diff --git a/README.md b/README.md
index 259980a..1cbeb92 100644
--- a/README.md
+++ b/README.md
@@ -390,7 +390,7 @@ Playwright MCP server supports following arguments. They can be provided in the
| --save-session | Whether to save the Playwright MCP session into the output directory.
*env* `PLAYWRIGHT_MCP_SAVE_SESSION` |
| --secrets | path to a file containing secrets in the dotenv format
*env* `PLAYWRIGHT_MCP_SECRETS` |
| --shared-browser-context | reuse the same browser context between all connected HTTP clients.
*env* `PLAYWRIGHT_MCP_SHARED_BROWSER_CONTEXT` |
-| --snapshot-mode | when taking snapshots for responses, specifies the mode to use. Can be "incremental", "full", or "none". Default is incremental.
*env* `PLAYWRIGHT_MCP_SNAPSHOT_MODE` |
+| --snapshot-mode | when taking snapshots for responses, specifies the mode to use. Can be "full" or "none". Default is "full".
*env* `PLAYWRIGHT_MCP_SNAPSHOT_MODE` |
| --storage-state | path to the storage state file for isolated sessions.
*env* `PLAYWRIGHT_MCP_STORAGE_STATE` |
| --test-id-attribute | specify the attribute to use for test ids, defaults to "data-testid"
*env* `PLAYWRIGHT_MCP_TEST_ID_ATTRIBUTE` |
| --timeout-action | specify action timeout in milliseconds, defaults to 5000ms
*env* `PLAYWRIGHT_MCP_TIMEOUT_ACTION` |
@@ -604,9 +604,9 @@ npx @playwright/mcp@latest --config path/to/config.json
sharedBrowserContext?: boolean;
/**
- * Secrets are used to prevent LLM from getting sensitive data while
- * automating scenarios such as authentication.
- * Prefer the browser.contextOptions.storageState over secrets file as a more secure alternative.
+ * Secrets are used to replace matching plain text in the tool responses to prevent the LLM
+ * from accidentally getting sensitive data. It is a convenience and not a security feature,
+ * make sure to always examine information coming in and from the tool on the client.
*/
secrets?: Record;
@@ -615,11 +615,6 @@ npx @playwright/mcp@latest --config path/to/config.json
*/
outputDir?: string;
- /**
- * Whether to save snapshots, console messages, network logs and other session logs to a file or to the standard output. Defaults to "stdout".
- */
- outputMode?: 'file' | 'stdout';
-
console?: {
/**
* The level of console messages to return. Each level includes the messages of more severe levels. Defaults to "info".
@@ -678,12 +673,14 @@ npx @playwright/mcp@latest --config path/to/config.json
/**
* When taking snapshots for responses, specifies the mode to use.
*/
- mode?: 'incremental' | 'full' | 'none';
+ mode?: 'full' | 'none';
};
/**
- * Whether to allow file uploads from anywhere on the file system.
- * By default (false), file uploads are restricted to paths within the MCP roots only.
+ * allowUnrestrictedFileAccess acts as a guardrail to prevent the LLM from accidentally
+ * wandering outside its intended workspace. It is a convenience defense to catch unintended
+ * file access, not a secure boundary; a deliberate attempt to reach other directories can be
+ * easily worked around, so always rely on client-level permissions for true security.
*/
allowUnrestrictedFileAccess?: boolean;
@@ -845,6 +842,7 @@ http.createServer(async (req, res) => {
- `element` (string, optional): Human-readable element description used to obtain permission to interact with the element
- `ref` (string, optional): Exact target element reference from the page snapshot
- `selector` (string, optional): CSS or role selector for the target element, when "ref" is not available.
+ - `filename` (string, optional): Filename to save the result to. If not provided, result is returned as text.
- Read-only: **false**
@@ -909,7 +907,10 @@ http.createServer(async (req, res) => {
- Title: List network requests
- Description: Returns all network requests since loading the page
- Parameters:
- - `includeStatic` (boolean): Whether to include successful static resources like images, fonts, scripts, etc. Defaults to false.
+ - `static` (boolean): Whether to include successful static resources like images, fonts, scripts, etc. Defaults to false.
+ - `requestBody` (boolean): Whether to include request body. Defaults to false.
+ - `requestHeaders` (boolean): Whether to include request headers. Defaults to false.
+ - `filter` (string, optional): Only return requests whose URL matches this regexp (e.g. "/api/.*user").
- `filename` (string, optional): Filename to save the network requests to. If not provided, requests are returned as text.
