Chromeflow

Tracking since Apr 3, 2026.

Changelog

• Jun 11, 2026
  description

  Chromeflow: guided browser actions for Claude Code and Codex CLI
  
  Chromeflow connects your coding agent (Claude Code or OpenAI's Codex CLI) to your real Chrome browser. When the agent needs you to set up a third-party service, grab API keys, configure billing, or do anything in a web UI, Chromeflow drives it visually in the browser you're already logged into.
  
  
  Hardened across 500+ hours of real-world automations - anti bot
  
  Chromeflow isn't a weekend project. Over 500+ hours of building and battle-testing across paid task work, billing dashboards, OAuth handshakes, multi-step forms, React-heavy SPAs, and aggressively anti-bot platforms, every quirky failure mode has been hunted down and patched. The result is a Chrome extension engineered to be bulletproof on complex web pages and undetectable to strict anti-automation checks:
  
  - CDP-dispatched mouse and keyboard events with isTrusted=true. No Playwright-style synthetic events that anti-bot frameworks reject on sight.
  - Curved-path mouse trajectories with ease-out timing, randomized landing points within the central 60% of the target, settle-hover micro-tremor, and humanized press/release pauses. Behavioral fingerprinters that score on trajectory smoothness (LinkedIn, Akamai) see real movement, not teleport clicks.
  - PointerEvent isPrimary=true alongside MouseEvent on every dispatch, plus a non-zero pressure value via force. Stricter Web Components (Reddit's faceplate-textarea-input, X's tweet composer) that check event shape in addition to isTrusted now accept the click.
  - Closed-shadow-DOM piercing across every primitive (find_text, click_element, fill_input, fill_form, set_file_input, wait_for, scroll_to_element, get_page_text, get_page_html, get_form_fields, react_call_prop). Radix, Stencil, Lit, and other modern web-component frameworks are not blind spots.
  - WebRTC IP-leak suppression, visibility-API patching, and other stealth defaults applied at document_start in the page's MAIN world.
  - A 1500ms post-click activity probe that detects silent rejections (DOM mutations, focus change, URL change, value/checked change, alert/toast/modal) and falls back to React-fiber onClick invocation on opt-in.
  - Anti-bot block-page detection on every open_page and fetch_url. The response carries anti_bot_detected: "Cloudflare challenge" / "Akamai block" / "PerimeterX captcha" / "DataDome captcha" / "Imperva/Incapsula block" / "Kasada challenge" / "Sucuri firewall block" so the agent doesn't waste a debugging cycle parsing a block page as the intended content.
  - Auto-dismiss of Chrome's "Are you sure you want to leave?" beforeunload dialog on programmatic navigation, with a dismissed_beforeunload: true flag in the response so the agent knows there was unsaved content.
  - Real Chrome, real sessions, real cookies, real fingerprint. No fresh Puppeteer profile for the page to flag.
  
  
  Validated platforms
  
  Every release runs end-to-end procedures against live targets. Live status, dates, and per-platform competitor comparisons at chromeflow.run/validated. Currently validated working: Reddit (composer expand + comment typing), X / Twitter (tweet input), LinkedIn (feed composer), Facebook (feed composer), Instagram (React input), Radix portal dialog scoping, Stencil closed-shadow piercing, TipTap / ProseMirror typing with silent-drop auto-recovery.
  
  
  Why your real Chrome
  
  Tools like Playwright and Browser Use launch a fresh, empty browser. No cookies, no sessions, no 2FA. Chromeflow runs in your actual Chrome, where you're already signed into Stripe, AWS, Supabase, and everything else. The agent automates what it can and pauses for the parts that genuinely need you.
  
  
  What it does
  
  - Highlights what to click with on-screen callouts
  - Clicks buttons, fills forms, uploads files, switches tabs, navigates pages
  - Reads page content as a human does, including React-controlled inputs, contenteditable editors (Stripe, Notion), CodeMirror, Monaco, TipTap / ProseMirror, same-origin iframes, and open AND closed shadow roots
  - Captures API keys and secrets and writes them straight to your .env
  - Clicks at viewport coordinates for cross-origin iframes that can't be entered by DOM lookup (Universe Explorer-style embedded apps)
  - Pauses only for steps that genuinely need you: passwords, payment details, 2FA codes, personal choices
  
  
  How it works
  
  Chromeflow is two halves that work together:
  
  - This Chrome extension acts on the active tab (highlights, clicks, fills, uploads)
  - A plugin for your agent (Claude Code or Codex CLI) gives the agent an MCP server with 30 browser tools and a usage skill (split into focused topic references) so it knows when to reach for them
  
  The agent drives the flow end-to-end. You watch and step in when something needs a human. Run Claude Code and Codex side-by-side in different Chrome windows; the popup shows which session is which with a host badge on each row.
  
