Embeddable widget · Chrome extension

An automated browser agent for any site.

Quill does tasks on a web page for you — filling forms, comparing options, driving multi-step flows — by text or voice. It reads the page’s accessibility tree, targets elements by data-testid or role, and asks before anything sensitive.

No pixel-based clicking. No screenshots. Just the DOM.

Quill Working…
Book a table for two with my usual details.
Filling in your details…
↳ typed into textbox “Email”
↳ selected “2 guests”
Allow Quill to click “Confirm reservation”?
This submits a form.
Deny Allow
Ask Quill to do something…
🎤

Two ways to ship

For site owners

Embed the widget

Add one package and a proxy endpoint. Quill mounts in an isolated Shadow DOM — your styles and globals are untouched. Ship data-testids for deterministic targeting; it works without them too.

import { mountQuill, RemotePlanner } from "@quill/widget";

mountQuill({
  planner: new RemotePlanner("/quill/agent"),
  voice: true,
});
For end users

Install the extension

A Chrome (MV3) extension that brings Quill to any site you visit. Least-privilege by design — activeTab injection, no <all_urls>. Point it at a model proxy and go.

# Load unpacked (MV3)
packages/extension → chrome://extensions

# Or wire your own proxy in Options

How it works

1

Observe

Quill computes a compact accessibility snapshot of the page — roles, names, states, and stable refs — not raw HTML or pixels.

2

Decide

The model (via the AI SDK) plans the next small, verifiable step and calls one of Quill’s DOM tools.

3

Act

It clicks, types, or selects using native events frameworks expect — then re-observes and continues until the task is done.

The tool surface

Nine small, typed tools — defined once with Zod, shared across both distributions. The agent can only read and interact with parts of the page.

read_page

Compact accessibility snapshot with stable refs

query

Find elements by testid, role+name, or text

read_element

Full detail of one element: value, states, errors

click

Click a ref — sensitive clicks are gated

type

Type into inputs; never into password fields

select

Choose an option in a select, listbox, or radio

scroll

Scroll the page or a ref into view

wait_for

Wait for an element or URL change after an action

ask_user

Ask a question or request confirmation

Safe by default

Confirmation, in code

Submits, payments, deletions, and external navigation require explicit user approval — enforced by the tool layer, never by model compliance.

No-go zones

Site owners declare regions Quill will neither read nor touch, or restrict it to part of the app.

Passwords stay secret

Password fields are never read into model context, and Quill won’t type into them — it hands focus to you.

Prompt-injection aware

All page-derived content is delivered as untrusted data; page text can never redirect the agent.

See Quill drive a real form.

The demo runs entirely in your browser — no API key needed. Watch it read the page, fill the fields, and pause for your approval before submitting.

Open the live demo →