Multi-session browser MCP server
15 parallel sessions. Full isolation. One server.
What it is
The only MCP that lets you run 15 sessions side-by-side without them stepping on each other's auth or tabs. Open source, runs locally, no cloud account required.
What's in the box
Every tool that ships in v0.6.1, organized by what it actually does. The five at the top are the hero capabilities — the things nobody else can do.
15 isolated BrowserContexts. Separate cookies, fingerprint, viewport, locale, geo, proxy. They never leak state into each other.
session_createSpin up an isolated session with its own everythingsession_listList all active sessions with URLs and idle timesession_destroyClose a session and free its pool slotsession_healthCheck if sessions are alive and responsivepool_statusPool stats, memory, uptime, per-session idle countdownBring your real Chrome cookies. Stay logged in. Skip captcha hell. Sites trust you because you actually are you.
profile_import_from_chromeConnect to your real Chrome via CDP and import its cookiessession_save_profileSnapshot a logged-in session's cookies + storage to disksession_list_profilesList saved auth profilesprofile_listList persistent browser profiles with auth statusprofile_warmBrowse Google/Wikipedia to build trust before reCAPTCHA hitsprofile_deleteWipe a saved profileAccessibility tree snapshots, not raw DOM. Your agent sees @e3 button "Submit" — not 14,000 tokens of div soup. ~5x median token reduction.
navigateGo to URL, return a @e1/@e2 snapshotsnapshotRe-snapshot the current page or a region for fresh refsdiffReturns only what changed since the last snapshotextractPull text, HTML, title, URL, or JS-evaluated value from any elementSee every HTTP request. Block trackers, mock responses, log specific patterns. Reverse-engineer hidden APIs in minutes.
network_logView captured requests/responses with regex filteringnetwork_interceptBlock, log, or mock requests with URL globs — add/remove rules mid-sessionconsole_logView captured browser console messages, filterable by levelapi_discoverList JSON APIs the page called, classified as data/tracking/auth/cdn/adsapi_exportGenerate an OpenAPI v3 spec from observed API trafficPer-domain JSON files that learn selectors, wait strategies, stealth levels, and discovered APIs. Every visit teaches the next one.
domain_knowledgeInspect what Leapfrog has learned per site — visits, selectors, bandit weightssession_memoryRecall actions performed in this session (recovers context after compression)add_init_scriptInject JS that runs before every page loadClick, fill, type, scroll, drag, upload — one verb, every action. Plus power-user escape hatches.
actClick, fill, type, check, select, press, scroll, hover, drag, uploadbatch_actionsRun up to 100 actions in one call with per-step humanization delaysexecuteRun a full Playwright script with {page, context}wait_forWait for element / text / network idle / nav / JS expressionPopups, OAuth, redirects — tracked automatically. Switch by index, or -1 for the most recent.
tabs_listList all tabs in a session, including auto-tracked popupstab_switchSwitch by index, or -1 for the most recent (popup/OAuth handler)tab_closeClose a tab by indexTeach once. Replay forever. Parameterize anything. Export as Playwright code or JSON.
session_exportExport action history as a replayable JSON or Playwright scriptsession_replayReplay with {{placeholder}} overrides and skip-on-errorsession_export_traceExport a Playwright trace.zip viewable at trace.playwright.devThe essentials. Screenshots, paginated walking, and a "tap me in" overlay for when the agent gets stuck.
screenshotCapture page or element as inline base64, optionally save to diskpaginateWalk click-next, infinite scroll, or URL-pattern pagination in one callwait_for_humanPop the @..@ overlay, request human help, block until they click DoneThe flywheel
Stealth tightens when you get blocked. Snapshots shrink when nav stops changing. APIs replace pages once Leapfrog sees them in network traffic. The agent wrote none of it.
Per-domain knowledge files
A JSON dossier per site at ~/.leapfrog/domains/. Visit count, working selectors, learned consent button, discovered APIs. Inspectable, deletable, portable.
EXP3 bandit (4 stealth strategies)
Stealth strategies compete on success rates. Got blocked at level 0? Next session for that domain starts pre-armed at the level that worked.
Heat-map element suppression
Tracks which @eN refs the agent actually clicks. After 10 visits, decorative footer links and unused regions get pruned from snapshots.
Cookie consent learning
Ships with 10 framework rules. Learns new dismissal patterns after 3 successful clicks on the same selector.
Captcha solver
Free tier handles visible reCAPTCHA v2 and Cloudflare checkbox. Hard captchas escalate to a paid provider you configure.
It's not a black box. Stored locally at ~/.leapfrog/domains/. Deletable per domain. Inspectable in your editor. No telemetry, no cloud sync, no account. cat it. rm it. It's just files.
How it stacks up
agent-browser wins on raw token count. browser-use has 81K stars. Stagehand has the best natural language DX. Leapfrog ships the combination nobody else does — and runs entirely on your laptop.
| Leapfrog | Playwright MCP | agent-browser | Stagehand | |
|---|---|---|---|---|
| Parallel sessions | 15 (isolated) | 1 | 1 | Cloud (paid) |
| Session isolation | Full | No | No | Cloud |
| Tokens / page | ~1,400 | ~14,000 | ~300 | ~2,000+ |
| Network intercept | Yes | No | No | No |
| Real browser profiles | Yes | No | No | No |
| Crash recovery | Auto | No | No | Cloud |
| Local-first | Yes | Yes | Yes | No |
| Price | Free (MIT) | Free | Free | Paid tiers |
Ready to jump in?
Works with Claude Code, Cursor, Windsurf — anything that speaks MCP.
One agent was signing up for backlinks. Another was pulling competitor data.
Same browser. Same crash.
That's not a multi-agent workflow. That's a collision.
I needed browsers that couldn't interfere with each other. Not two. Fifteen. Each with its own cookies, its own storage, its own fingerprint. No shared state. No tug of war.
One server. Zero collisions. That's the product.