feat: swap Playwright for Patchright + bot-detection utilities

Patchright (drop-in Playwright replacement) removes the Runtime.enable CDP
leak, Console.enable leak, and --enable-automation flag — the main signals
that authenticated sites like LinkedIn use to detect automation.

New utilities in @browserkit/core/adapter-utils:
- detectRateLimit(page): throws on /checkpoint URLs or rate-limit body text;
  wired into wrapToolCall so every tool call is protected
- dismissModals(page): closes blocking popups via ARIA-stable selectors
- scrollContainer(page, anchorSelector): finds nearest scrollable ancestor
  and scrolls it iteratively (correct fix for nested-scroll LinkedIn layouts)

LinkedIn adapter isLoggedIn now dismisses the "Remember Me / Stay signed in"
prompt that previously blocked all navigation after first login.

Made-with: Cursor

Author: jonzarecki

.cursor/hooks/state/continual-learning-index.json

@@ -3,19 +3,47 @@
   "transcripts": {
     "/Users/jzarecki/.cursor/projects/Users-jzarecki-Projects-session-mcp/agent-transcripts/7ff80e1e-d316-4cd1-9f0f-6dc4e044e981/7ff80e1e-d316-4cd1-9f0f-6dc4e044e981.jsonl": {
       "mtimeMs": 1774268759000,
-      "lastProcessedAt": "2026-03-23T16:45:00.000Z"
+      "lastProcessedAt": "2026-03-24T00:00:00.000Z"
     },
     "/Users/jzarecki/.cursor/projects/Users-jzarecki-Projects-session-mcp/agent-transcripts/abb7fe3a-e2fb-4d6a-96c9-af2132261e36/abb7fe3a-e2fb-4d6a-96c9-af2132261e36.jsonl": {
       "mtimeMs": 1774276015000,
-      "lastProcessedAt": "2026-03-23T16:45:00.000Z"
+      "lastProcessedAt": "2026-03-24T00:00:00.000Z"
     },
     "/Users/jzarecki/.cursor/projects/Users-jzarecki-Projects-session-mcp/agent-transcripts/48c31d0a-13ce-4e19-88ec-0225ad4494ad/48c31d0a-13ce-4e19-88ec-0225ad4494ad.jsonl": {
       "mtimeMs": 1774280028000,
-      "lastProcessedAt": "2026-03-23T16:45:00.000Z"
+      "lastProcessedAt": "2026-03-24T00:00:00.000Z"
     },
     "/Users/jzarecki/.cursor/projects/Users-jzarecki-Projects-session-mcp/agent-transcripts/4abb768d-dfd3-4278-8f22-5f3ccfb3a959/4abb768d-dfd3-4278-8f22-5f3ccfb3a959.jsonl": {
-      "mtimeMs": 1774280712000,
-      "lastProcessedAt": "2026-03-23T16:45:00.000Z"
+      "mtimeMs": 1774281374000,
+      "lastProcessedAt": "2026-03-24T00:00:00.000Z"
+    },
+    "/Users/jzarecki/.cursor/projects/Users-jzarecki-Projects-session-mcp/agent-transcripts/7110620f-271a-4db1-87b4-279c6adfcfb7/7110620f-271a-4db1-87b4-279c6adfcfb7.jsonl": {
+      "mtimeMs": 1774286264000,
+      "lastProcessedAt": "2026-03-24T00:00:00.000Z"
+    },
+    "/Users/jzarecki/.cursor/projects/Users-jzarecki-Projects-session-mcp/agent-transcripts/b82fce76-2196-4db3-9013-49280b49e97b/b82fce76-2196-4db3-9013-49280b49e97b.jsonl": {
+      "mtimeMs": 1774286078000,
+      "lastProcessedAt": "2026-03-24T00:00:00.000Z"
+    },
+    "/Users/jzarecki/.cursor/projects/Users-jzarecki-Projects-session-mcp/agent-transcripts/d7b149aa-4f29-4d71-9c3f-19e2c665da59/d7b149aa-4f29-4d71-9c3f-19e2c665da59.jsonl": {
+      "mtimeMs": 1774286530000,
+      "lastProcessedAt": "2026-03-24T00:00:00.000Z"
+    },
+    "/Users/jzarecki/.cursor/projects/Users-jzarecki-Projects-session-mcp/agent-transcripts/7b307ef7-47b9-4311-b527-3318ac9231d3/7b307ef7-47b9-4311-b527-3318ac9231d3.jsonl": {
+      "mtimeMs": 1774301611000,
+      "lastProcessedAt": "2026-03-24T00:00:00.000Z"
+    },
+    "/Users/jzarecki/.cursor/projects/Users-jzarecki-Projects-session-mcp/agent-transcripts/50512271-3552-41e1-88d4-9d4c141964c4/50512271-3552-41e1-88d4-9d4c141964c4.jsonl": {
+      "mtimeMs": 1774303070000,
+      "lastProcessedAt": "2026-03-24T00:00:00.000Z"
+    },
+    "/Users/jzarecki/.cursor/projects/Users-jzarecki-Projects-session-mcp/agent-transcripts/5e728ef6-2360-48b8-9a4d-e9f09b8932a6/5e728ef6-2360-48b8-9a4d-e9f09b8932a6.jsonl": {
+      "mtimeMs": 1774305471000,
+      "lastProcessedAt": "2026-03-24T00:00:00.000Z"
+    },
+    "/Users/jzarecki/.cursor/projects/Users-jzarecki-Projects-session-mcp/agent-transcripts/742cd137-f286-473f-b685-4441da6c55db/742cd137-f286-473f-b685-4441da6c55db.jsonl": {
+      "mtimeMs": 1774339903000,
+      "lastProcessedAt": "2026-03-24T00:00:00.000Z"
     }
   }
 }

