Releases: acunningham-ship-it/veilbrowser
Release list
v0.2.0 — FedCM (federated one-tap sign-in)
Agents get walled out of Google-SSO apps because "Sign in with Google" one-tap and navigator.credentials.get({identity}) render their account chooser as native browser UI — the button is a cross-origin IdP iframe and the chooser is browser chrome, so no synthetic click can reach either. Veil now drives it over CDP's FedCM domain.
New — FedCM
Page:enableFedCm({autoSelectFirst}),waitForFedCmDialog(),selectFedCmAccount(),dismissFedCm(),disableFedCm(), and a one-callsignInWithFedCm({triggerRef}).- MCP:
veil_fedcm_enable+veil_fedcm_signin(10 tools total). - Verified end-to-end (headless, exit 0) against the canonical Chrome FedCM demo IdP/RP — run it:
bun run examples/fedcm.ts.
Three things that are easy to get wrong and are handled for you:
- Enable on demand, never at startup — any site that silently probes FedCM at load hangs if interception is on and nothing resolves the probe.
- Selection is bound to the page's own CDP session — the
dialogShownevent drops the sessionId, and selecting on the wrong target leaves the dialog (and the page'scredentials.get()) hanging forever. resetCooldownon enable — Chrome suppresses the dialog after repeated dismissals.
Also
- Fix:
page.close()RAM leak (Target.closeTarget+ CDP handler cleanup).
Full Changelog: v0.1.0...v0.2.0
Veil v0.1.0 — first release
Stealth browser automation for AI agents. Drives real Chrome over the DevTools Protocol — no Playwright, no Puppeteer, no WebDriver. Zero runtime dependencies.
What it does
- Raw CDP runtime (flat sessions, never calls
Runtime.enable) - Small, self-gating stealth + UA/client-hint scrub
- Real-GPU WebGL via ANGLE/EGL; headful on a headless server via auto-managed Xvfb
- Agent-first: accessibility-tree snapshot → integer refs (no CSS selectors), human-curved mouse + jittered typing, screenshots
- MCP server (8 tools) — any MCP host drives it natively
Measured (Chrome 148, residential IP)
- bot.sannysoft.com: 57/57
- CreepJS (headful): 0% headless, 0% stealth
- Cloudflare JS challenge + generic antibot challenge: bypassed
Not claimed yet: interactive Turnstile/reCAPTCHA, enterprise DataDome/Kasada, logged-in sessions.
Install
```bash
bun add github:acunningham-ship-it/veilbrowser
or clone + run the demo
git clone https://github.com/acunningham-ship-it/veilbrowser && cd veilbrowser
bun install && bun run examples/selftest.ts
```
Credit
The raw-CDP-without-Playwright approach was pioneered by nodriver (Python). Veil is the TypeScript- and MCP-native take.
MIT.