Is SafeCoBrowser open source?

Yes. SafeCoBrowser is open source under the AGPL-3.0 licence. The code is on GitHub at https://github.com/corleylun/flowbrowse.

Does SafeCoBrowser expose my cookies or passwords?

No. The agent only ever receives brokered, permission-gated tools — never your cookie store, saved passwords, or the browser profile on disk.

Is the AI always watching my browser?

No. The agent is off by default and sees nothing until you grant a permission mode for a specific tab. "Stop AI" revokes access instantly.

Which agents work with it?

Any MCP-compatible client. It is built for Claude Code and Codex, and also exposes a CLI over the same broker.

What is SafeCoBrowser?

SafeCoBrowser is an open-source AI co-browsing browser for macOS that lets you bring Claude Code, Codex, or any MCP agent into your logged-in browser — only when you allow it, per tab, with an instant kill switch and a full audit log.

How it works

SafeCoBrowser runs as a dedicated, isolated Chromium browser on your Mac — a normal browser you log into like Chrome. You connect your own AI agent (Claude Code, Codex, or any MCP client) over a local MCP server and CLI. The agent has no visibility by default. When you want help on a tab, you grant a permission mode; the agent only sees that tab, only from that moment forward, and only at the level you chose. Every click, fill, and script runs behind an approval card and is recorded.

What makes it different

Most "AI browsers" are always watching, or run a fresh automated browser that isn't your logged-in session. SafeCoBrowser inverts that: it is your real logged-in browser with a permission and audit layer bolted on top.

Off by default, no retroactive leak — enabling AI never exposes what happened while it was off (like your login).
Instant, real revoke — "Stop AI" fails all in-flight and future agent calls closed.
Bring your own agent over MCP + CLI — not a hosted cloud agent.
Hash-chained audit log of every action, exportable.
The agent never gets your cookies, passwords, or profile.

Permission modes

Off — the default; the agent sees nothing.
Read — read the page: URL, text, links, screenshots.
Inspect — inspect elements, read the console and network.
Assist — click and fill, each action behind your approval.
Developer — run JavaScript in the page, always approved.

Who it's for

Developers who already use Claude Code or Codex and want those agents to act on real, logged-in web apps — dashboards, admin panels, and tools with no API — without handing over an always-on, unaudited view of their browser.

FAQ

Is SafeCoBrowser open source?: Yes. SafeCoBrowser is open source under the AGPL-3.0 licence. The code is on GitHub at https://github.com/corleylun/flowbrowse.
Does SafeCoBrowser expose my cookies or passwords?: No. The agent only ever receives brokered, permission-gated tools — never your cookie store, saved passwords, or the browser profile on disk.
Is the AI always watching my browser?: No. The agent is off by default and sees nothing until you grant a permission mode for a specific tab. "Stop AI" revokes access instantly.
Which agents work with it?: Any MCP-compatible client. It is built for Claude Code and Codex, and also exposes a CLI over the same broker.

Download for macOS Read the docs