act

Execute a natural language action. The AI will plan and perform multi-step operations in a single invocation, useful for transient UI interactions (e.g., Spotlight, dropdown menus) that disappear between separate commands.

Server Web Bridge @midscene/web-bridge-mcp
Category Execute
Risk class High
Parameters 81 required

What act does on Web Bridge

AI agents invoke act to trigger actions in Web Bridge. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.

ParameterTypeRequiredDescription
prompt string Yes Natural language description of the action to perform, e.g. "press Command+Space, type Safari, press Enter"
web.url string URL to open in new tab (omit to use current page)
deepThink boolean Plan this action with deep thinking (richer context and sub-goal decomposition). Helps with complex multi-step instructions at the cost of speed. Defaults to th
deepLocate boolean Use deep locate for every element this action targets. Improves precision for small or ambiguous targets at the cost of speed. Defaults to the server --deep-loc
web.aiActContext string Background knowledge passed to aiAct. Default: no extra context.
web.waitAfterAction number Wait time in milliseconds after each action execution. Default: 300ms.
web.replanningCycleLimit integer Maximum number of replanning cycles for aiAct. Default: model adapter default.
web.screenshotShrinkFactor number Screenshot shrink factor before sending images to AI. Default: 1; high values may reduce recognition quality, especially on mobile.

Parameters from the server's own tool schema.

Why act needs a policy

This tool triggers execution of AI-planned multi-step operations based on natural language input. While presented as a web automation tool for UI interactions, the ability to 'plan and perform' arbitrary operations with user-supplied instructions constitutes code execution.

From the tool's definition Tool description states it will 'Execute a natural language action' and 'perform multi-step operations', with the ability to interact with UI elements (Spotlight, dropdowns, etc.).

Risk signalsAccepts URL/endpoint input (web.url)

Questions about act

What does the act tool do? +

Execute a natural language action. The AI will plan and perform multi-step operations in a single invocation, useful for transient UI interactions (e.g., Spotlight, dropdown menus) that disappear between separate commands. It is categorised as a Execute tool in the Web Bridge MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

What parameters does act accept? +

act accepts 8 parameters: prompt, web.url, deepThink, deepLocate, web.aiActContext, web.waitAfterAction, web.replanningCycleLimit, web.screenshotShrinkFactor. Required: prompt. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on act? +

Register the Web Bridge MCP server in PolicyLayer and add a rule for act: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Web Bridge. Nothing to install.

What risk level is act? +

act is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit act? +

Yes. Add a rate_limit block to the act rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block act completely? +

Set action: deny in the PolicyLayer policy for act. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides act? +

act is provided by the Web Bridge MCP server (@midscene/web-bridge-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.