Version Packages (alpha)#107
Merged
Merged
Conversation
4e75fbe to
9cbbc5b
Compare
90c3b29 to
2170456
Compare
019acf9 to
b042dbe
Compare
b042dbe to
0fc187f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
mainis currently in pre mode so this branch has prereleases rather than normal releases. If you want to exit prereleases, runchangeset pre exitonmain.Releases
@peekdev/cli@0.1.0-alpha.29
Minor Changes
4683ce4: Add
peek audit bundleto package the audit log + head into a portable*.peekauditevidence archive (SHA-256 integrity manifest), andpeek audit verify --bundle <file>to verify a received archive (archive integrity + hash chain). Skill updated for the newverify_audit_logtool (17 tools).4a22113: peek:
peek connect— a supervised daemon for running connectors locallyNew
peek connectcommand: register connectors (add/list/remove) in~/.peek/connect/connectors.json, and start/stop/status/logs a detached
supervisor that spawns, monitors, and restarts-with-backoff each connector as a
subprocess (single-instance lock, per-connector logs). Connectors are launched
by a descriptor-default command (e.g. peek-connector-slack) or a per-entry
override; peek-cli depends on no connector package. Autostart and a dashboard
are future work.
68908e6: peek: explicit, configurable session retention
New
peek retentioncommand bounds the local store without ever deletingsilently. Configure a policy (
set --max-age <dur> --max-size <size> --keep <n>),see exactly what would be removed (
preview), then prune (apply, with aconfirmation unless
--yes). Pruning is age- and/or disk-based with an absolute"keep the last N most-recent" floor, never removes an active (in-progress)
recording (unless you pass
--include-stale-activefor crashed sessions), andfrees the on-disk event blobs.
peek statusnow reports total store size and howmuch is over your policy. Local-only; no telemetry.
b720ccb: Local file-based session export/import:
peek sessions export <id> --format bundlewrites a portable, self-contained
*.peekbundle(a gzipped tar of the rrweb eventstream + console/network rows + metadata, with a SHA-256 integrity manifest and an
honest masking caveat), and a new
peek sessions import <file>reconstructs thesession in the local store (mint-new-id by default;
--keep-id/--forcetopreserve). No cloud, no account — an explicit, local-first file handoff.
679d3cf: Add
peek sessions search(--q / --origin / --since / --until / --status / --errors / --limit / --json) to search recorded sessions by metadata + facets. Skill updated for the newsearch_sessionstool.7ce7403: peek: tamper-evident (hash-chained) audit log +
peek audit verifyThe local action audit log (
~/.peek/audit.log) is now hash-chained — eachentry carries a
seqcounter and aprevHashfield (SHA-256 of the previousline), serialized under a file lock, with a small
audit.head.jsonsidecarthat records the tail hash for truncation detection. The new
peek audit verifycommand recomputes the chain and reports whether it is intact, orpinpoints the first broken line.
The audit log is tamper-evident, not tamper-proof — it detects accidental
corruption, truncation, reordering, and edits, but does not stop a determined
local attacker who recomputes the whole chain. There are no keys, no external
anchor, and no egress.
Patch Changes
1b85e5a: chore(deps): bump better-sqlite3 to ^12.11.1.
Routine runtime-dependency patch for the native SQLite driver (12.10.0 →
12.11.1; 12.11.0 was unpublished). Node-22 prebuilt binaries unaffected. Part
of the Tier A/C safe minor+patch upgrade batch; all other bumps in that batch
are dev-only and not user-visible.
c4d65b0: docs(peek-cli): document the peek connect and peek sessions search commands in the README
5c736d4: docs: the peek Chrome extension is now live on the Chrome Web Store.
Install guidance now leads with the Chrome Web Store listing
(https://chromewebstore.google.com/detail/peek/dmgpmkeneheenpdnfmpjjahnkknkaejb)
as the primary path, with "load unpacked from
packages/peek-extension/chrome-mv3/"demoted to a contributor/local-build fallback. The
@peekdev/extensionpackage'snpm status is unchanged — it remains
privateand is not published to npm; onlythe Chrome-Web-Store availability wording changed. Docs-only; no code change.
