github agent0ai/agent-zero v1.10
on GitHub

6 hours ago

Agent Zero v1.10

Highlights

  • New built-in Browser — Replaces the legacy browser-use agent with a direct Playwright-powered browser, live WebUI viewer with CDP screencast streaming, floating/dockable canvas panel, tab management, Chrome extension support, annotation mode (Cmd/Ctrl+.), and persistent Chromium runtime. The old _browser_agent plugin has been extracted as a community plugin via the Plugin Index.

  • ChatGPT/Codex Account OAuth — Connect your existing OpenAI Codex plan through a device-code OAuth flow. Agent Zero exposes a local OpenAI-compatible wrapper so LiteLLM can use account-backed models without a separate API key. Includes SSE streaming support and a discovery banner in the integrations UI.

  • Time Travel workspace history — Shadow Git snapshots for /a0/usr workspaces with history, diff, preview, travel, and revert APIs. Debounced via the existing watchdog (one snapshot per workspace every 10 seconds). Replaces the earlier _diff_viewer plugin.

  • Universal Canvas & dockable panels — Browser and Office surfaces can run in the right canvas or as floating modals. Automatic canvas handoffs open Office documents and Browser sessions from tool results. Right-canvas rail redesigned as a centered floating socket to preserve chat space.

  • Office canvas — Read/edit support for DOCX, XLSX, and PPTX artifacts with version history, native XLSX chart creation (line/bar/pie/OHLC/etc.), file tabs with session switching, document card dashboard with previews, and tighter auto-handoff rules to avoid false positives.

  • Agent Profile switcher — Profiles are now context-scoped and switchable from the chat composer. A guided creation wizard (a0-create-agent skill) walks through scope, behavior, and prompt overrides with a structured blueprint flow.

  • Project-scoped LLM presets — Assign LLM presets per project; chat/utility settings copy into project-scoped config while embedding settings follow the effective global config.

Security

  • CVE-2026-32871 remediation — FastMCP upgraded to 3.2.4 and MCP to 1.27.0 to fix an OpenAPI path-parameter traversal vulnerability. Regression test added for path-encoding safety.

Connector & Remote Tools

  • Execution config (exec_config) is now sent in the connector WebSocket hello, removing the implicit host-side Core dependency and fixing Windows remote execution.
  • Stale-read protection added to remote text editing (freshness checks before patch operations).
  • Remote tool guidance is lazy-loaded as skills and gated on actual CLI capabilities instead of always injected.
  • Shell write actions blocked in read-only mode.

Text Editor

  • Context-based patch_text support added to the Docker-local text editor, sharing validation and freshness logic with the remote editor while preserving legacy line-number edits.

UI & Settings

  • API key fields moved out of collapsed Advanced Settings into the main model form.
  • Active model names shown in the chat model switcher (refreshed on settings save).
  • Plugin Hub gains a "New" filter (last 14 days) with newest-sort and badge styling.
  • Plugin settings modal title now shows the active plugin name.
  • Settings and modals restyled with a left-rail layout, clearer hierarchy, and advanced disclosures.
  • Onboarding progression improved for Main/Utility model setup.
  • Email integration reworked with provider-first selection and guided defaults.
  • Remote Link / tunnel UX refreshed with QR/mobile affordances.
  • Active skills cap raised to 20 with a simpler checklist UI.
  • Voice/STT transcription fix — text now correctly appears in the chat input via Alpine store.

Integrations & Infrastructure

  • Telegram and WhatsApp integration config persistence and project binding fixed.
  • SearXNG wikidata engine disabled to prevent Docker bootstrap failure.
  • Socket.IO disconnect handler updated to accept the reason parameter (python-socketio ≥5.14.2 compat).
  • Tool request validation crash on non-canonical field names fixed.

Breaking Changes

  • _browser_agent removed from core — Users relying on the browser-use-based agent will be able to install it from the Plugin Index as a community plugin after its release.
  • browser-use Python dependency removed — No longer bundled; only needed if using the community plugin.
  • Image attachments stored as path refs — Vision and computer-use captures are now file-path references in history; inline base64/data-URL attachments are rejected on the connector WebSocket path.
  • FastMCP 3.x — Upgraded from 2.x; plugins using FastMCP internals may need updates.
Check out latest releases or
releases around agent0ai/agent-zero v1.10

Don't miss a new agent-zero release

NewReleases is sending notifications on new releases.

Get notifications