chore: roll 1.59.0-alpha-1774622285000

2026-03-28 14:23:09 +00:00 · 2026-03-27 17:57:48 -07:00
parent 9521308275
commit fd1ef543cb
5 changed files with 76 additions and 62 deletions
--- a/README.md
+++ b/README.md
@@ -390,7 +390,7 @@ Playwright MCP server supports following arguments. They can be provided in the
 | --save-session | Whether to save the Playwright MCP session into the output directory.<br>*env* `PLAYWRIGHT_MCP_SAVE_SESSION` |
 | --secrets <path> | path to a file containing secrets in the dotenv format<br>*env* `PLAYWRIGHT_MCP_SECRETS` |
 | --shared-browser-context | reuse the same browser context between all connected HTTP clients.<br>*env* `PLAYWRIGHT_MCP_SHARED_BROWSER_CONTEXT` |
-| --snapshot-mode <mode> | when taking snapshots for responses, specifies the mode to use. Can be "incremental", "full", or "none". Default is incremental.<br>*env* `PLAYWRIGHT_MCP_SNAPSHOT_MODE` |
+| --snapshot-mode <mode> | when taking snapshots for responses, specifies the mode to use. Can be "full" or "none". Default is "full".<br>*env* `PLAYWRIGHT_MCP_SNAPSHOT_MODE` |
 | --storage-state <path> | path to the storage state file for isolated sessions.<br>*env* `PLAYWRIGHT_MCP_STORAGE_STATE` |
 | --test-id-attribute <attribute> | specify the attribute to use for test ids, defaults to "data-testid"<br>*env* `PLAYWRIGHT_MCP_TEST_ID_ATTRIBUTE` |
 | --timeout-action <timeout> | specify action timeout in milliseconds, defaults to 5000ms<br>*env* `PLAYWRIGHT_MCP_TIMEOUT_ACTION` |
@@ -604,9 +604,9 @@ npx @playwright/mcp@latest --config path/to/config.json
  sharedBrowserContext?: boolean;

  /**
-   * Secrets are used to prevent LLM from getting sensitive data while
-   * automating scenarios such as authentication.
-   * Prefer the browser.contextOptions.storageState over secrets file as a more secure alternative.
+   * Secrets are used to replace matching plain text in the tool responses to prevent the LLM
+   * from accidentally getting sensitive data. It is a convenience and not a security feature,
+   * make sure to always examine information coming in and from the tool on the client.
   */
  secrets?: Record<string, string>;

@@ -615,11 +615,6 @@ npx @playwright/mcp@latest --config path/to/config.json
   */
  outputDir?: string;

-  /**
-   * Whether to save snapshots, console messages, network logs and other session logs to a file or to the standard output. Defaults to "stdout".
-   */
-  outputMode?: 'file' | 'stdout';
-
  console?: {
    /**
     * The level of console messages to return. Each level includes the messages of more severe levels. Defaults to "info".
@@ -678,12 +673,14 @@ npx @playwright/mcp@latest --config path/to/config.json
    /**
     * When taking snapshots for responses, specifies the mode to use.
     */
-    mode?: 'incremental' | 'full' | 'none';
+    mode?: 'full' | 'none';
  };

  /**
-   * Whether to allow file uploads from anywhere on the file system.
-   * By default (false), file uploads are restricted to paths within the MCP roots only.
+   * allowUnrestrictedFileAccess acts as a guardrail to prevent the LLM from accidentally
+   * wandering outside its intended workspace. It is a convenience defense to catch unintended
+   * file access, not a secure boundary; a deliberate attempt to reach other directories can be
+   * easily worked around, so always rely on client-level permissions for true security.
   */
  allowUnrestrictedFileAccess?: boolean;

