Wait for the right-canvas browser surface to finish its opening transition before using its dimensions as the Playwright viewport.
Measure raw stage dimensions for stability, then apply the existing clamped viewport values so initial screencasts do not render into a stretched canvas.
Add a browser regression guard for the raw viewport settle path.
Require explicit artifact, file, canvas, or format cues before turning response text into an Office artifact, while still allowing standalone deliverable-shaped drafts to open in the canvas. Add a same-turn guard so the response affordance does not duplicate documents already created with document_artifact, plus regression coverage for noisy long-document cases.
Add the _time_travel core plugin with Agent Zero-owned shadow Git snapshots, history/diff/preview/travel/revert APIs, capture hooks, and canvas plus floating window UI surfaces for /a0/usr workspaces.
Wire generic file-browser mutation hooks for UI edits, update modal backdrop handling, remove the legacy _diff_viewer plugin, and replace Diff Viewer tests with focused Time Travel coverage.
Inspired by Space Agent :-)
Add Codex-inspired annotation UI to the built-in Browser surfaces, including the Annotate toggle, Cmd/Ctrl+. shortcut, selection overlay, inline comments, and batch Draft to chat / Send now actions.
Wire browser_viewer_annotation through the WebSocket and runtime layers, and expose safe DOM metadata extraction for clicked elements and selected areas without leaking password/value data.
Expand regression coverage for the Browser UI, annotation dispatch, runtime helper exposure, prompt formatting, and WebUI extension surface harness behavior.
Adds the core _diff_viewer plugin for viewing staged, unstaged, and untracked working-tree changes in the right canvas and window modal.
Includes context-aware workspace resolution, safe read-only Git collection, zero-line .gitkeep filtering, unified diff rendering, and focused diff collection tests.
Replace the Browser viewer’s screenshot polling with CDP screencast streaming for much smoother navigation. The runtime now starts/stops CDP screencasts cleanly, acknowledges frames, drops stale frames, and keeps the WebSocket payload compatible with the existing viewer.
Also fixes modal viewport sizing by sending the initial stage dimensions on subscribe, applying CDP emulation sizing before the first frame, avoiding image stretching, and increasing screencast JPEG quality to 92. Regression coverage was added for the screencast path, frame ack/drop behavior, viewport sizing, and UI rendering assumptions.
-- Still needs thorough performance audit and optimization --
Refine the Browser modal UI with more native-feeling tabs, consistent chrome controls, right-side tab close buttons, and a cleaner extension dropdown. Move the Browser LLM preset into the dropdown with the active Main Model summary, simplify extension settings, remove the global extension enable switch and legacy extension root behavior, and add per-extension enable toggles.
Also updates the Chrome extension install/review flow with contextual warning copy, “Scan with A0”, cleaner labels, hidden empty extension state, and regression coverage for the new Browser UX.
- Always launch Browser with full Playwright Chromium instead of switching between headless shell and extension mode
- Cache Chromium under /a0/usr/plugins/_browser/playwright with legacy lookup for existing installs
- Store installed Browser extensions under /a0/usr/plugins/_browser/extensions with legacy extension-root compatibility
- Show clearer first-run Chromium install messaging and extend the initial Browser timeout
- Fix Browser spinner animation for startup and extension install states
- Update Docker Playwright install script and regression coverage
- Download Chrome Web Store extensions using the detected Chrome prodversion instead of a stale hardcoded version
- Update extension settings copy to reflect Chrome Web Store URL support
- Serialize Browser persistent-context startup and clean stale Chromium profile singleton locks
- Increase Browser viewer subscribe timeout for extension-enabled cold starts
- Add regressions for Web Store download URL handling, slow viewer startup, and stale profile lock cleanup
Introduce the new built-in Browser plugin for Agent Zero, replacing the legacy
browser-use-based browser agent with a direct Playwright-powered browser tool,
live WebUI viewer, browser session controls, status APIs, configuration, and
extension-management support.
Add browser-specific modal behavior so the browser can run as a floating,
resizable, no-backdrop window, including modal focus, toggle, and idempotent
open helpers for richer WebUI surfaces.
