DEV Community: Pascal Matthiesen

Clickjitsu: The Art of Delegating Browser Tasks to AI Minions 🤖

Pascal Matthiesen — Thu, 14 Aug 2025 11:13:00 +0000

Hey tech adventurers! 👋 Ready to turn the mundane world of browser automation into something that would make science fiction jealous? Let's dive into Clickjitsu - a project that proves sometimes the best ideas come from the most questionable engineering decisions! 🚀

The Abstract Vision 🔮

Challenge 🤔: You need to automate web tasks, but traditional browser automation is about as secure as leaving your front door open with a "Free Stuff Inside" sign.

Solution 💡: Spawn completely fresh, isolated browser environments in Kubernetes, hand control to AI agents, and watch the digital magic unfold with military-grade security.

Why You'll Love This:

Watch AI work in real-time via WebRTC streaming 📺
Zero security contamination between sessions 🛡️
Scalable cloud-native architecture that handles enterprise workloads 📈
Fresh browser instances for every single task 🧹

Imagine saying "go buy me those fancy headphones" and watching a completely isolated browser environment materialize in the cloud, execute your mission, and vanish without a trace. That's Clickjitsu – where browser automation meets paranoid-level security! 🕵️‍♂️

The Security-First Philosophy 🛡️

Here's where things get seriously smart: Every single session creates a brand new browser instance from scratch. No cookies, no history, no digital fingerprints from previous adventures. It's like having a perfectly clean rental car for every trip, except the car also self-destructs when you're done! 🚗💥

Why This Security Model Is Genius:

Zero Cross-Contamination: Your Amazon shopping spree can't accidentally leak into your banking session 🏦
Fresh Identity Every Time: Each AI agent starts with a completely blank slate 🧹
Isolated Kubernetes Namespaces: Every browser session lives in its own fortress 🏰
Ephemeral by Design: When the task ends, everything vanishes like it never existed 💨
Observable Operations: Real-time streaming means you can supervise your AI minions 👁️

The Technical Magic Behind the Curtain 🎭

Architecture That Actually Makes Sense 🏗️

Fresh Browser Request → Isolated K8s Namespace → Virgin Browser + AI Agent
                              ↓
                    Live Stream ← WebRTC ← Secure Monitoring  
                              ↓
                         Results + Cleanup + Self-Destruct

Each session is like hiring a digital temp worker who:

Gets a completely clean computer 💻
Follows your exact instructions 📋
Reports back with results 📊
Shreds everything when done 🗂️

The Tech Stack That Makes It Possible ✨

🎬 browser-use: The AI agent doing all the clicking wizardry
📺 neko: Streams the browser chaos via WebRTC so you can watch the show
☸️ Kubernetes: Because why make things simple when you can make them distributed and bulletproof?
🐹 Go: The glue holding this beautiful controlled chaos together
🧠 OpenAI: Powers the AI that (hopefully) won't accidentally order 500 rubber ducks
🗄️ Redis: Session state management that doesn't judge your automation choices

Code That Makes You Go "Wow" ⚙️

The session manager is where the real magic happens. Check out this beautiful orchestration:

func (m *Manager) CreateSession(ctx context.Context, req *models.CreateSessionRequest) (*models.Session, error) {
    sessionID := uuid.New().String()
    namespace := fmt.Sprintf("browser-session-%s", sessionID)

    session := &models.Session{
        ID:          sessionID,
        ExternalURL: fmt.Sprintf("https://%s.%s?usr=neko&pwd=neko&embed=1&volume=1", 
                                sessionID, m.config.BrowserDomain),
        Status:      models.StatusCreating,
        Prompt:      req.Prompt,
        ExpiresAt:   time.Now().Add(m.config.BrowserSessionTTL),
    }

    go m.createSessionResources(context.Background(), session)
    return session, nil
}

Each session gets its own Kubernetes namespace – talk about resource isolation! It's like giving every AI agent their own private mansion that gets demolished after the party 🏰

The AI Runner: Where Dreams Meet Reality 🤖

The Python runner executing inside each pod is delightfully elegant:

agent = Agent(
    task=os.environ["PROMPT"],
    llm=ChatOpenAI(model="o4-mini", temperature=1.0),
    browser_session=browser_session,
)
history = await agent.run()
result = history.final_result()

It's literally: "Hey AI, here's a pristine browser and a task. Go nuts, but do it securely!" 🥜