@@ -845,6 +842,7 @@ http.createServer(async (req, res) => {
    - `element` (string, optional): Human-readable element description used to obtain permission to interact with the element
    - `ref` (string, optional): Exact target element reference from the page snapshot
    - `selector` (string, optional): CSS or role selector for the target element, when "ref" is not available.
+    - `filename` (string, optional): Filename to save the result to. If not provided, result is returned as text.
  - Read-only: **false**

 <!-- NOTE: This has been generated via update-readme.js -->
@@ -909,7 +907,10 @@ http.createServer(async (req, res) => {
  - Title: List network requests
  - Description: Returns all network requests since loading the page
  - Parameters:
-    - `includeStatic` (boolean): Whether to include successful static resources like images, fonts, scripts, etc. Defaults to false.
+    - `static` (boolean): Whether to include successful static resources like images, fonts, scripts, etc. Defaults to false.
+    - `requestBody` (boolean): Whether to include request body. Defaults to false.
+    - `requestHeaders` (boolean): Whether to include request headers. Defaults to false.
+    - `filter` (string, optional): Only return requests whose URL matches this regexp (e.g. "/api/.*user").
    - `filename` (string, optional): Filename to save the network requests to. If not provided, requests are returned as text.
  - Read-only: **true**

@@ -938,7 +939,8 @@ http.createServer(async (req, res) => {
  - Title: Run Playwright code
  - Description: Run Playwright code snippet
  - Parameters:
-    - `code` (string): A JavaScript function containing Playwright code to execute. It will be invoked with a single argument, page, which you can use for any page interaction. For example: `async (page) => { await page.getByRole('button', { name: 'Submit' }).click(); return await page.title(); }`
+    - `code` (string, optional): A JavaScript function containing Playwright code to execute. It will be invoked with a single argument, page, which you can use for any page interaction. For example: `async (page) => { await page.getByRole('button', { name: 'Submit' }).click(); return await page.title(); }`
+    - `filename` (string, optional): Load code from the specified file. If both code and filename are provided, code will be ignored.
  - Read-only: **false**

 <!-- NOTE: This has been generated via update-readme.js -->
@@ -961,6 +963,7 @@ http.createServer(async (req, res) => {
  - Parameters:
    - `filename` (string, optional): Save snapshot to markdown file instead of returning it in the response.
    - `selector` (string, optional): Element selector of the root element to capture a partial snapshot instead of the whole page
+    - `depth` (number, optional): Limit the depth of the snapshot tree
  - Read-only: **true**

 <!-- NOTE: This has been generated via update-readme.js -->
@@ -1250,6 +1253,16 @@ http.createServer(async (req, res) => {

 <!-- NOTE: This has been generated via update-readme.js -->

+- **browser_resume**
+  - Title: Resume paused script execution
+  - Description: Resume script execution after it was paused. When called with step set to true, execution will pause again before the next action.
+  - Parameters:
+    - `step` (boolean, optional): When true, execution will pause again before the next action, allowing step-by-step debugging.
+    - `location` (string, optional): Pause execution at a specific <file>:<line>, e.g. "example.spec.ts:42".
+  - Read-only: **false**
+
+<!-- NOTE: This has been generated via update-readme.js -->
+
 - **browser_start_tracing**
  - Title: Start tracing
  - Description: Start trace recording
@@ -1282,6 +1295,17 @@ http.createServer(async (req, res) => {
    - `filename` (string, optional): Filename to save the video
  - Read-only: **true**

+<!-- NOTE: This has been generated via update-readme.js -->
+
+- **browser_video_chapter**
+  - Title: Video chapter
+  - Description: Add a chapter marker to the video recording. Shows a full-screen chapter card with blurred backdrop.
+  - Parameters:
+    - `title` (string): Chapter title
+    - `description` (string, optional): Chapter description
+    - `duration` (number, optional): Duration in milliseconds to show the chapter card
+  - Read-only: **true**
+
 </details>

