New capability
Your web app becomes an agent tool surface
s-m-r-t generates WebMCP tools from the same model actions and field metadata as MCP, then registers them with the browser for in-page agents to discover and invoke.
One tool vocabulary, in the server and the page
The core descriptor builder emits the same stable tool names, descriptions, and JSON Schema inputs for Node MCP and browser WebMCP. A product_list tool means the same thing on both surfaces; list and get are marked with the WebMCP read-only hint.
- One generated descriptor per exposed collection action.
- CRUD tools cover list, get by ID or slug, create, update, and delete.
- Unsupported browsers and server rendering safely receive a no-op disposer.
Register only the tools this page should offer
Pass the generated web collection definitions to registerWebMcpTools. A filter can narrow the page to read-only tools or any other deliberate subset, and the returned disposer removes every registration together.
import { collectionDefinitions } from '@happyvertical/smrt-virt-web';
import { registerWebMcpTools } from '@happyvertical/smrt-web';
const dispose = registerWebMcpTools(
Object.values(collectionDefinitions),
{ filter: (_definition, tool) => tool.readOnly }
);
// Remove this page's tools when the surface unmounts.
dispose();The page session is the security boundary
WebMCP execution reuses the generated REST fetchers as the authenticated page user. REST authentication, tenant gates, writable-field rules, sensitive-field policy, and operation permissions are enforced in their existing server boundary rather than copied into browser tool code.
The first slice is deliberately honest
Generated CRUD actions are wired today. Custom model actions already receive descriptors, but their browser execution currently returns a clear not-wired response until they join the shared client collection path.