1. Auto-page creation enabled by default — MCP and CLI sessions now automatically create a blank Playwriter-enabled tab when no targets are available, so agents can start working immediately without manual tab setup. Set PLAYWRITER_AUTO_ENABLE=false to disable.

1. New sinceLastCall option for getLatestLogs() — inspect browser logs after every action without seeing duplicate messages:

   playwriter -s 1 -e 'console.log(await getLatestLogs({ page, sinceLastCall: true }))'

   The first call returns all buffered console logs and page errors for the page. Later calls return only new entries since the previous sinceLastCall read. Logs also persist across navigations, so hydration errors, redirect failures, and startup exceptions are not lost when the page changes.
2. CDP logs now rotate automatically — ~/.playwriter/cdp.jsonl is capped at 10,000 entries by default to prevent unbounded disk growth. Set PLAYWRITER_CDP_LOG_MAX_ENTRIES to tune the cap. Rotation keeps the newest half of the log and writes through an atomic temp-file rename to avoid corrupting the JSONL file.
3. More reliable getLatestLogs({ page }) results — page runtime errors and console messages emitted by related frame targets now appear in the returned log stream. This makes React and hydration failures visible through pageerror entries instead of requiring manual console listeners.
4. CLI-created sessions auto-open pages more reliably — playwriter session new can auto-create an initial extension tab even when the shared relay was originally started by MCP. This avoids No Playwright pages are available after all enabled tabs have closed.
5. Remote status checks send bearer tokens — /extensions/status and /extension/status requests now include the configured auth token, so remote relays using --token no longer reject status checks with 403 responses.
6. Concurrent relay startup no longer crashes on port races — simultaneous CLI and MCP commands now deduplicate startup work and treat a competing process winning port 19988 as a clean handoff instead of surfacing EADDRINUSE.
7. Clearer multi-browser names in playwriter session new — browser lists now use full user-agent client hints when available, so Chromium-family browsers such as Chrome Canary can show a more specific name.
8. Skill docs prefer getLatestLogs() for page diagnostics — the generated Playwriter skill now tells agents to call getLatestLogs({ page }) instead of adding manual console listeners that miss errors emitted before listener setup.

Fixes #75
Fixes #85
Fixes #92

1. Copy React Component Source Path right-click menu item. Right-click an element on a React page to copy the source file path (e.g. src/components/Button.tsx:42) to your clipboard. Uses bippy to walk the React fiber tree.

2. In-page floating toolbar with pin element mode. A compact dark pill toolbar injected into tabs with Playwriter attached. Pin elements to assign them to globalThis.playwriterPinnedElemN and copy the reference to clipboard. Shared pin counter between toolbar and context menu.

3. Pinned element clipboard copies a shell-ready command. Toolbar pins and context menu now copy playwriter -e 'inspectPinnedElement(...)' with React component inspection when supported. Bash-safe single-quote wrapping handles any page content.

4. Always-on ghost cursor injected into every attached tab via Page.addScriptToEvaluateOnNewDocument. Auto-hides after 5s of inactivity. Press feedback uses a dedicated 140ms ease-out, independent of move duration. Scale and transform-origin tuned per Emil Kowalski design principles.

5. Auto-relocate popup windows into tabs. OAuth popups and similar windows opened by connected tabs are moved into the source tab's window automatically, so agents no longer need cmd+click workarounds.

6. Cross-browser relay identity. Per-install installId persisted in chrome.storage.local prevents relay takeover when multiple Chromium-family browsers connect.

7. Fix debugger crash on pages with chrome-extension:// iframes (LastPass, SurfingKeys, password managers). Restricted iframes are removed before attach, and restricted child targets are filtered from CDP events.

8. Fix Target.detachFromTarget routing on root CDP session. Commands without a top-level sessionId now resolve via params.sessionId fallback instead of throwing.

9. Runtime-scoped root CDP tab session IDs prevent collisions across multiple Chrome profiles.

10. Skip welcome tab in packaged automation builds. The CLI-bundled extension no longer opens welcome.html on install.

1. New -f/--file flag — execute JavaScript from a file instead of inline -e strings:

   playwriter -s 1 -f script.js

   The file runs in the same sandbox as -e with all context variables (state, page, context, etc.) available. -e and -f are mutually exclusive.

2. React component inspection for pinned elements — call getReactComponentInfo({ locator }) to get the nearest React component name, parent hierarchy, sanitized props, and source file locations. Non-React elements return null.

