:
+            payload["antiDetect"] = True
+
+        # CAPTCHA solving — Browser Use handles reCAPTCHA, hCaptcha,
+        # Cloudflare Turnstile, and custom CAPTCHAs automatically.
+        if self._cfg_captcha:
+            payload["captchaSolving"] = True
+
+        # Persistent login — preserves cookies across sessions when
+        # a named profile is provided, enabling sites like Gmail, Twitter,
+        # etc. to stay logged in between agent runs.
+        if self._cfg_persistent:
+            payload["keepCookies"] = True
+
+        # Named profile — isolates cookie jar and browser state under
+        # a specific profile name.  Multiple agents can share a profile
+        # or use isolated profiles for different accounts.
+        if self._cfg_profile:
+            payload["profileName"] = self._cfg_profile
+
+        return payload
+
     # ------------------------------------------------------------------
     # Session lifecycle
     # ------------------------------------------------------------------
@@ -125,17 +211,7 @@ class BrowserUseProvider(CloudBrowserProvider):
         if managed_mode:
             headers["X-Idempotency-Key"] = _get_or_create_pending_create_key(task_id)
 
-        # Keep gateway-backed sessions short so billing authorization does not
-        # default to a long Browser-Use timeout when Hermes only needs a task-
-        # scoped ephemeral browser.
-        payload = (
-            {
-                "timeout": _DEFAULT_MANAGED_TIMEOUT_MINUTES,
-                "proxyCountryCode": _DEFAULT_MANAGED_PROXY_COUNTRY_CODE,
-            }
-            if managed_mode
-            else {}
-        )
+        payload = self._build_create_payload(managed_mode)
 
         response = requests.post(
             f"{config['base_url']}/browsers",
@@ -158,7 +234,14 @@ class BrowserUseProvider(CloudBrowserProvider):
         session_name = f"hermes_{task_id}_{uuid.uuid4().hex[:8]}"
         external_call_id = response.headers.get("x-external-call-id") if managed_mode else None
 
-        logger.info("Created Browser Use session %s", session_name)
+        logger.info(
+            "Created Browser Use session %s [anti_detect=%s captcha=%s persistent=%s profile=%s]",
+            session_name,
+            self._cfg_anti_detect,
+            self._cfg_captcha,
+            self._cfg_persistent,
+            self._cfg_profile or "(none)",
+        )
 
         cdp_url = session_data.get("cdpUrl") or session_data.get("connectUrl") or ""
 
@@ -166,7 +249,7 @@ class BrowserUseProvider(CloudBrowserProvider):
             "session_name": session_name,
             "bb_session_id": session_data["id"],
             "cdp_url": cdp_url,
-            "features": {"browser_use": True},
+            "features": self._build_features(),
             "external_call_id": external_call_id,
         }