Update MCP docs for browser pool parity

Author: IlyaasK

docs.json

@@ -301,14 +301,20 @@
             "group": "Tools",
             "pages": [
               "reference/mcp-server/tools/manage-browsers",
-              "reference/mcp-server/tools/manage-profiles",
               "reference/mcp-server/tools/manage-browser-pools",
-              "reference/mcp-server/tools/manage-proxies",
-              "reference/mcp-server/tools/manage-extensions",
-              "reference/mcp-server/tools/manage-apps",
+              "reference/mcp-server/tools/browser-curl",
               "reference/mcp-server/tools/computer-action",
               "reference/mcp-server/tools/execute-playwright-code",
               "reference/mcp-server/tools/exec-command",
+              "reference/mcp-server/tools/manage-profiles",
+              "reference/mcp-server/tools/manage-proxies",
+              "reference/mcp-server/tools/manage-extensions",
+              "reference/mcp-server/tools/manage-apps",
+              "reference/mcp-server/tools/manage-projects",
+              "reference/mcp-server/tools/manage-api-keys",
+              "reference/mcp-server/tools/manage-auth-connections",
+              "reference/mcp-server/tools/manage-credentials",
+              "reference/mcp-server/tools/manage-credential-providers",
               "reference/mcp-server/tools/search-docs"
             ]
           },

reference/mcp-server.mdx

@@ -21,7 +21,7 @@ The server is a centrally hosted, authenticated remote MCP using OAuth 2.1 with
     Authorize access through your browser when prompted. See [Authentication](/reference/mcp-server/authentication) for OAuth and API key options.
   </Step>
   <Step title="Start automating">
-    Use the [tools](/reference/mcp-server/tools/manage-browsers) to launch browsers, run Playwright code, and invoke your apps.
+    Use the [tools](/reference/mcp-server/tools/manage-browsers) to launch browsers, warm browser pools, run Playwright code, invoke your apps, and manage auth workflows.
   </Step>
 </Steps>
 
@@ -38,7 +38,7 @@ The server is a centrally hosted, authenticated remote MCP using OAuth 2.1 with
     Setup for Claude, Cursor, VS Code, and more.
   </Card>
   <Card icon="wrench" title="Tools" href="/reference/mcp-server/tools/manage-browsers">
-    Browsers, profiles, proxies, apps, and more.
+    Browsers, pools, apps, projects, API keys, and managed auth.
   </Card>
   <Card icon="database" title="Resources" href="/reference/mcp-server/resources">
     Read browsers, pools, profiles, and apps.

reference/mcp-server/resources.mdx

@@ -3,11 +3,17 @@ title: "Resources"
 description: "Read browsers, pools, profiles, and apps as MCP resources"
 ---
 
-The Kernel MCP server exposes your account's objects as MCP resources. Each resource URI lists all items or returns a specific one.
+The Kernel MCP server exposes your account's objects as MCP resources. List URIs return collections, and templated URIs return one object.
 
 | Resource | Description |
 |----------|-------------|
-| `browsers://` | Access browser sessions (list all or get a specific session). |
-| `browser_pools://` | Access browser pools (list all or get a specific pool). |
-| `profiles://` | Access browser profiles (list all or get a specific profile). |
-| `apps://` | Access deployed apps (list all or get a specific app). |
+| `browsers://` | List browser sessions. |
+| `browsers://{session_id}` | Read one browser session. |
+| `browser-pools://` | List browser pools. |
+| `browser-pools://{id_or_name}` | Read one browser pool by ID or name. |
+| `profiles://` | List browser profiles. |
+| `profiles://{profile_name}` | Read one browser profile by name. |
+| `apps://` | List deployed apps. |
+| `apps://{app_name}` | Read one deployed app by name. |
+
+Use resources when your client needs read-only context. Use the matching `manage_*` tool when you need to create, update, delete, acquire, release, or invoke something.

