Migrating from raw WebMCP
How to add Agentronics to a site that already publishes WebMCP tools via navigator.modelContext.
Migrating from raw WebMCP
If your site already calls navigator.modelContext.registerTool(...) directly, Agentronics is meant to wrap that surface — not replace it. You keep your existing tool implementations and gain detection, auth, authorization, site memory, and observability around them.
This guide assumes you've read Getting Started. It covers the three patterns you'll hit when porting an existing WebMCP site.
What changes, what doesn't
| Stays the same | Now goes through Agentronics |
|---|---|
Your inputSchema, description, annotations | The execute callback runs after policy evaluation |
client.requestUserInteraction() calls inside execute | Detection, auth normalization, trace export |
The shape of your tool results (content, isError) | Tool surfacing (which tools are exposed, when) |
| WebMCP-native agents continue to work unchanged | DOM and screenshot agents are now governed too |
Pattern 1 — direct registerTool replacement
Before:
navigator.modelContext.registerTool({
name: 'cart.add',
description: 'Add a product to the cart.',
inputSchema: { type: 'object', properties: { productId: { type: 'string' } } },
async execute({ productId }) {
addToCart(productId)
return { content: [{ type: 'text', text: 'ok' }] }
},
})After:
import { Agentronics } from '@agentronics/sdk'
const client = Agentronics.init({
publishableKey: 'agtx_pk_live_…',
siteId: 'shop-acme-com',
})
client.registerTool({
name: 'cart.add',
description: 'Add a product to the cart.',
inputSchema: { type: 'object', properties: { productId: { type: 'string' } } },
authz: { policy: 'cart.write', minTrust: 'verified' },
async execute({ productId }, _wmcpClient, context) {
// context.agent / context.auth / context.trace are injected by the SDK
addToCart(productId)
return { content: [{ type: 'text', text: 'ok' }] }
},
})
client.publishToWebMcp() // mirrors surfaced tools to navigator.modelContextpublishToWebMcp is idempotent and re-runs every time the surfaced set changes (trust level, progression stage, etc.). You don't need to call it on every render — the React adapter handles it for you.
Pattern 2 — keep the registry, add governance only
If you have a complicated registration setup you'd rather not rewrite, wrap each execute in client.evaluate(...):
navigator.modelContext.registerTool({
name: 'cart.add',
description: '…',
inputSchema: { … },
async execute(input) {
const decision = await client.evaluate('cart.add')
if (!decision.allow) {
return { content: [{ type: 'text', text: decision.reason ?? 'denied' }], isError: true }
}
addToCart(input.productId)
client.notifyToolInvoked('cart.add') // counts toward progression + traces
return { content: [{ type: 'text', text: 'ok' }] }
},
})This loses tool surfacing and the deny overlay but gives you policy enforcement and traces with one extra call per tool.
Pattern 3 — DOM-agent governance only
Sites that don't publish WebMCP tools at all but are visited by Claude Chrome / Operator / Comet only need the DOM enforcer:
const client = Agentronics.init({ publishableKey: 'agtx_pk_live_…', siteId: 'shop' })
client.setPolicies([
{ tool: 'cart.add', selector: 'button.add-to-cart', minTrust: 'verified' },
{ tool: 'checkout', selector: 'button.checkout', minTrust: 'linked' },
])
client.installDomEnforcer()
client.installMemoryDelivery({ metaTags: true })Now any DOM agent that clicks a matching selector is evaluated against the policy and either allowed through, denied with the overlay, or rate-limited.
Site memory parity
The raw WebMCP path gives agents nothing — they have to screenshot or read your DOM to learn your structure. Agentronics ships the /.well-known/agent-context.json endpoint plus a synthetic getSiteContext tool you can register in one line:
import { createWebMcpContextTool } from '@agentronics/sdk'
client.registerTool(createWebMcpContextTool({ store: client.siteMemory }))DOM and screenshot agents pick up the same context via <meta name="agentronics:site-memory"> tags installed by installMemoryDelivery({ metaTags: true }).
What to remove
Once you've migrated, the following can be deleted:
- Direct
navigator.modelContext.registerToolcalls —publishToWebMcpowns that surface. - Hand-rolled detection (UA sniffing, extension probes) — the detector library is updated server-side.
- Per-tool error returns for unauthorized agents — the policy engine handles that uniformly.
Anything you previously logged about agent activity is now in the trace stream — see Observability.