{"slug": "show-hn-tilion-mcp-for-claude-code-to-stop-it-getting-blocked-on-the-web", "title": "Show HN: Tilion – MCP for Claude Code to stop it getting blocked on the web", "summary": "Tilion released an open-source MCP server that gives AI agents like Claude Code a stealth Chromium engine to bypass web blocking systems such as Cloudflare, DataDome, and PerimeterX. The tool runs locally on the user's machine and IP, allowing agents to retrieve blocked pages by driving a real browser. It is available now for Linux, Windows, and macOS via Docker.", "body_md": "Beta· 29 tools · runslocal & free·hosted cloud coming soon📖\n\n— every tool, the block-handling decision model, workflow recipes, and config.[Full usage guide → mcp/USAGE.md]\n\nAn [MCP](https://modelcontextprotocol.io) server that gives any AI agent the **Fortress\nstealth engine** the moment it gets blocked. When a fetch hits Cloudflare, DataDome,\nPerimeterX, a 403, or a CAPTCHA, the agent calls these tools and gets the page — driving a\nreal, recompiled Chromium on your own machine and IP.\n\n*Real, dated run against stockx.com (PerimeterX). A stock browser gets HTTP 403 — “Access denied”; an agent with the Fortress MCP returns clean JSON. Reproduce with the demo scripts in the framework repo.*\n\n```\npip install \"tilion[mcp]\"        # pulls the Fortress engine (tilion-fortress) automatically\ntilion-mcp                       # or:  python -m tilion.mcp   (stdio transport)\n```\n\nThe MCP server is a thin, open wrapper (BSD-3) over the `tilion`\n\nframework, which drives the\nFortress engine. On Linux and Windows the stealth Chromium downloads on first run and is cached\nlocally. On macOS the engine runs as a Docker image instead. Read the macOS section below before\nyou start.\n\nThere is no native macOS engine binary yet, so on a Mac the Fortress engine runs as the official\nDocker image (`tilion/fortress:149`\n\n). `tilion-mcp`\n\nitself runs natively in Python. Only the\nbrowser engine is containerised, and the server starts and stops that container for you. All you\nsupply is a running Docker daemon.\n\n- Install the MCP and engine wrapper:\n\n```\npip install \"tilion[mcp]\"\n```\n\n- Give it a Docker daemon. Colima is lighter than Docker Desktop and needs no license or GUI:\nGive the VM at least 4 CPUs and 4 GB of RAM, since it runs a real Chromium.\n\n```\nbrew install colima docker\n# Apple Silicon: vz + Rosetta runs the amd64 engine image fast.\ncolima start --cpu 4 --memory 6 --disk 30 --vm-type=vz --vz-rosetta\n# Intel Macs: plain `colima start` works. Docker Desktop is also fine if you already run it.\n```\n\n- Register the server with your client. For Claude Code:\n\n```\nclaude mcp add fortress -- tilion-mcp\n```\n\n- The first tool call pulls the image once (about 300 MB), then the container stays warm and\ncalls are fast. Call\n`get_egress_info`\n\nto confirm the engine is alive; it returns the public IP the target sees.\n\n| Pitfall | What happens, and the fix |\n|---|---|\nSetting `FORTRESS_CHANNEL=latest` |\nThat channel points at `tilion/fortress:151` , which is not published to Docker Hub, so the pull 404s and the engine never starts. Stay on the default `stable` channel, `tilion/fortress:149` . Native Linux and Windows are unaffected, since they fetch the GitHub release rather than the image. |\n| A leftover Docker Desktop credential helper | `docker pull` fails with `docker-credential-desktop … executable file not found` . Open `~/.docker/config.json` and delete the `\"credsStore\": \"desktop\"` line. |\n| Worrying about the platform warning | `The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8)` is expected on Apple Silicon and harmless. The amd64 engine runs under Rosetta, a little slower than native Linux. |\nRunning two `tilion-mcp` servers at once |\nEach launches a Fortress container on host port `9222` , so the second fails with `docker … exit status 125` (port already allocated). Run one server per machine. |\n| Assuming Colima survives a reboot | If tool calls fail with a Docker error after a reboot, run `colima start` . To start it at login, run `brew services start colima` . |\nSetting `TILION_MCP_HEADLESS=0` for a visible window |\nThis has no effect on macOS. The containerised engine is headless only. A visible window needs the native Linux or Windows binary. |\n\nYour Mac's home or office IP is residential, which suits most sites. For the hardest targets, or\nwhen running from a datacenter, route the engine through a residential proxy. Set\n`TILION_PROXY=http://user:pass@host:port`\n\n(and optionally `TILION_REGION=us`\n\n) before starting the\nserver, then confirm with `get_egress_info`\n\n.\n\n**Claude Desktop / Cursor** — add to the MCP config:\n\n```\n{ \"mcpServers\": { \"fortress\": { \"command\": \"tilion-mcp\" } } }\n```\n\n**Cline / Windsurf** (VS Code settings → MCP servers):\n\n```\n{ \"fortress\": { \"command\": \"tilion-mcp\" } }\n```\n\nIf `tilion-mcp`\n\nisn't on PATH, use `\"command\": \"python\", \"args\": [\"-m\", \"tilion.mcp\"]`\n\n.