Hydra ACI
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Hydra ACImount https://github.com and list features"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
The next step in the agentic web β compile any website into typed, callable tools for any agent. No MCP server on the site's side. No config on yours.
β‘ Quickstart Β· 𧬠How it works Β· π Harnesses Β· π₯ Compare Β· π Honest numbers Β· π Credits
π The Mount Test
Every design decision in this repo is judged against one scenario:
You point Hydra at a URL it has never seen. Seconds later, your agent is calling typed tools against that site β search, filter, submit, whatever it actually exposes. No server was built. No config was written. No human sat in a browser.
you βββΆ hydra mount https://any-site.com
β
ββ discover H1 scout: OpenAPI Β· GraphQL Β· llms.txt Β· MCP apps Β· __NEXT_DATA__ Β· live XHR
ββ compile canonical Web Capability IR β typed tools, ranked structured-first
ββ serve βΆ MCP Β· SDK Β· OpenAI Β· Anthropic Β· Gemini Β· LangChain
call_tool("search", {"q": "widgets"}) # as if the site shipped MCP all alongThat is the whole product. Everything below is how it survives contact with the real web.
Related MCP server: Kryfto
π The 95% problem
Only about 5% of the web is usable by an AI agent today: the sliver that ships an OpenAPI spec, a public GraphQL endpoint, an llms.txt, a plugin manifest, or a hand-built MCP server. Everything else β the other ~95% β is dark to agents unless a human writes a scraper or sits in a browser clicking.
The industry's answer so far is "rebuild the web for agents, one endpoint at a time." That scales to the handful of destinations with the budget and incentive to opt in. It will never reach the internal tools, the legacy apps, the long tail of SaaS, the sites that already work fine for humans.
Hydra takes the other path. It reads what a site already exposes β discovered APIs, embedded app data, accessibility trees, live network traffic β and compiles that into strongly-typed, LLM-callable tools at runtime. The web does not get rebuilt. Agents learn to read it.
π Hydra is the inverse of MCP. MCP asks every website to build an endpoint for agents. Hydra synthesizes the endpoint from whatever the site already has, and serves it to any harness as if a clean MCP server had existed all along.
from hydra.sdk import HydraSDK
sdk = HydraSDK()
session = await sdk.mount("https://any-site.com") # discover + compile
print(session["capabilities"]) # typed tools, ready to call
await sdk.call_tool(session["session_id"], "search", {"q": "widgets"})That same mounted site works identically from Claude Code, Codex, Cursor, Gemini CLI, OpenClaw, Antigravity, LangChain, or a raw OpenAI/Anthropic tool loop. One compile, every harness β because they all consume the same capability catalog.
Every existing approach to "agents on the web" is a local maximum. Hydra is aiming for the global one.
Tool class | What it does | Where it stops |
π€ browser-use, Playwright agents | an LLM clicks around a live browser | slow, brittle across redesigns, nothing reusable for the next agent |
π Firecrawl, Crawl4AI, Scrapling | extract content to markdown or JSON | read-only β you get text, you cannot place the order |
π§ MCP servers | clean typed tools, where they exist | a rounding error of the web, each one hand-built per harness |
π | voluntary agent-native endpoints | a rounding error of a rounding error |
The right primitive is not a better browser agent or a better scraper. It is a web capability compiler: discover the highest-signal machine surface a site already has, drop to a governed browser probe only when nothing structured exists, normalize everything into one canonical intermediate representation, expose that IR to every harness through native adapters, and remember what worked so the second visit is instant.
𧬠How it works
Every session runs through a deterministic finite-state kernel, structured-first by construction. The browser is a probe, never the default driver.
%%{init: {'theme':'base','themeVariables':{'primaryColor':'#BE3D52','primaryTextColor':'#ffffff','primaryBorderColor':'#E7E2D5','lineColor':'#5B9EC9','secondaryColor':'#1e293b','tertiaryColor':'#0B0E13'}}}%%
flowchart LR
URL([any URL]) --> K{{Orchestration Kernel<br/>INIT Β· DISCOVER Β· INGEST Β· EXECUTE}}
K --> H1[H1 Scout<br/>APIs Β· GraphQL Β· llms.txt<br/>MCP Β· embedded data]
K --> H8[H8 Memory<br/>prior mounts Β· auth shapes<br/>verified workflows]
H1 --> P{structured<br/>surface<br/>found?}
P -- yes --> IR
P -- no --> PROBE[Governed browser probe<br/>H2 a11y tree Β· H3 XHR sniff]
PROBE --> IR
IR[[Canonical Web Capability IR<br/>id Β· schema Β· source Β· verifier Β· redaction]]
IR --> AD[Native adapters]
AD --> A1[Claude Code / Codex]
AD --> A2[OpenAI / Anthropic / Gemini]
AD --> A3[LangChain / MCP / ...]Everything a site exposes becomes one stable record in the canonical Web Capability IR: an id, an input schema, a source type, an auth requirement, a side-effect class, a verifier summary, a fallback chain, and a redaction policy. A route planner always prefers the highest-signal surface (mcp > openapi > graphql > llms.txt > embedded data > observed XHR > forms > browser action), so an agent calls a real API before it ever considers clicking a button.
