Skip to main content

Comet Browser (Comet-Bridge)

Comet-Bridge connects Equabot agents to Perplexity Comet for persistent browser automation. Unlike the equabot-managed browser, which runs ephemeral sessions, Comet-Bridge maintains a long-lived browser with authenticated sessions, tab group isolation, and multi-agent safety controls. Use Comet-Bridge when your agent needs:
  • Persistent login sessions (QBO, Mercury, Google, GitHub, etc.)
  • Multi-step workflows across page navigations
  • AI-powered web research via Perplexity search/research modes
  • Multi-agent tab isolation in shared browser sessions
  • Audit trails for browser actions

When to use which browser

Use equabot-managed browser whenUse Comet-Bridge when
Quick localhost checks and UI snapshotsPersistent authenticated sessions
One-off page validationMulti-step automation and playbooks
Ephemeral, no login requiredNeed browser profile across many commands
Minimal setupMulti-agent tab isolation needed
Both can coexist. The routing rule is: prefer the equabot-managed browser for fast, ephemeral checks; use Comet-Bridge for persistent sessions and multi-step workflows.

Prerequisites

RequirementHow to verify
Node.js 18+node --version
Comet browserDownload from perplexity.ai/comet
Comet-Bridge repoClone the repo; set COMET_BRIDGE_ROOT if not in the workspace
npm installRun npm install in the Comet-Bridge root

Quick start

# Start a Comet CDP session
comet session start

# Browse a page and capture content
comet browse https://example.com --content

# AI-powered search via Perplexity
comet search "latest AI frameworks 2026" --format json

# Take a screenshot
comet screenshot --full

# Run a multi-step workflow
comet auto --steps workflow.json

Architecture

Agent (Cursor/CLI)

  ├── comet-mcp (MCP server) ──┐
  │                             ├── CDP ── Comet Browser (port 9222)
  └── comet CLI (cursor-comet.mjs) ──┘         │
                                          Tab Groups Extension
                                          (chrome.tabGroups API)
  • comet-mcp: MCP server that exposes 16 tools — 9 browsing (comet_connect, comet_ask, comet_poll, comet_stop, comet_screenshot, comet_mode, comet_shortcut, comet_read_page, comet_wait_for_idle), 1 tab management (comet_tab_groups), 4 lifecycle (comet_lifecycle_start, comet_lifecycle_complete, comet_lifecycle_abort, comet_lifecycle_update), and 2 task management (comet_task_status, comet_delegate).
  • comet CLI: Node wrapper (comet <command>) that routes to core scripts with startup gating and lifecycle metadata.
  • Tab Groups Extension: Chrome MV3 extension loaded in Comet that enables programmatic tab group management.

MCP-to-CLI fallback

When comet-mcp is unavailable (not built, not registered, or the MCP transport fails), agents safely degrade to the comet CLI wrapper. Both paths enforce identical safety controls: identity requirements, tab ownership, startup gating, and audit masking. The route field in lifecycle metadata indicates which path was used (mcp or cli), and fallbackUsed: true flags runs that degraded from MCP. Tab-group and multi-agent operations that require the extension bridge are hard-blocked in both channels when the extension is missing — fallback does not bypass safety gates.

MCP server setup (comet-mcp)

Published package — add to your Cursor MCP configuration (~/.cursor/mcp.json) or ~/.claude.json: 
{
  "mcpServers": {
    "comet-bridge": {
      "command": "npx",
      "args": ["-y", "comet-mcp"]
    }
  }
}
Local development — point to your local checkout with environment variables for the Comet binary and Command Center lifecycle endpoint: 
{
  "mcpServers": {
    "comet-bridge": {
      "command": "node",
      "args": ["/path/to/Comet-Bridge/comet-mcp/dist/index.js"],
      "env": {
        "COMET_PATH": "/Applications/Comet.app/Contents/MacOS/Comet",
        "COMET_CC_LIFECYCLE_URL": "http://localhost:3001/command-center/api/comet/lifecycle"
      }
    }
  }
}
VariablePurposeDefault
COMET_PATHAbsolute path to the Comet browser binaryAuto-detected from standard install locations
COMET_CC_LIFECYCLE_URLCommand Center lifecycle API endpoint for run trackinghttp://localhost:3001/command-center/api/comet/lifecycle

