stealth patched-firefox backend via the existing firefox browser_type

[feder-cr]

the recurring wall in this repo is bot detection: cloudflare "verifying you are human", turnstile, datadome returning the challenge page instead of the content (the stealth / bot-detection / cloudflare issue threads). patchright and playwright-stealth patch chromium at the js layer, which still leaves a surface anti-bot scripts read: native function .toString() enumeration, the CDP attach signature, and the general "chromium-shaped traffic scores higher risk" bias.

the angle that removes that part of the problem is a firefox build with the fingerprint patches applied at the c++ source level (canvas readback, webgl getParameter, font metrics, audio, navigator, system colors). no js shim, no CDP attach signature, and a non-chrome engine that some anti-bot stacks score more leniently. not a silver bullet, IP reputation and server-side scoring still apply, but it drops the js-shim-and-chromium-shape piece.

the nice part is the hook already exists here. browser_manager.py already dispatches to firefox:

if self.config.browser_type == "firefox":
    self.browser = await self.playwright.firefox.launch(**browser_args)

the only thing missing is letting BrowserConfig pass executable_path (point that launch at a patched binary) and firefox_user_prefs (the binary is fully pref-driven). the patched firefox 150 lives at feder-cr/invisible_firefox (MPL-2, same license as firefox upstream) and auto-downloads to a cache on first run. the returned object is a normal playwright Browser, so extraction / markdown / screenshots / hooks are unchanged.

opened a draft PR with a proposal doc to make this concrete. honest caveats: it helps the fingerprint/engine layer only; firefox via playwright has no CDP so anything using connect_over_cdp stays chromium-only and untouched. if this is in scope i'll wire the two config passthroughs and add a docs example. if not, no worries, happy to close it.

[feder-cr]

opened a draft PR with the proposal doc: #2001