Auto-Browser
Auto-Browser is an open-source, MCP-native browser automation server that gives AI agents full control over a real Chromium browser, with human intervention support, auth profile reuse, and rich web interaction capabilities.
Session Management
Create, list, get, and close browser sessions (with optional URL, user agent, auth profile, proxy, TOTP, or storage state)
Fork sessions to clone cookies/storage into a new independent session
Manage tabs: list, activate, and close
Resize viewport programmatically
Observation & Data Capture
Full page observation: screenshot, interactable elements, DOM outline, accessibility tree, OCR, and console errors
Lightweight screenshot capture
Retrieve page HTML/plain text (full page or viewport)
Find elements by CSS selector (text, href, value, bounding box, visibility)
Vision-grounded element targeting via natural language using Claude Vision
Console logs, uncaught page errors, failed network requests, and detailed network logs (with PII scrubbing)
List downloaded files; finalize Playwright traces for debugging
Browser Automation
Execute actions: navigate, click, type, hover, press, scroll, select option, drag-and-drop, reload, go back/forward, upload
Run arbitrary JavaScript in page context
Wait for CSS selectors to reach specific states (visible, hidden, attached, detached)
Authentication & Security
Save, list, and reuse named auth profiles ("login once, reuse later")
TOTP authentication support
Encrypted auth state at rest
Policy rails: host allowlists, upload approval, PII scrubbing, proxy partitioning, API bearer tokens, rate limiting
Human-in-the-Loop
Request human takeover via noVNC without losing session state
Shadow Browsing: dynamically switch between headless and headed modes for live debugging
Approval workflows for sensitive agent actions (uploads, posts, payments, destructive actions)
Social Media Helpers
Login to X/Twitter, Instagram, LinkedIn, Outlook/Microsoft with TOTP support
Extract feed posts and profile info (username, bio, followers, avatar)
Submit search queries
Approval-gated write actions (post, comment, like, follow, DM, etc.)
Integration & Deployment
Native MCP JSON-RPC (
/mcp) and REST endpoints for AI agent integration (OpenAI, Claude, Gemini)Background agent job queuing with persistence across restarts
Cron and webhook triggers for scheduled browser jobs
Docker-based per-session browser isolation for parallel workflows
Prometheus-style metrics, audit trails, and automated cleanup
Secure remote access via Tailscale/Cloudflare Access or reverse-SSH tunneling
Auto Browser
Give your AI agent a real browser, with a human in the loop.
Auto Browser is an MCP-native browser control plane for authorized workflows. It gives MCP clients, LLM agents, and operators a shared Playwright browser with human takeover, reusable auth profiles, approvals, audit trails, and local-first deployment.
Works with:
Claude Desktop
Cursor
any MCP client that can talk HTTP or stdio
direct REST callers when you want curl-first control
Why Auto Browser
MCP-native from day one. The browser surface is already packaged as an MCP server instead of bolted on after the fact.
Human takeover when the web gets brittle. noVNC keeps the same live session available when a person needs to step in.
Login once, reuse later. Save named auth profiles and reopen fresh sessions that are already signed in.
Local-first by default. Run the full stack on your own box with Docker Compose, or use Codespaces for a quick hosted demo.
Safety rails built in. Approvals, operator identity, PII scrubbing, Witness receipts, and compliance templates are all part of the product surface.
Related MCP server: Browser-Use MCP Server
Release Highlights (v1.0.2)
Framework security updates with FastAPI and Starlette pinned to the current patched line
Safer error boundaries across browser actions, CDP, OCR, mesh, workflow, tunnel, social, and share-token surfaces
Rate-limit hardening with bounded buckets and hashed operator identifiers
Host and path policy tightening for production
ALLOWED_HOSTS, auth profile paths, and upload roots1.0 platform surface including signed mesh delegation, workflow routes,
/dashboard, noVNC takeover, MCP transport, audit trails, and readiness checks
See CHANGELOG.md for the full release history.
Good Fits
internal dashboards and admin tools
operator-assisted QA and browser debugging
login-once, reuse-later account workflows
brittle sites where a human may need to recover the flow
MCP-powered agent workflows that need a real browser, not just HTML fetches
Not the Goal
stealth or anti-bot work
CAPTCHA solving
unauthorized scraping or account automation
deceptive identity shaping or bypass tooling
What You Get
Browser Control | Operator Safety | Deployment and Integration |
Playwright-backed sessions with screenshots, DOM summaries, OCR excerpts, tab controls, downloads, and network inspection | approval gates, operator identity headers, audit events, PII scrubbing, Witness receipts, and protection profiles | MCP over HTTP, bundled stdio bridge, REST API, Docker Compose, Codespaces, auth profiles, and optional per-session isolation |
Quickstart
git clone https://github.com/LvcidPsyche/auto-browser.git
cd auto-browser
docker compose up --buildThat is enough for local development with the default settings.