Real-World Applications (That Actually Matter) 🌍

Enterprise Use Cases That'll Impress Your Boss:

Automated Testing: Fresh browsers for every test run, eliminating flaky tests caused by session contamination 🧪
Market Research: Clean environments for competitive analysis without revealing your digital fingerprints 🔍
Compliance Checking: Isolated sessions for regulatory verification with complete audit trails ✅
Data Gathering: Secure web scraping without contamination or detection 🕷️
Form Automation: Fill repetitive enterprise forms without data leakage 📝

Personal Use Cases That'll Change Your Life:

Price Monitoring: AI checks deals without accumulating tracking cookies 💰
Research Tasks: Clean browsing for sensitive investigations 🔬
E-commerce Automation: Let AI handle your shopping without compromising your privacy 🛒
Social Media Management: Automate posts and interactions with complete isolation 📱

The "What Could Go Right" Scenarios 🎯

Unlike traditional browser automation that accumulates digital baggage like a hoarder's basement, Clickjitsu's ephemeral approach means:

No Session Hijacking: Fresh browser = fresh start every time 🔄
No Data Persistence: Sensitive info never lingers around like a bad smell 🚫
No Cross-Task Interference: Yesterday's shopping can't affect today's banking 🏪➡️🏦
Perfect Audit Trail: Every session is logged, isolated, and traceable 📊
Scalable Security: Want 100 AI agents? Just scale the pods without security concerns! 📈

Security Wins That Actually Matter 🏆

Container-Level Fort Knox 🏰

Network Segmentation: Kubernetes networking keeps sessions separated like VIP sections at a concert 🕸️
Resource Limits: AI can't consume infinite resources or accidentally bankrupt you 💸
Clean Slate Guarantee: Every session starts with zero previous context, like digital amnesia 🧼
Real-Time Monitoring: Watch exactly what your AI agent is doing, no surprises! 👁️

Taking Security to Ludicrous Speed 🚀

For Production Environments, you could take this paranoia to the next level with some seriously hardcore isolation:

gVisor: Run containers in a user-space kernel for that extra "nope, you're not touching my host OS" feeling 🛡️
Kata Containers: Each container gets its own lightweight VM because why trust anything? 🏰
Firecracker MicroVMs: AWS-style microVMs that boot faster than your morning coffee ☕

# Because regular containers are for peasants
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
spec:
  runtimeClassName: kata-containers  # Or gvisor, or firecracker
  containers:
  - name: paranoid-browser
    image: clickjitsu/browser:latest
EOF

Why Go Full Paranoid? 🕵️‍♂️

Kernel-Level Isolation: AI agent escapes? Still trapped in VM-land!
Hardware-Assisted Security: CPU features working overtime to keep you safe
Compliance Gold Star: Auditors will weep tears of joy at your isolation levels ⭐
Sleep Better at Night: Because knowing your AI can't accidentally root your cluster is priceless 😴

Infrastructure Patterns That Impress 🎯

# Each session gets its own isolated environment
apiVersion: v1
kind: Namespace
metadata:
  name: browser-session-uuid-here
---
# Browser container with Chrome DevTools + MicroVM isolation
# AI runner container with browser-use + gVisor sandboxing
# All ephemeral, all secure, all magnificently over-engineered

The Infrastructure Wins That Matter 🚀

Despite being born from "questionable life choices," Clickjitsu showcases serious cloud-native patterns:

Ephemeral Workloads: Each session is completely isolated and self-cleaning 🧹
Horizontal Scalability: Want 100 AI shoppers? Just scale the pods! 📈
Resource Management: Proper CPU/memory limits prevent AI shopping sprees from breaking your cluster 💳
WebRTC Streaming: Real-time browser viewing because watching AI click buttons is surprisingly addictive 👁️
GitOps Ready: Infrastructure as code that would make your DevOps team weep with joy 😭

Warning Labels and Disclaimers ⚠️

This is a one-day hack that turned into something surprisingly robust – use responsibly! Side effects may include:

Mysterious charges on your credit card (set those spending limits!) 💳
AI developing sentience and judging your browsing habits 👨‍⚖️
Kubernetes bills that make you question life choices 💸
Your browser automation having better security than most enterprise systems 🏢
Colleagues asking "how the hell did you build that?" 🤯

The Future of Secure Automation 🔮

This isn't just about letting AI click buttons – it's about creating a paradigm where automation meets paranoid-level security. Imagine:

Corporate AI Assistants: Safely handling sensitive business processes without data leakage 💼
Personal Digital Butlers: Managing your online life without privacy nightmares 🏠
Research Automation: Gathering competitive intelligence without leaving digital footprints 🕵️
Compliance Automation: Meeting regulations with verifiable isolation and audit trails ✅
Zero-Trust Browsing: Every web interaction happens in a disposable, monitored environment 🗑️

Try It Yourself (If You Dare) 🎮

Want to watch AI navigate the web while you sip coffee in your security-hardened ivory tower? The project is open source and ready for your own questionable experiments!

