Replace chrome-launcher + CDP with cloakbrowser + Playwright (v2.0.0)#12
Merged
Replace chrome-launcher + CDP with cloakbrowser + Playwright (v2.0.0)#12
Conversation
BREAKING: `interceptor_chrome_*` tools renamed to `interceptor_browser_*`.
The 14 `interceptor_chrome_devtools_*` tools collapse onto 9
Playwright-driven equivalents; `_cdp_info` and the sidecar
pull/attach/detach/navigate/list_network tools are removed. Tool count
77 → 71. Stealth script injection, per-target CdpSession, and the
`chrome-devtools-mcp` sidecar are gone — cloakbrowser ships
source-level C++ fingerprint patches and built-in humanize mode, so no
JS stealth layer is needed. Tools now take `target_id` directly; there
is no separate session binding step.
humanizer_* tools keep the same surface (Bezier paths, WPM typing,
eased scroll) but dispatch via Playwright `page.mouse` / `page.keyboard`
instead of CDP `Input.*`. `humanizer_click` now accepts
`selector | role+name | text | label | x,y` with auto-wait for
visible+enabled+stable+in-view — fixes the long-standing coordinate-
guessing pain point for iframes, shadow DOM, and offscreen elements.
Resources: `proxy://chrome/primary` → `proxy://browser/primary`,
`proxy://chrome/targets` → `proxy://browser/targets`.
`proxy://chrome/devtools/sessions` and
`proxy://chrome/{target_id}/cdp` removed.
Dependencies: +cloakbrowser@^0.3.24, +playwright-core@^1.59,
−chrome-launcher. Node requirement bumped to >=20. Version bumped to
2.0.0 to reflect breaking API.
Verified end-to-end: typecheck clean, unit 74/74, integration 18/20
(2 pre-existing failures unrelated to swap), real-site smoke against
bot.sannysoft.com and a full B&N sci-fi recon (homepage → fiction →
sci-fi → PDP) passed without Akamai challenge.
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Swaps the browser automation stack from
chrome-launcher+ raw CDP +chrome-devtools-mcpsidecar to cloakbrowser (stealth-patched Chromium) driven via Playwright. Source-level C++ fingerprint patches replace the hand-rolled JS stealth script;humanize: truereplaces the custom CDP input engine at the dispatch layer (our timing profiles still layer on top). Net change: +790 / −3366 lines.Breaking changes (→ v2.0.0)
interceptor_chrome_*→interceptor_browser_*. The 14interceptor_chrome_devtools_*tools collapse onto 9 Playwright-driven equivalents.interceptor_chrome_cdp_info,interceptor_chrome_devtools_{pull_sidecar,attach,detach,navigate,list_network}. There is no CDP surface and no session-binding step — tools taketarget_iddirectly. Network listing is now sourced from MITM proxy capture (always on, strictly more complete than the old CDP Network view).proxy://chrome/primary→proxy://browser/primary,proxy://chrome/targets→proxy://browser/targets.proxy://chrome/devtools/sessionsandproxy://chrome/{target_id}/cdptemplate removed.Key wins
humanizer_click— acceptsselector | role + name | text | label | x,yand auto-waits for visible + enabled + stable + in-view. Replaces the flakyRuntime.evaluate + getBoundingClientRectcoord math that broke on iframes, shadow DOM, and offscreen elements.navigator.webdriver,sec-ch-ua*, canvas/WebGL/audio fingerprints, and ja3n/ja4 match real Chrome natively. No JS injection, no double-patching concerns.interceptor_browser_snapshotreturns a role/name/text tree (not a11y JSON) via Playwrightlocator.ariaSnapshot; supportsmode: "ai"for ref-tagged snapshots andselectorfor scoped subtrees.src/tls-spoof.ts,src/browser-presets.ts,src/tools/tls.ts— impit-based outbound re-origination + MITM fingerprint capture continue to work for curl/Android/Docker clients.Dependencies
cloakbrowser@^0.3.24,playwright-core@^1.59chrome-launcher,chrome-devtools-mcp(dynamic)Migration notes
interceptor_chrome_launch(..., stealthMode: true)withinterceptor_browser_launch(...). ThestealthModeparam is gone — cloakbrowser is always stealth.target_idparameters on each tool call.details(port,cdpHttpUrl,browserWebSocketDebuggerUrl, etc.) are gone; targets now exposeurl,headless,humanize, etc.Test plan
npm run build— tsc clean, 0 errorsnpm run test:unit— 74/74 passnpm run test:integration— 18/20 pass (2 pre-existing failures unrelated to swap:checks fingerprint runtime preflight+imports HAR and replays entries— same onmain)bot.sannysoft.com—navigator.webdriver = false, UAChrome/146, platformWin32, JA4t13d1516h2_8daaf6152771_d8a2da3f94cdbarnesandnoble.com(Akamai-protected) — homepage → fiction → sci-fi category → PDP all returned 200 with no 403 challenge; 21 exchanges captured with JA3/JA4;_abck+bm_*cookies issued and acceptedinput[name="q"]—waitFor({ state: "visible" })returned without coord mathproject_hard_target_evaluation.md(5-site suite incl. Kasada) — deferred, not blockingFollow-ups (not in this PR)
v2.0.0andnpm publishafter merge.intel-agent,web-scraper) to the new tool names — intel-agent update is drafted in a parallel working tree.See
CHANGELOG.mdfor the full migration table.