HTTP API
Two HTTP servers run alongside Egg. The browser exposes tabs, navigation, screenshots, and CDP. The gateway exposes AI, media processing, fetching, privacy checks, the agent, monitors, credentials, and end-to-end-encrypted sync. Both bind to 127.0.0.1.
Discovery & auth
On startup each server writes a JSON file with its port and bearer token. Anything calling the API reads that file.
# Browser API (egg.exe)
%APPDATA%\com.eggbrowser.desktop\api_info.json
~/Library/Application Support/com.eggbrowser.desktop/api_info.json
# Gateway API (egg-daemon.exe)
%APPDATA%\com.eggbrowser.desktop\daemon_info.json
~/Library/Application Support/com.eggbrowser.desktop/daemon_info.json
# Schema
{
"port": 19247,
"token": "a3f8c2e1-...",
"pid": 12345,
"started_at": "2026-05-01T08:00:00Z"
}
# Authenticate every request with the token
PORT=$(jq -r .port ~/Library/Application\ Support/com.eggbrowser.desktop/daemon_info.json)
TOKEN=$(jq -r .token ~/Library/Application\ Support/com.eggbrowser.desktop/daemon_info.json)
curl -s "http://127.0.0.1:$PORT/health" -H "Authorization: Bearer $TOKEN"
- Both servers bind local-only. The token is regenerated on every restart.
- Ports are random by default. Pin them with
--port for development.
- The browser API and gateway API have separate tokens and separate discovery files. They’re different processes.
Conventions
The gateway groups its routes into three tiers. Each tier carries different stability guarantees.
| Prefix | Tier | Stability |
|---|
| /api/v1/… | Versioned public | Stable contract. Additive changes within v1; breaking changes ship as v2. |
| /api/… (unversioned) | Public, pre-v1 | Historical gateway routes (agent, monitors, sync, credentials, lifecycle). Stable in practice; will fold into /api/v1/ as the surface settles. |
| /x/… | Egg-internal | Not part of the public contract. May change without notice. See Internal endpoints. |
- JSON in, JSON out. Streaming endpoints use Server-Sent Events (
text/event-stream) with named events: progress, log, done, error for long-running ops; delta, tool, done for chat streams.
- Errors return
{ "error": { "code": "...", "message": "...", "retry_after"?: 30 } } with the appropriate HTTP status. Tier limits surface as TIER_BLOCKED on 402/429; model-capability mismatches surface as TOOLS_UNSUPPORTED on 422 (when a call passes tools to a model that does not support tool calling).
- The gateway makes all outbound HTTP. Browser clients never reach external APIs directly; everything routes through the gateway, which holds the credentials and applies tier gating where applicable.
- The capability registry (see
GET /api/registry/summary) lists every configured model with its capability flags (supports_tools, supports_vision, supports_streaming). Callers can pre-check before issuing a request.
Browser API
Hosted by egg.exe. Drives the running browser: tabs, navigation, JS eval, screenshots, raw CDP.
Lifecycle & status
| Method | Path | Purpose |
|---|
| GET | /api/status | Build id, version, uptime. No auth required. |
| GET | /api/diagnostics | Diagnostic snapshot for support reports. |
| POST | /api/focus | Bring the main window forward. |
| POST | /api/screenshot | Capture a frame, a tab’s webview, or the desktop. Returns a PNG path. |
| POST | /api/navigate | Deep-link the React shell via React Router. |
| POST | /api/eval | Run JS in the main window. Body is wrapped in an async function; use return for a value. |
Tabs & pages
| Method | Path | Purpose |
|---|
| GET | /api/browser/tabs | List every tab with id, url, title, active state. |
| POST | /api/browser/tabs | Create a new tab. Body: {"url":"..."}. |
| DELETE | /api/browser/tabs/{id} | Close the tab. |
| POST | /api/browser/tabs/{id}/activate | Switch to the tab. |
| POST | /api/browser/tabs/{id}/cdp | Send a raw CDP method to the tab. {method, params}. |
| POST | /api/browser/navigate | Navigate an existing tab. {tab_id, url}. |
| POST | /api/browser/read | Reader-mode extraction of the active tab. |
| POST | /api/browser/exec | Run JS inside a tab’s webview. |
| GET | /api/browser/history | Browsing history. |
Automation
| Method | Path | Purpose |
|---|
| POST | /api/browser/cmd | Run one micro-command. {tab_id, command, args}. |
| POST | /api/browser/batch | Run a sequence of micro-commands in order. |
| GET | /api/browser/cdp/events | Server-Sent Events stream of subscribed CDP events across tabs. |
Data & settings
| Method | Path | Purpose |
|---|
| GET | /api/bookmarks | List bookmarks. |
| GET | /api/settings | Read all user settings. |
| PUT | /api/settings/{key} | Update one setting. |
| GET | /api/extensions | List installed Chrome extensions. |
| POST | /api/extensions/install | Install from a Web Store URL or unpacked folder. |
| DELETE | /api/extensions/{id} | Uninstall an extension. |
| GET | /api/sidebar | Sidebar items. |
Gateway API
Hosted by egg-daemon.exe. Owns every external HTTP call Egg makes. Provider credentials live here; tier gating happens here; outbound traffic to AI providers, image hosts, search APIs, and Egg’s cloud relay all originate here.
