Agent Zero Release Notes

Office & Document Handling

• ODF-first document defaults — ODT, ODS, and ODP are now the primary formats for Writer, Spreadsheet, and Presentation artifacts. OOXML (DOCX, XLSX, PPTX) remains available as an explicit compatibility option. Includes full ODF package generation, validation, and read/edit support.
• Unified Office canvas controls — Active-file header shown in both canvas and modal views with a shared "+ New" menu, inline Save, and Rename/Close File from a document dropdown.
• Live document reload after edits — LibreOffice-backed documents now close and reopen the visible window after artifact edits instead of relying on a canvas repaint. Cold-start sessions from tool results are also supported.
• Reduced automatic document triggering — Meta-discussions about generated files no longer create artifacts; explicit file and canvas requests still work as expected.

Linux Desktop

• Persistent Desktop lifecycle — A single Xpra Desktop iframe stays alive across canvas, modal, and keepalive hosts. Explicit shutdown is distinguished from crashes via a new shutdown/restart state and an XFCE panel "Shutdown Desktop" launcher (requires confirmation click). Unsafe logout, lock, and switch-user affordances are hidden.
• Desktop state controls — New desktop_state helper, expanded desktopctl observe-act-verify commands, and Xpra bridge diagnostics. Agents now prefer structured/app-native/keyboard workflows and treat coordinate clicks as a last resort.
• Generalized CLI agent guidance — The Desktop skill now distinguishes shell prompts from target CLI prompts and uses a generic nested CLI-agent launch pattern (TARGET_CLI / FALLBACK_CMD) instead of tool-specific instructions.

Browser

• Stable modal switching — Switching from Desktop to Browser reuses existing sessions instead of opening a blank tab. A new Focus mode control in the Browser modal header matches Desktop's fullscreen/restore behavior.
• Explicit screenshot and form actions — New browser:screenshot action writes JPEG/PNG files for vision_load. Extended agent-callable input actions and a browser-forms on-demand skill for label-wrapped form controls.

UI & UX

• Unlimited canvas sizing — The fixed right-canvas width cap is removed; the panel can now shrink to zero or grow across the full workspace.
• Surface-switch buttons in modals — Browser/Desktop switcher buttons appear in modal headers using the same registered surface metadata as canvas controls.
• Time Travel modal alignment — Time Travel now uses the standard centered modal shell and shared backdrop, matching Settings behavior.
• Bash-style chat input history — Up/Down arrow navigation through previous chat inputs (based on community contribution). Down-arrow only triggers when the caret is at end-of-text, preserving normal multiline movement.

Infrastructure

• Pinned pyreqwest-impersonate at 0.5.3 — Avoids Docker build failures caused by the source-only 0.5.5 release requiring cmake to compile boring-sys-imp.

Release Notes

• Fixed PTY file descriptor leaks in code execution — POSIX PTY master descriptors are now properly closed when terminal sessions end, preventing /dev/ptmx descriptor exhaustion under sustained use. Additionally, closed or exited PTY sessions are detected before writes, with automatic retry/recovery on failure, and double-close of reused file descriptors is prevented through idempotent shutdown handling.

• Browser runtime recovers from stale Playwright contexts — Cached browser contexts that have already closed are now detected before reuse. Stale pages, screencasts, and interaction state are cleared, and the Playwright instance restarts cleanly on next use.

• Desktop URLs open in the Agent Zero Browser — Clicking URLs in the Xfce Desktop environment now routes them into the Browser tool on the opposite canvas/modal surface. Floating Browser and Desktop modals also pass through outside clicks while preserving interaction inside the modal window.

• Self-update no longer fails on broken symlinks — Dangling symlinks in /usr (e.g., host-created virtualenv links) are logged and skipped during backup, allowing updates to complete without aborting.

• Deferred Office/Desktop startup — The Desktop environment now starts only when the Desktop surface is opened or an Office document is created/opened, rather than eagerly on mount. A loading indicator provides immediate feedback while Xpra initializes.

• ARM64 Xpra codec gaps handled gracefully — Optional local Xpra GUI client packages are treated as best-effort on ARM64, so missing codec dependencies no longer surface as startup warnings when the browser-hosted Desktop is already functional.

