Core-Claw
diff --git a/‎astro.config.mjs‎
Lines changed: 8 additions & 0 deletions b/‎astro.config.mjs‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/content/docs/developer-guide/builds-and-runs.md‎
Lines changed: 2 additions & 1 deletion b/‎src/content/docs/developer-guide/builds-and-runs.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/content/docs/developer-guide/deployment.md‎
Lines changed: 43 additions & 4 deletions b/‎src/content/docs/developer-guide/deployment.md‎
Lines changed: 43 additions & 4 deletions
diff --git a/‎src/content/docs/developer-guide/develop-worker/quick-start.md‎
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/developer-guide/develop-worker/quick-start.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/developer-guide/developer-faq/how-to-deploy.md‎
Lines changed: 2 additions & 2 deletions b/‎src/content/docs/developer-guide/developer-faq/how-to-deploy.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/content/docs/developer-guide/worker-definition/browser-automation/lightpanda.md‎
Lines changed: 212 additions & 0 deletions b/‎src/content/docs/developer-guide/worker-definition/browser-automation/lightpanda.md‎
Lines changed: 212 additions & 0 deletions
diff --git a/‎src/content/docs/developer-guide/worker-definition/browser-automation/overview.md‎
Lines changed: 13 additions & 1 deletion b/‎src/content/docs/developer-guide/worker-definition/browser-automation/overview.md‎
Lines changed: 13 additions & 1 deletion
@@ -292,6 +292,7 @@ export default defineConfig({
                                 {
                                     label: 'Output Schema',
                                     slug: 'developer-guide/worker-definition/output-schema',
+                                    badge: { text: 'Required', variant: 'danger' },
                                     translations: {
                                         'zh-CN': '输出配置',
                                     },
@@ -355,6 +356,13 @@ export default defineConfig({
                                                 'zh-CN': 'Playwright',
                                             },
                                         },
+                                        {
+                                            label: 'Lightpanda',
+                                            slug: 'developer-guide/worker-definition/browser-automation/lightpanda',
+                                            translations: {
+                                                'zh-CN': 'Lightpanda',
+                                            },
+                                        },
                                         {
                                             label: 'Puppeteer',
                                             slug: 'developer-guide/worker-definition/browser-automation/puppeteer',
 
@@ -22,7 +22,7 @@ Your Code (ZIP) → Auto Dependency Install → Script Runtime → Remote Browse
 CoreClaw eliminates the Build step through **platform-level hosting**:
 
 - **Runtime is pre-provisioned** — Python/Node.js runtimes and base dependencies are already installed in the shared environment. You don't need to build or configure a runtime image.
-- **Browser is remotely hosted** — No need to package a browser into your project. Connect to the remote fingerprint browser pool via the `ChromeWs` environment variable (CDP/WebSocket). See [Browser Fingerprinting](/developer-guide/worker-definition/platform-features/browser-fingerprinting/) for details.
+- **Browser is remotely hosted** — No need to package a browser into your project. Connect to the remote fingerprint browser pool via the `ChromeWs` environment variable, or to Lightpanda via `LightpandaDomain` (CDP/WebSocket). See [Browser Fingerprinting](/developer-guide/worker-definition/platform-features/browser-fingerprinting/) for details.
 - **Dependencies install automatically** — The platform reads your `requirements.txt` or `package.json` and installs dependencies before execution. No manual image building required.
 - **Network is sandboxed** — The runtime is an isolated network sandbox. HTTP request scripts must use the built-in SOCKS5 proxy (via `PROXY_AUTH` environment variable). See [Proxy Support](/developer-guide/worker-definition/platform-features/proxy-support/) for details.
 
@@ -64,6 +64,7 @@ Each run executes in a lightweight, process-isolated environment with:
 - **Environment variables**:
   - `PROXY_AUTH` — SOCKS5 proxy credentials (username:password) for HTTP requests
   - `ChromeWs` — WebSocket address for connecting to the remote fingerprint browser
+  - `LightpandaDomain` — CDP domain or endpoint for connecting to Lightpanda
 - **SDK communication** — gRPC channel to the CoreClaw platform (127.0.0.1:20086)
 
 ## Run Management
 
@@ -11,7 +11,36 @@ Deploy your Worker to the CoreClaw platform.
 
