octocode-cli 1.3.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +129 -28
- package/out/chunks/chunk-7476PETK.js +309 -0
- package/out/chunks/chunk-CVNNNSMQ.js +26 -0
- package/out/chunks/chunk-OQBJTZWK.js +60 -0
- package/out/chunks/chunk-UCZCF3BQ.js +9 -0
- package/out/chunks/command-help-specs-JZXVSLZ5.js +8 -0
- package/out/chunks/commands-XBFPLHSQ.js +8 -0
- package/out/chunks/help-P7TCOYAJ.js +10 -0
- package/out/chunks/main-help-ULF5PAQY.js +10 -0
- package/out/chunks/prompts-5E6VKRX5.js +8 -0
- package/out/chunks/spinner-URV2OX6O.js +8 -0
- package/out/chunks/tool-command-M6VA7P2F.js +8 -0
- package/out/octocode-cli.js +1 -1
- package/package.json +5 -3
- package/skills/README.md +60 -58
- package/skills/agentic-flow-best-practices/SKILL.md +280 -0
- package/skills/agentic-flow-best-practices/references/agent-collaboration-patterns.md +75 -0
- package/skills/agentic-flow-best-practices/references/pr-review-agent-example.md +47 -0
- package/skills/agentic-flow-best-practices/references/resources.md +112 -0
- package/skills/octocode-brainstorming/.env.example +11 -0
- package/skills/octocode-brainstorming/SKILL.md +262 -0
- package/skills/octocode-brainstorming/scripts/tavily-search.mjs +138 -0
- package/skills/octocode-chrome-devtools/README.md +541 -0
- package/skills/octocode-chrome-devtools/SKILL.md +197 -0
- package/skills/octocode-chrome-devtools/agents/openai.yaml +7 -0
- package/skills/octocode-chrome-devtools/references/CDP_AGENT_REFERENCE.md +401 -0
- package/skills/octocode-chrome-devtools/references/CHROME_FLAGS.md +234 -0
- package/skills/octocode-chrome-devtools/references/INTENTS.md +108 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_AUTH.md +179 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_AUTOMATION.md +214 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_DEBUG.md +329 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_ENVIRONMENT.md +237 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_INSPECT.md +263 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_STORAGE_CONSENT.md +214 -0
- package/skills/octocode-chrome-devtools/references/RECOVERY.md +39 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS.md +43 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_ASYNC_WORKERS.md +345 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_BROWSER.md +403 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_OBSERVE.md +275 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_SPECIAL.md +18 -0
- package/skills/octocode-chrome-devtools/scripts/cdp-runner.mjs +503 -0
- package/skills/octocode-chrome-devtools/scripts/cdp-sandbox.mjs +123 -0
- package/skills/octocode-chrome-devtools/scripts/cdp-template.mjs +81 -0
- package/skills/octocode-chrome-devtools/scripts/octocode-chrome-devtools.vpn.example.json +8 -0
- package/skills/octocode-chrome-devtools/scripts/open-browser.mjs +362 -0
- package/skills/octocode-chrome-devtools/scripts/sourcemap-resolver.mjs +193 -0
- package/skills/octocode-chrome-devtools/scripts/undercover.mjs +226 -0
- package/skills/octocode-design/README.md +2 -2
- package/skills/octocode-documentation-writer/README.md +1 -1
- package/skills/octocode-engineer/README.md +1 -1
- package/skills/octocode-engineer/SKILL.md +137 -306
- package/skills/octocode-engineer/references/cli-reference.md +13 -0
- package/skills/octocode-engineer/references/output-files.md +3 -3
- package/skills/octocode-engineer/scripts/run.js +146 -146
- package/skills/octocode-engineer/src/pipeline/main.ts +1 -17
- package/skills/octocode-engineer/src/pipeline/progress.ts +4 -0
- package/skills/octocode-engineer/src/reporting/summary-md.test.ts +48 -0
- package/skills/octocode-engineer/src/reporting/summary-md.ts +43 -2
- package/skills/octocode-install/SKILL.md +1 -1
- package/skills/octocode-pull-request-reviewer/README.md +5 -5
- package/skills/octocode-pull-request-reviewer/SKILL.md +1 -1
- package/skills/octocode-research/AGENTS.md +1 -1
- package/skills/octocode-research/README.md +2 -2
- package/skills/octocode-research/docs/ARCHITECTURE.md +1 -1
- package/skills/octocode-research/scripts/server.js +184 -239
- package/skills/octocode-research/src/routes/github.ts +4 -21
- package/skills/octocode-research/src/routes/local.ts +4 -21
- package/skills/octocode-research/src/utils/fileContentTransform.ts +44 -0
- package/skills/octocode-search-skill/SKILL.md +337 -0
- package/skills/octocode-search-skill/references/agent-skills-guide.md +177 -0
- package/skills/octocode-search-skill/references/discovery-surfaces.md +162 -0