  
  Things the agent can do with Chromeflow
  
  - "Set up Stripe, create a product with monthly and annual pricing, write the price IDs to .env"
  - "Open Supabase and grab my project's anon key and service role key"
  - "Configure SendGrid webhooks for this app and verify the test event lands"
  - "Fill out this 40-field onboarding form using the data in customer.json"
  - "Watch the Vercel deploy and tell me when it finishes, open the logs if it fails"
  - "Pre-fill a Reddit comment with this body, then highlight the submit so I can click it"
  - "Read the inputs inside this Stencil web component (closed shadow) and tell me which fields are empty"
  
  
  Setup
  
  1. Install the extension. Click Add to Chrome above.
  
  2. Install the plugin in your agent (one time, machine-wide).
  
     Claude Code:
         /plugin marketplace add https://gitlab.com/NeoDrew/chromeflow.git
         /plugin install chromeflow
  
     Codex CLI:
         codex plugin marketplace add https://gitlab.com/NeoDrew/chromeflow.git
         /plugins   (then select chromeflow, install)
  
  3. Restart the agent.
  
  That's it. The plugin registers the MCP server and ships the usage skill, no per-project setup. The agent will reach for Chromeflow automatically whenever a task needs browser interaction.
  
  
  What's new in 0.10.2
  
  - beforeunload auto-dismiss: open_page no longer blocks on Chrome's "Are you sure you want to leave?" dialog. The dialog is auto-accepted via CDP Page.handleJavaScriptDialog, and the response carries dismissed_beforeunload: true when the previous page had unsaved content (typed text in a composer, form draft, etc.) so the agent can decide whether to navigate back and recover.
  
  Recent releases:
  
  0.10.1
  - anti_bot_detected field on open_page and fetch_url responses. Tier-1 regex pass against Cloudflare (challenge form, JS challenge, firewall error codes), Akamai (Reference # block, Pardon Our Interruption), PerimeterX, DataDome, Imperva/Incapsula, Sucuri, Kasada, plus generic network-security block markers.
  
  0.10.0
  - Skill restructure: SKILL.md slimmed to ~250 lines of routing + most common patterns, deep references moved to references/anti-bot.md, references/shadow-dom.md, references/forms.md, references/react-recipes.md, references/multi-tab.md, references/errors.md, references/discovery.md.
  - get_page_text and take_screenshot responses now include viewport, page, and scroll metadata so the agent can compute click_at_coordinates positions without a separate execute_script probe.
  - New get_page_html(selector?, max_chars?) tool. Third primitive alongside get_page_text and find_text, returns raw outerHTML scoped to a selector with closed-shadow piercing. Use when get_page_text strips too much structure for parsing tables / attribute extraction.
  - Anti-bot validation harness in tests/antibot/ with 9 documented procedures, run-local.sh runner, last-run.json artifact that the chromeflow.run/validated page auto-loads.
  
  0.9.14
  - TipTap / ProseMirror silent-drop auto-recovery on type_text. Post-type verification reads back the editor; when less than 50% of expected content survived AND the target is inside a .tiptap / .ProseMirror / [data-tiptap-editor] ancestor, falls back to execCommand insertText (the path those editors accept). Response message records the recovery.
  - whole_word flag on find_text and wait_for(text=...). Eliminates common-English-word false positives ("Live" matching "delivery", "Done" matching "abandoned", "New" matching "renew").
  - Debugger attach retries bumped from 3 to 5 with longer backoff to catch transient internal races.
  
  0.9.13
  - click_element phase budgets. Each phase (CDP click, activity probe, fiber walk, second probe) wraps in its own timeout. When a phase exceeds its budget the response carries phase_timed_out: "<phase>" so the agent knows WHICH part hung instead of timing out the whole call against the 30s WS cap.
  - $deep, $deepAll, shadowDocument helpers pre-injected into every execute_script body. No more 4-line shadow-DOM-walking preambles per script call.
  - Object auto-stringify in execute_script. Return an object and the response carries its JSON, no wrap in JSON.stringify needed.
  - New click_at_coordinates(x, y, button?, double?) tool for cross-origin iframes. Same humanlike CDP bezier sequence as click_element. Coords are viewport CSS pixels matching list_frames.x/y/w/h.
  - click_element gains in_dialog and dialog_query scoping for Radix-style portaled dialogs.
  - click_element gains via: "auto" | "cdp" | "fiber" flag. via: "fiber" skips the CDP click entirely on React-fiber-only sites.
  - wait_for(text=...) accepts an array for any-of mode and captures last_text on timeout. wait_for(text="Live", whole_word=true) prevents common-word false positives.
  - type_text emits progress heartbeats every 200 chars so the WS request timer resets on long typings (~1800-char inputs complete reliably).
  - take_screenshot fast-fails when document.fullscreenElement is set with a clear recovery hint (captureVisibleTab usually hangs in fullscreen).
  - fill_input(selector=...) and react_call_prop now pierce closed shadow roots via content-script tagging.
  - switch_to_tab echoes the landed URL and title in the response.
  - get_form_fields(only_empty=true) filters to required-but-empty fields as a "why is Submit disabled" diagnostic.
  
  
  Requirements
  
  - Google Chrome
  - Claude Code (https://claude.com/claude-code) or Codex CLI (https://developers.openai.com/codex/cli)
  - Node.js 22 (the plugin's MCP server needs it)

  Chromeflow: guided browser actions for Claude Code and Codex CLI
  
  Chromeflow connects your coding agent (Claude Code or OpenAI's Codex CLI) to your real Chrome browser. When the agent needs to set up a third party service, grab API keys, configure billing, or do anything in a web UI, Chromeflow drives it visually in the browser you're already logged into.
  
  
  Built on 500+ hours of real automations
  
  This started as a personal tool for paid task work and grew from there. 500+ hours across billing dashboards, OAuth handshakes, multi step forms, React SPAs, and aggressively anti-bot platforms. Every weird failure mode I hit got patched. The result is a Chrome extension that works on complex web pages and doesn't trip anti-automation checks.
  
