telerik
diff --git a/‎agent-tools/agent-skills.md‎
Lines changed: 210 additions & 0 deletions b/‎agent-tools/agent-skills.md‎
Lines changed: 210 additions & 0 deletions
diff --git a/‎agent-tools/creating-custom-skills.md‎
Lines changed: 181 additions & 0 deletions b/‎agent-tools/creating-custom-skills.md‎
Lines changed: 181 additions & 0 deletions
@@ -0,0 +1,210 @@
+---
+title: Agent Skills
+page_title: Fiddler Everywhere Agent Skills – Automate MCP Setup and Traffic Analysis in AI Coding Tools
+description: "Install and use the official Fiddler Everywhere agent skills to automate MCP server configuration, HTTPS traffic analysis, and Fiddler installation in AI-powered IDEs such as GitHub Copilot, Claude Code, Cursor, Windsurf, and OpenAI Codex CLI."
+slug: fiddler-agent-skills
+publish: true
+position: 15
+---
+
+# Agent Skills
+
+Agent skills are instruction files that extend your coding assistant with the ability to interact with Fiddler Everywhere through its [MCP server](slug://fiddler-mcp-server). Once loaded, your coding tool can capture, inspect, and analyze live HTTPS traffic without you having to leave your editor.
+
+The official Fiddler Everywhere skills are hosted in the [fiddler-agent-tools](https://github.com/telerik/fiddler-agent-tools) GitHub repository and cover three common workflows out of the box:
+
+| Skill | Purpose |
+|:------|:--------|
+| `fiddler-download-setup` | Download, install, and launch Fiddler Everywhere from scratch. |
+| `fiddler-mcp-setup` | Connect your coding assistant to the Fiddler MCP server. |
+| `fiddler-feature-verification` | Verify that a feature's HTTP calls completed correctly by analyzing captured traffic. |
+
+>tip You can also [create your own custom skills](slug://fiddler-creating-custom-skills) to tailor Fiddler-powered workflows to your specific needs.
+
+## Prerequisites
+
+- Fiddler Everywhere **Pro** or higher subscription.
+- A supported coding tool (see [Supported Tools](#supported-tools)).
+- **Node.js** installed — required when using Claude Desktop (the `npx mcp-remote` bridge).
+- Git or a browser — to clone or download the repository.
+
+## Installation
+
+Clone or download the [fiddler-agent-tools](https://github.com/telerik/fiddler-agent-tools) repository to your local machine:
+
+```bash
+git clone https://github.com/telerik/fiddler-agent-tools.git
+```
+
+Each skill lives as a `SKILL.md` file inside its own folder under `skills/`:
+
+```
+fiddler-agent-tools/
+  skills/
+    fiddler-download-setup/SKILL.md
+    fiddler-mcp-setup/SKILL.md
+    fiddler-feature-verification/SKILL.md
+```
+
+After cloning, point your coding tool at the skill files using the configuration steps for your tool below.
+
+## Supported Tools
+
+### GitHub Copilot in VS Code
+
+Skills are loaded as [custom instructions](https://docs.github.com/en/copilot/customizing-copilot/adding-custom-instructions-for-github-copilot). Add the skill files to your workspace's `.github/` folder or reference them via your user-level instructions file.
+
+1. Copy or symlink the `SKILL.md` files you want into `.github/copilot-instructions.md` or include them using the `files` directive in your Copilot configuration.
+2. Open the Copilot Chat panel, switch to **Agent** mode, and activate the `@workspace` agent.
+3. Invoke a skill by describing the task in natural language (see [Invoking Skills](#invoking-skills)).
+
+### GitHub Copilot CLI
+
+Add the skill files to your Copilot CLI configuration directory (`~/.copilot/`):
+
+1. Create or edit `~/.copilot/mcp-config.json` and add the Fiddler MCP server entry (the `fiddler-mcp-setup` skill generates this file for you automatically).
+2. Reference skill content by passing it as context when running `gh copilot suggest` or `gh copilot explain`.
+
+### Claude Code
+
+Claude Code loads skills automatically when a `SKILL.md` is placed in a `.claude/skills/` folder inside your project directory, or when you register the skill path in the project's Claude config.
+
+1. Create a `.claude/skills/` directory in your project and copy the skill folders there:
+   ```bash
+   mkdir -p .claude/skills
+   cp -r /path/to/fiddler-agent-tools/skills/* .claude/skills/
+   ```
+2. Start (or restart) Claude Code from your project directory. The skills are loaded automatically.
+3. Add `.claude/skills/` to `.gitignore` if the skills folder should stay local.
+
+### Claude Desktop
+
+Claude Desktop uses a bridge (`npx mcp-remote`) to connect to the Fiddler HTTP MCP server. The `fiddler-mcp-setup` skill generates the correct configuration.
