Show HN: Vibium – Browser automation for AI and humans, by Selenium's creator (opens in new tab)

(github.com)

443 pointshugs6mo ago124 comments

i started the selenium project 21 years ago. vibium is what i'd build if i started over today with ai agents in mind. go binary under the hood (handles browser, bidi, mcp) but devs never see it. just npm install vibium. python/java coming. for claude code: claude mcp add vibium -- npx -y vibium v1 ships today. ama.

Show HN: Vibium – Browser automation for AI and humans, by Selenium's creator

(github.com)

443 pointshugs6mo ago124 comments

124 comments

95 comments · 33 top-level

9999000009996mo ago· 7 in thread

As someone who's made a good living primarily in UI automation for over a decade, thank you.

It's been an interesting journey.I do think Playwright is the defacto standard now, but Selenium was the original browser driver.

Anyway, how does Vibium compare to Playwright ? Playwright's main advantage is it has official support for multiple languages.

hugsOP6mo ago

> I do think Playwright is the defacto standard now

i'll politely pushback a little. i think it's safe (at this moment in time) to say: playwright wins the first derivative, but selenium wins the "area under the curve". selenium is very entrenched in many parts of the world, especially outside of SF/USA. part of the inbound interest i've been getting for vibium is from those selenium users who want some kind of bridge to the future, but didn't have an obvious path forward beyond "dump selenium, adopt playwright"...

part of my plan with vibium post-v1 is to give that massive (and it truly is massive, i'm not bragging) installed base of selenium users an upgrade path to more agentic coding options.

9999000009996mo ago

Are you solo developing vibium ?

Playwright really simplifies getting setup. It won't work for everyone, but within 30 seconds Playwright will download it's needed browsers along with a test runner.

I also find the documentation is much better/consolidated.

Definitely open to helping you out if I can be of assistance.

1 more reply

steve_adams_866mo ago

Selenium is distinctly more popular among scientists in my experience. I've only seen playwright at startups.

3 more replies

jjmarr6mo ago

Selenium was a part of my degree. I had a course involving it.

mbrochh5mo ago

You might also want to look into Stagewright.

maxloh6mo ago

Any idea how did Puppeteer lose the race?

9999000009995mo ago

The Puppeteer team moved to from Google, to Microsoft and started Playwright.

https://blog.logrocket.com/playwright-vs-puppeteer/

1 more reply

rukuu0016mo ago· 6 in thread

Hey man, just wanted to say thanks for Selenium - it was a game changer and had a big impact on my professional life.

I’m interested in checking out Vibium - I’ve been a reluctant adopter of Playwright and hopeful for a new approach.

hugsOP6mo ago

playwright got a lot of things right. one of the big ones was a fast websockets+json way to drive the browser. (vibium is using the w3c standard equivalent - webdriver bidi). but they also raised the bar on usability and developer experience. i hope to get to the level of "click, click, awesome" out-of-the-box experience that playwright did so well.

pkiv6mo ago

If you're already using Playwright, I'd love for you to give Stagehand a try (https://github.com/browserbase/stagehand) - it has compatible-ish API, but built for automation, not testing.

zenmac6mo ago

Hmmm so it is basically using https://www.director.ai for the AI natural language stuff right?

1 more reply

hugsOP6mo ago

stagehand is good stuff!

irjustin5mo ago

> I’ve been a reluctant adopter of Playwright and hopeful for a new approach.

Out of curiosity, why?

Personally, I'm a massive lover of playwright. Flakiness has been so much lower for us.

1 more reply

m00dy5mo ago

I think the future is mobile when it comes AI agents, If you are also looking for a new approach, I would suggest DeepWalker. It is mobile first automation, currently works on android.

[0]: https://deepwalker.xyz

moss_dog6mo ago· 6 in thread

I'd love to be able to lock down the browser to only allow certain URLs (e.g. localhost) so I can give Claude (and other tools) carte blanche to use browser automation (rather than manually approving each command). Is this something on your radar / roadmap?

ramoz6mo ago

If using Claude Code, a simple hook can govern `browser_navigate` (mcp)

A custom sh script or something for whitelists would take ~5min to setup.