.cursor/hooks/state/continual-learning.json

@@ -1,8 +1,8 @@
 {
   "version": 1,
-  "lastRunAtMs": 1774300358160,
-  "turnsSinceLastRun": 13,
-  "lastTranscriptMtimeMs": 1774300357852,
-  "lastProcessedGenerationId": "3172194f-8eaa-494f-9a93-a27a7216b2e6",
+  "lastRunAtMs": 1774339889907,
+  "turnsSinceLastRun": 1,
+  "lastTranscriptMtimeMs": 1774339889511,
+  "lastProcessedGenerationId": "09febc9d-9e78-4049-9955-4ff9b30f944d",
   "trialStartedAtMs": null
 }

AGENTS.md

@@ -5,10 +5,11 @@ Durable facts and correction patterns for this workspace. Updated by continual-l
 ## Project: browserkit
 
 - Project is named **browserkit** — decided and final. npm scope is `@browserkit`. GitHub org is `browserkit-dev` (`browserkit` org was taken on GitHub, available on npm).
-- GitHub repos: `browserkit-dev/browserkit` (framework — `@browserkit/core` + `@browserkit/core/testing`), `browserkit-dev/adapter-hackernews` (standalone adapter repo)
+- GitHub repos: `browserkit-dev/browserkit` (framework — `@browserkit/core` + `@browserkit/core/testing`), `browserkit-dev/adapter-hackernews` (standalone adapter repo), `browserkit-dev/adapter-google-discover` (private — not ready)
 - Language is TypeScript, not Python
 - MCP transport is HTTP (`StreamableHTTPServerTransport`), not stdio — preferred for multi-agent deployment
 - Each adapter gets its own HTTP port; each connecting MCP client gets its own `McpServer + StreamableHTTPServerTransport` pair (per-session factory inside the HTTP handler). Shared state (browser, lock, rate limiter) lives outside the McpServer.
+- All adapters share one daemon process — restarting the daemon to reload one adapter takes all adapters down. Use `browserkit reload <site>` to restart just one adapter's MCP server without stopping the daemon (browser session preserved).
 - Adapter packages are plain npm packages with no naming convention — config keys are npm package names, resolved via `require(key)`
 - Adapters live in external git repos as standalone packages; the monorepo's `adapter-linkedin` is a reference implementation only
 - No abstract base class for adapters — `SiteAdapter` is an interface, shared logic is standalone utility functions (composition over inheritance)
@@ -26,12 +27,15 @@ Durable facts and correction patterns for this workspace. Updated by continual-l
 
