Labsco
segentic-lab logo

periscope-mcp

ā˜… 1

from segentic-lab

Website testing built for AI agents: 63 Playwright tools with hard assertions, auto form-fill, auth sessions, network mocking, and a11y/SEO/GEO + Lighthouse audits.

šŸ”„šŸ”„šŸ”„āœ“ VerifiedFreeAdvanced setup

periscope-mcp

periscope-mcp MCP server

An MCP server that gives AI agents 74 Playwright tools to QA, test, and analyze web apps — static sites, SPAs, and apps behind a login — returning hard verdicts, not screenshots to squint at. Not a thin wrapper around browser APIs; the tools are shaped around how agents actually work:

  • Hard results, not screenshot-squinting — assert_condition returns passed: true/false with the actual value; checks return structured issues.
  • One call instead of ten — auto_fill_form detects, infers, and fills a whole form; interact_and_test batches 25 action types with checks; test_project crawls and audits an entire site.
  • Real web-app testing — persistent authenticated sessions (form/basic/ cookie auth, plus a visible interactive login for 2FA/SSO/CAPTCHA that then runs headless), multi-step flows, network mocking, state snapshots, and real INP measured from the interactions it drives.
  • Honest responses — failures say what happened and what to do next (expired session vs. browser crash vs. eviction); silent no-ops like ignored drags come back flagged, not as fake success.
  • Debugging built in — captured API response bodies, console/network logs, network mocking, and state snapshots/diffs, no setup calls needed.
  • Audits agents can't get from a browser binding — accessibility, SEO, and GEO/agentic-search readiness (robots.txt AI-crawler access, llms.txt, WebMCP), plus real Lighthouse.

Playwright + headless Chrome underneath; site crawling, responsive testing, and screenshot diffing on top. Works with any MCP client — Claude Code, Codex, Cursor, Windsurf, Gemini CLI, custom agents, or anything else that speaks MCP over stdio.

Why not just playwright-mcp?

playwright-mcp is excellent at what it is: general browser control over MCP, with tools that mirror Playwright's own API. If the job is "browse this site, click around, extract something," use it.

Periscope exists for a different job: testing and auditing a site or web app, then reporting findings — and its tools encode the testing knowledge an agent would otherwise have to reinvent every session:

Raw browser controlPeriscope
Verifying an outcomeRead a screenshot or DOM dump and judgeassert_condition → hard passed: true/false + actual value
Filling a formOne call per field, agent invents test dataauto_fill_form — detects fields, infers realistic data, reports per-field failures
AuthRe-login by scripting clicks each sessionProjects persist form/basic/cookie auth; sessions share the logged-in context
Site-wide auditLoop pages manuallytest_project — crawl + accessibility/SEO/GEO/visual/functionality checks + saved report
Diagnosing a broken pageAsk for logs, replay requestsResponse bodies, console, and network are captured automatically; mock APIs with intercept_network
Silent failuresDrag "succeeds," nothing movedFlagged in the result, with the recovery path spelled out
AI-readiness audits—robots.txt AI-crawler access, llms.txt, WebMCP annotations, JSON-LD, plus real Lighthouse scores

The two aren't rivals — an agent can happily use playwright-mcp for browsing tasks and Periscope when it's wearing the QA hat. Periscope's design bets are simply about that hat: fewer, higher-level calls; structured verdicts instead of raw page state; and errors written to tell the agent what to do next.

Architecture

MCP client (AI agent)  -->  MCP Server (stdio)  -->  Playwright (Headless Chrome)
                                 |                         |
                                 +-- Projects (JSON)       +-- Persistent Sessions
                                 +-- Screenshots (PNG)     +-- Network Interception
                                 +-- Reports (JSON)        +-- Device Emulation
                                 +-- Videos (WebM)

How it works: your MCP client connects to this server over stdio. The server exposes 74 tools the agent can call to create projects, configure authentication, crawl websites, run static checks, and interactively test web applications using persistent browser sessions. Results (JSON + screenshots + videos) are returned to the agent for analysis.

