Engineering Agent Interfaces: Lessons from Chrome DevTools

AI Engineergo watch the original →

Building effective agent interfaces requires treating models as a distinct user segment with specific needs for data density, error recovery, and security, rather than just repurposing human-facing tools.

Optimizing for Agent Efficiency

Agents are a distinct user class that prefers data density and schema clarity over the visual layouts required by humans. To manage token costs, the team moved away from raw JSON trace files, which often exceeded 50,000 lines, in favor of semantic markdown summaries that point the agent directly to relevant performance metrics like Largest Contentful Paint (LCP).

To measure the fuel efficiency of these interfaces, the team introduced the metric tokens per successful outcome. This metric balances effectiveness (completing the user journey) against efficiency (token cost and duration). The team also implemented a 'slim mode' that limits the exposed toolset to three core functions—select page, navigate page, and evaluate script—to reduce context window bloat, though this introduces a trade-off where agents may require more turns to complete complex tasks.

Error Recovery and Tool Discovery

Generic error messages often cause agents to stall. The team improved resilience by rewriting error outputs to be actionable. For example, changing a vague 'Unable to navigate back' to 'Cannot navigate back, no previous page in history' allows the agent to self-heal without human intervention.

Regarding tool discovery, the team found that a single monolithic 'debug_webpage' tool was ineffective, but decomposing it into 25 tools created a discovery problem. To mitigate this, they focused on improving tool descriptions, noting that 97% of MCP tool descriptions suffer from quality issues. They now prioritize clear definitions of core functions and explicit activation criteria to help models select the correct tool.

Trust Boundaries

Despite user requests to remove friction by remembering authorization, the team maintained mandatory manual consent for 'autoconnect' features. This design choice prevents the 'lethal trifecta' of prompt injection and unauthorized data access. The team categorizes security into three tiers:

  • Tier 1 (Local Dev): Human-in-the-loop with time-bound access to local profiles.
  • Tier 2 (CI): Isolated environments using containers and separate Chrome profiles.
  • Tier 3 (Internet-facing): High-risk environments requiring domain allow-lists and strict prompt injection mitigations.
  • #ai
  • #dev-tooling
  • #mcp

summary by google/gemini-3.1-flash-lite. probably wrong about something. check the source.