 ## Browser Control
 
-- Browser mode switching (`headless` / `watch` / `paused`), screenshot, page state, and navigate are MCP tools auto-registered on every adapter server — not CLI commands
+- Browser mode switching (`headless` / `watch` / `paused`), screenshot, page state, and navigate are consolidated into a single `browser` MCP tool with an `action` parameter — user explicitly asked to reduce tool count ("too many tools"); do NOT revert to 5 separate management tools
 - Management tools bypass the LockManager; regular automation tools go through it
 - "Raw" Playwright access means exposing the CDP WebSocket URL (`wsEndpoint()`) of each adapter's browser — external agents (Claude Code, Cursor) attach to the already-authenticated session and write their own Playwright scripts via shell
 - The Playwright skill pattern: AI writes a script to `/tmp`, executes it via shell — no `run(code)` MCP tool needed
 - MCP resources use `page://${site}/snapshot` (site name dynamic) — user pushed back when the URI appeared to hardcode the adapter name
 - Testing utilities (`createTestAdapterServer`, `createTestMcpClient`) live at `@browserkit/core/testing` subpath — a separate harness package was explicitly rejected ("I don't think we need it, it should be in either adapter or in core")
+- Real Chrome (`channel: "chrome"`) is required for Google-based adapters — Playwright's bundled Chromium is blocked by Google's login with "This browser or app may not be secure". `isLoggedIn` must NOT navigate during login polling or it redirects the user away from the sign-in page.
+- Google Discover has NO infinite scroll in automated browser contexts — confirmed with Pixel 5, Pixel 7, both headless and watch mode, both `window.scrollBy` and `mouse.wheel`. ~10 articles is the practical ceiling per call. Do NOT mention this limitation in marketing content.
+- Patchright (drop-in Playwright replacement) is the next step for LinkedIn adapter — removes `Runtime.enable` CDP leak and other automation signals that authenticated sites detect. `channel: "chrome"` already covers some of the same ground for Google.
 
 ## Design Process Preferences
 
@@ -45,3 +49,6 @@ Durable facts and correction patterns for this workspace. Updated by continual-l
 - Bugs found during testing should be fixed inline ("fix issues on the go"), not deferred to a follow-up task
 - Adapter developers should minimize visible dependency on the framework — adapters should feel like standalone npm packages, not framework plugins
 - Documentation for AI agents building adapters is a first-class concern — README must include the full `SiteAdapter` interface, testing pattern (`@browserkit/core/testing`), and a link to the HN adapter as a reference
+- Cursor uses `.cursor/mcp.json` for project-level MCP config; `.mcp.json` is the Claude Code format — these are different files serving different tools
+- E2E install tests are wanted: spin up a clean environment, install core + HN adapter, verify tools work, install Google Discover adapter, verify it starts but returns auth error (no login)
+- Squash CI fix commits to keep git history clean — user noticed multiple "fix CI" commits and asked to squash

packages/core/package.json

@@ -24,12 +24,12 @@
     "test": "vitest run",
     "test:watch": "vitest",
     "lint": "tsc --noEmit",
-    "postinstall": "playwright install chromium --with-deps || true"
+    "postinstall": "patchright install chromium --with-deps || true"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.10.2",
     "pino": "^9.6.0",
-    "playwright": "^1.51.1",
+    "patchright": "^1.51.1",
     "zod": "^3.24.2"
   },
   "devDependencies": {