For more robust governance (many policies), you can write Rego using https://github.com/eqtylab/cupcake

https://code.claude.com/docs/en/hooks#mcp-tool-naming

moss_dog6mo ago

Thank you for the links / info! I'm looking forward to digging into this.

hugsOP6mo ago

fully aware of the "blast radius" risk of using claude to do stuff. i'm doing all my vibium dev in a vm using UTM (and you should, too!). wonder if there are some network rules we can add.

i did post a v2 roadmap on the github repo. might be time to start the draft for v3!

falcor846mo ago

As I see it, the only real solution is to put it into a container that has a firewall with a short whitelist.

moss_dog6mo ago

I was looking into this earlier -- presumably you'd also need to allowlist Claude itself (whatever endpoints it hits to run inference etc). VM firewall gets a little trickier with Claude's web search tool, too.

The solution I landed on recently was to locally modify the Chrome devtools MCP to launch the browser instance with strict network restrictions. I believe the implementation used `--host-resolver-rules`, blocking all URLs by default with an environment variable to control the allowlist (which, in hindsight, Claude can easily work around if it needs to -- I should probably just hard-code the allowlist).

1 more reply

michelb5mo ago

Maybe this is something: https://github.com/vibheksoni/stealth-browser-mcp

dmd6mo ago· 4 in thread

Does it allow you to inject js, modify the DOM, and most crucially monitor/modify network requests? I do those things in probably 95-99% of the time I reach for playwright mcp in claude, and from the "For Agents" part of the README, it seems like all this can do is click/type/screenshot?

hugsOP6mo ago

> inject js, modify the DOM, and most crucially monitor/modify network requests

not yet. definitely on the roadmap, though. goal is to embrace what playwright has done well, then extend what's possible...

dmd6mo ago

Thanks. I would love to understand what people are doing with Playwright that doesn't involve those things. I really can't recall ever using it where that wasn't what I was doing. I use it letting Claude fix things. You can't fix what you can't see! What else are people using it for? Obviously there must be a (very popular!) use case for "just clicking", but I can't seem to imagine it.

3 more replies

doctorpangloss6mo ago

all i want is monitored network requests, because flutter + amazon appsync apps are so radioactive

hugsOP6mo ago

good feedback. thank you!

suchintan6mo ago· 3 in thread

This is very cool. We were thinking about doing something very similar with Skyvern

What was the reason you went down this path instead of extending selenium with AI features?

hugsOP6mo ago

i partially addressed this in the "why vibium" section of the v1 announcement: https://github.com/VibiumDev/vibium/blob/main/docs/updates/2...

but why a new thing vs extending selenium? it's a little complicated, but neither selenium nor playwright were designed with ai in mind from day 1. with vibium, i'm optimizing for "vibe coding" and ai-driven workflows first.

suchintan6mo ago

This makes sense. I guess I wanted to understand why starting from scratch was better than "fixing" selenium, but perhaps "fixing" selenium isn't an option?

hugsOP6mo ago

for the entire testing tools industry, in some ways, selenium was the "final boss" to beat. every new tool had to trash selenium in their marketing. eventually those "hit points" added up. "fixing selenium" is as much as of a branding problem as it is a technical problem. "oh, there's a new version of selenium? i heard selenium sucks!" is actually a problem that has to be dealt with. an entire new generation of coders only know "playwright rules, selenium drools".

of course, i have a new host of problems by going all in with "vibium"... i'm making a huge bet that "vibe coding" is a trend, not a fad. (it could still be a fad! we'll see if this post ages well soon enough!)

