octocode-cli 1.3.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (106) hide show
  1. package/README.md +129 -28
  2. package/out/chunks/chunk-7476PETK.js +309 -0
  3. package/out/chunks/chunk-CVNNNSMQ.js +26 -0
  4. package/out/chunks/chunk-OQBJTZWK.js +60 -0
  5. package/out/chunks/chunk-UCZCF3BQ.js +9 -0
  6. package/out/chunks/command-help-specs-JZXVSLZ5.js +8 -0
  7. package/out/chunks/commands-XBFPLHSQ.js +8 -0
  8. package/out/chunks/help-P7TCOYAJ.js +10 -0
  9. package/out/chunks/main-help-ULF5PAQY.js +10 -0
  10. package/out/chunks/prompts-5E6VKRX5.js +8 -0
  11. package/out/chunks/spinner-URV2OX6O.js +8 -0
  12. package/out/chunks/tool-command-M6VA7P2F.js +8 -0
  13. package/out/octocode-cli.js +1 -1
  14. package/package.json +5 -3
  15. package/skills/README.md +60 -58
  16. package/skills/agentic-flow-best-practices/SKILL.md +280 -0
  17. package/skills/agentic-flow-best-practices/references/agent-collaboration-patterns.md +75 -0
  18. package/skills/agentic-flow-best-practices/references/pr-review-agent-example.md +47 -0
  19. package/skills/agentic-flow-best-practices/references/resources.md +112 -0
  20. package/skills/octocode-brainstorming/.env.example +11 -0
  21. package/skills/octocode-brainstorming/SKILL.md +262 -0
  22. package/skills/octocode-brainstorming/scripts/tavily-search.mjs +138 -0
  23. package/skills/octocode-chrome-devtools/README.md +541 -0
  24. package/skills/octocode-chrome-devtools/SKILL.md +197 -0
  25. package/skills/octocode-chrome-devtools/agents/openai.yaml +7 -0
  26. package/skills/octocode-chrome-devtools/references/CDP_AGENT_REFERENCE.md +401 -0
  27. package/skills/octocode-chrome-devtools/references/CHROME_FLAGS.md +234 -0
  28. package/skills/octocode-chrome-devtools/references/INTENTS.md +108 -0
  29. package/skills/octocode-chrome-devtools/references/INTENTS_AUTH.md +179 -0
  30. package/skills/octocode-chrome-devtools/references/INTENTS_AUTOMATION.md +214 -0
  31. package/skills/octocode-chrome-devtools/references/INTENTS_DEBUG.md +329 -0
  32. package/skills/octocode-chrome-devtools/references/INTENTS_ENVIRONMENT.md +237 -0
  33. package/skills/octocode-chrome-devtools/references/INTENTS_INSPECT.md +263 -0
  34. package/skills/octocode-chrome-devtools/references/INTENTS_STORAGE_CONSENT.md +214 -0
  35. package/skills/octocode-chrome-devtools/references/RECOVERY.md +39 -0
  36. package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS.md +43 -0
  37. package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_ASYNC_WORKERS.md +345 -0
  38. package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_BROWSER.md +403 -0
  39. package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_OBSERVE.md +275 -0
  40. package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_SPECIAL.md +18 -0
  41. package/skills/octocode-chrome-devtools/scripts/cdp-runner.mjs +503 -0
  42. package/skills/octocode-chrome-devtools/scripts/cdp-sandbox.mjs +123 -0
  43. package/skills/octocode-chrome-devtools/scripts/cdp-template.mjs +81 -0
  44. package/skills/octocode-chrome-devtools/scripts/octocode-chrome-devtools.vpn.example.json +8 -0
  45. package/skills/octocode-chrome-devtools/scripts/open-browser.mjs +362 -0
  46. package/skills/octocode-chrome-devtools/scripts/sourcemap-resolver.mjs +193 -0
  47. package/skills/octocode-chrome-devtools/scripts/undercover.mjs +226 -0
  48. package/skills/octocode-design/README.md +2 -2
  49. package/skills/octocode-documentation-writer/README.md +1 -1
  50. package/skills/octocode-engineer/README.md +1 -1
  51. package/skills/octocode-engineer/SKILL.md +137 -306
  52. package/skills/octocode-engineer/references/cli-reference.md +13 -0
  53. package/skills/octocode-engineer/references/output-files.md +3 -3
  54. package/skills/octocode-engineer/scripts/run.js +146 -146