packages/core/src/adapter-server.ts

@@ -3,7 +3,7 @@ import crypto from "node:crypto";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { z } from "zod";
-import type { Page } from "playwright";
+import type { Page } from "patchright";
 import type {
   SiteAdapter,
   AdapterConfig,
@@ -15,7 +15,7 @@ import { SessionManager } from "./session-manager.js";
 import { LockManager } from "./lock-manager.js";
 import { RateLimiter } from "./rate-limiter.js";
 import { buildHandoffResult, handleAuthFailure, isBackgroundLoginInProgress } from "./human-handoff.js";
-import { screenshotOnError, screenshotToContent } from "./adapter-utils.js";
+import { screenshotOnError, screenshotToContent, detectRateLimit } from "./adapter-utils.js";
 import { getLogger } from "./logger.js";
 
 const log = getLogger("adapter-server");
@@ -97,6 +97,9 @@ export async function createAdapterServer(
       let result: ToolResult;
       try {
         result = await tool.handler(page, input);
+        // Check for rate limiting after each tool call — throws if detected,
+        // which propagates to the outer catch and returns isError:true
+        await detectRateLimit(page);
       } catch (err) {
         log.error({ site, tool: toolName, err }, "tool handler error");
         const screenshotContent = await screenshotToContent(page).catch(() => null);

packages/core/src/adapter-utils.ts

@@ -1,6 +1,6 @@
 import fs from "node:fs";
 import path from "node:path";
-import type { Page, Locator } from "playwright";
+import type { Page, Locator } from "patchright";
 import type { SelectorReport, ToolContent } from "./types.js";
 
 /**
@@ -139,3 +139,147 @@ export async function screenshotOnError(
 function sleep(ms: number): Promise<void> {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
+
+/**
+ * Detect rate limiting or security challenges after a navigation.
+ *
+ * Modeled on stickerdaniel/linkedin-mcp-server's approach:
+ *   1. URL-based check: /checkpoint or authwall in the URL = security challenge
+ *   2. Content-based check: only runs on error-shaped pages (no <main> element,
+ *      body text < 2000 chars). Guards against false positives on real content pages
+ *      that incidentally contain phrases like "slow down".
+ *
+ * Throws an Error if rate limiting is detected — the caller (wrapToolCall) will
+ * catch this and return isError:true so the AI knows to wait before retrying.
+ */
+export async function detectRateLimit(page: Page): Promise<void> {
+  const url = page.url();
+
+  // URL-based: security checkpoints always redirect to known paths
+  if (url.includes("/checkpoint") || url.includes("authwall")) {
+    throw new Error(
+      `Rate limit or security challenge detected at: ${url}. ` +
+      "Wait a few minutes before retrying. If this persists, run `browserkit login <site>` to re-authenticate."
+    );
+  }
+
+  // Content-based: only run on error-shaped pages (minimal, no <main>)
+  try {
+    const hasMain = await page.locator("main").count() > 0;
+    if (hasMain) return; // real content page — skip heuristic
+
+    const bodyText = await page.locator("body").innerText({ timeout: 1000 }).catch(() => "");
+    if (bodyText && bodyText.length < 2_000) {
+      const lower = bodyText.toLowerCase();
+      const rateLimitPhrases = ["too many requests", "rate limit", "slow down", "try again later"];
+      if (rateLimitPhrases.some((p) => lower.includes(p))) {
+        throw new Error(
+          `Rate limit message detected on page (${url}). ` +
+          "Wait before retrying."
+        );
+      }
+    }
+  } catch (err) {
+    // Re-throw rate limit errors; swallow page read errors
+    if (err instanceof Error && err.message.includes("Rate limit")) throw err;
+  }
+}
+
+/**
+ * Dismiss popup modals that may be blocking content.
+ *
+ * Tries a set of ARIA-stable selectors in order. Returns true if a modal
+ * was dismissed, false if nothing was found. Failures are silently swallowed.
+ *
+ * The artdeco selector is LinkedIn-specific but harmless on other sites.
+ */
+export async function dismissModals(page: Page): Promise<boolean> {
+  const dismissSelectors = [
+    'button[aria-label="Dismiss"]',
+    'button[aria-label="Close"]',
+    'button[aria-label="Dismiss dialog"]',
+    "button.artdeco-modal__dismiss",
+  ];
+
+  for (const selector of dismissSelectors) {
+    try {
+      const btn = page.locator(selector).first();
+      if (await btn.isVisible({ timeout: 800 })) {
+        await btn.click();
+        await sleep(400);
+        return true;
+      }
+    } catch {
+      // try next selector
+    }
+  }
+  return false;
+}
+
+/**
+ * Scroll the nearest scrollable ancestor of `anchorSelector` until no new
+ * content loads or `maxScrolls` is reached.
+ *
+ * This is the correct approach for sites with nested scrollable containers
+ * (LinkedIn job sidebar, LinkedIn feed, etc.) where `window.scrollBy` has
+ * no effect because the scrollable element is not the window.
+ *
+ * @param anchorSelector  CSS selector for any element inside the container
+ * @param options.pauseMs  ms to wait between scrolls (default: 1000)
+ * @param options.maxScrolls  maximum number of scroll attempts (default: 10)
+ * @returns number of scrolls performed (-1 if no scrollable container found)
+ */
+export async function scrollContainer(
+  page: Page,
+  anchorSelector: string,
+  options: { pauseMs?: number; maxScrolls?: number } = {}
+): Promise<number> {
+  const { pauseMs = 1000, maxScrolls = 10 } = options;
+
+  const scrollCount = await page.evaluate(
+    ({ sel, pauseTime, maxScrolls: max }) => {
+      // Find the anchor element, then walk up to the first scrollable ancestor
+      const anchor = document.querySelector(sel);
+      if (!anchor) return -1;
+
+      let container: Element | null = anchor.parentElement;
+      while (container && container !== document.body) {
+        const style = window.getComputedStyle(container);
+        const overflowY = style.overflowY;
+        if (
+          (overflowY === "auto" || overflowY === "scroll") &&
+          container.scrollHeight > container.clientHeight
+        ) {
+          break;
+        }
+        container = container.parentElement;
+      }
+
+      if (!container || container === document.body) return -1;
+
+      // Scroll iteratively until content stops growing
+      let count = 0;
+      const scroll = (): Promise<number> =>
+        new Promise((resolve) => {
+          let i = 0;
+          const step = () => {
+            if (i >= max) { resolve(count); return; }
+            const prev = container!.scrollHeight;
+            container!.scrollTop = container!.scrollHeight;
+            setTimeout(() => {
+              if (container!.scrollHeight === prev) { resolve(count); return; }
+              count++;
+              i++;
+              step();
+            }, pauseTime);
+          };
+          step();
+        });
+
+      return scroll();
+    },
+    { sel: anchorSelector, pauseTime: pauseMs, maxScrolls }
+  );
+
+  return scrollCount;
+}