7718713: Positioning reframe: lead every surface with the read-path forensic story —
"debug what already happened in your real browser." Rewrites the MCP server
instructions + entry-tool descriptions, the package READMEs and descriptions,
and the extension's tagline around forensic read access (sessions you already
lived: DOM history, console/network errors, the action before an error) with
the Playwright repro as the payoff. No API, schema, or behavior change.
b12534d: peek skill: document all 16 tools (was 14)
The bundled Claude Code skill (installed by
peek init) now lists peek's twolive-page read tools —
get_page_viewandget_element_detail— and correctsthe tool count from 14 to 16. Documentation only; both tools already shipped.
f9fc8c3: Correct the docs URL in the peek skill (
cubenest.in/peek→peek.cubenest.in)to match the canonical docs host used everywhere else.
240aa3b: peek init: write the correct MCP config key for VS Code
peek initnow writes theserversroot key to.vscode/mcp.jsonfor VS Code(VS Code reads MCP servers from
servers, withtypeinferred as stdio),instead of
mcpServers— the previous output was silently ignored by VS Code.Other clients are unchanged (they use
mcpServers).5c736d4: docs: README accuracy pass — peek act surface, CLI commands, and adapter options.
peek is no longer read-only in the docs:
@peekdev/clinow states peek readsrecorded sessions and, with explicit per-origin consent, drives the live
page; the MCP tool count is corrected to 16 (adds the live ref-tagged page view
alongside the act/handoff tools); and the
Commandsblock is rewritten to matchthe actual CLI —
peek audit log(with--since/--tool/--client/--json),peek sessions list/export/deleteflags, themarkdownexport default, and anote that
--format htmlis reserved/unimplemented.Adapter/engine accuracy:
@tracelane/wdiodocuments the real default-onsecurityoption and theconsolePluginOptionspass-through;@tracelane/clidocuments the shipped
tracelane indexsubcommand;@tracelane/coredrops theinvented "Q4 2026" Cypress ship date (Cypress is "on the roadmap"); and
@tracelane/reportdocuments the advisory security panel andbuildReport'soptional
optionsargument. Docs-only; no code change.Updated dependencies [4b5eabb]
Updated dependencies [1b85e5a]
Updated dependencies [7f17ad0]
Updated dependencies [f9fc8c3]
Updated dependencies [014d7ce]
Updated dependencies [945f4f2]
Updated dependencies [521cc05]
Updated dependencies [5c736d4]
Updated dependencies [58b4b8c]
Updated dependencies [9ddf4d1]
Updated dependencies [7718713]
Updated dependencies [679d3cf]
Updated dependencies [12f0464]
Updated dependencies [4683ce4]
Updated dependencies [475c640]
Updated dependencies [8df4e25]
Updated dependencies [7ce7403]
@peekdev/mcp@0.1.0-alpha.23
Minor Changes
4b5eabb: peek: causal-chain enrichment of the forensic read tools
get_user_action_before_errornow returns a pre-assembled causal chain — a single time-orderedtimeline(user action → DOM mutation → network/console error) plus groupeddomMutations/networkErrors, the seederror, and a deterministicnarrative— instead of just the action list. A newwindowMsparameter bounds the correlated context.query_dom_historygains a selector-free window mode (ts+windowMs) returning DOM changes in a time window withtargethints. All additive; no LLM, no new egress.945f4f2: peek: faster DOM reconstruction on long sessions
get_dom_snapshotnow loads only the event chunks it needs — from the nearestfull snapshot at or before the requested timestamp through that timestamp — using
the existing per-chunk time index, instead of decompressing the entire session
blob. On a long recording this turns an O(n)-decompress into reading a handful of
chunks. Output is byte-identical.
selectorForis now memoized per snapshotindex, speeding selector-based
query_dom_historylookups. No schema change;falls back to the full load when the chunk index is unavailable.