2 more replies

christophilus6mo ago· 3 in thread

Nice. I was just thinking of building this very thing. Glad to see I won’t have to. I’ll check it out after the holidays.

hugsOP6mo ago

what specific things were you looking for?

christophilus6mo ago

My use case is mainly to make it easier to show Claude Code a problem with an SPA as I develop it. Claude’s decent at traditional server-rendered stuff, since it can curl and reason a bit about the responses, but SPAs require something more like your tool here.

xnx6mo ago

You might try Google Antigravity since it is natively designed to test in the browser as it codes.

pryelluw6mo ago· 3 in thread

Any plans to support local models through llama.cpp or similar?

hugsOP6mo ago

100% yes. favorites?

pryelluw6mo ago

I daily drive llama.cpp so that please.

hugsOP6mo ago

which local models? (e.g. qwen, llama, mistral?)

1 more reply

michelb6mo ago· 2 in thread

Interesting, I've been using this skill https://github.com/SawyerHood/dev-browser to save on context and get some more speed. Will try this out!

hugsOP6mo ago

yeah, looking to play more with (and support) skills with vibium soon.

chews6mo ago

big virtual hugs for @hugs... thank you for the Christmas gift of fewer keystrokes :-)

anamexis6mo ago· 2 in thread

My number one question would be how it compares to Playwright -- differences in design goals, capabilities, advantages and disadvantages.

hugsOP6mo ago

it's a good questionn! i partially addressed this in the "why vibium" section of the v1 announcement: https://github.com/VibiumDev/vibium/blob/main/docs/updates/2...

to save a click, i'll post it here, too:

-----------

why vibium?

there are dozens of "ai-powered browser" tools now. so why this one?

the selenium ecosystem is massive: millions of tests, thousands of companies, decades of investment. but there's no obvious bridge to the ai future. many have moved to playwright — and for good reason: it's fast, easy to use, has popular features like auto-waiting, integrated video recording, and a ton of other batteries included.

vibium takes the same approach. batteries included. great dx. but built for where the industry is going: ai agents that need to drive browsers.

when i did those interviews in september, the response wasn't just "cool idea." it was relief. the community trusts us to build this bridge because we built the last two: selenium in 2004, appium in 2012.

community and ecosystem are the moat.

anamexis6mo ago

Thanks! I don't think it really answers my question though.

AFAIK Playwright also takes the approach of batteries included, great dx, and has a lot of good integration with AI agents.

Basically, what sets Vibium apart?

1 more reply

nivekney6mo ago· 2 in thread

Aside from the project itself, I am learning a lot just from reading the commits. Mostly about the process when one knows how they'd do it.

https://github.com/VibiumDev/vibium/commits/main/?after=ffc3...

therunninglight6mo ago

likewise, watching it take shape in real time is fascinating

hugsOP6mo ago

thanks. if ai-assisted development is the future of software (and i think it is), it was important i put my money where my mouth is and develop it by doing exactly that.

rahimnathwani6mo ago· 2 in thread

If an agent gets a copy of the screen using browser_screenshot and then wants to click somewhere on that screen, how is it meant to find the right css selector to pass to browser_click?

There's a browser_find method, but that assumes you already know what type of element it is. But I can't always tell what type of element something is just by looking at a screenshot.

What have I missed or misunderstood?

coty6mo ago

For right now, the MCP server doesn’t expose quite enough to navigate on its own.

I’ve added a browser_evaluate tool in my fork—though I haven’t committed or pushed a PR yet. With that, the agent can call JavaScript to get the accessibility tree and then use that to navigate via browser_find.

This and much more will be coming soon. See the V2 roadmap for more insight: https://github.com/VibiumDev/vibium/blob/main/V2-ROADMAP.md

hugsOP6mo ago

one of the wild things about vibe coding is... i want to add that feature, but i'm slightly more interested in using the prompt/spec you might have used to create it, not the patch itself.

