Verify Firefox is connected and BiDi reports ready.

List browsing contexts (tabs and iframes) currently open in Firefox.

Open a new browsing context (tab).

Set the active browsing context for subsequent tool calls.

Navigate the current context to a URL, or perform reload / back / forward.

List frames (top + iframes) under the active page as a flat array.

Set the active frame (iframe) context for subsequent tool calls. Pass empty string to clear.

Take a screenshot of the active page as base64 PNG.

Get W3C performance metrics from the active page (navigation timing + paint). M3 adds engine-level metrics behind the same tool.

List script resources loaded on the active page (URL + size). Does not include inline blocks; M3 RDP version will.

Get the source of a script by URL. Fetches via the page (BiDi limitation; CORS may block cross-origin). Cached.

Find string or regex pattern in a single cached script. Use get_script_source first to populate the cache.

Search a string or regex across ALL cached scripts. Populate the cache with get_script_source first.

Alias of search_in_scripts. M3 RDP version differentiates by including dynamically-evaluated sources too.

Create a hook definition. Use inject_hook to attach it to the page or workers.

Inject a created hook into the page or worker(s). target: "page" | "worker:" | "all-workers" (default "page").

Read collected samples for a hook. Optionally limit count and filter by timestamp.

List all registered hooks with their injection status and sample count.

Remove a hook and its preload script registration.

Create and inject a hook in one call. Convenience wrapper around create_hook + inject_hook.

Alias for remove_hook (kept for compatibility with the original CDP project naming).

Trace a function: hook with capture preset [args, return, stack]. Convenience wrapper for call-chain debugging.

List network requests collected since session start. Filter by URL substring, method, or response presence.

Get full details of a single network request by ID. Optionally fetch its body via networkObserver.getData.

Get the initiator info for a request. Returns BiDi initiator + (when M3 initiatorTracer is wired) normalized {type, stack[{scriptUrl,line,column,functionName?}]}.

Install a hook that issues debugger; when XHR/fetch URL matches the pattern. v1 fires only if DevTools is open; M3 RDP wires the actual debugger pause.

Remove an XHR/fetch breakpoint registered by break_on_xhr.

Read cookies, localStorage, sessionStorage, and IndexedDB names for the active page.

Snapshot cookies + localStorage + sessionStorage of all known window realms into an in-memory snapshot.

Restore a previously saved snapshot back into the browser (cookies + localStorage + sessionStorage).

Export a named snapshot as a JSON string (for writing to disk).

Load a snapshot from a JSON string (previously produced by dump_session_state).

List all named session snapshots in memory.

Delete a named session snapshot from memory.

Get a flattened summary of the DOM tree (up to depth 4, 20 children per node).

CSS selector query against the active page. Returns shared node references.

Find all clickable elements (links, buttons, role=button, onclick, submit inputs) on the active page.

Click a DOM element identified by its sharedId.

Type text into a DOM element identified by its sharedId.

Wait for a CSS selector to match an element on the active page.

Return console log entries from the active session. Optionally limit and filter by level.

Get a single console entry by index.

Evaluate a JS expression in a window realm of the active (or specified) context.

Start a monitor for RDP resource types (console-message, error-message, network-event, source, document-event, etc.).

Stop a monitor previously started by monitor_events.

List active WebSocket connections detected on the page.

Get a single frame by wsid + frameIndex.

Get multiple frames for a wsid with optional filters.

Cluster frames by byte-signature heuristic. v1 local-only; no LLM.

List workers (dedicated, shared, service) visible on the active page. M3 RDP version adds offline worker detection.

Set the active worker realm. Pass empty string to clear. Used as default target by hook tools.

Set a breakpoint by source URL + line (+ optional column). columnTolerance > 0 enables multi-hit auto-resume until the paused column falls within ± tolerance of the requested column.

Set a breakpoint by searching for a text string in cached sources (+ optional sourceUrl filter). columnTolerance > 0 enables multi-hit auto-resume.

Remove an existing breakpoint by its bpId.

List all currently registered breakpoints.

Pause script execution in the debugger thread.

Resume script execution after a pause.

Step over the current statement (skips into function calls).

Step into the current function call.

Step out of the current function, resuming until the caller.

Get information about the current paused state (callframe, location, why). Fails if not paused.

Evaluate a JavaScript expression in the context of the current paused callframe. Throws if not paused.

Inspect an RDP object grip: preview + prototype + own properties (+ optional internal slots).

Enable or disable JavaScript execution for a browsing context. Per-context scope via BiDi emulation.setScriptingEnabled — does not affect other tabs.

Enable or disable CSP enforcement for a browsing context. Per-context scope via BiDi browsingContext.setBypassCSP — when enabled=false, bypass is set so inline injections succeed.

Apply a stealth preset via BiDi preload. Default: firefox-default.

Render a stealth-hardened wrap (Function.toString masking + channel-emitting Proxy) over one or more dotted global paths, optionally with performance.now/Date.now timing neutralisation, then install via BiDi preload. Main world only — use inject_stealth_to_workers for worker realms.

Push a stealth preset (default firefox-default) into every dedicated/shared worker realm via post-start eval. With watch:true (default) subscribes to new-worker events for the rest of the session.

List the stealth features the capability knows about.

List the stealth presets the capability knows about.

Inject arbitrary preload JavaScript via BiDi script.addPreloadScript. Source runs before page scripts.

Override the User-Agent string for a browsing context via BiDi emulation.setUserAgentOverride.

Use an LLM to explain what a JS snippet does. Returns LlmNotConfigured cleanly when no provider is set.

Use an LLM to produce a bullet-list summary of a JS snippet. Returns LlmNotConfigured when no provider is set.

Apply local AST transforms (constant fold / string array decrypt / dead-code / control-flow hint) to deobfuscate a JS snippet.

Run static crypto-algorithm signature rules (AES/RC4/MD5/SHA*/Base64/HMAC/RSA/SM*) against inline source or a cached script.

Summarize cached scripts: crypto signature hits + sensitive API usage. Filter by URL substring.

Aggregate risk signals across cached scripts: crypto, exfil, fingerprint, storage writes, dynamic eval. Returns weighted score.

Fetch and cache the source of every script URL on the active page. If urls/urlSubstring given, only those are collected.

Bundle cached scripts + hook samples + network samples + env probes into artifacts/tasks//.

Diff two pip-style requirement files. Returns added / removed / changed / unchanged buckets plus counts.

Append a reverse-engineering evidence record to artifacts/tasks//runtime-evidence.jsonl.

Render a Markdown summary of the current session (scripts / requests / hooks / evidence) into artifacts/tasks//report.md.

Diff two keyed collections (scripts / requests / hooks). Items with the same key but different hash become "changed". Used by evidence comparisons.