victauri-browser 0.5.5

Native messaging host for Victauri Browser extension — MCP inspection for any website
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

# victauri-browser

Native messaging host + browser extension that brings [Victauri](https://github.com/runyourempire/victauri)'s MCP inspection to **any website** -- not just Tauri apps.

## How It Works

```
MCP Client → axum HTTP :7474 → Native Messaging (stdio) → Browser Extension → Content Script → Page
```

The Rust binary serves dual roles: HTTP server for MCP clients AND native messaging host for the browser extension. The extension injects a JS bridge into every page, giving agents the same DOM/interaction/inspection tools that `victauri-plugin` provides inside Tauri apps.

## Install

```bash
cargo install victauri-browser
victauri-browser-host install    # Registers native messaging host for Chrome/Edge/Brave/Arc
```

Then load `extensions/chrome/` (or `extensions/firefox/`) as an unpacked extension in your browser.

## Connect

Point any MCP client at `http://127.0.0.1:7474/mcp`, or use the REST API:

```bash
# List available tools
curl http://127.0.0.1:7474/api/tools

# Take a DOM snapshot of the active tab
curl -X POST http://127.0.0.1:7474/api/tools/dom_snapshot
```

## Tools

20 MCP tools available through the extension:

| Tool | What it does |
|------|-------------|
| `dom_snapshot` | Full accessible DOM tree with ref handles |
| `find_elements` | Search by text, role, selector, test ID |
| `click` | Click an element (with actionability checks) |
| `fill` | Set input/textarea value |
| `type_text` | Type character-by-character with key events |
| `press_key` | Dispatch keyboard events (Enter, Tab, Escape, combos) |
| `hover` | Trigger mouse hover events |
| `eval_js` | Execute JavaScript in the page |
| `screenshot` | Capture visible tab as PNG |
| `get_styles` | Computed CSS for any element |
| `get_bounding_boxes` | Pixel measurements with box model |
| `highlight_element` | Visual debug overlay |
| `clear_highlights` | Remove overlays |
| `audit_accessibility` | WCAG compliance check |
| `get_performance` | Navigation timing, heap, resources |
| `wait_for` | Poll for conditions (selector, text, URL) |
| `navigate` | Go to URL, go back |
| `get_cookies` | Read cookies for the current domain |
| `tabs.list` | List open browser tabs |
| `get_plugin_info` | Host version and status |

## Security

- **Localhost only** -- `127.0.0.1`, never `0.0.0.0`
- **Bearer auth** -- optional token via `--token` flag or `VICTAURI_AUTH_TOKEN` env var
- **Rate limiting** -- token-bucket rate limiter
- **Origin guard** -- rejects cross-origin requests
- **Port fallback** -- tries :7474-7484 if the preferred port is taken

## CLI

```bash
victauri-browser-host install      # Register native messaging host
victauri-browser-host uninstall    # Remove registration
victauri-browser-host serve        # Start HTTP server without native messaging
victauri-browser-host version      # Print version
```

## Browser Support

| Browser | Extension | Status |
|---------|-----------|--------|
| Chrome / Edge / Brave / Arc | `extensions/chrome/` | Full support (MV3 + CDP screenshots) |
| Firefox | `extensions/firefox/` | Full support (MV3, `browser.*` namespace, no CDP) |

## Tests

```bash
cargo test -p victauri-browser                         # 99 Rust tests
cd extensions/chrome/tests && npx vitest run           # 163 JS bridge tests
```

## Documentation

Full API docs: [docs.rs/victauri-browser](https://docs.rs/victauri-browser)

## License

Apache-2.0 -- see [LICENSE](../../LICENSE)

Part of [Victauri](https://github.com/runyourempire/victauri). Built by [4DA Systems](https://4da.ai).