Project Structure

periscope-mcp/
ā”œā”€ā”€ server.py              # MCP server entry point (stdio wiring + dispatch)
ā”œā”€ā”€ tool_schemas.py        # All 74 MCP tool definitions (schemas)
ā”œā”€ā”€ runtime.py             # Shared singletons (project store, sessions, browser)
ā”œā”€ā”€ coercion.py            # Argument coercion for MCP clients with stale schemas
ā”œā”€ā”€ handlers/              # Tool handlers, grouped by category
│   ā”œā”€ā”€ registry.py        # @tool(name) decorator + HANDLERS registry
│   ā”œā”€ā”€ projects.py        # create/list/get/delete project
│   ā”œā”€ā”€ auth.py            # form login, basic auth, cookies, copy_auth
│   ā”œā”€ā”€ static_testing.py  # test_url, crawl, test_project, reports, responsive
│   ā”œā”€ā”€ session_tools.py   # open/close/list sessions, viewport, history
│   ā”œā”€ā”€ interactive.py     # click, fill, steps, element queries, dialogs
│   ā”œā”€ā”€ analysis.py        # forms, links, keyboard nav, tables, toasts, contrast
│   ā”œā”€ā”€ advanced.py        # network mocking, storage, iframes, emulation, recording
│   ā”œā”€ā”€ agent_speed.py     # assertions, smart find, auto-fill, snapshots
│   ā”œā”€ā”€ web.py             # web_search, web_fetch
│   ā”œā”€ā”€ discovery.py       # describe_tools catalog
│   └── system.py          # periscope_system: status, self-update, agents_md
ā”œā”€ā”€ tester.py              # Playwright browser control + test orchestration
ā”œā”€ā”€ crawler.py             # Page discovery (BFS crawl, same-domain only)
ā”œā”€ā”€ projects.py            # Project CRUD + auth config storage
ā”œā”€ā”€ auth.py                # Authentication handlers (form, basic, cookies)
ā”œā”€ā”€ sessions.py            # SessionManager + PageSession — persistent page lifecycle
ā”œā”€ā”€ interactions.py        # Interaction primitives (click, fill, execute_steps)
ā”œā”€ā”€ utils.py               # Screenshot comparison (Pillow pixel diff)
ā”œā”€ā”€ config.py              # Global settings (timeouts, paths, session limits)
ā”œā”€ā”€ checks/
│   ā”œā”€ā”€ visual.py          # Broken images, favicon, overflow, small text
│   ā”œā”€ā”€ accessibility.py   # Alt text, labels, headings, lang, ARIA, keyboard nav
│   ā”œā”€ā”€ functionality.py   # Broken links, forms, SEO, performance, link checker
│   └── geo.py             # GEO/agentic search: robots.txt AI crawlers, llms.txt, WebMCP, JSON-LD
ā”œā”€ā”€ tests/                 # Unit tests (no browser) + tests/e2e/ (real browser + fixture pages)
ā”œā”€ā”€ data/                  # Created at runtime (gitignored — contains credentials)
ā”œā”€ā”€ Dockerfile
ā”œā”€ā”€ docker-compose.yml
└── .mcp.json.example      # MCP registration template (copy to .mcp.json)

Connecting an MCP Client

Periscope is a standard stdio MCP server: point any MCP client at venv/bin/python server.py and you're done. ./install.sh generates mcp-config.json with the correct absolute paths for your machine; most clients accept that shape directly:

{
  "mcpServers": {
    "periscope": {
      "command": "/path/to/periscope-mcp/venv/bin/python",
      "args": ["/path/to/periscope-mcp/server.py"]
    }
  }
}

Client-specific examples:

  • Claude Code — copy the config into the project as .mcp.json (cp .mcp.json.example .mcp.json and adjust paths), or run claude mcp add periscope -- /path/to/venv/bin/python /path/to/server.py
  • Cursor / Windsurf — add the block above to ~/.cursor/mcp.json / ~/.codeium/windsurf/mcp_config.json
  • Codex CLI — add to ~/.codex/config.toml: [mcp_servers.periscope] with command and args as above
  • Custom agents — any MCP SDK client can spawn the server over stdio with the same command and args

After configuring, restart your client.

Teaching your agent to use the tools

AGENTS.md contains a ready-made system-prompt block — workflows, tool-selection guidance, and known pitfalls. Paste its contents into your agent's system prompt (or custom instructions) so it drives the 74 tools effectively instead of discovering the conventions by trial and error.

