Agent-driven Chrome extension for full browser control via CLI
Created 2026-03-18 and already at v0.12.0 as of 2026-05-08 — roughly 7 weeks old with 12+ incremental releases, indicating rapid but deliberate iteration. Pre-1.0 versioning is an honest signal that the team considers this beta. The dual-installer model (Browser-only vs Full with macOS bridge) reflects intentional API surface thinking rather than ad-hoc growth. Only 3 open issues against a project of this complexity suggests active triage, though the short history means edge cases are still surfacing. Not abandoned — opposite problem: too young to have been stress-tested.
The README punches well above its project age. It includes: a side-by-side comparison table against Playwright, Puppeteer, and CDP-first tooling (with specific capability rows); dual-installer selection logic; step-by-step install with exact filesystem destinations; a quick-start command block; a live demo walkthrough link; and a linked ARCHITECTURE.md. The interceptor status verification step, uninstall script path, and --bridge-only downgrade flag are hallmarks of production-grade documentation. This is the strongest dimension of the project.
Multi-language: Swift for the macOS accessibility bridge daemon, TypeScript/Bun for the CLI and Chrome extension. The package.json is disciplined — single runtime dependency (html-to-image), with @types/chrome, happy-dom, and ocrad.js confined to devDependencies. Three separate tsconfigs (host, extension, root) signals intentional build separation. However, no test script appears in the manifest and no CI or test infrastructure is mentioned in the README, which is a meaningful gap for a tool that dispatches synthetic browser events. The license is a material flag: GitHub reports NOASSERTION while package.json declares Elastic-2.0 — a source-available license that restricts commercial use and SaaS wrapping. Anyone integrating this into a production PAI stack should audit this conflict carefully.
Last commit 2026-05-08 — 4 days before appraisal. v0.12.0 released the same day. Continuous release cadence across a 7-week lifespan with minimal open issue accumulation. Someone is actively home: the issue queue is almost clear, and releases align with commits rather than lagging behind them.
225 stars and 21 forks in ~7 weeks is a healthy early signal, plausibly amplified by the Hacker Valley Media podcast audience. No downstream dependents are visible yet. The macOS-only constraint (both the Browser pkg requiring macOS 11+ and the Full pkg requiring macOS 14+) hard-caps the addressable developer base. Star velocity is encouraging but too early to extrapolate a sustained trajectory.
Overall: 3.7/5
Category: AI Agent Browser Control
Known alternatives in vault: None — no browser automation or agent browser-control tool currently exists in the vault. VoltAgent--voltagent (AI Agent Engineering, 4.4/5) is the closest adjacent entry but operates as an orchestration framework rather than a browser actuator.
Differentiation: Interceptor's core differentiator is operating inside the user's existing browser profile — preserving cookies, sessions, authenticated state, and tabs — rather than spinning up a separate CDP-controlled browser. The comparison table in the README is technically specific: passive network capture via standard Web APIs only, synthetic isTrusted event injection via userActivation override, canvas-editor support without OS-level input, and native client-side export interception via URL.createObjectURL patching. The extension of the same CLI to native macOS apps via a Swift accessibility bridge is unusual — most browser automation tools treat the OS boundary as out of scope. The record-and-replay capability (real human sessions → reusable agent plans) further distinguishes it from pure automation stacks.
Gap or crowd: Clear gap. No browser automation or agent-browser-control category exists in the vault. This is the first entrant.
Score: 4/5
Harvestable: The native messaging bridge architecture (Swift daemon ↔ Chrome extension ↔ CLI) is a reusable pattern for any PAI skill that needs to straddle the browser/OS boundary. The CLI output format (structured tree + diff on each action) is a clean model for how actuator tools should report state back to an orchestrator. The record-and-replay approach — capturing a live human session and exporting a reusable plan — is directly applicable to PAI workflow bootstrapping.
Integration path: Interceptor's CLI is the natural integration seam. A PAI skill wrapper can invoke interceptor open, interceptor act, and interceptor inspect as subprocess calls, parse the structured tree output, and pass observations back to an LLM reasoning loop. The interceptor macos surface extends the same pattern to native app control. No MCP or API key dependency means integration overhead is minimal at the protocol layer.
Overlap with existing: VoltAgent--voltagent overlaps loosely in the agent-engineering space but is an orchestration framework, not a browser actuator — they are complementary rather than redundant. No other vault repo touches browser automation or OS-level agent control.
Adoption cost: Moderate. Binary install is straightforward, and the CLI is immediately invocable. Building a robust PAI skill layer around it requires handling: process lifecycle for the daemon and native messaging host, error state recovery when the extension loses connection, session context management across multi-step agent runs, and TCC permission bootstrapping for the Full pkg on fresh machines. The Elastic-2.0 license also warrants legal review before embedding in any commercially adjacent PAI deployment.
The license ambiguity (GitHub: NOASSERTION vs package.json: Elastic-2.0) is the single most important unresolved question before committing to this tool in any PAI stack. Elastic-2.0 prohibits offering Interceptor's functionality as a managed service and restricts certain competitive uses — verify current terms before building production workflows on top of it. The macOS-only constraint is a real ceiling; this is not a cross-platform browser automation solution. That said, for a macOS-first PAI system that wants authenticated-session browser control without a separate CDP browser, Interceptor fills a genuine capability gap with unusually good documentation for its age. Monitor the v1.0 milestone and license clarification as the two gating conditions for deeper investment.