  What that means in practice:
  
  - Mouse and keyboard events dispatched via CDP with isTrusted=true. No Playwright style synthetic events that anti-bot frameworks reject on sight.
  - Curved mouse trajectories with ease-out timing, randomized landing points within the central 60% of the target, settle-hover micro-tremor, and humanized press/release pauses. Behavioral fingerprinters that score on trajectory smoothness (LinkedIn, Akamai) see real movement, not teleport clicks.
  - PointerEvent isPrimary=true alongside MouseEvent on every dispatch, plus a non-zero pressure value via force. Stricter Web Components (Reddit's faceplate-textarea-input, X's tweet composer) that check event shape in addition to isTrusted accept the click.
  - Closed shadow DOM piercing across every primitive (find_text, click_element, fill_input, fill_form, set_file_input, wait_for, scroll_to_element, get_page_text, get_page_html, get_form_fields, react_call_prop). Radix, Stencil, Lit, and other modern web component frameworks are not blind spots.
  - WebRTC IP leak suppression, visibility API patching, and other stealth defaults applied at document_start in the page's MAIN world.
  - A 1500ms post-click activity probe that catches silent rejections (DOM mutations, focus change, URL change, value/checked change, alert/toast/modal, shadow-pierce visible element growth) and falls back through three tiers: CDP synthesizeTapGesture, content script DOM .click(), and React fiber onClick invocation on opt-in.
  - Anti-bot block page detection on every open_page and fetch_url. The response tells you exactly what blocked you: "Cloudflare challenge" / "Akamai block" / "PerimeterX captcha" / "DataDome captcha" / "Imperva/Incapsula block" / "Kasada challenge" / "Sucuri firewall block", so the agent doesn't waste a debugging cycle parsing a block page as real content.
  - Auto-dismiss of Chrome's "Are you sure you want to leave?" beforeunload dialog on open_page, close_tab, and close_other_tabs, with a dismissed_beforeunload field in the response so the agent knows there was unsaved content.
  - Real Chrome, real sessions, real cookies, real fingerprint. No fresh Puppeteer profile for the page to flag.
  
  
  Validated platforms
  
  Every release runs end to end procedures against live targets. Live status, dates, and per-platform competitor comparisons at chromeflow.run/validated. Currently passing: Reddit (composer expand + comment typing + flair picker), X / Twitter (tweet input), LinkedIn (feed composer), Facebook (feed composer), Instagram (React input), Radix portal dialog scoping, Stencil closed shadow piercing, TipTap / ProseMirror typing with silent drop auto-recovery.
  
  
  Why your real Chrome
  
  Tools like Playwright and Browser Use launch a fresh, empty browser. No cookies, no sessions, no 2FA. Chromeflow runs in your actual Chrome, where you're already signed into LinkedIn, AWS, Supabase, and everything else. The agent automates what it can and pauses for the parts that genuinely need you.
  
  
  What it does
  
  - Highlights what to click with on-screen callouts and a dark-mask focus overlay
  - Clicks buttons, fills forms, uploads files, switches tabs, navigates pages
  - Reads page content as rendered, including React controlled inputs, contenteditable editors, same-origin iframes, and open AND closed shadow roots
  - Captures API keys and secrets and writes them straight to your .env
  - Clicks at viewport coordinates for cross-origin iframes that can't be entered by DOM lookup
  - Pauses only for steps that genuinely need you: passwords, payment details, 2FA codes, personal choices
  
  
  How it works
  
  Chromeflow is two halves:
  
  - This Chrome extension acts on the active tab (highlights, clicks, fills, uploads)
  - A plugin for your agent (Claude Code or Codex CLI) gives it an MCP server with 30 browser tools and a usage skill so it knows when and how to reach for them
  
  The agent drives the flow end to end. You watch and step in when something needs a human. Run Claude Code and Codex side by side in different Chrome windows; the popup shows which session is which with a host badge on each row.
  
  
  Things the agent can do with Chromeflow
  
  - "Set up payments, create a product with monthly and annual pricing, write the price IDs to .env"
  - "Open Supabase and grab my project's anon key and service role key"
  - "Configure SendGrid webhooks for this app and verify the test event lands"
  - "Fill out this 40 field onboarding form using the data in customer.json"
  - "Watch the Vercel deploy and tell me when it finishes, open the logs if it fails"
  - "Pre-fill a Reddit comment with this body, then highlight the submit so I can click it"
  - "Read the inputs inside this Stencil web component (closed shadow) and tell me which fields are empty"
  
  
  Setup
  
  1. Install the extension. Click Add to Chrome above.
  
  2. Install the plugin in your agent (one time, machine-wide).
  
     Claude Code:
         /plugin marketplace add https://gitlab.com/NeoDrew/chromeflow.git
         /plugin install chromeflow
  
     Codex CLI:
         codex plugin marketplace add https://gitlab.com/NeoDrew/chromeflow.git
         /plugins   (then select chromeflow, install)
  
  3. Restart the agent.
  
  That's it. The plugin registers the MCP server and ships the usage skill, no per-project setup. The agent reaches for Chromeflow automatically whenever a task needs browser interaction.
  