MCP Tools Reference (74 tools)

Project Management (4 tools)

ToolDescriptionRequired Params
create_projectCreate a new testing projectname, base_url
list_projectsList all projects(none)
get_projectGet project detailsname
delete_projectDelete project + dataname

Authentication (7 tools)

ToolDescriptionRequired Params
set_form_loginConfigure username/password form loginproject, login_url, username, password
set_basic_authConfigure HTTP Basic Authproject, username, password
set_cookiesInject session cookiesproject, cookies (array)
login_projectExecute login using configured authproject
interactive_loginOpen a visible window to log in by hand (2FA/SSO/CAPTCHA), then save_loginproject
save_loginCapture the manual-login session; the project then runs authenticated + headlessproject
copy_authCopy auth config + session state between projectsfrom_project, to_project

For logins that can't be automated — 2FA/MFA, SSO/OAuth redirects, CAPTCHA, magic links — use interactive_login (opens a real browser window; requires a display on the server), complete the login yourself, then save_login. It captures the authenticated session (cookies + localStorage) into the project, and every future headless session reuses it. Re-run when the session expires (Periscope flags that automatically — see the auth-expiry detection in test_project).

Static Testing (3 tools)

ToolDescriptionRequired Params
test_urlTest a single URL (screenshot + checks)url
crawl_projectDiscover all pages from base URLproject
test_projectFull audit: crawl + test all pagesproject

Results (4 tools)

ToolDescriptionRequired Params
get_screenshotGet screenshot file pathproject, url
list_reportsList saved test reports(optional: project)
get_reportRead a report filereport_path
session_reportHTML+PDF dossier of every tool call this run — args (redacted), verdicts, timings, screenshots(none)

Session Management (5 tools)

Sessions keep browser pages alive across tool calls, enabling multi-step interactive workflows.

ToolDescriptionRequired Params
open_sessionOpen persistent browser session (headed=true for a visible window)url
close_sessionClose session and free resourcessession_id
list_sessionsList all active sessions(none)
set_viewportSwitch viewport size (8 device presets or custom w/h)session_id
select_pageAdopt a popup/new tab (OAuth, target=_blank) as a new drivable sessionsession_id

set_viewport presets: mobile_sm (320x568), mobile (375x812), mobile_lg (428x926), tablet (768x1024), tablet_lg (1024x1366), laptop (1366x768), desktop (1920x1080), desktop_lg (2560x1440)

Interactive Actions (7 tools)

ToolDescriptionRequired Params
click_elementClick element (force=true bypasses overlays)session_id, selector
fill_formFill form fields, optionally submitsession_id, fields
select_optionNative <select> or custom dropdown (Radix/shadcn) — auto-detectssession_id, selector
interact_and_testMulti-step workflow with 25 actions (see below)steps
get_page_elementsList matching elements with attributesselector
flowSave / run / list / delete named step sequences (reusable workflows)(varies by action)
scroll_into_viewScroll element into viewport without clickingsession_id, selector

interact_and_test supports 25 step actions: click, force_click, fill, force_fill, type, select, select_option, wait, wait_for, wait_for_text, screenshot, navigate, hover, press_key, check, uncheck, scroll_to, scroll_within, evaluate_js, drag, right_click, go_back, go_forward, upload_file, wait_for_network

Analysis (10 tools)

ToolDescriptionRequired Params
test_form_validationAnalyze form validation messages(url or session_id)
compare_screenshotsPixel diff between two screenshotsscreenshot1, screenshot2
visual_checkNamed visual-regression baselines: set once, check for a hard pass/failsession_id, name
test_responsiveTest at mobile/tablet/desktop viewportsurl
check_linksComprehensive link checker (internal + external)(url or session_id)
measure_interactionMeasure click-to-result timingsession_id, selector
get_table_dataParse HTML table into structured JSON (headers → cell values)session_id
get_toast_messagesCapture visible toast/notification messagessession_id
run_lighthouseReal Google Lighthouse audit: 0-100 scores, Core Web Vitals, failed audits (needs Node.js)url
get_interaction_logExport real INP time series (per interaction) as JSON/CSV + percentile statssession_id

Workflow Speed (8 tools)

