`browse_web` agent tool with S3-backed domain allowlist; AgentCore Browser removed
dropthejase adds a `browse_web` tool to the main agent that fetches legal and regulatory websites using `fetch()` and strips HTML. The domain allowlist lives in S3 so it can be updated without redeploying. AgentCore's managed browser is removed in the same cluster - tried, then abandoned.
The tool (9196cbc) is a straightforward fetch() + HTML-stripping implementation using the Strands tool() factory. It returns stripped visible text (up to 40,000 characters) plus up to 50 extracted links. A 20-second fetch timeout handles slow government websites.
The allowlist design is the reusable idea. On first invocation, the tool reads browse-allowlist.json from process.env.ADMIN_BUCKET_NAME in S3 and caches the result as a Set<string> for the container's lifetime. If the S3 load fails, it falls back to a hardcoded list of eight domains (curia.europa.eu, eur-lex.europa.eu, bailii.org, ICO, FCA, Companies House). Any URL whose hostname is not in the set gets rejected with an error string rather than a silent failure. Admin can update the allowlist by uploading a new JSON file - takes effect on next cold start.
The AgentCore Browser infrastructure removal (f6da49c) is telling. A CfnBrowserCustom resource with Chrome Enterprise policy, an IAM BrowserExecutionRole, and a chrome-policy.json config were all in place. All of it gets deleted. The AgentStack is simplified to just an admin S3 bucket with seed config files. The implication is that AgentCore's managed browser didn't fit the constraint surface - the allowlist was baked into Chrome policy rather than hot-editable, and the full browser overhead wasn't justified for what amounts to HTML fetching from a known set of static government sites.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?