<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
    <channel>
        <title>Page-Agent on KnightLi Blog</title>
        <link>https://knightli.com/en/tags/page-agent/</link>
        <description>Recent content in Page-Agent on KnightLi Blog</description>
        <generator>Hugo -- gohugo.io</generator>
        <language>en</language>
        <lastBuildDate>Sun, 12 Jul 2026 12:14:00 +0800</lastBuildDate><atom:link href="https://knightli.com/en/tags/page-agent/index.xml" rel="self" type="application/rss+xml" /><item>
        <title>How Page-Agent Lets AI Operate Web Pages: Embedded GUI Agents, Form Automation, and Permission Boundaries</title>
        <link>https://knightli.com/en/2026/07/12/page-agent-in-page-gui-agent-form-automation-permission-guide/</link>
        <pubDate>Sun, 12 Jul 2026 12:14:00 +0800</pubDate>
        
        <guid>https://knightli.com/en/2026/07/12/page-agent-in-page-gui-agent-form-automation-permission-guide/</guid>
        <description>&lt;p&gt;Page-Agent differs from giving an agent control of an entire browser: it puts JavaScript in your page, so the page itself has a GUI Agent. Its documentation says it primarily works through text-based DOM operations and does not depend on screenshots, multimodal models, Python, or a headless browser. A Chrome extension is available for multi-page tasks, along with a Beta MCP Server. &lt;a class=&#34;link&#34; href=&#34;https://github.com/alibaba/page-agent&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;Project README&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;This can add “complete a sequence of actions from one sentence” assistance to ERP, CRM, back-office forms, and internal tools. It does not bypass product permissions. Every action must still be constrained by the page&amp;rsquo;s authorization, server-side validation, and human confirmation.&lt;/p&gt;
&lt;h2 id=&#34;choosing-between-page-agent-and-browser-automation&#34;&gt;Choosing between Page-Agent and browser automation
&lt;/h2&gt;&lt;table&gt;
  &lt;thead&gt;
      &lt;tr&gt;
          &lt;th&gt;Goal&lt;/th&gt;
          &lt;th&gt;Better fit&lt;/th&gt;
      &lt;/tr&gt;
  &lt;/thead&gt;
  &lt;tbody&gt;
      &lt;tr&gt;
          &lt;td&gt;Embed a natural-language assistant in your own Web product&lt;/td&gt;
          &lt;td&gt;Page-Agent&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
          &lt;td&gt;Regression testing, cross-site crawling, deterministic scripts&lt;/td&gt;
          &lt;td&gt;Playwright or Puppeteer&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
          &lt;td&gt;Let a coding agent inspect network, console, and performance&lt;/td&gt;
          &lt;td&gt;Chrome DevTools MCP&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
          &lt;td&gt;Control a user&amp;rsquo;s real Chrome while retaining a human session&lt;/td&gt;
          &lt;td&gt;Tools such as browser-harness&lt;/td&gt;
      &lt;/tr&gt;
  &lt;/tbody&gt;
&lt;/table&gt;
&lt;p&gt;See the site&amp;rsquo;s &lt;a class=&#34;link&#34; href=&#34;https://knightli.com/en/2026/05/24/browser-harness-playwright-puppeteer-comparison/&#34; &gt;browser-harness, Playwright, and Puppeteer comparison&lt;/a&gt;. Page-Agent does not replace a test framework; it makes interaction a product capability for users or external agents.&lt;/p&gt;
&lt;h2 id=&#34;configure-a-minimal-instance-from-npm&#34;&gt;Configure a minimal instance from NPM
&lt;/h2&gt;&lt;p&gt;Install the package first:&lt;/p&gt;
&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;npm install page-agent
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;p&gt;Create an instance at the frontend entry point. Manage the model endpoint, secret, and allowed operations through server-side or security configuration; never put a production secret directly in browser code.&lt;/p&gt;
&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt; 1
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 2
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 3
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 4
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 5
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 6
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 7
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 8
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 9
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;10