Optional:
cp .env.example .env
make doctorRun make doctor from a normal terminal with local Docker access and permission to open localhost sockets.
Open:
API docs:
http://127.0.0.1:8000/docsOperator dashboard:
http://127.0.0.1:8000/dashboardVisual takeover:
http://127.0.0.1:6080/vnc.html?autoconnect=true&resize=scale
All published ports bind to 127.0.0.1 by default.
Try It in Codespaces
Codespaces provisions the stack automatically. The dashboard and noVNC tabs are usually ready in about 90 seconds.
First Useful Demo
The highest-signal flow in this repo is:
create a session
log in manually if the site needs a human
save the session as a named auth profile
open a new session from that auth profile
continue work without reauthing
Start here:
Minimal session creation:
curl -s http://127.0.0.1:8000/sessions \
-X POST \
-H 'content-type: application/json' \
-d '{"name":"demo","start_url":"https://example.com"}' | jqMinimal observation:
curl -s http://127.0.0.1:8000/sessions/<session-id>/observe | jqMCP Clients
Auto Browser exposes:
an HTTP MCP endpoint at
http://127.0.0.1:8000/mcpconvenience endpoints at
http://127.0.0.1:8000/mcp/toolsandhttp://127.0.0.1:8000/mcp/tools/calla bundled stdio bridge at
scripts/mcp_stdio_bridge.py
The default MCP tool profile is curated, which keeps the browser surface compact for better tool selection. If you want the full internal tool surface, set:
MCP_TOOL_PROFILE=fullRaw tool-call example:
curl -s http://127.0.0.1:8000/mcp/tools/call \
-X POST \
-H 'content-type: application/json' \
-d '{
"name":"browser.create_session",
"arguments":{
"name":"demo",
"start_url":"https://example.com"
}
}' | jqClient setup guides:
Security and Compliance
For a real private deployment, set at least:
APP_ENV=production
API_BEARER_TOKEN=<strong-random-secret>
REQUIRE_OPERATOR_ID=true
AUTH_STATE_ENCRYPTION_KEY=<44-char-fernet-key>
REQUIRE_AUTH_STATE_ENCRYPTION=true
REQUEST_RATE_LIMIT_ENABLED=true
METRICS_ENABLED=trueCOMPLIANCE_TEMPLATE can apply a preconfigured posture at startup:
Template | Auth Encryption | Operator ID | PII Scrub | Isolation | Max Session Age |
| required | required | all layers |
| 4h |
| required | required | all layers |
| 1h |
| - | required | network + text | shared | 24h |
| - | - | all layers | shared | 24h |
All templates require upload approvals. HIPAA, SOC2, and PCI-DSS also enable Witness receipts. Startup writes the applied policy to /data/compliance-manifest.json.
Example:
COMPLIANCE_TEMPLATE=HIPAA docker compose upFor deployment details, hosted Witness notes, CLI auth modes, and reverse-SSH guidance, see:
Architecture at a Glance
flowchart LR
User[Human operator] -->|watch / takeover| noVNC[noVNC]
LLM[OpenAI / Claude / Gemini] -->|shared tools| Controller[Controller API]
Controller -->|Playwright protocol| Browser[Browser node]
noVNC --> Browser
Browser --> Artifacts[(screenshots / traces / auth state)]
Controller --> Artifacts
Controller --> Policy[Allowlist + approval gates]Core components:
browser-node/runs Chromium, Xvfb, x11vnc, and noVNCcontroller/exposes the FastAPI controller, MCP transport, policy rails, and orchestration endpointsdata/holds runtime artifacts, auth state, approvals, audit logs, and optional CLI cachesscripts/contains local helpers for doctor, smoke tests, bridges, and release checks
Repo Guide
Path | What It Contains |
controller API, MCP transport, tests, and packaging | |
browser runtime and Playwright connection layer | |
copy-paste flows and MCP client setup | |
LangChain, LangGraph, and CrewAI adapters | |
architecture, deployment, hardening, and launch docs | |
doctor, smoke harnesses, stdio bridge, and auth helpers | |
supporting service templates and operational assets |
Common Commands
Command | Purpose |
| list available repo commands |
| run Ruff checks on app, tests, and helper scripts |
| run controller tests in Docker |
| run controller tests on host Python 3.10+ |
| run the local readiness smoke |
| run the fuller release-validation pass |
| verify per-session Docker isolation |
| verify reverse-SSH remote access |
Documentation Map
If You Want To... | Start Here |
understand the system shape | |
connect Claude Desktop or Cursor | |
run the curl-first examples | |
deploy on a trusted host | |
review production constraints | |
inspect release history | |
see where the project is headed |
Contributing
If you want to help, start with:
If Auto Browser is useful, a star helps other people find it.
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/LvcidPsyche/auto-browser'
If you have feedback or need assistance with the MCP directory API, please join our Discord server