Skip to main content

Browser Tools — Feature Specification

Branch: feature/chat-agent-file-navigation Date: 2026-03-10 Status: Draft v2 — post architecture review Owner: GAIA Team

1. Executive Summary

Add a lightweight BrowserToolsMixin to the GAIA ChatAgent that provides web browsing, content extraction, file downloading, and web search capabilities — without Playwright or any browser engine dependency. Uses requests + beautifulsoup4 (both already in GAIA’s dependency tree) for fast, headless HTTP-based web interaction. This completes the ChatAgent’s data pipeline: find local files + browse the web + extract data + analyze with scratchpad.

2. Problem Statement

The ChatAgent can now navigate the local file system and analyze documents with the scratchpad. But users frequently need to: Without browser tools, users must manually download files and feed them to the agent. This breaks the autonomous workflow.

3. Design Decisions

3.1 Why NOT Playwright/Selenium

Trade-off: We lose JavaScript-rendered content (SPAs, dynamic pages). For the ChatAgent’s use case (document download, data extraction, reference lookup), this is acceptable. 90%+ of useful web content is in the initial HTML response.

3.2 Key Design Principles

  1. No browser binary dependencies — pure Python HTTP + HTML parsing
  2. Tools return text, not screenshots — optimized for LLM consumption
  3. Rate limiting — prevent accidental DoS (1 req/sec per domain)
  4. Size limits — cap response sizes to avoid flooding LLM context
  5. Download to local filesystem — integrate with file system tools
  6. Timeout everything — 30-second default, configurable
  7. SSRF prevention — validate resolved IPs against private/reserved ranges
  8. Manual redirect following — validate each hop to prevent redirect-based SSRF

4. Tool Specification

4.1 fetch_page(url, extract, max_length)

Fetch a web page and extract its readable content.
Extract modes:
  • text — Strip HTML tags, return readable text with headings preserved. Uses BeautifulSoup get_text() with separator formatting.
  • html — Return raw HTML (truncated). Useful when user needs to see page structure.
  • links — Extract all <a href> links with their text. Returns formatted list.
  • tables — Extract HTML <table> elements and format as readable text tables.
Output format (text mode):

4.2 search_web(query, num_results)

Search the web and return results.
Search backend options (in priority order):
  1. DuckDuckGo HTML — No API key needed, parse search results page
  2. Google Custom Search API — If user has configured API key
  3. Bing Search API — If user has configured API key
Default: DuckDuckGo (free, no key required). Output format:

4.3 download_file(url, save_to, filename)

Download a file from the web to the local filesystem.
Limits:
  • Max file size: 100 MB (configurable)
  • Streams download to disk (doesn’t load into memory)
  • Validates path with PathValidator before writing
  • Returns file path + size for follow-up tool use
Output format:
Note: extract_page_data from v1 has been merged into fetch_page(extract="tables") to reduce tool count per review issue M3. The tables mode returns JSON-formatted data ready for insert_data().

5. Architecture

5.1 Component Diagram

5.2 WebClient Internal Class

Not a mixin — a utility class used by BrowserToolsMixin internally.

5.3 File Locations


6. Integration with ChatAgent

6.1 MRO Update

6.2 Config Additions

6.3 Tool Registration

6.4 Total Tool Count

After adding browser tools, the ChatAgent will have: 22 tools is manageable for Qwen3-Coder-30B. Tool names are intentionally distinct across categories to minimize selection confusion. Reduced from 4 to 3 browser tools by merging extract_page_data into fetch_page(extract="tables").

7. Demo Workflows

7.1 Web Research + Local Analysis

7.2 Download + Analyze

7.3 Web Scraping + Scratchpad


8. Security

8.1 URL Validation (SSRF Prevention)

Security model:
  • Only http:// and https:// schemes allowed
  • DNS resolution happens BEFORE connection — resolved IP is validated
  • Blocks all RFC 1918 private ranges (10.x, 172.16-31.x, 192.168.x)
  • Blocks loopback (127.0.0.0/8), link-local (169.254.x.x — AWS/Azure/GCP metadata)
  • Blocks IPv6 private (fc00::/7), link-local (fe80::/10), mapped (::ffff:127.0.0.1)
  • Redirects are followed manually (max 5 hops), each hop re-validated
  • Prevents DNS rebinding by checking resolved IP, not hostname

8.2 Content Limits

8.3 Download Path Validation

Downloaded files must pass two checks:
  1. Filename sanitized via _sanitize_filename() (prevents path traversal from Content-Disposition)
  2. Final resolved path validated through PathValidator.is_path_allowed()
  3. Verify resolved path is still within save_to directory after path resolution

9. Dependencies

9.1 Required (already installed)

9.2 Optional

No new dependencies needed. Both requests and beautifulsoup4 are already in the project.

10. Implementation Plan

Single phase — this is a focused, self-contained feature.
  • Create src/gaia/agents/tools/browser_tools.py:
    • WebClient utility class (rate limiting, timeouts, extraction)
    • BrowserToolsMixin with register_browser_tools() containing 4 tools
  • Update src/gaia/agents/tools/__init__.py to export BrowserToolsMixin
  • Update hub/agents/python/chat/gaia_agent_chat/agent.py:
    • Add BrowserToolsMixin to class MRO
    • Add enable_browser + config fields to ChatAgentConfig
    • Initialize WebClient in __init__
    • Call register_browser_tools() in _register_tools()
    • Update system prompt with browser tool guidance
  • Add unit tests: tests/unit/test_browser_tools.py
    • Mock HTTP responses with responses library (already in dev deps)
    • Test URL validation (SSRF prevention)
    • Test content extraction (text, links, tables)
    • Test rate limiting
    • Test download with size limits
  • Format with black + isort

11. DuckDuckGo Search Implementation

Since we want no API keys required, the default search uses DuckDuckGo’s HTML search:
Fallback: If DuckDuckGo blocks or changes their HTML structure, the tool returns a clear error message suggesting the user try a direct URL instead.

12. Text Extraction Strategy

12.1 Readable Text Extraction

12.2 Tags Removed Before Extraction

12.3 Table Extraction


13. Decisions Log