Chromeflow

Guided web assistance for Claude Code and Codex CLI

Chromeflow: guided browser actions for Claude Code and Codex CLI Chromeflow connects your coding agent (Claude Code or OpenAI's Codex CLI) to your real Chrome browser. When the agent needs you to set up a third-party service, grab API keys, configure billing, or do anything in a web UI, Chromeflow drives it visually in the browser you're already logged into. Hardened across 500+ hours of real-world automations - anti bot Chromeflow isn't a weekend project. Over 500+ hours of building and battle-testing across paid task work, billing dashboards, OAuth handshakes, multi-step forms, React-heavy SPAs, and aggressively anti-bot platforms, every quirky failure mode has been hunted down and patched. The result is a Chrome extension engineered to be bulletproof on complex web pages and undetectable to strict anti-automation checks: - CDP-dispatched mouse and keyboard events with isTrusted=true. No Playwright-style synthetic events that anti-bot frameworks reject on sight. - Curved-path mouse trajectories with ease-out timing, randomized landing points within the central 60% of the target, settle-hover micro-tremor, and humanized press/release pauses. Behavioral fingerprinters that score on trajectory smoothness (LinkedIn, Akamai) see real movement, not teleport clicks. - PointerEvent isPrimary=true alongside MouseEvent on every dispatch, plus a non-zero pressure value via force. Stricter Web Components (Reddit's faceplate-textarea-input, X's tweet composer) that check event shape in addition to isTrusted now accept the click. - Closed-shadow-DOM piercing across every primitive (find_text, click_element, fill_input, fill_form, set_file_input, wait_for, scroll_to_element, get_page_text, get_page_html, get_form_fields, react_call_prop). Radix, Stencil, Lit, and other modern web-component frameworks are not blind spots. - WebRTC IP-leak suppression, visibility-API patching, and other stealth defaults applied at document_start in the page's MAIN world. - A 1500ms post-click activity probe that detects silent rejections (DOM mutations, focus change, URL change, value/checked change, alert/toast/modal) and falls back to React-fiber onClick invocation on opt-in. - Anti-bot block-page detection on every open_page and fetch_url. The response carries anti_bot_detected: "Cloudflare challenge" / "Akamai block" / "PerimeterX captcha" / "DataDome captcha" / "Imperva/Incapsula block" / "Kasada challenge" / "Sucuri firewall block" so the agent doesn't waste a debugging cycle parsing a block page as the intended content. - Auto-dismiss of Chrome's "Are you sure you want to leave?" beforeunload dialog on programmatic navigation, with a dismissed_beforeunload: true flag in the response so the agent knows there was unsaved content. - Real Chrome, real sessions, real cookies, real fingerprint. No fresh Puppeteer profile for the page to flag. Validated platforms Every release runs end-to-end procedures against live targets. Live status, dates, and per-platform competitor comparisons at chromeflow.run/validated. Currently validated working: Reddit (composer expand + comment typing), X / Twitter (tweet input), LinkedIn (feed composer), Facebook (feed composer), Instagram (React input), Radix portal dialog scoping, Stencil closed-shadow piercing, TipTap / ProseMirror typing with silent-drop auto-recovery. Why your real Chrome Tools like Playwright and Browser Use launch a fresh, empty browser. No cookies, no sessions, no 2FA. Chromeflow runs in your actual Chrome, where you're already signed into Stripe, AWS, Supabase, and everything else. The agent automates what it can and pauses for the parts that genuinely need you. What it does - Highlights what to click with on-screen callouts - Clicks buttons, fills forms, uploads files, switches tabs, navigates pages - Reads page content as a human does, including React-controlled inputs, contenteditable editors (Stripe, Notion), CodeMirror, Monaco, TipTap / ProseMirror, same-origin iframes, and open AND closed shadow roots - Captures API keys and secrets and writes them straight to your .env - Clicks at viewport coordinates for cross-origin iframes that can't be entered by DOM lookup (Universe Explorer-style embedded apps) - Pauses only for steps that genuinely need you: passwords, payment details, 2FA codes, personal choices How it works Chromeflow is two halves that work together: - This Chrome extension acts on the active tab (highlights, clicks, fills, uploads) - A plugin for your agent (Claude Code or Codex CLI) gives the agent an MCP server with 30 browser tools and a usage skill (split into focused topic references) so it knows when to reach for them The agent drives the flow end-to-end. You watch and step in when something needs a human. Run Claude Code and Codex side-by-side in different Chrome windows; the popup shows which session is which with a host badge on each row. Things the agent can do with Chromeflow - "Set up Stripe, create a product with monthly and annual pricing, write the price IDs to .env" - "Open Supabase and grab my project's anon key and service role key" - "Configure SendGrid webhooks for this app and verify the test event lands" - "Fill out this 40-field onboarding form using the data in customer.json" - "Watch the Vercel deploy and tell me when it finishes, open the logs if it fails" - "Pre-fill a Reddit comment with this body, then highlight the submit so I can click it" - "Read the inputs inside this Stencil web component (closed shadow) and tell me which fields are empty" Setup 1. Install the extension. Click Add to Chrome above. 