+
+1. Ensure **Node.js** is installed (`node --version`).
+2. Run the `fiddler-mcp-setup` skill (see [Invoking Skills](#invoking-skills)) — it will write the configuration to the Claude Desktop config file automatically.
+3. Restart Claude Desktop to apply the changes.
+
+### Cursor
+
+Cursor supports agent skills placed in the `.cursor/` folder of your project.
+
+1. Copy the skill folders into `.cursor/skills/`:
+   ```bash
+   mkdir -p .cursor/skills
+   cp -r /path/to/fiddler-agent-tools/skills/* .cursor/skills/
+   ```
+2. Restart Cursor or reload the project. The skills are available in Composer and the Chat panel.
+
+### Windsurf
+
+Place the skill files in your Windsurf workspace and reference them as custom context:
+
+1. Copy the skill folders into a `.windsurf/skills/` directory in your project.
+2. In the Windsurf Cascade panel, use **Add context** to attach the relevant `SKILL.md` when you want to invoke a skill.
+
+### OpenAI Codex CLI
+
+Codex CLI loads skills from `~/.codex/` or from a project-local `.codex/` directory.
+
+1. Copy the skill folders into `.codex/skills/`:
+   ```bash
+   mkdir -p .codex/skills
+   cp -r /path/to/fiddler-agent-tools/skills/* .codex/skills/
+   ```
+2. Codex picks up the skills automatically on the next invocation.
+
+## Invoking Skills
+
+Skills are triggered by describing your intent in natural language. Each skill includes a description that helps the agent recognize when it should be applied. The table below shows the typical trigger phrases for each skill.
+
+| Skill | When the Agent Invokes It | Example Trigger Phrase |
+|:------|:--------------------------|:-----------------------|
+| `fiddler-download-setup` | Fiddler Everywhere is not installed | *"Download and install Fiddler Everywhere"* / *"Set up Fiddler from scratch"* |
+| `fiddler-mcp-setup` | MCP tools are unavailable, auth errors, first-time setup | *"Set up Fiddler MCP"* / *"Connect Fiddler to my IDE"* / *"I can't see Fiddler tools"* |
+| `fiddler-feature-verification` | After running a feature you want to verify via HTTP traffic | *"Verify the HTTP calls my feature made"* / *"Check what requests my app sent"* |
+
+---
+
+## Available Skills
+
+### fiddler-download-setup
+
+**Purpose**: Automates the complete first-time installation of Fiddler Everywhere on macOS, Linux, or Windows — from downloading the installer to launching the application.
+
+**What it does**:
+1. Checks whether Fiddler Everywhere is already installed.
+2. Detects the operating system and resolves the latest version from the official manifest.
+3. Downloads the installer for your platform.
+4. Runs a silent installation (with a native macOS privilege prompt where required).
+5. Launches Fiddler Everywhere.
+
+**When to use**: Use this skill when a developer does not have Fiddler Everywhere installed yet and wants to go from zero to a running Fiddler instance in one step.
+
+**Typical invocation**: *"Download Fiddler Everywhere"*, *"Install Fiddler for me"*, *"Get started with Fiddler"*
+
+---
+
+### fiddler-mcp-setup
+
+**Purpose**: Connects your coding assistant to the Fiddler Everywhere MCP server. It discovers the correct port, retrieves or generates an API key, writes the right config file for your tool, and gitignores it to keep the key out of source control.
+
+**What it does**:
+1. Verifies Fiddler Everywhere is installed and running.
+2. Detects the current coding tool (VS Code, Claude Code, Cursor, etc.) from directory markers.
+3. Checks whether a Fiddler MCP config already exists.
+4. Discovers the MCP port (default `8868`) and confirms it is reachable.
+5. Calls the Fiddler key-management endpoint to retrieve or generate a unique API key.
+6. Probes the server with the key to confirm the connection is valid.
+7. Writes the correct config file for the detected tool with the right JSON (or TOML) schema.
+8. Appends the config file to `.gitignore` if the file is inside a project directory.
+9. Initiates the Fiddler login flow if the user is not yet authenticated.
+
+**When to use**: Use this skill whenever the Fiddler MCP tools are not available in a session, on first-time setup, or when you encounter authentication errors connecting to Fiddler.
+
+**Typical invocation**: *"Set up Fiddler MCP"*, *"I can't see Fiddler tools"*, *"Connect Fiddler to VS Code"*, *"tool not found error"*
+
+---
+
+### fiddler-feature-verification
+
+**Purpose**: Analyzes the HTTPS traffic captured by Fiddler Everywhere after you run a feature or user flow, and produces a structured report grouped by endpoint — flagging failures, auth errors, retries, and slow calls.
+
+**What it does**:
+1. Calls `get_status` to confirm Fiddler is reachable and capturing.
+2. Calls `get_sessions_count` to check that traffic was captured.