- Read-only: **true**
@@ -938,7 +939,8 @@ http.createServer(async (req, res) => {
- Title: Run Playwright code
- Description: Run Playwright code snippet
- Parameters:
- - `code` (string): A JavaScript function containing Playwright code to execute. It will be invoked with a single argument, page, which you can use for any page interaction. For example: `async (page) => { await page.getByRole('button', { name: 'Submit' }).click(); return await page.title(); }`
+ - `code` (string, optional): A JavaScript function containing Playwright code to execute. It will be invoked with a single argument, page, which you can use for any page interaction. For example: `async (page) => { await page.getByRole('button', { name: 'Submit' }).click(); return await page.title(); }`
+ - `filename` (string, optional): Load code from the specified file. If both code and filename are provided, code will be ignored.
- Read-only: **false**
@@ -961,6 +963,7 @@ http.createServer(async (req, res) => {
- Parameters:
- `filename` (string, optional): Save snapshot to markdown file instead of returning it in the response.
- `selector` (string, optional): Element selector of the root element to capture a partial snapshot instead of the whole page
+ - `depth` (number, optional): Limit the depth of the snapshot tree
- Read-only: **true**
@@ -1250,6 +1253,16 @@ http.createServer(async (req, res) => {
+- **browser_resume**
+ - Title: Resume paused script execution
+ - Description: Resume script execution after it was paused. When called with step set to true, execution will pause again before the next action.
+ - Parameters:
+ - `step` (boolean, optional): When true, execution will pause again before the next action, allowing step-by-step debugging.
+ - `location` (string, optional): Pause execution at a specific :, e.g. "example.spec.ts:42".
+ - Read-only: **false**
+
+
+
- **browser_start_tracing**
- Title: Start tracing
- Description: Start trace recording
@@ -1282,6 +1295,17 @@ http.createServer(async (req, res) => {
- `filename` (string, optional): Filename to save the video
- Read-only: **true**
+
+
+- **browser_video_chapter**
+ - Title: Video chapter
+ - Description: Add a chapter marker to the video recording. Shows a full-screen chapter card with blurred backdrop.
+ - Parameters:
+ - `title` (string): Chapter title
+ - `description` (string, optional): Chapter description
+ - `duration` (number, optional): Duration in milliseconds to show the chapter card
+ - Read-only: **true**
+
diff --git a/package-lock.json b/package-lock.json
index 07c3ff0..8933e4a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,7 +13,7 @@
],
"devDependencies": {
"@modelcontextprotocol/sdk": "^1.25.2",
- "@playwright/test": "1.59.0-alpha-1773608981000",
+ "@playwright/test": "1.59.0-alpha-1774656214000",
"@types/node": "^24.3.0"
}
},
@@ -854,13 +854,12 @@
"link": true
},
"node_modules/@playwright/test": {
- "version": "1.59.0-alpha-1773608981000",
- "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.59.0-alpha-1773608981000.tgz",
- "integrity": "sha512-px+GAf8KIaMcPsCUPG3+xqPRSIPHgnizH7ygUjo6OXT1AigXTNCsIIVrPY3C5GjouM2MI4CQOkIKcSEjO84ZTg==",
+ "version": "1.59.0-alpha-1774656214000",
+ "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.59.0-alpha-1774656214000.tgz",
+ "integrity": "sha512-1BmlLuGD6XAOLv98iCtgbvjRWdVjOdEh2fnDjWqHiD9ygnNXupsJZzkDVOfXSlaoZQoO26kcOfV03qbaUWua/A==",
"dev": true,
- "license": "Apache-2.0",
"dependencies": {
- "playwright": "1.59.0-alpha-1773608981000"
+ "playwright": "1.59.0-alpha-1774656214000"
},
"bin": {
"playwright": "cli.js"
@@ -2585,11 +2584,10 @@
}
},
"node_modules/path-to-regexp": {
- "version": "8.3.0",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz",
- "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==",
+ "version": "8.4.0",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.0.tgz",
+ "integrity": "sha512-PuseHIvAnz3bjrM2rGJtSgo1zjgxapTLZ7x2pjhzWwlp4SJQgK3f3iZIQwkpEnBaKz6seKBADpM4B4ySkuYypg==",
"dev": true,
- "license": "MIT",
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
@@ -2603,11 +2601,10 @@
"license": "ISC"
},
"node_modules/picomatch": {
- "version": "2.3.1",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
- "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+ "version": "2.3.2",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+ "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=8.6"
},
@@ -2626,12 +2623,11 @@
}
},
"node_modules/playwright": {
- "version": "1.59.0-alpha-1773608981000",
- "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.59.0-alpha-1773608981000.tgz",
