Pilot

Instructions

Implementation Reference

• src/tools/inspection.ts:117-152 (handler)

  Implementation of the 'pilot_storage' tool which reads/sets browser storage.

  server.tool(
    'pilot_storage',
    'Get localStorage + sessionStorage as JSON (sensitive values redacted). Optionally set a localStorage key.',
    {
      set_key: z.string().optional().describe('Key to set in localStorage'),
      set_value: z.string().optional().describe('Value to set'),
    },
    async ({ set_key, set_value }) => {
      await bm.ensureBrowser();
      try {
        const page = bm.getPage();
        if (set_key) {
          await page.evaluate(([k, v]) => localStorage.setItem(k, v), [set_key, set_value || '']);
          return { content: [{ type: 'text' as const, text: `Set localStorage["${set_key}"]` }] };
        }
        const storage = await page.evaluate(() => ({
          localStorage: { ...localStorage },
          sessionStorage: { ...sessionStorage },
        }));
        // Redact sensitive values
        const SENSITIVE_KEY = /(^|[_.-])(token|secret|key|password|credential|auth|jwt|session|csrf)($|[_.-])|api.?key/i;
        const SENSITIVE_VALUE = /^(eyJ|sk-|sk_live_|pk_live_|ghp_|gho_|github_pat_|xox[bpsa]-|AKIA|AIza|SG\.|Bearer\s|sbp_)/;
        const redacted = JSON.parse(JSON.stringify(storage));
        for (const storeType of ['localStorage', 'sessionStorage'] as const) {
          const store = redacted[storeType];
          if (!store) continue;
          for (const [key, value] of Object.entries(store)) {
            if (typeof value !== 'string') continue;
            if (SENSITIVE_KEY.test(key) || SENSITIVE_VALUE.test(value)) {
              store[key] = `[REDACTED — ${value.length} chars]`;
            }
          }
        }
        return { content: [{ type: 'text' as const, text: JSON.stringify(redacted, null, 2) }] };
      } catch (err) {
        return { content: [{ type: 'text' as const, text: wrapError(err) }], isError: true };