This gives you a separate visible Chromium/Chrome window that Jarvis can use, without handing over your normal browser profile.
The current design is intentionally simple: one Go binary, one user service.
What you get:
- a dedicated
jarvis-chromebrowser profile - a normal Wayland window on your desktop
- Chrome DevTools bound to
127.0.0.1:9222 - the browser lands on Hyprland workspace 9 by default
- a small Go service that:
- authenticates requests from Jarvis
- starts/stops/restarts the browser itself
- reports browser status
- proxies
/json/version,/json/list,/json/protocol - proxies DevTools websockets without exposing raw CDP on the network
- a one-shot installer that builds the Go binary, writes config, and installs one user service
From this directory:
bash install.shThen, once in your logged-in desktop session:
systemctl --user import-environment \
WAYLAND_DISPLAY XDG_RUNTIME_DIR DISPLAY \
DBUS_SESSION_BUS_ADDRESS HYPRLAND_INSTANCE_SIGNATURE
dbus-update-activation-environment --systemd \
WAYLAND_DISPLAY XDG_RUNTIME_DIR DISPLAY \
DBUS_SESSION_BUS_ADDRESS HYPRLAND_INSTANCE_SIGNATUREThen enable the single service:
systemctl --user enable --now jarvis-browser-proxy
systemctl --user status jarvis-browser-proxy --no-pagerFor later updates, use:
./upgrade.sh --pullAt that point the proxy is running, but the browser is not started until someone calls the API.
By default the proxy listens on 0.0.0.0:8787 so Jarvis can reach it from outside the host. Keep auth enabled and put it behind your existing host service if you want a tighter exposure surface.
All browser lifecycle is handled by the proxy itself.
Endpoints:
GET /healthzGET /jarvis-browser/statusPOST /jarvis-browser/startPOST /jarvis-browser/stopPOST /jarvis-browser/restartGET /jarvis-browser/json/versionGET /jarvis-browser/json/listGET /jarvis-browser/json/protocolWS /jarvis-browser/devtools/{path}
Auth options:
Authorization: Bearer <token>X-API-Key: <token>?token=<token>for websocket clients
The installer creates:
~/.config/jarvis-browser-proxy.envShow the token with:
sed -n 's/^JARVIS_BROWSER_PROXY_TOKEN=//p' ~/.config/jarvis-browser-proxy.envCommon settings in that file:
JARVIS_BROWSER_PROXY_ADDR=0.0.0.0:8787JARVIS_CHROME_PROFILE=~/.local/share/jarvis-chromeJARVIS_CHROME_DOWNLOADS=~/.local/share/jarvis-chrome/downloadsJARVIS_CHROME_STATE_DIR=~/.local/state/jarvis-browser-proxyJARVIS_CHROME_WORKSPACE=9JARVIS_CHROME_DEBUG_PORT=9222JARVIS_CHROME_HOMEPAGE=about:blankJARVIS_CHROME_HEALTH_CHECK_INTERVAL=30sJARVIS_CHROME_RESTART_COOLDOWN=15sJARVIS_CHROME_BROWSER=(optional explicit browser binary)
The proxy also self-heals: if Chrome is still running but CDP on 127.0.0.1:9222 is wedged, request-time recovery will restart the browser once and retry, and the background watchdog will recycle unhealthy browser/CDP state automatically.
If you edit the env file, reload and restart the service:
systemctl --user daemon-reload
systemctl --user restart jarvis-browser-proxyDefault workspace is 9 so the window is easy to find.
Override it with:
sed -i 's/^JARVIS_CHROME_WORKSPACE=.*/JARVIS_CHROME_WORKSPACE=4/' ~/.config/jarvis-browser-proxy.env
systemctl --user restart jarvis-browser-proxyOr disable workspace moves entirely:
sed -i 's/^JARVIS_CHROME_WORKSPACE=.*/JARVIS_CHROME_WORKSPACE=/' ~/.config/jarvis-browser-proxy.env
systemctl --user restart jarvis-browser-proxyThe move is best-effort and only runs when hyprctl is available.
~/.local/bin/jarvis-browser-proxy~/.config/systemd/user/jarvis-browser-proxy.service~/.config/jarvis-browser-proxy.env
README.md— this fileinstall.sh— builds the binary, creates config, installs the single user unitupgrade.sh— pulls optionally, rebuilds, reinstalls, restarts the service, and smoke-checks itjarvis-browser-proxy.service— systemd user unit for the Go proxycmd/jarvis-browser-proxy/main.go— CLI entrypointproxy/server.go— HTTP routes + browser lifecycle + CDP proxyproxy/server_test.go— tests for auth, rewrites, websocket proxying, and browser lifecycle smoke test