mech.app
Dev Tools

Agent MCP Studio: Browser-Based Multi-Agent Orchestration Without Local Infrastructure

How a browser-tab MCP system handles agent coordination, state persistence, and tool routing without requiring local servers or Docker containers.

Source: agentmcp.studio
Agent MCP Studio: Browser-Based Multi-Agent Orchestration Without Local Infrastructure

Agent MCP Studio runs multi-agent workflows entirely in your browser tab. No Docker containers, no local servers, no backend persistence. You define MCP tools in Python or SQL, register them in-memory, and let multiple agents coordinate through shared tool access. The runtime uses Pyodide for Python execution and DuckDB WASM for SQL, both sandboxed in the browser.

MCP (Model Context Protocol) is Anthropic’s open standard for connecting AI assistants to data sources and tools, and Agent MCP Studio uses it as the foundation for agent-to-tool communication.

This architecture solves a specific friction point: spinning up agent dev environments typically requires Docker Compose files, environment variables, and port juggling. Agent MCP Studio trades that setup cost for ephemeral state and browser resource limits.

Architecture: WASM Runtimes and In-Memory State

The system runs three sandboxed execution contexts in parallel:

  • Pyodide (Python): Full CPython 3.11 compiled to WebAssembly. Supports async/await, HTTP requests via http_request shim, and standard library imports.
  • DuckDB WASM: SQL engine with in-memory tables. Supports CSV/JSON ingestion, window functions, and CTEs.
  • Embeddings engine: Runs small transformer models (e.g., all-MiniLM-L6-v2) in-browser for RAG workflows.

All three share a single JavaScript event loop. Tool calls from agents are routed through a central dispatcher that serializes execution per runtime. If Agent A calls a Python tool while Agent B calls a SQL tool, both run concurrently. If both call Python tools, they queue.

State lives in browser memory:

  • Tool registry: AST-parsed tool manifests (name, parameters, description) stored in IndexedDB.
  • Conversation history: Agent messages and tool results kept in a JavaScript array, capped at 100 turns per agent.
  • DuckDB tables: Persist across tool calls within a session but vanish on tab close.

No backend means no cross-session persistence. Refreshing the page resets everything except registered tools (which reload from IndexedDB).

Tool Registration: JIT Execution Model

You write tools in natural language or raw code. The LLM (OpenAI or local WASM model) generates Python or SQL, then the system parses the AST to extract the tool manifest:

# Generated Python tool
async def github_user(username: str) -> dict:
    """Fetch GitHub user profile."""
    url = f"https://api.github.com/users/{username}"
    response = await http_request("GET", url)
    if response.status == 404:
        return {"error": "User not found"}
    data = response.json()
    return {
        "name": data["name"],
        "bio": data["bio"],
        "public_repos": data["public_repos"],
        "followers": data["followers"],
        "location": data["location"],
        "created_at": data["created_at"]
    }

The AST parser extracts:

  • Function name (github_user)
  • Parameters with types (username: str)
  • Docstring (becomes tool description)
  • Return type hint

This manifest gets stored. The source code is cached but not executed until an agent invokes the tool. That’s the JIT (just-in-time) model: registration is metadata-only, execution happens on-demand.

Security boundary: Pyodide runs in a separate worker thread with no DOM access. HTTP requests go through a whitelist (MCP_ALLOWED_HOSTS). SQL queries cannot call external APIs.

Multi-Agent Coordination: Shared Tools, No Message Bus

Agents do not talk to each other directly. They coordinate by:

  1. Calling shared tools: Agent A writes data to a DuckDB table, Agent B queries it.
  2. Reading conversation history: Each agent sees its own history plus a shared “context” object with cross-agent state.
  3. Explicit handoff tools: You define a handoff_to_agent_b tool that appends a message to Agent B’s queue.

There is no pub/sub or message bus. If you want Agent A to trigger Agent B, you write a tool that modifies Agent B’s input queue. This keeps the orchestration explicit and avoids hidden dependencies.

Example handoff tool:

async def handoff_to_analyst(task: str) -> dict:
    """Pass a task to the analyst agent."""
    agent_queues["analyst"].append({
        "role": "user",
        "content": f"New task from coordinator: {task}"
    })
    return {"status": "handed_off", "agent": "analyst"}

The coordinator agent calls this tool, the analyst agent’s next turn sees the new message. No background threads, no event loop magic.

