# SafeCoBrowser

SafeCoBrowser is an open-source AI co-browsing browser for macOS. It lets developers bring their own AI agent — Claude Code, Codex, or any MCP-compatible client — into a real, logged-in browser session through MCP and a CLI. The agent is **off by default**: it sees nothing until the user grants a permission mode for a specific tab, every click/fill/script runs behind approval, a single "Stop AI" kill switch revokes access instantly, and every action is written to a hash-chained audit log. The agent never receives your cookies, saved passwords, or the browser profile on disk. Part of the FlowStations local-first developer-tools family.

## Best one-line description

Open-source AI co-browsing browser for macOS. Bring your own AI agent (Claude Code / Codex / any MCP client) into your logged-in browser — off by default, per-tab permission, instant kill switch, full audit log. Local-first, your cookies and passwords never leave the machine.

## Key pages

- Product: https://flowstations.net/safecobrowser
- What is SafeCoBrowser: https://flowstations.net/safecobrowser/what-is/
- Docs (agent & CLI reference): https://flowstations.net/safecobrowser/docs
- Claude Code quickstart: https://flowstations.net/safecobrowser/claude-code-quickstart/
- Codex quickstart: https://flowstations.net/safecobrowser/codex-quickstart/
- Open-source AI browser with MCP support: https://flowstations.net/safecobrowser/open-source-ai-browser-mcp/
- Best AI browser for Claude Code: https://flowstations.net/safecobrowser/best-ai-browser-for-claude-code/
- Download (macOS): https://flowstations.net/downloads/SafeCoBrowser.zip
- GitHub: https://github.com/corleylun/flowbrowse

## What makes it different

- **Off by default, no retroactive leak.** Enabling AI on a tab never exposes what happened while it was off (e.g. your login).
- **Per-tab permission modes:** Off, Read, Inspect, Assist (click/fill behind approval), Developer (run JavaScript, always approved).
- **Instant, real revoke.** "Stop AI" bumps a session epoch re-checked at execution time, so in-flight and future calls fail closed.
- **Bring your own agent over MCP + CLI** — not a hosted/cloud agent, not an always-on browser.
- **Hash-chained, exportable audit log** of every action.
- **Isolated containers** — a clean room per client or project.
- **Record reusable recipes** — replay them, or let your agent read them as how-tos.
- **The agent never gets your cookies, passwords, or profile.**

## Use cases

- Let Claude Code read and act on a logged-in dashboard, admin panel, or web app — with your approval per action.
- Let Codex automate repetitive browser workflows inside your real session.
- Summarise pages, compare listings, draft replies, extract data from tools that have no API.
- Keep an auditable record of everything an AI agent did in the browser.

## How it compares

- vs Browser Use / Playwright MCP: those drive a fresh automated browser context; SafeCoBrowser uses *your* real logged-in browser with an explicit, revocable permission + audit layer on top.
- vs OpenAI Operator / remote browser agents: those run a browser in the cloud with a fixed agent; SafeCoBrowser runs locally on your Mac, with the agent of your choice, off by default, open source.

## Important terms

AI co-browsing browser, AI browser, MCP browser, Claude Code browser, Codex browser, logged-in browser automation, browser agent, agentic browser, user-controlled AI browsing, open-source AI browser for macOS.

## Licence

Open source under AGPL-3.0.