 ## Upload Requirements
 
-Currently, **only ZIP archive files** are supported for uploading scripts. Please ensure the file format is correct before uploading.
+CoreClaw supports two ways to upload your Worker scripts:
+
+### Method 1: ZIP Archive Upload
+
+Upload your Worker as a ZIP archive file. This is the quickest way to get started.
+
+1. Compress all project files into a ZIP archive
+2. Ensure the runtime entry is at the root of the ZIP: `main.py` for Python, `main.js` for Node.js, and the compiled Linux amd64 executable `main` for Go
+3. Upload the ZIP archive to the platform
+
+### Method 2: GitHub Import
+
+Import your Worker directly from a GitHub repository. This method supports **version management**, allowing you to track and manage different versions of your Worker.
+
+**Supported URL formats:**
+
+- **HTTPS**: `https://github.com/username/repository.git`
+- **SSH**: `git@github.com:username/repository.git`
+
+**Version management:**
+
+When importing from GitHub, you can specify which version of your code to deploy:
+
+- **Branch**: Deploy the latest code from a specific branch (e.g., `main`, `develop`)
+- **Tag**: Deploy a specific tagged release (e.g., `v1.0.0`)
+- **Commit**: Deploy an exact commit by its SHA hash
+
+This allows you to maintain multiple versions, roll back to previous releases, and manage your Worker's lifecycle effectively.
+
+---
 
 All script files **must strictly follow platform specifications**.
 
@@ -43,7 +72,7 @@ Ensure your project includes the required files before packaging:
 
 **Go:**
 ```
-├── main.go              # Entry file
+├── main.go              # Source entry file
 ├── go.mod               # Dependencies
 ├── go.sum               # Dependency checksums
 ├── input_schema.json    # Input configuration
@@ -54,11 +83,21 @@ Ensure your project includes the required files before packaging:
     └── sdk_grpc.pb.go
 ```
 
+For Go Workers, keep the three layers distinct:
+
+- **Source project**: contains `main.go`, `go.mod`, `go.sum`, `GoSdk/`, `input_schema.json`, and `output_schema.json`.
+- **Uploaded ZIP**: must contain a Linux amd64 executable named `main` at the ZIP root. The source entry is `main.go`; the upload/runtime entry is the compiled `main`.
+- **Platform runtime**: does not guarantee that source files such as `main.go`, `go.mod`, `go.sum`, or `GoSdk/` still exist in the current working directory. Only rely on files deliberately included for runtime use.
+
 ### Packaging
 
 1. Compress all project files into a ZIP archive
-2. Ensure the entry file (`main.py` / `main.js` / `main.go`) is at the root of the ZIP
-3. Upload the ZIP archive to the platform
+2. Ensure the runtime entry (`main.py` / `main.js` / compiled Go executable `main`) is at the root of the ZIP
+3. Upload the ZIP archive to the platform, or push to GitHub and import via repository URL
+
+:::caution[Windows packaging]
+Some ordinary Windows compression tools can drop the Linux executable bit from the Go `main` binary. If that bit is lost, the Worker may fail before user code starts, sometimes without Worker logs. For Go ZIP uploads, prefer creating the final archive in Linux or WSL after running `chmod +x main`.
+:::
 
 ---
 
 
@@ -76,7 +76,7 @@ Edit `main.py` to implement your scraping logic.
 CoreClaw's runtime is an **isolated network sandbox** — your script cannot access the internet directly. You must route outbound traffic through the platform's built-in proxy:
 