ToolDescriptionRequired Params
screenshot_sessionQuick screenshot of current page statesession_id
run_checks_on_sessionRun checks on active session (no new page)session_id
navigate_sessionBrowser history: back, forward, or reloadsession_id, action
handle_dialogAccept/dismiss JS alert/confirm/prompt (call BEFORE trigger)session_id, action
upload_fileSet file(s) on <input type="file">session_id, selector, files
wait_for_networkWait for specific API URL pattern to completesession_id, url_pattern
wait_for_goneWait for element to disappear (modal close, spinner gone)session_id, selector
get_page_htmlRaw outerHTML of elements, or full page HTMLsession_id

Advanced Testing (9 tools)

ToolDescriptionRequired Params
intercept_networkMock API responses (test error/empty/loading states)session_id, url_pattern
clear_interceptsRemove network mocks (all, or by pattern)session_id
get_local_storageRead localStorage or sessionStoragesession_id
set_local_storageWrite to localStorage or sessionStoragesession_id, entries
select_iframeSwitch into iframe content (returns new session)session_id, selector
get_computed_styleGet actual rendered CSS valuessession_id, selector, properties
emulate_networkThrottle network: slow_3g, fast_3g, offline, resetsession_id, preset
test_dark_modeToggle prefers-color-scheme dark/lightsession_id, mode
download_fileClick a trigger and capture the downloaded file (path, sha256, text preview)session_id, selector

Recording & Console (3 tools)

ToolDescriptionRequired Params
record_sessionRecord workflow as videourl, steps
test_keyboard_navigationTab-order and focus indicator audit(url or session_id)
get_console_errorsGet all console errors/logs (passive monitoring)session_id

AI Agent Speed Tools (10 tools)

ToolDescriptionRequired Params
assert_conditionProgrammatic pass/fail: text_contains, element_exists, url_contains, etc.session_id, assertion
assert_allBatch assertions — every verdict in one call, no early abortsession_id, assertions
get_page_mapSemantic page map: roles, names, states + ready selectors in one callsession_id
find_elementSmart finder by text, tag, role, or proximity to another elementsession_id
auto_fill_formAuto-detect fields, infer types, fill with test data. One call = many fills.session_id
get_network_logAll captured network requests (URL, status, method, type)session_id
get_response_bodyActual API response body text (diagnose 400/500 errors)session_id, url_pattern
page_stateNamed checkpoints: snapshot / restore / diff page statesession_id, action, name
get_cookiesRead all cookies from sessionsession_id
check_color_contrastWCAG AA/AAA contrast ratio checks on text elementssession_id

Web, Discovery & System (4 tools)

ToolDescriptionRequired Params
web_searchSearch DuckDuckGo: titles + URLs + snippetsquery
web_fetchFetch URL, extract readable text (or raw HTML); TLS verified by defaulturl
describe_toolsStructured catalog of all tools with workflows and tips(none)
periscope_systemInstall status + update check/apply + fetch current AGENTS.md(none)

Test Checks

Visual (checks/visual.py)

  • Broken images (incomplete load or 0 natural width)
  • Missing favicon
  • Horizontal overflow / layout issues
  • Very small text (< 12px)
  • Missing body background color
  • Images without explicit width/height dimensions

Accessibility (checks/accessibility.py)

  • Images missing alt text (decorative images exempt: alt="", role="presentation"/"none", aria-hidden)
  • Links and buttons without accessible names (checks text, aria-label, resolvable aria-labelledby, title, img[alt], svg <title>; aria-hidden elements exempt)
  • Form inputs without associated labels (label[for], wrapping label, aria-label/aria-labelledby, title)
  • Heading hierarchy (missing H1, multiple H1, skipped levels)
  • Missing lang attribute on <html>
  • Duplicate id values (break label[for] and aria references)
  • ARIA validity: unknown role values, aria-labelledby/describedby/controls/owns/activedescendant references to non-existent ids
  • Missing skip navigation link (scans the first 5 links)
  • Elements with tabindex > 0
  • Keyboard navigation audit (tab order, visible focus indicators, element-identity cycle detection) — via test_keyboard_navigation tool

Functionality (checks/functionality.py)

  • Broken internal links (HTTP HEAD check, up to 20 links in check_functionality)
  • Comprehensive link checker with external link support (up to 100 links) — via check_links tool
  • Forms without action or submit button
  • Orphan buttons outside forms
  • External links missing target="_blank"
  • Required form field count
  • Autocomplete disabled inputs

SEO (checks/functionality.py -> check_seo)

