Frequently asked questions
Answers to the questions people ask before installing Chromeflow. If yours isn't here, open an issue at github.com/NeoDrew/chromeflow.
What is Chromeflow?
Chromeflow is a Model Context Protocol (MCP) server and Chrome extension that lets an AI coding agent — either Claude Code or OpenAI's Codex CLI — drive your real Chrome browser. The agent clicks buttons, fills forms, uploads files, and captures API keys directly to your .env file. Unlike Playwright or Browser Use, which launch a fresh empty browser, Chromeflow runs in your existing Chrome where you're already signed in everywhere.
Is Chromeflow reliable? Has it been tested in real workflows?
Yes. Chromeflow was shaped by 400+ hours of real agentic browser work before its public v0.9 release. The skill content in CLAUDE.md and the error-handling recipes in every tool came from patching rough edges as they surfaced in real workflows — Canvas attachment downloads, Stripe product setups, eBay listings, DataAnnotation forms, Notion edits, OAuth handoffs, multi-tab transitions, React Select widgets, shadow-DOM click-through, dozens more. The tool is battle-tested in a way most agent-browser libraries aren't — there's a real story behind every until_* clause, every CSP-bypass tool, and every cookie-redaction default.
How is Chromeflow different from Playwright or Browser Use?
Playwright and Browser Use spawn a clean browser process with empty cookie jars, no extensions, no saved sessions. Every run, your agent has to log in from scratch and can't handle 2FA. Chromeflow runs inside your real Chrome — you're already logged into Stripe, GitHub, AWS, Canvas, and every other service. The agent uses your sessions; 2FA stays in your hands.
Does Chromeflow work with both Claude Code and Codex CLI?
Yes. Same MCP server, same Chrome extension. Install with /plugin marketplace add NeoDrew/chromeflow in Claude Code, or codex plugin marketplace add NeoDrew/chromeflow followed by /plugins in Codex CLI. The popup shows a host badge on each session card so you can run both agents in parallel windows.
What does Chromeflow cost?
Free. MIT-licensed. The Chrome extension is on the Chrome Web Store at no charge, the MCP server is bundled into the open-source plugin, and the source is on GitHub at github.com/NeoDrew/chromeflow.
How does Chromeflow bypass page Content-Security-Policy when fetching authenticated URLs?
Chromeflow ships three privileged-context tools — fetch_url, download_file, and read_attachment — that run inside the extension's background service worker. The service worker has full host_permissions, uses Chrome's cookie jar automatically, and is not subject to the page's connect-src CSP. That's how Chromeflow can grab Canvas attachments, Stripe document downloads, or other authenticated assets that an execute_script fetch can't reach.
Can Chromeflow handle 2FA and password-protected logins?
You handle 2FA and passwords. Chromeflow pauses on sensitive input and uses highlight_region to show you what to enter. The agent fills everything else — names, descriptions, prices, URLs, webhook endpoints, billing periods, currencies. This human-in-the-loop split is the core design principle: agents automate the boring parts, you handle the parts that need real authentication.
Is my data used to train AI models?
No data flows from your browser to Chromeflow's authors. The Chrome extension talks only to a local WebSocket on 127.0.0.1 (port range 7878–7888) that the MCP server on your machine listens on. Your agent — Claude Code or Codex — handles its own LLM API calls per its own policies. Chromeflow itself collects nothing.
Can Chromeflow run multiple AI agents in parallel?
Yes — up to 11 sessions, one per port in the 7878–7888 range. Run Claude Code in one terminal and Codex in another, assign each to its own Chrome window from the extension popup, and they automate side-by-side without colliding. The popup shows a host badge on each row so you can tell which agent is driving which window at a glance.
What does Chromeflow do well, and what doesn't it do?
Does well: filling forms (including React-controlled, contenteditable, CodeMirror, Monaco), clicking buttons with verifiable post-click conditions, capturing API keys to .env, downloading authenticated files, parsing docx attachments in-extension, navigating multi-step OAuth flows, dismissing cookie banners. Doesn't do: anything that genuinely requires the human (passwords, 2FA codes, payment details, legal consent). Also: PDF text extraction is deferred to a future release — for now, use download_file then your local pdftotext.
Which browsers and operating systems does Chromeflow support?
Google Chrome and Chromium-based browsers (Edge, Brave, Arc) on macOS, Linux, and Windows. The MCP server needs Node.js 22 or newer. The Chrome extension is published on the Chrome Web Store and uses Manifest V3.
How do I report a security vulnerability?
Email security reports to AndrewMaxwellRobertson@gmail.com with the subject "chromeflow security". The full SECURITY.md is in the GitHub repository. The most recent disclosed advisory was the inspect_request_headers cookie-redaction fix in v0.9.4 — that tool now redacts session-bearing cookies by default.
Where can I see the full list of tools Chromeflow exposes?
The full tool catalogue lives in CLAUDE.md in the GitHub repository — 26 tools as of v0.9.4. Categories: navigation (open_page, switch_to_tab, list_tabs, list_frames), reading (get_page_text, find_text, get_console_logs), interaction (click_element, fill_input, fill_form, type_text, scroll_to_element), waiting (wait_for, wait_for_click), privileged network (fetch_url, download_file, read_attachment), highlight and handoff (highlight_region, clear_overlays), and utility (execute_script, take_screenshot, capture_terminal, write_to_env, set_file_input, inspect_request_headers, get_form_fields).
How do I uninstall Chromeflow?
In Claude Code: /plugin uninstall chromeflow. In Codex CLI: open the /plugins picker, find chromeflow, choose Uninstall. To fully remove: also remove the Chrome extension from chrome://extensions. The MCP server stops automatically when the agent exits — there are no leftover background processes after 0.9.2 (which added stdin-close and PPID-change watchdogs).
Can I contribute or submit fixes?
Yes — the repo is at github.com/NeoDrew/chromeflow and PRs are welcome. Codebase: packages/mcp-server (TypeScript), packages/extension (TypeScript + Manifest V3), packages/plugin (host packaging), apps/website. Run npm install at the root, then packages/plugin/scripts/build-server.sh to bundle the MCP server. Build the extension with node packages/extension/build.mjs.