Tandem Browser v0.72.2

Tandem Browser v0.72.2

This is a source-only release. No binaries are attached.

Since v0.69.1, Tandem has moved forward in three main areas: tab-scoped reliability, explicit human↔agent handoffs, and version/documentation consistency.

Highlights

• Added explicit durable handoffs across HTTP API, MCP, events, and the Wingman Activity UI
• Added task-linked handoff actions for ready, resume, approve, and reject
• Improved closed-panel Wingman attention so open handoffs remain visible without popup/audio spam
• Fixed /wingman-alert follow-through so it no longer steals the human into the agent workspace by default, and opens Wingman on Activity when responding to handoffs
• Fixed standalone waiting_approval handoffs so Approve and Reject work even without a linked paused task step
• Strengthened tab-scoped DevTools, network inspection, interaction confirmation, and fill/typing replacement semantics
• Synced package, MCP, runtime, and repo-doc version metadata to v0.72.2
• Published updated repo skill guidance so users pulling skill/SKILL.md get the current Tandem runtime model

Notable changes included in this release

Handoffs and Wingman

• Durable handoff persistence with explicit statuses: needs_human, blocked, waiting_approval, ready_to_resume, completed_review, and resolved
• New handoff routes and MCP tools for create, list, get, update, resolve, activate, ready, resume, approve, and reject flows
• Wingman Activity inbox now shows context-aware actions and better persistent attention cues when the panel is closed

Interaction reliability

• Tab-scoped DevTools and network inspection now report explicit scope more reliably
• Click, fill, snapshot-ref, and keyboard actions now return richer completion and post-action metadata
• Filled inputs now use deterministic replacement semantics instead of caret-dependent append behavior
• Label locator fallback and focus-shift confirmation were tightened for dynamic pages

Docs and metadata

• README, PROJECT, TODO, landing page, package metadata, and MCP version reporting are aligned again
• scripts/check-consistency.js now catches future version drift automatically
• skill/SKILL.md reflects the current MCP-first / durable-handoff Tandem runtime model

Validation

• npx tsc
• npx vitest run
• live Tandem validation of the new handoff flow

Tandem Browser v0.69.1 — 231 MCP tools, full API parity

Tandem Browser v0.69.1

The MCP release. Tandem now speaks MCP with 231 tools — full parity with the 300+ endpoint HTTP API. Any AI agent that supports MCP (Claude Code, Claude Desktop, Cursor, Windsurf, Ollama, or custom) can plug in and control the browser.

Highlights

• MCP server: 24 → 231 tools across 29 modular files covering every HTTP API endpoint
• Agent-first positioning — Tandem is no longer OpenClaw-only; any MCP or HTTP agent works
• Full API parity — navigation, tabs, snapshots, devtools, network, sessions, workspaces, bookmarks, history, passwords, forms, workflows, extensions, media, and more
• Type coercion — centralized z.preprocess() fix ensures boolean/number params work across all MCP clients

New Features

• Chrome-style URL bar autocomplete from browsing history
• Keyboard input tools (press_key, press_key_combo) with new HTTP endpoints
• Live HTML preview tools — create and update pages in the browser with instant reload
• Workspace emoji icons — emoji strings render in the sidebar
• 231 MCP tools organized in 29 modular files matching the API route structure

Bug Fixes

• Preload sandbox fix — esbuild bundling for Electron sandbox compatibility
• Dark mode rendering — disabled Chromium's forced dark mode on websites
• Google CookieMismatch — restored real Electron UA for Google auth, fixed cookie partitioning
• Stealth UA auto-sync — dynamic Chrome version from process.versions.chrome instead of hardcoded v131
• MCP logging — routed to stderr to prevent protocol corruption
• History date formatting — fixed field name mismatch
• URL autocomplete auth — added missing Bearer token

Security

• Updated electron 40.6.0 → 40.8.5 (17 alerts)
• Updated hono, @hono/node-server, lodash (11 alerts)
• Fixed brace-expansion and path-to-regexp
• All 28 Dependabot alerts resolved → 0 vulnerabilities

Documentation

• README refreshed for post-launch clarity with tool categories table
• All docs updated from "OpenClaw-first" to "agent-first" positioning
• SKILL.md now documents MCP as primary connection method
• CHANGELOG fully documented

Breaking Changes

None. All existing HTTP API endpoints continue to work unchanged.

Connecting Your Agent

{
  "mcpServers": {
    "tandem": {
      "command": "node",
      "args": ["/path/to/tandem-browser/dist/mcp/server.js"]
    }
  }
}

Start Tandem, connect your agent, and 231 tools are available immediately.

Tandem Browser v0.67.0

What's new since v0.62.16

v0.67.0 — AI Agent Workspace API

AI agents now get their own dedicated workspace. OpenClaw (or any AI agent) can create and use a separate workspace in Tandem to open, manage, and persist tabs autonomously — completely isolated from the user's browsing.