Remove the old `_browser_agent` core plugin and the `browser-use` dependency,
then clean up stale browser-model wiring and references across agent code,
model configuration docs, setup guides, troubleshooting docs, skills, and
Agent Zero knowledge.
Update regression and WebUI extension-surface coverage for the new browser
architecture and modal behavior.
The legacy browser-use implementation has been extracted from core so it can
continue separately as a community plugin published through the A0 Plugin Index for any user or professional that were relying on it for workflow.
Add LLM preset selection to project create/edit flows, backed by _model_config scoped project config. Support global, project, and combined preset APIs with explicit metadata while preserving plain YAML preset files. Copy selected preset chat/utility settings into project-scoped config, keep embedding settings from the effective config, and document/test the new project model config paths.
Introduces patch_text editing for the Docker-local text_editor, sharing request validation and freshness-state logic with text_editor_remote while preserving legacy line-number edits. Adds anchored context patching, safer state handling after context edits, updated model guidance, live remote wrapper reuse, and focused regression coverage for chained patches and Python replacement cases.
Unify skill handling layer and raise the active skills cap to 20.
The Skills UI now presents a simpler checklist-style flow for selecting active
skills, with live chat activation and saved defaults using the same visible list.
Skill contents can be opened in a read-only Ace viewer via the existing markdown
modal.
Bump FastMCP from 2.13.1 to 3.2.4 and MCP from 1.22.0 to 1.27.0
to remediate CVE-2026-32871 (GHSA-vv7q-7jx5-f767), as flagged by
Docker Scout.
Add a regression test covering OpenAPI path-parameter escaping so
malicious values like ../../../admin/delete-all? remain percent-encoded
under the intended route prefix instead of resolving to a different
backend path.
Validation:
- smoke-tested Agent Zero MCP initialization against fastmcp 3.2.4 + mcp 1.27.0
- PYTHONPATH=/tmp/agent-zero-testdeps python3 -m pytest tests/test_fastmcp_openapi_security.py -q
Refs:
- CVE-2026-32871
- Docker Scout: https://scout.docker.com/vulnerabilities/id/CVE-2026-32871
- GitHub advisory: https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-vv7q-7jx5-f767
- Related upstream issue: https://github.com/agent0ai/agent-zero/issues/1526
Tool execution no longer waits for the full streamed assistant text. We now detect the first explicitly closed top-level JSON object, freeze that snapshot as the canonical tool request, and stop the model stream there for dispatch.
To make that safe, DirtyJson completion semantics are tightened so completed=true only means the root object was explicitly closed, not that parsing hit end of file. I also restricted the new extraction path to object roots only, since tool calls are always brace-delimited objects, and added tests for parser completion and early stream stop.
- Extract UI server setup into UiServerRuntime class with modular initialization
- Move environment configuration, route registration, and transport handlers to helpers/ui_server.py
- Add released_at timestamp tracking for git tags and branch heads across update system
- Implement get_current_major_main_latest_info to find latest same-major version on main branch
- Add major_upgrade_versions and main_branch_latest fields to update info payload
- Remove
Promote the a0_small prompt work into the shipped default stack.
Token count for default prompt, accounting for tools, plugins, secrets placeholders, inactive project, etc: 2996 tokens.
- migrate compact prompt fragments into core prompts, plugin-owned prompts, and the agent0 overlay
- remove the obsolete a0_small profile and rename the tool-call knowledge reference to a generic framework file
- keep a small set of high-value JSON examples while preserving key guardrails for tool names, tool args, and method-style calls
- bake balanced conciseness into default response behavior without changing the initial greeting
- drop the call_sub prompt-side loader and keep call_sub guidance self-contained
- restore essential secrets/security guidance, preserve inactive-project messaging, and rebalance the A2A prompt
- add a regression test that verifies the assembled default agent0 prompt stays under the token budget and retains critical guardrails
Ensure printed output and HTML logs are safe by importing and applying sanitize_string, opening log files with utf-8 and errors='replace', and sanitizing text before writing. Add tests to verify lone surrogate characters are replaced and that logging won't crash on invalid Unicode. In the plugin installer UI, introduce POPULAR_PLUGIN_MIN_STARS and centralize popularity checking in _isPopularPlugin, using it for filtering and counts.
