Playwright as a testing tool for LLM agents

Playwright MCP is a Model Context Protocol server that Microsoft ships alongside the Playwright library. Instead of exposing a TypeScript API to a human who writes `page.click(...)` in a spec file, it exposes 21 browser tools over stdio to any MCP client, including LLM agents. The tools are named with a `browser_` prefix: `browser_navigate`, `browser_snapshot`, `browser_click`, `browser_type`, `browser_press_key`, `browser_evaluate`, `browser_resize`, `browser_select_option`, `browser_take_screenshot`, `browser_wait_for`, `browser_tabs`, `browser_hover`, `browser_drag`, `browser_file_upload`, `browser_fill_form`, `browser_handle_dialog`, `browser_console_messages`, `browser_network_requests`, `browser_navigate_back`, `browser_run_code`, and `browser_close`. A testing tool sitting on top of that surface does not write locator strings; it asks the agent to produce tool calls that the MCP server translates into Playwright API calls inside the same browser process. You can see this in Assrt at /Users/matthewdi/assrt-mcp/src/core/browser.ts lines 516-668, where every public method forwards directly to `this.callTool("browser_*", ...)`.

Before every action, the agent calls `browser_snapshot`. The snapshot is an accessibility-tree YAML, not a DOM dump. Each element appears as a line with a role, accessible name, and a short reference ID like `[ref=e5]`. The agent passes the ref back into `browser_click` or `browser_type`. That ref lives for exactly one snapshot; the next snapshot generates fresh refs. This is why there is no selector string in the repo and no selector drift between runs. The strategy is codified in the system prompt at /Users/matthewdi/assrt-mcp/src/core/agent.ts lines 198-254, which instructs the agent to call snapshot first, use the ref value in click or type_text, and call snapshot again after each action to refresh refs.

Hard-coded in /Users/matthewdi/assrt-mcp/src/core/browser.ts at line 296. The args array is `[cliPath, "--viewport-size", "1600x900", "--output-mode", "file", "--output-dir", outputDir, "--caps", "devtools"]` where `cliPath` resolves to the Playwright MCP binary and `outputDir` is `~/.assrt/playwright-output`. Three flags matter for the agent loop. `--viewport-size 1600x900` fixes the render size so accessibility trees are deterministic across runs. `--output-mode file` writes every snapshot and screenshot to disk rather than inlining them into the MCP transport, which is the piece that makes the loop actually feasible; a Wikipedia-sized accessibility tree inlined into a Claude response would exceed context, but a file reference plus a truncated excerpt will not. `--caps devtools` enables `browser_start_video` and `browser_stop_video`, which is how Assrt records a per-run video without context-level recordVideo config.

Two practical reasons. First, spec files bake locator strings into the repo. Those strings are the single largest source of flake in a cross-browser or cross-release run; a shadow-DOM traversal quirk, an accessibility-role default, or a CSS class rename silently shifts which node a selector resolves to. The agent loop resolves the target per step from the engine's live accessibility tree, so there is nothing to drift. Second, when a human writes selectors, the repo ends up containing a new set of selectors for every new flow. When an agent reads the accessibility tree per step, the only thing kept in source control is the plan file, phrased in plain English. At /Users/matthewdi/assrt-mcp/src/core/scenario-files.ts lines 16-20, the plan lives at `/tmp/assrt/scenario.md` and is short enough to diff by eye. Grepping /Users/matthewdi/assrt-mcp/src/core/agent.ts for `selector`, `xpath`, `testid`, or `locator` returns no matches.

The default model is Claude Haiku 4.5, pinned as `claude-haiku-4-5-20251001` at /Users/matthewdi/assrt-mcp/src/core/agent.ts line 9. A typical step is one `browser_snapshot` call plus one action call plus one short reasoning turn, which is a few thousand input tokens of accessibility tree and a hundred or so output tokens. At Haiku April 2026 rates that is on the order of a tenth of a cent per step; a five-case scenario with twenty total steps comes out to a couple of cents. Provider is pluggable at /Users/matthewdi/assrt-mcp/src/core/agent.ts lines 342-367, which also supports Gemini via `--provider gemini` and a default of `gemini-3.1-pro-preview`. Neither path requires a cloud testing platform subscription.