MCP tools

ToolDescription
comet_connectConnect to Comet browser (auto-starts CDP if needed)
comet_askSend a task to Perplexity AI and wait for response
comet_pollCheck progress on long-running tasks
comet_stopStop current Perplexity task
comet_screenshotCapture current page
comet_modeSwitch Perplexity modes: search, research, labs, learn
comet_shortcutTrigger a Comet Query Shortcut (reusable AI prompts with pre-configured modes)
comet_read_pageExtract page content as accessibility tree and/or clean text
comet_wait_for_idleWait for network activity to settle before proceeding
comet_tab_groupsManage Chrome tab groups (requires extension). Actions: list, list_tabs, create, update, move, ungroup, delete, save_group, restore_group, archive_group, list_archived
comet_lifecycle_startRegister a new lifecycle run in Command Center
comet_lifecycle_completeMark a run as completed
comet_lifecycle_abortAbort a run with optional reason
comet_lifecycle_updateUpdate metadata on a running run (auditSessionId, tabGroupId, workflowId)
comet_task_statusCheck task thread status from the orchestration layer
comet_delegateDelegate a task to a sub-agent with lifecycle tracking

CLI reference

The comet CLI is the unified wrapper for all Comet-Bridge commands. 
comet <command> [args...]

Commands

CommandPurpose
sessionStart, stop, check status of Comet CDP sessions
browseNavigate to URL, capture content/links/title
searchPerplexity AI search (text, JSON, or markdown output)
scrapeStructured data extraction (tables, JSON-LD, CSS selectors)
interactClick, fill, scroll, evaluate on pages
screenshotFull page, viewport, selector, or clip screenshots
pdfGenerate PDF from current page
networkHAR capture, request interception, URL blocking, response mocking
monitorPage change detection with diffs and notifications
keepalivePrevent session timeouts for authenticated sites
autoMulti-step workflow execution from JSON step files
perf-auditRoute regression testing and performance metrics extraction (Spec 050)
bootstrapRun readiness checks (app, CDP, MCP, extension, config)
readinessGenerate readiness report (machine-readable + human-readable)

Lifecycle flags

Browser commands (browse, auto, interact, etc.) accept lifecycle flags for run tracking:
FlagPurposeDefault
--route <mcp|cli|http>Execution channel identifiercli
--run-id <uuid>Unique run identifierAuto-generated UUID
--agent-id <id>Agent identity for ownershipCOMET_AGENT_ID env
--task-thread <id>Task-thread scopeCOMET_TASK_GROUP env
These flags propagate into the lifecycle envelope and audit artifacts.

Session management

comet session start          # Start Comet with CDP on default port
comet session start --port 9333  # Custom port
comet session status         # Check if running
comet session connect        # Verify CDP connectivity
comet session kill           # Stop the session

Configuration

Comet-Bridge uses scripts/comet-config.mjs for configuration, validated at load time.

Environment overrides

VariablePurposeDefault
COMET_BRIDGE_ROOTComet-Bridge repo root directoryParent of scripts/
COMET_EXECUTABLE_PATHComet browser binary path/Applications/Comet.app/Contents/MacOS/Comet
COMET_CDP_PORTCDP debug port9222
COMET_CDP_HOSTCDP host127.0.0.1
COMET_OUTPUT_BASEOutput root for screenshots, PDFs, etc.~/.claude/comet-browser/output
COMET_AGENT_IDAgent identity for tab ownership(unset)
COMET_TASK_GROUPTask group / task-thread scope(unset)
COMET_ISOLATE_GROUPSOverride isolateGroups config (config default is true)(unset; config default applies)
COMET_RUN_IDRun identifier for lifecycle tracking(auto-generated UUID)
COMET_RUN_ROUTEExecution channel (mcp, cli, http)cli
COMET_MCP_FALLBACKSet by agent when MCP-to-CLI fallback occurs(unset)
COMET_RUN_STATUSAuto-propagated to child scripts by lifecycle engine(auto; not user-set)
COMET_AUDIT_SESSION_IDAuto-propagated audit session link for child scripts(auto; not user-set)
COMET_CC_LIFECYCLE_URLCommand Center lifecycle endpoint URLhttp://localhost:3001/command-center/api/comet/lifecycle

Output directories

All output follows a standard contract under COMET_OUTPUT_BASE: 
~/.claude/comet-browser/output/
  ├── screenshots/
  ├── pdfs/
  ├── scraped/
  ├── har/
  ├── audit/
  ├── assistant/
  ├── research/
  └── labs/

Multi-agent safety

When multiple agents share the same Comet browser, Comet-Bridge enforces tab ownership and isolation to prevent cross-agent interference.

