What's new in peek since launch
Since launch, peek has grown from a read-only session-forensics MCP into a supervised, auditable, portable forensics tool for AI coding agents — still local-first, still “debug what already happened in your real browser.” This is the honest account of what changed, grouped by what it lets your agent do.
peek is pre-1.0 alpha and side-project–maintained (Apache 2.0).
Everything below ships today on npm
(@peekdev/mcp,
@peekdev/cli)
and the
Chrome Web Store extension.
Each section links to a recipe that shows it end to end.
TypeError) is read from a real local recording, not a re-run.
1. Deeper forensic reads
The read path got more useful to an agent reasoning about a failure:
-
get_user_action_before_errornow returns a pre-assembled causal chain — the user actions, DOM mutations, and network/console errors in the window before an error, merged into one time-ordered timeline with a deterministic narrative, so the agent reasons over “action → DOM change → failed request → error” instead of stitching three queries together. -
query_dom_historygained a selector-free window mode: pass a timestamp (and optional window) to get every DOM change around a moment, no selector needed. -
get_element_detailnow returns a curated computed-style bag, the accessible description, and effectivearia-hidden/aria-disabledinheritance — enough to reason about why an element looked or behaved the way it did.
See it: See the causal chain that led to an error.
2. Repros that lock the regression
generate_playwright_repro got harder to break and easier to
trust. It now emits resilient semantic locators
(getByRole / getByTestId / getByPlaceholder /
getByText, each uniqueness-checked against the snapshot, with a
CSS-selector fallback) instead of brittle deep selectors, and it can seed a
console-error-absence assertion — so the generated
spec doesn’t just replay the steps, it fails if the original
error comes back. The agent can re-run it to verify its own fix actually
worked.
See it: Generate a Playwright repro from a real browser session.
3. Visible, revocable supervision
When you let the agent act on the page (the opt-in write path), the oversight is now first-class and on-screen:
- A Level-4 control shield — an overlay that makes it obvious peek is driving, with a one-click Stop and an Esc kill-switch that hard-drops the origin back to read-only.
- A first-run trust experience: the permission levels are named and explained, and a persistent indicator shows when “auto-approve” is active so it can never be on without your knowing.
- An apply-and-re-verify convention: after a step, the agent re-reads the page to confirm the change took (and that no error appeared) before advancing — with a terminal success/failure banner and a non-blocking heads-up when you’re about to click something destructive during a hand-back.
See it: Assisted apply, with supervision.
4. Tamper-evident, and portable
Sessions and the actions taken on them became governable and shareable — without a cloud:
-
The action audit log (
~/.peek/audit.log) is now a hash chain: each entry is linked to the one before it, sopeek audit verifycan detect any edit, reorder, or truncation after the fact. -
A
*.peekbundleexport/import packages a session (with an integrity manifest) so a teammate can replay your repro on their machine — no environment spin-up, no account. - An explicit retention policy bounds the local store — it never deletes silently; you set the rules.
See it: Reproduce a bug from a teammate’s peek session.
5. Find sessions and verify integrity from the CLI
Two CLI additions make the local store easier to triage and audit:
-
peek sessions searchlets your agent (or you) filter sessions by text (--q), origin, time window (--since/--until), status, and error type (--errors console|network|any) — narrowing thousands of recorded sessions down to the one that matters, without opening a viewer. Thesearch_sessionsMCP tool exposes the same facets to agents directly. -
peek audit verifyrecomputes the hash chain of the action audit log and exits non-zero on any gap, reorder, edit, or truncation. Theverify_audit_logMCP tool exposes the same check so an agent can assert chain integrity as part of a workflow. -
peek audit bundle/peek audit verify(the bundle variant) packages the audit log alongside a session export so a recipient can verify the chain independently.
6. Delegated connectors — supervised background daemons
peek connect is a supervised connector daemon: register a
surface (currently Slack), run it once interactively to
capture tokens, then peek connect start spawns a detached
supervisor that keeps each connector alive and auto-restarts it on exit.
Per-connector logs stream to ~/.peek/connect/logs/; the
supervisor PID and each connector’s state are visible via
peek connect status. Connectors extend peek’s reach
beyond the browser — a Slack connector turns channel messages into
queryable local sessions the same way the extension turns browser activity
into sessions.
7. Claude Code plugin
peek is now a one-line Claude Code plugin install:
/plugin install peekdev@peek
This drops the peek MCP server and the Claude Code skill into place in a
single command — no peek init required for MCP
configuration. The plugin is hosted in the
public repo
and installable via the community catalog
(/plugin marketplace add Cubenest/rrweb-stack).
The honest part
peek is local-first: peek uploads nothing — what your MCP
client does with the data is up to you. That last clause matters:
anything your agent reads from a session becomes context for whatever model
your MCP client is using. And while peek masks passwords, PII-class values,
and fields you mark private at capture time, the underlying rrweb
full-page snapshots can still contain non-password free-text values that
were on screen — so treat a recording, and a *.peekbundle
you share, as you would the page itself. The read tools are non-mutating;
the write tools require explicit per-origin consent.
Something out of date or inaccurate? Open a PR on this page — the goal is accuracy, not advocacy.