A scenario is Markdown. `#Case 1: ...` as a header, dash bullets for steps, `Assert:` lines for checks. The parser at /Users/matthewdi/assrt-mcp/src/core/agent.ts lines 620-631 splits on any of `#Scenario`, `#Test`, or `#Case`. For each scenario the agent gets an initial `browser_snapshot` plus an optional screenshot, and then runs a tool-use loop until it calls `complete_scenario`. During the loop the same browser state carries across scenarios, which is how you chain login into a follow-up test without re-running the credentials flow. Tool calls can also include `assert` (records an assertion in the report), `create_temp_email` (spins up a disposable inbox for OTP flows), and `http_request` (hits an external API to verify a webhook fired).

Two files, every run, at stable paths defined in /Users/matthewdi/assrt-mcp/src/core/scenario-files.ts. `writeResultsFile(runId, results)` on lines 77-84 writes `/tmp/assrt/results/latest.json` (overwritten each run) and `/tmp/assrt/results/<runId>.json` (historical, UUID-keyed). The JSON is a `TestReport` (types.ts lines 28-35) that wraps an array of `ScenarioResult` (lines 19-26); each scenario carries `name`, `passed`, `steps[]`, `assertions[]`, `summary`, and `duration`. The `steps[]` entries record one row per tool call the agent made, with the human-readable action, status, and optional error. That is enough to reconstruct the full trajectory after the fact, and because it is plain JSON you can `jq`, `git add`, or diff two runs with standard unix tools.

Yes. Pass `--extension` to the CLI or set `extension: true` on the MCP tool. The launcher at /Users/matthewdi/assrt-mcp/src/core/browser.ts lines 299-306 skips the profile directory and passes `--extension` through to Playwright MCP, which then attaches to an already-running Chrome via the Playwright MCP Chrome extension. The first time you run in this mode, Chrome shows an approval dialog; the token is saved to `~/.assrt/extension-token` and reused on subsequent runs (resolveExtensionToken in the same file). This is the only way to test behind an authenticated session that uses SSO, 2FA, or a corporate identity provider, because the real browser already carries all the cookies and the fingerprint that the auth flow expects.

The agent calls `wait_for_stable` (agent.ts lines 186-195, handler at lines 956-1009). That tool injects a MutationObserver via `browser_evaluate`, polls `window.__assrt_mutations` every 500ms, and returns once the count has not changed for the configured stable window (default 2 seconds, max 10). This replaces the older pattern of `wait(ms)` with a magic number. It matters for async content: streaming AI responses, skeleton screens, and search results that populate after an XHR. The MutationObserver watches `document.body` with `childList: true, subtree: true, characterData: true`, and cleans itself up when the waiter exits. After it returns, the agent calls `browser_snapshot` again to see the fully-loaded tree.

The agent has two dedicated tools. `create_temp_email` spins up a disposable inbox (DisposableEmail.create in core/email.ts) and returns the address for the signup form. `wait_for_verification_code` polls that inbox for up to 120 seconds and returns the code plus sender metadata. The third piece, at agent.ts lines 233-236, handles the split-input OTP pattern where each digit goes into its own `<input maxlength="1">`. The agent is told to call `browser_evaluate` with a ClipboardEvent + DataTransfer paste against the parent element, not to type each digit one by one; typing into the first field tends to move focus unpredictably on React apps. That one exact expression is baked into the system prompt so every run handles OTP without needing a per-app workaround.

Codegen records a human's clicks into a spec file full of locator strings, which is exactly what this approach moves away from. The artifact a recorder produces is read-only in practice because renaming a class breaks every selector downstream. The artifact Assrt produces is a plain Markdown plan plus a JSON report; the plan is authored in terms of intent ("Click the Sign up button"), not in terms of the DOM that existed on the day you recorded. When the DOM changes on the next deploy, the same plan still runs, because the agent re-reads the accessibility tree per step. The upside of Codegen is speed of initial authoring; the downside is the maintenance tax. The upside of the agent loop is that maintenance flattens, because intent text rots more slowly than selector strings.

Both the Playwright MCP server (Microsoft) and Assrt (MIT, on GitHub at github.com/m13v/assrt-mcp) run locally with no network dependency beyond the LLM provider. You can read every file referenced in this guide on disk. The agent loop, the tool schemas, and the file layout at `/tmp/assrt/` are all local. A hosted runner at app.assrt.ai exists for sharing results in a browser, but it is optional; `assrt run --url ... --plan "..."` with the `--json` flag produces identical reports locally. There is no call home during a run. The npm package itself lists its dependencies in plain view: `@anthropic-ai/sdk`, `@google/genai`, `@modelcontextprotocol/sdk`, and `@playwright/mcp`.