Agent Zero Release Notes

Browser — Multi-Tab & Visual Improvements

• Multi-tab awareness: The browser now auto-registers tabs opened by sites (e.g. window.open, target=_blank, ctrl-click) and supports working across multiple tabs concurrently. A new multi action lets the agent fan out reads or coordinated mutations across tabs in a single tool call, with parallel execution for different browser instances.
• Modifier-key clicks and key chords: Support for ctrl-click, meta-click, and arbitrary key chords (Ctrl+A, Ctrl+C, etc.) through trusted Playwright input. Modifier clicks follow Chrome focus rules, with an optional focus_popup override.
• Shadow DOM content reading: The browser page-content helper now traverses open shadow roots and assigned slot nodes, improving inspection of modern component-heavy pages.
• Screenshot previews in tool messages: Browser tool results now render clickable live thumbnails that open the Browser canvas directly from chat.
• Clipboard shortcuts in visual mode: Copy, cut, paste, and common edit shortcuts are now bridged from the Browser modal and canvas into the Playwright runtime.
• Extension management: Extensions can now be uninstalled from the Browser settings page, and openable extension UI pages are detected and exposed with an Open button.
• Draggable annotation tray: The annotations recap tray can now be dragged within the browser stage.
• Cross-tab focus stability: Background browser actions no longer steal the viewer focus; only explicit interactions promote a tab.

Desktop & Office — New LibreOffice Desktop Runtime

• LibreOffice replaces Collabora: The Collabora/WOPI runtime has been removed and replaced with a Markdown-first document store backed by LibreOffice, an Xpra virtual desktop gateway, and a persistent XFCE desktop session. Existing containers acquire dependencies through normal install hooks.
• Desktop document canvas: The Office panel is now a Desktop surface — Markdown documents use a custom tabbed editor, while DOCX, XLSX, and PPTX files open in full LibreOffice sessions via Xpra. The canvas is opt-in and hidden on mobile layouts.
• Linux Desktop skill: A new skill teaches Agent Zero to operate the XFCE/Xpra desktop, including app launch, focus, click, typing, cell editing in Calc, and stable folder entry points for Workdir, Projects, Skills, Agents, and Downloads.
• PPTX generation: PowerPoint decks are now generated through the Office plugin writer with visible multi-slide content.
• Document rename: A rename action beside Save lets you rename open Office documents, retargeting active LibreOffice sessions to the new path.
• Xpra viewport stability: Resizing, modal-to-canvas docking, keyboard focus capture, cursor rendering, and clipboard bridging have all been hardened for reliable Desktop sessions.
• Desktop habitat README: New Desktop sessions include a curated README explaining the habitat concept and useful terminal commands.
• Polished Desktop defaults: Thunar shows hidden files by default; default Xfce Mail Reader and Web Browser menu entries are hidden.

File Browser

• Search and bulk actions: A new toolbar provides current-folder search, visible selection with status, and bulk copy-paths, ZIP download, and delete operations.
• Directory ZIP downloads: Folders can now be downloaded as ZIP archives directly from the file browser.

UI & Navigation

• Time Travel is modal-only: Time Travel now lives under Files in the sidebar dropdown and no longer registers a right-canvas surface.
• Sidebar polish: Remote Link and Space Agent moved into the sidebar dropdown; Scheduler UI renamed to Tasks; Chat Actions collapsed behind a persisted dropdown accordion.
• Canvas close button: An explicit close button has been added to the right canvas toolbar.

Fixes & Reliability

• Project-level plugin config fallback: Per-project plugin config overrides (including _model_config) now work correctly for all agent profiles, not just wildcard/empty ones.
• Skills selector unloading: Dynamically loaded skills are now properly removed when deactivated; skill names and paths resolve consistently as aliases.
• Time Travel snapshot resilience: Workspace .gitignore rules can no longer break snapshots; invalid shadow Git repositories are automatically repaired or quarantined and reinitialized.
• Canvas Markdown rename: Dirty or unsaved Markdown sessions can now be renamed without filesystem errors.
• Browser and Office canvases are opt-in: Tool results no longer auto-open the Browser or Office canvas; explicit user actions are required.