 - **HTTP request scripts** — Proxy configuration is **required**. Read the proxy address from the `PROXY_AUTH` environment variable and configure your HTTP client to use the SOCKS5 proxy. See [Proxy Support](/developer-guide/worker-definition/platform-features/proxy-support/) for details.
-- **Browser automation scripts** — Connect to the remote browser via the `ChromeWs` environment variable (WebSocket address). Proxy is handled automatically by the browser — no manual proxy configuration needed. See [Browser Fingerprinting](/developer-guide/worker-definition/platform-features/browser-fingerprinting/) for details.
+- **Browser automation scripts** — Connect to the remote browser via the `ChromeWs` environment variable, or to Lightpanda via `LightpandaDomain` (CDP/WebSocket). Proxy is handled automatically by the browser — no manual proxy configuration needed. See [Browser Fingerprinting](/developer-guide/worker-definition/platform-features/browser-fingerprinting/) for details.
 :::
 
 ```python
 
@@ -80,5 +80,5 @@ Before publishing, test your Worker:
 **Cause:** Incorrect file names
 
 **Solution:**
-- Entry file must be `main.py` / `main.js` / `main.go`
-- Check file paths in code
+- Runtime entry must be `main.py` for Python, `main.js` for Node.js, or the compiled Linux amd64 executable `main` for Go
+- Check file paths in code
@@ -0,0 +1,212 @@
+---
+title: Lightpanda
+description: Connect to the platform-hosted Lightpanda browser through CDP
+sidebar:
+  order: 2
+---
+
+Lightpanda is a lightweight browser backend exposed by CoreClaw through the Chrome DevTools Protocol (CDP). Use it when your Worker needs browser-level navigation, JavaScript execution, or page rendering without packaging or launching a browser locally.
+
+## Positioning
+
+Lightpanda is **not** a browser automation framework. It is a platform-hosted browser endpoint.
+
+You still write automation logic with a client library such as Playwright. The difference is that Playwright connects to the Lightpanda CDP endpoint instead of starting a local browser process.
+
+## Environment Variables
+
+| Variable | Description |
+| --- | --- |
+| `LightpandaDomain` | Platform-injected Lightpanda CDP domain or endpoint |
+| `PROXY_AUTH` | Platform-injected credentials in `username:password` format |
+
+:::danger[Important]
+- Never hardcode `PROXY_AUTH` or Lightpanda credentials in Worker code.
+- Read `LightpandaDomain` from the runtime environment.
+- Pass `PROXY_AUTH` as a Basic `Authorization` header when connecting to Lightpanda.
+:::
+
+## Endpoint and Authentication Rules
+
+Apply these rules before calling `connect_over_cdp`:
+
+- If `LightpandaDomain` is a bare domain, normalize it to `ws://<domain>/devtools/browser/new`.
+- If `LightpandaDomain` is already a full `ws://`, `wss://`, `http://`, or `https://` CDP endpoint, use it as provided.
+- Authentication uses the HTTP `Authorization` header with the Basic scheme. Build the header from `PROXY_AUTH` in `username:password` format.
+
+## Recommended Playwright Connection
+
+Use this version when `LightpandaDomain` may be injected as either a bare domain or a full CDP endpoint.
+
+```python
+import asyncio
+import base64
+import os
+
+from playwright.async_api import async_playwright
+
+
+def basic_auth_header(auth: str) -> str:
+    token = base64.b64encode(auth.encode("utf-8")).decode("ascii")
+    return f"Basic {token}"
+
+
+def lightpanda_cdp_endpoint(value: str) -> str:
+    endpoint = value.rstrip("/")
+    if endpoint.startswith(("ws://", "wss://", "http://", "https://")):
+        return endpoint
+    return f"ws://{endpoint}/devtools/browser/new"
+
+
+async def main() -> None:
+    auth = os.environ["PROXY_AUTH"]
+    cdp_endpoint = lightpanda_cdp_endpoint(os.environ["LightpandaDomain"])
+
+    async with async_playwright() as playwright:
+        browser = await playwright.chromium.connect_over_cdp(
+            cdp_endpoint,
+            headers={"Authorization": basic_auth_header(auth)},
+            timeout=60000,
+        )
+        try:
+            page = await browser.new_page()
+            await page.goto(
+                "https://ipinfo.io/ip",
+                wait_until="domcontentloaded",
+                timeout=60000,
+            )
+            print((await page.text_content("body") or "").strip())
+        finally:
+            await browser.close()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
+```
+
+## HTTP CDP Endpoint
+
+The recommended helper above already supports full HTTP CDP endpoints. If you know `LightpandaDomain` is always injected as a full HTTP endpoint, this shorter form is equivalent:
+
+```python
+import asyncio
+import base64
+import os
+
+from playwright.async_api import async_playwright
+
+
+def basic_auth_header(auth: str) -> str:
+    token = base64.b64encode(auth.encode("utf-8")).decode("ascii")
+    return f"Basic {token}"