2. Install the plugin in your agent (one time, machine-wide). Claude Code: /plugin marketplace add https://gitlab.com/NeoDrew/chromeflow.git /plugin install chromeflow Codex CLI: codex plugin marketplace add https://gitlab.com/NeoDrew/chromeflow.git /plugins (then select chromeflow, install) 3. Restart the agent. That's it. The plugin registers the MCP server and ships the usage skill, no per-project setup. The agent will reach for Chromeflow automatically whenever a task needs browser interaction. What's new in 0.10.2 - beforeunload auto-dismiss: open_page no longer blocks on Chrome's "Are you sure you want to leave?" dialog. The dialog is auto-accepted via CDP Page.handleJavaScriptDialog, and the response carries dismissed_beforeunload: true when the previous page had unsaved content (typed text in a composer, form draft, etc.) so the agent can decide whether to navigate back and recover. Recent releases: 0.10.1 - anti_bot_detected field on open_page and fetch_url responses. Tier-1 regex pass against Cloudflare (challenge form, JS challenge, firewall error codes), Akamai (Reference # block, Pardon Our Interruption), PerimeterX, DataDome, Imperva/Incapsula, Sucuri, Kasada, plus generic network-security block markers. 0.10.0 - Skill restructure: SKILL.md slimmed to ~250 lines of routing + most common patterns, deep references moved to references/anti-bot.md, references/shadow-dom.md, references/forms.md, references/react-recipes.md, references/multi-tab.md, references/errors.md, references/discovery.md. - get_page_text and take_screenshot responses now include viewport, page, and scroll metadata so the agent can compute click_at_coordinates positions without a separate execute_script probe. - New get_page_html(selector?, max_chars?) tool. Third primitive alongside get_page_text and find_text, returns raw outerHTML scoped to a selector with closed-shadow piercing. Use when get_page_text strips too much structure for parsing tables / attribute extraction. - Anti-bot validation harness in tests/antibot/ with 9 documented procedures, run-local.sh runner, last-run.json artifact that the chromeflow.run/validated page auto-loads. 0.9.14 - TipTap / ProseMirror silent-drop auto-recovery on type_text. Post-type verification reads back the editor; when less than 50% of expected content survived AND the target is inside a .tiptap / .ProseMirror / [data-tiptap-editor] ancestor, falls back to execCommand insertText (the path those editors accept). Response message records the recovery. - whole_word flag on find_text and wait_for(text=...). Eliminates common-English-word false positives ("Live" matching "delivery", "Done" matching "abandoned", "New" matching "renew"). - Debugger attach retries bumped from 3 to 5 with longer backoff to catch transient internal races. 0.9.13 - click_element phase budgets. Each phase (CDP click, activity probe, fiber walk, second probe) wraps in its own timeout. When a phase exceeds its budget the response carries phase_timed_out: "<phase>" so the agent knows WHICH part hung instead of timing out the whole call against the 30s WS cap. - $deep, $deepAll, shadowDocument helpers pre-injected into every execute_script body. No more 4-line shadow-DOM-walking preambles per script call. - Object auto-stringify in execute_script. Return an object and the response carries its JSON, no wrap in JSON.stringify needed. - New click_at_coordinates(x, y, button?, double?) tool for cross-origin iframes. Same humanlike CDP bezier sequence as click_element. Coords are viewport CSS pixels matching list_frames.x/y/w/h. - click_element gains in_dialog and dialog_query scoping for Radix-style portaled dialogs. - click_element gains via: "auto" | "cdp" | "fiber" flag. via: "fiber" skips the CDP click entirely on React-fiber-only sites. - wait_for(text=...) accepts an array for any-of mode and captures last_text on timeout. wait_for(text="Live", whole_word=true) prevents common-word false positives. - type_text emits progress heartbeats every 200 chars so the WS request timer resets on long typings (~1800-char inputs complete reliably). - take_screenshot fast-fails when document.fullscreenElement is set with a clear recovery hint (captureVisibleTab usually hangs in fullscreen). - fill_input(selector=...) and react_call_prop now pierce closed shadow roots via content-script tagging. - switch_to_tab echoes the landed URL and title in the response. - get_form_fields(only_empty=true) filters to required-but-empty fields as a "why is Submit disabled" diagnostic. Requirements - Google Chrome - Claude Code (https://claude.com/claude-code) or Codex CLI (https://developers.openai.com/codex/cli) - Node.js 22 (the plugin's MCP server needs it)