 <details>
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,7 +13,7 @@
      ],
      "devDependencies": {
        "@modelcontextprotocol/sdk": "^1.25.2",
-        "@playwright/test": "1.59.0-alpha-1773608981000",
+        "@playwright/test": "1.59.0-alpha-1774656214000",
        "@types/node": "^24.3.0"
      }
    },
@@ -854,13 +854,12 @@
      "link": true
    },
    "node_modules/@playwright/test": {
-      "version": "1.59.0-alpha-1773608981000",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.59.0-alpha-1773608981000.tgz",
-      "integrity": "sha512-px+GAf8KIaMcPsCUPG3+xqPRSIPHgnizH7ygUjo6OXT1AigXTNCsIIVrPY3C5GjouM2MI4CQOkIKcSEjO84ZTg==",
+      "version": "1.59.0-alpha-1774656214000",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.59.0-alpha-1774656214000.tgz",
+      "integrity": "sha512-1BmlLuGD6XAOLv98iCtgbvjRWdVjOdEh2fnDjWqHiD9ygnNXupsJZzkDVOfXSlaoZQoO26kcOfV03qbaUWua/A==",
      "dev": true,
-      "license": "Apache-2.0",
      "dependencies": {
-        "playwright": "1.59.0-alpha-1773608981000"
+        "playwright": "1.59.0-alpha-1774656214000"
      },
      "bin": {
        "playwright": "cli.js"
@@ -2585,11 +2584,10 @@
      }
    },
    "node_modules/path-to-regexp": {
-      "version": "8.3.0",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz",
-      "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==",
+      "version": "8.4.0",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.0.tgz",
+      "integrity": "sha512-PuseHIvAnz3bjrM2rGJtSgo1zjgxapTLZ7x2pjhzWwlp4SJQgK3f3iZIQwkpEnBaKz6seKBADpM4B4ySkuYypg==",
      "dev": true,
-      "license": "MIT",
      "funding": {
        "type": "opencollective",
        "url": "https://opencollective.com/express"
@@ -2603,11 +2601,10 @@
      "license": "ISC"
    },
    "node_modules/picomatch": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+      "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
      "dev": true,
-      "license": "MIT",
      "engines": {
        "node": ">=8.6"
      },
@@ -2626,12 +2623,11 @@
      }
    },
    "node_modules/playwright": {
-      "version": "1.59.0-alpha-1773608981000",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.59.0-alpha-1773608981000.tgz",
-      "integrity": "sha512-nb+BzawNj48eH6NdxecsysLuhCAB/p18FG7LLJp3MBfRGUkCAFtax0CFo/BhD+r0V4+0EW7llPK0p4cJQEIwUQ==",
-      "license": "Apache-2.0",
+      "version": "1.59.0-alpha-1774656214000",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.59.0-alpha-1774656214000.tgz",
+      "integrity": "sha512-aIR09o0T9Y/LpCcBaEE6tldqNI8wrbxuZYH8uruD8kJx/5GtwyA6LxPujy2n8pOQUOmHpySDGBQYFWfhCbD/uA==",
      "dependencies": {
-        "playwright-core": "1.59.0-alpha-1773608981000"
+        "playwright-core": "1.59.0-alpha-1774656214000"
      },
      "bin": {
        "playwright": "cli.js"
@@ -2648,10 +2644,9 @@
      "link": true
    },
    "node_modules/playwright-core": {
-      "version": "1.59.0-alpha-1773608981000",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.59.0-alpha-1773608981000.tgz",
-      "integrity": "sha512-w6E5Q0Wleek3Wp7gtlSPGXuKeQ5eg6QPPJNNwgMHQRpkxgqOwgN2mX7x6Z52HJE10HFC88U5HQzOLMbag928Lg==",
-      "license": "Apache-2.0",
+      "version": "1.59.0-alpha-1774656214000",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.59.0-alpha-1774656214000.tgz",
+      "integrity": "sha512-pFMQqZDbTSvKntHMh4ZF+iB7jAm5c0nyM5t7rX6tSa7wQdZiswJrFBN+hKmMq338+y6iSJhT61vxuYxORakivA==",
      "bin": {
        "playwright-core": "cli.js"
      },
@@ -3102,11 +3097,10 @@
      }
    },
    "node_modules/tinyglobby/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
      "dev": true,
-      "license": "MIT",
      "engines": {
        "node": ">=12"
      },
@@ -3356,11 +3350,10 @@
      }
    },
    "node_modules/vite/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
      "dev": true,
-      "license": "MIT",
      "engines": {
        "node": ">=12"
      },
@@ -3448,8 +3441,8 @@
      "version": "0.0.68",
      "license": "Apache-2.0",
      "dependencies": {
-        "playwright": "1.59.0-alpha-1773608981000",
-        "playwright-core": "1.59.0-alpha-1773608981000"
+        "playwright": "1.59.0-alpha-1774656214000",
+        "playwright-core": "1.59.0-alpha-1774656214000"
      },
      "bin": {
        "playwright-mcp": "cli.js"
--- a/package.json
+++ b/package.json
@@ -26,7 +26,7 @@
  ],
  "devDependencies": {
    "@modelcontextprotocol/sdk": "^1.25.2",
-    "@playwright/test": "1.59.0-alpha-1773608981000",
+    "@playwright/test": "1.59.0-alpha-1774656214000",
    "@types/node": "^24.3.0"
  }
 }
--- a/packages/playwright-mcp/config.d.ts
+++ b/packages/playwright-mcp/config.d.ts
@@ -14,7 +14,7 @@
 * limitations under the License.
 */