Integrations

• Venice embedding provider: Added Venice as an embedding provider option.
• OAuth disconnect and quota visibility: Users can disconnect their OpenAI/ChatGPT OAuth account, and remaining Codex usage quota with reset timing is now shown in OAuth settings.

Agent Zero v1.10

Highlights

• New built-in Browser — Replaces the legacy browser-use agent with a direct Playwright-powered browser, live WebUI viewer with CDP screencast streaming, floating/dockable canvas panel, tab management, Chrome extension support, annotation mode (Cmd/Ctrl+.), and persistent Chromium runtime. The old _browser_agent plugin has been extracted as a community plugin via the Plugin Index.

• ChatGPT/Codex Account OAuth — Connect your existing OpenAI Codex plan through a device-code OAuth flow. Agent Zero exposes a local OpenAI-compatible wrapper so LiteLLM can use account-backed models without a separate API key. Includes SSE streaming support and a discovery banner in the integrations UI.

• Time Travel workspace history — Shadow Git snapshots for /a0/usr workspaces with history, diff, preview, travel, and revert APIs. Debounced via the existing watchdog (one snapshot per workspace every 10 seconds). Replaces the earlier _diff_viewer plugin.

• Universal Canvas & dockable panels — Browser and Office surfaces can run in the right canvas or as floating modals. Automatic canvas handoffs open Office documents and Browser sessions from tool results. Right-canvas rail redesigned as a centered floating socket to preserve chat space.

• Office canvas — Read/edit support for DOCX, XLSX, and PPTX artifacts with version history, native XLSX chart creation (line/bar/pie/OHLC/etc.), file tabs with session switching, document card dashboard with previews, and tighter auto-handoff rules to avoid false positives.

• Agent Profile switcher — Profiles are now context-scoped and switchable from the chat composer. A guided creation wizard (a0-create-agent skill) walks through scope, behavior, and prompt overrides with a structured blueprint flow.

• Project-scoped LLM presets — Assign LLM presets per project; chat/utility settings copy into project-scoped config while embedding settings follow the effective global config.

Security

• CVE-2026-32871 remediation — FastMCP upgraded to 3.2.4 and MCP to 1.27.0 to fix an OpenAPI path-parameter traversal vulnerability. Regression test added for path-encoding safety.

Connector & Remote Tools

• Execution config (exec_config) is now sent in the connector WebSocket hello, removing the implicit host-side Core dependency and fixing Windows remote execution.
• Stale-read protection added to remote text editing (freshness checks before patch operations).
• Remote tool guidance is lazy-loaded as skills and gated on actual CLI capabilities instead of always injected.
• Shell write actions blocked in read-only mode.

Text Editor

• Context-based patch_text support added to the Docker-local text editor, sharing validation and freshness logic with the remote editor while preserving legacy line-number edits.

UI & Settings

• API key fields moved out of collapsed Advanced Settings into the main model form.
• Active model names shown in the chat model switcher (refreshed on settings save).
• Plugin Hub gains a "New" filter (last 14 days) with newest-sort and badge styling.
• Plugin settings modal title now shows the active plugin name.
• Settings and modals restyled with a left-rail layout, clearer hierarchy, and advanced disclosures.
• Onboarding progression improved for Main/Utility model setup.
• Email integration reworked with provider-first selection and guided defaults.
• Remote Link / tunnel UX refreshed with QR/mobile affordances.
• Active skills cap raised to 20 with a simpler checklist UI.
• Voice/STT transcription fix — text now correctly appears in the chat input via Alpine store.

Integrations & Infrastructure

• Telegram and WhatsApp integration config persistence and project binding fixed.
• SearXNG wikidata engine disabled to prevent Docker bootstrap failure.
• Socket.IO disconnect handler updated to accept the reason parameter (python-socketio ≥5.14.2 compat).
• Tool request validation crash on non-canonical field names fixed.

