mirror of
https://github.com/browseros-ai/BrowserOS.git
synced 2026-05-13 15:46:22 +00:00
dde403962f
* fix(server): tighten CORS allowlist for the agent server Replace the permissive `origin || '*'` reflection in `defaultCorsConfig` with an explicit allowlist composed of: - a static list (empty by default) - comma-separated origins from `BROWSEROS_TRUSTED_ORIGINS` Add a small `requireTrustedOrigin` middleware that actively rejects (403) any request whose `Origin` header is present and not in the allowlist. The middleware is permissive when the `Origin` header is absent — CLI tools, internal Node clients, and some service-worker fetches legitimately omit it; the threat model only covers cross-origin browser fetches, which always carry `Origin` (it's on the Forbidden Header List, so JS cannot suppress it). Mount the middleware globally in `createHttpServer` after the existing `cors()` layer. Document the new env var in `.env.example`. Tests cover allowlist parsing (empty, single, multi, trims, case sensitivity, port match) and middleware behaviour (missing Origin allowed, allowlisted Origin allowed, unknown Origin rejected, "null" rejected, port mismatch rejected, disallowed Origin doesn't reach the handler). * fix(server): include published extension origin in default allowlist Pin the published BrowserOS extension origin in the static allowlist so the default install accepts the legitimate extension without requiring `BROWSEROS_TRUSTED_ORIGINS` to be populated. Additional origins (dev / alpha) keep working through the env override. * chore(server): trim .env.example comments * chore(server): drop redundant comments from cors helpers
BrowserOS is an open-source Chromium fork that runs AI agents natively. The privacy-first alternative to ChatGPT Atlas, Perplexity Comet, and Dia.
Use your own API keys or run local models with Ollama. Your data never leaves your machine.
Documentation · Discord · Slack · Twitter · Feature Requests
Quick Start
- Download and install BrowserOS — macOS · Windows · Linux (AppImage) · Linux (Debian)
- Import your Chrome data (optional) — bookmarks, passwords, extensions all carry over
- Connect your AI provider — Claude, OpenAI, Gemini, ChatGPT Pro via OAuth, or local models via Ollama/LM Studio
Features
| Feature | Description | Docs |
|---|---|---|
| AI Agent | 53+ browser automation tools — navigate, click, type, extract data, all with natural language | Guide |
| MCP Server | Control the browser from Claude Code, Gemini CLI, or any MCP client | Setup |
| Workflows | Build repeatable browser automations with a visual graph builder | Docs |
| Cowork | Combine browser automation with local file operations — research the web, save reports to your folder | Docs |
| Scheduled Tasks | Run agents on autopilot — daily, hourly, or every few minutes | Docs |
| Memory | Persistent memory across conversations — your assistant remembers context over time | Docs |
| SOUL.md | Define your AI's personality and instructions in a single markdown file | Docs |
| LLM Hub | Compare Claude, ChatGPT, and Gemini responses side-by-side on any page | Docs |
| 40+ App Integrations | Gmail, Slack, GitHub, Linear, Notion, Figma, Salesforce, and more via MCP | Docs |
| Vertical Tabs | Side-panel tab management — stay organized even with 100+ tabs open | Docs |
| Ad Blocking | uBlock Origin + Manifest V2 support — 10x more protection than Chrome | Docs |
| Cloud Sync | Sync browser config and agent history across devices | Docs |
| Skills | Custom instruction sets that shape how your AI assistant behaves | Docs |
| Smart Nudges | Contextual suggestions to connect apps and use features at the right moment | Docs |
Demos
BrowserOS agent in action
Install BrowserOS as MCP and control it from claude-code
https://github.com/user-attachments/assets/c725d6df-1a0d-40eb-a125-ea009bf664dc
Use BrowserOS to chat
https://github.com/user-attachments/assets/726803c5-8e36-420e-8694-c63a2607beca
Use BrowserOS to scrape data
https://github.com/user-attachments/assets/9f038216-bc24-4555-abf1-af2adcb7ebc0
Install browseros-cli
Use browseros-cli to launch and control BrowserOS from the terminal or from AI coding agents like Claude Code.
macOS / Linux:
curl -fsSL https://cdn.browseros.com/cli/install.sh | bash
Windows:
irm https://cdn.browseros.com/cli/install.ps1 | iex
After install, run browseros-cli init to connect the CLI to your running BrowserOS instance.
