diff --git a/packages/bcode-browser/README.md b/packages/bcode-browser/README.md
index e79eecdf0..3100920cb 100644
--- a/packages/bcode-browser/README.md
+++ b/packages/bcode-browser/README.md
@@ -12,7 +12,7 @@ See `decisions.md §1c` (three-level model) and `§1d` (this package) in the Bro
 | `src/browser-execute.ts` | In-process JS-eval `browser_execute` body. |
 | `src/session-store.ts` | Per-opencode-session CDP `Session` map. The agent calls `session.connect(...)` from a snippet; subsequent snippets find the same Session. |
 | `src/skills.ts` | Runtime resolver for embedded skills (extract on first call in compiled mode; in-tree path in dev). |
-| `skills/` | `BROWSER.md` (the agent's prompt for `browser_execute`), `cloud-browser.md` (Way 3 — provision/stop a Browser Use cloud browser via raw HTTP from inside a snippet), and `interaction-skills/*.md` (UI mechanic reference docs). Embedded into the binary by `script/embed-skills.ts`. |
+| `skills/` | `BROWSER.md` (the agent's prompt for `browser_execute`) and `cloud-browser.md` (Way 3 — provision/stop a Browser Use cloud browser via raw HTTP from inside a snippet). Embedded into the binary by `script/embed-skills.ts`. The interaction-skills set inherited from the Python harness was archived 2026-05-09 — we'll reintroduce only what evals show is needed, one skill at a time. |
 | `script/embed-skills.ts` | Build-time embed; emits `bcode-skills.gen.ts` consumed by the compiled binary. |
 | `test/` | `bun test` smoke coverage for the workspace dynamic-import pattern. |
 
diff --git a/packages/bcode-browser/skills/BROWSER.md b/packages/bcode-browser/skills/BROWSER.md
index ee13cae03..2a7670933 100644
--- a/packages/bcode-browser/skills/BROWSER.md
+++ b/packages/bcode-browser/skills/BROWSER.md
@@ -5,11 +5,11 @@ Use the `browser_execute` tool to run JavaScript against a connected browser via
 **Locations:**
 
 - Workspace (read/write your reusable scripts): `<projectRoot>/.bcode/agent-workspace/`. The bcode CLI runs from the project root, so `./.bcode/agent-workspace/foo.ts` works directly with the `read`/`write`/`edit` tools.
-- Skills (read-only reference docs): `{{SKILLS_DIR}}/`. Run `read {{SKILLS_DIR}}/interaction-skills/` to list every available interaction skill before reading any one of them.
+- Skills (read-only reference docs): `{{SKILLS_DIR}}/`. Currently `BROWSER.md` (this file) and `cloud-browser.md`.
 
 ## The model in one paragraph
 
-`browser_execute` evaluates whatever JS you write against `session`. There is no auto-loaded library, no privileged file, no helper namespace — just `session` and standard JS globals. To reuse code from a previous snippet, save it as a `.ts` file under `./.bcode/agent-workspace/` (using the `write` tool) and `await import("/abs/path?t=" + Date.now())` it from a later snippet. The import takes an **absolute** path — construct it from `process.cwd()` inside the snippet. Same mechanism for a 5-line wrapper and a 500-line script. Skills under `{{SKILLS_DIR}}/` are documentation you `read`, not modules you `import` — they teach you the CDP patterns; you write the code.
+`browser_execute` evaluates whatever JS you write against `session`. There is no auto-loaded library, no privileged file, no helper namespace — just `session` and standard JS globals. To reuse code from a previous snippet, save it as a `.ts` file under `./.bcode/agent-workspace/` (using the `write` tool) and `await import("/abs/path?t=" + Date.now())` it from a later snippet. The import takes an **absolute** path — construct it from `process.cwd()` inside the snippet. Same mechanism for a 5-line wrapper and a 500-line script.
 
 ## Connecting
 
@@ -148,8 +148,6 @@ await session.Page.captureScreenshot({ format: "png" })
 // for the rare case you want to process it programmatically.
 ```
 
-For the full menu of UI mechanics — dropdowns, dialogs, iframes, shadow DOM, uploads, scrolling, screenshots-with-highlights — list `{{SKILLS_DIR}}/interaction-skills/` to see all available topics, then read the relevant one.
-
 ## Switching browsers mid-session
 
 You own the connection. To swap:
@@ -202,7 +200,7 @@ Cache-bust (`?t=${Date.now()}`) is your responsibility: without it, edits to the
 ## When something doesn't work
 
 - **`session.Page.navigate` hangs forever** → the page is showing a native dialog. Use `session.Page.handleJavaScriptDialog({ accept: true })` to dismiss.
-- **Selectors don't find elements that you can see** → likely an iframe or shadow DOM. Read `{{SKILLS_DIR}}/interaction-skills/iframes.md` or `shadow-dom.md`.
+- **Selectors don't find elements that you can see** → likely an iframe or shadow DOM. Walk frames via `Page.getFrameTree` / `Target.attachToTarget`, or pierce shadow roots with `element.shadowRoot.querySelector(...)`.
 - **Actions silently no-op** → the page is mid-load. After `Page.navigate`, await `session.waitFor("Page.loadEventFired")` before driving inputs.
 - **Connection refused, 403, or `WS closed before open` on connect()** → see the Way 1 failure-mode list above. Most often: the `chrome://inspect/#remote-debugging` checkbox isn't ticked, or the Chrome 144+ "Allow remote debugging?" popup hasn't been clicked. Pass `{ profileDir, timeoutMs: 30000 }` (Way 1, user's profile) to wait up to 30s for the click, or fall back to Way 2.
 - **Cloud `connect()` fails after a successful provision** → check that `cdp_url` came back in the POST response; some BU regions return `cdpUrl` (camelCase) — accept both. See `{{SKILLS_DIR}}/cloud-browser.md`.
diff --git a/packages/bcode-browser/skills/interaction-skills/connection.md b/packages/bcode-browser/skills/interaction-skills/connection.md
deleted file mode 100644
index b619c2e41..000000000
--- a/packages/bcode-browser/skills/interaction-skills/connection.md
+++ /dev/null
@@ -1,104 +0,0 @@
-# Connection & Tab Visibility
-
-## Just call `session.connect()`
-
-No args required. It scans OS-specific profile dirs for every running Chromium-based browser (Chrome, Chromium, Edge, Brave, Arc, Vivaldi, Opera, Comet, Canary), picks the most-recently-launched one whose WebSocket accepts, and attaches. Dead ports and permission-denied (403) candidates fall through in <100ms each, so the loop is fast.
-
-```js
-await session.connect()
-```
-
-Inspect what's available (e.g. to let the user choose) with `detectBrowsers()`:
-
-```js
-const browsers = await detectBrowsers()
-// [{ name: 'Google Chrome', profileDir, port, wsPath, wsUrl, mtimeMs }, ...]
-```
-
-### Explicit forms (override auto-detect)
-
-Use only when auto-detect picks the wrong browser or you already know the destination.
-
-| Form | When |
-|---|---|
-| `{ profileDir }` | Target a specific running browser. Reads its `DevToolsActivePort` directly. OS-agnostic. |
-| `{ wsUrl }` | You already have `ws://…/devtools/browser/<uuid>`. |
-
-```js
-await session.connect({ profileDir: '/Users/<you>/Library/Application Support/Google/Chrome' })
-await session.connect({ wsUrl: 'ws://127.0.0.1:9222/devtools/browser/<uuid>' })
-```
-
-### Timeouts and the Allow popup
-
-Per-candidate WS-open timeout defaults to **5s**. A live browser either opens or closes the connection within ~100ms, so 5s is always enough — unless the user has to click **Allow** on Chrome's remote-debugging popup. In that case, pass `timeoutMs: 30000` to give them time:
-
-```js
-await session.connect({ profileDir, timeoutMs: 30_000 })
-```
-
-If `session.connect()` reports `No detected browser accepted a connection`, it means every browser with `DevToolsActivePort` answered 403 or closed without opening — most likely the user hasn't clicked Allow yet. Ask them to, then retry.
-
-## The omnibox popup problem
-
-When Chrome opens fresh, the only CDP `type: "page"` targets may be `chrome://inspect` and `chrome://omnibox-popup.top-chrome/` (a 1px invisible viewport). If you attach to the omnibox popup, every subsequent action happens on a tab the user cannot see.
