Skip to content

MCP Integration

Guida includes a built-in Model Context Protocol (MCP) server that exposes browser automation as tools. MCP-capable clients can inspect tabs, request browser actions, run scripts, and use workspace tools while Guida keeps approval, domain controls, audit history, and secret isolation visible.

Guida runs MCP browser-control endpoints on loopback (127.0.0.1, port 9315 by default) for local trusted clients. The same embedded server can also expose read-only dashboard endpoints on a private bind address for monitoring. Remote private-network requests cannot call MCP tools.

Remote control over a private network is handled by the separate Remote Ops API, which must be explicitly enabled and uses its own /api/ops/* surface.

The port and optional private bind address are configurable in Settings > MCP Server.

For current streamable HTTP clients, use:

http://127.0.0.1:9315/

Some older MCP client guides may still refer to an SSE-specific URL. Guida maps the MCP server at the root endpoint; use the client transport settings that match your MCP client.

Settings > MCP Server tab showing toggles for Enable MCP Server, Return Script Results to AI, and Audit Logging

MCP settings keep the local server, returned script results, and audit logging explicit.

Claude Code running inside Guida's embedded terminal, editing workspace configuration and running builds

Claude Code can run alongside Guida while the browser, workspace files, and automation tools stay visible.

Over 100 tools are available, organized by category:

CategoryToolsDescription
BrowserNavigate, Click, EnterText, SelectOption, PressKey, ScrollTo, WaitForElement, WaitForDomStable, WaitForReady, GetDom, GetUrl, ExecuteJsPage interaction
Tab ManagementGetTabs, NewTab, CloseTab, CloseAllTabs, SetActiveTab, FindTabByUrlTab control
ScreenshotsScreenshot, ScreenshotElement, ScreenshotFullPageVisual capture
DataStorePut, StorePutMany, StoreGet, StoreList, StoreSearch, StoreQuery, StoreDeletePersistent storage
QueuesQueueEnqueue, QueueDequeue, QueueCommit, QueueAbort, QueueListWork queue operations
SearchSearchIndex, SearchQuery, SearchDeleteFull-text search
WorkersWorkersStart, WorkersRunOne, WorkersStop, WorkersStatusBatch processing
Workflow LedgerListRuns, QueryItems, QueryItemsPage, StageStateCounts, ReconcileRun, RetryItem, DeadLetterItem, ExportHistoryDurable workflow inspection, scalable counts, and recovery
ScriptsExecuteScript, ExecuteScriptAwait, ExecuteScriptFileScript execution
NetworkNetworkSearch, NetworkGetById, NetworkGetResponseBody, WaitForRequestTraffic inspection
LLMLlmPromptLocal LLM inference
CustomGetWorkspaceTools, ExecuteWorkspaceTool, ReloadWorkspaceToolsCustom tools
SecretsSecretsListList secret names and metadata only

Every MCP action passes through three security layers.

MCP navigation domain whitelisting is enabled by default. With Require domain whitelisting for MCP navigation enabled, Navigate and CreateTab calls must target approved domains. When the AI attempts to visit an unapproved domain, Guida creates an approval request with options to block, allow once, allow for the session, or add the domain to the whitelist.

Configure allowed domains at three levels:

  • Session — approved during the current session
  • Workspacedomains.json in the workspace root (see Workspaces)
  • Global — configured in Settings

Wildcard subdomains are supported: *.example.com matches api.example.com, www.example.com, and other subdomains.

The optional Auto-approve navigation to whitelisted domains setting is off by default. When enabled, it only skips the extra tool-approval prompt for Navigate and CreateTab calls whose url is already explicitly whitelisted. It does not auto-approve clicks, typing, scripts, workers, filesystem access, queue/store/search/database operations, or workflow ledger mutations.

Monitored tools require explicit approval before execution. Instead of interrupting work with blocking modal dialogs, Guida shows pending requests in the Approval Center pane and on the toolbar approval indicator.

MCP Approval Center showing a pending navigate approval with exact tool parameters and approve or deny actions

The Approval Center keeps pending MCP requests visible with exact parameters and approve or deny actions.

The agent sees the tool schema, but Guida shows you the exact proposed call before it runs. Default monitored tools include script execution, browser actions, data modification, queue/search operations, task management, and other actions that can change browser or workspace state.

You can approve once or trust a tool for the current session where appropriate. Session trust is cleared when the MCP server restarts.

Every MCP tool call is logged to mcp-audit.db: tool name, parameters, result, duration, and any errors. View the audit trail in the MCP History pane.

The AI agent cannot read, query, or clear its own audit log. This is enforced architecturally; no MCP tools expose the audit database.

MCP History pane showing audit log with tool calls, durations, statuses, and parameter detail panel

The MCP History pane records completed tool calls and lets you inspect the selected call’s parameters and result.

Secret values are never exposed through MCP tools. The SecretsList tool returns only names and descriptions, never decrypted values.

Scripts started via MCP (ScriptTaskOrigin.Mcp) are also blocked from reading secrets through g.secrets.getSecret(). This prevents the exfiltration chain: MCP runs script, script reads secret, script writes to store, MCP reads store.

For more details, see Secrets.

SurfaceUse it forControl level
MCPLocal AI tool access with approval, audit, domain controls, and secret isolationLocal tool execution
Operational Dashboard APIRemote monitoring, health, queue/worker/run snapshots, and SSE invalidationRead-only
Automation ModeDeterministic test harness launch, tab setup, and CDP passthroughTest-only control
Remote Ops APITrusted-channel remote control for workers, queues, tabs, tools, ledger reads, screenshots, and Remote ViewExplicitly enabled remote control
  • Custom Tools — extend the MCP surface with workspace-specific tools
  • Operational Dashboard API — monitor Guida remotely over read-only HTTP and SSE endpoints
  • Automation Mode — launch Guida for CDP-backed test harnesses
  • Remote Ops API — control a Guida node through trusted-channel JSON-RPC
  • Workspaces — configure domains.json for domain whitelisting
  • Secrets — securely use API keys in scripts and custom tools
  • Source Boundaries — understand what is closed, what is public, and where approvals, audit, and secret isolation fit