A protocol that lets AI agents call any browser tool - securely
The Browser Tool Calling Protocol (BTCP) is an open standard that enables AI agents to call tools within the browser through client-defined interfaces. Like MCP, tools are discoverable with schemas for AI awareness - but BTCP tools are defined and executed on the client side, enabling direct access to browser state, DOM, and web applications without server round-trips.
-
Read the BTCP Specification for the complete technical specification, security model, and protocol details
-
Install the Chrome Extension to enable BTCP in your browser
-
Use the JavaScript Client to integrate BTCP into your application
-
MCP users: Run the BTCP MCP Bridge to call browser tools from any MCP-compatible agent
| Option | Description |
|---|---|
| BTCP Server | Deploy the BTCP server on your infrastructure for browser tool coordination |
| BTCP MCP | MCP server bridge to integrate with any MCP-compatible AI agent |
| Option | Description |
|---|---|
| BTCP Client | Integrate the JavaScript client directly into your application |
| Chrome Extension | Install the Chrome extension to expose browser functionality to AI assistants |
| Browser Agent | Browser-based agent utilities for automation |
| Code Mode | Plug-and-play library to enable agents to call BTCP tools via code execution |
BTCP is designed with privacy and security as first-class concerns:
All code is open source under MPL-2.0 - fully auditable and transparent. No hidden behaviors, no proprietary components.
Built-in E2E encryption prevents sensitive information from being exposed to servers or LLMs. Your browser data stays private.
Every tool must declare its required capabilities upfront (network, storage, DOM access, etc.). Users see exactly what each tool can access before granting permission - 100% capability awareness.
┌─────────────────────────────────────────────────────────────────┐
│ Tool "gmail" requests the following capabilities: │
│ │
│ ✓ Network access (mail.google.com) │
│ ✓ Read page content │
│ ✓ Modify page content │
│ │
│ [Allow Once] [Allow Always] [Deny] │
└─────────────────────────────────────────────────────────────────┘
| Repository | Description |
|---|---|
btcp-specification |
The specification for the Browser Tool Calling Protocol |
btcp-client |
Browser Tool Calling Protocol JavaScript client |
btcp-server |
Browser Tool Calling Protocol server |
btcp-mcp |
MCP server bridge for calling browser tools from any MCP-compatible agent |
| Repository | Description |
|---|---|
btcp-chrome |
Chrome extension that exposes browser functionality to AI assistants |
btcp-code-mode |
Plug-and-play library to enable agents to call BTCP tools via code execution |
btcp-browser-agent |
Browser-based agent utilities |
AI agents should be able to call browser-side tools with the same discoverability as server-side tools - but with direct access to browser context and client-defined flexibility.
- Client-defined tools: Tool interfaces are defined on the client, not the server - enabling flexible, context-aware tool providers
- AI-aware schemas: Tools expose schemas for introspection, just like MCP - AI agents can discover available tools and their parameters
- No round-trip tax: Multi-step workflows execute in a single request instead of one round-trip per tool call
- Browser-native: Tools have direct access to browser state, DOM, and web application context
| Aspect | MCP | BTCP |
|---|---|---|
| Tool definition | Server-defined | Client-defined |
| Execution location | Server-side | Browser-side |
| Multi-step operations | O(n) round-trips | O(1) single execution |
| Browser context access | No | Yes |
| Tool discovery | Server exposes schema | Client exposes schema |
- MCP: Server-side operations, database access, external API calls
- BTCP: Browser-side tools, web app automation, client-state operations
They work together: Use MCP for server tools and BTCP for browser tools in the same agent.
BTCP tools are defined by the client (browser) and exposed to AI agents with discoverable schemas:
interface BTCPToolProvider {
namespace: string; // e.g., 'gmail', 'sheets'
getInterface(): ToolInterface; // Schema for AI discovery
getAPI(): Record<string, Function>;
}
interface ToolInterface {
name: string;
version: string;
methods: MethodSchema[]; // AI-readable method definitions
}AI agents can introspect available tools at runtime:
__interfaces // Returns all tool schemas
__getToolInterface('gmail') // Returns specific tool schemaUnlike server-defined tools, BTCP tool providers can be:
- Dynamically registered based on the current page/application
- Customized per user or session
- Extended with application-specific capabilities
BTCP requires a secure sandbox environment that provides:
- Global isolation: No access to
window,document,globalThis, or browser globals - Controlled APIs: Only registered tool providers are accessible
- Frozen interfaces: Tool methods cannot be modified at runtime
- Network isolation: No direct access to
fetch,XMLHttpRequest, or WebSocket
| Limit | Purpose |
|---|---|
| Execution timeout | Prevent infinite loops and runaway code |
| Operation count | Limit tool API calls per execution |
| Code size | Prevent memory exhaustion |
| Result size | Limit response payload |
The protocol is agnostic to the specific sandbox implementation. Compliant implementations may use:
- SES (Secure ECMAScript) compartments
- Web Workers with restricted APIs
- iframe sandboxes
- WebAssembly-based isolates
- Custom JavaScript interpreters
BTCP is transport-agnostic and supports multiple communication channels:
- SSE (Server-Sent Events) - Primary transport for real-time browser communication
- HTTP Polling - Short and long polling for environments without SSE
- WebSocket - Bidirectional streaming for high-frequency interactions
- Direct - Function calls for testing and embedded scenarios
We welcome issues, pull requests, and design discussion. If you'd like to add support for another browser tool provider, sandbox implementation, or framework integration, open a discussion first so we can align on the design!
BTCP is an open-source protocol released under the MPL-2.0 license. If your application needs AI agents that can call browser-side tools with strong security guarantees, we'd love to have you involved!
The protocol is designed to complement existing standards like MCP and UTCP - use BTCP for browser tools while using other protocols for server-side operations.