- package/skills/octocode-search-skill/references/fetch-and-create-locally.md +57 -0
- package/skills/octocode-search-skill/references/install-reference.md +130 -0
- package/skills/octocode-search-skill/references/references-template.md +27 -0
- package/skills/octocode-search-skill/references/references.md +62 -0
- package/skills/octocode-slides/README.md +307 -0
- package/skills/octocode-slides/SKILL.md +410 -0
- package/skills/octocode-slides/references/01-brief.md +156 -0
- package/skills/octocode-slides/references/02-research.md +149 -0
- package/skills/octocode-slides/references/03-outline.md +172 -0
- package/skills/octocode-slides/references/04-design.md +301 -0
- package/skills/octocode-slides/references/05-implementation.md +213 -0
- package/skills/octocode-slides/references/06-review.md +258 -0
- package/skills/octocode-slides/references/animation.md +281 -0
- package/skills/octocode-slides/references/design-system.md +316 -0
- package/skills/octocode-slides/references/html-templates.md +673 -0
- package/skills/octocode-slides/references/image-generation.md +448 -0
- package/skills/octocode-slides/references/resources.md +840 -0
- package/skills/octocode-slides/references/slide-rules.md +541 -0
- package/skills/octocode-slides/references/wireframes.md +727 -0
- package/skills/octocode-slides/scripts/animation.js +182 -0
- package/skills/octocode-slides/scripts/base.css +353 -0
- package/skills/octocode-slides/scripts/base.html +655 -0
- package/skills/octocode-slides/scripts/generate_image.py +221 -0
- package/skills/octocode-slides/scripts/navbridge.js +79 -0
- package/skills/octocode-slides/scripts/presenter.js +316 -0
- package/skills/octocode-slides/scripts/slide.html +248 -0
- package/skills/octocode-stats/SKILL.md +73 -0
- package/skills/octocode-stats/assets/template.html +1332 -0
- package/skills/octocode-stats/scripts/build_dashboard.mjs +407 -0
- package/out/chunks/chunk-LH4AZJPA.js +0 -389
- package/out/chunks/command-help-specs-CQ3RBLP6.js +0 -8
- package/out/chunks/commands-M3QTWKWE.js +0 -51
- package/out/chunks/help-XPXP46ZT.js +0 -10
- package/out/chunks/main-help-HXFAFHPG.js +0 -10
- package/out/chunks/tool-command-VHFLPIHY.js +0 -8
|
@@ -0,0 +1,541 @@
|
|
|
1
|
+
# Chrome DevTools Skill
|
|
2
|
+
|
|
3
|
+
Use this skill when you want an agent to investigate a website or web app through a real Chrome session.
|
|
4
|
+
|
|
5
|
+
It is built for browser evidence: network calls, console errors, DOM state, storage, workers, screenshots, authenticated pages, and repeated monitoring.
|
|
6
|
+
|
|
7
|
+
Use it when normal browser automation cannot explain what Chrome actually saw.
|
|
8
|
+
|
|
9
|
+
## Prerequisites
|
|
10
|
+
|
|
11
|
+
For normal chat usage, you usually only need:
|
|
12
|
+
|
|
13
|
+
- Chrome installed locally
|
|
14
|
+
- Node.js available for the bundled launcher/runner scripts
|
|
15
|
+
- a URL, local app route, or already-open browser page to inspect
|
|
16
|
+
|
|
17
|
+
Optional setup:
|
|
18
|
+
|
|
19
|
+
- proxy/VPN routing through `.octocode/chrome-devtools.json`
|
|
20
|
+
- a visible browser session for login, MFA, CAPTCHA, or live-page inspection
|
|
21
|
+
- Octocode local/GitHub tools when you want to trace browser evidence back to source code
|
|
22
|
+
|
|
23
|
+
## Start Here
|
|
24
|
+
|
|
25
|
+
Ask naturally. Include the URL, the behavior you expect, and the signal you care about.
|
|
26
|
+
|
|
27
|
+
Good prompts:
|
|
28
|
+
|
|
29
|
+
- "Open this page and debug why submit fails."
|
|
30
|
+
- "Watch network calls when I click checkout."
|
|
31
|
+
- "Open a visible browser, I'll log in, then inspect API errors."
|
|
32
|
+
- "Detect whether this page is blocking bots or showing a CAPTCHA."
|
|
33
|
+
- "Run the auth flow, pause for MFA/CAPTCHA if needed, then inspect the app."
|
|
34
|
+
- "Run a storage and consent audit on this site."
|
|
35
|
+
- "Scrape table rows from the authenticated page."
|
|
36
|
+
- "Monitor this page every 30 seconds for exceptions."
|
|
37
|
+
|
|
38
|
+
What the agent should do:
|
|
39
|
+
|
|
40
|
+
- open or attach to Chrome
|
|
41
|
+
- choose one or two focused intents
|
|
42
|
+
- run a narrow CDP script
|
|
43
|
+
- report prefixed evidence such as `[FINDING]`, `[NETWORK_ERROR]`, `[EXCEPTION]`, or `[REASON]`
|
|
44
|
+
- reuse the same tab/session on follow-up checks when possible
|
|
45
|
+
|
|
46
|
+
## Prompt To Intent Cheatsheet
|
|
47
|
+
|
|
48
|
+
Use this when you know what you want but not which intent name to ask for.