Getting Started:

# Clone the madness
git clone https://github.com/pmdroid/clickjitsu

# Deploy to your K8s cluster
# Watch AI do your bidding
# Profit (securely)

Just remember: with great AI power comes great responsibility (and the need for really good monitoring) 🕷️

Key Takeaways That'll Stick 🎯

Security Through Isolation: Fresh environments eliminate contamination risks better than hand sanitizer 🛡️
Observable AI: Real-time streaming lets you supervise your digital minions like a benevolent overlord 👀
Scalable Architecture: Cloud-native design handles enterprise workloads without breaking a sweat 📈
Zero Persistence: What happens in the container, stays in the container (and then gets obliterated) 🔒
Infrastructure as Entertainment: Who knew watching AI browse the web could be this addictive? 🍿

The Bottom Line 💰

Clickjitsu proves that sometimes the most useful innovations come from solving problems you didn't know you had. It's browser automation for the age of zero-trust architecture, where every click is monitored, every session is isolated, and every result is achieved without compromising your digital soul.

Ready to delegate your browser tasks to AI agents while keeping everything locked down tighter than Fort Knox? Your secure automation journey starts here! 🚀

Built with ❤️ and questionable engineering decisions that somehow resulted in enterprise-grade security. Because in 2025, even our browser automation needs better security than most banks 😅🏦

P.S. - Yes, it actually works. No, we can't be held responsible for what your AI decides to buy. Please set spending limits. I'm not kidding about this one! 💸

Cloudflare Logs: Not Just for Breakfast Anymore 🥞

Pascal Matthiesen — Tue, 05 Aug 2025 07:38:47 +0000

Alright, log lovers, let's get this observability party started 🎉. We're about to turn your Cloudflare logs from wallflowers into the life of the data analysis party 🥳.

Challenge 😕: Cloudflare Logpush delivers valuable data, but it might not be in the most usable format for further analysis.

Solution 💡: Enter Vector and Loki, the dream team 🏆. We'll leverage Vector's built-in HTTP server to accept your Cloudflare log lines, process them, and then ship them off to Loki for storage and analysis 🚀.

Why Bother? 🤔

Find and fix issues faster: Your logs will be organized and searchable, making troubleshooting a breeze.

Optimize performance: Identify bottlenecks and fine-tune your applications like a pro.

Boost security: Detect threats and protect your digital assets.

Get Ready to Geek Out!

We'll dive into the technical details soon, so get your command line fingers ready. You'll learn how to:

Set up Vector to transform and forward your logs.
Get Loki ready to ingest and analyze your data.
Configure Cloudflare Logpush to send logs via HTTP.

These commands give your Kubernetes cluster a VIP backstage pass 🎫 to the hottest logging tool in town: Vector! ✨

helm repo add vector https://helm.vector.dev: This tells Helm (your trusty Kubernetes package manager) where to find Vector's exclusive swag, like adding a secret app store to your phone 🤫.
helm repo update: This command refreshes Helm's knowledge, making sure you have access to the freshest Vector releases. Think of it as checking for those "new app" notifications on your phone 📲.

helm repo add vector https://helm.vector.dev
helm repo update

This Kubernetes Secret ("vector") is the Fort Knox 🔒 of your Vector logging tool, guarding a super-secret HTTP password ("123abc") 🤫. But hold on, Captain Obvious here 🦸 – change that password before some sneaky cyber ninja 🥷 steals your precious logs!

apiVersion: v1
kind: Secret
metadata:
  name: vector
  namespace: vector
stringData:
  HTTP_PASSWORD: "123abc"

This Vector configuration sets up a secure gateway 🚪 for your Cloudflare logs. It grabs the logs, translates them into a format Loki understands 🗣️, and then sends them off for safekeeping 📦. It's like a trusty butler for your website data 🤵.

