Actionbook

Actionbook is a local bridge that connects the Actionbook command-line interface (CLI) to your browser, enabling user-initiated browser automation for AI agents and developer tools — entirely on your machine.

HOW IT WORKS
• This extension requires the Actionbook CLI installed locally.
• The extension establishes a WebSocket connection to a bridge service running on localhost
• When you run browser commands through the Actionbook CLI, the local bridge relays those commands to the extension.
• The extension attaches the Chrome DevTools Protocol (CDP) to a tab you explicitly select and executes only a strict allowlist of permitted CDP methods.

All communication stays on your local machine. The extension does not communicate with Actionbook-operated external servers.

KEY FEATURES
• Tab Management — Create, activate, and attach automation to a specific tab. `listTabs` returns only tabs managed by Actionbook, so the extension never enumerates your unrelated browsing.
• Actionbook Tab Group — Tabs opened by Actionbook are automatically collected into a dedicated "Actionbook" Chrome tab group (blue), making agent-driven tabs visually distinct and easy to collapse or close in bulk. Toggleable from the extension popup ("Group Actionbook tabs").
• Concurrent Multi-Tab Automation — Drive multiple tabs in parallel within a single session. Every command is self-contained with explicit session/tab addressing, with no implicit "current tab" state.
• Page Navigation — Navigate to URLs and reload pages programmatically.
• DOM Inspection — Query document structure and read page content, including an accessibility-tree–based snapshot for AI agents.
• Screenshot & PDF Capture — Capture screenshots and print pages to PDF for inspection or archival.
• Network / HAR Capture — Record HTTP traffic on attached tabs via the CDP Network domain, so CLI `har start` / `har stop` workflows produce complete HAR output.
• Input Simulation — Dispatch mouse clicks and keyboard events for automated interactions.
• JavaScript Evaluation — Evaluate JavaScript in the page context via CDP for user-requested automation steps.
• Cookie Management — Read, set, and remove cookies scoped to a specific URL/domain provided by the workflow.
• Resilient Bridge — Startup health check and progressive-backoff reconnect prevent connect/disconnect loops when the CLI restarts.

SECURITY MODEL
Actionbook is designed to keep automation visible, scoped, and user-controlled:

• Explicit Tab Attachment
Automation runs only on the tab you attach/open as part of the automation session. User-attached tabs are preserved as-is and are not moved into the Actionbook tab group by default.

• Actionbook-Scoped Tab Listing
`Extension.listTabs` returns only tabs attached or created through Actionbook. The extension never exposes a list of your unrelated tabs to the CLI or agents.

• Chrome Debugger Visibility
CDP requires the Chrome "debugger" attachment. While attached, Chrome displays its standard debugging infobar/banner.
Dismissing the banner or closing the tab ends the session.

• CDP Command Allowlist
Only a curated allowlist of CDP methods is permitted. Any method not on the allowlist is rejected.

• Risk-Based Approval Gate
Commands are categorized into three risk levels:
- Level 1 (Read-only): e.g., screenshots, DOM queries, reading cookies (auto-approved)
- Level 2 (Page modification): e.g., navigation, input events, JavaScript evaluation (auto-approved)
- Level 3 (High-risk): e.g., writing/deleting cookies, clearing site data, changing download behavior (requires explicit confirmation)

• Sensitive Domain Protection
On sensitive domains (banking, payment/checkout, government, healthcare), Level 2 commands are automatically elevated to Level 3
and require explicit confirmation in the extension popup. Confirmation requests expire automatically if not acted upon.

PRIVACY
To perform the automation steps you explicitly trigger, the extension may access and process locally:
• Web history signals: tab URL and title for Actionbook-managed tabs (so the CLI can target the correct page)
• Website content: DOM/text and page captures (screenshots/PDF)
• Network activity: HTTP request/response metadata on attached tabs, only when HAR recording is active
• Authentication-related data: cookies for a specific URL/domain provided by the workflow

Actionbook does NOT send this data to Actionbook-operated external servers.
The extension communicates only with the localhost bridge (127.0.0.1) running on your machine.
No analytics, telemetry, tracking, or advertising are included.

GETTING STARTED
1. Install the Actionbook CLI (see https://actionbook.dev).
2. Install this extension from the Chrome Web Store.
3. Set up the CLI Extension Mode and run browser commands through the CLI:
actionbook browser open "https://www.youtube.com"
actionbook browser screenshot result.png
actionbook browser click "button.submit"

The CLI bridge starts when you run browser commands — no manual daemon setup needed.

LOCAL STORAGE
The extension stores minimal local settings in chrome.storage.local — for example, the "Group Actionbook tabs" preference and connection/pairing compatibility settings.
It does not store browsing history, page content, or cookies.

PERMISSIONS (and why they are needed)
• debugger — attach CDP to automate tabs you select
• tabs / activeTab — open, activate, and target Actionbook-managed tabs
• tabGroups — group Actionbook-opened tabs into a dedicated "Actionbook" tab group
• cookies — read/write cookies scoped to URLs provided by your workflow
• storage — persist the popup toggle and compatibility settings
• offscreen — maintain the local WebSocket bridge to the CLI
• host_permissions (<all_urls>) — so automation can target any site you explicitly drive

REQUIREMENTS
• Actionbook CLI installed on your machine
• Chrome browser (or Chromium-based browser)

OPEN SOURCE
The full source code is available for inspection at https://github.com/actionbook/actionbook. Security researchers and developers are welcome to audit the code.

SUPPORT
For bug reports, feature requests, or questions, visit: https://github.com/actionbook/actionbook/issues