When the agent hits a captcha or needs human help, it calls POST /wingman-alert with workspaceId and Tandem automatically switches to the agent's workspace so the user can take over immediately.

• POST /tabs/open now accepts workspaceId to assign tabs directly to a workspace
• POST /workspaces/:id/activate — switch the active workspace via API
• POST /workspaces/:id/tabs — move an existing tab into a workspace
• POST /wingman-alert now accepts optional workspaceId

v0.66.0 — Background Tab Targeting via X-Tab-Id

Inspect background tabs without stealing focus from the user.

• X-Tab-Id header support on GET /snapshot, GET /page-content, GET /page-html, POST /execute-js, POST /wait, GET /links, GET /forms
• Snapshot refs now remember which tab produced them — ref follow-up actions stay on the correct tab
• skill/SKILL.md updated with current API model and ClawHub frontmatter
• Fix: error handling in /find/click and /find/fill routes

v0.65.0 — Prompt Injection Guard (Layer 8)

Browser-level AI content defense. Tandem now scans agent-facing content routes for prompt injection attempts before forwarding content to the agent.

• Routes scanned: /snapshot, /page-content, /snapshot/text, /execute-js
• Responses include injectionWarnings when suspicious content is detected
• High-risk pages return blocked: true — content is not forwarded to the agent
• Override via POST /security/injection-override when needed
• Multiple CodeQL hardening fixes for HTML/JS escaping

v0.64.x / v0.63.x — Session Inheritance, Fixes and Polish

• inheritSessionFrom on POST /tabs/open — copies cookies, localStorage, and IndexedDB from source tab, preserving login state (e.g. Discord, LinkedIn) in new tabs
• Fix: V8 heap limit increased to 4GB to prevent OOM crashes on memory-heavy SPAs
• Fix: Linux main process blocking + sidebar overflow
• Fix: zhipin.com added to stealth skip list (bypasses bot detection)
• UI/UX polish pass — 18 fixes across shell, sidebar, settings, screenshots
• Linux CI and sidebar stability improvements
• Dependency updates (xmldom, flatted)

---

Source code only. No binaries yet.

Tandem Browser v0.62.16

Tandem Browser v0.62.16

Fixed

• Restored stock OpenClaw Wingman chat so Tandem no longer depends on a local tandem-chat bridge or /chat polling workaround
• Tandem now signs a real OpenClaw device identity for the Wingman gateway handshake
• Wingman chat uses the official OpenClaw gateway send/receive path and persists replies into Tandem chat history
• Updated the OpenClaw chat client to handle the current gateway response frames and report honest connection state in the panel
• Satisfied the CodeQL rate-limit gate for the OpenClaw config/connect endpoints

Docs

• Updated the public README and TODO version references to v0.62.16
• Clarified that stock Wingman chat only needs the local OpenClaw gateway and ~/.openclaw/openclaw.json

Notes

• This GitHub release is source-only for now
• The old files in release/ are historical 0.1.0 artifacts and were intentionally not attached to this release

Tandem Browser v0.62.4

v0.62.4 — Lint fixes

Patch release fixing two lint errors in v0.62.3:

• Removed unused detectBackend import in IPC handlers
• Fixed async Promise executor in speech-transcriber (no-async-promise-executor)

All features from v0.62.3 are included. CI is now green ✅

See v0.62.3 release notes for the full changelog.

Tandem Browser v0.62.3

What's New in v0.62.3

🎤 Native Voice-to-Text (macOS)

• Added mic button in Wingman chat — records audio and transcribes via Apple Speech Framework
• On macOS the button is hidden (use system dictation Fn+Fn instead — it's better!)
• On Linux: Whisper fallback for offline transcription
• Swift binary bundled: native/speech/tandem-speech

🌙 Light Theme — Full Support

• Tab bar, toolbar, bookmarks bar now correctly switch to light colors
• Wingman panel, settings, help, bookmarks, newtab pages all theme-aware
• Fixed dark gap between webview and wingman panel in light mode
• Settings page now applies theme on load (not just on change)
• Removed deprecated "Wingman panel position" setting

🔧 Bug Fixes

• Fixed GitHub dashboard not loading (github.githubassets.com now trusted)
• Fixed recording overlay not showing (source variable guard in video-recorder)
• Fixed recording corruption on force-stop — now converts webm→mp4 on app quit
• Fixed panel toggle feedback loop (flickering)
• Fixed chat backend selector crash after UI cleanup
• Webhook secret auto-syncs with OpenClaw on every startup (not just when empty)
• Added /devtools/shell API endpoint for debugging the browser shell