- Fix Memory Leaks: Resolved SID retention in _known_sids after disconnection and cleaned up unreferenced broadcast tasks in _schedule_lifecycle_broadcast.
- Unify Dispatching Paths: Unified client and server event dispatching through the process_client_event() method to ensure diagnostic consistency.
- Optimization & Cleanup: Expanded the _OPTION_KEYS whitelist, removed dead code (iter_event_types), and deleted unused websocket exports.
- Robustness: Added handling for None responses in process_client_event to prevent cluttering responses with empty results.
- Testing: Added test cases to verify SID TTL expiration and stale SID cleanup on disconnect.
Add installed_target_matches_request helper to check if requested update target matches current installation. Replace short_tag comparison with describe field to ensure exact commit match - prevents skipping updates when current version is ahead of requested tag (e.g. v1.11-12-ge9d9c93d vs v1.11). Return false for "latest" selector tags to force update check. Add test coverage
Add resetRestartState helper to clear restart status/detail text. Set initial "Preparing update" state in scheduleUpdate before API call. Make restart warning toast non-blocking (catch errors without await). Distinguish restart request errors from connection errors in restartAndReload - only clear overlay for actual HTTP failures, not expected connection drops. Reset restart state and remove overlay on restart request failure or
Replace direct tag refs with peeled commit refs (refs/tags/{tag}^{commit}) in git rev-parse and merge-base operations to ensure resolution to commit objects rather than annotated tag objects. Extract get_tag_commit_ref helper for consistent ref formatting. Update fetch_release_refs to check peeled ref in ancestry validation. Add test coverage for peeled commit resolution in explicit tag selection and fetch operations. Update
Add display_version to get_repo_version_info output that shows tag+commits (e.g. "v1.11+9") for development builds. Update self-update UI to prefer display_version over short_tag for current version display. Add describe field to modal when it differs from short_tag. Add test coverage for display_version generation on non-main branches.
- Add trigger_self_update.sh to executable permissions in Dockerfile
- Add trigger-update command mode to self_update_manager.py with argparse CLI
- Add queue_update_request helper to write trigger file with normalized parameters
- Add parse_selector_version, is_valid_selector_tag, is_supported_selector_tag helpers
- Add get_latest_same_major_tag to resolve "latest" within current major version line
- Add ensure
Replace sync_self_update_runtime_files with durable_self_update_supports_latest that checks whether the durable updater supports the "latest" selector by inspecting manager source code for LATEST_SELECTOR_TAG and resolve_requested_target. Check durable manager first, fall back to repo manager if missing. Block "latest" selection in schedule_update and hide it from get_selector_tag_options when durable updater lacks support.
Replace the paperclip and the separate bottom action row with a single + control that opens an upward panel next to the chat input box. Menu content stays in bottom-actions.html so chat-input-bottom-actions-start / end extension points are unchanged for plugins using these slots.
Added Files to the left sidebar dropdown for easy nav.
polish plus menu for extra chat actions
- Add _get_remote_branch_names helper to fetch available branches via git ls-remote with caching
- Add _get_local_origin_branch_names fallback for offline scenarios
- Add get_available_branch_values and get_available_branches to expose filtered branch list
- Add _is_excluded_self_update_branch helper to filter out HEAD, PR branches
- Add _sort_branch_names to deduplicate and sort branches with main first
- Add
- Add get_current_branch_latest_info helper to fetch and format latest version info for current branch
- Add _format_branch_head_version helper to format version display (tag only for main, tag+commits for other branches)
- Include current_branch_latest in get_update_info response
- Replace single current version card with two-column grid showing current and latest versions
- Move last attempt status
- Add LATEST_SELECTOR_TAG constant and is_latest_selector_tag helper to identify "latest" selection
- Add split_describe_version helper to parse git describe output into tag and commit count
- Replace fetch_release_refs with resolve_requested_target that handles both specific tags and "latest" resolution
- For main branch, resolve "latest" to newest reachable release tag
- For testing/development branches
- Add ready branch to Docker publish workflow alongside testing and main
- Replace tag search/autocomplete UI with standard select element preloaded with current major version tags
- Add get_selector_tag_options helper that filters tags to current major line and returns list of higher major versions available
- Show attention banner with Docker update guide link when newer major versions exist on selected
Extend docker_release_plan.py to detect when a new release tag becomes the highest tag on testing or main branches via push events. Track before/after SHAs to compare tag states and trigger builds for newly promoted tags. Add push_promoted_tag mode alongside existing tag push handling. Update workflow to trigger on branch pushes and pass ref type, before/after SHAs to planning script.