-import type * as playwright from 'playwright';
+import type * as playwright from '../../..';

 export type ToolCapability =
  'config' |
@@ -143,9 +143,9 @@ export type Config = {
  sharedBrowserContext?: boolean;

  /**
-   * Secrets are used to prevent LLM from getting sensitive data while
-   * automating scenarios such as authentication.
-   * Prefer the browser.contextOptions.storageState over secrets file as a more secure alternative.
+   * Secrets are used to replace matching plain text in the tool responses to prevent the LLM
+   * from accidentally getting sensitive data. It is a convenience and not a security feature,
+   * make sure to always examine information coming in and from the tool on the client.
   */
  secrets?: Record<string, string>;

@@ -154,11 +154,6 @@ export type Config = {
   */
  outputDir?: string;

-  /**
-   * Whether to save snapshots, console messages, network logs and other session logs to a file or to the standard output. Defaults to "stdout".
-   */
-  outputMode?: 'file' | 'stdout';
-
  console?: {
    /**
     * The level of console messages to return. Each level includes the messages of more severe levels. Defaults to "info".
@@ -217,12 +212,14 @@ export type Config = {
    /**
     * When taking snapshots for responses, specifies the mode to use.
     */
-    mode?: 'incremental' | 'full' | 'none';
+    mode?: 'full' | 'none';
  };

  /**
-   * Whether to allow file uploads from anywhere on the file system.
-   * By default (false), file uploads are restricted to paths within the MCP roots only.
+   * allowUnrestrictedFileAccess acts as a guardrail to prevent the LLM from accidentally
+   * wandering outside its intended workspace. It is a convenience defense to catch unintended
+   * file access, not a secure boundary; a deliberate attempt to reach other directories can be
+   * easily worked around, so always rely on client-level permissions for true security.
   */
  allowUnrestrictedFileAccess?: boolean;

--- a/packages/playwright-mcp/package.json
+++ b/packages/playwright-mcp/package.json
@@ -33,8 +33,8 @@
    }
  },
  "dependencies": {
-    "playwright": "1.59.0-alpha-1773608981000",
-    "playwright-core": "1.59.0-alpha-1773608981000"
+    "playwright": "1.59.0-alpha-1774656214000",
+    "playwright-core": "1.59.0-alpha-1774656214000"
  },
  "bin": {
    "playwright-mcp": "cli.js"