2 more replies

didip6mo ago· 2 in thread

And this handles login sessions, cookies, etc.? So much of the modern web is now hidden behind login sessions.

hugsOP6mo ago

there's generally only 3 ways to make money in browser automation:

1) test automation (my specialty)

2) data scraping / crawling

3) business/robotic process automation (e.g. back-office data entry, processing invoices, etc.)

when it comes to handling login sessions, cookies, etc. test automation is the easiest. (you create disposable test logins and use them in each test. it's mostly a solved problem.)

handling logins is a way gnarlier problem in data scraping and business process automation. i'm focused on test automation in v1. (i'm hoping experts in data scraping and process automation can help me improve vibium in this regard.)

mlrtime5mo ago

Thank you for helping me understand this. I'm trying to use various tools to automate downloading my energy usage from my provider. They seem to be going to great lengths to try and prevent this. It sucks because I want to conserve and reconcile usage.

entergy.com ... I'm hoping your tool or playwright will help me get it into home assistant.

starik366mo ago· 2 in thread

How do you install it into Claude Desktop? I tried the following, but it fails.

    "vibium": {
      "command": "npx",
      "args": [
        "-y",
        "@vibium/mcp@latest"
      ]
    }

therunninglight6mo ago

"vibium": {

"command": "npx",

"args": [

"-y",

"vibium"

]

}

source: https://www.linkedin.com/posts/apzal-bahin_ai-mcp-browseraut...

starik365mo ago

That didn't work - generates errors. But there is a PR in progress that should fix it at some point soon.

badlogic6mo ago· 2 in thread

Neat. Any reason why the MCP server doesn't expose a JavaScript/eval tool? Current models excel at writing JS to drive and inspect the DOM. They aren't great at driving browsers via screenshots.

coty6mo ago

FWIW, if you have Claude Code or the like, you can quickly prompt your way to an eval function in MCP. It already exists in clicker and the client API. You can use it to get the accessibility tree, for example, and use that to find what to fill out and click.

hugsOP6mo ago

> why the MCP server doesn't expose a JavaScript/eval tool?

no reason other than my number #1 goal was "ship something". i only started the actual coding on dec 11. it's been a bit of a sprint the last two weeks!

though "image-based" vs "dom-based" testing approaches is a very big topic! (look forward to researching that more in the future.)

v1 announcement: https://github.com/VibiumDev/vibium/blob/main/docs/updates/2...

captainregex6mo ago· 2 in thread

entirely possible I’m just really bad at this stuff but I can’t get browser agents to do simple report pulls without running into a captcha or a dropdown menu that breaks its brain. hopefully this is the one!

hugsOP6mo ago

good security will always be the eternal enemy of easy automation.

therunninglight6mo ago

the realm of bots vs bots

OutOfHere6mo ago· 2 in thread

I will wait for full Python and Go support.

therunninglight6mo ago

python client coming soon to PyPi

hugsOP6mo ago

have plans for new year's eve?

hcoura6mo ago· 1 in thread

How does it handle context bloat between the browser and the llm?

Any plans of exposing more of the browser? For instance playwright is able to store tracing files the agent may decide to read to understand some requests / payloads…

Any plans on allowing the agent to run an arbitrary js script?

hugsOP6mo ago

i definitely have plans to expose more of the browser! at the moment, it's very limited. i'm not sure if anyone has completely nailed the context bloat problem -- it's worth more study and benchmarking. i suspect the long term answer is "don't use mcp". but mcp (warts and all) felt like a table-stakes feature for a v1 release.

also need to clarify: there are two apis exposed right now: the mcp server and a "plain old" js/ts api. the js/api does have the ability to run arbitrary js. theoretically, you could ask an agent to write a vibium script with the js/ts library, and have the ai run that... (which ironically? is also a way to deal with the issue of context bloat)

rancar26mo ago· 1 in thread

I wasn’t able to gather the future state plans beyond what’s noted in the V2 plans:

https://github.com/VibiumDev/vibium/blob/main/V2-ROADMAP.md

What’s next 5 years look like given that you are very good at building long-term projects that last and evolve through time? And for a very specific example, what’s the plan for incorporating new standards like Agent Skills as they quickly evolve and launch?

hugsOP6mo ago

short term: yeah, we should totally add agent skills asap! new year's eve goal?

