Nanobrowser

Open-source Chrome extension for AI-powered web automation — run multi-agent browser workflows locally using your own LLM API keys, free from cloud subscriptions.

13.4Kstars
1.4Kforks
Apache License 2.0
TypeScript

Nanobrowser is an open-source Chrome extension that transforms your browser into a fully local AI web automation engine. By running entirely inside your browser using your own LLM API keys, it eliminates the need for expensive cloud-based automation services like OpenAI Operator, giving you complete control over your data, credentials, and automation logic.

At its core, Nanobrowser employs a multi-agent architecture where a Planner agent and a Navigator agent collaborate to execute complex web tasks from natural language prompts. The Planner reasons about the high-level goal, decomposes it into actionable steps, and self-corrects when obstacles arise. The Navigator executes those steps in the browser—clicking elements, filling forms, scrolling, switching tabs—by reasoning over a semantically enriched DOM tree rather than raw screenshots.

The extension supports a wide range of LLM providers including OpenAI, Anthropic Claude, Google Gemini, Groq, Cerebras, Ollama, DeepSeek, xAI Grok, Llama, and any custom OpenAI-compatible endpoint. Users can assign different models to different agents to balance performance against cost. For privacy-conscious users, running Ollama locally means no data ever leaves their machine.

Built as a Turbo-managed pnpm monorepo with React 18, TypeScript, Vite, and LangChain.js, Nanobrowser is designed for extensibility. A custom HMR Vite plugin enables hot-reloading of content scripts during development—working around a fundamental Chrome extension constraint—and a security guardrails module actively sanitizes untrusted web content to defend against prompt injection attacks.

What You Get

  • Multi-Agent Execution Engine - A Planner agent and Navigator agent collaborate in real time: the Planner decomposes goals and self-corrects when blocked, while the Navigator executes precise browser actions (clicks, input, scrolling, tab switching) against a semantically structured DOM tree.
  • Interactive Side Panel Chat - A persistent React-based sidebar embedded in Chrome displays live agent status, step-by-step progress, and task output, letting you monitor and interact with automations as they run without leaving the browser.
  • Contextual Follow-Up Questions - After any automation completes, ask natural language follow-up questions about the results (e.g., “What’s the average rating across these products?”) without re-running the full workflow.
  • Conversation History and Session Management - All past automation sessions are persisted using Chrome storage, making it easy to review, replay, or build upon prior interactions directly from the extension panel.
  • Broad LLM Provider Support - Connect to OpenAI, Anthropic, Google Gemini, Groq, Cerebras, Ollama, DeepSeek, xAI Grok, Llama, or any custom OpenAI-compatible endpoint, with per-agent model assignment so you can mix a powerful planner with a fast, cheap navigator.
  • Text File Attachment Support - Attach local text files directly to the chat interface to provide context, instructions, or reference data for automation tasks without manually pasting content.
  • Security Guardrails - A built-in sanitization layer detects and blocks prompt injection attempts, zero-width character tricks, and task override attacks in untrusted web content before it reaches the LLM.
  • Local Model Privacy Mode - Run entirely offline with Ollama-hosted models like Qwen3 or Mistral Small, ensuring no data is transmitted to external servers and achieving complete data sovereignty.

Common Use Cases

  • Automated web research - A product manager instructs Nanobrowser to scan GitHub for trending Python repositories by stars and recent activity, compiling a structured summary without manual browsing or note-taking.
  • E-commerce comparison shopping - A consumer asks Nanobrowser to search Amazon for portable Bluetooth speakers under $50 with water resistance and at least 10 hours of battery life, automatically comparing specs across matching listings.
  • Daily news briefing aggregation - A journalist automates a morning routine where Nanobrowser pulls the top 10 headlines from TechCrunch or Hacker News, summarizes them, and outputs the results to the chat panel for quick review.
  • Privacy-first local automation - A developer runs automation workflows entirely through a local Ollama instance hosting Qwen3-30B-A3B, ensuring sensitive web sessions—banking, internal tools, private research—never involve external API calls.
  • Form filling and repetitive data entry - An operations analyst automates repetitive form submissions across internal web tools by providing structured input via the chat interface, letting the Navigator handle field detection and submission.
  • Competitor monitoring - A startup team schedules regular Nanobrowser sessions to check competitor pricing pages, changelog entries, and job postings, building an automated intelligence feed without paying for dedicated monitoring SaaS.

