Intent to Experiment: WebMCP
31 views
Skip to first unread message
Chromestatus
2:51 PM (1 hour ago) 2:51 PM
to blin...@chromium.org, be...@chromium.org, d...@chromium.org, khusha...@chromium.org, mas...@chromium.org, mfo...@chromium.org, skman...@chromium.org
Contact emails
khusha...@chromium.org, skman...@chromium.org, be...@chromium.org, mas...@chromium.org, d...@chromium.org, mfo...@chromium.orgExplainer
https://github.com/webmachinelearning/webmcpSpecification
https://webmachinelearning.github.io/webmcp
Design docs
https://docs.google.com/document/d/1ZaQvuj4YnUnoqOfEhbfgFynpDRKk2zZZHavTNJ151gM/edit?tab=t.0#heading=h.ggi78l861caa
https://docs.google.com/document/d/1ycdzuXA-VE8lRDFSArh0Um3PChHV0Hq6Om1MSMG8qPE/edit?tab=t.0#heading=h.edohi3f5z12h
Summary
WebMCP is a proposal for a web API that enables web pages to provide agent-specific paths in their UI. With WebMCP, agent-service interaction takes place via app-controlled UI, providing a shared context available to app, agent, and user.
Blink component
Blink>Agentic Platform>WebMCPWeb Feature ID
navigator.modelContext (WebMCP)
Search tags
WebMCPTAG review
Spec is being incubated. We will request TAG review before shipping.
TAG review status
PendingGoals for experimentation
For the experiment we are focused on understanding the API ergonomics for agentic workflows across various verticals such as web commerce and productivity. We expect the site owners to implement WebMCP tools in their sites to automate high-value workflows for them and will seek feedback on the functionality of WebMCP. We also plan to gather metrics for tool usage and latency, and assess opportunities for improvements.
Origin Trial documentation link
https://docs.google.com/document/d/1ZaQvuj4YnUnoqOfEhbfgFynpDRKk2zZZHavTNJ151gM/edit?tab=t.0#heading=h.ggi78l861caa
Risks
Interoperability and Compatibility
Given this is a new space and new API - there's no compatibility risk.
Usual risk related to other browser vendors not adopting the API apply. This API is meant to augment capabilities provided by browser add-ons and so non-adoption in other engines would have limited user-impact and thus we consider the risk to be low.
Gecko: No signal
WebKit: No signal
Web developers: No signals Web Framework developers: Have shown a great deal of interest during the developer trial, as evidenced here: https://www.star-history.com/?repos=webmachinelearning%2Fwebmcp&type=date&legend=bottom-right Chrome web store features about 9 different extensions with WebMCP on their title and 4* or more ratings. https://chromewebstore.google.com/search/WebMCP?minimalRating=4
Other signals:
Ergonomics
There is a risk that site authors that wish to incorporate WebMCP tools into their sites will need to duplicate functionality that currently exists to drive the user interface. We're hoping that most imperative WebMCP tools are just thin wrappers around existing code that drives actions on the site, but we are working with framework developers like React to ensure that WebMCP tools can be added without rearchitecting the site logic. We are also offering a declarative version that requires only adding attributes to existing form elements, which is much lighter weight to deploy and does not require any refactoring of existing site functionality. Activation
There are no activation requirements to register WebMCP tools. To execute WebMCP tools does require an agent, either provided by the browser or site author, to formulate and orchestrate tool calls. There are several Chrome extensions already available that allow cloud-LLM-based agents to discover and call WebMCP tools. It is also possible to use the Prompt API to call WebMCP tools using on-device models.Security
Sites may consume and expose sensitive information when their WebMCP tools are called by agents. Agents should implement safeguards to ensure that sensitive information is passed to sites and between origins only under the consent of the user that is supervising them.
LLM-based agents are susceptible to attacks such as indirect prompt injection, which can cause an exploited agent to exfiltrate sensitive information in its context to an attacker. Agents should implement safeguards against prompt injection and related attacks. WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
No information providedOngoing technical constraints
No technical constraints for the experiments. Debuggability
Explicit debugging support through a new WebMCP Chrome DevTools Protocol domain. The domain supports listing registered tools, invoking tools, and logging all calls by agents. Registration issues for declarative tools (e.g., missing names or descriptions) are reported through the Audits domain.
Will this feature be supported on all six Blink platforms
(Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
YesIs this feature fully tested by web-platform-tests?
No
The IDL and basic usage is tested via WPTs. Since the API provides the user agent with the ability to call certain tools, we might need to extend the WPT harness to support this.
DevTrial instructions
https://docs.google.com/document/d/1rtU1fRPS0bMqd9abMG_hc6K9OAI6soUy3Kh00toAgyk/edit?tab=t.0Flag name on about://flags
Experimental Web Platform features
Finch feature name
WebMCP
Requires code in //chrome?
TrueTracking bug
https://crbug.com/445637567Launch bug
https://launch.corp.google.com/launch/4460611Estimated milestones
| Shipping on desktop | 157 |
| Origin trial desktop first | 149 |
| Origin trial desktop last | 156 |
| DevTrial on desktop | 146 |
| Shipping on Android | 157 |
| Origin trial Android first | 149 |
| Origin trial Android last | 156 |
| DevTrial on Android | 146 |
| Shipping on WebView | 157 |
| Origin trial WebView first | 149 |
| Origin trial WebView last | 156 |
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5117755740913664?gate=6226783774703616Links to previous Intent discussions
Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANMmsAtRdyRw1WtO5va0K%3D_adYH-FRh01xvw5%2BosSd_DAq%3D%3DUQ%40mail.gmail.comReady for Trial: https://groups.google.com/a/chromium.org/g/blink-dev/c/bhhOmTGzD5Y/m/PGdM8lF6AQAJ
This intent message was generated by
Chrome Platform Status.
Reply all
Reply to author
Forward
0 new messages