-
-`listPageTargets()` already filters `chrome://` and `devtools://` URLs. If you call `Target.getTargets` directly, filter these manually:
-
-```js
-const { targetInfos } = await session.Target.getTargets({})
-const realTabs = targetInfos.filter(t =>
-  t.type === 'page' &&
-  !t.url.startsWith('chrome://') &&
-  !t.url.startsWith('devtools://')
-)
-```
-
-If no real pages exist yet, create one instead of attaching to nothing:
-
-```js
-const tabs = await listPageTargets()
-let targetId = tabs[0]?.targetId
-if (!targetId) {
-  ({ targetId } = await session.Target.createTarget({ url: 'about:blank' }))
-}
-await session.use(targetId)
-```
-
-## Startup sequence
-
-```js
-await session.connect()                              // 1. auto-detect the running browser
-const tabs = await listPageTargets()                 // 2. real pages only (chrome:// already filtered)
-let targetId = tabs[0]?.targetId
-if (!targetId) {                                     // 3. handle the empty case (fresh window, omnibox-only)
-  ({ targetId } = await session.Target.createTarget({ url: 'about:blank' }))
-}
-await session.use(targetId)                          // 4. route Page/DOM/Runtime/Network to that target
-await session.Target.activateTarget({ targetId })    // 5. bring it visually to front
-await session.Page.enable()                          // 6. enable the domains you need
-```
-
-## CDP target order ≠ visible tab-strip order
-
-When the user says "the first tab I can see", do NOT trust the order of `Target.getTargets`. Use:
-
-- A screenshot (`session.Page.captureScreenshot()`) to identify visually.
-- Page title / URL heuristics.
-- Or platform UI automation (macOS: AppleScript; Linux: `xdotool`/`wmctrl`).
-
-`Target.activateTarget` only switches to a targetId you already know — it cannot resolve "leftmost tab".
-
-## Bringing Chrome to front
-
-```bash
-# macOS — prefer AppleScript over `open -a` (reuses current profile, avoids the profile picker)
-osascript -e 'tell application "Google Chrome" to activate'
-
-# Linux (X11) — use wmctrl or xdotool
-wmctrl -a 'Google Chrome'
-xdotool search --name 'Google Chrome' windowactivate
-
-# Windows (PowerShell)
-powershell -NoProfile -Command "(New-Object -ComObject WScript.Shell).AppActivate('Google Chrome')"
-```
diff --git a/packages/bcode-browser/skills/interaction-skills/cookies.md b/packages/bcode-browser/skills/interaction-skills/cookies.md
deleted file mode 100644
index f72984b72..000000000
--- a/packages/bcode-browser/skills/interaction-skills/cookies.md
+++ /dev/null
@@ -1,61 +0,0 @@
-# Cookies
-
-Use `Network.*` for cookies scoped to the attached page/context; use `Storage.getCookies` / `Storage.setCookies` for every cookie in the browser.
-
-## Read
-
-```js
-await session.Network.enable({})
-
-// All cookies visible to the attached page (current origin + its frames)
-const { cookies } = await session.Network.getCookies({})
-
-// Cookies for specific URLs
-const { cookies: github } = await session.Network.getCookies({
-  urls: ['https://github.com/'],
-})
-
-// Every cookie across the whole browser (requires Storage domain)
-const { cookies: all } = await session.Storage.getCookies({})
-```
-
-Shape: `{ name, value, domain, path, expires, size, httpOnly, secure, session, sameSite?, sourceScheme?, priority? }`.
-
-## Write
-
-```js
-// Single cookie on the attached page
-await session.Network.setCookie({
-  name: 'session',
-  value: 'abc123',
-  domain: '.example.com',
-  path: '/',
-  secure: true,
-  httpOnly: true,
-  sameSite: 'Lax',
-  expires: Date.now() / 1000 + 86400,   // seconds since epoch
-})
-
-// Bulk import (e.g. to preload an auth session)
-await session.Network.setCookies({
-  cookies: [
-    { name: 'a', value: '1', domain: '.example.com', path: '/' },
-    { name: 'b', value: '2', domain: '.example.com', path: '/' },
-  ],
-})
-```
-
-## Delete / clear
-
-```js
-await session.Network.deleteCookies({ name: 'session', domain: '.example.com' })
-await session.Network.clearBrowserCookies()   // nukes everything in the default context
-```
-
-## Gotchas
-
-- `Network.setCookie` silently fails with no error if `domain` doesn't match any origin in the current profile — you'll get `{ success: true }` and the cookie just won't be there. Verify with `getCookies` after.
-- `expires` is seconds (float), **not** milliseconds. A common mistake.
-- Session cookies: pass no `expires` and Chrome treats them as session-scoped. Setting `expires: 0` also works.
-- `sameSite` values are `'Strict'` | `'Lax'` | `'None'`. For `'None'`, Chrome also requires `secure: true`.
-- Clearing cookies does NOT clear localStorage/IndexedDB. For a full logout, also call `Storage.clearDataForOrigin({ origin, storageTypes: 'all' })`.
diff --git a/packages/bcode-browser/skills/interaction-skills/cross-origin-iframes.md b/packages/bcode-browser/skills/interaction-skills/cross-origin-iframes.md
deleted file mode 100644
index d0909b570..000000000
--- a/packages/bcode-browser/skills/interaction-skills/cross-origin-iframes.md
+++ /dev/null
@@ -1,76 +0,0 @@
-# Cross-Origin Iframes (OOPIFs)
-
-Cross-origin iframes (stripe.com checkout, recaptcha, Salesforce Lightning, Azure blades) run in **out-of-process iframes (OOPIFs)** with their own CDP target. You cannot reach them via `contentDocument` from the parent.
-
-## First try: coordinate clicks
-
-Compositor-level input passes through OOPIFs transparently. If the thing you want is a button you can see in a screenshot, try this first — it's simpler, undetectable, and doesn't need attaching to anything:
-
-```js
-// Click a "Pay" button inside a Stripe iframe by page coordinates
-await session.Input.dispatchMouseEvent({ type: 'mousePressed', x, y, button: 'left', clickCount: 1 })
-await session.Input.dispatchMouseEvent({ type: 'mouseReleased', x, y, button: 'left', clickCount: 1 })
-```
-
-Coordinate-based typing also works if you click first, then `Input.insertText`/`Input.dispatchKeyEvent`.
-
-## When you need DOM inside the OOPIF
-
-Find the iframe target and route Runtime/DOM calls to it. Remember the parent's `targetId` first so you can switch back:
-
-```js
-// Capture the parent target before switching — `session.use` doesn't expose it.
-const parentTargetId = (await session.Target.getTargets({}))
-  .targetInfos.find(t => t.type === 'page' && !t.url.startsWith('chrome://'))?.targetId
-
-const { targetInfos } = await session.Target.getTargets({})
-const iframe = targetInfos.find(t => t.type === 'iframe' && t.url.includes('stripe.com'))
-if (!iframe) {
-  // OOPIF targets are lazy. Interact with the parent input first
-  // (a coordinate click on the card-number area), then re-query Target.getTargets.
-  throw new Error('Stripe iframe target not present yet — interact and retry')
-}
-
-// Route subsequent calls to the iframe target
-await session.use(iframe.targetId)
-
-await session.Runtime.enable()
-const { result } = await session.Runtime.evaluate({
-  expression: 'document.querySelector("[name=cardnumber]").value',
-  returnByValue: true,
-})
-
-// Switch back to the parent page when done
-if (parentTargetId) await session.use(parentTargetId)
-```
-
-`session.use(iframe.targetId)` auto-attaches if not already attached, and routes Page/DOM/Runtime/Network to it. `Target.*` and `Browser.*` always hit the browser endpoint regardless of `use`.
-
-## Which target is which?
-
-`Target.getTargets` returns **all** OOPIFs in the page, flat. If multiple iframes share an origin (e.g. multiple Stripe Elements), you need more than URL to disambiguate:
-
-- Filter by URL path (`cardNumber` vs `cardExpiry` vs `cvc` in Stripe).
-- Enumerate in DOM order from the parent: find all `<iframe>` elements, map their `src` to target URLs.
-- Inspect title via `Target.getTargetInfo({ targetId })`.
-
-## Listening to events from an OOPIF
-
-After `session.use(iframe.targetId)`, events for that target arrive via the same `session.onEvent` / `session.waitFor`:
-
-```js
-await session.use(iframe.targetId)
-await session.Network.enable({})
-const ev = await session.waitFor(
-  'Network.responseReceived',
-  (p) => p.response.url.includes('/confirm_payment'),
-  10_000
-)
-```
-
-## Traps
-
-- **An OOPIF is not always present until interaction.** Stripe's card iframe is lazy-mounted after you focus the outer input. Screenshot + coordinate-click the outer input first, then re-query `Target.getTargets`.
-- **OOPIF targets disappear when the parent navigates.** A cached `iframe.targetId` from before a navigation is dead.
-- **CSP / sandbox may block `Runtime.evaluate` side effects** even when you've attached. Read-only calls usually work; writes may silently no-op.
