Engineering Agent Interfaces: Lessons from Chrome DevTools
AI Engineergo watch the original →
the gist
Building effective agent interfaces requires treating models as a distinct user segment with specific needs for data density, error recovery, and security, rather than just repurposing human-facing tools.
Optimizing for Agent Efficiency
Agents are a distinct user class that prefers data density and schema clarity over the visual layouts required by humans. To manage token costs, the team moved away from raw JSON trace files, which often exceeded 50,000 lines, in favor of semantic markdown summaries that point the agent directly to relevant performance metrics like Largest Contentful Paint (LCP).
To measure the fuel efficiency of these interfaces, the team introduced the metric tokens per successful outcome. This metric balances effectiveness (completing the user journey) against efficiency (token cost and duration). The team also implemented a 'slim mode' that limits the exposed toolset to three core functions—select page, navigate page, and evaluate script—to reduce context window bloat, though this introduces a trade-off where agents may require more turns to complete complex tasks.
Error Recovery and Tool Discovery
Generic error messages often cause agents to stall. The team improved resilience by rewriting error outputs to be actionable. For example, changing a vague 'Unable to navigate back' to 'Cannot navigate back, no previous page in history' allows the agent to self-heal without human intervention.
Regarding tool discovery, the team found that a single monolithic 'debug_webpage' tool was ineffective, but decomposing it into 25 tools created a discovery problem. To mitigate this, they focused on improving tool descriptions, noting that 97% of MCP tool descriptions suffer from quality issues. They now prioritize clear definitions of core functions and explicit activation criteria to help models select the correct tool.
Trust Boundaries
Despite user requests to remove friction by remembering authorization, the team maintained mandatory manual consent for 'autoconnect' features. This design choice prevents the 'lethal trifecta' of prompt injection and unauthorized data access. The team categorizes security into three tiers:
- Tier 1 (Local Dev): Human-in-the-loop with time-bound access to local profiles.
- Tier 2 (CI): Isolated environments using containers and separate Chrome profiles.
- Tier 3 (Internet-facing): High-risk environments requiring domain allow-lists and strict prompt injection mitigations.