9ddf4d1: peek: richer live page-inspection in
get_element_detailget_element_detailnow returns a curated, masked computed-style bag, theaccessible description (resolved from
aria-describedby/aria-description),and effective
aria-hidden/aria-disabledinheritance flags — all Level-1read-tier, DOM-only (no CDP, no eval), and masked (in-page redaction for
.rr-mask/[data-private]regions plus service-worker-side masking of thedescription text and every
url()inbackground-image). Live console/networkstate remains available via the existing
get_session_console_errors/get_session_network_errorstools. Additive; no schema, permission, or toolchange.
679d3cf: Add a read-only
search_sessionsMCP tool: find recorded sessions by title/URL/origin text plus facets (origin, date range, status, console/network errors). Returns the same rows as list_recent_sessions.12f0464: peek: set_intent accepts an optional status
The set_intent tool now takes an optional status: 'done' | 'failed'. Pass it
at the end of an assisted-apply loop to show a clear terminal banner on the
control shield — green for done, red for failed. Omitting status keeps the
previous behavior (a plain status label).
4683ce4: Add a read-only
verify_audit_logMCP tool that verifies peek's local action audit-log hash chain and reports its integrity (intact / broken / truncated / tail-tampered / prefix-tampered / gaps / incomplete-final / head-missing).8df4e25: peek: session-to-repro hardening
generate_playwright_repronow emits Playwright semantic locators (getByTestId/getByRole/getByPlaceholder/getByText, each uniqueness-checked, with a CSSpage.locator(...)fallback) instead of bare CSS selectors, and accepts an optionalerrorIdthat seeds a console-error-absence regression assertion (page.on('console', …)+expect(consoleErrors.join('\n')).not.toContain(<captured message>)) — so the repro fails while the bug is present and passes once fixed. The shared CSS selector heuristic also prefers[aria-label]/[placeholder]over:nth-of-type, improving the other read tools too. Additive; deterministic; no new egress.7ce7403: peek: tamper-evident (hash-chained) audit log +
peek audit verifyThe local action audit log (
~/.peek/audit.log) is now hash-chained — eachentry carries a
seqcounter and aprevHashfield (SHA-256 of the previousline), serialized under a file lock, with a small
audit.head.jsonsidecarthat records the tail hash for truncation detection. The new
peek audit verifycommand recomputes the chain and reports whether it is intact, orpinpoints the first broken line.
The audit log is tamper-evident, not tamper-proof — it detects accidental
corruption, truncation, reordering, and edits, but does not stop a determined
local attacker who recomputes the whole chain. There are no keys, no external
anchor, and no egress.
Patch Changes
1b85e5a: chore(deps): bump better-sqlite3 to ^12.11.1.
Routine runtime-dependency patch for the native SQLite driver (12.10.0 →
12.11.1; 12.11.0 was unpublished). Node-22 prebuilt binaries unaffected. Part
of the Tier A/C safe minor+patch upgrade batch; all other bumps in that batch
are dev-only and not user-visible.
7f17ad0: peek: guide agents to re-verify each step of the assisted-apply loop
The MCP server instructions and the execute_action / set_intent tool descriptions
now spell out the "apply and re-verify" convention: after a mutating action, the
agent re-reads the target (get_element_detail for the value, get_page_view for a
validation error) before advancing the status banner, and stops and reports if a
step didn't take rather than retrying blindly. Password/email/PII values stay
masked, so those are verified by the absence of an error. Guidance only — no new
tool, permission, or behavior change.
f9fc8c3: Document installing peek as a Claude Code plugin (
/plugin marketplace add Cubenest/rrweb-stack→/plugin install peek@peek). README-only; the pluginmanifests live at the repo root (
.claude-plugin/marketplace.json,plugins/peek/).014d7ce: peek: connector pairing / attestation (SP4)
Connectors now pair with peek via a matching-code trust-dial handshake: the
service worker mints a secret, stores only its hash (chrome.storage.local), and
returns the plaintext once. The connector presents the secret on each action;
the SW verifies it, and the Level-3 banner-less delegated-consent path now
requires a verified paired connector — closing the forge-the-flag gap that a
bare consentDelegated flag left open. Destructive actions still force the local
banner; TOCTOU revalidation still applies; delegation never escalates below
Level 3; direct clients are unaffected. Pairings are revocable on the trust
dial. No new egress.