-- **Don't `use(iframe.targetId)` and forget to switch back.** Your next `Page.navigate` goes to the iframe instead of the main frame. Always pair with a `session.use(parentTargetId)`.
diff --git a/packages/bcode-browser/skills/interaction-skills/dialogs.md b/packages/bcode-browser/skills/interaction-skills/dialogs.md
deleted file mode 100644
index f6226087e..000000000
--- a/packages/bcode-browser/skills/interaction-skills/dialogs.md
+++ /dev/null
@@ -1,83 +0,0 @@
-# Dialogs
-
-`alert`, `confirm`, `prompt`, `beforeunload` freeze the JS thread. Two approaches depending on timing.
-
-## Reactive: dismiss via CDP (preferred)
-
-Works even when JS is frozen. Handles all four dialog types.
-
-```js
-await session.Page.enable()
-
-// Dismiss / accept
-await session.Page.handleJavaScriptDialog({ accept: true })               // "OK"
-await session.Page.handleJavaScriptDialog({ accept: false })              // "Cancel"
-await session.Page.handleJavaScriptDialog({ accept: true, promptText: 'hi' })  // for prompt()
-
-// Wait for a dialog to open (and read its text)
-const ev = await session.waitFor('Page.javascriptDialogOpening', undefined, 10_000)
-console.log(ev.type, ev.message)  // "alert"|"confirm"|"prompt"|"beforeunload"
-```
-
-Undetectable by antibot — no JS runs in the page.
-
-**Subscribe to every dialog while a flow runs:**
-
-```js
-await session.Page.enable()
-const off = session.onEvent(async (method, params) => {
-  if (method === 'Page.javascriptDialogOpening') {
-    await session.Page.handleJavaScriptDialog({ accept: true })
-  }
-})
-// ...do actions that may trigger dialogs...
-off()
-```
-
-## Proactive: stub via JS
-
-Prevents dialogs from ever appearing. Good when you expect many `alert()`/`confirm()` calls.
-
-```js
-await session.Runtime.evaluate({ expression: `
-  window.__dialogs__ = [];
-  window.alert = m => window.__dialogs__.push(String(m));
-  window.confirm = m => { window.__dialogs__.push(String(m)); return true; };
-  window.prompt = (m, d) => { window.__dialogs__.push(String(m)); return d || ''; };
-` })
-// ...actions...
-const { result } = await session.Runtime.evaluate({
-  expression: 'window.__dialogs__ || []',
-  returnByValue: true,
-})
-```
-
-Tradeoffs:
-- Stubs are lost on page navigation — re-inject after every navigate.
-- `confirm()` always returns `true`.
-- Detectable by antibot (`window.alert.toString()` reveals non-native code).
-- Does **not** handle `beforeunload`.
-
-## beforeunload specifically
-
-Fires when navigating away from a page with unsaved changes (forms, editors). The page freezes until the user clicks Leave/Stay. The dialog can open at any point during `Page.navigate`, so don't try to handle it after — race the navigate against `Page.javascriptDialogOpening`.
-
-```js
-// Option A: subscribe before navigating (CDP, safe, undetectable, no race)
-await session.Page.enable()
-const off = session.onEvent(async (method, _params) => {
-  if (method === 'Page.javascriptDialogOpening') {
-    await session.Page.handleJavaScriptDialog({ accept: true })  // "Leave"
-  }
-})
-try {
-  await session.Page.navigate({ url: 'https://new-url.com' })
-  await session.waitFor('Page.loadEventFired', undefined, 10_000)
-} finally {
-  off()
-}
-
-// Option B: prevent before navigating (JS, detectable)
-await session.Runtime.evaluate({ expression: 'window.onbeforeunload = null' })
-await session.Page.navigate({ url: 'https://new-url.com' })
-```
diff --git a/packages/bcode-browser/skills/interaction-skills/downloads.md b/packages/bcode-browser/skills/interaction-skills/downloads.md
deleted file mode 100644
index 3e491820e..000000000
--- a/packages/bcode-browser/skills/interaction-skills/downloads.md
+++ /dev/null
@@ -1,77 +0,0 @@
-# Downloads
-
-Two modes: let Chrome write the file to a directory you control, or intercept the download response in CDP and save it yourself.
-
-## Route downloads to a directory you own
-
-```js
-// Cross-platform temp dir: /tmp on Linux, /var/folders/… on macOS, %TEMP% on Windows
-const { tmpdir } = await import('node:os')
-const downloadDir = `${tmpdir()}/cdp-downloads`
-await Bun.write(`${downloadDir}/.keep`, '')  // ensure dir exists
-
-await session.Browser.setDownloadBehavior({
-  behavior: 'allow',
-  downloadPath: downloadDir,
-  eventsEnabled: true,   // emit Browser.downloadWillBegin / downloadProgress
-})
-```
-
-Now any download — whether triggered by a link (`<a download>`), a `window.location` to a binary, or a form POST that returns `Content-Disposition: attachment` — saves to that directory.
-
-## Signal that a download actually started
-
-```js
-const ev = await session.waitFor(
-  'Browser.downloadWillBegin',
-  (p) => p.suggestedFilename.endsWith('.pdf'),
-  10_000
-)
-console.log(ev.guid, ev.suggestedFilename, ev.url)
-```
-
-## Signal that it finished
-
-```js
-const done = await session.waitFor(
-  'Browser.downloadProgress',
-  (p) => p.state === 'completed',
-  60_000
-)
-console.log(done.receivedBytes, done.totalBytes)
-```
-
-`Browser.downloadProgress.state` is one of `'inProgress' | 'completed' | 'canceled'`.
-
-## Skip the browser entirely for plain HTTP downloads
-
-If the download URL is a plain HTTP GET with no auth/cookie state the browser added, `fetch` directly from the Bun snippet:
-
-```js
-const { tmpdir } = await import('node:os')
-const res = await fetch('https://example.com/report.pdf')
-await Bun.write(`${tmpdir()}/report.pdf`, await res.arrayBuffer())
-```
-
-This is often 10× faster than driving the browser. But it **loses cookie-based auth** — for logged-in downloads, either:
-1. Use the browser path (`Browser.setDownloadBehavior`), or
-2. Copy cookies out first (`Network.getCookies`) and include them in the `fetch`.
-
-## When the only trigger is a click
-
-If the site exposes only a "Download" button and no obvious URL:
-
-```js
-// Pre-arm Browser.setDownloadBehavior, then click
-await session.Input.dispatchMouseEvent({ type: 'mousePressed', x, y, button: 'left', clickCount: 1 })
-await session.Input.dispatchMouseEvent({ type: 'mouseReleased', x, y, button: 'left', clickCount: 1 })
-const ev = await session.waitFor('Browser.downloadWillBegin', undefined, 10_000)
-```
-
-## Traps
-
-- **`Browser.setDownloadBehavior` is browser-scoped**, not page-scoped. Set it once per browser session.
-- **`downloadPath` must exist.** Chrome silently drops the file otherwise — always `mkdir -p` first.
-- **Files arrive with the suggested filename**, not a name you choose. Rename after `state === 'completed'` if you need a specific name.
-- **`beforeunload` on the triggering page** can block the download. Some sites open a confirm dialog before navigating to the PDF endpoint — handle the dialog first (see `dialogs.md`).
-- **If the "download" is actually just inline navigation** (PDF viewer opens in-page), there's no `downloadWillBegin` — you'll need `Page.printToPDF` or direct `fetch` instead.
diff --git a/packages/bcode-browser/skills/interaction-skills/drag-and-drop.md b/packages/bcode-browser/skills/interaction-skills/drag-and-drop.md
deleted file mode 100644
index 50a84e3b3..000000000
--- a/packages/bcode-browser/skills/interaction-skills/drag-and-drop.md
+++ /dev/null
@@ -1,56 +0,0 @@
-# Drag and Drop
-
-Three kinds hide behind "drag and drop" — each wants a different CDP call.
-
-## Kind 1: HTML5 DnD (`dragstart` / `drop` events)
-
-React DnD, pragmatic-drag-and-drop, native `<div draggable>` — all listen to DOM `DragEvent`. CDP's `Input.dispatchMouseEvent` with mousePressed/moved/released does **not** fire these, because the browser synthesizes `DragEvent`s from a native OS drag that CDP doesn't trigger. Use `Input.dispatchDragEvent` instead:
-
-```js
-// Chrome needs to be told we're about to handle drags via CDP
-await session.Input.setInterceptDrags({ enabled: true })
-
-// Press at the source
-await session.Input.dispatchMouseEvent({ type: 'mousePressed', x: srcX, y: srcY, button: 'left', clickCount: 1 })
-
-// Wait for CDP to deliver the initial drag intent (via Input.dragIntercepted)
-const di = await session.waitFor('Input.dragIntercepted', undefined, 2_000)
-
-// Simulate the move + drop via dispatchDragEvent
-await session.Input.dispatchDragEvent({ type: 'dragEnter', x: dstX, y: dstY, data: di.data })
-await session.Input.dispatchDragEvent({ type: 'dragOver',  x: dstX, y: dstY, data: di.data })
-await session.Input.dispatchDragEvent({ type: 'drop',      x: dstX, y: dstY, data: di.data })
-
-await session.Input.dispatchMouseEvent({ type: 'mouseReleased', x: dstX, y: dstY, button: 'left', clickCount: 1 })
-await session.Input.setInterceptDrags({ enabled: false })
-```
-
-This covers most real-world DnD on React/Vue apps (Trello cards, Notion blocks, Linear tickets, Figma layers).
