Network Inspection

Webcmd records redacted network evidence alongside browser actions. Network review helps agents decide whether a capability can be replayed through direct HTTP, page-context fetch, response interception, or visible UI.

flowchart TD; Record["network record"] --> Candidate{"safe direct candidate"}; Candidate --> Mark["reviewer mark"]; Candidate --> Auth["auth classification"]; Auth --> Http["runtime http"]; Auth --> PageFetch["page fetch"]; Auth --> Intercept["wait for response"]; Auth --> UI["UI capability"]; Mark --> Notes["distill notes"]; Http --> Notes; PageFetch --> Notes; Intercept --> Notes; UI --> Notes;

Files

PathPurpose
.webcmd/sessions/<session>/network.jsonlCaptured request/response records.
.webcmd/sessions/<session>/network.marks.jsonReviewer marks keyed by network id.
.webcmd/sessions/<session>/network-candidates.jsonCandidate assessment written by distill prepare.

Commands

webcmd network list --session default
webcmd network list --session default --method GET,POST --type fetch,xhr
webcmd network show n1 --session default
webcmd network summary --session default
webcmd network diff e3 e9 --session default
webcmd network mark n1 --session default --mark important
webcmd network mark n2 --session default --mark side-effect
webcmd network candidates --session default

list filters by comma-separated HTTP method and resource type. diff labels records between two journal event ids. show prints one record. summary groups captured evidence. mark stores reviewer intent without editing the raw record.

Candidate safety

distill prepare marks a network record as ineligible for direct safe replay when any of these are true:

RejectionMeaning
non_api_resource:<type>Resource type is not fetch or xhr.
unsafe_method:<method>Method is not GET, HEAD, or OPTIONS.
mutatingWebcmd classified the request as mutating.
marked:ignoreReviewer marked it as irrelevant.
marked:side-effectReviewer marked it as side-effecting.
bad_status:<status>Status is missing or outside 2xx.
non_https_urlURL is not HTTPS.
error:<message>Capture recorded a request error.

Eligible does not mean “automatically use HTTP.” It means the request survived basic replay safety checks and can be considered alongside auth hints, app behavior, output stability, and graph auth strategy.

Auth hints

Network records may include auth hints. Use them to classify the capability auth contract, not to copy credentials. Typical outcomes:

ObservationLikely strategy
Public GET returns stable JSONpublic with runtime.http.
Request needs browser cookies onlybrowser-request or browser-cookie.
Request depends on CSRF/page JS/service worker signingpage-fetch.
Response is useful but request cannot be safely reproducedintercept.
Behavior is only stable through UI stateui.

Marking guidance

Mark important for records that explain task output or state transitions. Mark side-effect for writes, purchases, sends, deletes, mutations, or anything unsafe to replay blindly. Mark ignore for analytics, fonts, images, noise, failed preloads, and unrelated polling.