Native Browser Integration
Our goal is for browsers to natively support AI through the navigator.llm API, just like they support navigator.geolocation or navigator.mediaDevices.
The Vision
Section titled “The Vision”// No extension needed, works in all browsersconst session = await navigator.llm.createSession({ systemPrompt: 'You are a helpful assistant',});
const response = await session.generate({ prompt: 'Explain quantum computing',});Why It Matters
Section titled “Why It Matters”For users: No extension to install, better privacy, browser-native security.
For developers: Works out-of-the-box, same API everywhere, larger audience.
For the web: AI becomes a first-class platform feature like WebGL, WebRTC, or WebAuthn.
The Path
Section titled “The Path”1. Extension (Now)
Section titled “1. Extension (Now)”Validate the API design with a working Chrome extension. Gather feedback, iterate, build community.
2. Proposal
Section titled “2. Proposal”Submit specification to W3C. Work with browser vendors to refine the design.
3. Trials
Section titled “3. Trials”Browsers implement experimental versions. Developers test and provide feedback.
4. Standard
Section titled “4. Standard”Specification matures. Browsers ship stable implementations.
This is the same path WebGL, WebRTC, and other successful web standards followed. It takes time, but delivers an open standard that works everywhere.
How Browsers Will Implement It
Section titled “How Browsers Will Implement It”Reference Implementation: WebLLM Daemon
Section titled “Reference Implementation: WebLLM Daemon”WebLLM now provides a Node.js daemon (running on localhost:54321) that serves as a reference implementation of what browsers will need to build natively. This daemon validates the architecture, protocols, and security model that browser vendors will eventually implement.
Current Daemon Features (Available Now):
- Token-based authentication with Bearer tokens
- CORS protection with origin whitelisting
- HTTP/SSE communication protocols
- Provider configuration API
- Secure credential storage
- Progress tracking and streaming
- Automatic transport fallback (daemon → extension)
See the Node Daemon documentation for setup instructions.
Browser Implementation Requirements
Section titled “Browser Implementation Requirements”When browsers implement native navigator.llm, they will need to build components equivalent to the current daemon:
1. Background Daemon Process
Section titled “1. Background Daemon Process”- What: Persistent background service similar to the Node daemon
- Like: Browser service workers, but system-level and always-running
- Purpose: Manages AI providers, credentials, and request orchestration
- Equivalent to: The current
@webllm/serverrunning in the Node daemon
2. Authentication & Security
Section titled “2. Authentication & Security”- Token System: Like the daemon’s Bearer token authentication
- Credential Storage: Integration with browser’s password manager or OS keychain
- Origin Permissions: Per-domain access control (like camera/location APIs)
- CORS-like Protection: Prevent unauthorized cross-origin access
3. Communication Layer
Section titled “3. Communication Layer”- Internal IPC: Replace HTTP/SSE with browser’s internal message passing
- Same Protocols: Request/response patterns, streaming, progress tracking
- Resource Limits: Prevent abuse with quotas and rate limiting
- Equivalent to: The daemon’s
/apiand/sseendpoints
4. Provider Management
Section titled “4. Provider Management”- Configuration API: Like the daemon’s
/configendpoints - Credential Security: Store API keys securely (never expose to web pages)
- Provider Priority: User-configured fallback chain
- Local Models: Download, cache, and run models locally
- Equivalent to: The daemon’s
ProviderManagerandLocalModelManager
5. User Interface
Section titled “5. User Interface”- Settings Page: Native browser UI (like chrome://settings/content/camera)
- Permission Prompts: Integrated with browser’s permission system
- Usage Dashboard: Show AI usage statistics and history
- Equivalent to: The extension’s side panel UI
Architecture Comparison
Section titled “Architecture Comparison”Current (Daemon + Client):
Web Page ↓ fetch() to localhost:54321Node.js Daemon (localhost) ↓ Bearer Token Auth ↓ CORS Check ↓ Provider Selection ↓ API Call or Local InferenceResponseFuture (Native Browser):
Web Page ↓ navigator.llm.createSession()Browser Background Process ↓ Permission Check ↓ Internal IPC (no network) ↓ Provider Selection ↓ API Call or Local InferenceResponseKey Differences:
- No Network: Internal IPC instead of HTTP/localhost
- Browser UI: Native permission prompts instead of extension UI
- OS Integration: Direct access to system keychain and GPU
- Better Performance: No JavaScript runtime overhead
- More Secure: Browser sandbox and OS-level security
What Browsers Need to Build
Section titled “What Browsers Need to Build”Browser vendors (Chrome, Firefox, Safari, Edge) will need to implement:
- Background Service - Always-running process for AI operations (like the daemon)
- API Surface -
navigator.llmJavaScript API - Permission System - Integrate with existing browser permissions
- Credential Manager - Secure storage for API keys and tokens
- Provider Registry - Manage multiple AI providers (Anthropic, OpenAI, local)
- Local Inference - WebGPU/WebNN integration for on-device models
- Settings UI - Native configuration interface
- Privacy Controls - Usage tracking, data retention, clearing
Implementation Precedents
Section titled “Implementation Precedents”Browsers have implemented similar architectures before:
- WebRTC - Background media processing, device access, peer connections
- WebAuthn - Credential management, biometric integration, hardware tokens
- Service Workers - Background scripts, offline capabilities, push notifications
- WebUSB/WebHID - Hardware device access with permissions
- Geolocation - System service integration with permission prompts
The WebLLM daemon follows these same patterns and serves as a working reference implementation.
Benefits of Native Implementation
Section titled “Benefits of Native Implementation”- No Installation: Works out-of-the-box, no extension needed
- Zero Network Overhead: IPC instead of HTTP localhost calls
- Better Security: OS-level credential storage and sandboxing
- Unified Experience: Consistent across all websites
- Platform Integration: Native UI, better performance
- Privacy: Browser-enforced data retention and deletion
The current Node daemon proves this architecture works. Browser vendors can study the daemon’s implementation, protocols, and security model when building native support.
For Developers
Section titled “For Developers”Check for native support, fall back gracefully:
if ('llm' in navigator) { // Use native API const session = await navigator.llm.createSession();} else { // Use extension polyfill const client = new WebLLMClient();}The @webllm/client library will automatically use native support when available.
How to Help
Section titled “How to Help”Use the extension: Real-world usage proves the concept to browser vendors.
Give feedback: Share what works and what doesn’t on GitHub.
Advocate: Let browser vendors know you want this feature.
The web got graphics (WebGL), video (WebRTC), and auth (WebAuthn). Next: native AI.