-
-## Kind 2: Pointer-based drag (canvas, SVG, custom handlers)
-
-Games, map panning, Figma/Excalidraw canvases, range sliders — these listen for `mousedown` / `mousemove` / `mouseup` (or pointer events) and do their own coordinate math. For these, a plain mouse-event sequence is enough:
-
-```js
-await session.Input.dispatchMouseEvent({ type: 'mousePressed', x: x1, y: y1, button: 'left', clickCount: 1 })
-// Intermediate moves matter — many sites track velocity / only trigger on movement delta
-for (let i = 1; i <= 10; i++) {
-  const x = x1 + (x2 - x1) * (i / 10)
-  const y = y1 + (y2 - y1) * (i / 10)
-  await session.Input.dispatchMouseEvent({ type: 'mouseMoved', x, y, button: 'left' })
-}
-await session.Input.dispatchMouseEvent({ type: 'mouseReleased', x: x2, y: y2, button: 'left', clickCount: 1 })
-```
-
-Add intermediate `mouseMoved` events — sites tracking velocity won't fire on a single jump.
-
-## Kind 3: "Drag a file onto this zone" = actually upload
-
-Most drop zones that accept files have a hidden `<input type="file">` under them. Use `DOM.setFileInputFiles` — see `uploads.md`. Don't fight the DnD path if an input exists.
-
-## Traps
-
-- **Don't use `Input.dispatchMouseEvent` alone for HTML5 DnD** — no `dragstart` fires. The site just sees a click that went nowhere. Use `setInterceptDrags` + `dispatchDragEvent`.
-- **Don't use `Input.dispatchDragEvent` without `setInterceptDrags({ enabled: true })`** — Chrome routes the drag to the native OS otherwise.
-- **Snap / animation**: after drop, re-screenshot after ~300ms. Some libraries animate the card into place and a too-fast follow-up action lands on the wrong coordinates.
-- **Pointer Events vs Mouse Events**: if `mousedown` doesn't work, try `dispatchMouseEvent` with `pointerType: 'mouse'` and also include the same sequence as `dispatchPointerEvent` (some new SPAs only listen to pointer events).
diff --git a/packages/bcode-browser/skills/interaction-skills/dropdowns.md b/packages/bcode-browser/skills/interaction-skills/dropdowns.md
deleted file mode 100644
index c0ea945fe..000000000
--- a/packages/bcode-browser/skills/interaction-skills/dropdowns.md
+++ /dev/null
@@ -1,79 +0,0 @@
-# Dropdowns
-
-The right approach depends on what kind of dropdown the site actually rendered.
-
-## Native `<select>`
-
-Don't click options — set the value directly and fire `change`. Keyboard/mouse on a native select opens an OS menu CDP can't close.
-
-```js
-await session.Runtime.evaluate({ expression: `
-  (() => {
-    const s = document.querySelector('select#country')
-    s.value = 'DE'
-    s.dispatchEvent(new Event('change', { bubbles: true }))
-  })()
-`})
-```
-
-Verify: `await session.Runtime.evaluate({ expression: 'document.querySelector("select#country").value', returnByValue: true })`.
-
-## Custom overlay (div-based menu under a trigger)
-
-1. Click the trigger with `Input.dispatchMouseEvent`.
-2. **Re-measure** — options appear late, sometimes inside a portal attached to `<body>`.
-3. Click the option by visible text.
-
-```js
-// Click the trigger
-await session.Input.dispatchMouseEvent({ type: 'mousePressed', x: triggerX, y: triggerY, button: 'left', clickCount: 1 })
-await session.Input.dispatchMouseEvent({ type: 'mouseReleased', x: triggerX, y: triggerY, button: 'left', clickCount: 1 })
-
-// Wait one frame, then find the option by text and coordinate-click it
-const { result } = await session.Runtime.evaluate({
-  returnByValue: true,
-  expression: `
-    (() => {
-      const t = [...document.querySelectorAll('[role="option"], li, .menu-item')]
-        .find(el => (el.textContent ?? '').trim() === 'Germany')
-      if (!t) return null
-      const r = t.getBoundingClientRect()
-      return { x: r.x + r.width/2, y: r.y + r.height/2 }
-    })()
-  `,
-})
-if (result.value) {
-  const { x, y } = result.value
-  await session.Input.dispatchMouseEvent({ type: 'mousePressed', x, y, button: 'left', clickCount: 1 })
-  await session.Input.dispatchMouseEvent({ type: 'mouseReleased', x, y, button: 'left', clickCount: 1 })
-}
-```
-
-## Searchable combobox (React / Downshift / Radix / MUI Autocomplete)
-
-Most comboboxes commit on the **keyboard**, not the click:
-
-1. Click the input to focus + open.
-2. `Input.insertText` the search string.
-3. Wait for options to render.
-4. `Input.dispatchKeyEvent` ArrowDown → Enter to commit.
-
-```js
-await session.Input.dispatchKeyEvent({ type: 'keyDown', key: 'ArrowDown', code: 'ArrowDown', windowsVirtualKeyCode: 40 })
-await session.Input.dispatchKeyEvent({ type: 'keyUp',   key: 'ArrowDown', code: 'ArrowDown', windowsVirtualKeyCode: 40 })
-await session.Input.dispatchKeyEvent({ type: 'keyDown', key: 'Enter',     code: 'Enter',     windowsVirtualKeyCode: 13, text: '\r' })
-await session.Input.dispatchKeyEvent({ type: 'keyUp',   key: 'Enter',     code: 'Enter',     windowsVirtualKeyCode: 13 })
-```
-
-Some libraries (notably Radix) require `Escape` to close without committing. Clicking outside may keep stale input.
-
-## Virtualized menus
-
-Long option lists (`react-window`, TanStack Virtual) only render the visible slice. If your option isn't in the DOM, scroll the menu container with a `mouseWheel` at its coordinates (see `scrolling.md`) until it mounts, **then** coordinate-click.
-
-## Traps
-
-- Always **re-measure after opening** — the trigger's on-screen position may shift when the menu appears (dropdowns that push content).
-- Portals: the option DOM may not be a descendant of the trigger. Search `document.querySelectorAll`, not `trigger.querySelectorAll`.
-- MUI Autocomplete: `blur` commits the text value, not the selected option. Always use Enter.
-- CSS `pointer-events: none` on the option means the click passes through — check for an inner `<span>` or the option container a level up.
diff --git a/packages/bcode-browser/skills/interaction-skills/iframes.md b/packages/bcode-browser/skills/interaction-skills/iframes.md
deleted file mode 100644
index 43f34f4d3..000000000
--- a/packages/bcode-browser/skills/interaction-skills/iframes.md
+++ /dev/null
@@ -1,69 +0,0 @@
-# Iframes (same-origin)
-
-Same-origin iframes are just part of the parent DOM — you can walk into them via `contentDocument`. For cross-origin (OOPIFs), see `cross-origin-iframes.md`.
-
-## Reading / writing through `contentDocument`
-
-```js
-await session.Runtime.evaluate({
-  returnByValue: true,
-  expression: `
-    (() => {
-      const doc = document.querySelector('iframe#inner').contentDocument
-      return doc.querySelector('h1').textContent
-    })()
-  `,
-})
-```
-
-- Throws `DOMException: Blocked a frame with origin …` if the frame is actually cross-origin. That's your signal to switch to OOPIF routing.
-- `contentWindow.postMessage` works from the parent if you need to send data in.
-
-## Coordinate clicks pass through iframes
-
-The compositor-level input path (`Input.dispatchMouseEvent`) doesn't care about frame boundaries. If you can see a button in a screenshot, you can click its page coordinates regardless of how many iframes it's nested in:
-
-```js
-await session.Input.dispatchMouseEvent({ type: 'mousePressed', x, y, button: 'left', clickCount: 1 })
-await session.Input.dispatchMouseEvent({ type: 'mouseReleased', x, y, button: 'left', clickCount: 1 })
-```
-
-This is usually the **lowest-friction** approach. Only drop to `contentDocument` / OOPIF attach when you need to read DOM or dispatch DOM events on elements that are hard to target by coordinate.