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-ts&#34; data-lang=&#34;ts&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;kr&#34;&gt;import&lt;/span&gt; &lt;span class=&#34;p&#34;&gt;{&lt;/span&gt; &lt;span class=&#34;nx&#34;&gt;PageAgent&lt;/span&gt; &lt;span class=&#34;p&#34;&gt;}&lt;/span&gt; &lt;span class=&#34;kr&#34;&gt;from&lt;/span&gt; &lt;span class=&#34;s1&#34;&gt;&amp;#39;page-agent&amp;#39;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;kr&#34;&gt;const&lt;/span&gt; &lt;span class=&#34;nx&#34;&gt;agent&lt;/span&gt; &lt;span class=&#34;o&#34;&gt;=&lt;/span&gt; &lt;span class=&#34;k&#34;&gt;new&lt;/span&gt; &lt;span class=&#34;nx&#34;&gt;PageAgent&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;({&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;  &lt;span class=&#34;nx&#34;&gt;model&lt;/span&gt;&lt;span class=&#34;o&#34;&gt;:&lt;/span&gt; &lt;span class=&#34;s1&#34;&gt;&amp;#39;qwen3.5-plus&amp;#39;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;  &lt;span class=&#34;nx&#34;&gt;baseURL&lt;/span&gt;&lt;span class=&#34;o&#34;&gt;:&lt;/span&gt; &lt;span class=&#34;s1&#34;&gt;&amp;#39;https://your-compatible-api.example/v1&amp;#39;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;  &lt;span class=&#34;nx&#34;&gt;apiKey&lt;/span&gt;&lt;span class=&#34;o&#34;&gt;:&lt;/span&gt; &lt;span class=&#34;s1&#34;&gt;&amp;#39;USE_A_SCOPED_KEY&amp;#39;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;  &lt;span class=&#34;nx&#34;&gt;language&lt;/span&gt;&lt;span class=&#34;o&#34;&gt;:&lt;/span&gt; &lt;span class=&#34;s1&#34;&gt;&amp;#39;zh-CN&amp;#39;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;p&#34;&gt;})&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;k&#34;&gt;await&lt;/span&gt; &lt;span class=&#34;nx&#34;&gt;agent&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;.&lt;/span&gt;&lt;span class=&#34;nx&#34;&gt;execute&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;(&lt;/span&gt;&lt;span class=&#34;s1&#34;&gt;&amp;#39;在当前页面找到“新建客户”按钮，但不要提交表单&amp;#39;&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;)&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;p&gt;The example only verifies DOM recognition and button location. In production, replace &lt;code&gt;apiKey&lt;/code&gt; with a short-lived, rate-limited, revocable mechanism. Do not expose universal secrets, user tokens, or admin credentials to page scripts.&lt;/p&gt;
&lt;h3 id=&#34;recommended-rollout-read-only-then-draft-then-submit&#34;&gt;Recommended rollout: read-only, then draft, then submit
&lt;/h3&gt;&lt;p&gt;Start with a low-permission page containing few fields, such as a customer-list filter or ticket draft. In phase one, allow only element discovery, visible-text reading, and operation suggestions. Use test data to verify that the Agent distinguishes same-named records and states. Do not allow saving, attachment uploads, or navigation to external domains yet.&lt;/p&gt;
&lt;p&gt;In phase two, permit form filling. Limit input to structured business parameters such as customer ID, discount percentage, and expiry date, rather than a vague request such as “give Zhang San a discount.” Show a preview of each field the Agent intends to write. The server must re-check whether the current role may edit the field and whether the value is in range. After confirmation, the page calls the existing business API; the Agent must not receive a backdoor around it.&lt;/p&gt;
&lt;p&gt;Only then consider submission. It should use the same API, audit log, and second confirmation as the human button. After success, read the returned object ID, version, and errors and display them. A model misunderstanding can then be stopped by preview, permission, or server validation.&lt;/p&gt;
&lt;h2 id=&#34;split-work-into-reviewable-stages&#34;&gt;Split work into reviewable stages
&lt;/h2&gt;&lt;p&gt;Form automation fails more often on object selection and side effects than on clicks. Split it into:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Find&lt;/strong&gt;: read only visible fields and candidate records.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Fill a draft&lt;/strong&gt;: write only to the local form; do not submit or upload attachments.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Show the diff&lt;/strong&gt;: show the user the fields and values about to be written.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Submit&lt;/strong&gt;: run only after the user confirms and server-side authorization passes.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;“Create a 20% discount for customer A” should not go directly to the Agent. A safer design has it create a draft, display customer ID, pricing rule, and validity period, and let an authorized person submit it.&lt;/p&gt;