  
  What's new in 10.21
  - Button Highlighting overhall
  - Reddit Submission, Flair, Etc work
  - Activity Box in top right
  
  Requirements
  
  - Google Chrome
  - Claude Code (https://claude.com/claude-code) or Codex CLI (https://developers.openai.com/codex/cli)
  - Node.js 22

• May 29, 2026
  description

  Chromeflow — guided browser actions for Claude Code and Codex CLI
  
  Chromeflow connects your coding agent (Claude Code or OpenAI's Codex CLI) to your real Chrome browser. When the agent needs you to set up a third-party service, grab API keys, configure billing, or do anything in a web UI, Chromeflow drives it visually — in the browser you're already logged into.
  
  Why your real Chrome
  
  Tools like Playwright and Browser Use launch a fresh, empty browser — no cookies, no sessions, no 2FA. Chromeflow runs in your actual Chrome, where you're already signed into Stripe, AWS, Supabase, and everything else. The agent automates what it can, and pauses for the parts that genuinely need you.
  
  What it does
  
  - Highlights what to click with on-screen callouts
  - Clicks buttons, fills forms, uploads files, switches tabs, navigates pages
  - Reads page content as a human does — including React-controlled inputs, contenteditable editors (Stripe, Notion), CodeMirror, Monaco, same-origin iframes, and open shadow roots
  - Captures API keys and secrets and writes them straight to your .env
  - Pauses only for steps that genuinely need you — passwords, payment details, 2FA codes, personal choices
  
  How it works
  
  Chromeflow is two halves that work together:
  
  - This Chrome extension — acts on the active tab (highlights, clicks, fills, uploads)
  - A plugin for your agent (Claude Code or Codex CLI) — gives the agent an MCP server with the browser tools and a usage skill so it knows when to reach for them
  
  The agent drives the flow end-to-end. You watch and step in when something needs a human. Run Claude Code and Codex side-by-side in different Chrome windows — the popup shows which session is which with a host badge on each row.
  
  Things the agent can do with Chromeflow
  
  - "Set up Stripe — create a product with monthly and annual pricing, write the price IDs to .env"
  - "Open Supabase and grab my project's anon key and service role key"
  - "Configure SendGrid webhooks for this app and verify the test event lands"
  - "Fill out this 40-field onboarding form using the data in customer.json"
  - "Watch the Vercel deploy and tell me when it finishes — open the logs if it fails"
  
  Setup
  
  1. Install the extension — click Add to Chrome above.
  
  2. Install the plugin in your agent (one time, machine-wide).
  
     Claude Code:
         /plugin marketplace add NeoDrewX/chromeflow
         /plugin install chromeflow
  
     Codex CLI:
         codex plugin marketplace add NeoDrewX/chromeflow
         /plugins   (then select chromeflow → install)
  
  3. Restart the agent.
  
  That's it. The plugin registers the MCP server and ships the usage skill — no per-project setup. The agent will reach for Chromeflow automatically whenever a task needs browser interaction.
  
  What's new in 0.9.1
  
  - Codex CLI support — same MCP server, same Chrome extension, install via `codex plugin marketplace add NeoDrewX/chromeflow`
  - Host badge in the popup — each session card now shows whether it's a Claude Code or Codex session, so multi-agent workflows stay legible
  - All the 0.9.0 additions still apply: find_text / find_input / wait_for_text for cheap targeted discovery, react_set_input / react_call_prop for React-heavy apps, click_element until-clauses (until_selector, until_url_contains, until_text_contains) so clicks confirm themselves
  
  Requirements
  
  - Google Chrome
  - Claude Code (https://claude.com/claude-code) or Codex CLI (https://developers.openai.com/codex/cli)
  - Node.js 22 (the plugin's MCP server needs it)

  Chromeflow: guided browser actions for Claude Code and Codex CLI
  
  Chromeflow connects your coding agent (Claude Code or OpenAI's Codex CLI) to your real Chrome browser. When the agent needs you to set up a third-party service, grab API keys, configure billing, or do anything in a web UI, Chromeflow drives it visually in the browser you're already logged into.
  
  
  Hardened across 500+ hours of real-world automations - anti bot
  
  Chromeflow isn't a weekend project. Over 500+ hours of building and battle-testing across paid task work, billing dashboards, OAuth handshakes, multi-step forms, React-heavy SPAs, and aggressively anti-bot platforms, every quirky failure mode has been hunted down and patched. The result is a Chrome extension engineered to be bulletproof on complex web pages and undetectable to strict anti-automation checks:
  