+
+
+async def main() -> None:
+    auth = os.environ["PROXY_AUTH"]
+    cdp_endpoint = os.environ["LightpandaDomain"]
+
+    async with async_playwright() as playwright:
+        browser = await playwright.chromium.connect_over_cdp(
+            cdp_endpoint,
+            headers={"Authorization": basic_auth_header(auth)},
+            timeout=60000,
+        )
+        try:
+            page = await browser.new_page()
+            await page.goto("https://ipinfo.io/ip", wait_until="domcontentloaded")
+            print((await page.text_content("body") or "").strip())
+        finally:
+            await browser.close()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
+```
+
+## Complete Worker Example with CoreSDK
+
+Use this structure in `main.py` when packaging Lightpanda automation as a CoreClaw Worker. The SDK handles input parameters, logs, table headers, and result delivery back to the platform.
+
+```python
+import asyncio
+import base64
+import os
+
+from playwright.async_api import async_playwright
+from sdk import CoreSDK
+
+
+def basic_auth_header(auth: str) -> str:
+    token = base64.b64encode(auth.encode("utf-8")).decode("ascii")
+    return f"Basic {token}"
+
+
+def lightpanda_cdp_endpoint(value: str) -> str:
+    endpoint = value.rstrip("/")
+    if endpoint.startswith(("ws://", "wss://", "http://", "https://")):
+        return endpoint
+    return f"ws://{endpoint}/devtools/browser/new"
+
+
+async def run() -> None:
+    CoreSDK.Log.info("Starting Lightpanda Worker...")
+
+    headers = [
+        {"label": "url", "key": "url", "format": "text"},
+        {"label": "ip", "key": "ip", "format": "text"},
+        {"label": "html", "key": "html", "format": "text"},
+        {"label": "resp_status", "key": "resp_status", "format": "text"},
+    ]
+    CoreSDK.Result.set_table_header(headers)
+
+    input_json = CoreSDK.Parameter.get_input_json_dict()
+    url = input_json.get("url") or "https://ipinfo.io/ip"
+
+    auth = os.environ["PROXY_AUTH"]
+    cdp_endpoint = lightpanda_cdp_endpoint(os.environ["LightpandaDomain"])
+
+    result = {
+        "url": url,
+        "ip": "",
+        "html": "",
+        "resp_status": "200",
+    }
+
+    browser = None
+    try:
+        async with async_playwright() as playwright:
+            CoreSDK.Log.info("Connecting to Lightpanda...")
+            browser = await playwright.chromium.connect_over_cdp(
+                cdp_endpoint,
+                headers={"Authorization": basic_auth_header(auth)},
+                timeout=60000,
+            )
+
+            page = await browser.new_page()
+            await page.goto(url, wait_until="domcontentloaded", timeout=60000)
+
+            result["html"] = await page.content()
+            result["ip"] = (await page.text_content("body") or "").strip()
+            CoreSDK.Log.info("Lightpanda page loaded successfully")
+    except Exception as exc:
+        result["resp_status"] = "500"
+        result["html"] = str(exc)
+        CoreSDK.Log.error(f"Lightpanda run failed: {exc}")
+    finally:
+        if browser:
+            await browser.close()
+        CoreSDK.Result.push_data(result)
+
+
+if __name__ == "__main__":
+    asyncio.run(run())
+```
+
+## Best Practices
+
+- Use Lightpanda for CDP-based browser automation where a lightweight hosted browser is sufficient.
+- Keep page-level logic in Playwright selectors and navigation APIs.
+- Set explicit timeouts for browser connection and page navigation.
+- In Worker code, use `CoreSDK.Parameter` for inputs, `CoreSDK.Log` for progress, and `CoreSDK.Result` for output.
+- Close the remote browser in a `finally` block.
+- Do not configure SOCKS5 proxy manually for browser pages; the remote browser handles outbound access.
@@ -215,7 +215,19 @@ Business Logic & Data Processing
 └── Local storage or real-time delivery
 ```
 
-## 6. Conclusion
+## 6. Browser Backends and Connection Endpoints
+
+Browser automation frameworks and browser backends are separate layers:
+
+| Layer | Examples | Responsibility |
+| --- | --- | --- |
+| Automation framework | Playwright, Puppeteer, Selenium, DrissionPage | Provides the API used by Worker code |
+| Browser backend | Remote fingerprint browser, Lightpanda | Runs the actual browser process and network environment |
+| Platform runtime | `ChromeWs`, `ChromeHttp`, `LightpandaDomain`, `PROXY_AUTH` | Injects connection endpoints and credentials |
+
+For example, Playwright can connect to either the remote fingerprint browser through `ChromeWs` or the Lightpanda CDP endpoint through `LightpandaDomain`. The scraping logic still uses Playwright APIs; only the remote browser endpoint changes.
+
+## 7. Conclusion
 
 When the target website is a **modern Web application** rather than a traditional static page, **using a real browser environment is not an optimization—it is a prerequisite**.