@mcp-b/chrome-devtools-mcp 1.8.0 → 1.8.2

package/build/src/McpContext.js

@@ -89,6 +89,7 @@ export class McpContext {
     #networkConditionsMap = new WeakMap();
     #cpuThrottlingRateMap = new WeakMap();
     #geolocationMap = new WeakMap();
+    #bypassCSPMap = new WeakMap();
     #dialog;
     #nextSnapshotId = 1;
     #traceResults = [];
@@ -616,6 +617,20 @@ export class McpContext {
         const page = this.getSelectedPage();
         return this.#geolocationMap.get(page) ?? null;
     }
+    async setBypassCSP(enabled) {
+        const page = this.getSelectedPage();
+        await page.setBypassCSP(enabled);
+        if (enabled) {
+            this.#bypassCSPMap.set(page, true);
+        }
+        else {
+            this.#bypassCSPMap.delete(page);
+        }
+    }
+    getBypassCSP() {
+        const page = this.getSelectedPage();
+        return this.#bypassCSPMap.get(page) ?? false;
+    }
     setIsRunningPerformanceTrace(x) {
         this.#isRunningTrace = x;
     }

package/build/src/tools/pages.js

@@ -110,6 +110,10 @@ export const navigatePage = defineTool({
             .boolean()
             .optional()
             .describe('Whether to ignore cache on reload.'),
+        bypassCSP: zod
+            .boolean()
+            .optional()
+            .describe('Bypass Content-Security-Policy on the page. Useful for injecting scripts into third-party sites during development.'),
         ...timeoutSchema,
     },
     handler: async (request, response, context) => {
@@ -117,6 +121,9 @@ export const navigatePage = defineTool({
         const options = {
             timeout: request.params.timeout,
         };
+        if (request.params.bypassCSP !== undefined) {
+            await context.setBypassCSP(request.params.bypassCSP);
+        }
         if (!request.params.type && !request.params.url) {
             throw new Error('Either URL or a type is required.');
         }

package/build/src/tools/script.js

@@ -3,19 +3,26 @@
  * Copyright 2025 Google LLC
  * SPDX-License-Identifier: Apache-2.0
  */
+import { readFile } from 'node:fs/promises';
 import { zod } from '../third_party/index.js';
 import { ToolCategory } from './categories.js';
 import { defineTool } from './ToolDefinition.js';
 export const evaluateScript = defineTool({
     name: 'evaluate_script',
-    description: `Evaluate a JavaScript function inside the currently selected page. Returns the response as JSON
-so returned values have to JSON-serializable.`,
+    description: `Evaluate a JavaScript function or inject a script file into the currently selected page.
+
+When \`function\` is provided, evaluates it and returns the result as JSON (values must be JSON-serializable).
+When \`filePath\` is provided, reads the file from disk and injects it as a <script> tag (useful for large scripts like polyfills that are too big to pass inline).
+Exactly one of \`function\` or \`filePath\` must be provided.`,
     annotations: {
         category: ToolCategory.DEBUGGING,
         readOnlyHint: false,
     },
     schema: {
-        function: zod.string().describe(`A JavaScript function declaration to be executed by the tool in the currently selected page.
+        function: zod
+            .string()
+            .optional()
+            .describe(`A JavaScript function declaration to be executed by the tool in the currently selected page.
 Example without arguments: \`() => {
   return document.title
 }\` or \`async () => {
@@ -25,6 +32,10 @@ Example with arguments: \`(el) => {
   return el.innerText;
 }\`
 `),
+        filePath: zod
+            .string()
+            .optional()
+            .describe('Absolute path to a local JavaScript file to inject into the page via <script> tag. The file is read server-side so there are no size limits or CSP/mixed-content restrictions. Use this for large scripts (polyfills, bundled tools, etc).'),
         args: zod
             .array(zod.object({
             uid: zod
@@ -32,9 +43,25 @@ Example with arguments: \`(el) => {
                 .describe('The uid of an element on the page from the page content snapshot'),
         }))
             .optional()
-            .describe(`An optional list of arguments to pass to the function.`),
+            .describe(`An optional list of arguments to pass to the function. Only used with \`function\`, not \`filePath\`.`),
     },
     handler: async (request, response, context) => {
+        const { filePath } = request.params;
+        // File injection mode
+        if (filePath) {
+            if (request.params.function) {
+                throw new Error('Provide either `function` or `filePath`, not both.');
+            }
+            const content = await readFile(filePath, 'utf-8');
+            const page = context.getSelectedPage();
+            await page.addScriptTag({ content });
+            response.appendResponseLine(`Injected script from \`${filePath}\` (${content.length} bytes) into page.`);
+            return;
+        }
+        // Function evaluation mode (original behavior)
+        if (!request.params.function) {
+            throw new Error('Either `function` or `filePath` must be provided.');
+        }
         const args = [];
         try {
             const frames = new Set();