  55. package/skills/octocode-engineer/src/pipeline/main.ts +1 -17
  56. package/skills/octocode-engineer/src/pipeline/progress.ts +4 -0
  57. package/skills/octocode-engineer/src/reporting/summary-md.test.ts +48 -0
  58. package/skills/octocode-engineer/src/reporting/summary-md.ts +43 -2
  59. package/skills/octocode-install/SKILL.md +1 -1
  60. package/skills/octocode-pull-request-reviewer/README.md +5 -5
  61. package/skills/octocode-pull-request-reviewer/SKILL.md +1 -1
  62. package/skills/octocode-research/AGENTS.md +1 -1
  63. package/skills/octocode-research/README.md +2 -2
  64. package/skills/octocode-research/docs/ARCHITECTURE.md +1 -1
  65. package/skills/octocode-research/scripts/server.js +184 -239
  66. package/skills/octocode-research/src/routes/github.ts +4 -21
  67. package/skills/octocode-research/src/routes/local.ts +4 -21
  68. package/skills/octocode-research/src/utils/fileContentTransform.ts +44 -0
  69. package/skills/octocode-search-skill/SKILL.md +337 -0
  70. package/skills/octocode-search-skill/references/agent-skills-guide.md +177 -0
  71. package/skills/octocode-search-skill/references/discovery-surfaces.md +162 -0
  72. package/skills/octocode-search-skill/references/fetch-and-create-locally.md +57 -0
  73. package/skills/octocode-search-skill/references/install-reference.md +130 -0
  74. package/skills/octocode-search-skill/references/references-template.md +27 -0
  75. package/skills/octocode-search-skill/references/references.md +62 -0
  76. package/skills/octocode-slides/README.md +307 -0
  77. package/skills/octocode-slides/SKILL.md +410 -0
  78. package/skills/octocode-slides/references/01-brief.md +156 -0
  79. package/skills/octocode-slides/references/02-research.md +149 -0
  80. package/skills/octocode-slides/references/03-outline.md +172 -0
  81. package/skills/octocode-slides/references/04-design.md +301 -0
  82. package/skills/octocode-slides/references/05-implementation.md +213 -0
  83. package/skills/octocode-slides/references/06-review.md +258 -0
  84. package/skills/octocode-slides/references/animation.md +281 -0
  85. package/skills/octocode-slides/references/design-system.md +316 -0
  86. package/skills/octocode-slides/references/html-templates.md +673 -0
  87. package/skills/octocode-slides/references/image-generation.md +448 -0
  88. package/skills/octocode-slides/references/resources.md +840 -0
  89. package/skills/octocode-slides/references/slide-rules.md +541 -0
  90. package/skills/octocode-slides/references/wireframes.md +727 -0
  91. package/skills/octocode-slides/scripts/animation.js +182 -0
  92. package/skills/octocode-slides/scripts/base.css +353 -0
  93. package/skills/octocode-slides/scripts/base.html +655 -0
  94. package/skills/octocode-slides/scripts/generate_image.py +221 -0
  95. package/skills/octocode-slides/scripts/navbridge.js +79 -0
  96. package/skills/octocode-slides/scripts/presenter.js +316 -0
  97. package/skills/octocode-slides/scripts/slide.html +248 -0
  98. package/skills/octocode-stats/SKILL.md +73 -0
  99. package/skills/octocode-stats/assets/template.html +1332 -0
  100. package/skills/octocode-stats/scripts/build_dashboard.mjs +407 -0
  101. package/out/chunks/chunk-LH4AZJPA.js +0 -389
  102. package/out/chunks/command-help-specs-CQ3RBLP6.js +0 -8
  103. package/out/chunks/commands-M3QTWKWE.js +0 -51
  104. package/out/chunks/help-XPXP46ZT.js +0 -10
  105. package/out/chunks/main-help-HXFAFHPG.js +0 -10
  106. package/out/chunks/tool-command-VHFLPIHY.js +0 -8
@@ -0,0 +1,541 @@
1
+ # Chrome DevTools Skill
2
+
3
+ Use this skill when you want an agent to investigate a website or web app through a real Chrome session.
4
+
5
+ It is built for browser evidence: network calls, console errors, DOM state, storage, workers, screenshots, authenticated pages, and repeated monitoring.
