This file provides guidance to AI coding assistants (e.g., Claude Code, GitHub Copilot, Cursor) when working with this repository.
Nanobrowser is an open-source AI web automation Chrome extension that runs multi-agent systems locally in the browser. It's a free alternative to OpenAI Operator with support for multiple LLM providers (OpenAI, Anthropic, Gemini, Ollama, etc.).
Package Manager: Always use pnpm (required, configured in Cursor rules)
Core Commands:
pnpm install- Install dependenciespnpm dev- Start development mode with hot reloadpnpm build- Build production versionpnpm type-check- Run TypeScript type checkingpnpm lint- Run ESLint with auto-fixpnpm prettier- Format code with Prettier
Testing:
pnpm e2e- Run end-to-end tests (builds and zips first)pnpm zip- Create extension zip for distributionpnpm -F chrome-extension test- Run unit tests (Vitest) for core extension- Targeted example:
pnpm -F chrome-extension test -- -t "Sanitizer"
- Targeted example:
- Scope tasks to a single workspace to speed up runs:
pnpm -F chrome-extension buildpnpm -F packages/ui lint
- Prefer workspace-scoped commands over root-wide runs when possible.
Targeted examples (fast path):
pnpm -F pages/side-panel build— build only the side panelpnpm -F chrome-extension dev— dev-watch background/service workerpnpm -F packages/storage type-check— TS checks for storage packagepnpm -F pages/side-panel lint -- src/components/ChatInput.tsx— lint a filepnpm -F chrome-extension prettier -- src/background/index.ts— format a file
Cleaning:
pnpm clean- Clean all build artifacts and node_modulespnpm clean:bundle- Clean just build outputspnpm clean:turbo- Clear Turbo state/cachepnpm clean:node_modules- Remove dependencies in current workspacepnpm clean:install- Clean node_modules and reinstall dependenciespnpm update-version- Update version across all packages
This is a monorepo using Turbo for build orchestration and pnpm workspaces.
Core Extension:
chrome-extension/- Main Chrome extension manifest and background scriptssrc/background/- Background service worker with multi-agent systemsrc/background/agent/- AI agent implementations (Navigator, Planner, Validator)src/background/browser/- Browser automation and DOM manipulation
UI Pages (pages/):
side-panel/- Main chat interface (React + TypeScript + Tailwind)options/- Extension settings page (React + TypeScript)content/- Content script for page injection
Shared Packages (packages/):
shared/- Common utilities and typesstorage/- Chrome extension storage abstractionui/- Shared React componentsschema-utils/- Validation schemasi18n/- Internationalization- Others:
dev-utils/,zipper/,vite-config/,tailwind-config/,hmr/,tsconfig/
The core AI system consists of three specialized agents:
- Navigator - Handles DOM interactions and web navigation
- Planner - High-level task planning and strategy
- Validator - Validates task completion and results
Agent logic is under chrome-extension/src/background/agent/.
- Turbo manages task dependencies and caching
- Vite bundles each workspace independently
- TypeScript with strict configuration across all packages
- ESLint + Prettier for code quality
- Each workspace has its own
vite.config.mtsandtsconfig.json
- Chrome Extension Manifest V3
- React 18 with TypeScript
- Tailwind CSS for styling
- Vite for bundling
- Puppeteer for browser automation
- Chrome APIs for browser automation
- LangChain.js for LLM integration
- Extension loads as unpacked from
dist/directory after build - Hot reload works in development mode via Vite HMR
- Background scripts run as service workers (Manifest V3)
- Content scripts inject into web pages for DOM access
- Multi-agent coordination happens through Chrome messaging APIs
- Distribution zips are written to
dist-zip/ - Build flags: set
__DEV__=truefor watch builds; - Do not edit generated outputs:
dist/**,build/**,packages/i18n/lib/**
- Framework: Vitest
- Location/naming:
chrome-extension/src/**/__tests__with*.test.ts - Run:
pnpm -F chrome-extension test - Targeted example:
pnpm -F chrome-extension test -- -t "Sanitizer" - Prefer fast, deterministic tests; mock network/browser APIs
After building, load the extension:
- Open
chrome://extensions/ - Enable "Developer mode"
- Click "Load unpacked"
- Select the
dist/directory
Follow the structured naming pattern: component_category_specificAction_state
Semantic Prefixes by Component:
bg_- Background service worker operationsexec_- Executor/agent execution lifecycleact_- Agent actions and web automationerrors_- Global error messagesoptions_- Settings page componentschat_- Chat interface elementsnav_- Navigation elementspermissions_- Permission-related messages
State-Based Suffixes:
_start- Action beginning (e.g.,act_goToUrl_start)_ok- Successful completion (e.g.,act_goToUrl_ok)_fail- Failure state (e.g.,exec_task_fail)_cancel- Cancelled operation_pause- Paused state
Error Categorization:
_errors_subcategory for component-specific errors- Global
errors_prefix for system-wide errors - Descriptive error names (e.g.,
act_errors_elementNotExist)
Command Structure:
_cmd_for command-related messages (e.g.,bg_cmd_newTask_noTask)_setup_for configuration issues (e.g.,bg_setup_noApiKeys)
import { t } from '@extension/i18n';
// Simple message
t('bg_errors_noTabId')
// With placeholders
t('act_click_ok', ['5', 'Submit Button'])Use Chrome i18n placeholder format with proper definitions:
{
"act_goToUrl_start": {
"message": "Navigating to $URL$",
"placeholders": {
"url": {
"content": "$1",
"example": "https://example.com"
}
}
}
}Guidelines:
- Use descriptive, self-documenting key names
- Separate user-facing strings from internal/log strings
- Follow hierarchical naming for maintainability
- Add placeholders with examples for dynamic content
- Group related keys by component prefix
- Do not edit generated files under
packages/i18n/lib/**. - The generator
packages/i18n/genenrate-i18n.mjsruns via the@extension/i18nworkspaceready/buildscripts to (re)generate types and runtime helpers. Edit source locale JSON inpackages/i18n/locales/**instead.