envFrom:
  - secretRef:
      name: vector
service:
  ports:
    - name: http
      port: 3000
  enabled: true
role: Stateless-Aggregator
customConfig:
  acknowledgements:
    enabled: true
  sources:
    in:
      type: "http"
      address: 0.0.0.0:3000
      strict_path: false
      encoding: text
      path: /ingest
      auth:
        username: cloudflare
        password: "${HTTP_PASSWORD}"
  transforms:
    parse_json:
      type: remap
      inputs:
        - "in"
      source: |
        . = parse_json!(.message)
        .timestamp = from_unix_timestamp!(.EventTimestampMs, unit: "milliseconds")
  sinks:
    out:
      type: "loki"
      tenant_id: "0:0"
      encoding:
        codec: "json"
      remove_timestamp: false
      out_of_order_action: accept
      labels:
        job: cloudflare
      endpoint: http://loki-gateway.monitoring.svc.cluster.local
      inputs:
        - "parse_json"

This command summons the Helm installer 🧙‍♂️ to conjure up Vector on your Kubernetes cluster:

helm install vector vector/vector \
  --namespace vector \
  --create-namespace \
  --values values.yaml

It's like giving Helm a magic spell book 🪄, pointing to the Vector spell page, and telling it where to build Vector's cozy little home 🏡 (in the "vector" namespace) with the customizations you specified in the "values.yaml" file. Now you're ready to wrangle those logs! 🧹🪵

Now, let's teach Cloudflare to share those juicy logs with Vector! 🤝 Just replace the placeholders and run this command in your terminal:

curl -X POST "https://api.cloudflare.com/client/v4/accounts/<YOUR_CF_ACCOUNT_ID>/logpush/jobs" \
  -H "Authorization: Bearer <YOUR_CF_API_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
      "name": "vector-logs",
      "destination_conf": "<YOUR_VECTOR_ENDPOINT>?header_Authorization=Basic%20<BASE64_ENCODED_AUTH>",
      "dataset": "workers_trace_events",
      "enabled": true
  }'

Replace these placeholders:

: Your Cloudflare account ID 🔢
: Your Cloudflare API token 🗝️
: The full URL to your Vector's HTTP endpoint (e.g., https://vector.yourdomain.com/ingest) 🌐
: Your Vector username and password encoded in Base64 format 🔒 (echo -n "$username:$password" | base64)

That's it! Cloudflare will start pushing logs to Vector, and Vector will whisk them off to Loki for safekeeping and analysis. 💨 Now you're a log analysis wizard! 🧙‍♂️

And with that, the logs have been tamed... for now. 😈 But rest assured, they'll be back with a vengeance, just like my insatiable craving for pizza. 🍕 If you enjoyed this wild ride through log analysis, join me next time as I tackle more tech challenges, share hilarious startup fails, and maybe even reveal my secret pizza recipe (just kidding...or am I? 😉).

GitOps Made Easy: Building the Ultimate Kubernetes Testing Lab 🚀

Pascal Matthiesen — Tue, 05 Aug 2025 07:33:27 +0000

Hey Kubernetes warriors! 👋 Ever wanted to spin up a complete, production-like environment faster than you can say "microservices"? Well, buckle up because we're about to explore flux-e2e - a GitOps repository that'll make your infrastructure dreams come true!

The Challenge 🤔

Picture this: You're building a Kubernetes application, and you need to test it with proper networking, security policies, observability, and all the production bells and whistles. Traditionally, this means hours of YAML wrestling, secret management nightmares, and probably at least three cups of coffee ☕.

The usual pain points:

Setting up proper GitOps workflows 📝
Configuring secure networking without losing your sanity 🔐
Getting observability right from day one 📊
Making it all work together without breaking 💥

The Solution 💡

Enter flux-e2e - a beautifully orchestrated GitOps repository that gives you a complete Kubernetes testing environment with just one command. Think of it as the "easy button" for infrastructure testing!