6
+
7
+ Use it when normal browser automation cannot explain what Chrome actually saw.
8
+
9
+ ## Prerequisites
10
+
11
+ For normal chat usage, you usually only need:
12
+
13
+ - Chrome installed locally
14
+ - Node.js available for the bundled launcher/runner scripts
15
+ - a URL, local app route, or already-open browser page to inspect
16
+
17
+ Optional setup:
18
+
19
+ - proxy/VPN routing through `.octocode/chrome-devtools.json`
20
+ - a visible browser session for login, MFA, CAPTCHA, or live-page inspection
21
+ - Octocode local/GitHub tools when you want to trace browser evidence back to source code
22
+
23
+ ## Start Here
24
+
25
+ Ask naturally. Include the URL, the behavior you expect, and the signal you care about.
26
+
27
+ Good prompts:
28
+
29
+ - "Open this page and debug why submit fails."
30
+ - "Watch network calls when I click checkout."
31
+ - "Open a visible browser, I'll log in, then inspect API errors."
32
+ - "Detect whether this page is blocking bots or showing a CAPTCHA."
33
+ - "Run the auth flow, pause for MFA/CAPTCHA if needed, then inspect the app."
34
+ - "Run a storage and consent audit on this site."
35
+ - "Scrape table rows from the authenticated page."
36
+ - "Monitor this page every 30 seconds for exceptions."
37
+
38
+ What the agent should do:
39
+
40
+ - open or attach to Chrome
41
+ - choose one or two focused intents
42
+ - run a narrow CDP script
43
+ - report prefixed evidence such as `[FINDING]`, `[NETWORK_ERROR]`, `[EXCEPTION]`, or `[REASON]`
44
+ - reuse the same tab/session on follow-up checks when possible
45
+
46
+ ## Prompt To Intent Cheatsheet
47
+
48
+ Use this when you know what you want but not which intent name to ask for.
49
+
50
+ | You want... | Ask for... | Typical intents |
51
+ |---|---|---|
52
+ | "Something is broken; find why" | debug this flow/page | `debug`, `network`, `console` |
53
+ | "Which API call fails?" | inspect network while I do X | `network`, `automate` |
54
+ | "I need to log in first" | open visible browser and wait for me | `user-auth`, `debug` |
55
+ | "Log me in automatically" | run the login flow | `login`, `network`, `security` |
56
+ | "Click/fill/navigate" | automate this browser flow | `automate`, `debug` |
57
+ | "Extract data" | scrape these fields/rows | `scrape`, optionally `user-auth` |
58
+ | "Why is it slow?" | measure performance for this action | `performance`, `automate`, `emulate` |
59
+ | "Possible memory leak" | run a memory loop | `memory` |
60
+ | "Layout or element state is wrong" | inspect DOM/CSS/accessibility | `dom`, `accessibility`, `screenshot` |
61
+ | "Storage/cookies/consent" | audit browser storage and consent | `storage`, `consent`, `security` |
62
+ | "Worker, cache, or offline bug" | inspect service workers/workers/cache | `service-worker`, `workers`, `storage` |
63
+ | "Real-time/socket issue" | inspect WebSocket frames | `websocket`, `network` |
64
+ | "Block/mock a request" | intercept this request | `intercept`, `debug` |
65
+ | "Capture visual proof" | take screenshot/PDF | `screenshot`, optionally `automate` |
66
+ | "Bot wall or CAPTCHA" | detect challenge flow | `debug`, `security`, optionally `inject` once |
67
+ | "Trace browser error to code" | debug, then source trace | `console`, source maps, Octocode tools |
68
+
69
+ ## When To Use It
70
+
71
+ Use this skill when you need browser evidence, not guesses:
72
+
73
+ - debug runtime failures from real page behavior
74
+ - inspect requests, responses, and failed network calls
75
+ - inspect DOM, CSS, storage, cookies, workers, and service workers
76
+ - run interaction flows such as click, type, navigate, wait, and extract
77
+ - capture screenshots and PDF output
78
+ - inspect authenticated pages after manual login
79
+ - monitor a page over time
80
+ - route browser traffic through proxy/VPN endpoints when configured
81
+
82
+ Use a different tool when:
83
+
84
+ - you need production-grade E2E tests, assertions, retries, and cross-browser coverage: use Playwright
85
+ - you only need simple click/fill/navigation from accessibility snapshots: Chrome DevTools MCP or Playwright MCP may be faster
86
+ - you need managed scraping infrastructure, proxies, CAPTCHA services, or hosted browsers: use a dedicated browser automation service
87
+ - you want a reusable app test suite rather than one-off browser forensics: write tests instead of ad-hoc CDP scripts
88
+
89
+ ## Common Workflows
90
+
91
+ ### Quick Debug
92
+
93
+ Prompt:
94
+
95
+ - "Debug why this flow fails after clicking Pay."