The eight Heads
The name is literal. Eight specialized Heads run inside an isolated browser enclave, each best-in-class at one job, composed by the kernel.
Head | Name | Role | |
H1 | π | Protocol Scout | API-first discovery: OpenAPI/Swagger, AI-plugin manifests, |
H2 | π² | AXTree Compiler | Live DOM into an LLM-optimized accessibility tree, readable prose markdown, and stable fingerprints |
H3 | πΈοΈ | Network Sniffer | Intercepts XHR/fetch, infers typed API schemas, merges samples across observations, redacts secrets |
H4 | 𧬠| Schema Engine | Generates typed JIT tools with token-aware budgeting and goal-relevance ranking, and emits the canonical IR |
H5 | π₯· | Camouflage | Human-paced input (Bezier paths, WPM typing), per-session fingerprint controls, pluggable stealth backends |
H6 | π | Security Vault | AES-256-GCM, scrypt KDF, scoped secrets typed straight into the page β values never enter LLM context, traces, or archives |
H7 | π | HITL Router | Detects Turnstile, reCAPTCHA, hCaptcha, and MFA, and routes to human-in-the-loop or an opt-in solver |
H8 | π§ | Knowledge Archive | SQLite memory: site profiles, drift fingerprints, auth-flow shapes, verified workflows, stable-id remapping, deterministic trace replay |
Full architecture: docs/architecture.md Β· Capability strategy: docs/capability-compiler.md
β‘ Quickstart
Fast local install
git clone https://github.com/Suraj1235/Hydra-aci.git
cd Hydra-aci
pip install -e .
playwright install chromiumOptional vector search for the Knowledge Archive:
pip install -e .[vector]Python SDK
import asyncio
from hydra.sdk import HydraSDK
async def main():
sdk = HydraSDK()
# Mount a site, get a live typed tool catalog
session = await sdk.mount("https://example.com", goal="find product prices")
for cap in session["capabilities"]:
print(cap["name"], "<-", cap["source_type"])
# Or run a one-shot structured extraction
data = await sdk.extract(
"https://example.com/products",
schema={"type": "array"},
prompt="every product name and price",
)
print(data)
asyncio.run(main())The SDK surface: mount, compile, probe, call_tool, refresh, run, scrape, crawl, extract, map, diff, replay, and a memory facade.
Drop Hydra into your coding agent with no manual config editing:
hydra-connect doctor # or: python -m hydra.connect doctor
hydra-setup --all --no-verify # writes Codex, Claude Code, Cursor, Gemini CLI, OpenCode, etc.
hydra-connect verify codex --session-smokeHarness path | Command |
π©Ί Public readiness check |
|
π Install everywhere Hydra can detect |
|
π£ Claude Code only |
|
π’ Codex only |
|
π Existing MCP apps |
|
π§Ή Remove from a harness |
|
For a single harness, run hydra-connect setup claude-code or
hydra-connect install claude-code && hydra-connect verify claude-code.
hydra-connect doctor --json reports package health, MCP stdio readiness,
configured harnesses, authorization posture, remediation, and next steps.
Add --authorize when you want the installed MCP server to start with
advanced browser/credential capabilities enabled.
During public testing, hydra-connect uninstall claude-code removes Hydra from
that harness config; pass --config when you want to target an explicit file.
π Hydra also imports MCP apps you already have. On mount, Hydra scans common
local MCP config files and repo manifests at .hydra/mcp-apps.json or
mcp-apps.json, skips its own hydra entry, verifies upstream stdio MCP
servers with tools/list, converts their tools into the same canonical IR, and
exposes them beside website-compiled tools. Use ${ENV_VAR} placeholders in
repo manifests so each tester supplies secrets through their shell, not through
committed config. hydra-connect mcp-apps shows which apps are available and
which env vars are missing. If a task is better served by an existing GitHub,
database, filesystem, or SaaS MCP app, Hydra can call that app; if no MCP app
exists, Hydra synthesizes the web capability itself. Secret-like environment
values stay local and are redacted from capability metadata.
Or run the MCP server directly. Hydra is the MCP server. The destination site never needs one.
python -m hydra.mcp_server # stdio
python -m hydra.mcp_http_server # local HTTP + SSE at /mcp{ "mcpServers": { "hydra": { "command": "python", "args": ["-m", "hydra.mcp_server"] } } }π Works with every harness
Because every adapter consumes the same canonical capability IR, one mounted site behaves identically everywhere it is used.
Coding agents (via hydra-connect or MCP): Claude Code, OpenAI Codex CLI, Gemini CLI, Google Antigravity, OpenCode, OpenClaw, Cursor, Cline, Windsurf. Setup recipes in docs/integrations/.
