Skip to main content

Open stealth-browser framework — drive a real recompiled-Chromium (Fortress) that defeats bot-detection fingerprint suites. Drop-in stealth for browser-use, Playwright, Crawl4AI, with an MCP server for AI agents.

Project description

Tilion — a stealth browser for AI agents

mcp-name: io.github.tiliondev/fortress

pip install tilion — drive a real, undetected Chromium that gets past Cloudflare, DataDome, and bot detection. No server, no account, no API key.

PyPI Python MCP engine

Framework & MCP: Beta · runs local & free · Tilion Cloud (residential egress) coming soon

Same site, same prompt: a vanilla browser is blocked by PerimeterX while an agent with the Tilion MCP returns clean JSON

Real, dated run against stockx.com (PerimeterX). A stock browser gets HTTP 403 — "Access denied"; an agent with the Tilion MCP returns clean JSON — same site, same prompt.

Tilion runs a recompiled-Chromium stealth engine (Fortress) locally, in-process, and gives you one clean API for fetching protected pages, extracting content, crawling sites, reconnaissance, and multi-step automation — plus a Model Context Protocol (MCP) server so AI agents can reach for it the moment they get blocked.

pip install tilion

Quickstart

import asyncio
from tilion import Tilion

async def main():
    async with Tilion() as t:                                 # boots Fortress locally
        page = await t.fetch("https://protected.example")     # past Cloudflare/DataDome/403
        print(page["title"], page["text"][:200])

        data = await t.extract("https://site/pricing")        # clean markdown + tables
        docs = await t.crawl("https://site", depth=2)         # whole-site crawl (auto-SPA)
        apis = await t.recon("https://site")                  # discover the site's private API
        hits = await t.search("undetected playwright")        # real-browser web search

asyncio.run(main())

No uvicorn, no Redis, no auth — local mode holds one real browser and drives it directly.

Drop-in stealth for your existing stack

Already on browser-use, Playwright, Puppeteer, or Crawl4AI? They connect to a browser by CDP URL. Point that at Tilion and your code runs through the stealth engine — one line, no rewrite:

t = await Tilion().start()
cdp_url = t.cdp_url                       # hand this to any CDP-speaking stack

from browser_use import Agent, BrowserSession
agent = Agent(task="...", browser_session=BrowserSession(cdp_url=cdp_url))

MCP server — stealth browsing for any AI agent

pip install "tilion[mcp]"
tilion-mcp                                # or:  npx -y tilion-mcp

Claude Desktop / Cursor / Cline / Windsurf — add to the MCP config:

{ "mcpServers": { "fortress": { "command": "tilion-mcp" } } }

Claude Code (CLI): claude mcp add fortress -- tilion-mcp

26 tools: fetch_protected_page, extract_page, crawl_site, recon_site_apis, search_web, run_browser_task, save_page, save_profile, get_stealth_cdp_endpoint, and more — pre-warmed (~100 ms first call), concurrency-safe, timeout- and SSRF-guarded. Full tool table →

What you get

fetch stealth GET past Cloudflare/DataDome/403 + auto challenge-resolve
extract page → clean markdown + tables + metadata (or a schema-shaped record)
crawl / spa_crawl whole-site crawl, auto-handles SPA/JS + lazy-load → sitemap
recon reverse-engineer a site's private XHR/JSON API (secret-scrubbed)
search real-browser web search (no SERP API)
agent 20 multi-step flows: login, paginate, infinite-scroll, checkout, downloads…
screenshot / save PNG, or export as PDF / HTML / text
cdp_url raw CDP endpoint for browser-use / Playwright / Puppeteer

How stealth works

The engine is a recompiled Chromium C++ fork (shipped as the tilion-fortress dependency), not a JS patch or a stealth plugin. Persona, User-Agent, WebGL, and canvas fingerprints are applied natively with genuine binding returns (toString() === [native code]), so there are no JavaScript injection tells. In independent suites it runs Sannysoft-clean, CreepJS 0% headless, BrowserScan "Normal."

