LvcidPsyche/auto-browser

v1.1.1 Breaking

This release includes 2 breaking changes for platform teams planning a safe upgrade.

Published 17d MCP Browser & Automation

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agent ai-agents browser-automation claude docker fastapi

+6 more

llm local-first mcp novnc playwright self-hosted

Affected surfaces

auth

ReleasePort's take

Light signal

editorial:auto 9d

Legacy compliance template names are now deprecated and emit a startup warning; policy presets have been renamed to neutral severity levels 'strict' and 'balanced'.

Why it matters: Deprecation triggers warnings on legacy preset names, requiring updates before removal. Adopt the new 'strict' and 'balanced' preset naming for future compatibility.

Summary

AI summary

Policy presets renamed from compliance templates with deprecation warnings and removal of the unused "open" preset.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	Policy presets renamed to neutral severity presets 'strict' and 'balanced'. Policy presets renamed to neutral severity presets 'strict' and 'balanced'. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Read-only harness tools added to curated MCP profile. Read-only harness tools added to curated MCP profile. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Feature	Medium	Session isolation audit published in docs/session-isolation-audit.md. Session isolation audit published in docs/session-isolation-audit.md. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Feature	Medium	Convergence harness positioning restored in README as top-line feature. Convergence harness positioning restored in README as top-line feature. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Dependency	Medium	GitHub Sponsors wiring enabled via .github/FUNDING.yml. GitHub Sponsors wiring enabled via .github/FUNDING.yml. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Deprecation	Medium	Legacy compliance template names deprecated with startup warning. Legacy compliance template names deprecated with startup warning. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Refactor	Medium	LICENSE attribution updated to JAI Studios. LICENSE attribution updated to JAI Studios. Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—

Full changelog

Patch release. Bundles the policy-preset rename, curated harness inspection tools, funding wiring, LICENSE attribution to JAI Studios, and a public session-isolation audit.

Highlights

Policy presets, not compliance templates. HIPAA/PCI-DSS/SOC2/GDPR were liability theater on a two-month-old MIT repo. Renamed to neutral severity presets strict and balanced. Legacy names still boot as deprecated aliases with a startup warning.
Read-only harness tools in the curated MCP profile. harness.list_runs, harness.get_status, harness.get_trace now ship in the default tool surface so agents can introspect convergence runs. Convergence runs, drift checks, candidate management, and graduation still gate behind MCP_TOOL_PROFILE=full.
Session isolation audit published. docs/session-isolation-audit.md walks per-session boundary handling across shared_browser_node and docker_ephemeral modes. TL;DR: browser-level state is isolated via browser.new_context(); auth profiles are copied per session; the only real shared surface in the default mode is the takeover plane and process kernel state, both upgradable via docker_ephemeral.
GitHub Sponsors wired. .github/FUNDING.yml enables the Sponsors widget on the repo. Tip pointers consolidated in TIPS.md.
LICENSE attribution updated to JAI Studios.
Restored convergence harness positioning in the README as a top-line feature rather than an experimental footnote.

Compatibility

No behavior change for existing deployments beyond the deprecation warning when using the legacy compliance template names. Switch COMPLIANCE_TEMPLATE=HIPAA to COMPLIANCE_TEMPLATE=strict to clear the warning.
The open preset added during the rename pass has been removed; it was never advertised. If you set it, switch to leaving COMPLIANCE_TEMPLATE unset.

See CHANGELOG.md for the full notes.

Breaking Changes

Removed the unused `open` preset for `COMPLIANCE_TEMPLATE`.
Renamed compliance template presets (`HIPAA`, `PCI-DSS`, `SOC2`, `GDPR`) to neutral severity presets `strict` and `balanced`; legacy names are deprecated aliases that trigger a startup warning.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track LvcidPsyche/auto-browser

Get notified when new releases ship.

About LvcidPsyche/auto-browser

Give your AI agent a real browser — with a human in the loop. Open-source MCP-native browser agent.

All releases →