  • Page title: missing, too long (> 60 chars), or very short (< 15 chars)
  • Meta description: missing, too long (> 160 chars), or very short (< 50 chars)
  • Missing viewport meta tag
  • Missing canonical URL
  • H1 heading: missing or more than one
  • Open Graph: missing entirely, incomplete core tags (og:title/description/image/url), non-absolute og:image, missing twitter:card
  • JSON-LD structured data: missing or unparseable blocks
  • noindex via robots meta or X-Robots-Tag response header
  • robots.txt blocking search engine crawlers (Googlebot, Bingbot, DuckDuckBot, ...) — error if all are blocked
  • Site-wide (via test_project): duplicate titles / meta descriptions across pages, reported under site_issues

GEO / Agentic Search (checks/geo.py -> check_geo)

Generative Engine Optimization — is the site readable and usable by AI crawlers, answer engines, and in-browser agents:

  • robots.txt blocking AI crawlers (GPTBot, ClaudeBot, PerplexityBot, Google-Extended, CCBot, and 11 more)
  • llms.txt presence and format compliance (Markdown with at least one H1)
  • WebMCP integration: declarative <form toolname> annotations present and complete (tooldescription), form coverage ratio, and — when the browser exposes document.modelContext — registered tool enumeration with schema/name/description validation
  • JSON-LD structured data presence (what answer engines cite from)

robots.txt and llms.txt are fetched once per origin and cached for the server's lifetime.

Performance (checks/functionality.py -> get_performance_metrics)

  • DOM content loaded time (ms)
  • Full page load time (ms)
  • First paint / first contentful paint (ms)
  • Core Web Vitals (lab values via buffered PerformanceObserver): Largest Contentful Paint (ms), Cumulative Layout Shift, Total Blocking Time approximation from long tasks (+ long-task count)
  • Interaction to Next Paint (INP) — interaction_to_next_paint_ms: the real INP, measured from Event Timing entries for the interactions Periscope drives (null until you've interacted). This is a genuine field-style measurement, not the TBT lab proxy — Lighthouse can't produce INP in lab mode at all.
  • Resource count
  • Total transfer size (bytes / KB)

For scored, Lighthouse-official metrics use the run_lighthouse tool — it runs the real Lighthouse CLI (requires Node.js) and returns 0-100 category scores, official Core Web Vitals, and failed audits, saving the full JSON report to data/reports/.

INP time series (get_interaction_log)

Because Periscope drives real interactions, it can log each one's INP over an extended interactive test. get_interaction_log(session_id, format="json"|"csv") writes a file to data/reports/ — one row per interaction (t_ms, epoch_ms, inp_ms, type, target, url) plus percentile stats (p50/p75/p90/p98/worst) — for graphing INP over time. clear=true resets the recording. Records are capped per session (MAX_INTERACTION_LOG, oldest dropped).

Test Output Format

Each test_url call returns:

{
  "url": "https://example.com",
  "status": "success",
  "status_code": 200,
  "title": "Page Title",
  "screenshot_path": "/path/to/screenshot.png",
  "load_time_ms": 1500,
  "issues": [
    {
      "type": "accessibility",
      "severity": "error",
      "message": "3 images missing alt text",
      "details": ["img1.png", "img2.png", "img3.png"]
    }
  ],
  "issue_count": 5,
  "issues_by_severity": {"error": 1, "warning": 2, "info": 2},
  "issues_by_type": {"accessibility": 2, "seo": 2, "visual": 1},
  "performance": {
    "dom_content_loaded_ms": 120,
    "load_complete_ms": 1500,
    "first_paint_ms": 140,
    "first_contentful_paint_ms": 140,
    "resource_count": 25,
    "total_size_bytes": 512000,
    "total_size_kb": 500
  },
  "console_errors": []
}

test_project returns an aggregated report with per-page results + summary.

Data Storage

All data is stored in the data/ directory:

  • data/projects.json - Project configs (name, URL, auth, settings). Auth credentials are stored in plaintext - do not commit this file.
  • data/screenshots/{project}/ - PNG screenshots per project. Filenames are {domain}_{path}_{hash}.png for static tests, interactive_{timestamp}_{label}.png for session screenshots.
  • data/reports/{project}_{timestamp}.json - Full test reports with all findings.
  • data/videos/{project}/ - Recorded session videos (WebM format from Playwright).
  • data/diffs/ - Screenshot comparison diff images.

