tapsite

The MCP server for web intelligence extraction. 55 tools that give AI agents the ability to understand websites — not just drive a browser, but extract structured intelligence about design systems, accessibility, performance, content, and more.

Other MCP browser tools let agents click buttons. tapsite lets agents extract a complete color palette, audit WCAG contrast ratios, diff two sites' design tokens, detect tech stacks, or pull structured data with custom CSS/XPath/regex selectors — all as structured JSON that agents can reason about.

55 Tools · 11 Categories · 4 Workflows · Multi-Format Export

Works with Claude, Cursor, Windsurf, and any MCP-compatible AI agent. LangChain/LangGraph integration coming soon.

View the full docs site →

Installation

# Quick start (no install required)
npx -y tapsite

# Or install globally
npm install -g tapsite
npx playwright install chromium
npx playwright install-deps chromium

Add to your AI agent's MCP config:

{
  "mcpServers": {
    "tapsite": {
      "command": "npx",
      "args": ["-y", "tapsite"]
    }
  }
}

First run: Playwright will install Chromium automatically if not already present (~150MB one-time download).

Also available on the MCP Registry and Glama.

What makes tapsite different

Other browser MCPs	tapsite
Click buttons	Extract full design systems
Fill forms	Audit WCAG accessibility
Take screenshots	Diff sites over time
Read raw HTML	Detect tech stacks & APIs
	Custom CSS / XPath / regex extraction
	Anti-bot resilience & proxy rotation

Extract design systems — colors, fonts, spacing scales, breakpoints, components, shadows, icons, CSS variables, and contrast ratios from any website. Output as structured JSON or W3C design tokens.

Audit quality — accessibility scoring with WCAG contrast analysis, performance timing (Core Web Vitals), tech stack detection, dark mode support, and animation inventory.

Compare and track — diff two sites side by side, or track a single site over time with snapshot-based temporal diffs. Regressions and improvements are flagged automatically. Disk caching means crawls resume where they left off, and results are reused across sessions.

Work behind login walls — persistent browser sessions with full MFA support. A 3-tier anti-bot escalation system handles protected sites automatically — from stealth scripts to proxy rotation. Log in once manually, then extract across tool calls without re-authenticating. Credentials never enter the chat.

Tools (55)

Session (8)

Tool	Description
tapsite_login_manual	Open headed browser for manual login + MFA
tapsite_login_check	Verify authenticated session state
tapsite_inspect	Navigate to URL and inspect the DOM (nav, headings, buttons, forms, tables, links)
tapsite_screenshot	Take a screenshot of the current page
tapsite_interact	Click or fill an indexed element from the last inspect
tapsite_scroll	Scroll the page
tapsite_run_js	Execute arbitrary JavaScript and return the result
tapsite_close	Close the browser session

Content Extraction (6)

Tool	Description
tapsite_extract_table	Extract a specific table as structured data
tapsite_extract_links	Extract all links with text and href
tapsite_extract_metadata	Extract page metadata (title, description, OG tags, etc.)
tapsite_extract_content	Extract main readable content (article body, headings, paragraphs)
tapsite_extract_forms	Extract all forms with fields, labels, and actions
tapsite_extract_markdown	Extract page content as clean Markdown (raw, fit, or citations mode) with optional chunking

Custom Extraction (2)

Tool	Description
tapsite_extract_custom	Extract structured data using custom schemas (CSS selectors, XPath, or regex)
tapsite_extract_schema_suggest	Analyze page DOM and auto-suggest extraction schemas

Design Tokens (5)

Tool	Description
tapsite_extract_colors	Extract color palette (hex values + usage counts)
tapsite_extract_fonts	Extract font families, sizes, weights
tapsite_extract_css_vars	Extract CSS custom properties
tapsite_extract_spacing	Extract spacing scale values
tapsite_extract_shadows	Extract box-shadow and text-shadow patterns

Visual Assets (4)

Tool	Description
tapsite_extract_images	Extract all images with src, alt, dimensions
tapsite_download_images	Download images to local output directory
tapsite_extract_svgs	Extract inline SVGs
tapsite_extract_favicon	Extract favicon URLs and sizes

Layout Intelligence (3)

Tool	Description
tapsite_extract_layout	Extract layout tree (inline text representation)
tapsite_extract_components	Detect repeated UI components and patterns
tapsite_extract_breakpoints	Extract responsive breakpoints from CSS media queries

Quality & Compliance (7)

Tool	Description
tapsite_extract_a11y	Accessibility audit (ARIA, roles, contrast issues)
tapsite_extract_contrast	Audit WCAG contrast ratios between text and background
tapsite_extract_perf	Extract performance metrics (Core Web Vitals, resource sizes)
tapsite_extract_security	Audit security headers (CSP, HSTS, SRI, permissions policy)
tapsite_extract_darkmode	Detect dark mode support and extract dark palette
tapsite_extract_pwa	Detect PWA support (manifest, service worker, installability)
tapsite_extract_i18n	Extract internationalization signals (lang, hreflang, translations)

Technology Detection (10)

Tool	Description
tapsite_extract_stack	Detect frontend framework, libraries, and tech stack
tapsite_extract_animations	Extract CSS animations and transitions
tapsite_extract_icons	Detect icon libraries and extract icon usage
tapsite_extract_graphql	Detect GraphQL endpoints and introspect schemas
tapsite_extract_aiml	Detect AI/ML integrations (models, embeddings, inference endpoints)
tapsite_extract_canvas	Extract canvas and WebGL usage patterns
tapsite_extract_wasm	Detect WebAssembly modules and usage
tapsite_extract_web_components	Detect custom elements and shadow DOM usage
tapsite_extract_third_party	Inventory third-party scripts, trackers, and services
tapsite_extract_storage	Audit client-side storage (cookies, localStorage, sessionStorage, IndexedDB)