Breaking Changes

• _browser_agent removed from core — Users relying on the browser-use-based agent will be able to install it from the Plugin Index as a community plugin after its release.
• browser-use Python dependency removed — No longer bundled; only needed if using the community plugin.
• Image attachments stored as path refs — Vision and computer-use captures are now file-path references in history; inline base64/data-URL attachments are rejected on the connector WebSocket path.
• FastMCP 3.x — Upgraded from 2.x; plugins using FastMCP internals may need updates.

Agent Zero – Release Notes

Key highlights: skill selector UI, memory hardening, and tool-arg validation fixes.

• Built-in Skills Selector – A new plugin accessible from the chat input + menu lets you browse and activate available skills directly in the current context or project. Default configs now allow skills to be active from the start, saving time and tokens on setup.

• Memory hardening – FAISS index integrity is now verified via a SHA-256 sidecar file (index.faiss.sha256), written on every save. Filter evaluation in memory_load is hardened with an allowlist, length cap, and restricted simple_eval execution. Consolidation scoring now uses real relevance scores with best-score deduplication by memory ID. Input history is truncated before sending to the utility model to prevent context overflows.

• Tool argument validation fix – validate_tool_request previously crashed on any tool call that passed an empty tool_args dict (e.g. scheduler list_tasks, health checks) because an empty dict is falsy. The check is now a proper key-existence test, restoring correct behaviour for all no-argument tool calls.

Agent Zero – Release Notes

Prompt & Model Guidance Overhaul

• Adopted compact default prompts across the core stack, plugin-owned prompts, and the agent0 overlay — default assembled prompt now sits under ~3 000 tokens while retaining all key guardrails
• Restored essential tool-call JSON examples, communication/solving/tips guidance, and the agent0 profile after earlier over-aggressive trimming caused regressions with frontier models
• Added strict JSON guidance to steer models toward treating the closing brace as an end-of-sequence signal, and defaulted response style to concise with expansion on demand
• Removed the obsolete a0_small profile; tool-call knowledge reference renamed to a generic framework file
• Added a regression test that verifies the assembled default prompt stays within the token budget and retains critical guardrails

Early Tool Dispatch via Streaming JSON Detection

• Tool calls are now dispatched as soon as the first fully closed top-level JSON object is detected in the model stream — the stream is stopped at that point rather than waiting for all remaining tokens
• DirtyJson parser gains a completed flag that signals when the root structure is explicitly closed (not merely at end-of-file), enabling safe early extraction
• Extraction is restricted to brace-delimited objects, matching the shape of all tool calls

Plugin Discovery Cards on Welcome Screen & Onboarding

• A new always-enabled _discovery plugin adds a discovery surface to the welcome/dashboard screen, surfacing the Plugin Hub and integrations (Telegram, Email, WhatsApp) via feature cards
• Cards include persistent dismiss/restore state and CTA routing to the relevant plugin config screens
• Discovery cards are integrated into the final onboarding step so new users see integration opportunities immediately after setup
• Cards are hidden while the missing-API-key onboarding banner is visible to reduce noise during initial configuration
• Implemented entirely through the existing WebUI extension mechanism with no core welcome-screen changes

Bug Fixes

• Fixed a crash during config retrieval when a plugin directory cannot be found — get_plugin_config and get_default_plugin_config now return early instead of passing a None path to the filesystem layer

