If you've evaluated MCP servers for browser automation, you've seen three credible options: Microsoft's Playwright MCP, Browserbase + Stagehand, and Tap. They look like substitutes. They aren't.
Same tool slot. Three different products.
Each answers a different question. The architectural axis that separates them: where does the browser actually run, and what credentials does it see?
| Where browser runs | Logged-in / cookies | Tokens per run | Trust boundary | |
|---|---|---|---|---|
| Playwright MCP | Local Playwright (headless or --extension) |
△ --extension reuses your Chrome; headless = none |
Per-call (LLM at runtime) | Your machine |
| Browserbase + Stagehand | Browserbase cloud | ✗ credentials must be uploaded | Per-call (LLM at runtime) | Browserbase's cloud |
| Tap | Your own Chrome (extension) | ✓ uses your live session | 0 (deterministic replay) | Nothing leaves the machine |
Tokens: the architecture, not the engineering
For "scrape the top 30 stories from HN as JSON," runtime-extracting tools call an LLM each invocation. We measured ~9,600 tokens/call on a naive extraction loop.
Tap compiles a deterministic 11-op plan once with AI, then replays at zero tokens. Across 100 queries between drift events, that's 849× cheaper than re-extracting every time.
This advantage only exists because the workload repeats. For one-shot research, runtime extraction is the right tool. Tap's amortization math needs "I'll run this again" to be on the table.
Credentials: the dimension where they stop being substitutes
For unauthenticated work (HN, Wikipedia, docs) — pick on price. Doesn't matter.
For anything behind a login it dominates everything else:
-
Playwright MCP headless: no cookies.
--extensionflag (recent, good) attaches to your real Chrome — closes most of the auth gap. - Browserbase + Stagehand: your cookies go to their cloud. Real cost some teams accept (multi-tenant SaaS with isolation requirements), real cost others won't (solo founder; SOC2-restricted credentials).
- Tap: nothing leaves the machine. The browser IS yours. The cookies ARE your cookies. The MCP server orchestrates but never sees them.
How to pick (one question each)
- Does the task need a logged-in session? No → Playwright MCP. Yes → continue.
- Is uploading those credentials to a third-party cloud OK? Yes → Browserbase + Stagehand. No → continue.
- One-shot or repeated workflow? One-shot → Playwright MCP
--extension. Repeated → Tap.
Inverse: each loses where the others win.
- Tap loses on one-shot novel-site research — authoring time > runtime extraction.
- Playwright MCP loses on repeated workloads against drifting sites — re-pay extraction tokens forever, absorb silent failures.
- Browserbase loses when credentials can't legally or operationally leave the machine.
Full version with the token-cost data + drift handling deep-dive: Playwright MCP vs Tap vs Browserbase →
Tap install: brew install LeonTing1010/tap/taprun. Free during v0.x.
Top comments (1)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.