Skip to main content
Char is an embedded agent platform with a unique capability: tools registered in one application are available to agents across all your applications—scoped to the authenticated user.

Architecture Overview

Core Components

The Widget

<webmcp-agent> is a custom element that renders the chat UI inside your app:
  • Runs in Shadow DOM for style isolation
  • Sends the user’s JWT to Char for authentication
  • Connects to the user’s Tool Hub

Tool Hub

The Tool Hub is a Cloudflare Durable Object scoped to each user. It:
  • Aggregates tools from all browser tabs with Char embedded
  • Enforces policy on every tool invocation
  • Exposes an MCP server for external clients (Claude Desktop, VS Code)
When you open multiple applications with Char, each registers its tools with your personal Tool Hub. The agent in any tab can invoke tools from any other tab.

Tool Hub Deep Dive

Learn how the unified registry works

Session Inheritance

The agent inherits your existing authenticated session. When a tool makes an API call, it uses your cookies and permissions—no new OAuth flows required.

Session Inheritance

Why no new authentication is needed

Identity + Allowed Domains

Char maps requests to your organization using the page origin and your Allowed Domains list. Once the org is resolved, Char validates the JWT against the configured identity provider (issuer + JWKS).

Organization Skills

SKILL.md files guide agent behavior with domain-specific knowledge. Skills are loaded into the system prompt and expanded on demand.

Cross-Application Workflows

With the Tool Hub, agents can orchestrate workflows across applications: This is cross-site RPC—previously impossible without building custom integrations between each application.

Cross-App Tools

How tools work across applications

Deployment Tiers

Char offers progressive adoption:
TierDescriptionCapabilities
Tier 0Page-scopedWidget + page tools only
Tier 1User-scoped Tool HubCross-app tools, persistent threads, MCP access
Tier 2Enterprise governancePolicy controls, approval workflows, audit trails
Start simple and add capabilities as your needs grow.

Deployment Tiers

Progressive adoption path

Security Model

Char’s security is architectural, not behavioral:
  • Context isolation — Agent only sees explicitly provided data
  • Policy enforcement — All tool calls pass through the Hub
  • Tool classification — read/write/exfil with different approval requirements
  • Session scoping — Agent has exactly the user’s permissions

Context Isolation

Security model and prompt injection defense

The Development Loop

Chrome DevTools MCP creates a powerful feedback loop: the same AI that writes your WebMCP tools can also test them. The embedded agent uses the exact same tools that Claude tests during development.

AI-Tested Tools

Why this matters for tool quality

Further Reading

Quickstart

Get started in 5 minutes

Identity Providers

Configure SSO authentication

WebMCP Tools

Register tools in your application

Widget Attributes

Full configuration reference