- Add _get_remote_branch_merged_tags to fetch tags from official repo via temporary bare clone
- Add _remote_branch_tag_cache with 60-second TTL to reduce redundant fetches
- Add _get_official_remote_url helper for consistent remote URL construction
- Rename existing _get_branch_merged_tags to _get_local_branch_merged_tags
- Update _get_branch_merged_tags to prefer remote tags with fallback to local
- Add REMOTE_BRANCH_TAG_CACHE_TTL_SECONDS constant
- Add observedBackendUnavailable flag to track backend state transitions
- Update restart flow to wait for backend disconnect before reload
- Add intermediate restart states: "Restarting backend" and "Update in progress"
- Change health check logic to require backend unavailability before reload
- Handle restart request errors with proper HTTP status validation
- Add type="button" to all modal footer buttons to prevent form submission
- Add tag verification in schedule_update before accepting update requests
- Check if selected tag exists on target branch via get_available_tags
- Add tagExistenceWarning computed property to display branch-specific errors
- Add tagExistenceChecked state flag to track validation status
- Implement onTagBlur handler to validate tag on input blur
- Add frontend validation in scheduleUpdate before API submission
- Change tag dropdown clicks from @
- Change version tag format from `v{epoch}.{major}.{minor}.{rest}` to `v{major}.{minor}`
- Raise minimum selector version from v0.9.9 to v1.0
- Update tag parsing to require exactly two version segments
- Add numeric sorting for version tags (e.g., v1.10 > v1.9)
- Update major version compatibility check to compare first number only
- Improve validation messages: "vX.Y.Z" → "vX.Y", add "v1.0 or newer" requirement
- Clear default
Move the Browser Agent/browser-use stack into a tracked built-in
`_browser_agent` plugin while preserving the current model/config flow.
Changes:
- add built-in `_browser_agent` plugin with tool, helpers, prompts, assets,
status API, and WebUI message/status surfaces
- move browser-use wrapper and monkeypatch ownership out of `models.py`
into plugin helper code
- keep browser model resolution on the `_model_config` path and continue
using the effective Main Model / chat model config
- remove stale Browser HTTP Headers UI and outdated browser-model wording
- make Playwright runtime resolution bootstrap-only and stop installing
browser binaries on demand
- switch browser log rendering to plugin-owned WebUI extension handling
with core fallback compatibility for old logs
- delete obsolete core browser tool/helpers/prompts/assets after plugin
resolution is in place
- update docs to reflect built-in plugin ownership and Main Model browser
behavior
feat(browser-agent): improve lifecycle reliability, LLM compatibility, and local-dev bootstrap
- **Lifecycle Reliability**: Implemented stale Chromium lock file cleanup and one-shot ephemeral profile fallback to prevent CDP connection hangs and profile-locked crashes.
- **LLM Compatibility**: Added OpenRouter/Gemini shims including schema compaction, system instruction injection, and JSON output normalization for `browser-use` validation.
- **Cache Alignment**: Reverted Playwright browser cache to `tmp/playwright` for parity with core behavior and updated Docker scripts and documentation accordingly.
- **Local-Dev Bootstrap**: Added a plugin `install()` hook to automate Python dependency setup and transitioned bootstrap feedback to UI notifications.
- **Plugin Config**: Set `always_enabled: false` to allow users to opt-out or bring their own browser providers.