|
|
49
|
+
|
|
50
|
+
| You want... | Ask for... | Typical intents |
|
|
51
|
+
|---|---|---|
|
|
52
|
+
| "Something is broken; find why" | debug this flow/page | `debug`, `network`, `console` |
|
|
53
|
+
| "Which API call fails?" | inspect network while I do X | `network`, `automate` |
|
|
54
|
+
| "I need to log in first" | open visible browser and wait for me | `user-auth`, `debug` |
|
|
55
|
+
| "Log me in automatically" | run the login flow | `login`, `network`, `security` |
|
|
56
|
+
| "Click/fill/navigate" | automate this browser flow | `automate`, `debug` |
|
|
57
|
+
| "Extract data" | scrape these fields/rows | `scrape`, optionally `user-auth` |
|
|
58
|
+
| "Why is it slow?" | measure performance for this action | `performance`, `automate`, `emulate` |
|
|
59
|
+
| "Possible memory leak" | run a memory loop | `memory` |
|
|
60
|
+
| "Layout or element state is wrong" | inspect DOM/CSS/accessibility | `dom`, `accessibility`, `screenshot` |
|
|
61
|
+
| "Storage/cookies/consent" | audit browser storage and consent | `storage`, `consent`, `security` |
|
|
62
|
+
| "Worker, cache, or offline bug" | inspect service workers/workers/cache | `service-worker`, `workers`, `storage` |
|
|
63
|
+
| "Real-time/socket issue" | inspect WebSocket frames | `websocket`, `network` |
|
|
64
|
+
| "Block/mock a request" | intercept this request | `intercept`, `debug` |
|
|
65
|
+
| "Capture visual proof" | take screenshot/PDF | `screenshot`, optionally `automate` |
|
|
66
|
+
| "Bot wall or CAPTCHA" | detect challenge flow | `debug`, `security`, optionally `inject` once |
|
|
67
|
+
| "Trace browser error to code" | debug, then source trace | `console`, source maps, Octocode tools |
|
|
68
|
+
|
|
69
|
+
## When To Use It
|
|
70
|
+
|
|
71
|
+
Use this skill when you need browser evidence, not guesses:
|
|
72
|
+
|
|
73
|
+
- debug runtime failures from real page behavior
|
|
74
|
+
- inspect requests, responses, and failed network calls
|
|
75
|
+
- inspect DOM, CSS, storage, cookies, workers, and service workers
|
|
76
|
+
- run interaction flows such as click, type, navigate, wait, and extract
|
|
77
|
+
- capture screenshots and PDF output
|
|
78
|
+
- inspect authenticated pages after manual login
|
|
79
|
+
- monitor a page over time
|
|
80
|
+
- route browser traffic through proxy/VPN endpoints when configured
|
|
81
|
+
|
|
82
|
+
Use a different tool when:
|
|
83
|
+
|
|
84
|
+
- you need production-grade E2E tests, assertions, retries, and cross-browser coverage: use Playwright
|
|
85
|
+
- you only need simple click/fill/navigation from accessibility snapshots: Chrome DevTools MCP or Playwright MCP may be faster
|
|
86
|
+
- you need managed scraping infrastructure, proxies, CAPTCHA services, or hosted browsers: use a dedicated browser automation service
|
|
87
|
+
- you want a reusable app test suite rather than one-off browser forensics: write tests instead of ad-hoc CDP scripts
|
|
88
|
+
|
|
89
|
+
## Common Workflows
|
|
90
|
+
|
|
91
|
+
### Quick Debug
|
|
92
|
+
|
|
93
|
+
Prompt:
|
|
94
|
+
|
|
95
|
+
- "Debug why this flow fails after clicking Pay."
|
|
96
|
+
|
|
97
|
+
Expected output:
|
|
98
|
+
|
|
99
|
+
- network, console, and exception evidence
|
|
100
|
+
- likely root cause and next steps
|
|
101
|
+
|
|
102
|
+
### Manual Auth Then Inspect
|
|
103
|
+
|
|
104
|
+
Prompt:
|
|
105
|
+
|
|
106
|
+
- "Open a visible browser, I'll sign in, then inspect post-login errors."
|
|
107
|
+
|
|
108
|
+
Expected output:
|
|
109
|
+
|
|
110
|
+
- the agent pauses for your login
|
|
111
|
+
- analysis continues after your confirmation
|
|
112
|
+
|
|
113
|
+
### Live Page Monitoring
|
|
114
|
+
|
|
115
|
+
Prompt:
|
|
116
|
+
|
|
117
|
+
- "Keep this page open and monitor errors every 30s."
|
|
118
|
+
|
|
119
|
+
Expected output:
|
|
120
|
+
|
|
121
|
+
- repeated state checks
|
|
122
|
+
- diff-like updates as page behavior changes
|
|
123
|
+
|
|
124
|
+
### Authenticated Scrape
|
|
125
|
+
|
|
126
|
+
Prompt:
|
|
127
|
+
|
|
128
|
+
- "After I log in, scrape invoice rows: id, date, amount."
|
|
129
|
+
|
|
130
|
+
Expected output:
|
|
131
|
+
|
|
132
|
+
- structured extracted data
|
|
133
|
+
- clear scrape findings
|
|
134
|
+
|
|
135
|
+
### Proxy/VPN Investigation
|
|
136
|
+
|
|
137
|
+
Prompt:
|
|
138
|
+
|
|
139
|
+
- "Use configured proxy/VPN and debug this URL."
