Skip to content

Releases: lcjanke2020/cdp-mcp

v0.2.2

10 Jun 20:53
@lcj-claude-coder lcj-claude-coder
v0.2.2
1602a6d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.2.2 Latest
Latest

Patch release — set_breakpoint reliability fix. No API changes: the 48-tool surface from v0.2.0 is unchanged.

Fixed

  • set_breakpoint no longer spirals into a non-recoverable internal_error (#24, PR #25). After a re-navigation / HMR re-parse the ScriptStore could hold two records for one bundle URL, so the candidate loop issued colliding Debugger.setBreakpointByUrl calls; the throw escaped before any record was stored, so the idempotency guard could never short-circuit — the source line stayed permanently un-settable for the session and an agent trusting the error would burn its iteration budget. Dedup now keys on physical CDP identity (sessionId, url, line, col) across all matching script records, plus a generated-layer idempotency guard (already-set / breakpoint_conflict). Surfaced by the kimi-k2.6 L4 eval run (deep-source-map / compute-step) — a code issue, not a model one.

Known follow-up

  • #26 — two deferred, non-blocking findings from the PR #25 review pass: (1) an orphaned mid-loop bind can re-create the same spiral via a different door (candidate k>1 failing after 1..k-1 already bound, with no record stored); (2) duplicate-record collapse keeps the oldest script_id, which can stale out a follow-up get_script_source. Both pre-existing/latent and judged non-blocking; tracked for a later patch.

Install

npm install -g cdp-mcp@0.2.2

Published from CI via GitHub Actions OIDC trusted publishing, with SLSA build provenance.

Full changelog: v0.2.1...v0.2.2

Assets 2
Loading

v0.2.1 — dependency security fixes

10 Jun 18:30
@lcj-claude-coder lcj-claude-coder
v0.2.1
508321a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.2.1 — dependency security fixes

Patch release — dependency security fixes. No API changes: the 48-tool surface from v0.2.0 is unchanged.

Security (consumer-facing)

  • hono 4.12.20 → 4.12.25 (transitive, via @modelcontextprotocol/sdk) — clears 4 moderate advisories: IPv6 deny-rule bypass, Set-Cookie injection, JWT auth-scheme, and mount-prefix routing.
  • qs → 6.15.2 — clears a stringify DoS.
  • npm audit --omit=dev is now clean (0 vulnerabilities).

Maintenance (dev / CI — not shipped in the tarball)

  • vitest 2 → 4, clearing a dev-only critical advisory and the vite/esbuild chain (all-scope audit now clean).
  • GitHub Actions bumped off the deprecated Node 20 runtime (checkout v6, setup-node v6, upload-artifact v7), SHA-pinned.

Validated by a full L4 agent-eval rerun on Kimi (the hono swap sits on the SSE transport path).

Install

npm install -g cdp-mcp@0.2.1

Published from CI via GitHub Actions OIDC trusted publishing, with SLSA build provenance.

Full changelog: v0.2.0...v0.2.1

Loading

v0.2.0 — form-driving + session-portability tools

10 Jun 00:49
@lcj-claude-coder lcj-claude-coder
v0.2.0
eaa7ecb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.2.0 — form-driving + session-portability tools

First release shipping the driving + session-portability tool surface. The published 0.1.x line was the debugger core only; these 9 tools merged after v0.1.3 and reach npm for the first time here. 48 tools across 11 categories.

New MCP tools

Form driving

  • fill — set the value of a text <input> / <textarea> / contenteditable
  • select_option — choose an <option> by value, label, or index
  • check / uncheck — idempotent checkbox + radio toggling
  • suggest_locator — recommend a robust, semantic locator for an element

Session portability

  • export_storage_state / load_storage_state — Playwright-style storage-state round-trip (localStorage + cookies)
  • get_cookies / set_cookies — cookie read/write (redacted on read)

Also in this release

  • Published the LocatorSpec contract + shared locator runtime; the dom tools were refactored onto it.
  • Hardened SECURITY.md (agent-operator threat model + deployment hardening) and README updates.

Install

npm install -g cdp-mcp@0.2.0

Published from CI via GitHub Actions OIDC trusted publishing, with SLSA build provenance attached.

Full changelog: v0.1.3...v0.2.0

Loading

v0.1.3 — DeepSeek/Kimi reasoning + cache accounting (eval harness)

07 Jun 15:51
@lcj-claude-coder lcj-claude-coder
v0.1.3
e83b8de
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.1.3 — DeepSeek/Kimi reasoning + cache accounting (eval harness)

Eval-harness-only release. The production MCP server is unchanged — all changes are under evals/.

Changes since v0.1.2

  • DeepSeek V4 reasoning in the L4 harness — reasoning_content captured to the .thinking sidecar and replayed on tool-call turns (V4 requires it, same as Kimi/Moonshot; verified against the live API). (#9, LEO-233)
  • Per-request output cap raised 4096 → 32K so reasoning turns aren't truncated mid-thought (finish_reason: length). (#7)
  • Prompt-cache accounting for DeepSeek + Moonshot — cache hits billed at the cache-read rate (prompt_cache_hit_tokens / prompt_tokens_details.cached_tokens), with cached clamped ≤ prompt tokens. Fixes v1 over-billing (a DeepSeek run dropped $13.43 → $0.74).

Full Changelog: v0.1.2...v0.1.3

Loading

v0.1.2

05 Jun 17:00
@ljanke-agents ljanke-agents
v0.1.2
47f552c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.1.2

Fixes

SSE transport fixes (#1) — surfaced via GitHub Copilot CLI over SSE:

  • Tools now register over SSE. Emit notifications/tools/list_changed once after the client initializes, so clients that gate their first tools/list on that notification no longer load zero tools.
  • Idle SSE connections stay alive. Send periodic : keepalive comment frames so streams aren't torn down by the HTTP body-idle timeout (~12 min). Tunable via CDP_MCP_SSE_KEEPALIVE_MS (default 25s; 0 disables).

Also: an import-safe main() guard so the entrypoint can be unit-tested, and the McpServer serverInfo version now tracks the package version.

PR: #2 · Closes: #1

Loading

v0.1.1

04 Jun 16:50
@lcjanke2020 lcjanke2020
v0.1.1
702ce06

Choose a tag to compare

View all tags
v0.1.1

First release published automatically via GitHub Actions using npm trusted publishing (OIDC) with build provenance. No functional change from v0.1.0 — validates the automated, tokenless release pipeline.

Loading

v0.1.0 — initial public release

04 Jun 15:38
@lcjanke2020 lcjanke2020
v0.1.0
53940b0

Choose a tag to compare

View all tags
v0.1.0 — initial public release

First public release of cdp-mcp — a Model Context Protocol (MCP) server that exposes the Chrome DevTools Protocol to AI agents as a TypeScript-aware frontend debugger.

Highlights

  • 39 MCP tools: browser launch/attach, source-mapped breakpoints, stepping, paused-frame inspection (call stack / scope / evaluate), buffered console + network, and structured DOM driving (locate / wait_for / get_form_state).
  • Agents work in TypeScript source coordinates; the server resolves source maps and translates to JS for CDP under the hood.
  • stdio transport (default, for Claude Code / Copilot CLI) and SSE transport (loopback) for service mode.
  • Backed by an L1–L4 test pyramid: unit, fake-CDP contract, real-browser e2e, and a multi-vendor LLM agent-eval harness.

Install

npm install
npm run build
node dist/index.js   # stdio MCP transport

See the README to wire it into Claude Code. Alpha — see SECURITY.md before exposing the SSE transport.

Loading