3. Performance profiling guide — new performance-profiling.md resource covering TTFB, FCP, LCP, CLS measurement, heavy request detection, and interactivity blockers with concrete Playwriter + CDP snippets.

4. Shell tab completions — playwriter now supports shell completions via goke for tab completion on commands and flags.

5. Security: token required on all requests regardless of source — the previous loopback bypass on /cli/*, /recording/*, and /mcp-log let any request from 127.0.0.1 skip auth. Under tunnel setups (traforo/ngrok/cloudflared), every public request arrives from localhost, making the bypass equivalent to no auth. Fixed.

6. --token works on every remote subcommand — session new, session list, session delete, session reset, and browser list all forward Authorization: Bearer … to the relay. Previously only playwriter -e sent the token. Thanks @ivanleomk for the original fix.

7. POST /mcp-log is now token-protected — previously open to any reachable client.

8. Fixed Next.js webpack layer prefixes in React source paths — /(app-pages-browser)/, /(ssr)/, /(rsc)/ and other webpack layer prefixes are now stripped correctly.

9. Docs: absolute paths required for saved artifacts — page.screenshot({ path }), page.pdf({ path }), etc. must use absolute paths since Playwright resolves them outside the sandboxed fs.

1. New in-page toolbar with pin mode (available when extension review completes) — every attached tab now gets a floating toolbar you can use to pin elements directly from the page. Pinning copies a natural-language prompt plus the exact playwriter -e '…' code needed to inspect that element later, so pasted prompts are immediately useful to an agent instead of just exposing a fragile DOM handle.
2. Always-on ghost cursor with better motion (available when extension review completes) — the cursor overlay now appears on every Playwriter-attached tab, survives hard navigations, uses smoother move/press animation timing, and fades away after 5 seconds of idle time so manual browsing stays uncluttered. The next Playwright-driven mouse action brings it back instantly.
3. Shared JavaScript dialogs no longer crash multi-client sessions — when multiple connectOverCDP() clients auto-close the same alert()/confirm()/prompt(), duplicate best-effort closes are now ignored instead of surfacing an unhandled rejection that kills the process.

1. Popup windows auto-relocate to tabs — when a connected page opens a popup via window.open or target="_blank", the extension moves it into the source window as a regular tab and auto-attaches it. Agents no longer need the cmd+click workaround for OAuth flows.

2. New page warning replaces unreachable popup warning — the executor now emits [WARNING] New page opened from current page (index N, initial url: ...) pointing agents at the new tab. The old Popup window detected ... cannot be controlled by playwriter warning is gone.

3. Minimum extension version enforcement — if the installed extension is older than 0.0.80, the CLI and MCP warn the user to update via chrome://extensions. The warning is also surfaced in the MCP agent's warning stream.

4. Fix multi-browser relay collisions — Chromium-based browsers that don't have a signed-in Google account (Chromium, Vivaldi, Helium, Dia, etc.) previously all shared the same browser:Chromium relay key, causing them to replace each other's WebSocket connection. The extension now persists a per-install ID in chrome.storage.local and uses it as a stable fallback key.

5. Fix extension takeover loop — after being replaced by another instance, the extension's reconnect loop now waits until the replacement is fully gone before reclaiming the relay slot. Previously it checked activeTargets === 0, which is briefly true right after a fresh replacement connects, causing the old worker to steal the slot back and drop the active Playwright tab.

Fixes env var leak and noisy output when auto-returning Playwright objects from the CLI.

1. Auto-returned Playwright handles are now silently skipped — await page.goto(url) and similar single-expression code no longer prints anything when the return value is a Playwright handle (Response, Page, Browser, Request, Frame, etc.). These are programmatic references, not display data. The previous behavior also leaked every process.env variable (API keys, tokens, credentials) via util.inspect at depth 4.

   By default expression results are printed and that was the cause — now we don't print those objects which would also waste LLM context.

   To see data, explicitly return specific fields or use console.log:

   return response.url()           // prints the URL
   return response.status()        // prints 200
   console.log(response)           // prints safe summary

2. console.log(response) now renders a clean summary (via @xmorse/playwright-core@1.59.7) — no env var dump, no 400K+ output:

   Response@response@abc123 { url: 'https://...', status: 200, statusText: 'OK', headers: [...] }
   

Fixes #82.