LLM Providers
BrowserOS works with any LLM. Bring your own keys, use OAuth, or run models locally.
| Provider | Type | Auth |
|---|---|---|
| Kimi K2.5 | Cloud (default) | Built-in |
| ChatGPT Pro/Plus | Cloud | OAuth |
| GitHub Copilot | Cloud | OAuth |
| Qwen Code | Cloud | OAuth |
| Claude (Anthropic) | Cloud | API key |
| GPT-4o / o3 (OpenAI) | Cloud | API key |
| Gemini (Google) | Cloud | API key |
| Azure OpenAI | Cloud | API key |
| AWS Bedrock | Cloud | IAM credentials |
| OpenRouter | Cloud | API key |
| Ollama | Local | Setup |
| LM Studio | Local | Setup |
How We Compare
| BrowserOS | Chrome | Brave | Dia | Comet | Atlas | |
|---|---|---|---|---|---|---|
| Open Source | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ |
| AI Agent | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
| MCP Server | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Visual Workflows | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Cowork (files + browser) | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Scheduled Tasks | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Bring Your Own Keys | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ |
| Local Models (Ollama) | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ |
| Local-first Privacy | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ |
| Ad Blocking (MV2) | ✅ | ❌ | ✅ | ❌ | ✅ | ❌ |
Detailed comparisons:
- BrowserOS vs Chrome DevTools MCP — developer-focused comparison for browser automation
- BrowserOS vs Claude Cowork — getting real work done with AI
- BrowserOS vs OpenClaw — everyday AI assistance
Architecture
BrowserOS is a monorepo with two main subsystems: the browser (Chromium fork) and the agent platform (TypeScript/Go).
BrowserOS/
├── packages/browseros/ # Chromium fork + build system (Python)
│ ├── chromium_patches/ # Patches applied to Chromium source
│ ├── build/ # Build CLI and modules
│ └── resources/ # Icons, entitlements, signing
│
├── packages/browseros-agent/ # Agent platform (TypeScript/Go)
│ ├── apps/
│ │ ├── server/ # MCP server + AI agent loop (Bun)
│ │ ├── agent/ # Browser extension UI (WXT + React)
│ │ ├── cli/ # CLI tool (Go)
│ │ ├── eval/ # Benchmark framework
│ │ └── controller-ext/ # Chrome API bridge extension
│ │
│ └── packages/
│ ├── agent-sdk/ # Node.js SDK (npm: @browseros-ai/agent-sdk)
│ ├── cdp-protocol/ # CDP type bindings
│ └── shared/ # Shared constants
| Package | What it does |
|---|---|
packages/browseros |
Chromium fork — patches, build system, signing |
apps/server |
Bun server exposing 53+ MCP tools and running the AI agent loop |
apps/agent |
Browser extension — new tab, side panel chat, onboarding, settings |
apps/cli |
Go CLI — control BrowserOS from the terminal or AI coding agents |
apps/eval |
Benchmark framework — WebVoyager, Mind2Web evaluation |
agent-sdk |
Node.js SDK for browser automation with natural language |
cdp-protocol |
Type-safe Chrome DevTools Protocol bindings |
Contributing
We'd love your help making BrowserOS better! See our Contributing Guide for details.
Agent development (TypeScript/Go) — see the agent monorepo README for setup instructions.
Browser development (C++/Python) — requires ~100GB disk space. See packages/browseros for build instructions.
Credits
- ungoogled-chromium — BrowserOS uses some patches for enhanced privacy. Thanks to everyone behind this project!
- The Chromium Project — at the core of BrowserOS, making it possible to exist in the first place.
License
BrowserOS is open source under the AGPL-3.0 license.
Copyright © 2026 Felafax, Inc.
Stargazers
Thank you to all our supporters!
Built with ❤️ from San Francisco