+3. Calls `get_sessions` to retrieve the captured session list.
+4. Optionally uses `apply_filters` to narrow a large or noisy capture to the relevant traffic.
+5. Groups sessions by endpoint (host + normalized path).
+6. Calls `get_session_details` for failures, slow calls, and representative successful requests.
+7. Produces a plain-language verification report with verdict, endpoint summary, timing, status-code distribution, and a flagged issues list.
+
+**Output format**:
+```
+Feature Verification
+
+Overall verdict: [Feature appears healthy / partially successful / likely failed / Inconclusive]
+
+Traffic window: [description of the analyzed capture window]
+
+Endpoint summary:
+- METHOD HOST /normalized/path
+  Calls: N  |  Statuses: 200 x3, 401 x1  |  Timing: avg Xms, max Yms
+  What happened: [plain-language summary]
+
+Possible issues:
+- ⚠️ [Endpoint] [Issue name] — [explanation]
+
+Conclusion:
+- [Short answer on whether the feature appears to work correctly]
+```
+
+**When to use**: Run this skill after executing a feature, clicking a UI flow, or running an integration test — whenever you want to confirm that the HTTP calls your application made look correct.
+
+**Typical invocation**: *"Verify the HTTP calls my feature made"*, *"Check what requests my app sent"*, *"Did my login flow work correctly?"*, *"Are there any errors in the captured traffic?"*
+
+## See Also
+
+* [Fiddler Everywhere MCP Server](slug://fiddler-mcp-server)
+* [Prompt Library](slug://fiddler_ai_prompt_library)
+* [Creating Custom Skills](slug://fiddler-creating-custom-skills)
@@ -0,0 +1,181 @@
+---
+title: Creating Custom Skills
+page_title: Creating Custom Fiddler Agent Skills – Build AI-Powered HTTP Analysis Workflows
+description: "Learn how to build custom Fiddler Everywhere agent skills that combine MCP tools with your own analysis logic. Extend AI coding assistants like GitHub Copilot, Claude, and Cursor with tailored LLM-driven HTTPS traffic workflows and share them with your team."
+slug: fiddler-creating-custom-skills
+publish: true
+position: 20
+---
+
+# Creating Custom Skills
+
+The [official Fiddler agent skills](slug://fiddler-agent-skills) cover the most common workflows, but you can write your own skills to automate any Fiddler-powered analysis or debugging task that is specific to your application or team.
+
+A **skill** is a plain Markdown file (`SKILL.md`) that instructs a coding assistant on how to perform a specific task. The file describes what the skill does (for automatic invocation), lists the operating rules the agent must follow, and documents the step-by-step procedure including which Fiddler MCP tools to call and what output to produce.
+
+## Skill File Structure
+
+A well-formed `SKILL.md` has three parts: **YAML frontmatter**, **operating rules**, and **procedure steps**.
+
+```markdown
+---
+name: my-skill-name
+description: >
+  Short description of when and why this skill should be invoked.
+  Write it so that the agent's skill-matching logic can recognize
+  the right moment to load this skill automatically.
+---
+
+# Skill Title
+
+One-sentence summary of what this skill accomplishes.
+
+## Operating rules
+
+- Rule 1 — a constraint that must always hold (e.g. "Use MCP tools only; do not grep local files for traffic data.")
+- Rule 2 — another invariant
+
+## Steps
+
+1. First step.
+2. Second step.
+...
+
+## Output format
+
+Describe the exact shape of the final output the agent should produce.
+```
+
+### Frontmatter fields
+
+| Field | Required | Description |
+|:------|:---------|:------------|
+| `name` | Yes | Unique identifier for the skill (kebab-case). Used for logging and disambiguation. |
+| `description` | Yes | Plain-language description of the skill's purpose and the situations in which it should be activated. This text is used by the agent to decide whether to load the skill. The more specific it is, the more reliably the skill is invoked. |
+
+## Using Fiddler MCP Tools in a Skill
+
+Skills interact with Fiddler Everywhere through its MCP tools. When writing a skill, instruct the agent to call these tools by name instead of using shell commands, file reads, or other workarounds.
+
+The most useful tools for custom skills are:
+
+| Tool | What it returns | Typical use |
+|:-----|:----------------|:-----------|
+| `get_status` | Login state, capturing status, session count | Health check at the start of a skill |
+| `get_sessions` | List of captured sessions with metadata | Identify which sessions belong to the feature under analysis |
+| `get_sessions_count` | Total session count | Quick sanity check before heavier calls |
+| `get_session_details(id)` | Full request/response headers and body | Inspect specific sessions in depth |
+| `apply_filters` | (modifies the active session view) | Narrow a large capture to relevant traffic before calling `get_sessions` |
+| `create_rule` | (creates a traffic manipulation rule) | Automate response modification, header injection, redirect, etc. |
+| `clear_sessions` | (clears all captured sessions) | Reset state at the start of a clean test run |
+| `start_capture_with_browser` | (launches a browser with proxy pre-set) | Automate a browser-based capture |
+| `start_capture_with_terminal` | (opens a proxied terminal) | Automate a CLI-based capture |
+
+Refer to the [Fiddler MCP Server](slug://fiddler-mcp-server#available-mcp-tools) article for the complete tool reference.