96
+
97
+ Expected output:
98
+
99
+ - network, console, and exception evidence
100
+ - likely root cause and next steps
101
+
102
+ ### Manual Auth Then Inspect
103
+
104
+ Prompt:
105
+
106
+ - "Open a visible browser, I'll sign in, then inspect post-login errors."
107
+
108
+ Expected output:
109
+
110
+ - the agent pauses for your login
111
+ - analysis continues after your confirmation
112
+
113
+ ### Live Page Monitoring
114
+
115
+ Prompt:
116
+
117
+ - "Keep this page open and monitor errors every 30s."
118
+
119
+ Expected output:
120
+
121
+ - repeated state checks
122
+ - diff-like updates as page behavior changes
123
+
124
+ ### Authenticated Scrape
125
+
126
+ Prompt:
127
+
128
+ - "After I log in, scrape invoice rows: id, date, amount."
129
+
130
+ Expected output:
131
+
132
+ - structured extracted data
133
+ - clear scrape findings
134
+
135
+ ### Proxy/VPN Investigation
136
+
137
+ Prompt:
138
+
139
+ - "Use configured proxy/VPN and debug this URL."
140
+
141
+ Expected output:
142
+
143
+ - browser launched with the configured proxy route
144
+ - normal intent execution on top
145
+
146
+ ## OOTB Flows
147
+
148
+ These are ready-made investigation paths you can ask for without naming CDP internals.
149
+
150
+ ### Bot Wall Detection
151
+
152
+ Prompt:
153
+
154
+ - "Check if this page is blocking bots or headless Chrome."
155
+
156
+ Expected output:
157
+
158
+ - status codes, redirects, console errors, and visible page signals
159
+ - evidence for bot-wall patterns such as challenge pages, blocked resources, or unusual access-denied responses
160
+ - a recommendation to retry in visible mode or with configured proxy routing when useful
161
+
162
+ ### CAPTCHA Detection
163
+
164
+ Prompt:
165
+
166
+ - "Detect CAPTCHA or challenge flows on this URL."
167
+
168
+ Expected output:
169
+
170
+ - CAPTCHA/challenge evidence from DOM text, frames, network calls, and page state
171
+ - a clear pause if user solving is required
172
+ - no attempt to bypass CAPTCHA automatically
173
+
174
+ ### Auth Flow
175
+
176
+ Prompt:
177
+
178
+ - "Open a visible browser, guide me through login, then continue the investigation."
179
+
180
+ Expected output:
181
+
182
+ - visible Chrome for manual sign-in
183
+ - pause points for MFA, SSO, consent, or CAPTCHA
184
+ - post-login tab re-targeting before the agent reads protected state
185
+ - redacted auth/storage findings
186
+
187
+ ### Session Reuse Flow
188
+
189
+ Prompt:
190
+
191
+ - "Keep this authenticated session open for follow-up checks."
192
+
193
+ Expected output:
194
+
195
+ - the same CDP port and tab reused across related checks
196
+ - saved tab/resource metadata for follow-up runs
197
+ - no reload unless you ask for one
198
+
199
+ ### Anti-Flake Recovery Flow
200
+
201
+ Prompt:
202
+
203
+ - "This browser run is flaky; recover and retry the right way."
204
+
205
+ Expected output:
206
+
207
+ - retry guidance from `[CDP_RETRY_NEEDED]`
208
+ - fresh target listing and re-targeting
209
+ - a narrower rerun that changes one meaningful thing
210
+
211
+ ### Performance Flow
212
+
213
+ Prompt:
214
+
215
+ - "Measure why this page/action feels slow."
216
+
217
+ Expected output:
218
+
219
+ - timing metrics, long tasks, slow resources, and render-related signals
220
+ - a narrow comparison before/after one action when the prompt names an interaction
221
+ - source-trace hints when a script, route, or package is the likely cause
222
+
223
+ ### WebSocket Flow
224
+
225
+ Prompt:
226
+
227
+ - "Inspect the WebSocket messages during this live update."