\n\n*Full per-tool detail + workflows in USAGE.md.*\n\n| Tool | What the agent uses it for |\n|---|---|\n`fetch_protected_page` |\nget a page behind Cloudflare / DataDome / 403 / CAPTCHA |\n`read_page` |\nclean reader-mode markdown of any page (+ tables) |\n`extract_page` |\nmarkdown + tables + metadata (or a schema-shaped record) |\n`extract_document` |\nextract a PDF/DOCX/XLSX/CSV/HTML file (path or URL) → markdown |\n`page_elements` |\nthe page's buttons / links / fields / headings |\n`click_button` · `fill_field` · `press_key` |\ndrive a form by visible text / selector / key |\n`current_page` · `get_page_html` · `evaluate_js` · `wait_for` |\ninspect / script / wait on the working page |\n`crawl_site` |\ncrawl a whole site (auto-handles SPA/JS) → pages + sitemap |\n`recon_site_apis` |\nreverse-engineer a site's private XHR/JSON API (secret-scrubbed) |\n`detect_waf` |\nidentify the anti-bot vendor (Cloudflare/DataDome/PerimeterX/Akamai/Kasada) + strategy |\n`run_browser_task` · `list_browser_tasks` |\n20 multi-step flows: login, paginate, infinite-scroll, checkout… |\n`search_web` |\nweb search through the stealth browser (no SERP API) |\n`screenshot_page` · `save_page` · `download_file` |\ncapture PNG / export pdf·html·text / download a file |\n`get_cookies` · `save_profile` · `load_profile` |\nread cookies · persist/restore an authenticated session |\n`list_tabs` · `close_tab` |\nmanage open tabs |\n`get_stealth_cdp_endpoint` |\na CDP url to point your OWN browser-use / Playwright / Puppeteer at |\n`solve_captcha` |\ndetect + solve a reCAPTCHA/hCaptcha/Turnstile (needs `CAPTCHA_API_KEY` ) |\n`get_egress_info` |\nreport proxy/region + the real public IP the target sees (verify residential egress) |\n\nTools are **annotated** (`readOnlyHint`\n\n/ `destructiveHint`\n\n) so clients auto-approve reads\nand gate writes. Every tool is **timeout- and SSRF-guarded**, caps its output, and returns a\nstructured error instead of hanging. The browser is **pre-warmed at startup**, so the first\ncall is ~100 ms.\n\nReal head-to-head — an agent with only its built-in web fetch vs. the same task through the Fortress MCP:\n\n| Task | Built-in web fetch | Fortress MCP |\n|---|---|---|\n| Reddit r/programming titles | ✗ 0 items | ✓ 26 titles |\n| JS-rendered page (quotes) | ✗ 0 quotes | ✓ 10 quotes |\n| Wikipedia article | ✗ 403 to bots | ✓ 52 k markdown |\n| Hacker News top stories | ✓ 30 · 24 s | ✓ 30 · 2 s (~12× faster) |\n\nFingerprint suites: **Sannysoft all-green · CreepJS 0% headless · BrowserScan “Normal.”**\n\n| Env var | Default | Effect |\n|---|---|---|\n`TILION_MCP_PREWARM` |\n`1` |\nboot the browser at startup; `0` = lazy |\n`TILION_MCP_HEADLESS` |\n`1` |\n`0` to show a visible window |\n`TILION_ALLOW_PRIVATE_EGRESS` |\n`0` |\n`1` to allow localhost / private IPs (SSRF guard off) |\n`TILION_MCP_TOOL_TIMEOUT` |\n`120` |\nper-tool wall-clock cap (seconds) |\n`TILION_BASE_URL` / `TILION_API_KEY` |\n— | hosted mode (coming soon) |\n`TILION_PROXY` |\n— | egress proxy `http://user:pass@host:port` (residential/mobile) |\n`TILION_REGION` |\n— | egress region hint (e.g. `us` ) — aligns timezone/locale to the IP |\n`CAPTCHA_API_KEY` |\n— | solver key; `fetch` then auto-solves + `solve_captcha` works |\n`CAPTCHA_PROVIDER` |\n`2captcha` |\n`2captcha` | `anticaptcha` | `capsolver` |\n\n`tilion-mcp`\n\n→ the `tilion`\n\nframework (local mode) → attaches over CDP to the Fortress\nengine. Stealth is applied **natively in the C++ engine**, so there's no detectable JS\ninjection. One warm browser backs every tool for the server's lifetime.\n\nRegistry manifests: [ server.json](/tiliondev/fortress/blob/main/mcp/server.json) (MCP registry) ·\n\n[(Smithery). Agent skill:](/tiliondev/fortress/blob/main/mcp/smithery.yaml)\n\n`smithery.yaml`\n\n[.](/tiliondev/fortress/blob/main/mcp/skill/SKILL.md)\n\n`skill/SKILL.md`\n\nBSD-3-Clause (the MCP server and framework funnel). The engine binary ships via\n`tilion-fortress`\n\n. Hosted cloud with residential egress is coming soon.", "url": "https://wpnews.pro/news/show-hn-tilion-mcp-for-claude-code-to-stop-it-getting-blocked-on-the-web", "canonical_source": "https://github.com/tiliondev/fortress/tree/main/mcp", "published_at": "2026-07-09 00:24:45+00:00", "updated_at": "2026-07-09 00:42:11.501276+00:00", "lang": "en", "topics": ["developer-tools", "ai-tools", "ai-agents"], "entities": ["Tilion", "Claude Code", "Cloudflare", "DataDome", "PerimeterX", "Docker", "Colima"], "alternates": {"html": "https://wpnews.pro/news/show-hn-tilion-mcp-for-claude-code-to-stop-it-getting-blocked-on-the-web", "markdown": "https://wpnews.pro/news/show-hn-tilion-mcp-for-claude-code-to-stop-it-getting-blocked-on-the-web.md", "text": "https://wpnews.pro/news/show-hn-tilion-mcp-for-claude-code-to-stop-it-getting-blocked-on-the-web.txt", "jsonld": "https://wpnews.pro/news/show-hn-tilion-mcp-for-claude-code-to-stop-it-getting-blocked-on-the-web.jsonld"}}