AI — /api/ai
One endpoint per modality. Provider routing is the gateway’s responsibility: every endpoint accepts either a capability (text_fast, vision, etc.) or an explicit override. Tier gating runs before any cloud call.
| Method | Path | Purpose |
|---|
| POST | /api/ai/complete | Non-streaming chat completion. {capability?, override?, messages, tools?, ...} returns {content, tool_calls?, usage}. |
| POST | /api/ai/stream | Streaming chat completion. SSE events: delta, tool, done, error. |
| POST | /api/ai/embed | Text embeddings. {text, provider?} returns {embedding: number[]}. provider is optional: "google" (768d) or "openai" (1536d). |
| POST | /api/ai/transcribe | Audio transcription. {input_path, language?} returns {text, segments?}. The gateway picks a local or cloud asset based on the configured capability. |
| POST | /api/ai/speech-recognize | Short-form speech recognition. {input_path, language?} returns {text}. Optimized for utterances under ~60s. |
| POST | /api/ai/tts | Text-to-speech. {text, voice?, backend?}. backend is "auto" (default, prefer local when installed), "local", or "cloud". Saves audio to local disk and returns its path. |
| POST | /api/ai/vision | Image understanding. {images: [{path|url|base64}], prompt, capability?} returns {content, usage}. |
| POST | /api/ai/generate-image | Image generation. {prompt, size?, n?} returns one or more image paths or URLs. |
| POST | /api/ai/video-generate | Video generation (async). Submits to the provider, polls for completion, returns the video URL. |
| POST | /api/ai/vad | Voice activity detection. {input_path, threshold?, min_speech_ms?, min_silence_ms?} returns speech intervals. Audio is preprocessed to 16 kHz mono server-side. |
| POST | /api/ai/rerank | Cross-encoder reranking. {query, docs[], top_n?} returns each document scored for relevance, sorted descending. Useful for improving retrieval results before passing to an LLM. |
Server-side media processing: probe, transcode, mux, extract, sample, download. Inputs and outputs are filesystem paths inside the app data dir, system tmp, or the OS download dir; paths outside those roots are rejected. Long-running operations stream SSE progress events.
| Method | Path | Purpose |
|---|
| POST | /api/media/probe | Container and stream metadata. Sync JSON. Returns duration, video streams, audio streams, format. |
| POST | /api/media/transcode | Generic video/audio transcode. SSE progress. Accepts pre-input args, multi-input, filter_complex, output maps. |
| POST | /api/media/concat | Concatenate inputs. SSE. method: demuxer (stream-copy) or filter (re-encode). |
| POST | /api/media/mux | Mux video and audio. SSE. Optional stream-copy. |
| POST | /api/media/extract-audio | Strip audio from a video. SSE. |
| POST | /api/media/silence-detect | Detect silence intervals in an audio track. Sync JSON. |
| POST | /api/media/extract-subtitles | Extract embedded subtitle tracks. Sync JSON. Returns SRT text. |
| POST | /api/media/sample-scenes | Scene-change frame sampler. Sync JSON. Returns frame paths and timestamps. |
| POST | /api/media/extract-clip | Stream-copy a time range. SSE. |
| POST | /api/media/extract-frame | Single frame grab. Sync JSON. |
| POST | /api/media/download | Video download. SSE progress. Accepts a caller-chosen job id. |
| DELETE | /api/media/download/{job_id} | Cancel an in-flight download. |
Fetch — /api/v1/fetch
Generic external HTTP, mediated by the gateway. Every URL is validated against an SSRF allow-list: loopback, RFC1918, link-local, CGNAT, ULA, multicast, and .local are rejected, and DNS is resolved server-side to defeat rebinding.