Native SDK adapters for direct model-provider users:
Provider | Import | Status |
OpenAI |
| β first-class |
Anthropic |
| β first-class |
Google Gemini |
| β first-class |
AWS Bedrock |
| β first-class |
Plus MCP, LangChain, CrewAI, AutoGen, and OpenClaw: 12 adapters, all consuming the same IR through a shared from_capabilities() contract, never re-hand-wrapped per harness. Three further adapters (Hermes, KimiClaw, AntiGravity) exist but are experimental and unverified β do not rely on them in production.
π₯ How Hydra compares
Hydra occupies a distinct position. browser-use is an LLM-driven browser agent. Firecrawl is a managed scrape/crawl/extract API. Lightpanda is a lightweight headless-browser runtime. Hydra's goal is orthogonal to all three: compile any site into typed callable tools so any framework can use it without a per-site integration.
Capability | Hydra | browser-use | Lightpanda | Firecrawl |
Compile a site into typed callable tools | β | β | β | β |
API-first, skip the browser when possible | β | β | β | β |
One canonical capability IR across harnesses | β | β | β | β |
Single-page markdown | π‘ beta | π partial | β | β |
Multi-page BFS crawl | π‘ beta | β | β | β |
Structured extraction | π‘ beta | π partial | π partial | β |
Multi-step agentic loop | π‘ beta | β | β | π partial |
Execution-trace replay (open source) | β | β | β | β |
Native MCP server, no cloud | β | β | β | β |
Encrypted credential vault | β | π partial | β | π partial |
Raw browser runtime speed | API-skip avoids it | fast | fastest | cloud |
The honest, cell-by-cell breakdown β including where Hydra is deliberately a category mismatch (raw runtime speed versus Lightpanda, agentic depth versus browser-use) β is in docs/comparison.md. Competitive performance numbers come only from the reproducible harness in docs/benchmarks/methodology.md, and those tables stay empty until real head-to-head runs are published.
π Status & honest numbers
Hydra is developer alpha (0.9.x), hardening toward 1.0. The ambition is large and stated plainly above. The status below is stated just as plainly, because a claim without evidence is worth nothing.
β 1,614 tests passing (5 skipped, 0 failing) across the suite.
β Real and exercised today: the canonical IR and all four compiler heads emitting it directly; the browser-as-probe orchestrator; 12 harness adapters on a shared IR contract; H8 web memory (auth-flow replay, verified-workflow replay, drift-driven stable-id rotation); the real-time MCP engine over stdio and HTTP/SSE; robots and rate-limit compliance; the encrypted vault.
π§ͺ First live benchmark data point: on a hermetic local reference app, Hydra passes 12 of 13 capability tasks (1 skipped for want of an LLM key), 100% AI-usable coverage on eligible tasks. This is Hydra-only. No competitor baseline has run yet, so it is not a competitive claim. Public summary pointers live under
benchmarks/results/; per-run evidence packages are generated locally and ignored unless deliberately promoted for a release or benchmark report.π― The number we intend to earn: move the agent-callable web from ~5% toward 60%+ of a curated sample. We do not print that number as fact until the benchmark is real on a 50-site sample with every competitor run. It is the target on the wall, not a result.
Roadmap and work-in-progress are tracked in docs/plans/.
π¦ Responsible use
Hydra is infrastructure for authorized agentic automation: your own apps, internal tooling, consented user automation, QA and accessibility testing, and research on systems you may access.
Defaults are conservative: robots.txt is respected and requests are rate-limited. Advanced capabilities (automated challenge solving, anti-bot fingerprint evasion, raw evaluate_js, credential injection) require a single, one-time, informed authorization granted at install or config time (hydra-authorize, --authorize on the MCP server, or HydraSDK.authorize()), persisted locally and audit-logged.
Do not use Hydra to access systems you lack permission for, to circumvent access controls, or in violation of applicable law. See AUP.md and SECURITY.md.
π€ Contributing
Contributions are welcome. Read CONTRIBUTING.md first. The invariants that keep Hydra coherent (head boundaries, structured-first routing, secrets never leaving H6, determinism and replay) are documented and enforced by tests. Please keep them green.
π Credits
Hydra is built in the open, and three open-source projects shaped its thinking more than any others:
browser-use β showed how far an LLM-driven browser agent can go, and where the ceiling is. Hydra's "browser as probe, never the default driver" stance is a direct answer to lessons browser-use taught the whole field.
Firecrawl β set the bar for developer-friendly scrape / crawl / extract APIs. Hydra's
scrape,crawl,extract, andmapverbs deliberately speak the dialect Firecrawl made familiar.Model Context Protocol β the open standard that made "typed tools for agents" a shared language. Hydra serves MCP natively, and exists to extend that promise to the sites that never built a server.
π License
MIT. See LICENSE.
π€ Author
Suraj Kuncham β @Suraj1235.
β Star the repo if you believe agents should read the web β not wait for it to be rebuilt.
The web does not need to be rebuilt for agents. Agents need to read the web.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Suraj1235/Hydra-aci'
If you have feedback or need assistance with the MCP directory API, please join our Discord server