chromeflow 0.10.0 → 0.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/bin/chromeflow.mjs +11 -4
  2. package/package.json +1 -1
package/bin/chromeflow.mjs CHANGED
@@ -24825,6 +24825,11 @@ After tabs.onUpdated fires status=complete, chromeflow also runs a 6s settle che
24825
24825
  text += `
24826
24826
 
24827
24827
  \u26A0 expect_selector "${expect_selector}" never appeared within the 6s settle window. The page may be partially loaded or stuck.`;
24828
+ }
24829
+ if (r.anti_bot_detected) {
24830
+ text += `
24831
+
24832
+ \u26A0 anti_bot_detected: "${r.anti_bot_detected}" \u2014 the page returned a known block / challenge response. Page content is unlikely to be the intended target. Don't try to interact with it; navigate elsewhere or surface to the user.`;
24828
24833
  }
24829
24834
  return { content: [{ type: "text", text }] };
24830
24835
  }
@@ -25589,6 +25594,8 @@ Set binary=true for non-text responses (PDFs, images, zips) \u2014 the body is r
25589
25594
  }, wsTimeout);
25590
25595
  if (response.type !== "fetch_url_response") throw new Error(`Unexpected response: ${response.type}`);
25591
25596
  const r = response;
25597
+ const antiBotLine = r.anti_bot_detected ? `
25598
+ \u26A0 anti_bot_detected: "${r.anti_bot_detected}" \u2014 response body matches a known block / challenge page. Don't parse as the expected JSON/HTML; the user's IP may be challenged or the endpoint may require a real browser context.` : "";
25592
25599
  if (to_file) {
25593
25600
  const cwd = process.cwd();
25594
25601
  const resolved = isAbsolute(to_file) ? to_file : resolve(cwd, to_file);
@@ -25607,14 +25614,14 @@ Set binary=true for non-text responses (PDFs, images, zips) \u2014 the body is r
25607
25614
  type: "text",
25608
25615
  text: `HTTP ${r.status} ${r.status_text} \u2014 ${r.content_type || "no content-type"} \u2014 ${r.total_bytes} bytes
25609
25616
  Written to: ${resolved}
25610
- Size on disk: ${buf.byteLength}
25617
+ Size on disk: ${buf.byteLength}${antiBotLine}
25611
25618
 
25612
25619
  Headers:
25613
25620
  ${hdrLines}`
25614
25621
  }]
25615
25622
  };
25616
25623
  }
25617
- const header = `HTTP ${r.status} ${r.status_text} \u2014 ${r.content_type || "no content-type"} \u2014 ${r.total_bytes} bytes${r.truncated ? ` (truncated to ${max_bytes ?? 1e5}; set to_file=<path> to capture the full ${r.total_bytes} bytes)` : ""}`;
25624
+ const header = `HTTP ${r.status} ${r.status_text} \u2014 ${r.content_type || "no content-type"} \u2014 ${r.total_bytes} bytes${r.truncated ? ` (truncated to ${max_bytes ?? 1e5}; set to_file=<path> to capture the full ${r.total_bytes} bytes)` : ""}${antiBotLine}`;
25618
25625
  const bodyPart = r.body_base64 ? `
25619
25626
 
25620
25627
  [base64, ${r.body_base64.length} chars]
@@ -25651,7 +25658,7 @@ Scope matching with \`within_selector\` or \`near_text\` restricts where matches
25651
25658
 
25652
25659
  Shadow DOM (open AND closed) is pierced by default via chrome.dom.openOrClosedShadowRoot \u2014 Reddit faceplate-* / r-post-form-submit-button / web-component-heavy SPAs no longer need manual deepFind recipes.
25653
25660
 
25654
- ANTI-BOT SUBMIT CEILING \u2014 synthetic clicks on social/auth platforms (Reddit, X / Twitter, GitHub device-code, mcp.so) are silently rejected by isTrusted-aware form validators and CSRF/reCAPTCHA gates. Pass \`expect_submit: true\` to detect this case (returns success=false with "submit silently rejected" when no signal fires within 4s). For confirmed anti-bot sites, do NOT retry \u2014 pre-fill the form, then highlight the submit button and call wait_for_click so a real human gesture fires the submission.`,
25661
+ ANTI-BOT SUBMIT CEILING \u2014 synthetic clicks on social/auth platforms (Reddit, X / Twitter, mcp.so) are silently rejected by isTrusted-aware form validators and CSRF/reCAPTCHA gates. Pass \`expect_submit: true\` to detect this case (returns success=false with "submit silently rejected" when no signal fires within 4s). For confirmed anti-bot sites, do NOT retry \u2014 pre-fill the form, then highlight the submit button and call wait_for_click so a real human gesture fires the submission.`,
25655
25662
  {
25656
25663
  textHint: external_exports.string().optional().describe(
25657
25664
  "The visible label of the button or link (e.g. 'Save product', 'Continue', 'Add a product', 'Create'). Exactly one of textHint or selector must be set."
@@ -26048,7 +26055,7 @@ ${lines.join("\n")}${shadowSection}` }] };
26048
26055
  }
26049
26056
 
26050
26057
  // packages/mcp-server/src/index.ts
26051
- var PACKAGE_VERSION = true ? "0.10.0" : "dev";
26058
+ var PACKAGE_VERSION = true ? "0.10.1" : "dev";
26052
26059
  main().catch((err) => {
26053
26060
  console.error("[chromeflow] Fatal error:", err);
26054
26061
  process.exit(1);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "chromeflow",
3
- "version": "0.10.0",
3
+ "version": "0.10.1",
4
4
  "description": "MCP server for chromeflow — lets Claude Code or Codex CLI drive your real Chrome browser with sessions intact. Plugin install recommended; npx chromeflow for manual MCP wiring.",
5
5
  "type": "module",
6
6
  "main": "./bin/chromeflow.mjs",