Under The Hood

Architecture Nanobrowser is structured as a Turbo-orchestrated pnpm monorepo with a clear separation of concerns across its workspace packages. The core background service worker hosts the multi-agent execution engine—an Executor class that instantiates and coordinates a PlannerAgent and NavigatorAgent, each extending a typed BaseAgent abstraction. Execution state flows through a dedicated EventManager using typed event types and actor identifiers, providing a decoupled pub/sub channel between the agent engine and the React UI. A BrowserContext class manages tab registration and page attachment, isolating all Chrome API interactions from agent logic. Shared packages—storage, i18n, schema-utils, ui, hmr, vite-config—enforce consistent patterns across the extension’s multiple surfaces including the side panel, options page, and content scripts. The primary architectural weakness is that agents share a single MessageManager for conversational state, which creates implicit coupling in multi-turn task chains.

Tech Stack The extension is implemented entirely in TypeScript, with React 18 and Vite powering all UI surfaces including the side panel and options page. LangChain.js provides the universal LLM provider abstraction layer, enabling plug-and-play support for OpenAI, Anthropic, Google Gemini, Groq, Cerebras, Ollama, DeepSeek, xAI Grok, and Llama through a unified BaseChatModel interface—with a hand-written response adapter for the Llama API’s non-standard output format. Zod validates structured agent outputs and browser action schemas at runtime. Tailwind CSS with a shared workspace configuration handles styling consistently across all extension surfaces. A custom HMR Vite plugin enables hot module replacement for content scripts, working around Chrome’s restriction on arbitrary script reloading during development. Chrome’s Debugger API and scripting APIs power the browser automation layer, with content scripts injected to build semantically rich, interactive DOM trees.

Code Quality The codebase demonstrates strong TypeScript discipline—Zod schemas define agent output contracts, typed error hierarchies (covering authentication failures, bad requests, rate limits, extension conflicts, and cancellation) replace ad-hoc error swallowing, and abstract base classes enforce consistent interfaces across agent implementations. ESLint with airbnb-typescript rules and Prettier enforce uniform formatting, with Husky pre-commit hooks ensuring linting runs before every commit. Test coverage is limited: a single unit test file covers the security guardrails module with Vitest, testing sanitization correctness, strict/loose mode switching, and threat detection across edge cases including zero-width character injection. The core agent orchestration, DOM traversal, action dispatch, and conversation history modules lack automated tests, which is a meaningful gap for a system operating in an adversarial web environment. Error handling throughout the executor and agent base is explicit and structured, preventing silent failures at LLM call boundaries.

What Makes It Unique Nanobrowser’s most technically distinctive contribution is its security guardrails module, which applies regex-based prompt injection defense—detecting task overrides, hidden instruction patterns, zero-width character attacks, and sensitive data leakage—on all untrusted web content before it enters the LLM pipeline. This is a practical innovation for any browser-native AI agent that interacts with adversarial web pages. The custom Vite HMR plugin solves a genuine developer experience problem in Chrome extension development, where standard hot-reloading mechanisms do not apply to content scripts. The Navigator’s DOM reasoning approach—injecting scripts to build a structured, semantically annotated element tree—provides more deterministic action targeting than screenshot-based approaches. Finally, the per-agent model assignment capability enables cost-performance trade-offs that most single-LLM automation tools cannot match, allowing a heavy reasoning model for planning and a lightweight model for navigation steps.

Self-Hosting

Nanobrowser is licensed under the Apache License 2.0, one of the most permissive open-source licenses available. You can use it commercially, modify the source code, distribute it, and sublicense it without restriction. The only obligations are preserving copyright notices and the license text in any distributions. There is no copyleft requirement, meaning modifications do not need to be released as open source. The disclaimer of liability and warranty clauses are standard and do not impose operational restrictions.

Running Nanobrowser yourself means operating it as a Chrome extension on your own hardware. There is no server infrastructure to deploy—the extension runs in the browser and communicates directly with LLM provider APIs using credentials you supply. Operational responsibility is limited to keeping the extension updated (via the Chrome Web Store or manual zip installs from GitHub releases), managing your API keys securely, and ensuring your chosen LLM providers remain accessible. For teams wanting complete data sovereignty, running a local Ollama instance alongside the extension removes all external network dependencies entirely.

As a community project without a commercial backing entity, Nanobrowser offers no SLAs, enterprise support contracts, or managed update channels. Bug fixes and feature requests move at the pace of open-source contributions. There is no hosted SaaS tier or cloud dashboard—every capability is self-contained in the extension. Organizations with compliance requirements around data handling, audit logging, or guaranteed uptime will need to manage those concerns independently, as the project provides no infrastructure beyond the extension itself.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search