Playwright offers explicit agent modes (CLI, MCP, Library) that expose different execution boundaries for LLM-driven automation. The technical question is not whether browser automation works for agents. It’s why Playwright emits JavaScript execution contexts instead of shell commands, and what that reveals about state management, isolation, and the DOM as a shared memory space.
The Four Install Paths and Their Execution Models
Playwright offers four distinct entry points, each with different isolation guarantees:
| Mode | Install | Execution Boundary | State Persistence | Best For |
|---|---|---|---|---|
| Test Runner | npm init playwright@latest | Test file scope, auto-cleanup | Per-test isolation | CI/CD pipelines |
| CLI | npm i -g @playwright/cli | Single command invocation | Stateless | Coding agents (Claude, Copilot) |
| MCP | npx @playwright/mcp@latest | MCP server session | Browser context persists across tool calls | LLM-driven multi-step workflows |
| Library | npm i playwright | Script lifetime | Developer-managed | Custom automation scripts |
The CLI mode is the interesting one. It looks like a stateless tool (run a command, get output, exit), but browser automation is inherently stateful. You cannot click a button without first navigating to a page. You cannot extract data without waiting for the DOM to settle. The CLI mode works by emitting JavaScript snippets that a human developer (or coding assistant) can execute in a persistent context, not by running isolated shell commands.
Why JavaScript Execution Contexts, Not Shell Commands
Traditional CLI tools (curl, jq, grep) are stateless by design. Each invocation starts cold, reads input, writes output, exits. Browser automation breaks this model in three ways:
1. The DOM is mutable shared state
Every action (click, type, navigate) mutates the browser’s internal state. If an agent needs to fill a form across multiple steps, the browser context must persist. Restarting the browser between steps means losing cookies, localStorage, session state, and the current page.
2. Async operations require wait handles
Browsers are async by default. A click might trigger a network request, a JavaScript animation, or a lazy-loaded component. Playwright’s auto-waiting logic (wait for element to be visible, enabled, stable) requires a live execution context. You cannot express “wait for this selector to appear” as a shell command without polling or timeouts.
3. Selector resolution happens in the browser
When an agent says “click the submit button,” Playwright resolves that to a DOM node using accessibility roles, text content, or CSS selectors. That resolution happens inside the browser’s JavaScript engine, not in the CLI process. The CLI emits code that runs in the browser context.
Here’s what the CLI mode actually does:
// Agent calls: playwright codegen https://example.com
// Playwright opens a browser and emits this JavaScript:
const { chromium } = require('playwright');
(async () => {
const browser = await chromium.launch({ headless: false });
const context = await browser.newContext();
const page = await context.newPage();
await page.goto('https://example.com');
await page.getByRole('button', { name: 'Submit' }).click();
await browser.close();
})();The CLI is not executing the automation. It’s generating JavaScript that the developer (or coding assistant) executes in a persistent Node.js process. The browser context is the state machine.
MCP Mode: Browser Context as Agent Memory
The MCP (Model Context Protocol) mode makes this explicit. Instead of emitting snippets, Playwright runs as an MCP server that exposes browser actions as tool calls. The browser context persists across multiple LLM turns.
State management flow:
- Agent calls
navigatetool → Playwright opens browser, stores context handle - Agent calls
clicktool → Playwright reuses context, executes action - Agent calls
screenshottool → Playwright captures current page state - Agent calls
closetool → Playwright tears down context
The browser context becomes the agent’s working memory. The DOM is the shared data structure. Each tool call mutates that structure without restarting the browser.
Failure modes:
- If the MCP server crashes, the browser context is lost. The agent must restart from scratch.
- If the agent forgets to call
close, browser processes leak. You need timeout-based cleanup. - If two agents share the same MCP server, they share the same browser context. Race conditions on DOM mutations.
Multi-Step Workflows and State Coordination
The hard problem is coordinating browser state across multiple agent steps when each step might fail, retry, or branch.
Stateless CLI approach (does not persist state):
# Step 1: Navigate
playwright cli navigate https://example.com
# Step 2: Fill form (browser is gone, context lost)
playwright cli fill "#email" "user@example.com"Each CLI call starts a new browser. No state persists.
Stateful Library approach (works, but requires orchestration):
// Agent maintains browser context across steps
const browser = await chromium.launch();
const context = await browser.newContext();
const page = await context.newPage();
// Step 1
await page.goto('https://example.com');
// Step 2 (reuses context)
await page.fill('#email', 'user@example.com');
// Step 3 (still same context)
await page.click('button[type="submit"]');
await browser.close();The agent must manage the browser lifecycle. If the agent crashes between steps, the browser leaks.