|
|
140
|
+
|
|
141
|
+
Expected output:
|
|
142
|
+
|
|
143
|
+
- browser launched with the configured proxy route
|
|
144
|
+
- normal intent execution on top
|
|
145
|
+
|
|
146
|
+
## OOTB Flows
|
|
147
|
+
|
|
148
|
+
These are ready-made investigation paths you can ask for without naming CDP internals.
|
|
149
|
+
|
|
150
|
+
### Bot Wall Detection
|
|
151
|
+
|
|
152
|
+
Prompt:
|
|
153
|
+
|
|
154
|
+
- "Check if this page is blocking bots or headless Chrome."
|
|
155
|
+
|
|
156
|
+
Expected output:
|
|
157
|
+
|
|
158
|
+
- status codes, redirects, console errors, and visible page signals
|
|
159
|
+
- evidence for bot-wall patterns such as challenge pages, blocked resources, or unusual access-denied responses
|
|
160
|
+
- a recommendation to retry in visible mode or with configured proxy routing when useful
|
|
161
|
+
|
|
162
|
+
### CAPTCHA Detection
|
|
163
|
+
|
|
164
|
+
Prompt:
|
|
165
|
+
|
|
166
|
+
- "Detect CAPTCHA or challenge flows on this URL."
|
|
167
|
+
|
|
168
|
+
Expected output:
|
|
169
|
+
|
|
170
|
+
- CAPTCHA/challenge evidence from DOM text, frames, network calls, and page state
|
|
171
|
+
- a clear pause if user solving is required
|
|
172
|
+
- no attempt to bypass CAPTCHA automatically
|
|
173
|
+
|
|
174
|
+
### Auth Flow
|
|
175
|
+
|
|
176
|
+
Prompt:
|
|
177
|
+
|
|
178
|
+
- "Open a visible browser, guide me through login, then continue the investigation."
|
|
179
|
+
|
|
180
|
+
Expected output:
|
|
181
|
+
|
|
182
|
+
- visible Chrome for manual sign-in
|
|
183
|
+
- pause points for MFA, SSO, consent, or CAPTCHA
|
|
184
|
+
- post-login tab re-targeting before the agent reads protected state
|
|
185
|
+
- redacted auth/storage findings
|
|
186
|
+
|
|
187
|
+
### Session Reuse Flow
|
|
188
|
+
|
|
189
|
+
Prompt:
|
|
190
|
+
|
|
191
|
+
- "Keep this authenticated session open for follow-up checks."
|
|
192
|
+
|
|
193
|
+
Expected output:
|
|
194
|
+
|
|
195
|
+
- the same CDP port and tab reused across related checks
|
|
196
|
+
- saved tab/resource metadata for follow-up runs
|
|
197
|
+
- no reload unless you ask for one
|
|
198
|
+
|
|
199
|
+
### Anti-Flake Recovery Flow
|
|
200
|
+
|
|
201
|
+
Prompt:
|
|
202
|
+
|
|
203
|
+
- "This browser run is flaky; recover and retry the right way."
|
|
204
|
+
|
|
205
|
+
Expected output:
|
|
206
|
+
|
|
207
|
+
- retry guidance from `[CDP_RETRY_NEEDED]`
|
|
208
|
+
- fresh target listing and re-targeting
|
|
209
|
+
- a narrower rerun that changes one meaningful thing
|
|
210
|
+
|
|
211
|
+
### Performance Flow
|
|
212
|
+
|
|
213
|
+
Prompt:
|
|
214
|
+
|
|
215
|
+
- "Measure why this page/action feels slow."
|
|
216
|
+
|
|
217
|
+
Expected output:
|
|
218
|
+
|
|
219
|
+
- timing metrics, long tasks, slow resources, and render-related signals
|
|
220
|
+
- a narrow comparison before/after one action when the prompt names an interaction
|
|
221
|
+
- source-trace hints when a script, route, or package is the likely cause
|
|
222
|
+
|
|
223
|
+
### WebSocket Flow
|
|
224
|
+
|
|
225
|
+
Prompt:
|
|
226
|
+
|
|
227
|
+
- "Inspect the WebSocket messages during this live update."
|
|
228
|
+
|
|
229
|
+
Expected output:
|
|
230
|
+
|
|
231
|
+
- WebSocket request metadata and frame summaries
|
|
232
|
+
- frame direction, size, timing, and safe message shape
|
|
233
|
+
- no secret payload values in the final report
|
|
234
|
+
|
|
235
|
+
### Service Worker And Cache Flow
|
|
236
|
+
|
|
237
|
+
Prompt:
|
|
238
|
+
|
|
239
|
+
- "Check whether the service worker or cache is causing stale/offline behavior."
|
|
240
|
+
|
|
241
|
+
Expected output:
|
|
242
|
+
|
|
243
|
+
- service worker registration and lifecycle state
|
|
244
|
+
- Cache Storage and relevant fetch behavior
|
|
245
|
+
- a recommendation to reload, unregister, clear cache, or inspect source only when evidence supports it
|
|
246
|
+
|
|
247
|
+
### Visual Capture Flow
|
|
248
|
+
|
|
249
|
+
Prompt:
|
|
250
|
+
|
|
251
|
+
- "Capture proof of the broken state after this action."
