WinPilot Computer Use MCP
Enables AI agents to control Windows GUI applications like a human using screen capture, OCR, mouse and keyboard input, and window management, with safety levels and memory.
README
WinPilot Computer Use MCP
WinPilot is a Windows computer-use MCP server for Codex-style agents. It operates GUI applications the same way a human does:
- screen capture
- computer vision
- OCR
- mouse movement
- keyboard input
- window management
It intentionally avoids application APIs, browser automation APIs, plugins, extensions, and application integrations. Chrome, Photoshop, Elementor, file dialogs, installers, and desktop apps are all treated as pixels plus OS input.
Status
This repository contains the first production-oriented implementation skeleton:
- MCP tools for observation, element lookup, waiting, input, windows, screenshots, workflows, permissions, and task execution.
- A vision pipeline with OCR, UI primitive detection, scrollable/dialog heuristics, screenshot diffing, annotated screenshots, and a semantic desktop model.
- A guarded executor with per-action safety options, before/after screenshots, human-like mouse motion, keyboard entry, and structured logging.
- Memory and workflow recording so successful layouts and demonstrations can be reused.
Optional advanced detectors such as PaddleOCR, YOLO, OmniParser, Florence2, and Grounding DINO are wired through extension points. The baseline works with local screenshots, OpenCV, Tesseract, and Windows input primitives.
Install
python -m venv .venv
. .venv\Scripts\Activate.ps1
pip install -e ".[dev]"
Install Tesseract OCR separately and make sure tesseract.exe is on PATH.
Optional vision stack:
pip install -e ".[vision]"
Run MCP Server
win-pilot-mcp
Or:
python -m win_pilot_mcp.mcp.server
For a background/local HTTP MCP endpoint:
$env:WIN_PILOT_MCP_TRANSPORT="streamable-http"
$env:WIN_PILOT_MCP_HOST="127.0.0.1"
$env:WIN_PILOT_MCP_PORT="8765"
python -m win_pilot_mcp.mcp.server
Endpoint:
http://127.0.0.1:8765/mcp
Core Loop
Every task is executed as:
- Observe the screen.
- Think and choose one next action.
- Act through mouse, keyboard, or window controls.
- Re-observe.
- Verify the result.
- Retry or recover if needed.
The planner never executes long blind action sequences.
Safety Levels
Actions are classified into:
read_onlystandardfull_controldangerous
Each action accepts:
{
"dryRun": false,
"requireConfirmation": true,
"takeScreenshotBefore": null,
"takeScreenshotAfter": null,
"verificationMode": "auto"
}
The server defaults to standard, which allows normal navigation/input but blocks dangerous
actions unless the permission level is raised. Screenshot verification defaults to auto: low
value actions such as mouse move, scroll, focus, key press, hotkey, and wait skip before/after
screenshots, while uncertain targets, text entry, clicks, drags, window changes, full-control,
and dangerous actions still capture screenshots for accuracy. Set verificationMode to
always or explicit takeScreenshotBefore / takeScreenshotAfter booleans to override.
MCP Tools
Representative tools:
analyze_screenconfigure_optimizationclear_observation_cacheget_performance_statsanalyze_applicationget_desktop_modelget_canvas_stateget_photoshop_stateget_elementor_stateget_browser_stateget_word_stateget_excel_stateget_powerpoint_stateget_vscode_stateget_illustrator_stateget_player_stateget_settings_statelist_supported_appsget_shortcutsrun_app_shortcutget_vision_providersdetect_objectsfind_elementwait_for_elementwait_until_disappearswait_until_stabledetect_state_changescompare_screenshotscapture_screencapture_regioncreate_annotated_screenshotmove_mouse,click,double_click,right_click,drag,drag_and_drop,draw_pathscrolltype_text,press_key,hotkey,hold_key,paste_text,select_alllist_windows,focus_window,maximize_window,resize_windowget_permission_level,set_permission_levelget_memory,remember_preference,remember_element,get_remembered_elementstart_recording,stop_recording,list_workflows,learn_from_user,replay_workflowread_logsrecover_from_unexpected_statedecide_next_actionplan_taskexecute_task
Feature Coverage
- Screen understanding: OCR text, buttons, icons, toolbars, menus, tabs, dropdowns, checkboxes, radio buttons, inputs, dialogs, images, canvas areas, loading indicators, context menus, notifications, file pickers, scrollables, selected elements, and a semantic desktop model.
- Element lookup: text, type, description, image template, color, position, and remembered locations.
- Vision stack: Tesseract/PaddleOCR OCR, OpenCV primitives and similarity, YOLO adapter, and explicit provider hooks for OmniParser, Florence2, and Grounding DINO.
- Input: human-like mouse movement, click variants, scroll, drag/drop, drawing paths, text typing, key presses, hotkeys, key holds, paste, and select-all.
- Windows: list, active window, focus, move, resize, maximize, minimize, and close.
- Screenshots: full screen, region, window, comparison, change detection, annotated captures, and stability waits.
- Agent loop: observe, plan one step, act, verify, recover, and retry.
plan_taskexposes the planned steps;execute_taskexecutes one action at a time with re-observation. - Recovery: detects loading, dialogs, crashes, visible errors, and authentication blocks, then recommends the next recovery action.
- Photoshop and Elementor: screenshot/OCR-only semantic state helpers for panels, canvas, widgets, navigator, publish controls, layers/properties/export dialogs, active tool, and inferred document size.
- Professional app profiles: Word, Excel, PowerPoint, VSCode, Illustrator, media players, Windows Settings, and browsers expose semantic state helpers plus shortcut maps for faster actions without relying on app APIs.
- Shortcut-first control: common commands such as
word bold,excel format_cells,powerpoint new_slide,vscode command_palette,illustrator pen_tool,player play_pause, andsettings open_settingsmap to keyboard shortcuts before falling back to mouse/vision. - Memory and workflows: remembered elements, preferences, action logs, macro recording, human demonstration capture, workflow listing, and replay.
- Safety: read-only, standard, full-control, and dangerous permission levels, plus
dryRun,requireConfirmation, and before/after screenshots on mutating actions.
Project Layout
src/win_pilot_mcp/
mcp/
agent/
vision/
executor/
planner/
memory/
tools/
workflows/
permissions/
logs/
screenshots/
Runtime artifacts are written to runtime/ by default.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.