I spent a full day fighting a Tiptap editor through CDP to post short notes from a side project of mine. Rewrote the injection script four times. Mapped out ProseMirror's transaction API. Worked around isTrusted checks. Got it to render the text. Got the publish button to enable. Got a 200 back. Watched the post not actually appear because the editor's internal state hadn't been updated through a real input event.
Then I searched npm. There was a maintained TypeScript package, updated March 2026, that did the whole thing in three lines:
api.newPost().text(x).publish()
No browser. No CDP. No Tiptap. The problem was already solved. I just hadn't searched first.
That day became the first rule in my CLAUDE.md. Then four more, because the underlying mistake had layers.
1. Search before building. Always.
Any time the AI is about to write browser automation, reverse-engineer a private API, or fight a platform's DOM, it has to pause and search first. Targets in order: GitHub (site:github.com <platform> api typescript), npm (npm search <platform>), and MCP server registries. Someone has almost always fought this before. The 20-minute install beats the day of debugging every single time, and the only way I learned that was by paying the day.
2. Verify the library can write, not just read.
This one cost me a second smaller hole. Half the packages you find for a given platform are read-only scrapers. They'll happily list posts and pull comments and do nothing you actually need. Before I let the AI commit to a dependency, the rule is: confirm there's a publish, create, post, or submit method in the public API. If the README only shows GET-style examples, keep searching.
3. Check that the package is actually maintained.
last commit: < 6 months ago
open issues: not a graveyard
latest release: matches the README examples
A stale package is worse than no package, because it lulls you into thinking the problem is solved when the auth flow it relies on broke six months ago. Six months of commit activity is the cheap heuristic I encoded. It's not perfect but it filters out the abandoned ones in two clicks.
4. Prefer libraries with a stable auth mechanism.
The Tiptap package I eventually used authenticated with a cookie token I pasted once. The fragile alternative is anything that scripts a login form, because login forms get reworked, get CAPTCHAs added, get extra CSRF steps. Cookie or token auth survives UI redesigns. Form-driven login dies the next time the platform ships a new sign-in page. So the rule says: if the only auth path is DOM login, treat the library as a last resort.
5. When nothing exists, document what you searched.
This is the rule that keeps future-me from repeating present-me's mistake. If a real search genuinely turns up nothing and custom automation is justified, the AI has to write down what queries it ran and what registries it checked, in a comment at the top of the new file. Otherwise three weeks later I'll be in the same spot, wondering if anything has shipped since, and I'll re-do the same fruitless search instead of trusting the prior negative result. Document the dead end and the next session inherits it.
These five rules pair with a Documentation-First rule I keep alongside them. Search-Before-Building finds the tool. Documentation-First makes sure the AI actually reads the README instead of guessing at the API shape from the package name. The two together have killed almost every "let's just script the browser" instinct my AI used to have by default.
The shift in how my AI proposes solutions has been noticeable. Where it used to reach for Puppeteer or a CDP snippet within the first message, it now opens with a search step and reports back with two or three candidate libraries before writing a single line of new code. The first time it said "I checked npm and GitHub, nothing maintained exists for this, here's what I searched" before falling back to custom code, I knew the rule had landed.
If you want to copy these into your own setup, here's the format that works in CLAUDE.md, cursor rules, or copilot instructions:
Before writing custom browser automation, API reverse-engineering, or DOM workarounds, search GitHub, npm, and MCP server registries for an existing library first. Only build custom if a real search returns nothing, and if you do, document the queries you ran so the next session doesn't repeat them.
Add it once, save yourself the next version of this same day.
Tags: #claudecode #ai #productivity #devtools #javascript
Top comments (0)