-
-## Frame-local vs page coordinates
-
-`getBoundingClientRect()` inside an iframe returns **iframe-local** coordinates. To coordinate-click, you need page coordinates:
-
-```js
-await session.Runtime.evaluate({
-  returnByValue: true,
-  expression: `
-    (() => {
-      const iframe = document.querySelector('iframe#inner')
-      const inner = iframe.contentDocument.querySelector('.target')
-      const iRect = iframe.getBoundingClientRect()
-      const tRect = inner.getBoundingClientRect()
-      return { x: iRect.x + tRect.x + tRect.width/2, y: iRect.y + tRect.y + tRect.height/2 }
-    })()
-  `,
-})
-```
-
-## Nested iframes
-
-Recurse through `contentDocument`:
-
-```js
-let doc = document
-for (const sel of ['iframe#outer', 'iframe#middle', 'iframe#inner']) {
-  doc = doc.querySelector(sel).contentDocument
-  if (!doc) throw new Error('cross-origin boundary')
-}
-return doc.querySelector('h1').textContent
-```
-
-## Traps
-
-- A frame that was same-origin can become cross-origin after navigation inside it (e.g. OAuth redirect). Re-check with `contentDocument` truthiness.
-- `iframe.contentDocument === null` right after insertion — wait for `load` on the iframe before reading.
-- An iframe whose `sandbox` attribute **omits** `allow-same-origin` is forced into an opaque origin even when its URL is same-origin — `contentDocument` access throws. Adding `allow-same-origin` is what restores access; its presence is not the blocker. CSP `frame-ancestors` on the iframe's response can also prevent it from loading at all.
diff --git a/packages/bcode-browser/skills/interaction-skills/network-requests.md b/packages/bcode-browser/skills/interaction-skills/network-requests.md
deleted file mode 100644
index a5a7880a8..000000000
--- a/packages/bcode-browser/skills/interaction-skills/network-requests.md
+++ /dev/null
@@ -1,109 +0,0 @@
-# Network Requests
-
-Use `Network.*` events when the DOM doesn't tell you whether a request happened, what it sent, or what came back. Use `Fetch.*` when you need to intercept, modify, or mock.
-
-## Watching requests
-
-```js
-await session.Network.enable({})
-
-// React to every request
-const off = session.onEvent((method, params) => {
-  if (method === 'Network.requestWillBeSent') {
-    console.log(params.request.method, params.request.url)
-  }
-  if (method === 'Network.responseReceived') {
-    console.log(params.response.status, params.response.url)
-  }
-})
-
-// ...do the action that should trigger the request...
-off()
-```
-
-## Wait for a specific request
-
-`session.waitFor` returns just the first matching event's params:
-
-```js
-await session.Network.enable({})
-// (Trigger the action before awaiting, or trigger concurrently.)
-const ev = await session.waitFor(
-  'Network.responseReceived',
-  (p) => p.response.url.includes('/api/submit') && p.response.status === 200,
-  10_000
-)
-console.log(ev.response.status, ev.requestId)
-```
-
-## Read a response body
-
-`Network.getResponseBody` needs the `requestId` — grab it from the matching event:
-
-```js
-const ev = await session.waitFor(
-  'Network.responseReceived',
-  (p) => p.response.url.endsWith('/me'),
-  10_000
-)
-const { body, base64Encoded } = await session.Network.getResponseBody({ requestId: ev.requestId })
-const text = base64Encoded ? Buffer.from(body, 'base64').toString('utf-8') : body
-```
-
-Bodies aren't always available — if the response was a redirect, was cached, or Chrome discarded it, `getResponseBody` throws. Read it **immediately** after `Network.loadingFinished`.
-
-## Capture request bodies
-
-`Network.requestWillBeSent` gives you `params.request.postData` (for small bodies); use `Network.getRequestPostData({ requestId })` for large ones.
-
-## Intercept / modify / mock (`Fetch` domain)
-
-When you need to change what's sent or returned:
-
-```js
-await session.Fetch.enable({
-  patterns: [{ urlPattern: '*/api/flag*', requestStage: 'Response' }],
-})
-
-session.onEvent(async (method, params) => {
-  if (method === 'Fetch.requestPaused') {
-    // Mock the response
-    await session.Fetch.fulfillRequest({
-      requestId: params.requestId,
-      responseCode: 200,
-      responseHeaders: [{ name: 'content-type', value: 'application/json' }],
-      body: Buffer.from(JSON.stringify({ enabled: true })).toString('base64'),
-    })
-  }
-})
-```
-
-Alternatives per request:
-- `session.Fetch.continueRequest({ requestId })` — pass through untouched.
-- `session.Fetch.continueRequest({ requestId, url, method, postData, headers })` — modify in flight.
-- `session.Fetch.failRequest({ requestId, errorReason: 'Failed' })` — simulate an error.
-
-`Fetch.enable` disables the HTTP cache for matching URLs. Disable `Fetch` as soon as you're done.
-
-## Cheap SPA "did the action succeed?" signal
-
-Many SPAs mutate state without a visible DOM change. A request-based wait is the cleanest signal:
-
-```js
-await session.Network.enable({})
-// click Save
-await session.Input.dispatchMouseEvent({ type: 'mousePressed', x, y, button: 'left', clickCount: 1 })
-await session.Input.dispatchMouseEvent({ type: 'mouseReleased', x, y, button: 'left', clickCount: 1 })
-await session.waitFor(
-  'Network.responseReceived',
-  (p) => p.response.url.includes('/save') && p.response.status === 200,
-  10_000
-)
-```
-
-## Traps
-
-- **`Network.enable` must be called before the request fires.** If you enable after the click, you'll miss the event. Enable once at session start and leave it.
-- **`Network.enable` is per-target.** After `session.use(iframe.targetId)`, call `Network.enable({})` again inside that target.
-- **Request IDs are unique per target, not global.** Don't pass an iframe `requestId` to a main-frame `getResponseBody` call.
-- **`waitFor` will reject on timeout**, not return `null`. Wrap in `try/catch` if you don't want the whole snippet to fail when the request doesn't happen.
diff --git a/packages/bcode-browser/skills/interaction-skills/print-as-pdf.md b/packages/bcode-browser/skills/interaction-skills/print-as-pdf.md
deleted file mode 100644
index 1b510debb..000000000
--- a/packages/bcode-browser/skills/interaction-skills/print-as-pdf.md
+++ /dev/null
@@ -1,69 +0,0 @@
-# Print as PDF
-
-Two completely different things the user may mean by "print to PDF":
-
-## 1. Render the current page to a PDF (what you usually want)
-
-```js
-const { data } = await session.Page.printToPDF({
-  printBackground: true,
-  paperWidth: 8.5,           // inches
-  paperHeight: 11,
-  marginTop: 0.4,
-  marginBottom: 0.4,
-  marginLeft: 0.4,
-  marginRight: 0.4,
-  preferCSSPageSize: true,   // respect @page in the site's CSS if set
-})
-// Cross-platform temp dir: /tmp on Linux, /var/folders/… on macOS, %TEMP% on Windows
-const { tmpdir } = await import('node:os')
-await Bun.write(`${tmpdir()}/page.pdf`, Buffer.from(data, 'base64'))
-```
-
-Works **without** any visible print dialog — Chrome renders the PDF server-side in the process. Undetectable by the page.
-
-Options worth knowing:
-- `landscape: true` — flip orientation
-- `displayHeaderFooter: true` + `headerTemplate` / `footerTemplate` — printed HTML. Inject values with class-tagged spans, not mustache variables: `<span class="pageNumber"></span>`, `<span class="totalPages"></span>`, `<span class="title"></span>`, `<span class="url"></span>`, `<span class="date"></span>`. Default font-size is tiny (1em ≈ 8pt) and the templates render with their own zero-margin print stylesheet, so set explicit `font-size` and `padding` if you care about layout.
-- `scale: 0.8` — shrink to fit
-- `pageRanges: '1-3,7'` — subset of pages
-- `transferMode: 'ReturnAsStream'` — for very large PDFs, returns a stream handle instead of a giant base64 blob
-
-## 2. The site has a "Print" button that opens a real print dialog
-
-Some sites call `window.print()` and rely on the user picking "Save as PDF" in the OS dialog. CDP **cannot** interact with the OS print dialog.
-
-Two ways around it:
-
-### A. Intercept `window.print` before the click
-
-```js
-await session.Runtime.evaluate({ expression: `
-  window.print = () => {
-    window.dispatchEvent(new Event('beforeprint'))
-    window.__printed__ = true
-  }
-`})
-// Click the site's Print button — the call is now a no-op
-// Then generate the PDF yourself:
-```
-Follow with `session.Page.printToPDF(...)` from option 1.
-
-Detectable by `window.print.toString()` — fine for most sites, risky for antibot.
-
-### B. Use the underlying URL
-
-Often the Print button just navigates to a print-friendly URL like `/invoice/123?print=1`. Find it with DevTools, then:
-
-```js
-await session.Page.navigate({ url: 'https://example.com/invoice/123?print=1' })
-// ...wait for load...
