BrowseGenius

Appearance

Plugin Network Requests

BrowseGenius keeps network traffic intentionally narrow. The extension makes only a handful of outbound HTTP calls, all initiated from foreground UI actions and authenticated with the locally stored OpenAI API key. This page documents every request path, when it is triggered, the payload it transmits, and the protections in place.

Summary Table

FeatureEndpointMethodTriggerPayload highlights
Token estimatorhttps://tiktoken-api.vercel.app/token_countPOSTCounting tokens before an LLM call{ text, model_name } JSON
Screenshot descriptionhttps://api.openai.com/v1/chat/completionsPOSTCapturing a screen with “Describe screenshot” enabledVision chat payload with base64 PNG + URL metadata
Test plan generationhttps://api.openai.com/v1/chat/completionsPOSTRunning “Generate Plan” or creating a manual test caseJSON chat messages built from captures or the manual prompt
Autonomous executor loophttps://api.openai.com/v1/chat/completionsPOSTRunning the AI-driven test executorJSON chat messages with task instructions, prior actions, simplified DOM

Outbound Requests

Token counting helper

  • Code: src/helpers/countTokens.ts:1
  • Endpoint: POST https://tiktoken-api.vercel.app/token_count
  • Purpose: Estimate token usage before making an LLM request.
  • Payload: { text, model_name } as JSON. No OpenAI key is sent. The text is whatever will be passed to the model (e.g., prompts, DOM excerpts).
  • Frequency: On demand when token estimation tooling is invoked; the feature is optional and not part of the default flow.

OpenAI Chat Completions (Vision)

  • Code: src/services/flowDiscovery.ts:141 (describeScreenshot)
  • Endpoint: POST https://api.openai.com/v1/chat/completions
  • Purpose: Generate an AI-authored description for captured screenshots.
  • Authentication: Uses the user-supplied OpenAI API key (Authorization: Bearer …).
  • Payload: A chat request containing:
    • System prompt instructing the model to behave as a UI/UX analyst.
    • image_url content block with the captured screenshot encoded as base64 (height capped by MAX_SCREENSHOT_HEIGHT).
    • Text metadata (page title, URL) so the model understands context.
  • Trigger: Optional; only sent when screenshot description is requested during capture.

OpenAI Chat Completions (Test Plan Generation)

  • Code: src/services/flowDiscovery.ts:323
  • Endpoint: POST https://api.openai.com/v1/chat/completions
  • Purpose: Turn captured screens or manual prompts into structured regression plans.
  • Authentication: OpenAI API key (same as above).
  • Payload: Chat messages that include:
    • System prompt defining the expected JSON schema for test plans.
    • User prompt assembled from up to five captures (DOM snippets, notes, URLs) or the manual free-text description.
  • Trigger: Clicking Generate Plan or submitting the “Manual Test Case” dialog.
  • Response handling: JSON content is parsed client-side to build FlowTestCase objects stored locally.

OpenAI Chat Completions (Autonomous Executor)

  • Code: src/helpers/determineNextAction.ts:46
  • Endpoint: POST https://api.openai.com/v1/chat/completions
  • Purpose: Decide the next browser action when the AI executor runs a plan.
  • Authentication: OpenAI API key.
  • Payload: Chat messages containing:
    • System prompt listing the available automation actions.
    • User message with task instructions, serialized previous actions, current timestamp, and the simplified DOM (getSimplifiedDom output).
  • Trigger: Each step in the executor loop while a suite is running. Retries are limited to maxAttempts.
  • Notes: The request may set reasoning_effort when the selected model is o1, matching OpenAI API requirements.

Browser APIs (Non-network)

While not HTTP requests, the extension also calls several Chrome extension APIs to drive automation:

  • chrome.debugger.sendCommand for Page.captureScreenshot and DOM inspection during captures.
  • chrome.tabs.query, chrome.scripting.executeScript, and chrome.runtime.sendMessage for orchestrating content scripts and DOM actions.

These stay within the local browser sandbox and do not leave the user’s machine.

Data Handling Notes

  • Endpoints are invoked only after the user supplies an OpenAI API key and initiates the related feature.
  • Request payloads can contain DOM HTML, URLs, and base64 screenshots. See Data & Storage for retention and security guidance.
  • No other third-party services are contacted. If you swap the persistence layer (see src/state/store.ts), ensure the new storage backend aligns with your organisation’s policies.

Released under the MIT License.

© 2025 BrowseGenius contributors