  - CDP-dispatched mouse and keyboard events with isTrusted=true. No Playwright-style synthetic events that anti-bot frameworks reject on sight.
  - Curved-path mouse trajectories with ease-out timing, randomized landing points within the central 60% of the target, settle-hover micro-tremor, and humanized press/release pauses. Behavioral fingerprinters that score on trajectory smoothness (LinkedIn, Akamai) see real movement, not teleport clicks.
  - PointerEvent isPrimary=true alongside MouseEvent on every dispatch, plus a non-zero pressure value via force. Stricter Web Components (Reddit's faceplate-textarea-input, X's tweet composer) that check event shape in addition to isTrusted now accept the click.
  - Closed-shadow-DOM piercing across every primitive (find_text, click_element, fill_input, fill_form, set_file_input, wait_for, scroll_to_element, get_page_text, get_page_html, get_form_fields, react_call_prop). Radix, Stencil, Lit, and other modern web-component frameworks are not blind spots.
  - WebRTC IP-leak suppression, visibility-API patching, and other stealth defaults applied at document_start in the page's MAIN world.
  - A 1500ms post-click activity probe that detects silent rejections (DOM mutations, focus change, URL change, value/checked change, alert/toast/modal) and falls back to React-fiber onClick invocation on opt-in.
  - Anti-bot block-page detection on every open_page and fetch_url. The response carries anti_bot_detected: "Cloudflare challenge" / "Akamai block" / "PerimeterX captcha" / "DataDome captcha" / "Imperva/Incapsula block" / "Kasada challenge" / "Sucuri firewall block" so the agent doesn't waste a debugging cycle parsing a block page as the intended content.
  - Auto-dismiss of Chrome's "Are you sure you want to leave?" beforeunload dialog on programmatic navigation, with a dismissed_beforeunload: true flag in the response so the agent knows there was unsaved content.
  - Real Chrome, real sessions, real cookies, real fingerprint. No fresh Puppeteer profile for the page to flag.
  
  
  Validated platforms
  
  Every release runs end-to-end procedures against live targets. Live status, dates, and per-platform competitor comparisons at chromeflow.run/validated. Currently validated working: Reddit (composer expand + comment typing), X / Twitter (tweet input), LinkedIn (feed composer), Facebook (feed composer), Instagram (React input), Radix portal dialog scoping, Stencil closed-shadow piercing, TipTap / ProseMirror typing with silent-drop auto-recovery.
  
  
  Why your real Chrome
  
  Tools like Playwright and Browser Use launch a fresh, empty browser. No cookies, no sessions, no 2FA. Chromeflow runs in your actual Chrome, where you're already signed into Stripe, AWS, Supabase, and everything else. The agent automates what it can and pauses for the parts that genuinely need you.
  
  
  What it does
  
  - Highlights what to click with on-screen callouts
  - Clicks buttons, fills forms, uploads files, switches tabs, navigates pages
  - Reads page content as a human does, including React-controlled inputs, contenteditable editors (Stripe, Notion), CodeMirror, Monaco, TipTap / ProseMirror, same-origin iframes, and open AND closed shadow roots
  - Captures API keys and secrets and writes them straight to your .env
  - Clicks at viewport coordinates for cross-origin iframes that can't be entered by DOM lookup (Universe Explorer-style embedded apps)
  - Pauses only for steps that genuinely need you: passwords, payment details, 2FA codes, personal choices
  
  
  How it works
  
  Chromeflow is two halves that work together:
  
  - This Chrome extension acts on the active tab (highlights, clicks, fills, uploads)
  - A plugin for your agent (Claude Code or Codex CLI) gives the agent an MCP server with 30 browser tools and a usage skill (split into focused topic references) so it knows when to reach for them
  
  The agent drives the flow end-to-end. You watch and step in when something needs a human. Run Claude Code and Codex side-by-side in different Chrome windows; the popup shows which session is which with a host badge on each row.
  
  
  Things the agent can do with Chromeflow
  
  - "Set up Stripe, create a product with monthly and annual pricing, write the price IDs to .env"
  - "Open Supabase and grab my project's anon key and service role key"
  - "Configure SendGrid webhooks for this app and verify the test event lands"
  - "Fill out this 40-field onboarding form using the data in customer.json"
  - "Watch the Vercel deploy and tell me when it finishes, open the logs if it fails"
  - "Pre-fill a Reddit comment with this body, then highlight the submit so I can click it"
  - "Read the inputs inside this Stencil web component (closed shadow) and tell me which fields are empty"
  
  
  Setup
  
  1. Install the extension. Click Add to Chrome above.
  
  2. Install the plugin in your agent (one time, machine-wide).
  
     Claude Code:
         /plugin marketplace add https://gitlab.com/NeoDrew/chromeflow.git
         /plugin install chromeflow
  
     Codex CLI:
         codex plugin marketplace add https://gitlab.com/NeoDrew/chromeflow.git
         /plugins   (then select chromeflow, install)
  
  3. Restart the agent.
  
  That's it. The plugin registers the MCP server and ships the usage skill, no per-project setup. The agent will reach for Chromeflow automatically whenever a task needs browser interaction.
  
  
  What's new in 0.10.2
  
  - beforeunload auto-dismiss: open_page no longer blocks on Chrome's "Are you sure you want to leave?" dialog. The dialog is auto-accepted via CDP Page.handleJavaScriptDialog, and the response carries dismissed_beforeunload: true when the previous page had unsaved content (typed text in a composer, form draft, etc.) so the agent can decide whether to navigate back and recover.
  
  Recent releases:
  
  0.10.1
  - anti_bot_detected field on open_page and fetch_url responses. Tier-1 regex pass against Cloudflare (challenge form, JS challenge, firewall error codes), Akamai (Reference # block, Pardon Our Interruption), PerimeterX, DataDome, Imperva/Incapsula, Sucuri, Kasada, plus generic network-security block markers.
  