|
|
252
|
+
|
|
253
|
+
Expected output:
|
|
254
|
+
|
|
255
|
+
- screenshot or PDF file path
|
|
256
|
+
- the action/state that was captured
|
|
257
|
+
- related DOM/network/console evidence when the visual state is caused by runtime behavior
|
|
258
|
+
|
|
259
|
+
### Source Map Flow
|
|
260
|
+
|
|
261
|
+
Prompt:
|
|
262
|
+
|
|
263
|
+
- "Resolve this browser exception to original source."
|
|
264
|
+
|
|
265
|
+
Expected output:
|
|
266
|
+
|
|
267
|
+
- generated stack frame and source-map candidate
|
|
268
|
+
- original file/line when source maps are available
|
|
269
|
+
- local or external Octocode follow-up when the source location points to a repo/package
|
|
270
|
+
|
|
271
|
+
## Use Case Playbook
|
|
272
|
+
|
|
273
|
+
Use these as default bundles when a prompt names an outcome instead of CDP internals.
|
|
274
|
+
|
|
275
|
+
| Use case | Intents | Browser mode | Primary evidence |
|
|
276
|
+
|---|---|---|---|
|
|
277
|
+
| Page or flow is broken | `debug`, usually `network` + `console` | Headless for public pages, visible for user-driven repro | `[NETWORK_ERROR]`, `[NETWORK_FAILED]`, `[EXCEPTION]`, `[FINDING]`, `[ACTION]` |
|
|
278
|
+
| API call fails after an action | `automate` + `network` | New tab with listeners before navigation/action | HTTP status, request URL/method, blocked reason, response timing |
|
|
279
|
+
| Authenticated bug | `user-auth` + `debug` or `network` | Visible Chrome, `--keep-tab`, no reload after login unless requested | Post-login console/network/storage metadata with secret values redacted |
|
|
280
|
+
| Data extraction from a live app | `user-auth` + `scrape` or `scrape` + `emulate` | Visible for manual login, headless for public pages | `[SCRAPE]` rows, selector/resource notes, `[REASON]` decisions |
|
|
281
|
+
| Performance regression | `performance`, optionally `automate` or `emulate` | New tab; attach metrics before navigation/action | `[PERFORMANCE]`, long tasks, timing metrics, slow requests |
|
|
282
|
+
| Memory leak suspicion | `memory` | Headless or visible, narrow action loop | Heap metrics, detached-node signals, repeated measurements |
|
|
283
|
+
| Layout, DOM, or accessibility issue | `dom`, `accessibility`, optionally `screenshot` | Reuse current tab for live state, new tab for load evidence | `[DOM]`, accessibility tree findings, `[SCREENSHOT]` path |
|
|
284
|
+
| Storage, cookie, or consent audit | `storage`, `consent`, optionally `security` | Headless isolated unless real session is explicitly approved | Cookie/storage key names, quota/cache metadata, pre-consent tracker findings |
|
|
285
|
+
| Security or supply-chain check | `security`, `supply-chain`, optionally `network` | Headless isolated by default | CSP/header findings, third-party script list, sensitive-key presence without values |
|
|
286
|
+
| Worker, service worker, or WebSocket issue | `workers`, `service-worker`, `websocket` | Keep target alive; use session-routed worker commands | `[WORKER]`, `[SW]`, WebSocket frame metadata, cache/offline state |
|
|
287
|
+
| Request blocking or mocking | `intercept` + `debug` | New tab; `Fetch.enable` before navigation | Paused request decisions, fulfilled/failed/continued URLs |
|
|
288
|
+
| Bot wall or CAPTCHA triage | `debug`, `security`, optionally `inject` once | Headless first; visible user gate if challenge persists | Challenge DOM/frame/network signals, no automatic CAPTCHA bypass |
|
|
289
|
+
| Proxy/VPN route investigation | Any selected intent + launcher proxy config | Fresh Chrome session on a clean port | Launcher JSON showing proxy configured, then normal intent evidence |
|
|
290
|
+
| Source-traced browser error | `console` + source-map helper, then Octocode source trace | New tab when load-time stacks matter | `[EXCEPTION_LOCATION]`, `[SOURCEMAP]`, source file/line candidate |
|
|
291
|
+
|
|
292
|
+
## Octocode Integration
|
|
293
|
+
|
|
294
|
+
Use Chrome DevTools for live browser evidence, then use Octocode tools to connect that evidence to code.
|
|
295
|
+
|
|
296
|
+
Ask for the combined flow when a browser finding includes a stack trace, source map, route, endpoint, package name, script URL, component selector, or failing request.
|
|
297
|
+
|
|
298
|
+
Good prompts:
|
|
299
|
+
|
|
300
|
+
- "Debug this page, then trace the failing request to local code."
|
|
301
|
+
- "Find the source for this browser exception in my workspace."
|
|
302
|
+
- "Check whether this error comes from our app or an external package."
|
|
303
|
+
- "Use Chrome evidence first, then inspect the upstream GitHub repo if it points to a dependency."
|
|
304
|
+
|
|
305
|
+
### Local Workspace Flow
|
|
306
|
+
|
|
307
|
+
Use this when the failing app or service code is in the current workspace.
