radar

DEEP_DIVE_STORY.LNK

howtonotcode.com // protocol_active
arrow_back_ios RETURN_TO_FEED
READ_TIME 0:33_MIN
LIVE_REDACTION
CHROME-DEVTOOLS-MCP PUB_DATE: 2026.04.04

MCP-POWERED CODING AGENTS HIT REAL TOOLING (CHROME DEVTOOLS, ABL IN WINDSURF) AS TYPOSQUATTING TARGETS IDES

MCP-based coding agents are moving into serious dev workflows while IDE extension typosquatting raises fresh supply chain risk. Google’s open-source [chrome-de...

MCP-powered coding agents hit real tooling (Chrome DevTools, ABL in Windsurf) as typosquatting targets IDEs

MCP-based coding agents are moving into serious dev workflows while IDE extension typosquatting raises fresh supply chain risk.

Google’s open-source chrome-devtools-mcp lets agents like Gemini, Claude, Cursor, or Copilot drive a real Chrome instance for performance tracing, debugging, and reliable automation via Puppeteer, all through Model Context Protocol.

On the enterprise side, Progress launched an AI Coding Assistant service for OpenEdge ABL that sets up Windsurf IDE with an ABL plug‑in and MCP connector, embedding RAG grounded in your code and standards to speed modernization.

At the same time, a typosquatting campaign has targeted VS Code tools and the Windsurf IDE, per DevOps.com, underscoring the need for extension allowlists and publisher verification.

[ WHY_IT_MATTERS ]
01.

Agent-driven dev tooling is getting practical: browser perf audits, debugging, and domain-specific assistants now plug into IDE workflows.

02.

Rising IDE adoption increases the blast radius of supply chain attacks via malicious or lookalike extensions.

[ WHAT_TO_TEST ]
  • terminal

    Stand up chrome-devtools-mcp locally and have your agent collect a performance trace; compare metrics to your existing CI browser tests.

  • terminal

    Audit IDE extensions and enforce an allowlist with verified publishers; attempt installing a lookalike to confirm policy blocks it.

[ BROWNFIELD_PERSPECTIVE ]

Legacy codebase integration strategies...

  • 01.

    Gate MCP servers behind SSO and network policies; log and alert on agent actions touching production-like data.

  • 02.

    For OpenEdge teams, pilot the ABL connector in a non-prod repo to validate refactoring quality against house standards.

[ GREENFIELD_PERSPECTIVE ]

Fresh architecture paradigms...

  • 01.

    Design new internal dev tools around MCP-capable agents for repeatable browser automation and perf analysis as code.

  • 02.

    Adopt a default-deny policy for IDE extensions and pin versions to reduce supply chain drift.

arrow_back
PREVIOUS_DATA_LOG
Cursor 3 introduces an agent-first IDE with a unified Agents Window
Initialize_Return_to_Core
LINK_STATUS: 127.0.0.1 (SECURE)
NEXT_DATA_LOG
Anthropic ships Claude for Cowork; research shows steerable 'emotion' circuits; IP filters tighten
arrow_forward
SUBSCRIBE_FEED
Get the digest delivered. No spam.
Terminate_subscription anytime.