CloakBrowser MCP
The CloakBrowser MCP server is a browser automation tool that runs Playwright with a CloakBrowser (stealth Chromium) backend, enabling AI agents to control a browser for web interactions.
Navigate & Control the Browser
Navigate to URLs, go back, close the browser, resize the window, and manage tabs (list, create, close, select)
Interact with Web Elements
Click (left/right/middle, double-click), type text, fill forms, press keyboard keys, hover, drag-and-drop, select dropdown options, upload files, and drop files/data onto elements
Inspect & Capture Page State
Take screenshots (
browser_take_screenshot), capture accessibility snapshots (browser_snapshot), retrieve console messages (browser_console_messages), and list/inspect network requests (browser_network_requests,browser_network_request)
Scripting & Automation
Execute JavaScript on the page (
browser_evaluate), run arbitrary Playwright code (browser_run_code_unsafe— use with caution), and wait for text to appear/disappear or a timeout (browser_wait_for)
Handle Browser Events
Accept or dismiss dialogs (alerts, confirms, prompts) via
browser_handle_dialog
Diagnostics & Metadata
Retrieve CloakBrowser binary details (
cloakbrowser_binary_info) and bridge runtime metadata including upstream Playwright MCP version and available tools (cloakbrowser_bridge_info)
cloakbrowser-mcp
cloakbrowser-mcp is a Model Context Protocol browser automation server that runs upstream @playwright/mcp with the CloakBrowser Chromium binary. It provides Playwright MCP-compatible tools through a thin CloakBrowser bridge for npm and Docker users over stdio or Streamable HTTP.
Documentation: swimmwatch.github.io/cloakbrowser-mcp
Cross-platform checks cover npm on Linux x64/arm64, macOS arm64/x64, and Windows x64 across Node.js 22-26. Docker images are built and smoke-tested for linux/amd64 and linux/arm64.
The server is intentionally thin:
upstream Playwright MCP owns browser tool schemas, descriptions, and responses;
this package generates a Playwright MCP config that points
launchOptions.executablePathto CloakBrowser;the bridge exposes upstream tools unchanged;
the only local tools are
cloakbrowser_binary_infoandcloakbrowser_bridge_info.
Version compatibility
cloakbrowser-mcp | @playwright/mcp | CloakBrowser | Node.js | Platform |
|
|
|
| npm on Linux x64/arm64, macOS arm64/x64, Windows x64; Docker |
|
|
|
| Docker |
|
|
|
| Docker |
|
|
|
| Docker |
|
|
|
| Docker |
|
|
|
| Docker |
|
|
|
| Docker |
|
|
|
| Docker |
|
|
|
| Docker |
|
|
|
| Docker |
|
|
|
| Docker |
|
|
|
| Docker |
|
|
|
| Docker |
See Version Compatibility for the maintained compatibility table.
Related MCP server: browser-devtools-mcp
Registry visibility
cloakbrowser-mcp publishes server.json to the official MCP Registry. GitHub's github.com/mcp registry is a separate curated discovery surface, so an official MCP Registry release may not appear there immediately.
Verify the current official registry entry and GitHub MCP visibility probe with:
npm run registry:checkUse npm run registry:check:strict only when GitHub MCP listing visibility should be treated as a required release gate.
Run from npm
npx -y cloakbrowser-mcp@latest --help
npx -y cloakbrowser-mcp@latest doctor
npx -y cloakbrowser-mcp@latest doctor --json
npx -y cloakbrowser-mcp@latest
npx -y cloakbrowser-mcp@latest --transport streamable-http --http-port 3000
npx -y cloakbrowser-mcp@latest --transport streamable-http --http-protocol https --https-cert ./cert.pem --https-key ./key.pemRequires Node.js 22.12 or newer. The first real browser action may download the CloakBrowser binary unless it is already cached.
Use doctor for local diagnostics before connecting an MCP client. It checks the Node.js engine, project metadata, upstream Playwright MCP resolution, and CloakBrowser binary metadata without starting the bridge or downloading a browser.
The default transport is stdio. Streamable HTTP binds to 127.0.0.1 by default, serves MCP at /mcp, and exposes fixed GET /healthz and GET /readyz probes. Use --http-protocol https with --https-cert and --https-key or --https-pfx for direct TLS. If --http-auth-token is set, the probes require the same Authorization: Bearer ... header as MCP requests.
