Give Claude a consent-gated browser.
The Twin Browser MCP server exposes the execution engine as native tools over stdio. Any MCP client — Claude Desktop, Claude Code, or your own — can compile skills, run goals, replay them with no LLM, and search the shared skill library.
Two ways to register the server
The server runs locally over stdio and forwards to your execution engine. Point your MCP client at it with the right environment.
// claude_desktop_config.json → mcpServers
{
"mcpServers": {
"twin-browser": {
"command": "node",
"args": ["src/exec/mcp-server.js"],
"env": {
"EXEC_URL": "http://localhost:7070",
"EXEC_SHARED_SECRET": "<your exec shared secret>",
"WEB_BASE_URL": "https://twin-browser.com",
"TWIN_API_KEY": "ab_live_…"
}
}
}
}# Claude Code CLI — register the server in one line
claude mcp add twin-browser \
--env EXEC_URL=http://localhost:7070 \
--env EXEC_SHARED_SECRET=<your exec shared secret> \
--env WEB_BASE_URL=https://twin-browser.com \
--env TWIN_API_KEY=ab_live_… \
-- node src/exec/mcp-server.js# 1. Start the execution engine (serves the browser pool on :7070)
EXEC_SHARED_SECRET=<your secret> npm run exec
# 2. The MCP server talks to it over stdio. Your MCP client launches it
# for you via the config above — or run it directly to smoke-test:
EXEC_URL=http://localhost:7070 \
EXEC_SHARED_SECRET=<your secret> \
npm run exec:mcpEXEC_URL points at your running engine (default http://localhost:7070). EXEC_SHARED_SECRET authenticates the server to the engine. WEB_BASE_URL + TWIN_API_KEY are only needed for search_library, which reads the shared corpus through the web API.Twelve tools, one consent gate
Every target-bearing tool is checked against your allowlist before a browser launches.
run_goalExecute a named goal (login, search, reply, extract, like) on an authorized target. Optional proxy, video recording, and on-screen annotation.
compile_skillDiscover a goal once with the planner, then minimize it into a reusable, deterministic skill.
run_skillBlind-replay a compiled skill with no LLM in the loop — the cheap, deterministic path.
list_skillsList the compiled skills available for replay.
search_librarySemantically search the cross-tenant shared skill library by intent and host (needs WEB_BASE_URL + TWIN_API_KEY).
submit_runSubmit a goal as an async background job; returns a job id immediately.
get_jobPoll an async job by id for status, success, steps and result.
cancel_jobCancel a running async job by id (full credit refund).
observe_pageSerialize a page into token-efficient indexed DOM state without taking any action.
solve_captchaHand a live/paused session’s CAPTCHA to the solver and continue.
record_runRun a goal and capture a video recording of the session.
record_jobSubmit an async job that records its run to video.
Then just ask in natural language
# Once connected, ask your agent in natural language, e.g.:
# "Compile a skill that logs into app.acme.com and exports invoices,
# then replay it." → compile_skill → run_skill (no LLM on replay)
# "Search the library for 'export invoices as CSV' on app.acme.com"
# → search_library
# Every target-bearing call is checked against your consent allowlist first;
# an unauthorized host returns 403 before a browser ever launches.MCP server questions
What is the Twin Browser MCP server?
It is a Model Context Protocol server that exposes Twin Browser as native tools to any MCP client (Claude Desktop, Claude Code, and others). It communicates over stdio and forwards calls to the consent-gated execution engine, so an AI can compile skills, run goals, replay them deterministically, search the shared skill library, solve CAPTCHAs and record runs.
How do I connect Twin Browser to Claude?
Add a "twin-browser" entry to your MCP client config pointing at "node src/exec/mcp-server.js" with EXEC_URL and EXEC_SHARED_SECRET set (and WEB_BASE_URL + TWIN_API_KEY to enable the shared-library search). Claude Desktop uses claude_desktop_config.json; Claude Code uses "claude mcp add".
Does the MCP server re-run the LLM on every call?
No. run_skill replays a compiled skill deterministically with no LLM, and compile_skill discovers a path once and minimizes it for reuse — so repeated tasks avoid the per-run model cost.
Is the MCP server consent-gated?
Yes. Every target-bearing tool checks the requested host against your per-tenant allowlist before a browser launches; an unauthorized target returns 403. There is no bypass.