{"id":50399084,"url":"https://github.com/ecomcj/agentscribe","last_synced_at":"2026-05-30T22:02:47.844Z","repository":{"id":358293780,"uuid":"1231485373","full_name":"EcomCJ/AgentScribe","owner":"EcomCJ","description":"Chrome extension that records browser workflows — DOM, network, cookies, storage, auth — and exports a self-contained replay artifact an agent can use without going back to the page.","archived":false,"fork":false,"pushed_at":"2026-05-21T17:53:48.000Z","size":2130,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-25T06:45:34.704Z","etag":null,"topics":["agent","auth-state","browser-recorder","cdp","chrome-extension","manifest-v3","mcp","playwright","postman","session-capture","web-automation","workflow-recording"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EcomCJ.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-07T02:20:49.000Z","updated_at":"2026-05-21T17:53:53.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/EcomCJ/AgentScribe","commit_stats":null,"previous_names":["cjmedia72/agentscribe","ecomcj/agentscribe"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/EcomCJ/AgentScribe","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EcomCJ%2FAgentScribe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EcomCJ%2FAgentScribe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EcomCJ%2FAgentScribe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EcomCJ%2FAgentScribe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EcomCJ","download_url":"https://codeload.github.com/EcomCJ/AgentScribe/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EcomCJ%2FAgentScribe/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33711018,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-30T02:00:06.278Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","auth-state","browser-recorder","cdp","chrome-extension","manifest-v3","mcp","playwright","postman","session-capture","web-automation","workflow-recording"],"created_at":"2026-05-30T22:02:47.697Z","updated_at":"2026-05-30T22:02:47.834Z","avatar_url":"https://github.com/EcomCJ.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"docs/logo.png\" alt=\"AgentScribe\" width=\"160\" /\u003e\n\n# AgentScribe\n\n**Record a browser workflow once. Hand the bundle to an agent. Automate forever.**\n\n![Version](https://img.shields.io/badge/version-1.0.14-ef4444?style=flat-square)\n![Manifest](https://img.shields.io/badge/manifest-v3-3b82f6?style=flat-square)\n![Platform](https://img.shields.io/badge/Chrome%20%7C%20Edge%20%7C%20Brave-supported-22c55e?style=flat-square)\n![Local](https://img.shields.io/badge/local--only-no%20telemetry-8b5cf6?style=flat-square)\n\n\u003c/div\u003e\n\n---\n\n## What it does\n\nChrome extension that records every layer of a browser session — DOM clicks and inputs, network requests with full headers/payloads/response bodies, cookies, localStorage, sessionStorage, IndexedDB, WebSocket frames, OAuth popups, anti-bot challenge layers, auth tokens, CSRF tokens, OTP fields — and packages it into a single artifact an agent can replay without ever opening DevTools.\n\n```\n1. Press Ctrl+Shift+R\n2. Do the workflow (click, type, navigate)\n3. Press Ctrl+Shift+R (or click ⏹ in overlay)\n4. Export as Bundle\n5. Paste into Claude Code / ChatGPT / Cursor / any agent\n6. Agent has cookies + auth + endpoints + replay script\n```\n\nThe agent doesn't need to F12 the platform anymore. The recording already did it.\n\n---\n\n## Capabilities (v1.0.14)\n\n### What gets captured\n\n| Layer | What's captured | How |\n|---|---|---|\n| **DOM events** | Every click, input, navigation, scroll, paste, keydown | Content script listeners |\n| **Network** | XHR + Fetch + Document with full headers / payloads / response bodies | `chrome.debugger` CDP (primary) + `chrome.webRequest` (fallback) |\n| **Page-context fetch / XHR** | Service-worker-routed and PWA-internal requests that webRequest misses | MAIN-world `window.fetch` + `XMLHttpRequest` proxy |\n| **WebSocket / EventSource** | Connect URL, sub-protocols, every send/receive frame | MAIN-world constructor wrap |\n| **Cookies** | Full metadata (name, value, domain, path, expiration, httpOnly, secure, sameSite) on start / each navigation / end | `chrome.cookies.getAll` |\n| **localStorage / sessionStorage** | Full key/value dump on start + each navigation | Page-context snapshot |\n| **IndexedDB** | Store metadata + key samples + schema | `indexedDB.databases()` enumeration |\n| **Loaded JS bundle** | Static scan for API base URLs, endpoint string literals, refresh endpoints, GraphQL endpoints, HMAC signing functions (CryptoJS / SubtleCrypto / custom) | Regex pass over fetched script sources |\n| **Form fields** | Every input with CSS selector + XPath + form action + POST param name | DOM scan + MutationObserver |\n| **OAuth popups** | Auto-followed when opened from tracked tab | `chrome.tabs.onCreated` |\n\n### What gets classified\n\n| Classifier | Output |\n|---|---|\n| **Auth scheme** | `jwt-bearer` / `session-cookie` / `api-key` / `csrf` / `hmac-signed` / `oauth-bearer` / `custom` — per request and aggregated session-level |\n| **JWT decode** | Auto-decoded `exp`, `iss`, `aud` — refresh schedule inferred |\n| **Anti-bot layer** | Cloudflare Turnstile, PerimeterX, Akamai, hCaptcha, reCAPTCHA flagged |\n| **OTP / 2FA fields** | Tagged `runtime_input_required: true` (recorded value will be expired at replay) |\n| **CSRF source** | Header / cookie / hidden input / endpoint traced back |\n| **Pagination cursor** | `nextPageToken`, `cursor`, `_next`, `after`, `continuation` detected in responses |\n| **Mutating endpoints** | POST/PUT/PATCH/DELETE tagged `mutates_state: true` |\n| **Workflow outcome** | Heuristic success/failed/uncertain with user-override pill on the session card |\n\n### What gets exported\n\n| Format | Use |\n|---|---|\n| **Raw JSON** | Source of truth — every event, every header, every snapshot |\n| **Playwright** | Runnable `.js` script with `storageState` pre-injected (cookies + localStorage) for zero-F12 replay |\n| **Postman** | Collection with `{{auth_token}}` / `{{csrf_token}}` env vars + companion environment file |\n| **SOP** | Markdown runbook with auth-flow section, hidden-state section, replay caveats |\n| **MCP** | Machine-readable config for an MCP server — `auth_state`, `discovered_endpoints`, `pagination_strategies`, `semantic_endpoints`, `ws_exchanges` |\n| **Bundle** | All 6 in one JSON file, cross-checked for internal consistency, agent-instruction header included |\n| **Clipboard shim** | ~9KB lean payload — pastes directly into Claude / GPT context without crashing on size |\n\n---\n\n## Install\n\n```bash\ngit clone https://github.com/cjmedia72/AgentScribe\n```\n\nThen in Chrome:\n\n1. Open `chrome://extensions`\n2. Toggle **Developer mode** on (top-right)\n3. Click **Load unpacked**\n4. Select the `AgentScribe` folder\n\nFor `cookies` permission to take effect, Chrome will prompt: *\"AgentScribe now needs: Read and modify your cookies\"* — accept. Required for the v1.0.13+ auth-state capture.\n\n---\n\n## Usage\n\n### Hotkey\n\n`Ctrl+Shift+R` (Windows / Linux) or `Cmd+Shift+R` (macOS) toggles recording on the active tab.\n\n### Overlay controls\n\nA small floating widget appears in the bottom-right of any page being recorded:\n\n- **⏸** Pause recording (counter freezes, overlay turns amber)\n- **⏹** Stop and auto-open extension popup\n- **Live timer + event counter**\n\n### Sessions page\n\nClick the AgentScribe icon → **VIEW ALL SESSIONS**. Each saved session has:\n\n- Preview button (👁) — timeline view of all captured events\n- BUNDLE button — download the full JSON bundle\n- Clipboard button (📋) — copy lean shim to clipboard for agent paste\n- Per-format export buttons (JSON / PW / PM / SOP / MCP)\n- Notes field — autosaves\n- Outcome pill — heuristic success/failed/uncertain, click to override\n- Delete\n\n---\n\n## Architecture\n\n```\n┌─────────────────┐    ┌────────────────────┐    ┌─────────────────┐\n│ content.js +    │ ←→ │ background.js (SW) │ ←→ │ chrome.storage  │\n│ MAIN-world      │    │                    │    │ .local          │\n│ proxies         │    │ - CDP debugger     │    │                 │\n│                 │    │ - webRequest       │    │ - sessions[]    │\n│ - DOM events    │    │ - cookies API      │    │ - settings      │\n│ - storage dump  │    │ - tabs.onCreated   │    │                 │\n│ - bundle scan   │    │ - correlation      │    └─────────────────┘\n│ - WS / fetch    │    │ - auth classifier  │            │\n│ - field scan    │    │ - outcome detect   │            │\n└─────────────────┘    └────────────────────┘            │\n                                                          ↓\n                                                  ┌───────────────┐\n                                                  │ Sessions UI + │\n                                                  │ Popup +       │\n                                                  │ Exporters     │\n                                                  └───────────────┘\n```\n\nEvery capture layer runs in parallel. Correlation engine links DOM events to the network requests they triggered (1s window). At stop time: slim → persist → export.\n\n---\n\n## Privacy\n\n- **No telemetry. No cloud. Everything runs local.**\n- Sessions live in `chrome.storage.local` with `unlimitedStorage` permission.\n- Exports go to your Downloads folder.\n- Cookies, tokens, and storage are captured **raw** — that's the point.\n- **Treat every bundle file like a credential.** Don't paste raw bundles into untrusted services. Don't commit them to public repos.\n- Sensitive fields (password / credit card / SSN) auto-redact unless you flip the override toggle.\n- Auth tokens and session cookies are NOT redacted by default — they're the captured value the agent needs.\n\n---\n\n## Known limitations\n\nSee [`docs/v1.0.13-known-gaps.md`](docs/v1.0.13-known-gaps.md) for the honest list.\n\nHighlights:\n- Anti-bot challenge layers (Cloudflare / PerimeterX / etc.) are **detected** but not bypassed — that's an ethical line. Agent gets warned, recommends stealth browser.\n- OTP / 2FA codes require runtime user input (recorded value will be expired).\n- Cross-origin iframe cookies aren't captured (chrome.cookies API limitation).\n- IndexedDB capture is metadata-only — values not snapshotted (cap-limited values planned for v1.0.15).\n- HMAC signing functions detected statically — obfuscated / WASM-based signers may not be found.\n\n---\n\n## Roadmap\n\nSee [`CHANGELOG.md`](CHANGELOG.md) for shipped versions.\n\n**v1.0.15 candidates:**\n- Auth-detector entropy ranking (better cookie picking on token-vs-counter conflicts)\n- `fetchEvents` surfacing in MCP / Playwright / Postman exports\n- IndexedDB value snapshot (cap-limited per store)\n- OAuth pause-state propagation across followed tabs\n- Module 08 outcome detection refinement (multi-signal scoring)\n\n---\n\n## Tech\n\nVanilla JavaScript, ES2022 modules, no build step, no npm. Chrome MV3.\n\n| File | Role |\n|---|---|\n| `background.js` | Service worker — recording state, CDP, network capture, message routing |\n| `content.js` | Content script — DOM event listeners, overlay UI, page-context proxy injection |\n| `correlation-engine.js` | Links DOM events to triggered network calls, infers pagination + mutation + outcome |\n| `auth-detector.js` | Classifies auth scheme per request, decodes JWTs |\n| `bundle-analyzer.js` | Static scan of loaded JS for endpoints + signing functions |\n| `storage-snapshot.js` | localStorage / sessionStorage / IndexedDB dump |\n| `ws-capture.js` / `fetch-capture.js` | MAIN-world proxies |\n| `field-scanner.js` | Form field enumeration + OTP / CSRF / anti-bot detection |\n| `session-namer.js` | Inferred session name (hostname + datetime) |\n| `exporters/` | 6 export formats (json / playwright / postman / sop / mcp / bundle) |\n| `popup/` | Toolbar popup UI |\n| `sessions/` | Sessions management page |\n| `settings/` | Settings page |\n\n---\n\n## Source available\n\nNo license file. Source available for personal use. Built for [cjmedia72](https://github.com/cjmedia72).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fecomcj%2Fagentscribe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fecomcj%2Fagentscribe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fecomcj%2Fagentscribe/lists"}