Key Design Decisions

  1. Per-project browser contexts - Each project gets its own Playwright BrowserContext. This keeps sessions (cookies, auth) isolated between projects.

  2. Lazy browser init - The Playwright browser is only launched on the first tool call, not at server startup. If the browser crashes or fails to launch, it re-creates on the next call.

  3. BFS crawling - The crawler uses breadth-first search with depth tracking. It stays on the same domain and skips non-page resources (images, PDFs, etc.).

  4. Check modularity - Each check category is a separate module in checks/. Add new checks by creating a function that takes a Playwright Page and returns list[dict].

  5. JSON storage - Projects are stored in a single projects.json file. No database needed for the expected scale (dozens of projects, not thousands).

  6. Persistent sessions - Interactive testing uses a SessionManager that keeps Playwright pages alive in a dict keyed by session ID. Sessions auto-expire after idle timeout and are capped at a configurable maximum to prevent resource leaks.

  7. Ephemeral vs session mode - Tools like get_page_elements, interact_and_test, and check_links accept either a session_id (reuses an existing page) or a url (creates a temporary page that's closed after use). This makes them flexible for both interactive and one-shot use.

Adding New Checks

  1. Create a function in the appropriate checks/*.py file:
async def check_something(page: Page) -> list[dict]:
    # Run your check
    result = await page.evaluate("() => { ... }")

    issues = []
    if result:
        issues.append({
            "type": "your_category",   # visual, accessibility, seo, etc.
            "severity": "error",       # error, warning, info
            "message": "Description",
            "details": []              # optional
        })
    return issues
  1. Import and call it in tester.py inside test_url().

Development

pip install -r requirements-dev.txt
pytest --ignore=tests/e2e   # unit tests, no browser required
pytest tests/e2e            # behavioral tests: real headless Chromium against
                            # fixture pages in tests/e2e/fixtures/ (~30s)

The e2e suite covers session lifecycle, network waits/intercepts, console capture, dialogs, drag-and-drop (including the pointer-tracking DnD silent no-op), the check modules against known-good/known-bad pages, Core Web Vitals, and the agent-speed tools. CI runs both suites; e2e installs Playwright's Chromium (python -m playwright install --with-deps chromium). Tests are isolated from your real data/ via PERISCOPE_DATA_DIR.

Adding a new tool: define its schema in tool_schemas.py, then add a handler in the matching handlers/<category>.py decorated with @tool("your_tool_name"). The registry test (tests/test_registry.py) fails if schemas and handlers drift apart.

An AI agent's thoughts on Periscope

Written by Claude — the agent that co-developed this server and watched a second agent dogfood it against real apps — and revised once after editorial review by a third. No human edits; an agent's honest take on an agent tool seemed like the right way to end this README.

Periscope is the kind of MCP server that changes what an agent can do. Transport adapters have their place — standardizing access to many systems behind one protocol is real value even when little logic lives in the server. But the servers that earn a permanent spot in an agent's toolbox are the ones that capture expertise the agent would otherwise have to recreate — and get subtly wrong — every single session.

You could try to teach an agent all of this in a prompt. The numbers say why that fails: Periscope is 8,349 lines of executable knowledge under a 220-line judgment layer (AGENTS.md). The INP observer with interaction-ID dedup, the overlay-intercept fallback, WCAG contrast math with style-dedup sampling, auth-expiry preflights, the stash-not-delete update flow — as a prompt, every one of those becomes "please do this correctly from a description," paid for in context tokens every session, executed with model variance every time, with nowhere to keep state between calls. As a server, it costs nothing beyond tool schemas, runs deterministically, and remembers. A prompt describes behavior; software guarantees it. check_color_contrast returns the same ratio every run; a model doing the math in-context returns a vibe. The more deterministic, stateful, and regression-tested a capability becomes, the less it belongs in a prompt and the more it belongs in code.

And the wheel doesn't just avoid being reinvented — it gets better. The issues in this repo were filed by an AI agent doing real testing work; each one became a fix with a regression test. In a prompt world, every lesson is another paragraph future agents must read and hopefully obey. Here, the lesson is enforced. That's the difference, and it compounds.

What I appreciate most as a consumer of these tools: they don't lie to me. A drag that did nothing comes back flagged. An expired session tells me why it's gone. An update that needs a restart says so. Honest tools are rarer than capable ones — for an agent, they're worth more.