What Makes This Special? ✨

This isn't just another "hello world" Kubernetes setup. We're talking about a full-stack, production-ready testing environment that includes:

GitOps with Flux CD - Because manual deployments are so 2019 📅
Cilium CNI + Tailscale - Networking that actually makes sense 🌐
Grafana + Loki - Observability that doesn't suck 📈
Network policies + sealed secrets - Security that doesn't give you headaches 🛡️
Proper dependency management - Everything deploys in the right order 🎯

The Architecture That'll Make You Smile 😊

The genius lies in the numbered directory structure:

├── 0-bootstrap/          # Start here - namespaces and basics
├── 1-network-policies/   # Lock it down early
├── 2-secrets/           # Encrypted secrets (no more leaked passwords!)
├── 3-config/            # Configuration management
├── 4-infrastructure/    # The heavy lifting (cert-manager, operators)
├── 5-system/           # Core services (MariaDB, Redis)
├── 6-apps/             # Your actual applications
├── 7-ingress/          # Tailscale funnel magic
└── cluster/            # Flux orchestrates it all

Why this is brilliant: Dependencies flow naturally from 0 to 7. No more "chicken and egg" deployment problems! 🐣

The Magic Script 🪄

Ready for the best part? Getting this entire stack running is literally one command:

export TAILSCALE_API_KEY="tskey-api-xxxxx"
# ... set a few more environment variables
./local.sh

What happens next is pure magic:

Spins up a Kind cluster with Cilium 🎪
Installs Flux CD and points it to your repo 🎯
Deploys everything in the correct dependency order 📋
Sets up Tailscale networking for secure access 🔒
Gives you URLs to access your services! 🌍

The Tailscale Twist 🌟

Here's where things get really cool. Instead of dealing with LoadBalancers or complicated ingress setups, everything is exposed through Tailscale funnel. Your services get URLs like:

https://{random-prefix}grafana.{tailnet}.ts.net
https://{random-prefix}echo.{tailnet}.ts.net

Why this rocks:

Secure by default (only your Tailscale network can access) 🔐
No public IPs or complex firewall rules 🚫
Works from anywhere with proper authentication ✅
Random prefixes prevent conflicts in shared environments 🎲

Under the Hood: Smart Design Patterns 🔧

1. Variable Substitution Magic

Everything is configured through a cluster-vars ConfigMap with variable substitution:

someConfig: ${VARIABLE_NAME}

Change one value, update everything! 🎭

2. Sealed Secrets = Sleep Better at Night

No more secrets in plaintext Git repos. Everything is encrypted with sealed-secrets, so you can commit your secrets safely. Your security team will love you! 💕

3. Network Policies by Default

Every namespace gets restrictive network policies. Because security shouldn't be an afterthought! 🛡️

Real-World Use Cases 🌍

Perfect for:

Local development - Full-stack testing without the cloud bill 💰
CI/CD pipelines - Spin up environments for each PR 🔄
Learning GitOps - See how it all fits together 🎓
Architecture validation - Test your designs before production 🧪

Debugging Like a Pro 🕵️

When things go sideways (they always do), the repo includes helpful debugging commands:

# Check Flux status
flux get kustomizations

# See what's broken
kubectl get pods -A

# Follow the logs
kubectl logs -n flux-system -l app=helm-controller

The Cleanup is Automatic! 🧹

Exit the script, and everything cleans up automatically:

Removes Tailscale devices ✅
Optionally deletes the Kind cluster ✅
No orphaned resources ✅

No more "what was that cluster name again?" moments! 😅

Why This Matters 🎯

In a world where Kubernetes complexity can make grown developers cry, flux-e2e shows us that:

GitOps doesn't have to be hard - Good structure makes all the difference
Security can be baked in - Network policies and sealed secrets from day one
Observability is achievable - Grafana and Loki working out of the box
Local testing can be production-like - No more "works on my machine" 🤷‍♂️

Get Started Today! 🚦

Ready to revolutionize your Kubernetes testing game?

Clone the repo: git clone https://github.com/pmdroid/flux-e2e
Set your environment variables (don't forget the Tailscale API key!)
Run: ./local.sh
Watch the magic happen ✨

Final Thoughts 💭

flux-e2e isn't just a repository - it's a blueprint for how modern Kubernetes deployments should work. It proves that with the right patterns and tools, we can have:

Simplicity without sacrificing functionality 📊
Security without operational overhead 🔒
Observability without complexity 👀
GitOps without the learning curve 📈

Whether you're a GitOps newbie or a Kubernetes veteran, this repo will teach you something new about building resilient, secure, and observable systems.

Now go forth and GitOps responsibly! 🎉

Have you tried flux-e2e? Share your experience in the comments! And if you build something cool with it, we'd love to hear about it! 🗨️