-await session.Page.printToPDF({ printBackground: true })
-```
-
-## Traps
-
-- **`printBackground: false` (default) skips background colors and images.** Invoices, receipts, and anything design-heavy look empty without it — turn it on unless you specifically want the "clean print" look.
-- **`Page.printToPDF` uses its own print-media CSS** (`@media print`). If the page hides elements with `display: none` under `@media print`, they'll be missing from your PDF. Override with `Emulation.setEmulatedMedia({ media: 'screen' })` first.
-- **Very large pages** (long reports, data tables) can hit Chrome's internal PDF size limits and fail silently. Split by `pageRanges` or reduce `scale`.
-- **Fonts may substitute.** Chrome uses system fonts for PDF rendering — if the site uses a webfont that isn't loaded at capture time, your PDF gets the fallback.
diff --git a/packages/bcode-browser/skills/interaction-skills/screenshots.md b/packages/bcode-browser/skills/interaction-skills/screenshots.md
deleted file mode 100644
index 6d1146992..000000000
--- a/packages/bcode-browser/skills/interaction-skills/screenshots.md
+++ /dev/null
@@ -1,61 +0,0 @@
-# Screenshots
-
-`session.Page.captureScreenshot` is your default discovery and verification tool.
-
-**Auto-attached.** Every successful `Page.captureScreenshot` made during a `browser_execute` call is automatically surfaced to you as an inline image attachment on the next turn — same channel the `read` tool uses for image files. You don't need to decode the base64, save it, or `read` it back to see the image.
-
-The `data` field on the return value still carries the base64 string for the rare case where you want to process the image programmatically (OCR, diff against a previous shot, dimension extraction).
-
-## Core calls
-
-```js
-// Viewport only (default) — fastest, matches what the user sees
-await session.Page.captureScreenshot({ format: 'png' })
-// You'll see the image inline on the next turn. No write/read step needed.
-
-// If you do want the bytes (e.g. to write to disk yourself):
-const { data } = await session.Page.captureScreenshot({ format: 'png' })
-const { tmpdir } = await import('node:os')
-await Bun.write(`${tmpdir()}/shot.png`, Buffer.from(data, 'base64'))
-
-// Full page — stitched beyond the viewport
-await session.Page.captureScreenshot({ format: 'png', captureBeyondViewport: true })
-
-// JPEG is ~5× smaller — good when you only need to eyeball
-await session.Page.captureScreenshot({ format: 'jpeg', quality: 70 })
-
-// A specific region (page coordinates)
-await session.Page.captureScreenshot({
-  format: 'png',
-  clip: { x: 0, y: 0, width: 800, height: 600, scale: 1 },
-})
-```
-
-## When to screenshot
-
-- **Discovery:** after navigating, before inventing a selector. A screenshot answers "is the thing I need visible and where?" faster than a DOM walk.
-- **Verification:** after every meaningful action. The DOM can lie about state; pixels cannot.
-- **Debugging coordinate clicks:** shot → read → `Input.dispatchMouseEvent` at (x, y) → shot again.
-
-## Element screenshots via `DOM.getBoxModel`
-
-When you want just one element:
-
-```js
-await session.DOM.enable()
-const { root } = await session.DOM.getDocument({})
-const { nodeId } = await session.DOM.querySelector({ nodeId: root.nodeId, selector: '.card' })
-const { model } = await session.DOM.getBoxModel({ nodeId })
-const [x, y] = model.border        // top-left
-const width = model.width
-const height = model.height
-await session.Page.captureScreenshot({ clip: { x, y, width, height, scale: 1 } })
-```
-
-`model.border` is `[x1,y1, x2,y1, x2,y2, x1,y2]` — 8 numbers, 4 corners. Take the first two for origin.
-
-## Traps
-
-- `captureBeyondViewport: true` re-layouts the page (fires resize). Don't use it in the middle of a user-driven flow — use viewport shots.
-- On high-DPI, `captureScreenshot` returns the device-pixel image. If you plan to coordinate-click on values read from the image, remember the CSS-pixel / device-pixel scale (see viewport.md).
-- Pages with fixed/sticky headers over `captureBeyondViewport` can produce duplicated headers down the stitched image.
diff --git a/packages/bcode-browser/skills/interaction-skills/scrolling.md b/packages/bcode-browser/skills/interaction-skills/scrolling.md
deleted file mode 100644
index b3e8868f9..000000000
--- a/packages/bcode-browser/skills/interaction-skills/scrolling.md
+++ /dev/null
@@ -1,75 +0,0 @@
-# Scrolling
-
-Three levels, in order of how often they work:
-
-1. **Wheel event at a point** — `Input.dispatchMouseEvent { type: 'mouseWheel' }`. Scrolls whichever element is under (x, y) and consumes wheel.
-2. **`scrollIntoView` on the element** — `Runtime.evaluate` with a short JS snippet. Works for anything in the DOM you can `querySelector`.
-3. **Set `scrollTop` directly on the container** — bypasses animations and snap.
-
-## Wheel (coordinate-based, closest to a real user)
-
-```js
-// scroll down 300px at the center of the viewport
-await session.Input.dispatchMouseEvent({
-  type: 'mouseWheel',
-  x: 600, y: 400,
-  deltaX: 0, deltaY: 300,
-})
-
-// scroll up
-await session.Input.dispatchMouseEvent({ type: 'mouseWheel', x: 600, y: 400, deltaX: 0, deltaY: -300 })
-```
-
-- Pick (x, y) over the element you want to scroll. If you wheel over a sticky header or a pinned sidebar, nothing happens.
-- Virtualized lists (`react-window`, TanStack Virtual): wheeling the container is the **only** reliable scroll; `scrollIntoView` on a child row often no-ops because the row isn't yet mounted.
-
-## scrollIntoView (DOM-based)
-
-```js
-await session.Runtime.evaluate({ expression: `
-  document.querySelector('[data-row-id="42"]')?.scrollIntoView({ block: 'center', behavior: 'instant' })
-`})
-```
-
-- `behavior: 'instant'` avoids the animation round-trip and your next action landing on old coordinates.
-- Fails silently if the selector doesn't match — always verify with a screenshot.
-
-## scrollTop / scrollLeft (blunt but reliable)
-
-```js
-await session.Runtime.evaluate({ expression: `
-  const el = document.querySelector('.list-scroll-container')
-  if (el) el.scrollTop = el.scrollHeight
-`})
-```
-
-Use when:
-- The container has custom `overflow: auto` and wheel events aren't reaching it.
-- You need to jump to absolute offsets (top, bottom, "row N × rowHeight").
-
-## Which container is consuming wheel events?
-
-Sites with multiple nested scrollers (modals inside pages, lists inside cards) make "scroll the page" ambiguous. Find the actual scroller:
-
-```js
-await session.Runtime.evaluate({
-  returnByValue: true,
-  expression: `
-    (() => {
-      const out = []
-      document.querySelectorAll('*').forEach(el => {
-        const s = getComputedStyle(el)
-        if ((s.overflowY === 'auto' || s.overflowY === 'scroll') && el.scrollHeight > el.clientHeight)
-          out.push({ tag: el.tagName, cls: el.className, h: el.clientHeight, scroll: el.scrollHeight })
-      })
-      return out
-    })()
-  `,
-})
-```
-
-## Traps
-
-- **`scroll-behavior: smooth`** in CSS makes everything animate — your `Input.dispatchMouseEvent` fires immediately, but the next coordinate click lands before the scroll finishes. Either set `behavior: 'instant'` on `scrollIntoView`, or `await new Promise(r => setTimeout(r, 400))` after wheeling.
-- **Re-read element rects after opening a dropdown / modal** before coordinate-clicking. Layout shifts invalidate cached coords.
-- **Wheel on a trackpad fires dozens of small delta events.** If a site's infinite-scroll sentinel requires momentum, a single `deltaY: 300` call may not trigger it — send several smaller wheels in a loop.
diff --git a/packages/bcode-browser/skills/interaction-skills/shadow-dom.md b/packages/bcode-browser/skills/interaction-skills/shadow-dom.md
deleted file mode 100644
index e3ac06e47..000000000
--- a/packages/bcode-browser/skills/interaction-skills/shadow-dom.md
+++ /dev/null
@@ -1,95 +0,0 @@
-# Shadow DOM
-
-Closed shadow roots are rare on the sites you're likely to automate. Most web components use open shadow roots — you can walk them from JS or have CDP traverse them for you with `pierce: true`.
-
-## First try: coordinate clicks
-
-Compositor-level clicks don't care about shadow roots. If you can see it in a screenshot, `Input.dispatchMouseEvent` can click it. This avoids all shadow-piercing entirely — reach for it first for buttons, links, and form triggers.
