{"id":"civyk-official-civyk-winwright","name":"civyk-winwright","homepage":"https://github.com/civyk-official/civyk-winwright","repo_url":"https://github.com/civyk-official/civyk-winwright","category":"automation","subcategories":[],"tags":["windows","mcp","playwright-style","automation","ui-automation","rpa","wpf","winforms","win32","cdp","testing","desktop","security-guards"],"what_it_does":"WinWright is a Windows-only automation server that exposes ~59 tool endpoints to AI agents via Model Context Protocol (MCP) for controlling and inspecting Windows desktop applications (WPF/WinForms/Win32 via UI Automation) and Chrome/Edge (via CDP). It supports recording actions into portable JSON scripts for deterministic replay (winwright run) and can attempt self-healing of broken selectors (winwright heal).","use_cases":["AI-assisted scripted UI test creation for Windows desktop (WPF/WinForms/Win32) and mixed desktop+browser workflows","Record-and-replay deterministic UI automation in CI without ongoing LLM calls","Self-healing/reparation of selectors when UI layout changes","Legacy app data extraction via UI Automation (read values from apps without APIs)","Accessibility auditing by traversing UIA element trees and validating labels/names/keyboard paths","Automating repetitive desktop tasks and multi-app workflows","Operational health checks of running desktop applications (process/service/UI status)","Remote administration over HTTP for processes/services/registry/tasks (per README security claims)"],"not_for":["Linux or macOS automation","Browser-only testing where Playwright is more mature","High-throughput data pipelines (UI automation reads controls serially; not a bulk data API)","Environments requiring strong network security guarantees without local/controlled access"],"best_when":"You need an MCP-compatible tool server that can drive the Windows desktop UI (plus optional Chrome/Edge via CDP) and you want deterministic replay via recorded scripts.","avoid_when":"You cannot run Windows 10/11, or you need primarily web-only testing, or you require strict, documented enterprise-grade security (authn/z, TLS, and operational guarantees) beyond a local tool-server model.","alternatives":["Playwright (browser automation only)","UiPath / Power Automate Desktop (visual RPA tools and orchestration)","WinAppDriver (Windows desktop automation alternative)","Custom UI Automation + scripting (UIA3) without an MCP tool server"],"af_score":59.0,"security_score":40.5,"reliability_score":23.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:22:36.648193+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"stdio (named in README) or HTTP on localhost (e.g., http://localhost:8765/mcp)","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Local/stdio MCP server (no mention of authentication in README)","HTTP MCP server (README does not document authentication; only claims about remote administration security controls)"],"oauth":false,"scopes":false,"notes":"README shows local MCP server configuration for Claude Code/VSCode (stdio) and an HTTP mode (serve --port 8765). It does not clearly document authN/authZ for the MCP transport itself; it does describe runtime permission guards in winwright.json and includes a 'five-layer security' claim for remote administration, but details are not fully specified in the provided content."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"License is described as Freeware/Free to use for any purpose; pricing for usage is not presented as a metered service. There may be indirect cost from AI agent usage during recording, but replay is described as deterministic without LLM/token costs."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":59.0,"security_score":40.5,"reliability_score":23.8,"mcp_server_quality":70.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":85.0,"rate_limit_clarity":20.0,"tls_enforcement":20.0,"auth_strength":40.0,"scope_granularity":60.0,"dependency_hygiene":30.0,"secret_handling":50.0,"security_notes":"README describes dangerous operations disabled by default via winwright.json permissions (e.g., allowRegistryWrite, allowProcessKill, allowFileWrite, allowServiceControl, allowBrowserEval, allowNetworkProbe). It also mentions 'runtime permission guards' and audit.jsonl logging. However, transport-layer security details for the MCP HTTP mode (TLS, auth) are not provided in the supplied content. Dependency hygiene and secret-handling practices are not verifiable from the provided README/metadata alone.","uptime_documented":0.0,"version_stability":30.0,"breaking_changes_history":20.0,"error_recovery":45.0,"idempotency_support":"false","idempotency_notes":"No idempotency guidance is provided. Some operations (e.g., launching apps, clicking, typing) are inherently stateful; replay scripts are deterministic but not described as idempotent at the tool level.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Tool server is Windows-only and relies on UIA/desktop state; agent actions may fail if the UI is not ready or focus is different.","For HTTP MCP mode, ensure you control network exposure; README examples use localhost.","Statefulness: launching apps and interacting with UIs is not naturally idempotent—retries may cause duplicated actions unless the caller uses appropriate guards."]}}