521cc05: peek: delegated consent via MCP elicitation for the
execute_actiontoolWhen an MCP client advertises the
elicitation.formcapability (connectors thatrelay consent to a human over chat, not the browser confirm banner), the peek
MCP server now elicits delegated consent before running
execute_action:dispatchActToolcalls a defensive elicitation helper (capability-probe → race a120 s timeout → degrade, never throws) and, on a declined/cancelled/timed-out
elicitation, short-circuits to
{ verdict: 'deny', … }before the host bridgeruns the action. Clients that do not advertise elicitation (e.g. Claude Code) are
unaffected — the server proceeds exactly as before. Uniform for
execute_action;peek does not classify destructive-vs-safe (the extension gate remains the
backstop). No new egress.
5c736d4: docs: the peek Chrome extension is now live on the Chrome Web Store.
Install guidance now leads with the Chrome Web Store listing
(https://chromewebstore.google.com/detail/peek/dmgpmkeneheenpdnfmpjjahnkknkaejb)
as the primary path, with "load unpacked from
packages/peek-extension/chrome-mv3/"demoted to a contributor/local-build fallback. The
@peekdev/extensionpackage'snpm status is unchanged — it remains
privateand is not published to npm; onlythe Chrome-Web-Store availability wording changed. Docs-only; no code change.
58b4b8c: peek: Level-3 banner-less delegated consent for connectors (SP3b)
When an elicitation-capable connector obtains a human's approval off-device
(SP3a), peek-mcp now attaches
consentDelegatedto the action request, and theextension service worker skips its Level-3 local banner for non-destructive
actions — dispatching banner-less and recording a distinct
connector-elicitapprover. Destructive actions still always force the local banner; the
dispatch-time TOCTOU re-check still applies; delegation never escalates below
Level 3; direct clients (e.g. Claude Code) are unaffected. No new egress.
7718713: Positioning reframe: lead every surface with the read-path forensic story —
"debug what already happened in your real browser." Rewrites the MCP server
instructions + entry-tool descriptions, the package READMEs and descriptions,
and the extension's tagline around forensic read access (sessions you already
lived: DOM history, console/network errors, the action before an error) with
the Playwright repro as the payoff. No API, schema, or behavior change.
475c640: Rename the Claude Code plugin
peek→peekdev(community-catalogde-confliction).
The bare plugin name
peekis already held in Anthropic'sclaude-communitymarketplace by an unrelated project (gopeek.ai), and catalog entry names are
globally unique — so our plugin can only be listed under a distinct name. The
plugin is renamed in
plugins/peek/.claude-plugin/plugin.jsonand the repomarketplace entry, and this package's README "Install as a Claude Code plugin"
command is updated to
/plugin install peekdev@peekto match. The MCP servername (
peek) and the tool namespace (mcp__peek__*) are unchanged; only theplugin's install/skill identity moves to
peekdev.@tracelane/report@0.1.0-alpha.21
Minor Changes
a10c445: Update the bundled rrweb-player to 2.0.1 (from 1.0.0-alpha.4).
rrweb-player 2.x changed its package
exportsmap — the olddist/index.jspath and
package.jsonare no longer resolvable — so the report's UMD inlinernow resolves the bare entry and reads the sibling
dist/rrweb-player.umd.min.cjs(which sets the
window.rrwebPlayerglobal, unlike the bare CJS entry). Theself-contained report still inlines the player UMD + CSS for fully offline
viewing; no API change.