MCP approach (works, server manages lifecycle):
{
"steps": [
{"tool": "navigate", "url": "https://example.com"},
{"tool": "fill", "selector": "#email", "value": "user@example.com"},
{"tool": "click", "selector": "button[type='submit']"}
]
}The MCP server owns the browser context. The agent just calls tools. The server handles cleanup on session end.
Isolation Boundaries and Security
Each execution mode has different isolation guarantees:
Test Runner: Fresh browser context per test. No cross-test contamination. Parallel execution with process-level isolation.
CLI: No isolation. Each invocation is independent, but if an agent chains CLI calls, it must manage state externally.
MCP: Session-level isolation. One browser context per MCP session. Multiple agents can connect to different sessions, but each session is single-threaded.
Library: Developer-managed. You can create multiple contexts in the same script, or share a context across scripts via IPC.
Security boundary:
Playwright runs browser actions in the same process as the automation script. If the agent executes untrusted code (e.g., evaluating user input as JavaScript), that code runs with full browser access. There is no sandbox between the agent and the browser.
The MCP mode adds one layer: the MCP server can validate tool calls before executing them. But once a tool call is approved, it runs with full Playwright API access.
Observability: What Happens When an Agent Step Fails
Playwright exposes three observability primitives:
- Trace files: Record every action, network request, and DOM snapshot. Replay failures in the Playwright Inspector.
- Screenshots on failure: Automatic capture when a step times out or throws.
- Video recording: Full session replay, but adds overhead (10-20% slower).
For agent workflows, the trace file is the critical artifact. It shows:
- Which selector the agent tried to click
- Why the selector did not match (element hidden, disabled, detached)
- What the DOM looked like at failure time
- Network requests that might have caused the failure
The MCP mode does not automatically enable tracing. You must configure it in the server setup:
const context = await browser.newContext({
recordVideo: { dir: 'videos/' },
trace: 'on-first-retry'
});Without tracing, debugging agent failures is guesswork. With tracing, you get a deterministic replay.
Deployment Shape: Where Does the Browser Run
Playwright supports three deployment models:
1. Local browser (default): Playwright downloads Chromium, Firefox, and WebKit binaries to ~/.cache/ms-playwright. The browser runs on the same machine as the agent.
2. Remote browser (Playwright Server): Run npx playwright run-server on a separate machine. The agent connects via WebSocket. The browser runs remotely, but the agent still sends JavaScript execution contexts over the wire.
3. Cloud browser (Playwright Cloud, BrowserStack, etc.): The browser runs in a managed service. The agent connects via CDP (Chrome DevTools Protocol). Latency increases, but you get parallelization and cross-browser coverage.
For agent workflows, the remote browser model is the most practical. The agent runs in a stateless Lambda or container. The browser runs in a long-lived VM or Kubernetes pod. The agent sends tool calls over WebSocket. The browser context persists across agent invocations.
Failure mode: If the WebSocket connection drops, the browser context is lost. The agent must detect disconnection and restart the session.
Technical Verdict
Use Playwright’s MCP mode when:
- Your agent needs multi-step browser workflows (login, navigate, extract, submit)
- You want the server to manage browser lifecycle and cleanup
- You can tolerate session-level state (one agent per browser context)
- You need structured tool calls with validation
Use Playwright’s Library mode when:
- You are building a custom orchestration layer (e.g., Temporal, Inngest)
- You need fine-grained control over browser contexts (multiple tabs, multiple browsers)
- You want to embed browser automation in a larger agent system
- You can handle browser lifecycle and error recovery yourself
Use Playwright’s CLI mode when:
- You are a human developer using a coding assistant (Claude Code, GitHub Copilot)
- You need code generation for browser automation tasks
- You will execute the generated JavaScript in your own persistent Node.js process
Avoid using CLI mode for autonomous agents. It generates JavaScript snippets for human execution, not executable commands for agent orchestration. Autonomous agents should use the Library mode (for custom orchestration) or MCP mode (for standardized tool calls).
Avoid stateless CLI invocations for multi-step workflows. Browser automation is inherently stateful. If you need stateless execution, use a headless API (Puppeteer’s page.evaluate, Selenium’s execute_script) and serialize the DOM state between calls. But you will lose auto-waiting, accessibility selectors, and network interception.
The core insight: browser automation for agents is not about running commands. It is about managing a persistent execution context where the DOM is the shared memory and JavaScript is the instruction set. Playwright’s agent modes expose that execution model explicitly.