🔒 Security

• Added Google APIs to trusted script domains (apis.google.com, gstatic.com)
• Added Google WebSocket endpoints to KNOWN_WS_SERVICES
• OutboundGuard bypass for known Google API domains
• autoplay-policy: user-gesture-required logged as BUG-008 (fix pending)

📝 UI / UX

• Wingman chat: Claude/Both backend tabs removed — Wingman only
• Panel open state synced to backend for notification suppression
• GitHub profile README created (github.com/hydro13)
• Live HTML preview system: Tandem landing page built and deployed

Full changelog: See CHANGELOG.md
From: v0.59.4 → v0.62.3 (38 releases in one day 🚀)

v0.57.21 — Security model refinement & daily browsing fixes

Security model refinement — daily browsing fixed, real threats still caught

This release addresses a series of false positives in the security stack that made normal browsing impractical, and adds background tab API access for OpenClaw agents.

Security fixes

• Script analysis containment removed — ScriptGuard was triggering containment popups on virtually every news site and SPA because minified/obfuscated JavaScript scored high on threat rules. Script analysis now logs anomalies and reports to the gatekeeper channel, but does not activate containment. Containment still activates on confirmed behavioral signals (crypto miner CPU patterns, sustained WASM activity via BehaviorMonitor).

• LinkedIn fully unblocked — Three separate layers were blocking LinkedIn:

  • NetworkShield blocklist contained ads.linkedin.com and snap.licdn.com, causing the parent domain check to block all of linkedin.com
  • Gatekeeper was blocking scripts from static.licdn.com due to low trust score on first visit
  • ScriptGuard rule engine was running on trusted CDN domains and triggering containment on LinkedIn's minified JS
  • Fixed by adding an explicit domain allowlist in NetworkShield, a trusted script domain list in Guardian, and skipping the rule engine for known CDN domains in ScriptGuard

API improvements

• X-Tab-Id header support — GET /page-content, GET /page-html, and GET /snapshot now accept an X-Tab-Id request header to target a specific background tab without changing focus. Background tab content extraction uses DevTools Runtime.evaluate instead of executeJavaScript to avoid hangs on non-active tabs.

UX fixes

• Sidebar links now open in new tab — Links clicked inside sidebar webviews (Telegram, WhatsApp, etc.) were silently denied. They now open in a new Tandem tab as expected.

Docs

• Added hero screenshot and browser interaction screenshot to README
• Security model description moved to top of README per maintainer feedback

Tandem Browser v0.57.13

Tandem Browser v0.57.13 is the second public developer preview release.

What's new since v0.57.9

Security hardening (CodeQL-driven, 3 passes):

• XSS/ReDoS fixes in API server, shell renderer, and OAuth callback
• Path injection hardening across extension loader, chrome importer, and native messaging proxy
• Prototype pollution fix in task manager
• Modulo bias removed from password generation
• Shared security helpers in src/utils/security.ts (URL validation, path root containment, HTML escaping)
• Rate limiting added globally and on sensitive routes
• DOM-only rendering for new tab page and bookmarks (no more innerHTML with user content)
• Google Photos callback no longer reflects error text back into HTML
• Type-loop bounds added for CodeQL loop-bound findings

CI and repo hygiene:

• CodeQL scanning workflow added (runs on push, PR, and weekly schedule)
• Dependency security alerts resolved (tar, hono, yauzl)
• Lint warnings cleared across the full source tree
• Verify CI badge and CodeQL badge in README
• GitHub topics, homepage, and PR template added

Status

• primary platform: macOS
• secondary platform: Linux
• local API on 127.0.0.1:8765 (Bearer auth required)
• intended for maintainers, contributors, and serious testers
• not yet a polished end-user production release

Start here

• README: https://github.com/hydro13/tandem-browser#readme
• Changelog: https://github.com/hydro13/tandem-browser/blob/main/CHANGELOG.md
• Tandem skill for OpenClaw: https://github.com/hydro13/tandem-browser/blob/main/skill/SKILL.md

Tandem Browser v0.57.9

Tandem Browser v0.57.9 is the first public developer preview release of Tandem as a first-party OpenClaw companion browser.

Highlights:

• OpenClaw-first positioning and contributor-facing public docs cleanup
• refreshed Tandem skill for OpenClaw installations
• green verify baseline and clean lint state
• GitHub security hardening: secret scanning, push protection, Dependabot, CodeQL
• dependency alert cleanup across the current tree

What to expect:

• primary platform: macOS
• secondary platform: Linux
• local API on 127.0.0.1:8765
• intended for maintainers, contributors, and serious testers
• not positioned yet as a polished end-user production release

Start here:

• README: https://github.com/hydro13/tandem-browser#readme
• Changelog: https://github.com/hydro13/tandem-browser/blob/main/CHANGELOG.md
• Tandem skill: https://github.com/hydro13/tandem-browser/blob/main/skill/SKILL.md