open source by Revitt

Semantic browser control for agents.

brw runs a real, visible Chrome and exposes it over MCP and HTTP. Agents act from stable refs like e17 instead of CSS selectors or screenshots, and get a plain observation back after every action — so they know what actually happened.

Get brw on GitHub Quick start

control: MCP + HTTP
from: Revitt
licence: AGPL-3.0
source: GitHub

why brw

Built to win on real web work

Other agent browsers burn tokens re-reading pixels, lock you to one vendor, and stall at the login wall. brw takes the other path.

faster

Fewer turns, fewer tokens

Pre-release head-to-heads vs Claude-in-Chrome: same tasks, fewer turns and fewer tokens. Agents act from stable refs, not a fresh screenshot each turn. Public benchmark on the way.

agnostic

Any agent harness

Not tied to one vendor's browser. Claude Code, Codex, Cursor, opencode, pi, Gemini or your own client — anything that speaks MCP or HTTP drives the same brw.

your auth

Your real Chrome logins

Bridges to your installed, signed-in Chrome. The sites you're logged into, brw is too — cookies and sessions stay on your machine.

Bind profiles to workspaces with MCPlexer →

whole web

The whole web, not a sandbox

A real browser on your profile reaches any page you can — gated dashboards, signed-in apps, content a locked-down agent browser can't.

what it is

A real browser agents can drive by ref

brw controls headed Chrome/Chromium through CDP and exposes it as MCP tools and an HTTP JSON API. It is the actual web — signed-in tabs, real clicks and forms — not a sandboxed copy or a stack of screenshots.

ref

Act from stable refs

Snapshots combine DOM and accessibility data into stable refs like e17. Agents click, type, fill, select, scroll, drag, upload, wait and assert by ref — not by brittle CSS selectors or by re-reading a screenshot every turn.

read

Read the page semantically

Pull prose, links, headings, forms, tables and structured product data straight from the page. Screenshots are kept as a visual fallback, with optional Set-of-Marks overlays.

observe

An observation after every action

Every action returns a post-action observation, so the agent knows what changed instead of guessing. Acting from refs and observations means fewer turns, less token spend and less wall time than re-interpreting pixels.

what's inside

Built for real, signed-in web work

The full MCP surface is large; run brwd --mcp --mcp-tools core to advertise just the common-flow tools while keeping everything callable.

Cross-harness

stdio MCP for agent harnesses and an HTTP JSON API for custom clients. The same real browser, reachable from wherever your agent runs.

SSH-first remote runtime

Remote control is a first-class path. The visible browser stays on the machine that owns the profile; SSH carries stdio MCP, so cookies, passkeys and downloads never leave home.

Installed-profile bridge

A Chrome extension bridges to an already-authenticated installed Chrome profile — the auth you already have, without copying cookies or fighting Chrome's remote-debug lockdown.

Semantic snapshot, read, find

Snapshots combine DOM and accessibility data. Read prose, links, headings, forms, tables and structured product data. Find elements and act on them by stable ref.

Tabs, downloads, network

Tabs and tab groups, downloads, console, network capture and request replay, plus cancellation. Organise visible Chrome work into named runs the human can watch.

Set-of-Marks overlays

Screenshots are a visual fallback, not the main channel — with optional Set-of-Marks overlays that label elements with the same refs the agent acts on.

quick start

Clone, build, run as MCP

brw is a single daemon, brwd. Build it, then run it as an MCP server over stdio or expose the HTTP API on loopback.

For remote and installed-Chrome setups, see the docs on the brw repository.

# clone and build
$ git clone https://github.com/Don-Works/brw.git
$ cd brw
$ make build

# run as an MCP server (stdio)
$ ./bin/brwd --mcp --http off

# or expose the HTTP API on loopback
$ ./bin/brwd --http 127.0.0.1:17310

# open a page and read its controls
$ curl -s 127.0.0.1:17310/api/browser/open \
    -H 'content-type: application/json' \
    -d '{"url":"https://example.com"}'

$ curl -s 127.0.0.1:17310/api/page/snapshot | jq

install

Add the Chrome extension

The brw extension bridges the daemon to your real, signed-in Chrome over ws://127.0.0.1. It drives visible tabs through the debugger protocol and never reads cookies, passwords or passkeys.

It ships with one permanent extension ID, so the daemon trusts it with zero config:

amocjcgddnoakjijfggdpnefdnboilpe

manualLoad unpacked — works today

Open chrome://extensions in the Chrome profile you want brw to drive.
Turn on Developer mode (top-right toggle).
Click Load unpacked and choose the extension/ folder from the brw repo — or run make install-extension to open the right page and reveal the folder.
Keep it enabled, run brwd --bridge, and brw is on your real browser.

one-clickChrome Web Store

An unlisted Web Store build is on the way for one-click install and auto-updates. Until it lands, use the manual route — it installs the exact same extension and the same permanent ID.

safety

A normal browser, on a short leash

brw uses a normal visible browser and a persistent user profile. It does not add stealth code, CAPTCHA bypass, MFA bypass, fraud-check bypass, consent bypass or cookie extraction. Browser-control HTTP binds to loopback by default; for remote use, prefer stdio MCP over SSH so the profile stays on the machine that owns it. Released under AGPL-3.0 — free to use, change and build on, with improvements shared back. If that doesn't fit your business, talk to Revitt about a commercial licence.

Browse the code