@quanta-intellect/vessel-browser 0.1.26 → 0.1.27

package/README.md

@@ -1,8 +1,17 @@
-![vessel-logo-cropped](https://github.com/user-attachments/assets/58887932-26b3-45b5-be5e-21de562d2855)
+<div align="center">
+  
+![quanta-intellect-logo-transparent](https://cdn-uploads.huggingface.co/production/uploads/686c460ba3fc457ad14ab6f8/gB6J60f9Yeyb3Thop2dUa.png)
+
+<a href="https://snapcraft.io/vessel-browser">
+    <img alt="Get it from the Snap Store" src=https://snapcraft.io/en/dark/install.svg />
+  </a>
+  <a href="https://www.producthunt.com/products/quanta-intellect?embed=true&amp;utm_source=badge-featured&amp;utm_medium=badge&amp;utm_campaign=badge-vessel-browser-from-quanta-intellect" target="_blank" rel="noopener noreferrer"><img alt="Vessel Browser from Quanta Intellect - The browser where agents drive and humans supervise | Product Hunt" width="250" height="54" src="https://api.producthunt.com/widgets/embed-image/v1/featured.svg?post_id=1107491&amp;theme=dark&amp;t=1774779141692"></a>
 
 # Vessel: Your Agent's Browser
+</div>
+
 
-Open-source browser runtime for persistent web agents on Linux.
+Open source chromium-based browser for persistent web agents on Linux (Mac/Windows support to come).
 
 Vessel gives external agent harnesses a real browser with durable state, MCP control, and a human-visible supervisory UI. It is built for long-running workflows where the agent drives and the human audits, intervenes, and redirects when needed.
 
@@ -12,13 +21,19 @@ Vessel gives external agent harnesses a real browser with durable state, MCP con
 
 *Vessel is in active development and currently makes no security assurances. Use and deploy it with care.*
 
+
+
+https://github.com/user-attachments/assets/0a72b48a-873a-4eb0-b8f2-23e34d8472c4
+
+
+
 ## Quick Start
 
 Want the full agent toolkit from day one? [Start a 5-Day Free Trial of Vessel Premium](https://vesselpremium.quantaintellect.com/checkout).
 
 ### Fastest Install Today
 
-The preferred MVP install path is the Linux AppImage from GitHub Releases:
+Linux AppImage from GitHub Releases:
 
 1. Download the latest `Vessel-<version>-x64.AppImage`
 2. Mark it executable: `chmod +x Vessel-*.AppImage`
@@ -57,11 +72,13 @@ If you want extra local AI tracing in development, create an optional `src/main/
 
 Most browser automation stacks are either headless, stateless, or designed around a human as the primary operator. Vessel is built around the opposite model: the browser is the agent's operating surface, and the human stays in the loop through a visible interface with clear supervisory controls.
 
+<img width="1280" height="800" alt="@quanta-intellectvessel-browser_2026-03-17_200224_6613" src="https://github.com/user-attachments/assets/8e208ee1-cb89-4318-87a2-9561a7d9aecf" />
 <img width="1280" height="800" alt="vessel_2026-03-16_144201_7545" src="https://github.com/user-attachments/assets/da7b28ea-6c5f-4aa7-909e-0a255c80d508" />
+<img width="1280" height="800" alt="@quanta-intellectvessel-browser_2026-03-17_195754_6624" src="https://github.com/user-attachments/assets/3b3d2033-5a59-4806-bbc1-359efb7b43a9" />
 
 
-<img width="1280" height="785" alt="vessel_2026-03-16_171108_8677" src="https://github.com/user-attachments/assets/613c285f-0253-4344-b335-f74a64e124ac" />
 
+<img width="1280" height="800" alt="vessel_2026-03-17_145154_5389" src="https://github.com/user-attachments/assets/b1c08d6c-bcdf-4c9a-8429-a71a23a61903" />
 
 Vessel is built for persistent web agents that need a real browser, durable state, and a human-visible interface. The agent is the primary operator. The human follows along in the live browser UI, audits what the agent is doing, and steers when needed.
 
