diff --git a/script/stacks/sysadmin/docker-compose.yml b/script/stacks/sysadmin/docker-compose.yml
index 291263d..17ca8b3 100644
--- a/script/stacks/sysadmin/docker-compose.yml
+++ b/script/stacks/sysadmin/docker-compose.yml
@@ -1,5 +1,3 @@
-version: "3.8"
-
 services:
   agent:
     image: code.letsbe.solutions/letsbe/sysadmin-agent:latest
@@ -35,6 +33,11 @@ services:
       - MAX_FILE_SIZE=${MAX_FILE_SIZE:-10485760}
       - SHELL_TIMEOUT=${SHELL_TIMEOUT:-60}
 
+      # Playwright browser automation
+      - PLAYWRIGHT_ARTIFACTS_DIR=/opt/letsbe/playwright-artifacts
+      - PLAYWRIGHT_DEFAULT_TIMEOUT_MS=60000
+      - PLAYWRIGHT_NAVIGATION_TIMEOUT_MS=120000
+
     volumes:
       # Docker socket for container management
       - /var/run/docker.sock:/var/run/docker.sock
@@ -47,22 +50,31 @@ services:
       # Credential persistence (survives restarts without re-registration)
       - agent_home:/home/agent/.letsbe-agent
 
+      # Playwright artifacts storage
+      - playwright_artifacts:/opt/letsbe/playwright-artifacts
+
+    # Security options for Chromium sandboxing
+    security_opt:
+      - seccomp=unconfined
+
     # Run as root for Docker socket access
     # TODO: Use Docker group membership instead for better security
     user: root
 
     restart: unless-stopped
 
-    # Resource limits
+    # Resource limits (increased for Playwright browser automation)
     deploy:
       resources:
         limits:
-          cpus: '1.0'
-          memory: 512M
+          cpus: '1.5'
+          memory: 1G
         reservations:
-          cpus: '0.1'
-          memory: 128M
+          cpus: '0.25'
+          memory: 256M
 
 volumes:
   agent_home:
     name: {{ customer }}-agent-home
+  playwright_artifacts:
+    name: {{ customer }}-playwright-artifacts