1. Direct CDP connection mode (--direct) — connect to Chrome's built-in debugging WebSocket without needing the Playwriter extension. Works with any Chromium-based browser (Chrome, Brave, Ghost Browser, Arc, Edge, etc.) that has debugging enabled via chrome://inspect/#remote-debugging or --remote-debugging-port. Auto-discovers instances via DevToolsActivePort files and port scanning. For MCP, set PLAYWRITER_DIRECT=1 env var.

   playwriter session new --direct
   playwriter browser list

   In direct mode, browser.contexts() gives access to pages across all open Chrome profiles.

2. playwriter browser start (experimental) — launched a managed Chrome instance with the bundled Playwriter extension preloaded, useful for fresh VPS/AVPS setups. Now deprecated in favor of session new --direct. The command still works but is hidden from --help.

3. Kitty Graphics Protocol support — when AGENT_GRAPHICS=kitty is set, the CLI emits screenshots and resized images as Kitty Graphics Protocol escape sequences. Agents with kitty-graphics-agent automatically extract images and pass them to the LLM as media parts.

   AGENT_GRAPHICS=kitty playwriter -s 1 -e "await screenshot({ page })"

4. Screenshots and images now use PNG — screenshotWithAccessibilityLabels() and resizeImageForAgent() now consistently output PNG instead of JPEG, fixing image/png vs image/jpeg mismatch errors in MCP clients.

5. resizeImageForAgent — renamed from resizeImage. Resized images are now automatically collected and included in responses. The old name still works as a backward-compatible alias.

6. Chrome 136+ direct CDP discovery — --direct auto-discovery now detects Chrome instances where /json/version returns 404 (Chrome 136+ with chrome://inspect debugging). Uses HTTP-only probing and never triggers Chrome's approval dialog.

7. Show session cwd in playwriter session list — session table now includes the working directory, making it easier to tell similar sessions apart.

8. Fix session cwd leakage across relay restarts — relative fs paths in the sandbox now resolve from the cwd captured by session new.

9. Contenteditable detection in snapshots — bare contenteditable elements are now correctly detected as interactive textboxes in accessibility snapshots.

10. PLAYWRITER_DIRECT only accepts '1' — removed 'auto' and 'true' aliases. Explicit ws:// endpoints still work.

1. More reliable downloads in extension mode: download behavior now stays compatible with both Page.download* and Browser.download* event paths, so flows like page.waitForEvent('download') work consistently through the relay.

2. Default action timeout is now 60 seconds, which reduces false click failures on slower real-world pages when interactions succeed but post-action waiting exceeds short budgets.

3. Ghost cursor injection is more stable for recording flows by using direct per-page injection instead of the unreliable init-script persistence path.

1. Ghost cursor overlay during recording — smooth animated cursor visualizes automated mouse actions (clicks, moves, presses) directly on the page during screen recordings, driven by Playwright onMouseAction callbacks so both page.mouse.* and locator.click() are captured

2. Demo video creation — new createDemoVideo() automatically detects and speeds up idle sections between interactions, with hardware encoder detection (h264_videotoolbox, etc.) and optimized FFmpeg output for social media

3. resizeImage() sandbox utility — shrink screenshots before feeding them to LLMs; default mode fits within 1568×1568px, supports explicit width/height/maxDimension

4. Descriptive click timeout errors — when locator.click() times out, the error now explains why ("Element is not visible", "Element is not stable", etc.) instead of a generic timeout message

5. Faster action timeouts — default Playwright action timeout reduced from 10s to 2s so agents get fast failures with descriptive errors; navigation timeout unchanged at 10s

6. State-aware page-close warnings — executor warns when a closed page is referenced in session state and reports which state key(s) need reassignment, with automatic fallback to another open tab

7. Popup detection warnings — executor emits [WARNING] when popup windows open during execution so agents are aware of context changes

8. recording and ghostCursor namespaces — cleaner API in the execute sandbox: recording.start/stop/isRecording/cancel and ghostCursor.show/hide, with backward-compatible top-level aliases

9. Multi-profile Chrome support — auto-selects the correct extension when multiple Chrome profiles are connected simultaneously

10. Snapshot diff scoped by locator — showDiffSinceLastCall cache now isolated per locator scope; also skipped automatically when search is provided

11. Relay state centralized to Zustand store — internal relay state (extensions, targets, playwright clients) unified in a single immutable atom, eliminating scattered Maps and fixing edge-case reconnect bugs

12. page.onMouseAction callback in Playwright fork — fires for both page.mouse.* and locator.click() actions; Locator.selector() now publicly typed (@xmorse/playwright-core@1.59.6)

13. Suppress stack traces for timeout/abort errors — CLI and MCP output is cleaner; only the message is shown for expected timeout failures