|
|
308
|
+
|
|
309
|
+
Expected path:
|
|
310
|
+
|
|
311
|
+
1. Capture browser evidence with `network`, `console`, `debug`, or `performance`.
|
|
312
|
+
2. Extract stable clues: URL path, API route, stack frame, source-map location, selector, component name, or package import.
|
|
313
|
+
3. Use local Octocode tools to search and navigate code: `localSearchCode` -> `lspGotoDefinition` / `lspFindReferences` -> `localGetFileContent`.
|
|
314
|
+
4. Report the browser symptom and the local source location together.
|
|
315
|
+
|
|
316
|
+
Example output:
|
|
317
|
+
|
|
318
|
+
- `[NETWORK_ERROR] POST /api/checkout returned 500`
|
|
319
|
+
- `[SOURCE_TRACE] Local handler candidate: packages/app/src/routes/checkout.ts`
|
|
320
|
+
- `[FINDING] The browser failure maps to the checkout submit handler, not the payment iframe.`
|
|
321
|
+
|
|
322
|
+
### External Code Flow
|
|
323
|
+
|
|
324
|
+
Use this when the browser evidence points to a dependency, CDN script, SDK, third-party widget, or upstream repository.
|
|
325
|
+
|
|
326
|
+
Expected path:
|
|
327
|
+
|
|
328
|
+
1. Capture the script URL, package name, stack frame, source-map URL, or third-party request.
|
|
329
|
+
2. Use Octocode package/GitHub research to inspect external code without relying on guesses.
|
|
330
|
+
3. Compare the external behavior with local usage: version, import path, initialization config, and runtime call site.
|
|
331
|
+
4. Report whether the issue is likely local integration, dependency behavior, or a remote service response.
|
|
332
|
+
|
|
333
|
+
Example output:
|
|
334
|
+
|
|
335
|
+
- `[EXCEPTION] TypeError thrown from vendor checkout SDK`
|
|
336
|
+
- `[SOURCE_TRACE] External package candidate: @vendor/checkout-widget`
|
|
337
|
+
- `[FINDING] Local code passes an unsupported option; the external SDK rejects it during initialization.`
|
|
338
|
+
|
|
339
|
+
### Combined Browser + Code Loop
|
|
340
|
+
|
|
341
|
+
Best DX loop:
|
|
342
|
+
|
|
343
|
+
1. Reproduce in Chrome.
|
|
344
|
+
2. Save evidence prefixes.
|
|
345
|
+
3. Trace to local or external source with Octocode.
|
|
346
|
+
4. Validate the hypothesis with one focused browser rerun.
|
|
347
|
+
5. Summarize both sides: what Chrome observed and what the code explains.
|
|
348
|
+
|
|
349
|
+
## What Results Look Like
|
|
350
|
+
|
|
351
|
+
Reports should be short, evidence-first, and prefixed so you can scan them quickly.
|
|
352
|
+
|
|
353
|
+
Example:
|
|
354
|
+
|
|
355
|
+
```text
|
|
356
|
+
[ACTION] Clicked "Pay" after attaching Network and Runtime listeners.
|
|
357
|
+
[NETWORK_ERROR] POST /api/checkout returned 500 in 184ms.
|
|
358
|
+
[EXCEPTION] TypeError: Cannot read properties of undefined (reading 'total')
|
|
359
|
+
[EXCEPTION_LOCATION] app.checkout.bundle.js:2:91822
|
|
360
|
+
[SOURCEMAP] Candidate source: src/checkout/submitOrder.ts:87
|
|
361
|
+
[FINDING] The failure is in the submit handler after the payment API response, not in the button click.
|
|
362
|
+
[ACTION] Trace /api/checkout or submitOrder.ts with Octocode local tools next.
|
|
363
|
+
```
|
|
364
|
+
|
|
365
|
+
Good reports should include:
|
|
366
|
+
|
|
367
|
+
- what was triggered
|
|
368
|
+
- what Chrome observed
|
|
369
|
+
- which evidence is user-relevant
|
|
370
|
+
- what to try next
|
|
371
|
+
- redaction for secrets and auth/session values
|
|
372
|
+
|
|
373
|
+
## Safety Gates
|
|
374
|
+
|
|
375
|
+
The agent should pause and ask before:
|
|
376
|
+
|
|
377
|
+
- using your real Chrome profile/session
|
|
378
|
+
- login, CAPTCHA, or manual UI steps
|
|
379
|
+
- destructive actions such as submit, delete, purchase, or send
|
|
380
|
+
|
|
381
|
+
Sensitive values such as token values, cookie values, passwords, and session secrets should be redacted in outputs.