  0.10.0
  - Skill restructure: SKILL.md slimmed to ~250 lines of routing + most common patterns, deep references moved to references/anti-bot.md, references/shadow-dom.md, references/forms.md, references/react-recipes.md, references/multi-tab.md, references/errors.md, references/discovery.md.
  - get_page_text and take_screenshot responses now include viewport, page, and scroll metadata so the agent can compute click_at_coordinates positions without a separate execute_script probe.
  - New get_page_html(selector?, max_chars?) tool. Third primitive alongside get_page_text and find_text, returns raw outerHTML scoped to a selector with closed-shadow piercing. Use when get_page_text strips too much structure for parsing tables / attribute extraction.
  - Anti-bot validation harness in tests/antibot/ with 9 documented procedures, run-local.sh runner, last-run.json artifact that the chromeflow.run/validated page auto-loads.
  
  0.9.14
  - TipTap / ProseMirror silent-drop auto-recovery on type_text. Post-type verification reads back the editor; when less than 50% of expected content survived AND the target is inside a .tiptap / .ProseMirror / [data-tiptap-editor] ancestor, falls back to execCommand insertText (the path those editors accept). Response message records the recovery.
  - whole_word flag on find_text and wait_for(text=...). Eliminates common-English-word false positives ("Live" matching "delivery", "Done" matching "abandoned", "New" matching "renew").
  - Debugger attach retries bumped from 3 to 5 with longer backoff to catch transient internal races.
  
  0.9.13
  - click_element phase budgets. Each phase (CDP click, activity probe, fiber walk, second probe) wraps in its own timeout. When a phase exceeds its budget the response carries phase_timed_out: "<phase>" so the agent knows WHICH part hung instead of timing out the whole call against the 30s WS cap.
  - $deep, $deepAll, shadowDocument helpers pre-injected into every execute_script body. No more 4-line shadow-DOM-walking preambles per script call.
  - Object auto-stringify in execute_script. Return an object and the response carries its JSON, no wrap in JSON.stringify needed.
  - New click_at_coordinates(x, y, button?, double?) tool for cross-origin iframes. Same humanlike CDP bezier sequence as click_element. Coords are viewport CSS pixels matching list_frames.x/y/w/h.
  - click_element gains in_dialog and dialog_query scoping for Radix-style portaled dialogs.
  - click_element gains via: "auto" | "cdp" | "fiber" flag. via: "fiber" skips the CDP click entirely on React-fiber-only sites.
  - wait_for(text=...) accepts an array for any-of mode and captures last_text on timeout. wait_for(text="Live", whole_word=true) prevents common-word false positives.
  - type_text emits progress heartbeats every 200 chars so the WS request timer resets on long typings (~1800-char inputs complete reliably).
  - take_screenshot fast-fails when document.fullscreenElement is set with a clear recovery hint (captureVisibleTab usually hangs in fullscreen).
  - fill_input(selector=...) and react_call_prop now pierce closed shadow roots via content-script tagging.
  - switch_to_tab echoes the landed URL and title in the response.
  - get_form_fields(only_empty=true) filters to required-but-empty fields as a "why is Submit disabled" diagnostic.
  
  
  Requirements
  
  - Google Chrome
  - Claude Code (https://claude.com/claude-code) or Codex CLI (https://developers.openai.com/codex/cli)
  - Node.js 22 (the plugin's MCP server needs it)

• May 22, 2026
  permissions

  tabs, activeTab, scripting, offscreen, storage, windows, debugger

  tabs, activeTab, scripting, offscreen, storage, windows, debugger, downloads

• May 22, 2026
  description

  Chromeflow — guided browser actions for Claude Code and Codex CLI
  
  Chromeflow connects your coding agent (Claude Code or OpenAI's Codex CLI) to your real Chrome browser. When the agent needs you to set up a third-party service, grab API keys, configure billing, or do anything in a web UI, Chromeflow drives it visually — in the browser you're already logged into.
  
  Why your real Chrome
  
  Tools like Playwright and Browser Use launch a fresh, empty browser — no cookies, no sessions, no 2FA. Chromeflow runs in your actual Chrome, where you're already signed into Stripe, AWS, Supabase, and everything else. The agent automates what it can, and pauses for the parts that genuinely need you.
  
  What it does
  
  - Highlights what to click with on-screen callouts
  - Clicks buttons, fills forms, uploads files, switches tabs, navigates pages
  - Reads page content as a human does — including React-controlled inputs, contenteditable editors (Stripe, Notion), CodeMirror, Monaco, same-origin iframes, and open shadow roots
  - Captures API keys and secrets and writes them straight to your .env
  - Pauses only for steps that genuinely need you — passwords, payment details, 2FA codes, personal choices
  
  How it works
  
  Chromeflow is two halves that work together:
  
  - This Chrome extension — acts on the active tab (highlights, clicks, fills, uploads)
  - A plugin for your agent (Claude Code or Codex CLI) — gives the agent an MCP server with the browser tools and a usage skill so it knows when to reach for them
  
  The agent drives the flow end-to-end. You watch and step in when something needs a human. Run Claude Code and Codex side-by-side in different Chrome windows — the popup shows which session is which with a host badge on each row.
  