State Management Trade-Offs

The browser-only approach trades persistence and concurrency for zero setup friction:

AspectBrowser-Only ApproachTraditional Backend
Setup frictionZero (open URL)Docker Compose, env vars, port mapping
State persistenceLost on tab closePostgres, Redis, S3
ConcurrencySingle event loop, queued tool callsMulti-threaded, parallel execution
Resource limits~2GB browser memory, DuckDB WASM ~500MB capServer RAM, GPU, distributed workers
Security boundaryWASM sandbox, CORS, host whitelistNetwork policies, IAM, secrets manager
ObservabilityBrowser DevTools, console logsStructured logs, traces, metrics

The browser model works for:

  • Prototyping multi-agent workflows before deploying to production infrastructure.
  • Demos and tutorials where setup friction kills adoption.
  • Single-user workflows with ephemeral state (e.g., research assistant that doesn’t need memory across sessions).

It breaks down for:

  • Long-running agents that need to survive page refreshes.
  • High-concurrency workloads (browser event loop is single-threaded).
  • Large datasets (DuckDB WASM caps out around 500MB in-memory).

Deployment: Export to Docker

When you’re ready to deploy, the system exports a production MCP server:

  1. Click “Export MCP Server” to download a zip with:

    • server.py (FastMCP server with all registered tools)
    • Dockerfile (multi-stage build with Pyodide and DuckDB)
    • .dockerignore and README.md

  2. Build and run:

cd agent-mcp-server-2026-05-21
docker build -t agent-mcp-export .
docker run --rm -i \
  -e MCP_ALLOWED_HOSTS='api.github.com,*.githubusercontent.com' \
  agent-mcp-export
  1. Wire it to Claude Desktop or any MCP client:
{
  "mcpServers": {
    "agent-mcp-studio-export": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "agent-mcp-export"]
    }
  }
}

The exported server defaults to stdio transport (Claude Desktop standard). For HTTP deployment (Fly.io, Railway, Cloud Run), the README includes a FastAPI wrapper.

Observability: Browser DevTools and Console Logs

Debugging happens in the browser:

  • MCP Console tab: Shows tool calls, arguments, results, and errors in real-time.
  • Network tab: Inspect HTTP requests made by Python tools (via http_request shim).
  • Application tab: View IndexedDB contents (tool registry, conversation history).
  • Console logs: Pyodide and DuckDB emit structured logs to console.log.

No distributed tracing, no metrics backend. For production observability, the exported Docker server includes OpenTelemetry hooks (commented out by default).

Failure Modes

Browser crashes: If the tab runs out of memory (common with large DuckDB tables or many agents), everything resets. Mitigation: export tools frequently, keep datasets small.

Circular dependencies: If Agent A calls a tool that triggers Agent B, which calls a tool that triggers Agent A, you get an infinite loop. The system does not detect cycles.

Example circular handoff:

# In Agent A's tools
async def handoff_to_b(task: str) -> dict:
    agent_queues["agent_b"].append({"role": "user", "content": task})
    return {"status": "handed_off"}

# In Agent B's tools
async def handoff_to_a(task: str) -> dict:
    agent_queues["agent_a"].append({"role": "user", "content": task})
    return {"status": "handed_off"}

If Agent A calls handoff_to_b with a task that causes Agent B to call handoff_to_a, both agents ping-pong forever. Mitigation: design handoff tools with explicit termination conditions (e.g., if depth > 3: return {"error": "max_depth"}).

CORS blocks: Python tools that call third-party APIs hit CORS restrictions. Mitigation: use a CORS proxy or export to Docker where CORS doesn’t apply.

Slow LLM calls: If you use the in-browser LLM (WASM model), tool generation is noticeably slower than API calls. Mitigation: use OpenAI API for tool generation, switch to local model only for inference.

Technical Verdict

Use Agent MCP Studio when:

  • You’re prototyping workflows with fewer than 5 concurrent agents, datasets under 500MB (DuckDB WASM hard limit), and session durations under 1 hour.
  • You’re teaching MCP concepts in workshops or demos where Docker setup kills momentum.
  • Your agents coordinate through shared SQL tables or ephemeral handoff queues, and session persistence isn’t required.
  • You want to validate tool definitions before committing to server infrastructure.

Avoid it when:

  • You need agents to survive page refreshes or maintain state across days (use Postgres + FastMCP on a server instead).
  • Your workflow involves more than 5 concurrent agents or datasets exceeding 500MB (browser memory limits and single event loop will bottleneck).
  • You require distributed tracing, structured logging, or production-grade observability (export to Docker and wire in OpenTelemetry).
  • Your agents call high-latency external APIs in tight loops (single event loop serializes all Python tool calls).

The browser-only model is a prototyping sandbox, not a production runtime. The export path to Docker is where real deployments begin.