reference/mcp-server/tools/browser-curl.mdx

@@ -0,0 +1,49 @@
+---
+title: "Browser Curl"
+description: "Send HTTP requests through an existing browser session"
+---
+
+Use `browser_curl` to send an HTTP request through an existing Kernel browser session's Chrome network stack. Use it when the request needs the browser's cookies, proxy, network context, or origin behavior.
+
+<Note>For documentation lookup or general web search, use `search_docs` or your agent's normal search tool instead.</Note>
+
+## Parameters
+
+| Parameter | Description |
+|-----------|-------------|
+| `session_id` | Browser session ID. Required. |
+| `url` | Target `http` or `https` URL. Required. |
+| `method` | HTTP method: `GET`, `HEAD`, `POST`, `PUT`, `PATCH`, `DELETE`, or `OPTIONS`. Defaults to `GET`. |
+| `headers` | Custom headers merged with browser defaults. |
+| `body` | Request body for `POST`, `PUT`, or `PATCH` requests. |
+| `response_encoding` | Response body encoding: `utf8` or `base64`. Use `base64` for binary content. |
+| `timeout_ms` | Request timeout in milliseconds. Must be 1 or greater. |
+
+## Example
+
+```json
+{
+  "session_id": "browser_2vDb5kRmZ4nP8xQ1cA7",
+  "url": "https://app.example.com/api/account",
+  "method": "GET",
+  "headers": {
+    "Accept": "application/json"
+  },
+  "timeout_ms": 10000
+}
+```
+
+## Post with browser cookies
+
+```json
+{
+  "session_id": "browser_2vDb5kRmZ4nP8xQ1cA7",
+  "url": "https://app.example.com/api/tasks",
+  "method": "POST",
+  "headers": {
+    "Content-Type": "application/json"
+  },
+  "body": "{\"title\":\"Run nightly checkout audit\"}",
+  "response_encoding": "utf8"
+}
+```

reference/mcp-server/tools/computer-action.mdx

@@ -1,18 +1,18 @@
 ---
-title: "computer_action"
-description: "Mouse, keyboard, and screenshot controls for browser sessions"
+title: "Computer Action"
+description: "Mouse, keyboard, clipboard, and screenshot controls for browser sessions"
 ---
 
-Execute computer actions on a browser session. Pass a single action for simple operations, or pass multiple actions to batch them into one request for lower latency.
+Use `computer_action` to execute mouse, keyboard, clipboard, and screenshot actions on a browser session. Pass one action for simple operations, or pass multiple actions to batch them into one request for lower latency.
 
-<Tip>Always include a `screenshot` as the last action so you can see the result. `screenshot` and `get_mouse_position` return data, so they must come last.</Tip>
+<Tip>Include a `screenshot` as the last action when you need to see the result. `screenshot`, `read_clipboard`, and `get_mouse_position` return data, so they must be the last action if included.</Tip>
 
 ## Parameters
 
 | Parameter | Description |
 |-----------|-------------|
 | `session_id` | Browser session ID. Required. |
-| `actions` | Ordered list of actions to perform. Required. |
+| `actions` | Ordered list of one or more actions to perform. Required. |
 
 ## Action types
 
@@ -26,6 +26,8 @@ Execute computer actions on a browser session. Pass a single action for simple o
 | `drag_mouse` | Drag along a `path` of `[x, y]` points. |
 | `set_cursor` | Show or hide the cursor (`hidden`). |
 | `sleep` | Wait `duration_ms` between steps when the page needs time to react. |
+| `write_clipboard` | Write `text` to the browser session clipboard. |
+| `read_clipboard` | Read the browser session clipboard. Must be the last action if included. |
 | `screenshot` | Capture the page, optionally limited to a `region`. |
 | `get_mouse_position` | Return the current cursor position. |
 