  Things the agent can do with Chromeflow
  
  - "Set up Stripe — create a product with monthly and annual pricing, write the price IDs to .env"
  - "Open Supabase and grab my project's anon key and service role key"
  - "Configure SendGrid webhooks for this app and verify the test event lands"
  - "Fill out this 40-field onboarding form using the data in customer.json"
  - "Watch the Vercel deploy and tell me when it finishes — open the logs if it fails"
  
  Setup
  
  1. Install the extension — click Add to Chrome above.
  
  2. Install the plugin in your agent (one time, machine-wide).
  
     Claude Code:
         /plugin marketplace add NeoDrew/chromeflow
         /plugin install chromeflow
  
     Codex CLI:
         codex plugin marketplace add NeoDrew/chromeflow
         /plugins   (then select chromeflow → install)
  
  3. Restart the agent.
  
  That's it. The plugin registers the MCP server and ships the usage skill — no per-project setup. The agent will reach for Chromeflow automatically whenever a task needs browser interaction.
  
  What's new in 0.9.1
  
  - Codex CLI support — same MCP server, same Chrome extension, install via `codex plugin marketplace add NeoDrew/chromeflow`
  - Host badge in the popup — each session card now shows whether it's a Claude Code or Codex session, so multi-agent workflows stay legible
  - All the 0.9.0 additions still apply: find_text / find_input / wait_for_text for cheap targeted discovery, react_set_input / react_call_prop for React-heavy apps, click_element until-clauses (until_selector, until_url_contains, until_text_contains) so clicks confirm themselves
  
  Requirements
  
  - Google Chrome
  - Claude Code (https://claude.com/claude-code) or Codex CLI (https://developers.openai.com/codex/cli)
  - Node.js 22 (the plugin's MCP server needs it)

  Chromeflow — guided browser actions for Claude Code and Codex CLI
  
  Chromeflow connects your coding agent (Claude Code or OpenAI's Codex CLI) to your real Chrome browser. When the agent needs you to set up a third-party service, grab API keys, configure billing, or do anything in a web UI, Chromeflow drives it visually — in the browser you're already logged into.
  
  Why your real Chrome
  
  Tools like Playwright and Browser Use launch a fresh, empty browser — no cookies, no sessions, no 2FA. Chromeflow runs in your actual Chrome, where you're already signed into Stripe, AWS, Supabase, and everything else. The agent automates what it can, and pauses for the parts that genuinely need you.
  
  What it does
  
  - Highlights what to click with on-screen callouts
  - Clicks buttons, fills forms, uploads files, switches tabs, navigates pages
  - Reads page content as a human does — including React-controlled inputs, contenteditable editors (Stripe, Notion), CodeMirror, Monaco, same-origin iframes, and open shadow roots
  - Captures API keys and secrets and writes them straight to your .env
  - Pauses only for steps that genuinely need you — passwords, payment details, 2FA codes, personal choices
  
  How it works
  
  Chromeflow is two halves that work together:
  
  - This Chrome extension — acts on the active tab (highlights, clicks, fills, uploads)
  - A plugin for your agent (Claude Code or Codex CLI) — gives the agent an MCP server with the browser tools and a usage skill so it knows when to reach for them
  
  The agent drives the flow end-to-end. You watch and step in when something needs a human. Run Claude Code and Codex side-by-side in different Chrome windows — the popup shows which session is which with a host badge on each row.
  
  Things the agent can do with Chromeflow
  
  - "Set up Stripe — create a product with monthly and annual pricing, write the price IDs to .env"
  - "Open Supabase and grab my project's anon key and service role key"
  - "Configure SendGrid webhooks for this app and verify the test event lands"
  - "Fill out this 40-field onboarding form using the data in customer.json"
  - "Watch the Vercel deploy and tell me when it finishes — open the logs if it fails"
  
  Setup
  
  1. Install the extension — click Add to Chrome above.
  
  2. Install the plugin in your agent (one time, machine-wide).
  
     Claude Code:
         /plugin marketplace add NeoDrewX/chromeflow
         /plugin install chromeflow
  
     Codex CLI:
         codex plugin marketplace add NeoDrewX/chromeflow
         /plugins   (then select chromeflow → install)
  
  3. Restart the agent.
  
  That's it. The plugin registers the MCP server and ships the usage skill — no per-project setup. The agent will reach for Chromeflow automatically whenever a task needs browser interaction.
  
  What's new in 0.9.1
  
  - Codex CLI support — same MCP server, same Chrome extension, install via `codex plugin marketplace add NeoDrewX/chromeflow`
  - Host badge in the popup — each session card now shows whether it's a Claude Code or Codex session, so multi-agent workflows stay legible
  - All the 0.9.0 additions still apply: find_text / find_input / wait_for_text for cheap targeted discovery, react_set_input / react_call_prop for React-heavy apps, click_element until-clauses (until_selector, until_url_contains, until_text_contains) so clicks confirm themselves
  
  Requirements
  
  - Google Chrome
  - Claude Code (https://claude.com/claude-code) or Codex CLI (https://developers.openai.com/codex/cli)
  - Node.js 22 (the plugin's MCP server needs it)

• May 16, 2026
  description

  Chromeflow connects Claude Code to your browser. When Claude needs you to set up a third-party service, grab API keys, configure billing, or do anything in a web UI — Chromeflow handles it visually instead of leaving you with a wall of text instructions.
  
    What it does
    - Highlights exactly what to click with on-screen callouts
    - Automatically clicks buttons, fills in form fields, and navigates pages
    - Captures API keys and secrets and writes them straight to your .env
    - Pauses and waits for you only when something genuinely needs your input (passwords, payment details, personal choices)
  
    How it works
    Chromeflow is the browser half of a two-part system. The other half is an MCP server that gives Claude Code a set of browser tools. Claude drives the flow end-to-end — you just watch (and step in when needed).
  
