Network Inspection
Webcmd records redacted network evidence alongside browser actions. Network review helps agents decide whether a capability can be replayed through direct HTTP, page-context fetch, response interception, or visible UI.
Files
| Path | Purpose |
|---|---|
.webcmd/sessions/<session>/network.jsonl | Captured request/response records. |
.webcmd/sessions/<session>/network.marks.json | Reviewer marks keyed by network id. |
.webcmd/sessions/<session>/network-candidates.json | Candidate assessment written by distill prepare. |
Commands
webcmd network list --session default
webcmd network list --session default --method GET,POST --type fetch,xhr
webcmd network show n1 --session default
webcmd network summary --session default
webcmd network diff e3 e9 --session default
webcmd network mark n1 --session default --mark important
webcmd network mark n2 --session default --mark side-effect
webcmd network candidates --session default
list filters by comma-separated HTTP method and resource type. diff labels records between two journal event ids. show prints one record. summary groups captured evidence. mark stores reviewer intent without editing the raw record.
Candidate safety
distill prepare marks a network record as ineligible for direct safe replay when any of these are true:
| Rejection | Meaning |
|---|---|
non_api_resource:<type> | Resource type is not fetch or xhr. |
unsafe_method:<method> | Method is not GET, HEAD, or OPTIONS. |
mutating | Webcmd classified the request as mutating. |
marked:ignore | Reviewer marked it as irrelevant. |
marked:side-effect | Reviewer marked it as side-effecting. |
bad_status:<status> | Status is missing or outside 2xx. |
non_https_url | URL is not HTTPS. |
error:<message> | Capture recorded a request error. |
Eligible does not mean “automatically use HTTP.” It means the request survived basic replay safety checks and can be considered alongside auth hints, app behavior, output stability, and graph auth strategy.
Auth hints
Network records may include auth hints. Use them to classify the capability auth contract, not to copy credentials. Typical outcomes:
| Observation | Likely strategy |
|---|---|
| Public GET returns stable JSON | public with runtime.http. |
| Request needs browser cookies only | browser-request or browser-cookie. |
| Request depends on CSRF/page JS/service worker signing | page-fetch. |
| Response is useful but request cannot be safely reproduced | intercept. |
| Behavior is only stable through UI state | ui. |
Marking guidance
Mark important for records that explain task output or state transitions. Mark side-effect for writes, purchases, sends, deletes, mutations, or anything unsafe to replay blindly. Mark ignore for analytics, fonts, images, noise, failed preloads, and unrelated polling.