as far as long term plans go, i like the tim o'reilly quote: "create more value than you capture".

with selenium, we created an entire ecosystem of tools, users, companies, and economic activity. (literally billions of usd -- it's a story frequently ignored by the tech press when looking for "open source success stories".) but i hope to do the same with vibium. there will likely be a hosted "vibium.cloud" hosted service. i also hope there will be lots of them. in a similar way, there weren't many "hosted selenium" services when i started sauce labs. now there's a bunch. browserstack, lambdatest, etc.

it was also not really an accident we did that with selenium. there is a lot of behind-the-scenes consensus building that happens to make things like a w3c webdriver standard happen. (funfact: vibium relies on the new! w3c standard "webdriver bidi" protocol heavily inspired by the chrome devtools protocol used by playwright. (tl;dr: it's just json over websockets.)

i'm betting on industry cooperation, standards, and shared prosperity. that's my 5 year plan!

mannanj6mo ago· 1 in thread

Hi this looks really valuable, thanks for developing and sharing. Would you share some use cases and how you or your users use it personally? would love to see some examples and feel the aha "That's how I'd like to use it too!" and it would help me drive and se the problems I have as being solvable by this too rather than seeing a tool/solution looking for a problem. (not implying you're that, but without examples/use cases that's the default way I think)

hugsOP6mo ago

lots of people have already been posting examples of how they used vibium on linkedin. (code's only been available for a day or two, so we're just getting started!)

we also have a new discord server for the project that we just spun up and will be opening up more widely soon. discord could be a good place to share uses cases and experiments until we set up a more formal website structure).

eth0up6mo ago· 1 in thread

I recently conducted a little research project involving YouTube comments, where selenium made it possible. Quite cool to see the legend here, still active.

Thanks, from a very tiny human.

hugsOP6mo ago

thanks for using it! <heart-emoji/>

i try to say this often, but it never feels like enough: yes, i started the project, but it's a relay race. i ran the first few laps, but the project has been going for 21 years now. there's dozens (hundreds?) of people to thank at this point for the success and impact that the selenium project has achieved.

saikatsg6mo ago· 1 in thread

The good old days of browser automation! Thanks a lot for Selenium and all the best for Vibium :)

hugsOP5mo ago

thanks!

palidanx6mo ago· 1 in thread

Sorry, I kind of have a dumb question here. So we have a bunch of legacy selenium scripts that do end to end user testing, and occasion they break (either because of a network error, or devs committed something that breaks a test).

We were looking at seeing if a model could look at the screenshot of the failure, some of the original website source code, and try to fix the failing test.

My question is with vibium, would it make more sense to port the legacy tests over to vibium, and if a test fail, use its capabilities to try to self-heal?

hugsOP6mo ago

i apologize, but i'll answer your question with a metaphor.

i want to build an island resort and a bridge from the mainland to get there. do i build the island resort first or the bridge first?

here's my thinking: if the resort is popular and a fun place to be, there will be a huge incentive to build the bridge next. but we might also find out that building the bridge will ultimately be economically impractical and we should just stick to using ferry boats. at least we'll have a cool island resort to go to, though!

so for now, i'm just focusing on building the island resort at the moment. but i really, really want to build that bridge, too, asap.

gsnedders5mo ago· 1 in thread

Is there any plan about how to deal with indirect prompt injection attacks that could trivially be lurking in malicious web pages, given the agent can navigate to an arbitrary URL?

hugsOP5mo ago

short-term mediation is always always always run it in a virtual machine with as minimal credentials as possible.

j2kun6mo ago· 1 in thread

Is this something you use to generate static browser tests that no longer use the LLM? Or would you need to use the LLM every time you run the tests?

therunninglight6mo ago

- No LLM Getting Started with Vibium (beginner-friendly): https://github.com/VibiumDev/vibium/blob/main/docs/tutorials...