• WhatsApp integration plugin — New plugin connecting Agent Zero to WhatsApp via a Baileys JS bridge with QR/pairing-code setup. Supports self-chat and dedicated (bot account) modes, group chat with mention detection, quoted replies, media/attachment handling, typing indicators, Markdown-to-WhatsApp formatting, and account disconnect/switch.
• WhatsApp: self-chat is now the default mode — Default changed from dedicated to self-chat; a warning banner is shown when allowed_numbers is empty in this mode.
• WhatsApp: allowed-numbers filtering moved to Python — Phone number filtering now happens in the Python poll handler (reading config fresh each cycle) rather than the JS bridge, fixing a bug where LID-based matching never worked.
• WhatsApp: improved bridge reliability — Corrupt or missing node_modules are detected and automatically reinstalled; the poll loop stops after 5 consecutive bridge failures instead of spamming errors; Node.js absence halts the loop immediately; bridge restarts automatically when configuration changes.
• WhatsApp: storage paths centralized — Session and media files moved from usr/whatsapp to tmp/whatsapp via a new storage_paths.py helper; paths are now consistent across all modules.
• Settings: API keys no longer overwritten on save — Saving general settings no longer clobbers API keys that were set via the Configure Models dialog.
• Settings: model config UI fixes — Restored provider fallback and empty option for utility preset; extracted a reusable model-field component and unified API key lifecycle handling.
• UI server restructuring — Server setup extracted into a UiServerRuntime class with modular initialization; environment config, route registration, and transport handlers moved to helpers/ui_server.py.
• Update system enhancements — Added released_at timestamp tracking for git tags and branch heads; new get_current_major_main_latest_info finds the latest same-major version on the main branch; major_upgrade_versions and main_branch_latest fields added to the update info payload.

Agent Zero – Release Notes

Onboarding, plugin hub improvements, and model config enhancements

• Onboarding flow for missing API keys – A new onboarding experience guides users when no API key is configured. A banner in the chat composer surfaces the missing-key status directly, replacing a dedicated backend status endpoint.
• Model config presets – A model switcher component is now available in the chat input area, with support for active preset/model retrieval from the model config store.
• Agent progress in chat input – Agent progress is shown as ghost text in the chat input placeholder for better at-a-glance awareness.
• Parallel plugin scans – The serialized scan queue has been removed; plugin scans now run in parallel, each in its own temporary chat context. The "queued" state has been removed from the UI and store.
• Sanitized plugin markdown rendering – Plugin READMEs and docs are now rendered through a shared safe-markdown pipeline using DOMPurify, preventing unsafe HTML from reaching the page. GitHub README link and image rebasing (including releases routes) is now centralized and applied consistently across the Plugin Hub, installed plugin README, and markdown modal docs.
• Fixed plugin README image paths – README images and links are correctly rebased to GitHub blob/raw paths, fixing broken images in plugin documentation.

v1.1

Covers changes from the v0.9.8 series through the current v1.5 state, including the v0.9.9 work that landed along the way.

• Agent Zero now has a real plugin platform: developers can build and ship functionality independently of the core, with a large refactor that makes more of the framework extensible through plugins, hooks, and user-side development instead of core-only changes.
• The new Plugin Hub brings an app-store-like workflow for discovery, installation, configuration, validation, scanning, README viewing, thumbnails, scoped toggles, and safer plugin management.
• Core extensibility was expanded across prompts, tools, secrets, APIs, model providers, lifecycle hooks, file watching, and other internal systems, making custom integrations and deeper framework extensions much easier to build and maintain.
• New communication integrations: built-in Email and Telegram plugins with config UIs, attachment handling, dispatcher and model routing, notifications, group-chat support, and a long round of reliability fixes.
• Model and prompt architecture upgrades: model presets and search, per-chat model switching, browser-agent model simplification, OpenRouter and provider fixes, the PromptInclude plugin, and related configuration improvements.
• Self-update and release-flow improvements: native Git-based self-update, stronger tag validation and remote tag fetching, better disconnect handling in the update UI, and the simplified release tag format from vX.Y.Z to vX.Y.
• UI and chat improvements: chat-branching fixes, expanded ALL-mode responses, taller chat input, sidebar and header cleanup, quick-action redesign, plugin and settings modal polish, and more stable WebSocket and frontend cache behavior.
• Security and reliability hardening: CSRF fixes for HTTPS and Chromium, dependency security pins, secret masking in code-execution output, safer plugin warnings, cross-device file move fixes, improved email whitelist handling, and cleaner retry and exception handling.
• Core framework refactors: broad Python, API, and helper cleanup, extension-system rework, routing and caching improvements, generic tool-output update hooks, and extraction of more capabilities into built-in plugins.
• Ongoing polish across the project: welcome-banner and default-preset cleanup, browse and extract improvements, built-in plugin branding and docs refreshes, project-doc fixes, and a fix for skills_tool loading when loaded_skills is uninitialized.