|
|
382
|
+
|
|
383
|
+
## Core Features
|
|
384
|
+
|
|
385
|
+
- Headless and visible browser modes
|
|
386
|
+
- Live-page mode: you interact, then the agent inspects current state
|
|
387
|
+
- Auth-aware flows with user confirmation gates
|
|
388
|
+
- OOTB bot-wall, CAPTCHA detection, auth, session reuse, and recovery flows
|
|
389
|
+
- Session-first reuse across many checks/tabs on the same CDP port
|
|
390
|
+
- Structured findings through output prefixes
|
|
391
|
+
- Step-by-step reasoning logs for scrape and automation loops
|
|
392
|
+
- Per-port TMP metadata for smarter follow-up runs
|
|
393
|
+
- Retry and recovery hints through `[CDP_RETRY_NEEDED]`
|
|
394
|
+
- Proxy/VPN-compatible routing through launch flags or `.octocode` config
|
|
395
|
+
- Source-map resolution and Octocode local/external source tracing
|
|
396
|
+
- Performance, memory, coverage, worker, service worker, WebSocket, accessibility, screenshot/PDF, security, storage, consent, and supply-chain checks
|
|
397
|
+
|
|
398
|
+
## Why It Helps
|
|
399
|
+
|
|
400
|
+
This skill inspects Chrome itself instead of only driving a page like a test runner. It uses Chrome DevTools Protocol directly, so the agent can build focused checks for the exact problem and explain what happened from browser evidence.
|
|
401
|
+
|
|
402
|
+
The motivation is simple: many browser bugs are invisible from code search alone. Failed requests, console exceptions, service worker state, storage mutations, source-map locations, WebSocket frames, and bot/auth walls only become obvious after observing the real page.
|
|
403
|
+
|
|
404
|
+
Compared with Playwright MCP, Chrome DevTools MCP, agent-browser, and Puppeteer workflows, users usually get:
|
|
405
|
+
|
|
406
|
+
- lower setup friction for this skill's scripts
|
|
407
|
+
- broad debugging, inspection, automation, auth, and source-trace coverage in one workflow
|
|
408
|
+
- stronger iteration through session reuse and per-port metadata
|
|
409
|
+
- clearer evidence loops through prefixed output
|
|
410
|
+
- safer real-world operation through explicit auth, profile, and destructive-action gates
|
|
411
|
+
- practical recovery guidance when CDP calls fail
|
|
412
|
+
|
|
413
|
+
In practice, this means users get signal faster, rerun less, and keep context while reproducing issues.
|
|
414
|
+
|
|
415
|
+
## Intent Catalog
|
|
416
|
+
|
|
417
|
+
Intent router:
|
|
418
|
+
|
|
419
|
+
- `references/INTENTS.md`
|
|
420
|
+
|
|
421
|
+
| Intent | What You Get |
|
|
422
|
+
|---|---|
|
|
423
|
+
| `debug` | Broad investigation for "what is broken" |
|
|
424
|
+
| `network` | API traffic, request failures, status errors |
|
|
425
|
+
| `console` | Console errors/warnings and JS exceptions |
|
|
426
|
+
| `performance` | Performance metrics, long tasks, rendering signals |
|
|
427
|
+
| `memory` | Memory and heap leak investigation |
|
|
428
|
+
| `dom` | DOM structure/state checks |
|
|
429
|
+
| `css-coverage` | Used vs unused CSS |
|
|
430
|
+
| `js-coverage` | Used vs unused JS |
|
|
431
|
+
| `automate` | Agent performs browser actions |
|
|
432
|
+
| `scrape` | Data extraction from page content |
|
|
433
|
+
| `live-page` | Keep visible page open, inspect without reload |
|
|
434
|
+
| `login` | Agent-led login flow |
|
|
435
|
+
| `user-auth` | You log in manually, then agent continues |
|
|
436
|
+
| `emulate` | Device, network, and geo-style environment emulation |
|
|
437
|
+
| `inject` | Controlled pre-load patching/hooking |
|
|
438
|
+
| `monitor` | Repeated checks over time |
|
|
439
|
+
| `security` | Cookies, tokens, headers, CSP, and security posture |
|
|
440
|
+
| `websocket` | Real-time frame/message inspection |
|
|
441
|
+
| `service-worker` | Service worker lifecycle, cache, and offline checks |
|
|
442
|
+
| `workers` | Web/shared worker checks |
|
|
443
|
+
| `intercept` | Block/mock/modify request paths |
|
|
444
|
+
| `screenshot` | Visual capture and PDF-style snapshots |
|
|
445
|
+
| `accessibility` | Accessibility-oriented checks |
|
|
446
|
+
| `supply-chain` | Third-party/CDN script risk checks |
|
|
447
|
+
| `full-audit` | Multi-area broad audit |
|
|
448
|
+
| `storage` | Cookies, localStorage, sessionStorage, IDB, and quota |
|
|
449
|
+
| `consent` | GDPR/consent and tracker-before-consent behavior |
|
|
450
|
+
|
|
451
|
+
## Proxy/VPN Support
|
|
452
|
+
|
|
453
|
+
Chrome flags cannot sign into a VPN provider account directly. They can route browser traffic through proxy endpoints such as HTTP, SOCKS, or PAC.