228
+
229
+ Expected output:
230
+
231
+ - WebSocket request metadata and frame summaries
232
+ - frame direction, size, timing, and safe message shape
233
+ - no secret payload values in the final report
234
+
235
+ ### Service Worker And Cache Flow
236
+
237
+ Prompt:
238
+
239
+ - "Check whether the service worker or cache is causing stale/offline behavior."
240
+
241
+ Expected output:
242
+
243
+ - service worker registration and lifecycle state
244
+ - Cache Storage and relevant fetch behavior
245
+ - a recommendation to reload, unregister, clear cache, or inspect source only when evidence supports it
246
+
247
+ ### Visual Capture Flow
248
+
249
+ Prompt:
250
+
251
+ - "Capture proof of the broken state after this action."
252
+
253
+ Expected output:
254
+
255
+ - screenshot or PDF file path
256
+ - the action/state that was captured
257
+ - related DOM/network/console evidence when the visual state is caused by runtime behavior
258
+
259
+ ### Source Map Flow
260
+
261
+ Prompt:
262
+
263
+ - "Resolve this browser exception to original source."
264
+
265
+ Expected output:
266
+
267
+ - generated stack frame and source-map candidate
268
+ - original file/line when source maps are available
269
+ - local or external Octocode follow-up when the source location points to a repo/package
270
+
271
+ ## Use Case Playbook
272
+
273
+ Use these as default bundles when a prompt names an outcome instead of CDP internals.
274
+
275
+ | Use case | Intents | Browser mode | Primary evidence |
276
+ |---|---|---|---|
277
+ | Page or flow is broken | `debug`, usually `network` + `console` | Headless for public pages, visible for user-driven repro | `[NETWORK_ERROR]`, `[NETWORK_FAILED]`, `[EXCEPTION]`, `[FINDING]`, `[ACTION]` |
278
+ | API call fails after an action | `automate` + `network` | New tab with listeners before navigation/action | HTTP status, request URL/method, blocked reason, response timing |
279
+ | Authenticated bug | `user-auth` + `debug` or `network` | Visible Chrome, `--keep-tab`, no reload after login unless requested | Post-login console/network/storage metadata with secret values redacted |
280
+ | Data extraction from a live app | `user-auth` + `scrape` or `scrape` + `emulate` | Visible for manual login, headless for public pages | `[SCRAPE]` rows, selector/resource notes, `[REASON]` decisions |
281
+ | Performance regression | `performance`, optionally `automate` or `emulate` | New tab; attach metrics before navigation/action | `[PERFORMANCE]`, long tasks, timing metrics, slow requests |
282
+ | Memory leak suspicion | `memory` | Headless or visible, narrow action loop | Heap metrics, detached-node signals, repeated measurements |
283
+ | Layout, DOM, or accessibility issue | `dom`, `accessibility`, optionally `screenshot` | Reuse current tab for live state, new tab for load evidence | `[DOM]`, accessibility tree findings, `[SCREENSHOT]` path |
284
+ | Storage, cookie, or consent audit | `storage`, `consent`, optionally `security` | Headless isolated unless real session is explicitly approved | Cookie/storage key names, quota/cache metadata, pre-consent tracker findings |
285
+ | Security or supply-chain check | `security`, `supply-chain`, optionally `network` | Headless isolated by default | CSP/header findings, third-party script list, sensitive-key presence without values |
286
+ | Worker, service worker, or WebSocket issue | `workers`, `service-worker`, `websocket` | Keep target alive; use session-routed worker commands | `[WORKER]`, `[SW]`, WebSocket frame metadata, cache/offline state |
287
+ | Request blocking or mocking | `intercept` + `debug` | New tab; `Fetch.enable` before navigation | Paused request decisions, fulfilled/failed/continued URLs |
288
+ | Bot wall or CAPTCHA triage | `debug`, `security`, optionally `inject` once | Headless first; visible user gate if challenge persists | Challenge DOM/frame/network signals, no automatic CAPTCHA bypass |
289
+ | Proxy/VPN route investigation | Any selected intent + launcher proxy config | Fresh Chrome session on a clean port | Launcher JSON showing proxy configured, then normal intent evidence |
290
+ | Source-traced browser error | `console` + source-map helper, then Octocode source trace | New tab when load-time stacks matter | `[EXCEPTION_LOCATION]`, `[SOURCEMAP]`, source file/line candidate |
291
+
292
+ ## Octocode Integration
293
+
294
+ Use Chrome DevTools for live browser evidence, then use Octocode tools to connect that evidence to code.