@@ -43,3 +45,18 @@ Execute computer actions on a browser session. Pass a single action for simple o
   ]
 }
 ```
+
+## Clipboard example
+
+```json
+{
+  "session_id": "browser_2vDb5kRmZ4nP8xQ1cA7",
+  "actions": [
+    { "type": "write_clipboard", "write_clipboard": { "text": "https://kernel.sh/docs" } },
+    { "type": "press_key", "press_key": { "keys": ["Ctrl+l"] } },
+    { "type": "press_key", "press_key": { "keys": ["Ctrl+v"] } },
+    { "type": "press_key", "press_key": { "keys": ["Return"] } },
+    { "type": "screenshot" }
+  ]
+}
+```

reference/mcp-server/tools/exec-command.mdx

@@ -1,9 +1,9 @@
 ---
-title: "exec_command"
+title: "Exec Command"
 description: "Run shell commands inside a browser VM"
 ---
 
-Execute a command synchronously inside a browser VM. Returns decoded stdout, stderr, and the exit code. The `command` field is the executable; pass its arguments in `args`.
+Use `exec_command` to execute a command synchronously inside a browser VM. It returns decoded stdout, stderr, and the exit code. The `command` field is the executable; pass its arguments in `args`.
 
 ## Parameters
 

reference/mcp-server/tools/execute-playwright-code.mdx

@@ -1,9 +1,9 @@
 ---
-title: "execute_playwright_code"
+title: "Execute Playwright Code"
 description: "Run Playwright/TypeScript code against a browser session"
 ---
 
-Execute Playwright/TypeScript automation code against a Kernel browser session. If `session_id` is provided, uses that existing browser; otherwise creates a new one. Returns the result with a video replay URL, and auto-cleans up browsers it creates.
+Use `execute_playwright_code` to run Playwright/TypeScript automation code against a Kernel browser session. If you provide `session_id`, it uses that existing browser. If you omit `session_id`, it creates a browser and cleans it up after execution.
 
 <Tip>Use `computer_action` with the `screenshot` action instead of `page.screenshot()` in your code. For a comprehensive page state snapshot, use `await page._snapshotForAI()`.</Tip>
 

reference/mcp-server/tools/manage-api-keys.mdx

@@ -0,0 +1,49 @@
+---
+title: "Manage API Keys"
+description: "Create, list, update, and revoke Kernel API keys"
+---
+
+Use `manage_api_keys` to create, inspect, rename, and revoke Kernel API keys. Created keys include the plaintext secret once; later reads return masked key metadata.
+
+## Actions
+
+| Action | Description |
+|--------|-------------|
+| `create` | Create an org-wide or project-scoped API key. |
+| `list` | List masked API keys. |
+| `get` | Retrieve one masked API key. |
+| `update` | Rename an API key. |
+| `delete` | Revoke an API key. |
+
+## Parameters
+
+| Parameter | Description |
+|-----------|-------------|
+| `action` | Operation to perform. Required. |
+| `api_key_id` | API key ID. Required for `get`, `update`, and `delete`. |
+| `name` | (create, update) API key name. |
+| `project_id` | (create) Project ID for project-scoped keys. Omit or use `null` for org-wide keys. |
+| `days_to_expire` | (create) Days until expiry, up to 3650. Use `null` for no expiry. |
+| `limit` | (list) Max results per page. Must be 1-100. |
+| `offset` | (list) Pagination offset. Must be 0 or greater. |
+
+## Create a project-scoped key
+
+```json
+{
+  "action": "create",
+  "name": "checkout-agent-prod",
+  "project_id": "proj_2vE0M7bLwX9kQ4nP3sY8",
+  "days_to_expire": 90
+}
+```
+
+## Rename a key
+
+```json
+{
+  "action": "update",
+  "api_key_id": "ak_2vE1qJ7ZpLm8N4cT6rW0",
+  "name": "checkout-agent-prod-rotated"
+}
+```

reference/mcp-server/tools/manage-apps.mdx

@@ -1,9 +1,9 @@
 ---
-title: "manage_apps"
+title: "Manage Apps"
 description: "List apps, invoke actions, and check deployments and invocations"
 ---
 
-Manage Kernel apps, deployments, and invocations.
+Use `manage_apps` to discover deployed app actions, invoke an app, and inspect deployment or invocation state.
 
 ## Actions
 
@@ -26,8 +26,8 @@ Manage Kernel apps, deployments, and invocations.