    Example tasks Claude can handle with Chromeflow
    - "Set up Stripe — create a product with monthly and annual pricing, write the price IDs to .env"
    - "Go to Supabase and get my project's anon key and service role key"
    - "Configure SendGrid webhooks for this app"
  
    Requirements
    - Claude Code (the Anthropic CLI)
    - The Chromeflow MCP server (npx chromeflow setup)
    - Node.js 22+

  Chromeflow — guided browser actions for Claude Code and Codex CLI
  
  Chromeflow connects your coding agent (Claude Code or OpenAI's Codex CLI) to your real Chrome browser. When the agent needs you to set up a third-party service, grab API keys, configure billing, or do anything in a web UI, Chromeflow drives it visually — in the browser you're already logged into.
  
  Why your real Chrome
  
  Tools like Playwright and Browser Use launch a fresh, empty browser — no cookies, no sessions, no 2FA. Chromeflow runs in your actual Chrome, where you're already signed into Stripe, AWS, Supabase, and everything else. The agent automates what it can, and pauses for the parts that genuinely need you.
  
  What it does
  
  - Highlights what to click with on-screen callouts
  - Clicks buttons, fills forms, uploads files, switches tabs, navigates pages
  - Reads page content as a human does — including React-controlled inputs, contenteditable editors (Stripe, Notion), CodeMirror, Monaco, same-origin iframes, and open shadow roots
  - Captures API keys and secrets and writes them straight to your .env
  - Pauses only for steps that genuinely need you — passwords, payment details, 2FA codes, personal choices
  
  How it works
  
  Chromeflow is two halves that work together:
  
  - This Chrome extension — acts on the active tab (highlights, clicks, fills, uploads)
  - A plugin for your agent (Claude Code or Codex CLI) — gives the agent an MCP server with the browser tools and a usage skill so it knows when to reach for them
  
  The agent drives the flow end-to-end. You watch and step in when something needs a human. Run Claude Code and Codex side-by-side in different Chrome windows — the popup shows which session is which with a host badge on each row.
  
  Things the agent can do with Chromeflow
  
  - "Set up Stripe — create a product with monthly and annual pricing, write the price IDs to .env"
  - "Open Supabase and grab my project's anon key and service role key"
  - "Configure SendGrid webhooks for this app and verify the test event lands"
  - "Fill out this 40-field onboarding form using the data in customer.json"
  - "Watch the Vercel deploy and tell me when it finishes — open the logs if it fails"
  
  Setup
  
  1. Install the extension — click Add to Chrome above.
  
  2. Install the plugin in your agent (one time, machine-wide).
  
     Claude Code:
         /plugin marketplace add NeoDrew/chromeflow
         /plugin install chromeflow
  
     Codex CLI:
         codex plugin marketplace add NeoDrew/chromeflow
         /plugins   (then select chromeflow → install)
  
  3. Restart the agent.
  
  That's it. The plugin registers the MCP server and ships the usage skill — no per-project setup. The agent will reach for Chromeflow automatically whenever a task needs browser interaction.
  
  What's new in 0.9.1
  
  - Codex CLI support — same MCP server, same Chrome extension, install via `codex plugin marketplace add NeoDrew/chromeflow`
  - Host badge in the popup — each session card now shows whether it's a Claude Code or Codex session, so multi-agent workflows stay legible
  - All the 0.9.0 additions still apply: find_text / find_input / wait_for_text for cheap targeted discovery, react_set_input / react_call_prop for React-heavy apps, click_element until-clauses (until_selector, until_url_contains, until_text_contains) so clicks confirm themselves
  
  Requirements
  
  - Google Chrome
  - Claude Code (https://claude.com/claude-code) or Codex CLI (https://developers.openai.com/codex/cli)
  - Node.js 22 (the plugin's MCP server needs it)

• May 16, 2026
  short_description

  Guided web assistance for Claude Code

  Guided web assistance for Claude Code and Codex CLI

• Apr 17, 2026
  permissions

  tabs, activeTab, scripting, offscreen

  tabs, activeTab, scripting, offscreen, storage, windows, debugger

Permissions & access

Permissions

tabsactiveTabscriptingoffscreenstoragewindowsdebuggerdownloads

Host access

<all_urls>

Screenshots

Similar extensions

Alternatives to Chromeflow, ranked by description similarity.

Blueprint MCP for Chrome

Browser automation for Claude without token limits. Uses CSS selectors, not snapshots. Open source, zero telemetry.

1.0K

★ 5.0

ChromeDebug MCP Assistant FREE

AI-powered browser debugging with visual element selection and screen recording for developers

16

Claude Code Companion

Essential toolkit for Claude Code developers. CLAUDE.md generator, token counter, prompt templates, and quick reference.

66

Bronco Browser

Wrangle your browser. Automation that uses your real browser with all your cookies and logins.

2

Fronti AI

Visual-first AI coding agent for local codebases. Select elements in browser, describe changes, agent applies edits.

14

★ 5.0

Claude Bridge

Inspect React elements and send component context to Claude Code via MCP

69

★ 5.0

Claude Web Clipper

Collect and format web content as context for Claude Code sessions. Essential for AI-assisted development.

43

Claude Code Monitor

Displays Claude Code usage and limits instantly.

648