Concepts

Webcmd separates messy discovery from reusable execution. Raw browser sessions are evidence; capability graphs are the durable model; workflows and generated CLIs are runnable projections of that model.

flowchart LR; Demo["demonstrate task"] --> Record["record session"]; Record --> Evidence["collect evidence"]; Evidence --> Distill["distill graph"]; Distill --> Graph["capability graph"]; Graph --> Workflow["workflow"]; Graph --> CLI["generated CLI"]; Workflow --> Run["verify and run"]; CLI --> Run;

Lifecycle

  1. Record: webcmd open creates a browser session and, by default, records journal events, snapshots, and redacted network evidence.
  2. Inspect: webcmd journal, webcmd snapshot, and webcmd network * expose enough evidence to classify actions, selectors, auth, API candidates, and side effects.
  3. Distill: webcmd distill prepare packages evidence; an agent writes a distill plan; webcmd distill apply updates the graph.
  4. Materialize: webcmd workflow or webcmd cli creates an agent-readable packet, then applies a plan to write runnable artifacts.
  5. Verify and run: webcmd verify checks generated structure/runtime contracts; webcmd run executes exported workflows.

Vocabulary

TermMeaning
SessionA named browser runtime, usually controlled by --session <id>.
JournalAppend-only event log at .webcmd/sessions/<session>/journal.jsonl.
SnapshotSemantic page state captured before/after actions or by webcmd snapshot.
Network recordRedacted HTTP evidence at .webcmd/sessions/<session>/network.jsonl.
Network markReviewer classification in network.marks.json: important, ignore, or side-effect.
Distill packetEvidence bundle that tells an agent how to write graph changes.
Capability graphStrict JSON model at .webcmd/graphs/<app-id>/capabilities.json.
CapabilityReusable app primitive with inputs, output, auth contract, effects, and evidence ids.
ScenarioOrdered capability usage sample from a recorded task.
Command mappingGraph-level description of how a generated CLI command maps flags to capabilities.
WorkflowExecutable .mjs script exported under .webcmd/exports/workflows/<domain>/.
Generated CLIStandalone package exported under .webcmd/exports/clis/<domain>/ with a SKILL.md.
Authoring packetMeta-planning artifact used for create/update/heal requests.
ProfilePersistent browser identity under .webcmd/profiles/<name>.

Capability graph shape

{
  "version": 1,
  "app": {
    "id": "hacker-news",
    "name": "Hacker News",
    "baseUrls": ["https://news.ycombinator.com"],
    "auth": { "requiresAuth": false, "provider": "none" }
  },
  "capabilities": [],
  "scenarios": [],
  "commands": [],
  "provenance": { "distillations": [] }
}

Capabilities are intentionally small and remixable. They carry:

FieldPurpose
id, description, visibilityStable identity and human summary.
evidenceJournal, network, and snapshot ids that justify the capability.
inputsTyped params: string, number, boolean, or json.
outputOutput type plus optional item name or JSON schema.
authReplay strategy and validation hints; never credential values.
implementationOptional graph-local implementation path/export, often atoms/<name>.mjs.
networkNotesUseful request observations that should not become secrets.
preconditions, effectsRuntime requirements and visible or backend side effects.

Auth strategies

Every distilled capability must classify auth:

StrategyUse when
publicNo identity material is required.
browser-cookieBrowser cookies are sufficient for replay.
browser-requestBrowser-context HTTP can replay a stable request.
page-fetchAuth/signing depends on page runtime, storage, service workers, or app JS.
interceptThe workflow should trigger UI and observe the app’s own response.
uiVisible UI behavior is the stable primitive.
localNamed env/config credentials are required.
manualLogin, SSO, 2FA, device approval, or human checkpoints are required.

Auth contracts describe required, profileRequired, origins, replaySurface, sources, validation probes, refresh hints, and evidence ids. They must not store cookies, tokens, passwords, CSRF values, or other credential material.