01—Extension
FOR HUMANSLegba
A browser tab that runs off your machine. Nothing executes locally. Close it and the session is gone. For people who don't want to trust their laptop with the internet.
Best for
IndividualsTeamsPrivacy-sensitive work
Browse anything.Leave nothing.
Legba runs the web inside a browser you throw away. Off your device. Off your stack. Destroyed on close. Use it as an extension, a sandbox, an MCP server, or an API.
import { Sandbox } from "@legba/sandbox"
const sandbox = await Sandbox.create({
geo: "phoenix-az",
scope: ["healthequity.com"],
ttl: "15m",
})
await sandbox.agent.run(
"Log in and download my latest statement."
)
await sandbox.destroy()One primitive.
Four ways to ship it.
Legba is, at its core, a browser you throw away. It runs in a container, off your machine, with a real residential IP from any city you pick. When you're done, it's gone.
That's the engine. How you reach it is your call. Browser tab. Hosted sandbox. MCP config line. REST API. Same isolation. Same access. Different doors.
02—Sandbox
FOR THE AGENTS YOU RUNLegba Sandbox
A hosted browser an agent operates inside. Burn after reading by default. Built on OpenClaw with localized IPs and captcha solving baked in.
Best for
Solo buildersOSS agentsDemos & pilots
03—MCP
FOR THE AGENTS THAT TALK TO YOULegba MCP
One line of config and any MCP-aware agent gets browser hands. Disposable by default, scoped by you, served through the same engine. Claude, GPT, your own.
Best for
ClaudeOpenAI agentsInternal tooling
04—Cloud
FOR THE AGENTS YOU BUILDLegba Cloud
REST and SDKs. Spin up sessions in any geography. Persist when you need to, destroy when you don't. The depth product for agent companies and fintechs in production.
Best for
Production AIFintechAggregators
What every surface
inherits.
The engine carries the moat. Whether you reach it through MCP or the API or the extension, you get the same six guarantees.
Real headful browser.
Full Chromium with GPU rendering, real fonts, real canvas, real WebGL. Not a stealth plugin over headless. Detection vendors see a person.
Localized residential IPs.
Real ISPs. Real cities. Pick the geography the target site expects. Phoenix, Frankfurt, Seoul. Not a datacenter range pretending.
Dynamic server selection.
Sessions spawn in the region you call from or the one your target needs. Routing rotates around degradation automatically. No manual switching.
Burn after reading.
Sessions are containers. When the TTL hits or you close them, everything inside ceases to exist. No state. No logs. No reach. Nothing to leak.
Captcha solving.
hCaptcha and reCAPTCHA solved in-session. No third-party stitching, no copy-paste flows. Your agent doesn't even see the gate.
Anti-bot tradecraft.
Built by people who broke detection vendors for a living. Cloudflare, Incapsula, DataDome. We know how the systems work because we built and broke them.
Built for access.
Designed for isolation.
We route every session through the geography your target expects, with a real residential IP, a real browser, and a real exit. No fingerprint to flag. No stack to compromise. No trace when it's done.
85%
Of the web
Sits behind sign-in walls and bot detection.
20%
Headless success
What general headless tools deliver on hardened sites.
2.5×
Residential lift
Reliability gain from real residential IPs over datacenter.
0
Session residue
Zero artifacts. Zero state. Zero trace after close.
Built for buyers who can't afford to get blocked.
Two beachheads, one engine. AI companies need browser hands that don't expose them. Fintechs need authenticated access that works on the sites that fight back.
01
AI companies shipping agents
Your agent needs to log in, click, transact. Without leaking credentials, without getting blocked, without putting your stack at risk when prompt injection lands.
Disposable browser per taskBurn
Scoped credential accessNo reach
MCP-native integration1 line
Use→MCPCloudSandbox
02
Fintechs accessing hardened sites
Banks. Brokerages. Benefits portals. Insurance carriers. The sites your users hold accounts on actively fight automation. Headless tools fail. Off-the-shelf scrapers stitch together partial coverage.
Site-tuned scripts per targetReliability
Sub-15s MFA resolutionLive
Persistent sessions when you want themState
Use→CloudSandbox
Three calls.
One throwaway browser.
Whether you reach Legba via MCP, the API, or the SDK, the lifecycle is identical. Spin up scoped, do the work, destroy. Nothing persists unless you say so.
Pick a geography, scope what the session can reach, set the TTL. The container boots in under 200ms with a real residential IP and a fresh fingerprint.
Same engine,
every tier.
Start free, scale to production. Burn-after-reading sessions, residential IPs, and the same anti-bot tradecraft across every tier.
Tier 01
Free
For prototyping, evaluation, and MCP registry discovery.
$0
- 30 hours per month
- 1 concurrent session
- Datacenter IPs only
- Basic fingerprint masking
- Community support
Tier 02
Pro
For solo builders and small teams shipping production agents.
$499/mo
- 200 hours per month
- 10 concurrent sessions
- Residential IPs · 5 geos
- MCP + API access
- Captcha solving included
Tier 03
Production
For agent companies and fintechs in production. The Sail tier.
$5,000/mo
- 100 concurrent sessions
- Unlimited residential IPs · all geos
- Full MCP + API + SDKs
- Site-tuning service
- Priority support · SLA
Tier 04
Enterprise
For multi-product platforms and regulated buyers.
Custom
- Dedicated infrastructure
- SOC 2 Type II
- VPC + air-gap options
- Custom SLAs & terms
- Named support engineer
SM
“We tried four browser-for-agent vendors before Legba. None of them got past Cloudflare on the sites we cared about. Legba just works.The agent never sees a captcha, the session burns when we're done, and our security team stopped sweating.”
Sarah Maeda, Head of Engineering, Sail
FAQ