packages/core/src/create-adapter.ts

@@ -155,7 +155,7 @@ function indexTs(name: string): string {
   const loginUrl = `https://www.${domain}/login`;
   return `import { defineAdapter } from "@browserkit/core";
 import { z } from "zod";
-import type { Page } from "playwright";
+import type { Page } from "patchright";
 import { SELECTORS } from "./selectors.js";
 
 export default defineAdapter({

packages/core/src/human-handoff.ts

@@ -1,7 +1,7 @@
 import os from "node:os";
 import path from "node:path";
 import fs from "node:fs";
-import { chromium } from "playwright";
+import { chromium } from "patchright";
 import type { HandoffResult, SiteAdapter, ToolResult } from "./types.js";
 import type { SessionManager } from "./session-manager.js";
 import type { SessionConfig } from "./types.js";

packages/core/src/index.ts

@@ -35,6 +35,9 @@ export {
   extractByRole,
   screenshotToContent,
   screenshotOnError,
+  detectRateLimit,
+  dismissModals,
+  scrollContainer,
 } from "./adapter-utils.js";
 
 // ─── Observability ────────────────────────────────────────────────────────────

packages/core/src/observability.ts

@@ -1,6 +1,6 @@
 import fs from "node:fs";
 import path from "node:path";
-import type { BrowserContext, Page } from "playwright";
+import type { BrowserContext, Page } from "patchright";
 import { getLogger } from "./logger.js";
 
 const log = getLogger("observability");