Browser Tools — Feature Specification
Branch: feature/chat-agent-file-navigation
Date: 2026-03-10
Status: Draft v2 — post architecture review
Owner: GAIA Team
1. Executive Summary
Add a lightweightBrowserToolsMixin to the GAIA ChatAgent that provides web browsing, content extraction, file downloading, and web search capabilities — without Playwright or any browser engine dependency. Uses requests + beautifulsoup4 (both already in GAIA’s dependency tree) for fast, headless HTTP-based web interaction.
This completes the ChatAgent’s data pipeline: find local files + browse the web + extract data + analyze with scratchpad.
2. Problem Statement
The ChatAgent can now navigate the local file system and analyze documents with the scratchpad. But users frequently need to:
Without browser tools, users must manually download files and feed them to the agent. This breaks the autonomous workflow.
3. Design Decisions
3.1 Why NOT Playwright/Selenium
Trade-off: We lose JavaScript-rendered content (SPAs, dynamic pages). For the ChatAgent’s use case (document download, data extraction, reference lookup), this is acceptable. 90%+ of useful web content is in the initial HTML response.
3.2 Key Design Principles
- No browser binary dependencies — pure Python HTTP + HTML parsing
- Tools return text, not screenshots — optimized for LLM consumption
- Rate limiting — prevent accidental DoS (1 req/sec per domain)
- Size limits — cap response sizes to avoid flooding LLM context
- Download to local filesystem — integrate with file system tools
- Timeout everything — 30-second default, configurable
- SSRF prevention — validate resolved IPs against private/reserved ranges
- Manual redirect following — validate each hop to prevent redirect-based SSRF
4. Tool Specification
4.1 fetch_page(url, extract, max_length)
Fetch a web page and extract its readable content.
text— Strip HTML tags, return readable text with headings preserved. Uses BeautifulSoupget_text()with separator formatting.html— Return raw HTML (truncated). Useful when user needs to see page structure.links— Extract all<a href>links with their text. Returns formatted list.tables— Extract HTML<table>elements and format as readable text tables.
4.2 search_web(query, num_results)
Search the web and return results.
- DuckDuckGo HTML — No API key needed, parse search results page
- Google Custom Search API — If user has configured API key
- Bing Search API — If user has configured API key
4.3 download_file(url, save_to, filename)
Download a file from the web to the local filesystem.
- Max file size: 100 MB (configurable)
- Streams download to disk (doesn’t load into memory)
- Validates path with
PathValidatorbefore writing - Returns file path + size for follow-up tool use
extract_page_data from v1 has been merged into fetch_page(extract="tables") to reduce tool count per review issue M3. The tables mode returns JSON-formatted data ready for insert_data().
5. Architecture
5.1 Component Diagram
5.2 WebClient Internal Class
Not a mixin — a utility class used byBrowserToolsMixin internally.
5.3 File Locations
6. Integration with ChatAgent
6.1 MRO Update
6.2 Config Additions
6.3 Tool Registration
6.4 Total Tool Count
After adding browser tools, the ChatAgent will have:
22 tools is manageable for Qwen3-Coder-30B. Tool names are intentionally distinct across categories to minimize selection confusion. Reduced from 4 to 3 browser tools by merging
extract_page_data into fetch_page(extract="tables").
7. Demo Workflows
7.1 Web Research + Local Analysis
7.2 Download + Analyze
7.3 Web Scraping + Scratchpad
8. Security
8.1 URL Validation (SSRF Prevention)
- Only
http://andhttps://schemes allowed - DNS resolution happens BEFORE connection — resolved IP is validated
- Blocks all RFC 1918 private ranges (
10.x,172.16-31.x,192.168.x) - Blocks loopback (
127.0.0.0/8), link-local (169.254.x.x— AWS/Azure/GCP metadata) - Blocks IPv6 private (
fc00::/7), link-local (fe80::/10), mapped (::ffff:127.0.0.1) - Redirects are followed manually (max 5 hops), each hop re-validated
- Prevents DNS rebinding by checking resolved IP, not hostname
8.2 Content Limits
8.3 Download Path Validation
- Filename sanitized via
_sanitize_filename()(prevents path traversal from Content-Disposition) - Final resolved path validated through
PathValidator.is_path_allowed() - Verify resolved path is still within
save_todirectory after path resolution
9. Dependencies
9.1 Required (already installed)
9.2 Optional
No new dependencies needed. Both
requests and beautifulsoup4 are already in the project.
10. Implementation Plan
Single phase — this is a focused, self-contained feature.- Create
src/gaia/agents/tools/browser_tools.py:WebClientutility class (rate limiting, timeouts, extraction)BrowserToolsMixinwithregister_browser_tools()containing 4 tools
- Update
src/gaia/agents/tools/__init__.pyto exportBrowserToolsMixin - Update
hub/agents/python/chat/gaia_agent_chat/agent.py:- Add
BrowserToolsMixinto class MRO - Add
enable_browser+ config fields toChatAgentConfig - Initialize
WebClientin__init__ - Call
register_browser_tools()in_register_tools() - Update system prompt with browser tool guidance
- Add
- Add unit tests:
tests/unit/test_browser_tools.py- Mock HTTP responses with
responseslibrary (already in dev deps) - Test URL validation (SSRF prevention)
- Test content extraction (text, links, tables)
- Test rate limiting
- Test download with size limits
- Mock HTTP responses with
- Format with black + isort