lockdown: close #40, Chrome MCP write-action denies superseded by Playwright migration #62

New issue

Open

opened 2026-05-23 20:54:04 +00:00 by coilysiren · 0 comments

coilysiren commented

2026-05-23 20:54:04 +00:00

Owner

Originally filed by @coilysiren on 2026-05-02T01:10:09Z - https://github.com/coilysiren/coily/issues/41

🤖 Filed by Claude Code on Kai's behalf.

Kai has disabled the Chrome MCP integrations on the machines running the daily routines, and the two routines that needed browser-driven scraping (daily-educational against CNCF Slack, daily-recruiting against LinkedIn) are migrating to Playwright with playwright-extra stealth and per-service storageState.json. Tracked in coilysiren/coilyco-ai#91.

That removes the entire write-path threat surface coilysiren/coily#40 was trying to harden via tool-level denies and a PreToolUse hook. With Chrome MCP gone from the agent's toolset on those hosts, denying its write-capable sub-tools no longer carries weight.

Action

Close #40 as not-planned, superseded by coilysiren/coilyco-ai#91. Leave the rationale in the close comment so the next person reading the lockdown history sees why those denies were proposed and then dropped.
No coily code changes in this issue. Lockdown stays as it is.

If Chrome MCP comes back

If a future routine reintroduces Chrome MCP for genuine read-only use (one-off interactive work that Playwright is the wrong tool for), revisit the threat model from #40 at that point. The hook design in #40's body is still the right shape if it ever needs to be implemented, just not today.

_Originally filed by @coilysiren on 2026-05-02T01:10:09Z - [https://github.com/coilysiren/coily/issues/41](https://github.com/coilysiren/coily/issues/41)_ > 🤖 Filed by Claude Code on Kai's behalf. Kai has disabled the Chrome MCP integrations on the machines running the daily routines, and the two routines that needed browser-driven scraping (daily-educational against CNCF Slack, daily-recruiting against LinkedIn) are migrating to Playwright with `playwright-extra` stealth and per-service `storageState.json`. Tracked in coilysiren/coilyco-ai#91. That removes the entire write-path threat surface coilysiren/coily#40 was trying to harden via tool-level denies and a PreToolUse hook. With Chrome MCP gone from the agent's toolset on those hosts, denying its write-capable sub-tools no longer carries weight. ## Action - Close #40 as not-planned, superseded by coilysiren/coilyco-ai#91. Leave the rationale in the close comment so the next person reading the lockdown history sees why those denies were proposed and then dropped. - No coily code changes in this issue. Lockdown stays as it is. ## If Chrome MCP comes back If a future routine reintroduces Chrome MCP for genuine read-only use (one-off interactive work that Playwright is the wrong tool for), revisit the threat model from #40 at that point. The hook design in #40's body is still the right shape if it ever needs to be implemented, just not today.

coilysiren added the

label

2026-05-31 01:52:43 +00:00

coilysiren added

and removed

labels

2026-05-31 06:59:47 +00:00

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-bridge/coily#62

No description provided.

Rows
Columns