Browser Extension
The Cartographer browser extension (Chrome MV3) bridges your real browser and the Cartographer agent. Use it to record demonstrations, approve sensitive actions, and run flows in your authenticated Chrome profile when server-side browsers cannot complete MFA, payments, or SSO.
Dashboard: app.molar.it/dashboard/cartographer → Integrations → Extension
Product page: cartographer.molar.it
When to use the extension
| Scenario | Server browser (cloakbrowser) | Extension relay |
|---|---|---|
| Public staging site | Preferred | Optional |
| Bot-protected site | Preferred (stealth pool) | Rare |
| Logged-in session / SSO cookie | Difficult | Preferred |
| MFA / SMS / email OTP | Requires HITL | Preferred |
| Payment or password entry | Blocked without approval | Required |
| Record once, replay many | — | Record mode |
Select browser adapter: extension when starting a run, or connect proactively with cartog browser connect.
Capabilities overview
| Capability | Description |
|---|---|
| Record mode | Capture rrweb events, intents, and screenshots into demo chunks |
| Relay | WebSocket bridge between agent worker and your Chrome tab |
| HITL approvals | DOM-hash-bound prompts for navigation, payment, password, scope |
| Kill switches | Multiple paths to abort a session immediately |
| PII redaction | Mask passwords, honor ignore attributes, redact common PII shapes |
Install the extension
Molar Cloud (recommended)
Install the unpacked extension from the Cartographer repository, or follow the install guide in the dashboard.
- Open app.molar.it/dashboard/cartographer → Integrations → Extension.
- Follow the install guide for enterprise policy deploy or local unpacked build.
- Pin the extension and open the side panel on the target tab.
Local development (unpacked)
Build from the Cartographer self-host bundle (contact support@molar.it for access):
pnpm --filter @cartographer/extension install
pnpm --filter @cartographer/extension build
Load in Chrome:
- Open
chrome://extensions - Enable Developer mode
- Load unpacked → select
extension/dist/ - Pin the extension
Verify:
pnpm --filter @cartographer/extension test
pnpm --filter @cartographer/extension typecheck
Note:
The extension maintains a minimal permission surface. It does not request broad host permissions, remote code execution, or externally_connectable entries. Do not modify extension/manifest.json to add these — they violate Cartographer security policy.
Record mode
Record mode captures demonstrations the planner can reuse on similar goals.
Start recording
- Open the extension side panel on the target tab.
- Grant explicit consent — recording does not start without user action.
- Perform the flow (login, MFA, checkout, etc.).
- Stop recording — chunks upload to the project Recordings library (
/dashboard/projects/{id}/recordings).
What gets captured
| Data | Purpose |
|---|---|
| rrweb events | DOM replay for demo detail |
| Intent chunks | Segmented goals with URL patterns |
| Screenshots | Thumbnails per chunk milestone |
| Network milestones | Key request boundaries (redacted) |
Privacy controls
| Control | Behavior |
|---|---|
| Password fields | Masked in capture |
data-rrweb-ignore | Exclude subtree from rrweb |
data-cartographer-ignore | Exclude from upload and relay |
| PII redaction list | Configurable per project in Project settings → Extension |
| Origin allowlist | Only approved origins accept relay/record |
Recorded demos appear in the dashboard with skill hit rate — how often the planner cache matches this demo on new runs.
Replay: Open demo detail → Replay demo creates a new agent run. MCP: cartographer_replay_demo.
Relay sessions
The relay lets the agent worker drive your Chrome tab over a secured WebSocket. Relay connects your Chrome tab to the agent worker over a secured WebSocket.
Agent worker Extension (your Chrome)
│ │
│ WSS /v1/extension/relay │
│◄──────────────────────────────►│
│ CDP-framed commands │
│ approvals + screenshots │
Connect with cartog browser connect
cartog browser connect \
--api-url https://api.cartographer.molar.it \
--api-key "$CARTOGRAPHER_API_KEY" \
--project-id <project-id> \
--goal "Verify checkout with saved session"
Local development:
cartog browser connect \
--api-url http://localhost:8000 \
--api-key "$CARTOGRAPHER_API_KEY" \
--project-id <project-id> \
--goal "Verify checkout"
The CLI:
- Requests a scoped relay token from
POST /v1/extension/wss/token - Opens WebSocket to the relay (local default:
wss://localhost:8443/v1/extension/relay) - Prints
extension relay connected: <session_id>
Dry-run (print handshake frame without connecting):
cartog browser connect --dry-run --api-url http://localhost:8000 --project-id <id>
Relay security
| Mechanism | Purpose |
|---|---|
| Scoped JWT | Short-lived token bound to project/run |
| DPoP | Per-session key pair; proof on WebSocket upgrade |
| SPKI pin | TLS public-key pin when configured |
| Origin allowlist | Project settings restrict which sites can be controlled |
| Strict frame schemas | Invalid server frames rejected |
| Session discard | DPoP keys cleared when session ends |
Tokens are obtained from the API — never embed long-lived secrets in the extension.