Patch Changes
5c736d4: docs: README accuracy pass — peek act surface, CLI commands, and adapter options.
peek is no longer read-only in the docs:
@peekdev/clinow states peek readsrecorded sessions and, with explicit per-origin consent, drives the live
page; the MCP tool count is corrected to 16 (adds the live ref-tagged page view
alongside the act/handoff tools); and the
Commandsblock is rewritten to matchthe actual CLI —
peek audit log(with--since/--tool/--client/--json),peek sessions list/export/deleteflags, themarkdownexport default, and anote that
--format htmlis reserved/unimplemented.Adapter/engine accuracy:
@tracelane/wdiodocuments the real default-onsecurityoption and theconsolePluginOptionspass-through;@tracelane/clidocuments the shipped
tracelane indexsubcommand;@tracelane/coredrops theinvented "Q4 2026" Cypress ship date (Cypress is "on the roadmap"); and
@tracelane/reportdocuments the advisory security panel andbuildReport'soptional
optionsargument. Docs-only; no code change.Updated dependencies [5c736d4]
@tracelane/cli@0.1.0-alpha.14
Patch Changes
5c736d4: docs: README accuracy pass — peek act surface, CLI commands, and adapter options.
peek is no longer read-only in the docs:
@peekdev/clinow states peek readsrecorded sessions and, with explicit per-origin consent, drives the live
page; the MCP tool count is corrected to 16 (adds the live ref-tagged page view
alongside the act/handoff tools); and the
Commandsblock is rewritten to matchthe actual CLI —
peek audit log(with--since/--tool/--client/--json),peek sessions list/export/deleteflags, themarkdownexport default, and anote that
--format htmlis reserved/unimplemented.Adapter/engine accuracy:
@tracelane/wdiodocuments the real default-onsecurityoption and theconsolePluginOptionspass-through;@tracelane/clidocuments the shipped
tracelane indexsubcommand;@tracelane/coredrops theinvented "Q4 2026" Cypress ship date (Cypress is "on the roadmap"); and
@tracelane/reportdocuments the advisory security panel andbuildReport'soptional
optionsargument. Docs-only; no code change.@tracelane/core@0.1.0-alpha.18
Patch Changes
5c736d4: docs: README accuracy pass — peek act surface, CLI commands, and adapter options.
peek is no longer read-only in the docs:
@peekdev/clinow states peek readsrecorded sessions and, with explicit per-origin consent, drives the live
page; the MCP tool count is corrected to 16 (adds the live ref-tagged page view
alongside the act/handoff tools); and the
Commandsblock is rewritten to matchthe actual CLI —
peek audit log(with--since/--tool/--client/--json),peek sessions list/export/deleteflags, themarkdownexport default, and anote that
--format htmlis reserved/unimplemented.Adapter/engine accuracy:
@tracelane/wdiodocuments the real default-onsecurityoption and theconsolePluginOptionspass-through;@tracelane/clidocuments the shipped
tracelane indexsubcommand;@tracelane/coredrops theinvented "Q4 2026" Cypress ship date (Cypress is "on the roadmap"); and
@tracelane/reportdocuments the advisory security panel andbuildReport'soptional
optionsargument. Docs-only; no code change.@tracelane/playwright@0.1.0-alpha.9
Patch Changes
@tracelane/wdio@0.1.0-alpha.24
Patch Changes
5c736d4: docs: README accuracy pass — peek act surface, CLI commands, and adapter options.