-
-## CDP path: `DOM.getDocument({ pierce: true })`
-
-`DOM.querySelector` / `DOM.querySelectorAll` do **not** accept a piercing flag. To search across shadow boundaries via CDP, fetch a flattened document tree (`pierce: true` on `DOM.getDocument` or `DOM.getFlattenedDocument`), walk the returned subtree to find the host node whose `shadowRoots[]` contains the element you want, then run `DOM.querySelector` against that shadow-root nodeId:
-
-```js
-await session.DOM.enable()
-const { root } = await session.DOM.getDocument({ depth: -1, pierce: true })
-
-// Walk the flat tree to find a shadow root inside <my-button>.
-function findShadowRoot(node, hostName) {
-  if (node.nodeName?.toLowerCase() === hostName && node.shadowRoots?.length) {
-    return node.shadowRoots[0]   // open root
-  }
-  for (const c of node.children ?? []) {
-    const hit = findShadowRoot(c, hostName)
-    if (hit) return hit
-  }
-  return null
-}
-const shadowRoot = findShadowRoot(root, 'my-button')
-if (!shadowRoot) throw new Error('shadow host not found')
-
-const { nodeId } = await session.DOM.querySelector({
-  nodeId: shadowRoot.nodeId,
-  selector: '.inner-label',
-})
-```
-
-For most automation tasks the JS-side recursive walk below is shorter and just as reliable.
-
-## JS path: recursive walk through `shadowRoot`
-
-More portable, works in any Chrome:
-
-```js
-await session.Runtime.evaluate({
-  returnByValue: true,
-  expression: `
-    (() => {
-      function* walk(root) {
-        const stack = [root]
-        while (stack.length) {
-          const node = stack.pop()
-          if (!node) continue
-          yield node
-          if (node.shadowRoot) stack.push(...node.shadowRoot.children)
-          stack.push(...(node.children || []))
-        }
-      }
-      for (const el of walk(document.body)) {
-        if (el.matches?.('.target-class')) {
-          const r = el.getBoundingClientRect()
-          return { x: r.x + r.width/2, y: r.y + r.height/2 }
-        }
-      }
-      return null
-    })()
-  `,
-})
-```
-
-Use the returned `{x, y}` for `Input.dispatchMouseEvent`.
-
-## Setting a value inside a shadow-DOM input
-
-Reaching the input is the hard part — setting the value is the same as any input:
-
-```js
-await session.Runtime.evaluate({ expression: `
-  (() => {
-    const host = document.querySelector('my-form')
-    const input = host.shadowRoot.querySelector('input[name=email]')
-    input.focus()
-    input.value = 'hi@example.com'
-    input.dispatchEvent(new Event('input', { bubbles: true, composed: true }))
-  })()
-`})
-```
-
-`composed: true` on the event lets it cross shadow boundaries — many web components listen on the host, not the internal input.
-
-## Traps
-
-- **Closed shadow roots** (`{ mode: 'closed' }`) cannot be walked from JS. Fall back to coordinate clicks + `Input.insertText`. Closed roots are rare — usually only password managers and some Google components.
-- **`slot` content lives in the light DOM**, not the shadow root. If your element has `<slot>…</slot>`, the children you're looking for are `host.children`, not `host.shadowRoot.children`.
-- **`::part()` / `::slotted()` CSS** affects styling but has no DOM-query equivalent — you still traverse `shadowRoot`.
-- Element screenshots via `DOM.getBoxModel` work even for shadow-DOM elements once you have the `nodeId`.
diff --git a/packages/bcode-browser/skills/interaction-skills/tabs.md b/packages/bcode-browser/skills/interaction-skills/tabs.md
deleted file mode 100644
index cc4ea490c..000000000
--- a/packages/bcode-browser/skills/interaction-skills/tabs.md
+++ /dev/null
@@ -1,75 +0,0 @@
-# Tabs
-
-Use **CDP for control** (attach, activate known targets, inspect). Use **UI automation for visible order**.
-
-## Pure CDP
-
-```js
-// List page targets (filtered; chrome:// / devtools:// dropped)
-const tabs = await listPageTargets()
-
-// Create a new tab and route subsequent calls to it
-const { targetId } = await session.Target.createTarget({ url: 'https://example.com' })
-await session.use(targetId)
-
-// Switch: route calls to another existing tab
-await session.use(otherTargetId)
-
-// Show this tab visibly in Chrome (different from `session.use` — which is CDP routing only)
-await session.Target.activateTarget({ targetId })
-
-// Close a tab
-await session.Target.closeTarget({ targetId })
-
-// What tab is session.use currently pointing at?
-const { targetInfo } = await session.Target.getTargetInfo({ targetId })
-```
-
-**`session.use` is CDP-side routing; `Target.activateTarget` is Chrome-side focus.** They are independent. If the user expects Chrome to visibly change, call `activateTarget` too.
-
-## Two things `Target.createTarget` quietly gets wrong
-
-1. **Race: `{ url }` in `createTarget` can resolve before navigation starts.** If you then poll `document.readyState`, you'll see `'complete'` for about:blank and move on. Safer:
-   ```js
-   const { targetId } = await session.Target.createTarget({ url: 'about:blank' })
-   await session.use(targetId)
-   await session.Page.enable()
-   await session.Page.navigate({ url: 'https://example.com' })
-   // now wait for Page.loadEventFired via session.waitFor
-   ```
-
-2. **New tab may open behind the active one.** Add `Target.activateTarget` if the user needs to see it.
-
-## Visible tab-strip order (platform UI)
-
-CDP's `Target.getTargets` returns an arbitrary order — not left-to-right.
-
-### macOS
-
-```applescript
-tell application "Google Chrome"
-  set out to {}
-  set i to 1
-  repeat with t in every tab of front window
-    set end of out to {tab_index:i, tab_title:(title of t), tab_url:(URL of t)}
-    set i to i + 1
-  end repeat
-  return out
-end tell
-```
-
-```applescript
-tell application "Google Chrome"
-  set active tab index of front window to 2
-  activate
-end tell
-```
-
-### Linux
-
-No AppleScript. Use `xdotool`, `wmctrl`, or desktop-environment scripting. The split is the same — CDP for attach/activate-by-id, window manager for visible ordering.
-
-## Traps
-
-- `listPageTargets()` already drops `chrome://` and `devtools://`. If you call `Target.getTargets` raw, you must filter yourself, or you'll attach to a 1px omnibox popup.
-- If a page reports `innerWidth=0 innerHeight=0`, you're probably attached to a non-window surface (omnibox popup, background tab that never rendered).
diff --git a/packages/bcode-browser/skills/interaction-skills/uploads.md b/packages/bcode-browser/skills/interaction-skills/uploads.md
deleted file mode 100644
index f87027ca9..000000000
--- a/packages/bcode-browser/skills/interaction-skills/uploads.md
+++ /dev/null
@@ -1,65 +0,0 @@
-# Uploads
-
-Never simulate clicks on `<input type="file">` — it opens the OS file picker, which CDP cannot dismiss. Set files directly via CDP instead.
-
-## The canonical path
-
-```js
-await session.DOM.enable()
-const { root } = await session.DOM.getDocument({ depth: -1 })
-const { nodeId } = await session.DOM.querySelector({
-  nodeId: root.nodeId,
-  selector: 'input[type="file"]',
-})
-if (!nodeId) throw new Error('no file input found')
-
-await session.DOM.setFileInputFiles({
-  nodeId,
-  files: ['/absolute/path/to/file.png'],
-})
-```
-
-- Paths must be **absolute**.
-- Multiple files: pass an array — only works if the input has `multiple`.
-- Fires `change` on the input just like a real selection would.
-
-## Hidden / off-screen file inputs
-
-Sites commonly hide `<input type="file">` (display:none, visibility:hidden, positioned off-screen) and expose a styled button that calls `input.click()`. `DOM.setFileInputFiles` works **regardless of visibility** — find the input directly, don't click the button:
-
-```js
-// Works even for display:none / opacity:0 inputs
-const { nodeIds } = await session.DOM.querySelectorAll({
-  nodeId: root.nodeId,
-  selector: 'input[type="file"]',
-})
-```
-
-If `querySelector` returns `nodeId: 0`, the input is inside a shadow root or iframe — see `shadow-dom.md` / `iframes.md`.
-
-## Drag-and-drop upload zones
-
-React/Vue dropzones (`react-dropzone`, etc.) often only react to `drop` events and have no `<input>`. Two paths:
-
-1. **Find the hidden input** — most dropzones still include one for accessibility. Inspect with `document.querySelectorAll('input[type=file]')` first.
-2. **Synthesize a DOM drop event with a DataTransfer containing your File**:
-   ```js
-   await session.Runtime.evaluate({ awaitPromise: true, expression: `
-     (async () => {
-       const resp = await fetch('https://example.com/file.png')
-       const blob = await resp.blob()
-       const file = new File([blob], 'file.png', { type: 'image/png' })
-       const dt = new DataTransfer()
-       dt.items.add(file)
-       const target = document.querySelector('.dropzone')
-       for (const type of ['dragenter','dragover','drop']) {
-         target.dispatchEvent(new DragEvent(type, { bubbles: true, cancelable: true, dataTransfer: dt }))
-       }
-     })()
-   `})
-   ```
-   Detectable by antibot — prefer path 1 if a hidden input exists.