295
+
296
+ Ask for the combined flow when a browser finding includes a stack trace, source map, route, endpoint, package name, script URL, component selector, or failing request.
297
+
298
+ Good prompts:
299
+
300
+ - "Debug this page, then trace the failing request to local code."
301
+ - "Find the source for this browser exception in my workspace."
302
+ - "Check whether this error comes from our app or an external package."
303
+ - "Use Chrome evidence first, then inspect the upstream GitHub repo if it points to a dependency."
304
+
305
+ ### Local Workspace Flow
306
+
307
+ Use this when the failing app or service code is in the current workspace.
308
+
309
+ Expected path:
310
+
311
+ 1. Capture browser evidence with `network`, `console`, `debug`, or `performance`.
312
+ 2. Extract stable clues: URL path, API route, stack frame, source-map location, selector, component name, or package import.
313
+ 3. Use local Octocode tools to search and navigate code: `localSearchCode` -> `lspGotoDefinition` / `lspFindReferences` -> `localGetFileContent`.
314
+ 4. Report the browser symptom and the local source location together.
315
+
316
+ Example output:
317
+
318
+ - `[NETWORK_ERROR] POST /api/checkout returned 500`
319
+ - `[SOURCE_TRACE] Local handler candidate: packages/app/src/routes/checkout.ts`
320
+ - `[FINDING] The browser failure maps to the checkout submit handler, not the payment iframe.`
321
+
322
+ ### External Code Flow
323
+
324
+ Use this when the browser evidence points to a dependency, CDN script, SDK, third-party widget, or upstream repository.
325
+
326
+ Expected path:
327
+
328
+ 1. Capture the script URL, package name, stack frame, source-map URL, or third-party request.
329
+ 2. Use Octocode package/GitHub research to inspect external code without relying on guesses.
330
+ 3. Compare the external behavior with local usage: version, import path, initialization config, and runtime call site.
331
+ 4. Report whether the issue is likely local integration, dependency behavior, or a remote service response.
332
+
333
+ Example output:
334
+
335
+ - `[EXCEPTION] TypeError thrown from vendor checkout SDK`
336
+ - `[SOURCE_TRACE] External package candidate: @vendor/checkout-widget`
337
+ - `[FINDING] Local code passes an unsupported option; the external SDK rejects it during initialization.`
338
+
339
+ ### Combined Browser + Code Loop
340
+
341
+ Best DX loop:
342
+
343
+ 1. Reproduce in Chrome.
344
+ 2. Save evidence prefixes.
345
+ 3. Trace to local or external source with Octocode.
346
+ 4. Validate the hypothesis with one focused browser rerun.
347
+ 5. Summarize both sides: what Chrome observed and what the code explains.
348
+
349
+ ## What Results Look Like
350
+
351
+ Reports should be short, evidence-first, and prefixed so you can scan them quickly.
352
+
353
+ Example:
354
+
355
+ ```text
356
+ [ACTION] Clicked "Pay" after attaching Network and Runtime listeners.
357
+ [NETWORK_ERROR] POST /api/checkout returned 500 in 184ms.
358
+ [EXCEPTION] TypeError: Cannot read properties of undefined (reading 'total')
359
+ [EXCEPTION_LOCATION] app.checkout.bundle.js:2:91822
360
+ [SOURCEMAP] Candidate source: src/checkout/submitOrder.ts:87
361
+ [FINDING] The failure is in the submit handler after the payment API response, not in the button click.
362
+ [ACTION] Trace /api/checkout or submitOrder.ts with Octocode local tools next.
363
+ ```
364
+
365
+ Good reports should include:
366
+
367
+ - what was triggered
368
+ - what Chrome observed
369
+ - which evidence is user-relevant
370
+ - what to try next
371
+ - redaction for secrets and auth/session values
372
+
373
+ ## Safety Gates
374
+
375
+ The agent should pause and ask before:
376
+
377
+ - using your real Chrome profile/session
378
+ - login, CAPTCHA, or manual UI steps
379
+ - destructive actions such as submit, delete, purchase, or send
380
+
381
+ Sensitive values such as token values, cookie values, passwords, and session secrets should be redacted in outputs.
