peerd

peerd is the first AI agent harness native to the browser. It's a Chrome/Firefox extension that runs a full agent loop inside the browser you already use, with your existing tabs and sessions. It reads and drives your pages, spins up sandboxed compute (JS Notebooks, full Linux VMs compiled to WebAssembly, personal client-side apps), and (on the preview channel) shares what it builds over a peer-to-peer WebRTC network built for agent-to-agent communication. BYOK to the model provider of your choice. No backend, no telemetry, no cloud component in the data path.

https://github.com/user-attachments/assets/d2e4c285-6952-4c95-bf5a-d06087de084d

peerd uses the browser as its runtime and its security model. It builds on decades of hardened browser platform work (V8 isolates for sandboxing, WebCrypto for the vault, WebAuthn passkeys to unlock it, opaque-origin iframes, Subresource Integrity) and writes none of its own cryptographic or process-isolation code. The agent that holds your keys never reads a raw page; a disposable runner with no keys and no network does, and its output comes back fenced as untrusted. Every action the agent drives is verified against the live page before it counts as done. (More at peerd.ai.)

Status: 0.x, experimental beta. The initial feature buildout is complete and integrated (see STATUS.md), but the surface is still moving: breaking changes are likely, storage formats may shift, and it drives your browser and holds your API keys, so use it with care. There is no "V1" commitment; versions stay in the 0.x range until the surface stabilizes.

For the full, itemized list of what's shipped, categorized by module, see FEATURES.md.

Install

Developer preview: Load the source tree unpacked using the steps below. This is the current source-of-truth install path for contributors and early testers.

Store packages: Chrome Web Store / Firefox Add-ons listings will be linked here once they are approved. Store packages omit preview-only dweb pieces and the preview/dev advanced automation path.

Dweb preview (research package): GitHub Releases may include signed preview artifacts. If there is no release attached yet, use the source install path below.

The preview package includes the decentralized web (dweb) layer: peer-to-peer dwapps between peerd instances. It's intended for contributors and early testers, since the dweb protocol is research-grade and subject to change. Most users want one of the two store packages above. The preview installs alongside the store package as a separate extension ("peerd preview") with its own isolated storage; move state between them explicitly via Settings → Export & import.

Preview package install paths (Firefox is the smoother of the two):

• Firefox: click peerd-preview-firefox.xpi on the release page. It's AMO-signed, installs like any extension, and auto-updates.
• Chrome on macOS / Windows (recommended): load the zip unpacked. Chrome hard-disables off-store CRX installs on these platforms ("may have been added without your knowledge", enable toggle locked), and field testing showed even an ExtensionInstallAllowlist policy visible in chrome://policy does NOT unlock it on an unmanaged machine (Chrome wants MDM-grade management). So don't fight it: download peerd-preview-chrome.zip, unzip it, enable Developer mode at chrome://extensions, Load unpacked, and pick the unzipped folder. Caveats: no auto-update (download the new zip per release) and the extension ID is machine-specific, not the table's CRX ID. This is a Chrome platform restriction on all self-hosted extensions, not a peerd choice.
• Chrome on Linux (or any policy-managed Chrome): download peerd-preview-chrome.crx, enable Developer mode at chrome://extensions, and drag the file onto the page. Auto-update then follows the feed at peerd.ai/updates/.

Extension IDs (verify which package you're running):

Getting started

peerd has no build step: you load the extension/ folder straight into Chrome as it is on disk. You need a Chromium-based browser (Chrome, Edge, Brave, Arc, …) and a model to talk to: a key from Anthropic and/or OpenRouter, or a local Ollama (keyless, no bill, nothing leaves your machine). BYOK: any key lives encrypted in a local vault and is only ever sent to that provider.

1. Get the code

git clone https://github.com/NotASithLord/peerd.git
cd peerd

2. Load the extension in Chrome

1. Open chrome://extensions.
2. Turn on Developer mode (toggle, top-right).
3. Click Load unpacked.
4. Select the extension/ folder inside the repo, not the repo root. (The folder with manifest.json in it.)

peerd now appears in your extensions list. Click the puzzle-piece icon in the toolbar and pin peerd so its icon is always visible.

3. Open peerd and set up the vault

Click the peerd toolbar icon and the side panel opens. On first run you create a local vault: unlock with Touch ID / a passkey (recommended) or a recovery passphrase. Keys, chat history, and the audit log are all encrypted on this device; nothing leaves your machine except the calls to your model provider.

4. Add your API key(s)

Open Settings (gear icon) → API keys. Paste a key for Anthropic (sk-ant-…) and/or OpenRouter (sk-or-…). You can set both at once, each stored independently. Choose a default under Default model for new chats, and switch the model per chat from the picker above the message box.

5. Chat

Back in the chat, type a message. peerd can read and drive your open tabs, run shell commands in a sandboxed in-browser Linux VM, build small apps, search the web, and more. Turn on Confirm before actions in Settings if you want to approve each tab/automation step first (off by default).

Updating after a code change. Hit the reload icon on the peerd card in chrome://extensions. The side panel, offscreen document, and any open VM/JS/App tabs reload with it.

Firefox (temporary). about:debugging#/runtime/this-firefox → Load Temporary Add-on → pick extension/manifest.json. Re-load on each edit. Firefox parity is still being polished; Chrome is the primary target for now.

Generated files. extension/manifest.json and extension/shared/channel-config.js are GENERATED (the checked-in copies are the dev defaults: preview channel, dweb on). Don't hand-edit them; change manifests/*.json or packaging/default-settings.mjs and run bun run gen:dev. CI fails if they drift.

Why the permissions? peerd asks for broad host access (<all_urls>, and debugger on the preview/dev channels) because driving arbitrary tabs and reading the page the agent is acting on is the whole point. Each permission, why it's needed, and what the store build strips is spelled out in docs/store/PERMISSION-JUSTIFICATIONS.md, and the trust boundaries (BYOK vault, egress allowlist, untrusted-content handling, no telemetry) in SECURITY.md.

Project conventions (the short version)

• Plain vanilla JS, ES2024+. No TypeScript, no JSX, no bundler, no npm inside extension/.
• ES modules only. Strict mode by default.
• Pure functions and reducers over classes. Classes only where lifecycle is real (vault, VM, ports).
• safeFetch / webFetch for all outbound HTTP; bare fetch is forbidden.
• Comments explain why, not what. The codebase is security-sensitive and is meant to be read carefully.

The full version of these conventions and the architectural rationale lives in CLAUDE.md (orientation), ARCHITECTURE.md (module organization), and DESIGN.md (the full technical design record: vault crypto, dispatcher gates, prompt-injection defenses, the MV3 keepalive trick; long, historical, and worth searching before reopening a settled question).

The five modules

The five-letter wordmark is the arc