Merge origin/develop and integrate browser isolation

docker-compose.yml

@@ -9,12 +9,18 @@ services:
     environment:
       - BROWSER_URL=http://browser:9222
       - BROWSER_USE_RPC_URL=http://browser:8787/run
+      - BROWSER_VIEW_BASE_URL=${BROWSER_VIEW_BASE_URL:-}
+      - BROWSER_USE_ISOLATION_MODE=docker-per-principal
+      - BROWSER_RUNTIME_IMAGE=hermes-browser-runtime:latest
+      - BROWSER_RUNTIME_NETWORK=hermes-net
+      - BROWSER_RUNTIME_ENABLE_UI=true
       - HERMES_HOME=/app/hermes_data
     volumes:
       - ./hermes_code:/app/hermes_code:ro
       - ./hermes_data:/app/hermes_data:rw
       - ./workspace:/app/workspace:rw
       - ./config.example.yaml:/app/config.example.yaml:ro
+      - /var/run/docker.sock:/var/run/docker.sock
     depends_on:
       browser:
         condition: service_healthy
@@ -35,10 +41,12 @@ services:
       fi;
       exec python -m gateway.run
       "
+
   browser:
     build:
       context: ./browser_env
       dockerfile: Dockerfile.browser
+    image: hermes-browser-runtime:latest
     container_name: hermes-browser
     env_file:
       - .env
@@ -79,13 +87,25 @@ services:
     networks:
       - hermes-net
 
+  browser-view-proxy:
+    image: nginx:alpine
+    container_name: hermes-browser-view-proxy
+    volumes:
+      - ./browser_env/nginx.browser-view.conf:/etc/nginx/nginx.conf:ro
+    depends_on:
+      browser:
+        condition: service_healthy
+    restart: always
+    networks:
+      - hermes-net
+
   tunnel:
     image: cloudflare/cloudflared:latest
     profiles:
       - remote
     container_name: hermes-tunnel
     restart: always
-    command: tunnel --protocol http2 --url http://browser:6080 --no-tls-verify
+    command: tunnel --protocol http2 --url http://browser-view-proxy:8080 --no-tls-verify
     networks:
       - hermes-net
 
@@ -94,4 +114,5 @@ volumes:
 
 networks:
   hermes-net:
-    driver: bridge
+    name: hermes-net
+    driver: bridge