Monitor connection status on Integrations → Extension: WSS status, JWT expiry countdown, reconnect instructions.
HITL approvals
Human-in-the-loop (HITL) pauses the agent when automation cannot safely proceed.
Actions that require approval
| Type | Example |
|---|---|
| Navigation | Out-of-scope URL |
| Payment | Submit payment form |
| Password | Enter or reveal credential field |
| Scope | Action outside project allowlist |
Approval flow
Agent requests action
│
▼
DOM hash computed ──► Approval prompt (side panel + dashboard queue)
│
├── Approve ──► Agent continues
├── Deny ──► Run fails step
└── Expire ──► Fail closed (stale DOM hash)
- Agent enters
pending_human— run detail shows HITL panel - Prompt appears in extension side panel and Integrations → Extension approval queue
- You Approve or Deny — bound to current DOM hash
- If the page changed since the request, approval fails closed (stale hash)
- Resume after manual CAPTCHA/MFA if needed
Dashboard queue columns: type, URL, run id, timestamp, Approve/Deny buttons with real-time push over the extension relay WebSocket.
Take over
Take over opens the extension live view so you complete a step manually (CAPTCHA, MFA code entry), then Resume the run.
Kill switches
Every relay session can be aborted immediately:
| Kill path | Effect |
|---|---|
| Close controlled tab | Session ends |
| Side panel Stop | Relay closed, debugger detached |
| Global hotkey | Ctrl+Shift+. / Cmd+Shift+. |
| Open DevTools on controlled tab | Session aborts (anti-tamper) |
Kill switch actions:
- Close WebSocket relay
- Detach Chrome debugger
- Clear pending approvals
- Clear DPoP session key
- Record kill reason in audit log
Integrations → Extension shows last kill-switch event timestamps (tab closed, sidepanel closed, global abort).
Run launch with extension adapter
From project hub → Start run:
| Field | Value |
|---|---|
| Browser adapter | extension |
| Goal | Your test objective |
| Credentials alias | If login needed (plus extension for MFA) |
Ensure:
- Extension installed and side panel open on the target tab
- Relay connected (
cartog browser connector dashboard-initiated session) - Target origin in project settings → Extension → origin allowlist
Dashboard integration
| Location | Feature |
|---|---|
| Integrations → Extension | Connection status, approval queue, kill switch log, install guide, record toggle |
| Run detail → HITL panel | Pending message, approve/deny, take over, resume |
| Demos library | Project Recordings (/dashboard/projects/{id}/recordings) |
| Project settings → Extension | Origin allowlist, PII field list |
Enable record mode per project from Integrations → Extension; deep link opens the side panel on the active tab.
Security summary
| Practice | Detail |
|---|---|
| No broad host permissions | Extension only activates on user-navigated tabs |
| No native messaging / externally_connectable | Hard policy — reduces attack surface |
| Secrets never in extension storage | Relay tokens are short-lived |
| Password/payment gated | Always requires explicit approval |
| PII redaction before upload | Configurable field list per project |
| Audit trail | Kill reasons, approvals, and session metadata logged server-side |
For deployment hardening (TLS, token rotation, enterprise policy deploy), see Deployment.
Troubleshooting
| Symptom | Fix |
|---|---|
| WebSocket refuses connection | Check API URL, relay token endpoint, SPKI pins, origin allowlist |
| Approval prompt missing | Reload extension, restart relay, open side panel on controlled tab |
| Recording does not upload | Verify project id, user token, origin in allowlist |
| Session aborts immediately | DevTools may be open on tab; check kill switch log |
pending_human stuck | Approve/deny in queue; verify DOM hash not stale (refresh page carefully) |
More: Troubleshooting & FAQ.
Related
| Page | Topic |
|---|---|
| Core concepts — Demos | How recordings become planner skills |
| Dashboard — Integrations | Extension admin UI |
| MCP tools | cartographer_replay_demo |
| Quick start | First project walkthrough |