autobrowse: autonomous email inbox for signup/login/MFA tasks#119
Conversation
Lets an autobrowse loop provision a throwaway inbox so the inner agent can register accounts and complete email verification. A new scripts/inbox.mjs CLI (create / wait-otp / wait-link / latest / release) talks to the browse.sh inbox endpoint, which owns the AgentMail key — the agent only ever sees the address. evaluate.mjs gains --inbox-email, injects the inbox into the system prompt, and allows the agent to shell out to inbox.mjs. SKILL.md documents the opt-in provision/release steps, graduation note (inbox is loop-only), and the 3-concurrent-loop free-tier cap. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 2087aca. Configure here.
| } | ||
| } | ||
|
|
||
| function buildSystemPrompt(strategy, traceDir, browseEnv) { |
There was a problem hiding this comment.
Inbox wait killed by timeout
High Severity
Long-running inbox.mjs wait-otp and wait-link calls run through executeCommand with a fixed 30s execFileSync timeout, while the system prompt tells the agent to use --within 60. Polling is cut off early, so verification mail that arrives after 30 seconds fails even though the inbox helper would still be waiting.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 2087aca. Configure here.
| fs.mkdirSync(path.dirname(file), { recursive: true }); | ||
| fs.writeFileSync(file, JSON.stringify({ email, inbox_id }, null, 2)); | ||
| // The agent reads stdout — print only the address. | ||
| console.log(email); |
There was a problem hiding this comment.
Recreate leaves orphan inboxes
Medium Severity
Running inbox.mjs create when .inbox.json already exists provisions a new remote inbox and overwrites local state without deleting the previous inbox_id. That contradicts SKILL.md’s claim that stale inboxes are swept on the next create, and consumes slots toward the three-inbox org limit.
Reviewed by Cursor Bugbot for commit 2087aca. Configure here.
| const systemPrompt = buildSystemPrompt(strategy, traceDir, browseEnv); | ||
| const inboxEmail = getArg("inbox-email"); | ||
| const inboxSection = buildInboxSection(inboxEmail, workspace, taskName); | ||
| const systemPrompt = buildSystemPrompt(strategy, traceDir, browseEnv, inboxSection); |
There was a problem hiding this comment.
Task placeholder never substituted
Medium Severity
SKILL.md and example-task.md say task authors can use {{inbox_email}}, but evaluate.mjs sends task.md to the model unchanged when --inbox-email is set. The user message can still contain the literal placeholder instead of the provisioned address.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 2087aca. Configure here.
1 participant
Summary
scripts/inbox.mjsCLI:create/wait-otp/wait-link/latest/release. It talks to the browse.sh/api/skills/inboxesendpoint (which owns the AgentMail key); the agent only ever sees the inbox address.evaluate.mjsgains--inbox-email, injects an "Agent Inbox" section into the system prompt, and broadens the command allowlist so the agent can shell out toinbox.mjs.SKILL.mddocuments the opt-in provision step, mandatory release/cleanup, a graduation note (inbox is loop-only — graduated skills expect the end user's own credentials), and the 3-concurrent-loop free-tier cap.Verification coverage
wait-otp(default 4–8 digits)wait-otp --regexwait-link [--match]→browse openlatestTest plan
include_spam=trueon polling — verification emails to a fresh inbox frequently get spam-flaggedRequires the inbox endpoint from browserbase/browse.sh#151 and
BROWSE_SH_WEBHOOK_SECRETin the environment.🤖 Generated with Claude Code
Note
Medium Risk
Expands inner-agent shell execution and adds authenticated remote inbox API calls; secrets stay in env headers, but misconfiguration or parallel runs can hit inbox limits or leak task state in .inbox.json until release.
Overview
Adds throwaway email inboxes for autobrowse training loops that need signup, login, or MFA—without exposing AgentMail credentials locally.
New
scripts/inbox.mjstalks to browse.sh (/api/skills/inboxes) usingBROWSE_SH_WEBHOOK_SECRET:create,wait-otp,wait-link,latest, andrelease, with per-task state in.inbox.json(gitignored).evaluate.mjsgains--inbox-email, injects an Agent Inbox system-prompt section, and widens the execute allowlist tonode …/inbox.mjs(path-resolved) alongsidebrowse.SKILL.md,example-task.md, and.env.exampledocument opt-in provisioning, passing the address on every run, mandatory cleanup, graduation rules (inbox is loop-only), and a 3 concurrent inbox cap.Reviewed by Cursor Bugbot for commit 2087aca. Bugbot is set up for automated code reviews on this repo. Configure here.