Apply effective stealth remote launch defaults

README.md

@@ -1267,7 +1267,7 @@ AGENT_BROWSER_CONFIG=./ci-config.json agent-browser open example.com
 
 All options from the table above can be set in the config file using camelCase keys (e.g., `--executable-path` becomes `"executablePath"`, `--proxy-bypass` becomes `"proxyBypass"`). Unknown keys are ignored for forward compatibility.
 
-Set `service.defaultBrowserBuild` to `stealthcdp_chromium` when service-owned launches should prefer the patched Chromium posture. If no explicit default is configured and a ready `stealthcdp_chromium` manifest is available, fresh installs prefer that build automatically. `agent-browser install stealthcdp-chromium` installs the public `chromium-stealthcdp` Windows asset under `%LOCALAPPDATA%\chromium-stealthcdp` on Windows or the matching WSL-mounted `AppData/Local` directory when available, then exposes `current/manifest.json` and `current/chrome.exe`. When WSL launches that Windows `chrome.exe`, agent-browser translates mounted Windows paths such as `/mnt/c/...` to `C:\...` for Chrome arguments and adds `--no-sandbox`, which this host mode requires for the patched Windows build to expose DevTools. Provide the binary through `executablePath`, `AGENT_BROWSER_EXECUTABLE_PATH`, `AGENT_BROWSER_STEALTHCDP_CHROMIUM_MANIFEST_PATH`, `AGENT_BROWSER_STEALTHCDP_CHROMIUM_INSTALL_ROOT`, or `service.browserBuildManifests.stealthcdp_chromium.manifestPath`. A manifest path points at a promoted artifact `manifest.json`; agent-browser resolves the executable relative to that manifest and reports artifact metadata from the same source. `agent-browser service status` and `GET /api/service/status` include a no-launch `launchConfig` diagnostic with the selected default browser build, executable source, resolved executable path, manifest metadata, file-existence check, `profileSmoke` readiness for validating WSL Windows profile writes, and warnings when `stealthcdp_chromium` is selected without a usable binary or ready manifest.
+Set `service.defaultBrowserBuild` to `stealthcdp_chromium` when service-owned launches should prefer the patched Chromium posture. Ordinary launch and queued tab paths consume that default through the same access-plan resolver used by service clients, so a matching managed profile, site policy, remote view posture, and browser capability binding are applied unless the caller explicitly supplies a profile, browser host, headless mode, executable, or browser build. If no explicit default is configured and a ready `stealthcdp_chromium` manifest is available, fresh installs prefer that build automatically. `agent-browser install stealthcdp-chromium` installs the public `chromium-stealthcdp` Windows asset under `%LOCALAPPDATA%\chromium-stealthcdp` on Windows or the matching WSL-mounted `AppData/Local` directory when available, then exposes `current/manifest.json` and `current/chrome.exe`. When WSL launches that Windows `chrome.exe`, agent-browser translates mounted Windows paths such as `/mnt/c/...` to `C:\...` for Chrome arguments and adds `--no-sandbox`, which this host mode requires for the patched Windows build to expose DevTools. Provide the binary through `executablePath`, `AGENT_BROWSER_EXECUTABLE_PATH`, `AGENT_BROWSER_STEALTHCDP_CHROMIUM_MANIFEST_PATH`, `AGENT_BROWSER_STEALTHCDP_CHROMIUM_INSTALL_ROOT`, or `service.browserBuildManifests.stealthcdp_chromium.manifestPath`. A manifest path points at a promoted artifact `manifest.json`; agent-browser resolves the executable relative to that manifest and reports artifact metadata from the same source. `agent-browser service status` and `GET /api/service/status` include a no-launch `launchConfig` diagnostic with the selected default browser build, executable source, resolved executable path, manifest metadata, file-existence check, `profileSmoke` readiness for validating WSL Windows profile writes, and warnings when `stealthcdp_chromium` is selected without a usable binary or ready manifest.
 
 `stealthcdp_chromium` is worthwhile for the default service posture because it keeps the CDP control plane available while reducing the obvious automation signal exposed by ordinary DevTools-attached Chromium. It is not a captcha bypass and it does not replace site policy, pacing, or manual seeding rules, but it gives bot-sensitive sites a better baseline than stock headless Chrome when CDP-backed control is still acceptable.
 
@@ -1682,7 +1682,9 @@ virtual display, reuse a configured shared display, or deliberately use the
 daemon's inherited `DISPLAY`. The shipped UPS policy selects
 `stealthcdp_chromium`, `remote_headed`, `rdp_gateway`, and
 `manual_attached_desktop` because headed stealth Chromium loaded UPS tracking
-where true headless did not. Remote-headed browser records persist the selected
+where true headless did not. The shipped Google Sheets policy applies the same
+inspectable remote stealth lane for `https://docs.google.com/spreadsheets`
+without changing Google sign-in seeding policy. Remote-headed browser records persist the selected
 view stream provider and control input provider on each `viewStreams` entry.
 They also report `displayIsolation` and `displayName` when the service can tell
 whether the browser is using a private virtual display, an explicitly shared
@@ -2463,7 +2465,7 @@ performs a no-launch profile lookup and refuses the run when the broker-selected
 profile does not match the profile being verified.
 
 When no local site policy exists, agent-browser applies shipped defaults for
-Canva, UPS, Google, Gmail, and Microsoft login identities. Local persisted or configured
+Canva, UPS, Google Sheets, Google, Gmail, and Microsoft login identities. Local persisted or configured
 policies with the same IDs override those defaults. `sitePolicySource` reports
 whether the selected policy came from config, persisted state, or a built-in default, how
 it matched the request, and whether it is overrideable.

cli/src/main.rs

@@ -1792,6 +1792,10 @@ fn main() {
         return;
     }
 
+    if !command_skips_browser_launch_for_prestart(&cmd) {
+        cmd["serviceState"] = json!(flags.service_state.clone());
+    }
+
     if cmd
         .get("action")
         .and_then(|value| value.as_str())
@@ -2227,9 +2231,11 @@ fn main() {
             exit(1);
         });
 
+    let executable_launch_config_requested = flags.executable_path.is_some()
+        && flags.executable_path_source.as_deref() != Some("manifest");
     let launch_config_requested = flags.headed
         || flags.cli_headed  // User explicitly set --headed (even if false)
-        || flags.executable_path.is_some()
+        || executable_launch_config_requested
         || flags.runtime_profile.is_some()
         || flags.profile.is_some()
         || flags.state.is_some()
@@ -2276,7 +2282,8 @@ fn main() {
         let mut launch_cmd = json!({
             "id": gen_id(),
             "action": "launch",
-            "headless": !flags.headed
+            "headless": !flags.headed,
+            "serviceState": flags.service_state.clone()
         });
         if flags.cli_headed {
             launch_cmd["headlessExplicit"] = json!(true);
@@ -2289,6 +2296,9 @@ fn main() {
         // Add executable path if specified
         if let Some(ref exec_path) = flags.executable_path {
             cmd_obj.insert("executablePath".to_string(), json!(exec_path));
+            if let Some(ref source) = flags.executable_path_source {
+                cmd_obj.insert("executablePathSource".to_string(), json!(source));
+            }
         }
 
         if let Some(status) = live_runtime_status.as_ref() {