For the complete generated CLI flag reference, see the published CLI Reference.
Run from Docker
docker pull swimmwatch/cloakbrowser-mcp:latest
docker run --rm --init -i \
-v "$PWD/artifacts:/data" \
swimmwatch/cloakbrowser-mcp:latest
docker run --rm --init -p 127.0.0.1:3000:3000 \
-v "$PWD/artifacts:/data" \
swimmwatch/cloakbrowser-mcp:latest \
--transport streamable-http --http-host 0.0.0.0 --http-port 3000
curl http://127.0.0.1:3000/healthz
curl http://127.0.0.1:3000/readyzFor direct HTTPS from the container, mount your TLS files and select HTTPS:
docker run --rm --init -p 127.0.0.1:3000:3000 \
-v "$PWD/artifacts:/data" \
-v "$PWD/certs:/certs:ro" \
swimmwatch/cloakbrowser-mcp:latest \
--transport streamable-http --http-host 0.0.0.0 --http-port 3000 \
--http-protocol https --https-cert /certs/cert.pem --https-key /certs/key.pemThe Docker image is based on the pinned official Playwright MCP image, installs the bridge under /opt/cloakbrowser-mcp, writes artifacts to /data by default, and is published for linux/amd64 and linux/arm64.
The same tags are also published to ghcr.io/swimmwatch/cloakbrowser-mcp.
MCP client configuration
npm
{
"mcpServers": {
"cloakbrowser": {
"command": "npx",
"args": ["-y", "cloakbrowser-mcp@latest"],
"env": {
"PLAYWRIGHT_MCP_OUTPUT_DIR": "/tmp/cloakbrowser-artifacts",
"PLAYWRIGHT_MCP_HEADLESS": "true"
}
}
}
}Docker
{
"mcpServers": {
"cloakbrowser": {
"command": "docker",
"args": [
"run",
"--rm",
"--init",
"-i",
"-v",
"/tmp/cloakbrowser-artifacts:/data",
"swimmwatch/cloakbrowser-mcp:latest"
]
}
}
}Configuration
Use upstream PLAYWRIGHT_MCP_* variables for browser, artifact, timeout, network, and tool capability settings. Cloak-specific bridge toggles use CLOAK_PLAYWRIGHT_MCP_*.
CLI flags are documented in the generated CLI Reference.
Common variables:
Variable | Default | Description |
|
| MCP transport exposed by the bridge: |
|
| Streamable HTTP listener protocol: |
|
| Streamable HTTP bind host. |
|
| Streamable HTTP bind port. |
|
| Streamable HTTP endpoint path. |
| unset | Optional Bearer token for Streamable HTTP. |
|
| Session metadata backend. Only |
|
| Idle TTL for Streamable HTTP sessions. |
|
| Maximum active Streamable HTTP sessions in one process. |
| unset | TLS certificate PEM path for HTTPS Streamable HTTP. |
| unset | TLS private key PEM path for HTTPS Streamable HTTP. |
| unset | TLS PFX/PKCS12 path for HTTPS Streamable HTTP. |
| unset | Passphrase for an encrypted HTTPS key or PFX. |
|
| Streamable HTTP operational log level: |
|
|
|
|
| Runs Chromium headless. |
|
| Artifact directory for npm usage. Docker defaults to |
|
| Upstream output mode, either |
|
| Enables the compatibility patch for console messages. |
|
| Adds CloakBrowser default stealth launch arguments. |
| unset | Comma-separated or JSON array of extra Chromium launch arguments. |
The old CLOAKBROWSER_MCP_* variables are not supported.
Tools
The upstream Playwright MCP tool list is authoritative. This project does not reimplement or re-document upstream browser schemas in source code.
Local tools:
cloakbrowser_binary_inforeturns CloakBrowser package, platform, cache, and resolved binary data.cloakbrowser_bridge_inforeturns bridge metadata, upstream package/version, and local tool names.
Development
npm install
npm run build
npm test
npm run docker:build
npm run docker:smoke
npm run server:validate
npm run bridge:compare -- cloakbrowser-mcp:dev --report bridge-parity-report.jsonDocumentation starts at docs/getting-started.md. Contributor material is grouped under docs/contributor-guide.md.
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/swimmwatch/cloakbrowser-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server