- Simple but Complete Solutions: Write straightforward, well-documented code that fully addresses requirements
- Modular Design: Structure code into focused, single-responsibility modules and functions
- Testability: Design components to be easily testable with clear inputs/outputs and minimal dependencies
- Type Safety: Leverage TypeScript's type system for better code reliability and maintainability
- Extract reusable logic into utility functions or shared packages
- Use dependency injection for better testability
- Keep functions small and focused on a single task
- Prefer composition over inheritance
- Write self-documenting code with clear naming
- Formatting via Prettier (2 spaces, semicolons, single quotes,
trailing commas,
printWidth: 120) - ESLint rules include React/Hooks/Import/A11y + TypeScript
- Components:
PascalCase; variables/functions:camelCase; workspace/package directories:kebab-case - Enforced rule:
@typescript-eslint/consistent-type-imports(useimport type { ... } from '...'for type-only imports)
- Run
pnpm type-checkbefore committing to catch TypeScript errors - Use
pnpm lintto maintain code style consistency - Write unit tests for business logic and utility functions
- Test UI components in isolation when possible
- Input Validation: Always validate and sanitize user inputs, especially URLs, file paths, and form data
- Credential Management: Never log, commit, or expose API keys, tokens, or sensitive configuration
- Content Security Policy: Respect CSP restrictions and avoid
eval()or dynamic code execution - Permission Principle: Request minimal Chrome extension permissions required for functionality
- Data Privacy: Handle user data securely and avoid unnecessary data collection or storage
- XSS Prevention: Sanitize content before rendering, especially when injecting into web pages
- URL Validation: Validate and restrict navigation to prevent malicious redirects
- Error Handling: Avoid exposing sensitive information in error messages or logs
- Secrets/Config: Use
.env.local(git‑ignored) and prefix variables withVITE_. Example:VITE_POSTHOG_API_KEY. Vite inchrome-extension/vite.config.mtsloadsVITE_*from the parent directory.
- Always use
pnpmpackage manager (required for this project) - Node.js version: follow
.nvmrcandpackage.jsonengines - Use
nvm useto match.nvmrcbefore installing engine-strict=trueis enabled in.npmrc; non-matching engines fail install- Turbo manages task dependencies and caching across workspaces
- Extension builds to
dist/directory which is loaded as unpacked extension - Zipped distributions are written to
dist-zip/ - Only supports Chrome/Edge
- Keep diffs minimal and scoped; avoid mass refactors or reformatting unrelated files
- Do not modify generated artifacts (
dist/**,build/**,packages/i18n/lib/**) or workspace/global configs (turbo.json,pnpm-workspace.yaml,tsconfig*) without approval - Prefer workspace-scoped checks:
pnpm -F <workspace> type-check,pnpm -F <workspace> lint,pnpm -F <workspace> prettier -- <changed-file>, and build if applicable - Vite aliases: pages use
@srcfor pagesrc/; the extension uses@root,@src,@assets(seechrome-extension/vite.config.mts). Usepackages/vite-config’swithPageConfigfor page workspaces. - Only use scripts defined in
package.json; do not invent new commands - Change policy: ask first for new deps, file renames/moves/deletes, or global/workspace config changes; allowed without asking: read/list files, workspace‑scoped lint/format/type-check/build, and small focused patches
- Reuse existing building blocks:
packages/uicomponents andpackages/tailwind-configtokens instead of re-implementing