Honest note: a great fingerprint on a datacenter IP still gets blocked by the biggest sites — real anti-bot decisions weigh the egress IP heavily. For hostile targets, add a residential proxy or use hosted Tilion cloud egress (coming soon). Tilion does not claim to be "undetectable."

Install options

pip install tilion              # core: stealth browser + fetch/extract/crawl/recon/search
pip install "tilion[mcp]"       # + the MCP server
pip install "tilion[vision]"    # + LLM-driven agent (Claude/OpenAI/Gemini)

Links

Open-core: the tilion facade + MCP are BSD-3; the engine (tilion.core driver + the Fortress binary) is proprietary. Requires Python 3.10–3.13 on Linux, macOS, or Windows.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

tilion-0.1.6-cp313-none-any.whl (1.0 MB view details)

Uploaded CPython 3.13

tilion-0.1.6-cp312-none-any.whl (1.0 MB view details)

Uploaded CPython 3.12

tilion-0.1.6-cp311-none-any.whl (1.0 MB view details)

Uploaded CPython 3.11

tilion-0.1.6-cp310-none-any.whl (730.6 kB view details)

Uploaded CPython 3.10

File details

Details for the file tilion-0.1.6-cp313-none-any.whl.

File metadata

  • Download URL: tilion-0.1.6-cp313-none-any.whl
  • Upload date:
  • Size: 1.0 MB
  • Tags: CPython 3.13
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for tilion-0.1.6-cp313-none-any.whl
Algorithm Hash digest
SHA256 60f13fac230fbc76027b772c69ae4faa1377524c0bd574701ba123c0db8234ca
MD5 a0a885ee06a14e6abfc10bae848fc9f3
BLAKE2b-256 a118c79fd09398412ade2c5f5d3bfb28f92a7d9aac92c763b3004faf7f09565a

See more details on using hashes here.

File details

Details for the file tilion-0.1.6-cp312-none-any.whl.

File metadata

  • Download URL: tilion-0.1.6-cp312-none-any.whl
  • Upload date:
  • Size: 1.0 MB
  • Tags: CPython 3.12
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for tilion-0.1.6-cp312-none-any.whl
Algorithm Hash digest
SHA256 94ea5cc76e952753f4ca6028ba8f4c2fda91f35de0f98e6dc2aec25b3ba428ad
MD5 91476b73afdfc8a002ba1c5c5e28a805
BLAKE2b-256 ecfd5f2d370732c06ce1e6e93500cfe3bb283e7c19338bb7e134766df4dc369e

See more details on using hashes here.

File details

Details for the file tilion-0.1.6-cp311-none-any.whl.

File metadata

  • Download URL: tilion-0.1.6-cp311-none-any.whl
  • Upload date:
  • Size: 1.0 MB
  • Tags: CPython 3.11
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for tilion-0.1.6-cp311-none-any.whl
Algorithm Hash digest
SHA256 0eae847b773e2a4d798d07a3492f16d3d0ff4f311995dab3bec7608721cefe42
MD5 318ed1b29ae14d33af69cd4c0a08ea87
BLAKE2b-256 ca11a5e913f2aed7fe02d699159f01307edc72f5bd30110bee72d693c4e40847

See more details on using hashes here.

File details

Details for the file tilion-0.1.6-cp310-none-any.whl.

File metadata

  • Download URL: tilion-0.1.6-cp310-none-any.whl
  • Upload date:
  • Size: 730.6 kB
  • Tags: CPython 3.10
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for tilion-0.1.6-cp310-none-any.whl
Algorithm Hash digest
SHA256 ccb429bf97b958babeb9615b50f5f2f5f5e82e035e7d2865f6856b91943dcd03
MD5 a922187b9822c3696a949ae9c9a07604
BLAKE2b-256 868b3a4ac2ccbd9f4aa3744ab06c8a414c5e63cfe1ab4bf884f11a8d71114fad

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page