| Method | Path | Purpose |
|---|
| POST | /api/v1/fetch/page | Fetch a page. {url, include: ["title", "content", "raw", "meta"]}. Returns only the requested fields. |
| POST | /api/v1/fetch/image | Fetch a remote image. {url, max_bytes?} returns bytes plus content-type. |
Privacy — /api/v1/privacy
| Method | Path | Purpose |
|---|
| POST | /api/v1/privacy/hibp | Check a password hash against Have I Been Pwned’s breach corpus. {sha1_prefix} (5 hex chars, k-anonymity) returns the list of suffix matches. |
Agent chat
| Method | Path | Purpose |
|---|
| POST | /api/agent/chat | Send a message. Streams tokens, tool calls, and plan-approval prompts. |
| POST | /api/ag-ui | Agent-Generated UI. The agent posts a JSON UI description and the browser renders it. Preview. |
Autonomy & scheduling
| Method | Path | Purpose |
|---|
| GET / PUT | /api/agents/{agent_id}/private-time | Read or set protected windows where the agent works without interruption. |
| GET | /api/agents/{agent_id}/autonomy | Current autonomy permissions. |
| GET | /api/agents/{agent_id}/reservations | List reservations. |
| POST | /api/reservations | Create one. |
| PUT / DELETE | /api/reservations/{id} | Update or cancel. |
| GET | /api/agents/{agent_id}/time-blocks | List scheduled blocks. |
| POST / DELETE | /api/time-blocks (and {id}) | Create or cancel. |
| POST | /api/agents/{agent_id}/materialize-blocks | Materialize the next planned blocks now. |
| POST | /api/agents/{agent_id}/plan-now | Force a re-plan immediately. |
| GET | /api/agents/{agent_id}/soft-plan | Inspect the rolling soft plan. |
Monitors & alerts
| Method | Path | Purpose |
|---|
| GET | /monitors | List page monitors. |
| GET / PUT / DELETE | /monitors/{id} | Read, update, delete. |
| POST | /monitors/{id}/check | Force-check a monitor now. |
| GET / POST | /alerts | List or create alerts. |
| DELETE | /alerts/{id} | Delete one. |
Credentials & queue
Provider credentials (LLM API keys, OAuth tokens, service-account JSON) live in the gateway. Read responses always redact secret material; only the gateway-internal lookup path sees raw keys.
| Method | Path | Purpose |
|---|
| GET / POST | /api/credentials/providers | List or create a provider credential. POST responses redact the key. |
| PATCH / DELETE | /api/credentials/providers/{id} | Update or remove. |
| GET / POST | /credentials | Legacy generic credentials (3rd-party APIs). |
| DELETE | /credentials/{id} | Delete a generic credential. |
| GET / POST | /queue | List or enqueue offline-queue items. |
| DELETE | /queue/{id} | Drop one. |
| GET / POST | /agent/tasks | List or create background agent tasks. |
| GET | /agent/tasks/{id} | Task state. |
File watches
| Method | Path | Purpose |
|---|
| GET / POST | /file-watches | List or create a directory watch. |
| DELETE | /file-watches/{id} | Stop watching. |
| GET | /file-events | Recent FS events. |
Cross-device sync
End-to-end-encrypted device pairing. X25519 ECDH, AES-256-GCM. The cloud holds opaque ciphertext only.
| Method | Path | Purpose |
|---|
| POST | /sync/invite/create | Generate a 6-character pairing invite. |
| POST | /sync/invite/accept | Accept an invite from another device. |
| POST | /sync/pairings/confirm | Confirm the SAS code shown on both devices. |
| GET | /sync/pairings | List paired devices. |
| POST | /sync/pairings/revoke | Revoke a pairing. |
| GET | /sync/status, /sync/has-key | Sync state. |
| POST | /sync/now | Force a sync round. |
| POST | /sync/initial-transfer | One-time bulk transfer (history, tabs). |
| GET | /sync/events | Sync event stream. |
Lifecycle
| Method | Path | Purpose |
|---|
| GET | /health, /status | Liveness and structured status. |
OpenAPI spec
The gateway publishes a machine-readable OpenAPI 3.1 document covering the versioned public surface (/api/v1/*).
curl -s "http://127.0.0.1:$PORT/api/v1/openapi.json" \
-H "Authorization: Bearer $TOKEN"
The unversioned gateway routes (chat, autonomy, monitors, credentials, sync) are stable in practice but not yet included in the spec; they’ll be folded in as the surface settles into /api/v1/.
Internal endpoints
Routes under the /x/ prefix are Egg-internal contracts used by the browser shell and Egglet runtime. They’re documented for transparency but aren’t part of the public API: shapes change without notice and aren’t covered by version guarantees. See Internal endpoints for the full list.
Example session
# 1. Read gateway discovery
INFO="$HOME/Library/Application Support/com.eggbrowser.desktop/daemon_info.json"
PORT=$(jq -r .port "$INFO")
TOKEN=$(jq -r .token "$INFO")
HDR="Authorization: Bearer $TOKEN"
# 2. Ask for a one-shot completion via the text_fast capability
curl -s -X POST "http://127.0.0.1:$PORT/api/ai/complete" \
-H "$HDR" -H 'Content-Type: application/json' \
-d '{"capability":"text_fast","messages":[{"role":"user","content":"In one sentence: what is Egg?"}]}'
# 3. Probe a video file
curl -s -X POST "http://127.0.0.1:$PORT/api/media/probe" \
-H "$HDR" -H 'Content-Type: application/json' \
-d '{"input_path":"/tmp/clip.mp4"}'
# 4. Fetch a page’s title and OG metadata
curl -s -X POST "http://127.0.0.1:$PORT/api/v1/fetch/page" \
-H "$HDR" -H 'Content-Type: application/json' \
-d '{"url":"https://eggbrowser.com","include":["title","meta"]}'
# 5. Stream a chat completion
curl -N -X POST "http://127.0.0.1:$PORT/api/ai/stream" \
-H "$HDR" -H 'Content-Type: application/json' \
-d '{"capability":"text_fast","messages":[{"role":"user","content":"Say hi."}]}'