Tab ownership

Each tab is marked with an agent identity via a document title prefix: [comet-agent:<id>]. Agents can only perform sensitive actions (click, fill, navigate) on tabs they own.

Identity

Multi-agent mode requires identity via CLI flags or environment: 
# Via CLI flags
comet auto --steps workflow.json --agent-id my-agent-1

# Via environment
COMET_AGENT_ID=my-agent-1 comet auto --steps workflow.json

# Task-thread scope
COMET_TASK_GROUP=svf-1099-filing comet auto --steps workflow.json

Tab group isolation

When isolateGroups is enabled (default), each agent/task gets its own Chrome tab group. The Comet Tab Groups Bridge extension is required for this feature.

Enforcement layers

Ownership is enforced at three tiers, each catching violations at a different level:
TierGuardWhat it does
1 — Entry gaterequireIdentityForMultiAgent()Blocks multi-agent runs that lack agentId or taskThreadId before any browser work starts.
2 — Page proxycreateGuardedPage(page, identity)Wraps a Playwright Page in a Proxy that intercepts every method call. Sensitive methods are routed through ownership checks automatically.
3 — Action guardguardSensitiveAction(page, identity, action, fn)Per-action ownership verification. Checks the page title for the correct [comet-agent:<id>] prefix before executing the action.
In single-agent mode (no agentId/taskThreadId set), all three tiers are effectively no-ops and impose no overhead.

Sensitive actions

The following 17 Playwright Page methods are classified as sensitive and require ownership verification in multi-agent mode: goto, click, dblclick, fill, type, press, selectOption, setInputFiles, check, uncheck, hover, dragAndDrop, evaluate, setContent, reload, goBack, goForward Non-sensitive methods (e.g. title(), url(), screenshot(), content()) pass through without ownership checks.

Ownership errors

When an agent attempts a sensitive action on a tab it does not own, Comet-Bridge throws an OwnershipError:
PropertyValue
nameOwnershipError
codeOWNERSHIP_VIOLATION
agentIdThe agent that attempted the action
taskThreadIdThe task thread scope of the caller
pageUrlThe URL of the tab (sanitizeUrl strips query params and hash fragments; invalid URLs preserved as-is)
actionThe Playwright method that was blocked (e.g. click)
Consumers can catch this error by checking err.code === 'OWNERSHIP_VIOLATION' or err instanceof OwnershipError.

Startup gating

The comet CLI enforces safety checks before running commands. These gates prevent unsafe multi-agent operations.

Policy summary

ScenarioBehavior
Single-agent, any commandAlways allowed
Diagnostic commands (bootstrap, readiness, session)Always allowed
Multi-agent, no identity setBlocked with remediation instructions
Multi-agent, CDP not runningBlocked with start instructions
Multi-agent + tab isolation, extension not loadedBlocked with extension setup instructions
Multi-agent, no tab isolationWarning issued, proceeds with title-prefix ownership

Bypass

Pass --skip-gate to bypass gating (not recommended for production): 
comet auto --skip-gate --multi-agent --steps workflow.json

Opt out of tab isolation

Pass --no-isolate-groups to use title-prefix-only ownership (no extension required): 
COMET_AGENT_ID=agent-1 comet auto --no-isolate-groups --steps workflow.json

Run lifecycle

Every browser run tracked by Comet-Bridge follows a lifecycle state machine. Both MCP and CLI paths emit identical lifecycle metadata using the shared lifecycle-metadata.mjs module.

States

StateTerminalDescription
pendingNoRun created but not yet started (e.g. queued or deferred)
runningNoRun started; browser session active
completedYesRun finished successfully
abortedYesRun intentionally stopped (user cancel, timeout)
failedYesRun ended with error (script failure, CDP disconnect)

Transitions

FromAllowed transitions
pendingrunning (start), aborted (cancel), failed (error before start)
runningcompleted (success), aborted (cancel), failed (error)
completedNone (terminal)
abortedNone (terminal)
failedNone (terminal)
Terminal states (completed, aborted, failed) allow no further transitions. Attempting an invalid transition throws a deterministic error.

