mcp-zen
Allows remote control of a Firefox (or Zen) browser, enabling navigation, clicking, form filling, screenshots, and JavaScript execution via a WebSocket connection to a browser extension.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-zenlist all open tabs"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-zen
A persistent MCP HTTP server paired with a Zen/Firefox browser extension that
lets any MCP client (Claude Code, Claude Desktop, ada-back, or anything else
that speaks MCP) remote-control your actual, already-running browser:
navigate, read, click, fill forms, screenshot, run JS.
The server runs as one long-lived process (mcp-zen, installed on $PATH)
rather than being spawned per-client. This matters because the browser
extension's WebSocket connection to it is completely decoupled from any
individual MCP client's session lifecycle — the extension connects once and
stays connected for as long as the server runs, regardless of how many
short-lived MCP sessions come and go on top of it (each mcpcall.mjs
invocation, each ada-back restart, etc.).
It combines two ideas from other projects:
The tool surface of zen-mcp, which talks to Zen over WebDriver BiDi. BiDi requires launching a dedicated browser instance with
--remote-debugging-port, which doesn't work for a browser you're already using day-to-day.The architecture of browser-control-mcp: MCP server ↔ localhost WebSocket (HMAC-signed) ↔ a WebExtension background script that performs the actions. This is what lets it attach to your main browser window instead of a separate automation-only instance.
Setup
1. Load the extension in Zen
Build it:
npm install && npm run build(from this directory).In Zen, open
about:debugging→ "This Firefox" → "Load Temporary Add-on..." → selectfirefox-extension/manifest.json.The options page opens automatically. Copy the generated secret.
Click Enable browser automation on the options page. This grants the extension access to all sites (
<all_urls>), which every page-interaction tool (zen_click,zen_fill,zen_snapshot,zen_evaluate,zen_screenshot, ...) needs. It's a one-time grant, revocable any time fromabout:addons.
"Temporary" add-ons are unloaded when Zen restarts — you'll need to re-load
manifest.json(and re-copy the secret only if you regenerate it) each time, unless you package and install it permanently.
2. Configure the secret
cd mcp-server
cp .env.example .env
# edit .env, paste the secret from the options page as EXTENSION_SECRET.env is gitignored — the secret never gets committed. server.ts loads it
at startup (mcp-server/.env, sibling of dist/); explicit env vars set by
whatever launches the process still take priority over the file. .env also
sets MCP_HTTP_PORT (default 8791) alongside EXTENSION_PORT (default
8765, the WebSocket port the extension connects to — a different port from
the one MCP clients talk to).
3. Install and run
bin/ is gitignored (it's a local PATH-install wrapper, not project source),
so create it once per checkout:
mkdir -p bin
cat > bin/mcp-zen <<'EOF'
#!/usr/bin/env bash
# Thin wrapper so `mcp-zen` can be installed on $PATH (e.g. symlinked into
# ~/.local/bin) while the actual project stays put wherever it's checked out.
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" && pwd)"
exec node "$SCRIPT_DIR/../mcp-server/dist/server.js" "$@"
EOF
chmod +x bin/mcp-zen
ln -sf "$(pwd)/bin/mcp-zen" ~/.local/bin/mcp-zen # once, so it's on $PATH
mcp-zen # runs in the foregroundIt prints both listening addresses on startup and then blocks — run it under
your process supervisor of choice (systemd user service, nohup ... &,
whatever fits) for a real persistent deployment.
Point any MCP client at http://localhost:8791/mcp (Streamable HTTP), e.g.
Claude Desktop:
{
"mcpServers": {
"zen": { "url": "http://localhost:8791/mcp" }
}
}For quick ad hoc testing without a full MCP client, use mcpcall.mjs:
node mcpcall.mjs zen_list_tabs '{}'
node mcpcall.mjs zen_navigate '{"tabId":12,"url":"https://example.com"}'Each invocation opens its own short-lived MCP session — cheap, since it's independent of the extension's WebSocket connection.
Related MCP server: mcp-chrome-server
Tools
Tool | Notes |
| |
| |
| |
| |
| Bring a tab to the foreground |
| Structured elements + selectors (filter: all/interactive/form) |
| Activates the tab first — see limitation below |
| |
| |
| Real CSS selector only -- see limitation below |
| Click by visible text/aria-label instead of a selector |
| Native setter + input/change events, works with React/Vue/Angular |
| |
| |
| Batch of |
| |
| Synthetic keydown/keyup — see limitation below |
| Arbitrary JS in the page |
| No browser round trip |
| Polls in-page for text or a selector |
Every tab-scoped tool takes an optional tabId; omit it to target the
active tab of the current window.
Known limitations (vs. zen-mcp's BiDi approach)
Screenshots only work on the visible/focused tab (
captureVisibleTab), sozen_screenshotactivates the target tab first. BiDi can capture background tabs; a WebExtension can't.zen_press_keydispatches syntheticKeyboardEvents, not real OS-level key injection. Most JS listeners (keydownhandlers, framework key bindings) work fine; native browser behaviors triggered by a real keypress (e.g. Enter submitting a form via the browser's built-in behavior) may not fire — usezen_clickon the submit button instead when that matters.zen_click's selector goes straight to the page's owndocument.querySelector-- there's no jQuery/Playwright/BeautifulSoup selector engine underneath it, so:contains(),:has-text(),:-soup-contains()etc. all fail with "not a valid selector". Models reliably hallucinate these from training data on other automation tools;zen_snapshotalso falls back to a bare tag name (e.g."a") for elements with no id/name/aria-label, which is technically valid CSS but matches every such element on the page.zen_click_text(click by visible text/aria-label, no selector needed) exists specifically to route around both problems for the common "click the thing that says X" case.The extension only allows commands listed in
firefox-extension/allowed-tools.yaml. There's no dynamic per-tool toggle UI or per-domain consent flow (deliberately, for simplicity) — edit that file and rebuild to change what's enabled.
Notes
typescriptis pinned to~5.7.3in everypackage.json. TypeScript 5.8+ has a regression (excessive/infinite type instantiation,TS2589, or an outright OOM crash ontsc) when compiling many chainedmcpServer.tool(...)calls against zod schemas with the currently published@modelcontextprotocol/sdk. Confirmed by bisecting: 5.7.3 and earlier compile clean, 5.8.3+ fails. Worth re-checking whether upstream fixes this before bumping.
Project layout
common/ shared TS message types (server <-> extension)
mcp-server/ persistent MCP HTTP server; hosts the WebSocket server the extension connects to
firefox-extension/ background script (WebSocket client) + options page
bin/mcp-zen PATH-installable entry point (symlink ~/.local/bin/mcp-zen -> this)
mcpcall.mjs one-off MCP tool call over HTTP, for ad hoc testingLicense
MIT — see LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mikesmullin/mcp-zen'
If you have feedback or need assistance with the MCP directory API, please join our Discord server