|
|
454
|
+
|
|
455
|
+
Common proxy-capable setups:
|
|
456
|
+
|
|
457
|
+
- NordVPN SOCKS5 endpoints
|
|
458
|
+
- Mullvad SOCKS5 endpoints
|
|
459
|
+
- PIA SOCKS5 endpoints
|
|
460
|
+
- Proton VPN when a local proxy endpoint is configured
|
|
461
|
+
|
|
462
|
+
Project config file supported by launcher:
|
|
463
|
+
|
|
464
|
+
- `.octocode/chrome-devtools.json`
|
|
465
|
+
|
|
466
|
+
Example:
|
|
467
|
+
|
|
468
|
+
```json
|
|
469
|
+
{
|
|
470
|
+
"proxy": {
|
|
471
|
+
"enabled": true,
|
|
472
|
+
"server": "socks5://127.0.0.1:1080",
|
|
473
|
+
"bypassList": "<-loopback>"
|
|
474
|
+
}
|
|
475
|
+
}
|
|
476
|
+
```
|
|
477
|
+
|
|
478
|
+
Also see:
|
|
479
|
+
|
|
480
|
+
- `scripts/octocode-chrome-devtools.vpn.example.json`
|
|
481
|
+
- `references/CHROME_FLAGS.md`
|
|
482
|
+
|
|
483
|
+
## Troubleshooting
|
|
484
|
+
|
|
485
|
+
If a run fails or is flaky:
|
|
486
|
+
|
|
487
|
+
1. Ask the agent to inspect retry guidance from `[CDP_RETRY_NEEDED]`.
|
|
488
|
+
2. Ask it to re-list and re-target browser tabs.
|
|
489
|
+
3. If it is still failing, direct it to `references/RECOVERY.md`.
|
|
490
|
+
|
|
491
|
+
## Script Inventory
|
|
492
|
+
|
|
493
|
+
| Script | Purpose | Use it for |
|
|
494
|
+
|---|---|---|
|
|
495
|
+
| `scripts/open-browser.mjs` | Launch, reuse, or clean up Chrome with CDP enabled | Headless isolated sessions, visible/live sessions, real-profile sessions after approval, proxy/PAC routing |
|
|
496
|
+
| `scripts/cdp-sandbox.mjs` | Run generated scripts through Node permissions with isolated output/session metadata | Default execution path for untrusted one-off CDP scripts |
|
|
497
|
+
| `scripts/cdp-runner.mjs` | Attach to a target and provide the `run(cdp)` API | Trusted local iteration, target listing, target selection, retry metadata |
|
|
498
|
+
| `scripts/cdp-template.mjs` | Baseline `export async function run(cdp)` script | Starting point for network/console/log evidence collection |
|
|
499
|
+
| `scripts/sourcemap-resolver.mjs` | Resolve generated JS stack locations through source maps without retaining `sourcesContent` | Source-traced console exception investigations |
|
|
500
|
+
| `scripts/undercover.mjs` | Apply and verify headless-fingerprint masking | One guarded retry for public bot-wall triage before visible user gate |
|
|
501
|
+
| `scripts/octocode-chrome-devtools.vpn.example.json` | Example proxy config | Copying the shape of `.octocode/chrome-devtools.json` |
|
|
502
|
+
|
|
503
|
+
## Optional CLI
|
|
504
|
+
|
|
505
|
+
Run launcher scripts directly when you want to inspect the raw workflow.
|
|
506
|
+
|
|
507
|
+
```bash
|
|
508
|
+
SKILL_DIR="/Users/guybary/Documents/octocode-mcp/skills/octocode-chrome-devtools"
|
|
509
|
+
TMPDIR="$(node -e "process.stdout.write(require('os').tmpdir())")"
|
|
510
|
+
PORT=9222
|
|
511
|
+
|
|
512
|
+
node "$SKILL_DIR/scripts/open-browser.mjs" --headless --port "$PORT"
|
|
513
|
+
node "$SKILL_DIR/scripts/cdp-sandbox.mjs" --list-targets --port "$PORT"
|
|
514
|
+
node "$SKILL_DIR/scripts/open-browser.mjs" --port "$PORT" --cleanup
|
|
515
|
+
```
|
|
516
|
+
|
|
517
|
+
Session metadata location, shared by all runs on the same port:
|
|
518
|
+
|
|
519
|
+
```bash
|
|
520
|
+
$TMPDIR/.octocode-chrome-devtools/session-meta/port-$PORT/
|
|
521
|
+
```
|
|
522
|
+
|
|
523
|
+
Important files:
|
|
524
|
+
|
|
525
|
+
- `session-metadata.json` - active target, last status, last script
|
|
526
|
+
- `targets-latest.json` - latest tab/worker snapshot
|
|
527
|
+
- `resource-map.json` - stable mapping for selectors, endpoints, and tab roles
|
|
528
|
+
- `reasoning-log.json` - why each step was chosen in long loops
|
|
529
|
+
- `run-history.json` - recent run timeline
|
|
530
|
+
|
|
531
|
+
## Reference Files
|
|
532
|
+
|
|
533
|
+
- `references/INTENTS.md`
|
|
534
|
+
- `references/INTENTS_DEBUG.md`
|
|
535
|
+
- `references/INTENTS_AUTOMATION.md`
|
|
536
|
+
- `references/INTENTS_AUTH.md`
|
|
537
|
+
- `references/INTENTS_ENVIRONMENT.md`
|
|
538
|
+
- `references/INTENTS_INSPECT.md`
|
|
539
|
+
- `references/INTENTS_STORAGE_CONSENT.md`
|
|
540
|
+
- `references/CHROME_FLAGS.md`
|
|
541
|
+
- `references/RECOVERY.md`
|