 | `version` | (list_apps, invoke) App version filter. Defaults to `latest` for invoke. |
 | `deployment_id` | (get_deployment) Deployment ID to retrieve. |
 | `invocation_id` | (get_invocation) Invocation ID to retrieve. |
-| `limit` | (list_apps, list_deployments) Max results. Default 50. |
-| `offset` | (list_apps, list_deployments) Pagination offset. Default 0. |
+| `limit` | (list_apps, list_deployments) Max results per page. Must be 1-100. |
+| `offset` | (list_apps, list_deployments) Pagination offset. Must be 0 or greater. |
 
 ## Example
 

reference/mcp-server/tools/manage-auth-connections.mdx

@@ -0,0 +1,74 @@
+---
+title: "Manage Auth Connections"
+description: "Create and operate managed auth connections for browser profiles"
+---
+
+Use `manage_auth_connections` to keep a browser profile logged in to a third-party site. A connection ties a domain to a Kernel profile and can use stored credentials, external provider credentials, or user-provided login input.
+
+## Actions
+
+| Action | Description |
+|--------|-------------|
+| `create` | Start managing auth for a profile and domain. |
+| `list` | List auth connections. |
+| `get` | Poll one connection or login flow state. |
+| `delete` | Remove an auth connection. |
+| `login` | Begin a login flow. Returns a hosted URL and live view URL. |
+| `submit` | Submit discovered field values, an MFA option, or an SSO button selection. |
+
+## Parameters
+
+| Parameter | Description |
+|-----------|-------------|
+| `action` | Operation to perform. Required. |
+| `id` | Auth connection ID. Required for `get`, `delete`, `login`, and `submit`. |
+| `domain` | (create) Target domain, such as `netflix.com`. |
+| `profile_name` | (create) Profile to manage auth for. Also filters `list`. |
+| `allowed_domains` | (create) Additional domains valid for this auth flow. Common SSO providers are allowed by default. |
+| `credential_name` | (create) Name of a stored Kernel credential for automatic login. |
+| `credential_provider` | (create) External credential provider name, such as `1password`. Use with `credential_path` or `credential_auto`. |
+| `credential_path` | (create) Provider-specific item path, such as `Engineering/Netflix Admin`. |
+| `credential_auto` | (create) If true, the provider auto-looks up credentials by domain. |
+| `login_url` | (create) Explicit login page URL to skip discovery. |
+| `health_check_interval` | (create) Seconds between automatic re-auth checks. The max is 86400. |
+| `save_credentials` | (create) Save credentials after each successful login. Default true. |
+| `proxy_id` / `proxy_name` | (create, login) Proxy to route the auth flow through. |
+| `domain_filter` | (list) Filter by domain. |
+| `limit` | (list) Max results per page. Must be 1-100. |
+| `offset` | (list) Pagination offset. Must be 0 or greater. |
+| `fields` | (submit) Map of field name to value, such as `{ "mfa_code": "123456" }`. Check `discovered_fields` from `get`. |
+| `mfa_option_id` | (submit) MFA option ID from the connection. |
+| `sso_button_selector` | (submit) XPath of an SSO button to click instead of submitting fields. |
+
+## Flow
+
+1. Call `create` with `domain` and `profile_name`.
+2. Call `login` to start a login flow.
+3. Share the returned hosted URL with the user or watch the returned live view URL.
+4. Call `get` to poll flow state and inspect `discovered_fields`.
+5. Call `submit` when the flow asks for field values, an MFA option, or an SSO choice.
+
+## Create a connection
+
+```json
+{
+  "action": "create",
+  "domain": "accounts.example.com",
+  "profile_name": "work-accounts",
+  "credential_name": "example-work-login",
+  "login_url": "https://accounts.example.com/login",
+  "health_check_interval": 3600
+}
+```
+
+## Submit an MFA code
+
+```json
+{
+  "action": "submit",
+  "id": "authconn_2vE3Nq8WmY5bL0sC9pR1",
+  "fields": {
+    "mfa_code": "123456"
+  }
+}
+```