WebMCP Runs In Chrome. My 400 Daily Tool Calls Don't. Google's WebMCP protocol, announced at Google I/O 2026, is a browser-scoped tool protocol for agents operating inside a Chrome tab, not a replacement for existing MCP servers. A developer running three production MCP servers handling over 400 daily tool calls explains that WebMCP is unsuitable for headless, cron-driven automation tasks, and provides a decision framework based on whether a human is present at runtime. Google I/O 2026 shipped WebMCP and half the AI Twitter timeline is calling it "the new MCP standard." It isn't. It's a browser-scoped protocol that solves a completely different problem than the MCP servers currently running on your VPS at 3 AM. Here's the boundary Google buried in the docs, and how to decide which side of it your agent belongs on. WebMCP is a browser-scoped tool protocol. It exposes tools to an agent from inside a Chrome tab — the tools live in the page, auth is the user's active session, and the runtime is the browser itself. That's the entire surface area. When Google says "agentic web," they mean an agent that operates inside a tab the user already has open, using the cookies and OAuth tokens already loaded. That's a legitimate and useful pattern: What WebMCP is not : a replacement for the stdio and HTTP MCP servers running headless on your machine or VPS. Different runtime, different auth model, different lifecycle. Calling it "the new MCP" is like calling a service worker "the new backend." Same protocol family, entirely different deployment target. There's exactly one question you need to answer to pick correctly: Is a human looking at a screen when the agent runs? If yes → WebMCP is on the table. If no → you need a real server-side MCP. That's it. Everything else is retweet noise. | Dimension | WebMCP | stdio / HTTP MCP | |---|---|---| | Runtime | Chrome tab | Your process local, VPS, container | | Auth | User's browser session | Your API keys / OAuth tokens | | Trigger | User action in the page | cron, webhook, queue, schedule | | Lifecycle | While tab is open | 24/7 headless | | Credentials scope | Whatever the user is logged into | Whatever you gave the process | | Multi-account | Painful one browser session | Trivial one process per tenant | | Runs at 6 AM while you sleep | No | Yes | I run three MCP servers in production. Gmail triage, Telegram messaging, invoicing. They sit on a WSL Ubuntu box, run headless as systemd services, and between them handle over 400 tool calls a day . Zero of those calls involve a browser. There's no user session. There's no tab. The agent wakes on cron or a webhook, pulls email, decides what matters, drafts replies, pushes a Telegram notification, generates an invoice, goes back to sleep. WebMCP can't do any of that. Not because it's broken — because it's scoped to a runtime where a human is present. Here's the shape of one of my production servers, stripped to the bones. This is the Gmail triage server that runs on a 5-minute cron and processes the inbox before I'm awake: gmail triage server.py — stdio MCP server, runs as systemd service from mcp.server import Server from mcp.server.stdio import stdio server from google.oauth2.credentials import Credentials from googleapiclient.discovery import build app = Server "gmail-triage" Credentials loaded from disk once at startup. No browser, no user session — a service account / refresh token. creds = Credentials.from authorized user file "/etc/agents/gmail.json" gmail = build "gmail", "v1", credentials=creds @app.tool async def list unread max results: int = 50 - list dict : resp = gmail.users .messages .list userId="me", q="is:unread -category:promotions", maxResults=max results .execute return resp.get "messages", @app.tool async def get message message id: str - dict: return gmail.users .messages .get userId="me", id=message id, format="full" .execute @app.tool async def draft reply thread id: str, body: str - dict: ...creates a draft, does not send return {"status": "drafted", "thread id": thread id} if name == " main ": stdio server app .run The agent that calls this doesn't care what browser you use. It doesn't even know a browser exists. The credentials live in a file with chmod 600 , the process runs as a dedicated user, and the tool calls are logged to a local SQLite file so I can audit what happened overnight. The systemd unit is boring on purpose: /etc/systemd/system/gmail-triage.service Unit Description=Gmail Triage MCP Server After=network.target Service Type=simple User=agents ExecStart=/usr/bin/python3 /opt/agents/gmail triage server.py Restart=on-failure RestartSec=5 Install WantedBy=multi-user.target Now compare that to WebMCP. A WebMCP tool is declared by the page, discovered by the agent through the browser, and executed against the user's session. Rough shape: php < -- Publisher-side: a page exposing a WebMCP tool --