-
-## Verifying the upload fired
-
-Listen for the `change` on the input, or watch the network via `Network.requestWillBeSent` for the upload POST. A screenshot alone often won't show that the file attached — use the network trace.
diff --git a/packages/bcode-browser/skills/interaction-skills/viewport.md b/packages/bcode-browser/skills/interaction-skills/viewport.md
deleted file mode 100644
index 715f9cc1d..000000000
--- a/packages/bcode-browser/skills/interaction-skills/viewport.md
+++ /dev/null
@@ -1,70 +0,0 @@
-# Viewport
-
-Coordinate clicks depend on viewport size; layouts depend on viewport size; a lot of flaky automation traces to a viewport that silently changed.
-
-## Read the current viewport
-
-```js
-const { result } = await session.Runtime.evaluate({
-  returnByValue: true,
-  expression: `
-    JSON.stringify({
-      w: innerWidth, h: innerHeight,
-      sx: scrollX, sy: scrollY,
-      pw: document.documentElement.scrollWidth,
-      ph: document.documentElement.scrollHeight,
-      dpr: devicePixelRatio,
-    })
-  `,
-})
-const vp = JSON.parse(result.value)
-```
-
-`innerWidth`/`innerHeight` is the **CSS-pixel** viewport — what coordinate clicks use. `devicePixelRatio` multiplies for actual screen pixels (`captureScreenshot` output dimensions).
-
-## Force a specific size (CSS pixels)
-
-```js
-await session.Emulation.setDeviceMetricsOverride({
-  width: 1280,
-  height: 800,
-  deviceScaleFactor: 1,   // 0 = use real DPR; set to 2 for retina-like
-  mobile: false,
-})
-```
-
-All subsequent `Input.dispatchMouseEvent` coordinates are in this 1280×800 space — pin it at the start of a session so coordinates stay stable.
-
-Clear it back to the actual window size:
-
-```js
-await session.Emulation.clearDeviceMetricsOverride()
-```
-
-## Mobile emulation
-
-```js
-await session.Emulation.setDeviceMetricsOverride({
-  width: 390, height: 844,
-  deviceScaleFactor: 3,
-  mobile: true,
-})
-await session.Emulation.setTouchEmulationEnabled({ enabled: true })
-await session.Network.setUserAgentOverride({
-  userAgent: 'Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1',
-})
-```
-
-Mobile triggers responsive breakpoints and enables touch events. Sites with `@media (hover: hover)` also flip their hover affordances off.
-
-## `w=0 h=0` is a target problem, not a viewport problem
-
-If `Runtime.evaluate('innerWidth')` returns 0, you're attached to a non-window surface (omnibox popup, a DevTools target). See `connection.md` / `tabs.md` — use `listPageTargets()` and re-route with `session.use(...)`.
-
-## Traps
-
-- **Coordinate clicks become wrong as soon as the viewport changes.** Re-read rects with `getBoundingClientRect()` after any resize, not just after scrolling.
-- **`captureScreenshot` returns device pixels, not CSS pixels.** If `devicePixelRatio = 2` and you eyeball an element at (400, 300) in the screenshot, click at (200, 150) in CSS pixels.
-- **`setDeviceMetricsOverride` persists across navigations** within the session — remember to clear it at the end if the user is going to keep using the browser.
-- **Some sites guard against resize storms** (e.g. `window.addEventListener('resize', debounce)`). After `setDeviceMetricsOverride`, wait ~300ms before reading rects or clicking.
-- **Responsive sites that use `matchMedia` at page load** may not re-evaluate breakpoints after override. Apply `setDeviceMetricsOverride` **before** `Page.navigate`, not after.
diff --git a/packages/bcode-browser/src/index.ts b/packages/bcode-browser/src/index.ts
index 578823db8..5405a7a6d 100644
--- a/packages/bcode-browser/src/index.ts
+++ b/packages/bcode-browser/src/index.ts
@@ -11,7 +11,7 @@
 //   src/browser-execute.ts — in-process JS-eval browser_execute body
 //   src/session-store.ts   — per-opencode-session CDP Session map
 //   src/skills.ts          — runtime resolver for embedded skills
-//   skills/                — BROWSER.md + interaction-skills/*.md + cloud-browser.md (embedded into binary)
+//   skills/                — BROWSER.md + cloud-browser.md (embedded into binary)
 //
 // Cloud browser provisioning is intentionally NOT a separate Level-1
 // surface. The agent reads `skills/cloud-browser.md` and writes the
diff --git a/packages/bcode-browser/test/skills.test.ts b/packages/bcode-browser/test/skills.test.ts
index fee8fa3b0..aa65c83d2 100644
--- a/packages/bcode-browser/test/skills.test.ts
+++ b/packages/bcode-browser/test/skills.test.ts
@@ -14,10 +14,9 @@ test("resolveSkillsDir materializes skills with {{SKILLS_DIR}} substituted", asy
   try {
     const dir = await Skills.resolveSkillsDir(dataDir)
     expect(dir).toBe(path.join(dataDir, "skills"))
-    const browser = await fs.readFile(path.join(dir, "BROWSER.md"), "utf8")
+    const browser = (await fs.readFile(path.join(dir, "BROWSER.md"), "utf8")).replaceAll("\\", "/")
     expect(browser).not.toContain("{{SKILLS_DIR}}")
-    expect(browser).toContain(path.join(dir, "cloud-browser.md"))
-    expect(browser).toContain(path.join(dir, "interaction-skills"))
+    expect(browser).toContain(`${dir.replaceAll("\\", "/")}/cloud-browser.md`)
   } finally {
     await fs.rm(dataDir, { recursive: true, force: true })
   }
@@ -29,14 +28,15 @@ test("different dataDirs get their own substituted paths", async () => {
   try {
     const dirA = await Skills.resolveSkillsDir(a)
     const dirB = await Skills.resolveSkillsDir(b)
-    const [browserA, browserB] = await Promise.all([
+    const [browserA, browserB] = (await Promise.all([
       fs.readFile(path.join(dirA, "BROWSER.md"), "utf8"),
       fs.readFile(path.join(dirB, "BROWSER.md"), "utf8"),
-    ])
-    expect(browserA).toContain(dirA)
-    expect(browserB).toContain(dirB)
-    expect(browserA).not.toContain(dirB)
-    expect(browserB).not.toContain(dirA)
+    ])).map((s) => s.replaceAll("\\", "/"))
+    const [a2, b2] = [dirA.replaceAll("\\", "/"), dirB.replaceAll("\\", "/")]
+    expect(browserA).toContain(a2)
+    expect(browserB).toContain(b2)
+    expect(browserA).not.toContain(b2)
+    expect(browserB).not.toContain(a2)
   } finally {
     await fs.rm(a, { recursive: true, force: true })
     await fs.rm(b, { recursive: true, force: true })
diff --git a/packages/opencode/src/tool/browser-execute.ts b/packages/opencode/src/tool/browser-execute.ts
index e7dd420c5..ec9c74e05 100644
--- a/packages/opencode/src/tool/browser-execute.ts
+++ b/packages/opencode/src/tool/browser-execute.ts
@@ -25,7 +25,7 @@ export const BrowserExecuteTool = Tool.define(
   Effect.gen(function* () {
     const impl = yield* BrowserExecute.make(Global.Path.data)
     return {
-      // Substitute the resolved skills path so SKILL.md / interaction-skills
+      // Substitute the resolved skills path so BROWSER.md / cloud-browser.md
       // references in the description point at concrete locations. Workspace
       // is per-project and agent-discoverable from cwd, so it's not
       // substituted here.
diff --git a/packages/opencode/src/tool/browser-execute.txt b/packages/opencode/src/tool/browser-execute.txt
index 62a73ec53..d4085e350 100644
--- a/packages/opencode/src/tool/browser-execute.txt
+++ b/packages/opencode/src/tool/browser-execute.txt
@@ -10,5 +10,3 @@ Snippet scope:
 - standard JS globals (`console.log` etc. stream back to the user; `process.env` is available for reading `BROWSER_USE_API_KEY` etc.).
 
 Top-level `import` is not allowed inside a snippet. To reuse code across calls, save it as a `.ts` file under `./.bcode/agent-workspace/` (per-project, tracked-by-default in git) and `await import("/abs/path?t=" + Date.now())` it from a later snippet.
-
-For UI-mechanic recipes, list `{{SKILLS_DIR}}/interaction-skills/` to see all available topics, then `read` the relevant ones. Skills are documentation; they document what to write, never what to import.