Lifecycle envelope fields

Each run produces a lifecycle envelope with these fields:
FieldTypeRequiredDescription
taskThreadIdstringYesTask-thread identifier from the orchestration layer
runIdstringYesUnique run identifier (auto-generated UUID if omitted)
statusenumYesCurrent lifecycle state
startedAtISO 8601YesWhen the run was created
routemcp | cli | httpNoExecution channel (--route flag or COMET_RUN_ROUTE env)
fallbackUsedbooleanNotrue when MCP-to-CLI fallback occurred (default false)
agentIdstringMulti-agentAgent identity (--agent-id or COMET_AGENT_ID)
tabGroupIdstringNoChrome tab group ID when tab isolation is active
auditSessionIdstringNoLinks run to a browser-audit session artifact
workflowIdstringNoWorkflow or playbook identifier
completedAtISO 8601NoSet automatically on terminal transitions
failureReasonstringNoHuman-readable reason on aborted or failed
metadataRecord<string, unknown>NoArbitrary key-value data attached via update operation

MCP/CLI parity

Both execution paths produce identical 13-field envelopes:
  • MCP path: comet-mcp tools use lifecycle-mcp-adapter.mjs which calls createLifecycleEnvelope({ route: 'mcp' }).
  • CLI path: cursor-comet.mjs calls createLifecycleEnvelope({ route: 'cli' }) for browser commands.
The shared lifecycle-metadata.mjs module ensures field names, types, and transition rules are the same regardless of invocation channel. When MCP is unavailable and the agent falls back to CLI, the envelope carries route: 'cli' and fallbackUsed: true.

Audit artifacts

Lifecycle events are persisted as JSON files under {COMET_OUTPUT_BASE}/audit/: 
audit/
  ├── lifecycle-start-{runId}-{timestamp}.json
  ├── lifecycle-update-{runId}-{timestamp}.json
  ├── lifecycle-complete-{runId}-{timestamp}.json
  └── lifecycle-fail-{runId}-{timestamp}.json
Each file contains the full lifecycle envelope plus the event type and timestamp. Audit sessions (browser-audit.mjs) also write lifecycle events to lifecycle.jsonl within the session directory.

Bootstrap and readiness

Run readiness checks to verify all dependencies before using Comet-Bridge: 
comet bootstrap          # Human-readable output
comet bootstrap --json   # Machine-readable JSON
Checks performed:
  1. Comet app binary exists and is executable
  2. CDP connection is reachable
  3. comet-mcp server is built
  4. Tab Groups Bridge extension is loaded
  5. Configuration is valid
  6. Output directories are writable

Exit codes

CodeMeaning
0All checks pass
1One or more critical checks failed
2Warnings only (degraded mode viable)

Readiness tiers

The comet readiness command assesses readiness at two tiers:
TierRequired checksWhen to use
PilotComet app, CDP, config validity, output dirsSingle-agent or early multi-agent adoption. MCP and extension may show warnings.
BroadAll 6 checks pass (app, CDP, MCP build, extension bridge, config, output)Full multi-agent deployment with tab-group isolation and MCP tools.
comet readiness --json   # Includes "readiness.tier": "Pilot" or "Broad"
The tier assessment uses assessReadinessTier() internally: Pilot requires core + CDP + config + output; Broad additionally requires MCP build and extension bridge.

Telemetry

The readiness report includes an operational telemetry section aggregating recent run events: route usage distribution, fallback frequency, ownership check results, and completion success rate. 
comet readiness                  # Includes telemetry by default
comet readiness --no-telemetry   # Skip telemetry aggregation
comet readiness --telemetry-days 7  # Adjust lookback window (default: 30)

Tab Groups Bridge extension

The extension enables programmatic tab group management via the Chrome tabGroups API (not available through CDP alone).

Setup

  1. Open comet://extensions in Comet browser
  2. Enable “Developer mode” (top-right toggle)
  3. Click “Load unpacked” and select the comet-mcp/extension/ directory in the Comet-Bridge repo
  4. Verify the “Comet Tab Groups Bridge” extension appears with an active service worker

Tab group operations

Available via comet_tab_groups MCP tool or programmatically:
ActionDescription
listList all tab groups
list_tabsList tabs in a specific group
createCreate a new tab group
updateRename, recolor, or collapse a group
moveMove tabs between groups
ungroupRemove tabs from a group
deleteClose all tabs in a group
save_groupPersist tab group state to the ETT archive (keyed by taskThreadId)
restore_groupRestore an archived tab group and reopen its tabs
archive_groupCollapse and archive a tab group for later restoration
Group colors: grey, blue, red, yellow, green, pink, purple, cyan, orange.