- "integrity": "sha512-nb+BzawNj48eH6NdxecsysLuhCAB/p18FG7LLJp3MBfRGUkCAFtax0CFo/BhD+r0V4+0EW7llPK0p4cJQEIwUQ==",
- "license": "Apache-2.0",
+ "version": "1.59.0-alpha-1774656214000",
+ "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.59.0-alpha-1774656214000.tgz",
+ "integrity": "sha512-aIR09o0T9Y/LpCcBaEE6tldqNI8wrbxuZYH8uruD8kJx/5GtwyA6LxPujy2n8pOQUOmHpySDGBQYFWfhCbD/uA==",
"dependencies": {
- "playwright-core": "1.59.0-alpha-1773608981000"
+ "playwright-core": "1.59.0-alpha-1774656214000"
},
"bin": {
"playwright": "cli.js"
@@ -2648,10 +2644,9 @@
"link": true
},
"node_modules/playwright-core": {
- "version": "1.59.0-alpha-1773608981000",
- "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.59.0-alpha-1773608981000.tgz",
- "integrity": "sha512-w6E5Q0Wleek3Wp7gtlSPGXuKeQ5eg6QPPJNNwgMHQRpkxgqOwgN2mX7x6Z52HJE10HFC88U5HQzOLMbag928Lg==",
- "license": "Apache-2.0",
+ "version": "1.59.0-alpha-1774656214000",
+ "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.59.0-alpha-1774656214000.tgz",
+ "integrity": "sha512-pFMQqZDbTSvKntHMh4ZF+iB7jAm5c0nyM5t7rX6tSa7wQdZiswJrFBN+hKmMq338+y6iSJhT61vxuYxORakivA==",
"bin": {
"playwright-core": "cli.js"
},
@@ -3102,11 +3097,10 @@
}
},
"node_modules/tinyglobby/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=12"
},
@@ -3356,11 +3350,10 @@
}
},
"node_modules/vite/node_modules/picomatch": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=12"
},
@@ -3448,8 +3441,8 @@
"version": "0.0.68",
"license": "Apache-2.0",
"dependencies": {
- "playwright": "1.59.0-alpha-1773608981000",
- "playwright-core": "1.59.0-alpha-1773608981000"
+ "playwright": "1.59.0-alpha-1774656214000",
+ "playwright-core": "1.59.0-alpha-1774656214000"
},
"bin": {
"playwright-mcp": "cli.js"
diff --git a/package.json b/package.json
index c61c06a..61ee63a 100644
--- a/package.json
+++ b/package.json
@@ -26,7 +26,7 @@
],
"devDependencies": {
"@modelcontextprotocol/sdk": "^1.25.2",
- "@playwright/test": "1.59.0-alpha-1773608981000",
+ "@playwright/test": "1.59.0-alpha-1774656214000",
"@types/node": "^24.3.0"
}
}
diff --git a/packages/playwright-mcp/config.d.ts b/packages/playwright-mcp/config.d.ts
index f664670..26cc075 100644
--- a/packages/playwright-mcp/config.d.ts
+++ b/packages/playwright-mcp/config.d.ts
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-import type * as playwright from 'playwright';
+import type * as playwright from '../../..';
export type ToolCapability =
'config' |
@@ -143,9 +143,9 @@ export type Config = {
sharedBrowserContext?: boolean;
/**
- * Secrets are used to prevent LLM from getting sensitive data while
- * automating scenarios such as authentication.
- * Prefer the browser.contextOptions.storageState over secrets file as a more secure alternative.
+ * Secrets are used to replace matching plain text in the tool responses to prevent the LLM
+ * from accidentally getting sensitive data. It is a convenience and not a security feature,
+ * make sure to always examine information coming in and from the tool on the client.
*/
secrets?: Record;
@@ -154,11 +154,6 @@ export type Config = {
*/
outputDir?: string;
- /**
- * Whether to save snapshots, console messages, network logs and other session logs to a file or to the standard output. Defaults to "stdout".
- */
- outputMode?: 'file' | 'stdout';
-
console?: {
/**
* The level of console messages to return. Each level includes the messages of more severe levels. Defaults to "info".
@@ -217,12 +212,14 @@ export type Config = {
/**
* When taking snapshots for responses, specifies the mode to use.
*/
- mode?: 'incremental' | 'full' | 'none';
+ mode?: 'full' | 'none';
};
/**
- * Whether to allow file uploads from anywhere on the file system.
- * By default (false), file uploads are restricted to paths within the MCP roots only.
+ * allowUnrestrictedFileAccess acts as a guardrail to prevent the LLM from accidentally
+ * wandering outside its intended workspace. It is a convenience defense to catch unintended
+ * file access, not a secure boundary; a deliberate attempt to reach other directories can be
+ * easily worked around, so always rely on client-level permissions for true security.
*/
allowUnrestrictedFileAccess?: boolean;
diff --git a/packages/playwright-mcp/package.json b/packages/playwright-mcp/package.json
index 33afa92..6aef1f6 100644
--- a/packages/playwright-mcp/package.json
+++ b/packages/playwright-mcp/package.json
@@ -33,8 +33,8 @@
}
},
"dependencies": {
- "playwright": "1.59.0-alpha-1773608981000",
- "playwright-core": "1.59.0-alpha-1773608981000"
+ "playwright": "1.59.0-alpha-1774656214000",
+ "playwright-core": "1.59.0-alpha-1774656214000"
},
"bin": {
"playwright-mcp": "cli.js"