Network & API (2)

Tool	Description
tapsite_capture_network	Capture network requests during a page load
tapsite_extract_api_schema	Infer API schema from observed network traffic

Multi-page (2)

Tool	Description
tapsite_crawl	Crawl multiple pages from a start URL
tapsite_diff_pages	Compare two URLs (cross-site) or track changes over time (temporal) using real extractors

Export (2)

Tool	Description
tapsite_export	Export inspection results as JSON + Markdown + HTML report + CSV tables + screenshots
tapsite_export_design_report	Full design system report: report.html (visual), design-tokens.json (W3C format), design-tokens.css (copy-pasteable :root vars)

Engine

Resilient extraction engine. Parallel browser pooling for concurrent page extraction. Persistent disk caching — crawls resume where they left off and results are reused across sessions. 3-tier anti-bot escalation with automatic proxy rotation for protected sites.

Workflows (4)

Tool	Description
tapsite_teardown	Comprehensive competitive design teardown (all extractors)
tapsite_audit	Pre-launch quality audit (a11y, contrast, perf, SEO, darkmode)
tapsite_harvest	Inventory all site assets (images, SVGs, forms, fonts, links)
tapsite_designsystem	Extract design tokens as W3C JSON and CSS variables

LangChain / LangGraph integration (coming soon)

Native LangChain and LangGraph integration is on the roadmap. When released, it will provide a dedicated Python wrapper with tool subsets and managed session lifecycle.

Security

Prompt injection defense (hidden element filtering + output sanitization), HTTPS enforced, private IPs blocked, auth headers redacted. Credentials never enter the chat — log in manually with full MFA support.

Prompt injection defense

Extractors skip hidden elements (display:none, visibility:hidden, opacity:0, zero-size, clip-hidden) to prevent invisible text injection. All output is scanned for prompt injection patterns — instruction overrides, role hijacking, exfiltration attempts, and tool manipulation are flagged inline as [INJECTION_DETECTED].

Credential safety

Never pass credentials through the chat. Use tapsite_login_manual to open a headed browser, log in manually (including MFA), then tapsite_login_check to confirm. Credentials never touch the AI provider's servers or local transcripts.

Docker

tapsite ships a Dockerfile and docker-compose.yml for headless-only use — CI pipelines, server deployments, or anywhere you don't want a local Node.js install.

docker build -t tapsite .
docker compose up

tapsite_login_manual is not available in Docker (it requires a display). To use authenticated sessions in Docker, log in locally first, then mount the profiles/ directory into the container:

volumes:
  - ./output:/app/output
  - ./profiles:/app/profiles

Security note: profiles/ contains live session cookies. Don't commit it to version control (it's already in .gitignore).

Development setup

git clone https://github.com/mgriffen/tapsite
cd tapsite
npm install
npx playwright install chromium
npx playwright install-deps chromium

MCP config pointing to local source:

{
  "mcpServers": {
    "tapsite": {
      "command": "node",
      "args": ["/absolute/path/to/tapsite/src/server.js"]
    }
  }
}

Project structure

src/
  server.js        — MCP server entry point
  browser.js       — shared Chromium context (ensureBrowser, closeBrowser)
  helpers.js       — shared helpers (safeNavigate, summarizeResult, indexPage)
  sanitizer.js     — prompt injection detection
  diff.js          — per-extractor diff logic and extractor name/args mapping
  snapshots.js     — temporal snapshot I/O (saveSnapshot, loadLatestSnapshot)
  browser-pool.js  — parallel browser context pooling
  cache.js         — persistent disk caching with TTL
  markdown.js      — HTML-to-Markdown converter (raw/fit/citations)
  chunker.js       — LLM-friendly text chunking (fixed/semantic/sentence)
  content-filter.js — BM25 relevance filtering
  anti-bot.js      — block detection and tier escalation
  proxy.js         — proxy rotation with failure tracking
  stealth-setup.js — Puppeteer-extra stealth plugin registration
  extraction-strategies.js — CSS/XPath/regex flexible extractors
  extractors.js    — browser-context extraction functions (page.evaluate())
  exporter.js      — file export: JSON, Markdown, HTML, CSV
  inspector.js     — DOM extraction for inspect tools
  cli.js           — standalone CLI (login, inspect, session)
  config.js        — paths and defaults
  tools/
    session.js     — login, inspect, screenshot, interact, scroll, run_js, close
    extraction.js  — all extract_* tools
    network.js     — capture_network, extract_api_schema, extract_stack
    multipage.js   — crawl, diff_pages
    export.js      — export, export_design_report
    workflows.js   — teardown, audit, harvest, designsystem
profiles/          — browser state / session cookies (gitignored)
output/            — export results + snapshots (gitignored)

Output formats

• output/run-{timestamp}/ — tapsite_export: JSON, Markdown, HTML, screenshots, CSV tables
• output/design-report-{timestamp}/ — tapsite_export_design_report: report.html, design-tokens.json, design-tokens.css
• output/snapshots/{domain}/ — tapsite_diff_pages temporal snapshots

License

MIT