Cookbook

Authenticated session keepalive

# Keep a QBO session alive for 60 minutes, refreshing every 5 minutes
comet keepalive --url "https://qbo.intuit.com" --interval 300 --duration 60

Structured data extraction

# Extract tables from a page
comet scrape "https://example.com/data" --table -o data.json

# Extract content by CSS selector
comet scrape "https://example.com" -s "main article" --output content.json

Multi-step workflow

# Run a JSON step file
comet auto --steps workflow.json --agent-id agent-1

Lifecycle-tracked workflow

# Run with explicit route and run-id (e.g. from MCP fallback path)
comet auto --steps workflow.json --route cli --run-id abc-123 --agent-id bot-1
Lifecycle flags attach run metadata to the output JSON and audit artifacts. See Run lifecycle for details.

Multi-viewport visual QA

# Capture screenshots in 4 viewports (desktop, laptop, tablet, mobile)
comet screenshot "https://localhost:3000" --multi --full

Perplexity research workflow

Use the MCP tools to run a deep research query and extract results:
  1. comet_connect — attach to browser
  2. comet_mode with mode research — switch to research mode
  3. comet_ask with your research query — send the prompt
  4. comet_read_page — extract the full response

Network capture

# Record HAR for all requests
comet network "https://example.com" --har --output traffic.har

Relationship to equabot browser

Comet-Bridge and the equabot-managed browser are complementary:
  • The equabot browser is built into the Gateway, uses Playwright, and is controlled via the browser agent tool. It launches isolated Chromium profiles for each run.
  • Comet-Bridge is an external connection to the Perplexity Comet browser. It maintains persistent sessions with authenticated sites and provides AI-powered search via Perplexity.
They share no state, use different CDP ports (equabot: 18800+, Comet: 9222), and can run simultaneously.

Troubleshooting

CDP not reachable

# Check if Comet is running with CDP
comet session status

# Start Comet with CDP
comet session start

# Verify CDP manually
curl http://127.0.0.1:9222/json/version

Extension not detected

# Run bootstrap to check extension status
comet bootstrap

# If extension-bridge shows WARN, reload the extension in comet://extensions

Multi-agent command blocked

If you see [comet-gating] BLOCKED, check the error message for the specific issue:
  • Missing identity: set COMET_AGENT_ID or COMET_TASK_GROUP
  • CDP unreachable: start Comet with comet session start
  • Extension missing: load the Tab Groups Bridge extension

Security

  • Comet-Bridge controls a real browser with real sessions. Treat CDP access as sensitive.
  • Keep CDP bound to loopback (127.0.0.1). Never expose port 9222 to the network.
  • Tab ownership prevents cross-agent interference but is not a security boundary; it is a safety mechanism for shared sessions.

Audit masking

Sensitive fields in audit logs and lifecycle events are masked automatically before persistence. Masking operates in four layers:
LayerWhat it matchesExamples
Field-name patterns21 regex patterns matched against JSON field namespassword, secret, token, apiKey, authorization, bearer, set-cookie, sessionCookie, jwt, privateKey, signingKey, otp, totp, mfaCode
CDP URL patterns4 patterns for CDP/WebSocket URLs where session tokens may appear in the pathcdpUrl, wsEndpoint, debuggerUrl, websocketUrl — path and query are redacted, host:port preserved
Value heuristicsContent-based detection for secrets that appear in unexpected fieldsJWT tokens (eyJ...), Bearer prefixes, hex strings 40+ chars, base64 blobs 40+ chars
Argv secret filtering8 CLI flag-name patterns in startRun() argv arrays--password, --token, --secret, --key, --credential, --auth, --api-key, --private-key — following value replaced with [REDACTED]
Partial masking applies to account/routing/bank numbers (last 4 digits shown). Masking covers audit action logs, lifecycle event payloads, and metadata envelopes. Step data and results in verbose output are masked via maskSensitiveData(). Conversation logs apply the same masking before persistence. OwnershipError sanitizes pageUrl by stripping query parameters and hash fragments before storing, preventing accidental credential exposure in error messages.