package/build/src/transports/CDPClientTransport.js

@@ -0,0 +1,184 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+/**
+ * MCP Client Transport that connects to an extension's MCP server via CDP.
+ *
+ * Discovers the extension's service worker, attaches to it, and establishes
+ * a bidirectional message channel using Runtime.evaluate (client → server)
+ * and Runtime.addBinding (server → client).
+ *
+ * CDP attaches ONLY to the service worker. Pages remain clean with no
+ * navigator.webdriver flag, bypassing bot detection entirely.
+ */
+export class CDPClientTransport {
+    #browser;
+    #extensionId;
+    #connectTimeout;
+    #session = null;
+    #started = false;
+    #closed = false;
+    #bindingHandler = null;
+    #disconnectHandler = null;
+    onclose;
+    onerror;
+    onmessage;
+    constructor(options) {
+        this.#browser = options.browser;
+        this.#extensionId = options.extensionId;
+        this.#connectTimeout = options.connectTimeout ?? 10_000;
+    }
+    async start() {
+        if (this.#started) {
+            throw new Error('CDPClientTransport already started. If using Client class, note that connect() calls start() automatically.');
+        }
+        if (this.#closed) {
+            throw new Error('CDPClientTransport has been closed');
+        }
+        this.#started = true;
+        try {
+            // Handle browser disconnect
+            this.#disconnectHandler = () => {
+                if (this.#closed)
+                    return;
+                this.#browser = null;
+                this.onclose?.();
+            };
+            this.#browser.on('disconnected', this.#disconnectHandler);
+            // Find extension service worker target with retry
+            const swTarget = await this.#findExtensionServiceWorker();
+            if (!swTarget) {
+                throw new Error(this.#extensionId
+                    ? `Extension ${this.#extensionId} service worker not found`
+                    : 'No extension service worker found. Is an MCP-enabled extension installed?');
+            }
+            // Create a CDP session directly on the service worker target
+            this.#session = await swTarget.createCDPSession();
+            // Enable Runtime domain
+            await this.#session.send('Runtime.enable');
+            // Add binding for receiving messages from the extension
+            await this.#session.send('Runtime.addBinding', {
+                name: '__mcpCDPToClient',
+            });
+            // Set up handler for binding calls
+            this.#bindingHandler = (event) => {
+                if (event.name !== '__mcpCDPToClient')
+                    return;
+                if (this.#closed)
+                    return;
+                try {
+                    const message = JSON.parse(event.payload);
+                    this.onmessage?.(message);
+                }
+                catch (err) {
+                    this.onerror?.(new Error(`Failed to parse message from extension: ${err}`));
+                }
+            };
+            this.#session.on('Runtime.bindingCalled', this.#bindingHandler);
+            // Verify the extension has the CDP transport ready
+            const { result } = await this.#session.send('Runtime.evaluate', {
+                expression: 'globalThis.__mcpCDPTransport?.isReady === true',
+                returnByValue: true,
+            });
+            if (!result.value) {
+                throw new Error('Extension CDP transport not ready. Ensure the extension has CDP bridge support enabled.');
+            }
+            // Connect our binding to the extension's transport
+            await this.#session.send('Runtime.evaluate', {
+                expression: `
+          globalThis.__mcpCDPTransport._sendBinding = (jsonStr) => {
+            __mcpCDPToClient(jsonStr);
+          };
+        `,
+            });
+        }
+        catch (err) {
+            this.#started = false;
+            await this.#cleanup();
+            throw err;
+        }
+    }
+    async send(message) {
+        if (!this.#started) {
+            throw new Error('CDPClientTransport not started');
+        }
+        if (this.#closed) {
+            throw new Error('CDPClientTransport has been closed');
+        }
+        if (!this.#session) {
+            throw new Error('CDP session not available');
+        }
+        const jsonStr = JSON.stringify(message);
+        try {
+            await this.#session.send('Runtime.evaluate', {
+                expression: `globalThis.__mcpCDPTransport.receiveMessage(${JSON.stringify(jsonStr)})`,
+            });
+        }
+        catch (err) {
+            const error = new Error(`Failed to send message to extension: ${err}`);
+            this.onerror?.(error);
+            throw error;
+        }
+    }
+    async close() {
+        if (this.#closed)
+            return;
+        this.#closed = true;
+        this.#started = false;
+        await this.#cleanup();
+        if (this.#browser && this.#disconnectHandler) {
+            this.#browser.off('disconnected', this.#disconnectHandler);
+            this.#disconnectHandler = null;
+        }
+        this.onclose?.();
+    }
+    /**
+     * Find the extension's service worker target with retry.
+     */
+    async #findExtensionServiceWorker() {
+        const deadline = Date.now() + this.#connectTimeout;
+        const retryInterval = 1_000;
+        while (Date.now() < deadline) {
+            const targets = this.#browser.targets();
+            const sw = targets.find(t => {
+                if (t.type() !== 'service_worker')
+                    return false;
+                if (!t.url().startsWith('chrome-extension://'))
+                    return false;
+                if (this.#extensionId && !t.url().includes(this.#extensionId))
+                    return false;
+                return true;
+            });
+            if (sw)
+                return sw;
+            const remaining = deadline - Date.now();
+            if (remaining > retryInterval) {
+                await new Promise(resolve => setTimeout(resolve, retryInterval));
+            }
+            else {
+                break;
+            }
+        }
+        return null;
+    }
+    /**
+     * Clean up CDP resources.
+     */
+    async #cleanup() {
+        if (this.#session && this.#bindingHandler) {
+            this.#session.off('Runtime.bindingCalled', this.#bindingHandler);
+            this.#bindingHandler = null;
+        }
+        if (this.#session) {
+            try {
+                await this.#session.detach();
+            }
+            catch {
+                // Ignore detach errors
+            }
+            this.#session = null;
+        }
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-b/chrome-devtools-mcp",
-  "version": "1.8.0",
+  "version": "1.8.2",
   "description": "MCP server for Chrome DevTools with WebMCP integration for connecting to website MCP tools",
   "keywords": [
     "mcp",