&lt;h3 id=&#34;narrow-page-capabilities-into-an-action-allowlist&#34;&gt;Narrow page capabilities into an action allowlist
&lt;/h3&gt;&lt;p&gt;Do not treat every DOM element as a callable tool. Define business actions such as &lt;code&gt;searchCustomer&lt;/code&gt;, &lt;code&gt;fillDiscountDraft&lt;/code&gt;, &lt;code&gt;previewDiscount&lt;/code&gt;, and &lt;code&gt;submitDiscount&lt;/code&gt;, marking each read-only, reversible, or side-effecting. The Agent selects an action and the frontend performs the corresponding interaction. Do not register high-risk actions—delete, refund, invite members, export data—or always require a manual confirmation.&lt;/p&gt;
&lt;p&gt;Log the user, page, action, input summary, result, and failure reason for every execution. Logs must be redacted and must not contain full secrets, cookies, or sensitive customer fields. When an error occurs, they answer what the Agent saw, proposed, and who finally confirmed it.&lt;/p&gt;
&lt;h2 id=&#34;boundaries-for-login-multi-page-work-and-mcp&#34;&gt;Boundaries for login, multi-page work, and MCP
&lt;/h2&gt;&lt;p&gt;Page-Agent may use the page&amp;rsquo;s existing session, but that is not a reason to expand permissions. Avoid:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Letting the Agent extract or display cookies, passwords, or verification codes from natural language.&lt;/li&gt;
&lt;li&gt;Sending authenticated data to an unreviewed model endpoint.&lt;/li&gt;
&lt;li&gt;Using “automation” to skip a second confirmation, payment confirmation, or role approval.&lt;/li&gt;
&lt;li&gt;Enabling cross-page capability for every user by default.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;When the official Chrome extension or MCP Server is used for multi-page or external-agent control, add domain allowlists, action allowlists, and audit logs. Test Beta capabilities before connecting them to production back offices.&lt;/p&gt;
&lt;h2 id=&#34;validate-with-real-tasks-before-launch&#34;&gt;Validate with real tasks before launch
&lt;/h2&gt;&lt;p&gt;Choose three to five low-risk tasks from support or operations, such as filtering customers due for follow-up, completing draft fields in a ticket, or moving from an order to its customer page. For each task prepare a success case, an ambiguous case, and an unauthorized case. A success case must reach preview; an ambiguous case must ask or stop; an unauthorized case must be rejected by the backend without revealing extra data.&lt;/p&gt;
&lt;p&gt;Do not check only whether the Agent clicked the right button. Check first-response time, whether failure is understandable, whether drafts remain correct after refresh, and whether network loss or model timeout preserves unsubmitted data. Expand to more pages only after this passes.&lt;/p&gt;
&lt;h2 id=&#34;troubleshooting-checklist&#34;&gt;Troubleshooting checklist
&lt;/h2&gt;&lt;table&gt;
  &lt;thead&gt;
      &lt;tr&gt;
          &lt;th&gt;Problem&lt;/th&gt;
          &lt;th&gt;What to do&lt;/th&gt;
      &lt;/tr&gt;
  &lt;/thead&gt;
  &lt;tbody&gt;
      &lt;tr&gt;
          &lt;td&gt;Cannot find a button or field&lt;/td&gt;
          &lt;td&gt;Check dynamic rendering, iframes or overlays, and whether page copy is stable.&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
          &lt;td&gt;Agent selected the wrong record&lt;/td&gt;
          &lt;td&gt;Include a unique ID, read-only preview, and result echo instead of matching by name alone.&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
          &lt;td&gt;Model call failed&lt;/td&gt;
          &lt;td&gt;Check the compatible API, quota, CORS, and secret injection location; never log secrets in the frontend.&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
          &lt;td&gt;Form is filled but submission is wrong&lt;/td&gt;
          &lt;td&gt;Separate filling from submission; read and display the server response after submit.&lt;/td&gt;
      &lt;/tr&gt;
  &lt;/tbody&gt;
&lt;/table&gt;
&lt;h2 id=&#34;summary&#34;&gt;Summary
&lt;/h2&gt;&lt;p&gt;The point of Page-Agent is not merely making a page understand a sentence. It is constraining natural-language actions to observable, reversible, approvable product flows. Prove it with read-only queries and draft filling first, then gradually permit side effects.&lt;/p&gt;
</description>
        </item>
        
    </channel>
</rss>
