Add browser session parity options to MCP

[IlyaasK]

Summary

• extend manage_browsers create with SDK 0.58 browser-session options: start_url, chrome_policy, gpu, and telemetry category controls
• add manage_browsers update for supported session settings: disable_default_proxy, proxy/profile updates, viewport updates, and telemetry updates
• replace the previous untyped create params object with SDK-derived request types and small builders for profile, viewport, and telemetry payloads

Validation

• bunx prettier --write src/lib/mcp/tools/browsers.ts
• git diff --check
• KERNEL_CLI_PROD_CLIENT_ID=dummy-prod KERNEL_CLI_STAGING_CLIENT_ID=dummy-staging KERNEL_CLI_DEV_CLIENT_ID=dummy-dev NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_Y2xlcmsuZXhhbXBsZS5jb20k bun run build
• localhost MCP smoke against http://127.0.0.1:3002/mcp with API_BASE_URL=http://127.0.0.1:3001: initialized MCP, verified manage_browsers was listed, created a short-lived headless browser with start_url, chrome_policy, telemetry, and viewport options, updated telemetry/viewport through the new update action, retrieved it, and deleted it

Notes

• Attempting disable_default_proxy: true through the same localhost MCP path reached the API but the local backend returned 500 proxy swap did not complete; browser cleanup succeeded. The MCP request wiring is present, but that backend behavior was not green in local smoke.

---

Note

Medium Risk
Changes how browser sessions are created and mutated over MCP (proxies, profiles, telemetry, Chrome policy), which can affect live sessions and routing behavior if misused, though validation limits wrong-action fields.

Overview
Extends the MCP manage_browsers tool so agents can align with newer Kernel browser-session APIs: update is added alongside create/list/get/delete, and create gains start_url, chrome_policy, gpu, and granular telemetry controls.

Create and update now share typed helpers (SDK-derived BrowserCreateParams / BrowserUpdateParams) that build profile, viewport, and telemetry payloads, with actionFieldError rejecting fields used on the wrong action (e.g. extensions only on create). Update supports proxy changes (clear_proxy, disable_default_proxy), profile/viewport/telemetry tweaks, and viewport_force; invalid combinations return clear text errors instead of ad-hoc inline checks for viewport pairing.

^{Reviewed by Cursor Bugbot for commit de97ef4. Bugbot is set up for automated code reviews on this repo. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
mcp	Ready	Preview, Comment	May 29, 2026 11:01pm

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit de97ef4. Configure here.}

[cursor]

Update omits falsy response guard

Medium Severity

The new update action serializes the result of client.browsers.update without checking it, unlike create and get in the same tool. When the client returns a falsy session (as create and retrieve already handle), JSON.stringify can yield a non-string text value and the caller gets a broken or misleading tool result instead of a clear failure message.

 

^{Reviewed by Cursor Bugbot for commit de97ef4. Configure here.}

[firetiger-agent]

Monitoring Plan: manage_browsers MCP Tool — Update Action & New Parameters

What this PR does: Enables AI agents using the Kernel MCP server to update live browser sessions — changing proxy, profile, viewport, and telemetry settings mid-session — and adds new create-time parameters (start_url, chrome_policy, gpu, and granular telemetry flags).

Intended effect:

• PATCH /browsers/{id} traffic via MCP: baseline 0 MCP-originated PATCH requests; confirmed if update calls reach the API without errors after first agent use.
• POST /browsers error rate: baseline 0–1 errors/hr; confirmed if rate stays below 5/hr after deploy (new create fields pass through cleanly).

Risks:

• PATCH /browsers 500s — /browsers/{id} error spans in API traces; alert if errors exceed 10/hr for 2+ consecutive hours (baseline 0–3/hr).
• POST /browsers regression — new create fields (gpu, start_url, chrome_policy) use typed SDK params instead of Record<string, unknown>; alert if POST /browsers errors exceed 20/hr sustained (baseline 0–1/hr typical).
• Railway 500s on browser paths — alert if Railway HTTP 500s on /browsers% exceed 10/hr (baseline 0–3/hr).
• Viewport/telemetry validation exceptions — buildViewportBase / buildTelemetry throw on invalid param combos; alert if new ERROR log patterns containing viewport_width and viewport_height must be provided or telemetry_enabled=false cannot be combined appear.

Status updates will be posted automatically on this PR as monitoring progresses.

View monitor