peek is no longer read-only in the docs:
@peekdev/clinow states peek readsrecorded sessions and, with explicit per-origin consent, drives the live
page; the MCP tool count is corrected to 16 (adds the live ref-tagged page view
alongside the act/handoff tools); and the
Commandsblock is rewritten to matchthe actual CLI —
peek audit log(with--since/--tool/--client/--json),peek sessions list/export/deleteflags, themarkdownexport default, and anote that
--format htmlis reserved/unimplemented.Adapter/engine accuracy:
@tracelane/wdiodocuments the real default-onsecurityoption and theconsolePluginOptionspass-through;@tracelane/clidocuments the shipped
tracelane indexsubcommand;@tracelane/coredrops theinvented "Q4 2026" Cypress ship date (Cypress is "on the roadmap"); and
@tracelane/reportdocuments the advisory security panel andbuildReport'soptional
optionsargument. Docs-only; no code change.Updated dependencies [5c736d4]
Updated dependencies [a10c445]
@peekdev/extension@0.1.0-alpha.20
Minor Changes
34e270e: First-run trust + permission-level legibility: a one-time side-panel explainer
card, an inline "what do these levels mean?" legend, the trust level named in
each confirm prompt, an explicit warned opt-in for Level 4 (Auto), a persistent
"Auto-approve active" indicator with one-click turn-off, and a prominent
first-run setup nudge. "Always for this site" now graduates an origin to
Level 3 (act-with-confirm) instead of silently enabling Level 4 auto-execute.
No permission-model change, no new permissions, no new egress.
9ddf4d1: peek: richer live page-inspection in
get_element_detailget_element_detailnow returns a curated, masked computed-style bag, theaccessible description (resolved from
aria-describedby/aria-description),and effective
aria-hidden/aria-disabledinheritance flags — all Level-1read-tier, DOM-only (no CDP, no eval), and masked (in-page redaction for
.rr-mask/[data-private]regions plus service-worker-side masking of thedescription text and every
url()inbackground-image). Live console/networkstate remains available via the existing
get_session_console_errors/get_session_network_errorstools. Additive; no schema, permission, or toolchange.
31f6619: peek: heads-up before a destructive click during a page-scope handoff
When peek hands the whole page to you (a page-scope handoff for a CAPTCHA, final
review, or submit), the control shield now flashes a brief, non-blocking heads-up
the moment you're about to click a destructive-looking control (delete, pay,
transfer, cancel subscription, …). peek never stops the click — you're the actor
during a handoff — it just makes the moment visible. The cue is rendered inside
the shield's existing overlay (invisible to the recording) and matches the same
destructive terms peek already uses for its own actions.
12f0464: peek: terminal success/failure banner on the control shield
When an assisted-apply loop ends with set_intent(status:'done'|'failed'), the
control shield now shows a distinct terminal banner — a green "done" banner
that auto-dismisses after a few seconds, or a red "failed" banner that persists
until you act — so the outcome is legible at the place you're already watching.
The banner renders in the shield's existing closed overlay (invisible to the
recording). No new tool or permission.
Patch Changes
014d7ce: peek: connector pairing / attestation (SP4)
Connectors now pair with peek via a matching-code trust-dial handshake: the
service worker mints a secret, stores only its hash (chrome.storage.local), and
returns the plaintext once. The connector presents the secret on each action;
the SW verifies it, and the Level-3 banner-less delegated-consent path now
requires a verified paired connector — closing the forge-the-flag gap that a
bare consentDelegated flag left open. Destructive actions still force the local
banner; TOCTOU revalidation still applies; delegation never escalates below
Level 3; direct clients are unaffected. Pairings are revocable on the trust
dial. No new egress.
58b4b8c: peek: Level-3 banner-less delegated consent for connectors (SP3b)
When an elicitation-capable connector obtains a human's approval off-device
(SP3a), peek-mcp now attaches
consentDelegatedto the action request, and theextension service worker skips its Level-3 local banner for non-destructive
actions — dispatching banner-less and recording a distinct
connector-elicitapprover. Destructive actions still always force the local banner; the
dispatch-time TOCTOU re-check still applies; delegation never escalates below
Level 3; direct clients (e.g. Claude Code) are unaffected. No new egress.
7718713: Positioning reframe: lead every surface with the read-path forensic story —
"debug what already happened in your real browser." Rewrites the MCP server
instructions + entry-tool descriptions, the package READMEs and descriptions,
and the extension's tagline around forensic read access (sessions you already
lived: DOM history, console/network errors, the action before an error) with
the Playwright repro as the payoff. No API, schema, or behavior change.