- **Testing**: Expanded test suite to cover lifecycle edge cases, LLM normalization, and bootstrap logic.
rework clean up browser agent sessions on reset/removal
Force browser-agent teardown to use BrowserSession.kill() so keep_alive sessions do not leave Chromium running and keep the profile locked. Add centralized browser state cleanup for reset/context removal and regression tests to cover the new teardown path and prevent SingletonLock fallbacks from stale sessions.
add browser agent thumbnail
restore local dev for Playwright in browser agent via hook
- Introduced a new hook to bootstrap Playwright for local development, ensuring the Chromium headless shell is installed when in development mode.
- Updated the Playwright helper to call the new hook if the binary is not found during the binary check.
- Added tests to verify the correct installation and behavior of the Playwright binary in local development scenarios.
proper install notifications for Playwright in local dev
- Added notification management for Playwright bootstrap process, including info, success, and error notifications.
- Enhanced the `bootstrap_local_dev_playwright` function to notify users about the installation status of the Playwright runtime.
- Updated tests to verify the correct notifications are sent during the Playwright installation process.
rework browser state cleanup extensions for agent context removal and reset
- Added `CleanupBrowserStateOnRemove` and `CleanupBrowserStateOnReset` extensions to handle browser state cleanup when an agent context is removed or reset.
- Updated `cleanup_browser_agent_state` function to utilize new protocols for better type safety and clarity.
- Enhanced the `State` class to ensure proper cleanup of browser sessions and user data directories.
- Introduced tests to validate the cleanup functionality and ensure browser sessions are correctly managed during agent lifecycle events.
enhance Playwright cache handling
- Updated Playwright helper to include support for a new cache directory at `.cache/ms-playwright`, aligning with standard cache locations.
- Modified the `get_playwright_search_dirs` function to incorporate the new cache path.
- Added a new test to verify the retrieval of the Playwright binary from the repository's `.cache/ms-playwright` directory, ensuring proper functionality across different cache locations.
- Updated existing tests to reflect changes in cache path handling.
update docs and README.md
restore local dev bootstrap and async-safe teardown
Keep Browser Agent bootstrap local in development, matching pre-extraction behavior, by removing the RFC filesystem hop from Playwright cache setup. Restore on-demand local-dev bootstrap through plugin hooks before browser-use import, so missing browser packages and runtime can be installed on first use.
Rework browser session teardown to be async-safe during reset and cleanup, avoiding nested event loop shutdown failures while still terminating the browser worker cleanly. Also remove redundant browser-use patch application and add regression tests covering local bootstrap, reset-time async shutdown, and lifecycle cleanup.
playwright bootstrap via plugin hooks
[Fixed][P1] The hook-based restore was architecturally in the right place, but it was too late to recover a missing local browser_use / playwright install. The browser tool imports browser_use at module load time, and tool loading silently skips modules that fail to import, so the plugin install() hook could never rescue the first browser invocation if those packages were absent. I fixed that by calling the plugin install hook before importing browser_use in local development: browser_use.py, browser_use.py, agent.py, test_browser_agent_playwright_bootstrap.py.
[Fixed][P3] The Browser Agent UI and runtime error text still claimed on-demand install did not exist, which contradicted the intended local-dev bootstrap path. I corrected both messages so they now describe the real behavior: main.html, playwright.py.
rm tests
restore old browser use logic files
restore old browser working behaviour
browser: migrate cleanup hooks to new extensible paths
Update Browser Agent cleanup extensions to the new deep @extensible path layout introduced in 7e1d9ad2a4, so AgentContext reset/remove hooks fire again after the framework migration.
`This restores browser state cleanup when chats are reset or deleted, preventing keep-alive browser sessions from surviving context removal and leaving chats stuck until restart. The change also keeps the recent browser regressions covered with focused tests for Anthropic/OpenRouter action normalization, keep-alive session teardown via kill(), and extension discovery under the new _functions/... path structure.`
Update messages.js
update docs
- Rename /state_sync namespace to /webui throughout codebase
- Remove get_event_types() from WebSocketHandler - handlers now process all events for their namespace
- Replace per-event handler registration with namespace-wide registration
- Add validate_event_type() class method for runtime event name validation
- Update UserMessage instantiation to use keyword arguments (message=, attachments=)
- Move send_data