382
+
383
+ ## Core Features
384
+
385
+ - Headless and visible browser modes
386
+ - Live-page mode: you interact, then the agent inspects current state
387
+ - Auth-aware flows with user confirmation gates
388
+ - OOTB bot-wall, CAPTCHA detection, auth, session reuse, and recovery flows
389
+ - Session-first reuse across many checks/tabs on the same CDP port
390
+ - Structured findings through output prefixes
391
+ - Step-by-step reasoning logs for scrape and automation loops
392
+ - Per-port TMP metadata for smarter follow-up runs
393
+ - Retry and recovery hints through `[CDP_RETRY_NEEDED]`
394
+ - Proxy/VPN-compatible routing through launch flags or `.octocode` config
395
+ - Source-map resolution and Octocode local/external source tracing
396
+ - Performance, memory, coverage, worker, service worker, WebSocket, accessibility, screenshot/PDF, security, storage, consent, and supply-chain checks
397
+
398
+ ## Why It Helps
399
+
400
+ This skill inspects Chrome itself instead of only driving a page like a test runner. It uses Chrome DevTools Protocol directly, so the agent can build focused checks for the exact problem and explain what happened from browser evidence.
401
+
402
+ The motivation is simple: many browser bugs are invisible from code search alone. Failed requests, console exceptions, service worker state, storage mutations, source-map locations, WebSocket frames, and bot/auth walls only become obvious after observing the real page.
403
+
404
+ Compared with Playwright MCP, Chrome DevTools MCP, agent-browser, and Puppeteer workflows, users usually get:
405
+
406
+ - lower setup friction for this skill's scripts
407
+ - broad debugging, inspection, automation, auth, and source-trace coverage in one workflow
408
+ - stronger iteration through session reuse and per-port metadata
409
+ - clearer evidence loops through prefixed output
410
+ - safer real-world operation through explicit auth, profile, and destructive-action gates
411
+ - practical recovery guidance when CDP calls fail
412
+
413
+ In practice, this means users get signal faster, rerun less, and keep context while reproducing issues.
414
+
415
+ ## Intent Catalog
416
+
417
+ Intent router:
418
+
419
+ - `references/INTENTS.md`
420
+
421
+ | Intent | What You Get |
422
+ |---|---|
423
+ | `debug` | Broad investigation for "what is broken" |
424
+ | `network` | API traffic, request failures, status errors |
425
+ | `console` | Console errors/warnings and JS exceptions |
426
+ | `performance` | Performance metrics, long tasks, rendering signals |
427
+ | `memory` | Memory and heap leak investigation |
428
+ | `dom` | DOM structure/state checks |
429
+ | `css-coverage` | Used vs unused CSS |
430
+ | `js-coverage` | Used vs unused JS |
431
+ | `automate` | Agent performs browser actions |
432
+ | `scrape` | Data extraction from page content |
433
+ | `live-page` | Keep visible page open, inspect without reload |
434
+ | `login` | Agent-led login flow |
435
+ | `user-auth` | You log in manually, then agent continues |
436
+ | `emulate` | Device, network, and geo-style environment emulation |
437
+ | `inject` | Controlled pre-load patching/hooking |
438
+ | `monitor` | Repeated checks over time |
439
+ | `security` | Cookies, tokens, headers, CSP, and security posture |
440
+ | `websocket` | Real-time frame/message inspection |
441
+ | `service-worker` | Service worker lifecycle, cache, and offline checks |
442
+ | `workers` | Web/shared worker checks |
443
+ | `intercept` | Block/mock/modify request paths |
444
+ | `screenshot` | Visual capture and PDF-style snapshots |
445
+ | `accessibility` | Accessibility-oriented checks |
446
+ | `supply-chain` | Third-party/CDN script risk checks |
447
+ | `full-audit` | Multi-area broad audit |
448
+ | `storage` | Cookies, localStorage, sessionStorage, IDB, and quota |
449
+ | `consent` | GDPR/consent and tracker-before-consent behavior |
450
+
451
+ ## Proxy/VPN Support
452
+
453
+ Chrome flags cannot sign into a VPN provider account directly. They can route browser traffic through proxy endpoints such as HTTP, SOCKS, or PAC.