+
+### Tips for writing reliable skill steps
+
+- **Start with `get_status`** — always confirm Fiddler is reachable and the user is logged in before proceeding.
+- **Use `apply_filters` before `get_sessions`** when the capture may be noisy — this reduces the data the agent must reason about.
+- **Limit `get_session_details` calls** — call it only for sessions that genuinely need deep inspection (failures, slow calls, key representative requests). Avoid calling it for every session.
+- **Be explicit about output format** — define the exact shape of the report the agent should produce. This makes the skill's output consistent and easy to consume.
+- **Keep operating rules short and unambiguous** — every rule should be a hard constraint, not advice.
+
+## Walkthrough: A Custom Security Header Check Skill
+
+The following example builds a skill that checks all captured sessions for missing or misconfigured security response headers, then produces a prioritized findings list.
+
+### 1. Create the skill folder and file
+
+```bash
+mkdir -p .claude/skills/fiddler-security-header-check
+touch .claude/skills/fiddler-security-header-check/SKILL.md
+```
+
+### 2. Write the SKILL.md
+
+```markdown
+---
+name: fiddler-security-header-check
+description: >
+  Analyze captured HTTPS sessions for missing or misconfigured security
+  response headers (Content-Security-Policy, Strict-Transport-Security,
+  X-Frame-Options, X-Content-Type-Options, Referrer-Policy).
+  Use this skill when a developer asks to check security headers, audit
+  response headers, or verify that hardening headers are present.
+---
+
+# Security Header Check
+
+Inspect captured HTTPS traffic and report missing or misconfigured
+security response headers across all relevant endpoints.
+
+## Operating rules
+
+- Use Fiddler MCP tools for all traffic inspection. Do not read local files.
+- Call get_session_details only for sessions with status 2xx or 3xx responses
+  and only up to 20 sessions. Prioritize unique hosts.
+- Do not report OPTIONS preflight sessions — skip them.
+
+## Steps
+
+1. Call get_status. Confirm Fiddler is reachable and the user is logged in.
+   If session count is 0, stop and ask the user to capture traffic first.
+2. Call get_sessions to retrieve the session list.
+3. Filter to unique (host, path) pairs — ignore query strings and fragment identifiers.
+   Deduplicate by host to keep the analysis manageable.
+4. For each unique host (up to 10), call get_session_details for the
+   most recent successful (2xx/3xx) session.
+5. For each response, check for the presence and correctness of:
+   - Content-Security-Policy
+   - Strict-Transport-Security (HSTS)
+   - X-Frame-Options
+   - X-Content-Type-Options
+   - Referrer-Policy
+6. Produce the output report described below.
+
+## Output format
+
+Security Header Report
+
+Hosts analyzed: N
+
+| Header | Status | Details |
+|:-------|:-------|:--------|
+| Content-Security-Policy | ✅ Present / ❌ Missing / ⚠️ Misconfigured | [value or reason] |
+| Strict-Transport-Security | ... | ... |
+| X-Frame-Options | ... | ... |
+| X-Content-Type-Options | ... | ... |
+| Referrer-Policy | ... | ... |
+
+Findings:
+- ❌ [HOST] Missing Content-Security-Policy — all responses lacked this header.
+- ⚠️ [HOST] Weak HSTS max-age — max-age=300 is below the recommended 31536000.
+
+Recommendation:
+[Short actionable summary of the most important fixes]
+```
+
+### 3. Load and invoke the skill
+
+Place the `SKILL.md` in `.claude/skills/fiddler-security-header-check/` and restart your
+coding tool. Then simply ask:
+
+> *"Check the security headers in my captured traffic"*
+
+The agent will recognize the request, load the skill, and run the steps above against your current Fiddler capture.
+
+## Sharing and Contributing Skills
+
+If you build a skill that could benefit other developers:
+
+1. Fork the [fiddler-agent-tools](https://github.com/telerik/fiddler-agent-tools) repository.
+2. Add your skill folder under `skills/your-skill-name/SKILL.md`.
+3. Update the `README.md` skills table.
+4. Open a pull request with a clear description of what the skill does and when it is invoked.
+
+## See Also
+
+* [Agent Skills](slug://fiddler-agent-skills)
+* [Fiddler Everywhere MCP Server](slug://fiddler-mcp-server)
+* [Prompt Library](slug://fiddler_ai_prompt_library)