Skip to main content
When your agent is embedded on a website, it can answer questions, but it cannot take actions. The user asks “add this to my cart” and the agent says “you can use the Add to Cart button on the right.” That’s advice, not assistance. Page tools close this gap. The host page registers JavaScript handler functions as tools. The agent can call them when appropriate. The handler runs in the browser with full access to the application’s DOM, state, and APIs. The agent decides when to act; the host page’s handler decides how.

Why this matters

Without page tools, embedded agents are conversational. Users ask questions, get answers. With page tools, every embedded agent becomes an assistant that can operate the application. The user says “add this to my cart” and the item is in the cart. The user says “move this candidate to the interview stage” and the pipeline updates. The capabilities are yours to define. Every action the agent can take is one you deliberately enabled. Different pages can offer different tools. Admin users can get tools that regular users don’t. You shape the agent’s abilities to match your application. This is especially valuable for scenarios like e-commerce (add to cart, apply coupons, check stock, change shipping method, where the agent operates the store alongside the user), internal platforms (move pipeline candidates, update records, trigger workflows, where the agent participates in the user’s workflow instead of describing it), SPA navigation (guide the user to the right page or section without them hunting through menus), and form assistance (pre-fill fields, validate inputs, submit forms, where the agent handles the tedious parts).

When to use page tools

Use them when the agent needs to do something on the host page, not just know something about it. Page tools are the right choice when:
  • The action happens in the browser (DOM manipulation, client-side API calls, navigation)
  • The handler needs access to the host page’s authenticated session, state, or routing
  • The capability should be dynamic (different tools on different pages, for different users)
Page tools are not the right choice when:
  • The action requires server-side credentials or infrastructure (use an MCP server instead)
  • The result needs rich visual rendering via the widget pipeline (widgets require the proxy)
  • The data should flow to the agent’s system prompt for reasoning (use Situational Awareness)
For many scenarios, page tools and situational awareness work together: SA tells the agent what the user is looking at, and a page tool lets the agent act on it.

How page tools compare to other data channels

The platform has several channels for passing data between the host page and the agent. Each has a distinct purpose:

Registering tools

Call agent.setPageTools() with an array of tool definitions:
Each tool needs: agent.setPageTools() is sync. Call it once mindset.init() has completed and the element has fired mindset:agent-idle. See § When the element is ready to call. You don’t need to await anything.

Updating tools dynamically

As the user navigates, the available actions change. Call agent.setPageTools() to replace the tool set at any point. The agent picks up the new tools on the next message.
setPageTools() replaces the entire tool set each time. To clear all page tools, pass an empty array.

Multilingual status descriptions

The SDK detects the user’s browser language automatically. Pass a string for English only, or a record keyed by language code for multilingual support:
The SDK resolves the user’s language, falls back to English if the requested language is not provided, and falls back to the generated default if neither is present.

Combining with situational awareness

Page tools and situational awareness are complementary. SA tells the agent what the user is looking at. Page tools tell the agent what it can do about it.
The agent knows which product because of SA. It knows how to add it because you registered the tool. On a page where add_to_cart hasn’t been registered, the agent naturally stays conversational (“You can add it to your cart using the button on the right”).

Scenarios

E-commerce: product actions

User: “Add this to my cart” Agent: “Done. I’ve added the Industrial Widget X-500 to your cart. Your total is now $2,460 with 4 items.”

HR platform: pipeline management

User: “Move this candidate to the interview stage” Agent: “Done. I’ve moved Sarah to the Interview stage. The hiring manager has been notified.”

Destructive actions: confirmation dialog

There’s no platform-level confirmation mechanism. If a tool has real-world consequences, build confirmation into your handler:
You own the confirmation UI. The agent waits for the handler to resolve, however long that takes.

Writing good tool descriptions

The description field is the single most important field. It’s what the agent reads to decide whether to call the tool and when.

Handling errors

Return error information in the result object. The agent reads it and communicates the failure naturally:
Never throw from a handler. Always return a result object. The platform wraps handler invocations in a safety net (try/catch with a 30-second timeout), but a structured error from your code will always produce a better experience than a generic failure message. If a handler does throw despite this guidance, the SDK catches the exception and the tool output passed to the agent will likely contain an error. The agent will typically acknowledge the failure in conversation and the turn continues normally. Custom UIs rendering tool output can detect an error field in mindset:tool-end.detail.output to surface a “tool failed” indicator. Returning a structured { success: false, error } from your handler remains the cleaner path (you control the exact message), but unhandled exceptions don’t break the turn.

Security

The agent proposes actions. Your handler decides whether to execute them. The agent has no direct access to the DOM, your APIs, your cookies, or your session. It can only invoke handlers you registered. Your handler is the gatekeeper:
Treat handler arguments as untrusted input. The LLM generates the args object. It’s no more trusted than user input from a form field. Validate and sanitize the same way you would for any external input. Prompt injection can trigger tool calls. An attacker who controls content the agent reads could instruct it to call your tools with specific arguments. Build handlers defensively: check permissions, validate arguments, use confirmation dialogs for destructive operations.

Things to know

Call setPageTools() on every navigation. Handlers are closures. They capture the surrounding application state at the time they’re defined. If the user navigates but you don’t call setPageTools() again, the handlers reference stale state. Pair setPageTools() with setSituationalAwareness() in your navigation handler. Don’t tear down the page from a handler. If the handler does window.location.href = args.path, it tears down the SDK mid-execution. The tool result never reaches the agent. Use the browser History API for SPA navigation, or return a result and let the page navigate after the turn completes. Return JSON-serializable objects. Returning a DOM element, a circular reference, or a function will produce a generic error. Stick to plain objects with string, number, boolean, and array values.

Design properties

Page tools are dynamic per message. They are read before each message send, so the agent’s available actions evolve with the page state. The tool list is flat. The agent sees page tools identically to MCP tools, with no special handling and no separate category. Page tools are always allowed. They bypass the directive tool filter because they’re customer-registered, not agent-config-controlled. If you registered it, the agent can use it. Execution is local. Handlers run in the browser, in the user’s authenticated session, with no proxy and no server round-trip. The platform provides a safety net. Every invocation is wrapped with try/catch, a 30-second timeout, and a JSON serialization guard. You don’t need to handle these yourself.

Quick reference

Situational awareness

Give the agent context to reason about.

Pass-through parameters

Inject exact data into tool calls without the LLM copying it.

Data channels overview

How page tools fit alongside the other channels.

Element methods

Full element method surface.

DOM events

Tool-call events (mindset:tool-start, mindset:tool-end).