454
+
455
+ Common proxy-capable setups:
456
+
457
+ - NordVPN SOCKS5 endpoints
458
+ - Mullvad SOCKS5 endpoints
459
+ - PIA SOCKS5 endpoints
460
+ - Proton VPN when a local proxy endpoint is configured
461
+
462
+ Project config file supported by launcher:
463
+
464
+ - `.octocode/chrome-devtools.json`
465
+
466
+ Example:
467
+
468
+ ```json
469
+ {
470
+ "proxy": {
471
+ "enabled": true,
472
+ "server": "socks5://127.0.0.1:1080",
473
+ "bypassList": "<-loopback>"
474
+ }
475
+ }
476
+ ```
477
+
478
+ Also see:
479
+
480
+ - `scripts/octocode-chrome-devtools.vpn.example.json`
481
+ - `references/CHROME_FLAGS.md`
482
+
483
+ ## Troubleshooting
484
+
485
+ If a run fails or is flaky:
486
+
487
+ 1. Ask the agent to inspect retry guidance from `[CDP_RETRY_NEEDED]`.
488
+ 2. Ask it to re-list and re-target browser tabs.
489
+ 3. If it is still failing, direct it to `references/RECOVERY.md`.
490
+
491
+ ## Script Inventory
492
+
493
+ | Script | Purpose | Use it for |
494
+ |---|---|---|
495
+ | `scripts/open-browser.mjs` | Launch, reuse, or clean up Chrome with CDP enabled | Headless isolated sessions, visible/live sessions, real-profile sessions after approval, proxy/PAC routing |
496
+ | `scripts/cdp-sandbox.mjs` | Run generated scripts through Node permissions with isolated output/session metadata | Default execution path for untrusted one-off CDP scripts |
497
+ | `scripts/cdp-runner.mjs` | Attach to a target and provide the `run(cdp)` API | Trusted local iteration, target listing, target selection, retry metadata |
498
+ | `scripts/cdp-template.mjs` | Baseline `export async function run(cdp)` script | Starting point for network/console/log evidence collection |
499
+ | `scripts/sourcemap-resolver.mjs` | Resolve generated JS stack locations through source maps without retaining `sourcesContent` | Source-traced console exception investigations |
500
+ | `scripts/undercover.mjs` | Apply and verify headless-fingerprint masking | One guarded retry for public bot-wall triage before visible user gate |
501
+ | `scripts/octocode-chrome-devtools.vpn.example.json` | Example proxy config | Copying the shape of `.octocode/chrome-devtools.json` |
502
+
503
+ ## Optional CLI
504
+
505
+ Run launcher scripts directly when you want to inspect the raw workflow.
506
+
507
+ ```bash
508
+ SKILL_DIR="/Users/guybary/Documents/octocode-mcp/skills/octocode-chrome-devtools"
509
+ TMPDIR="$(node -e "process.stdout.write(require('os').tmpdir())")"
510
+ PORT=9222
511
+
512
+ node "$SKILL_DIR/scripts/open-browser.mjs" --headless --port "$PORT"
513
+ node "$SKILL_DIR/scripts/cdp-sandbox.mjs" --list-targets --port "$PORT"
514
+ node "$SKILL_DIR/scripts/open-browser.mjs" --port "$PORT" --cleanup
515
+ ```
516
+
517
+ Session metadata location, shared by all runs on the same port:
518
+
519
+ ```bash
520
+ $TMPDIR/.octocode-chrome-devtools/session-meta/port-$PORT/
521
+ ```
522
+
523
+ Important files:
524
+
525
+ - `session-metadata.json` - active target, last status, last script
526
+ - `targets-latest.json` - latest tab/worker snapshot
527
+ - `resource-map.json` - stable mapping for selectors, endpoints, and tab roles
528
+ - `reasoning-log.json` - why each step was chosen in long loops
529
+ - `run-history.json` - recent run timeline
530
+
531
+ ## Reference Files
532
+
533
+ - `references/INTENTS.md`
534
+ - `references/INTENTS_DEBUG.md`
535
+ - `references/INTENTS_AUTOMATION.md`
536
+ - `references/INTENTS_AUTH.md`
537
+ - `references/INTENTS_ENVIRONMENT.md`
538
+ - `references/INTENTS_INSPECT.md`
539
+ - `references/INTENTS_STORAGE_CONSENT.md`
540
+ - `references/CHROME_FLAGS.md`
541
+ - `references/RECOVERY.md`