@@ -306,7 +323,10 @@ Generic HTTP MCP config:
   "mcpServers": {
     "vessel": {
       "type": "http",
-      "url": "http://127.0.0.1:3100/mcp"
+      "url": "http://127.0.0.1:3100/mcp",
+      "headers": {
+        "Authorization": "Bearer <token from ~/.config/vessel/mcp-auth.json>"
+      }
     }
   }
 }
@@ -318,6 +338,8 @@ Hermes Agent `config.yaml` MCP config:
 mcp_servers:
   vessel:
     url: "http://127.0.0.1:3100/mcp"
+    headers:
+      Authorization: "Bearer <token from ~/.config/vessel/mcp-auth.json>"
     timeout: 180
     connect_timeout: 30
 ```
@@ -338,14 +360,17 @@ vessel-browser-mcp
 Helper examples:
 
 ```bash
-# Generic JSON snippet
+# Generic JSON snippet with Authorization header
 vessel-browser-mcp
 
-# Hermes-ready YAML snippet
+# Hermes-ready YAML snippet with Authorization header
 vessel-browser-mcp --format hermes
 
 # Raw MCP endpoint URL
 vessel-browser-mcp --format url
+
+# Raw MCP bearer token
+vessel-browser-mcp --format token
 ```
 
 Source install update helpers:

package/out/main/index.js

@@ -13755,6 +13755,23 @@ function getMcpAuthFilePath() {
   );
   return path$1.join(configDir, MCP_AUTH_FILENAME);
 }
+function readMcpAuthFile() {
+  try {
+    const raw = fs$1.readFileSync(getMcpAuthFilePath(), "utf8");
+    const parsed = JSON.parse(raw);
+    return parsed && typeof parsed === "object" ? parsed : null;
+  } catch {
+    return null;
+  }
+}
+const MIN_TOKEN_LENGTH = 32;
+function getPersistentMcpAuthToken() {
+  const existingToken = readMcpAuthFile()?.token?.trim();
+  if (existingToken && existingToken.length >= MIN_TOKEN_LENGTH) {
+    return existingToken;
+  }
+  return crypto$2.randomBytes(32).toString("hex");
+}
 function writeMcpAuthFile(endpoint, token) {
   try {
     const filePath = getMcpAuthFilePath();
@@ -13769,9 +13786,28 @@ function writeMcpAuthFile(endpoint, token) {
   }
 }
 function clearMcpAuthFile() {
+  const existingToken = readMcpAuthFile()?.token?.trim();
+  if (!existingToken) {
+    try {
+      fs$1.unlinkSync(getMcpAuthFilePath());
+    } catch {
+    }
+    return;
+  }
   try {
-    fs$1.unlinkSync(getMcpAuthFilePath());
-  } catch {
+    const filePath = getMcpAuthFilePath();
+    fs$1.mkdirSync(path$1.dirname(filePath), { recursive: true });
+    fs$1.writeFileSync(
+      filePath,
+      JSON.stringify(
+        { endpoint: "", token: existingToken, pid: null },
+        null,
+        2
+      ) + "\n",
+      { mode: 384 }
+    );
+  } catch (err) {
+    console.warn("[Vessel MCP] Failed to clear auth file:", err);
   }
 }
 function asTextResponse(text) {
@@ -18310,7 +18346,7 @@ function startMcpServer(tabManager, runtime2, port) {
     status: "starting",
     message: `Starting MCP server on port ${port}.`
   });
-  mcpAuthToken = crypto$2.randomBytes(32).toString("hex");
+  mcpAuthToken = getPersistentMcpAuthToken();
   return new Promise((resolve) => {
     const server = http.createServer(async (req, res) => {
       const url = new URL(req.url || "/", `http://localhost:${port}`);
@@ -18337,7 +18373,11 @@ function startMcpServer(tabManager, runtime2, port) {
         return;
       }
       const authHeader = req.headers.authorization;
-      if (!authHeader || authHeader !== `Bearer ${mcpAuthToken}`) {
+      const expected = `Bearer ${mcpAuthToken}`;
+      const headerBuf = Buffer.from(authHeader ?? "");
+      const expectedBuf = Buffer.from(expected);
+      const tokenValid = headerBuf.length === expectedBuf.length && crypto$2.timingSafeEqual(headerBuf, expectedBuf);
+      if (!authHeader || !tokenValid) {
         res.writeHead(401, { "Content-Type": "application/json" });
         res.end(JSON.stringify({ error: "Unauthorized — missing or invalid bearer token" }));
         return;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@quanta-intellect/vessel-browser",
   "mcpName": "io.github.unmodeled-tyler/vessel-browser",
-  "version": "0.1.26",
+  "version": "0.1.27",
   "description": "AI-native web browser for Linux — persistent browser runtime for autonomous agents with human supervision",
   "main": "./out/main/index.js",
   "bin": {