- MCP option (where tokens will eventually get burned) Getting Started with Vibium MCP: https://github.com/VibiumDev/vibium/blob/main/docs/tutorials...

jeff4f5da26mo ago· 1 in thread

Since it's in go, wouldn't it be great if it also expose go api?

hugsOP6mo ago

yes, yes it would!

michaelsbradley6mo ago· 1 in thread

Anyone attempting something similar for Qt/QML based apps?

rubymamis5mo ago

I thought about it as well. Might do it at some point.

jstummbillig6mo ago· 1 in thread

Cool. Can this currently be used with codex in the same way?

hugsOP6mo ago

not today. but the plan is to be very "big tent" and support as many options as possible.

ripped_britches6mo ago· 1 in thread

What is the benefit of using this instead of playwright?

hugsOP6mo ago

it will be more obvious in v2.

v1 is about getting to a base-line of functionality.

things get interesting in v2: https://github.com/VibiumDev/vibium/blob/main/V2-ROADMAP.md

password-app5mo ago

Congrats on shipping v1. The "sense-think-act" architecture is exactly what's needed for agentic workflows.

Re: the login handling discussion upthread—I've been using browser-use for automated password rotation (breach response use case). Two patterns that might be relevant to Vibium's roadmap:

Credential injection: Instead of putting passwords in the prompt, pass them via a sensitive_data parameter. The agent calls enter_password() without the value ever appearing in LLM context. Solves the "blast radius" concern several people raised.

Deterministic 2FA handling: When email verification is required, open Gmail in a new tab, but extract OTPs with local regex—not AI. The LLM orchestrates navigation; code extraction stays local. Handles ~90% of email 2FA automatically.

These patterns should work with any browser automation framework. Built a Mac app around this: https://thepassword.app

Would love to see Vibium add first-class support for credential injection in the API—it's the missing piece for any security-sensitive automation.

jaredwy6mo ago

Hey! You really helped my career. We chatted a lot maybe 13-15 years ago and really helped atlassian scale their selenium tests at the time.

So glad to see you are still in this space!

rule20255mo ago

What can this mainly do? How is it different from Chrome devtools MCP?

mintflow5mo ago

great project, just add the mcp and try in claude code, it automatically help me to broser a local forum and give a summary of hot posts today.

this is the second MCP i added, quit impressive.

Merry christmas!

xpe5mo ago

I'm thinking about various security models. When it comes to browser integration, I'm particularly interested in defense-in-depth rather than trusting the shIP activities to the captAIn.

Bad puns aside, this is an important area! Many of us want to know what people are building (or should be built) to put security front and center -- or at least integrated --rather than an afterthought. Components might include: sandboxing, access rules, logging, honey-pot mode, perhaps even read-only access for a "protector" agent. (Another common approach here is wishful thinking such as "this ship is unsinkable", but that ship has sailed for me.)

Putting on my dark humor hat, if all else fails, there could be a "time to panic" mode triggered by certain criteria (e.g. a regex matching "your bank account balance is $0").

What can biology teach us? When you think about defense-in-depth for "insider threats" in the human body, what comes to mind? There are many; here is one: reflexes. Your motor planning neurons might send your hand towards a hot surface and succeed, but they will be quickly countermanded [1] by a reflex arc [2].

P.S. Please don't interpret my style as a lack of seriousness. If used carelessly, this technology opens up some impressive botnet potential. Luckily, with the benefit of wishful thinking or just flat-out ignorance, we can trust humans and AIs to be adequately trustworthy. [2] [3]

[1]: maybe overruled is a better term?

[2]: https://en.wikipedia.org/wiki/Reflex_arc

[3]: https://www.schneier.com/blog/archives/2007/02/the_psycholog...

[4]: https://www.anthropic.com/research/agentic-misalignment

j / k navigate · click thread line to collapse

124 comments

95 comments · 33 top-level

9999000009996mo ago· 7 in thread

As someone who's made a good living primarily in UI automation for over a decade, thank you.

It's been an interesting journey.I do think Playwright is the defacto standard now, but Selenium was the original browser driver.

Anyway, how does Vibium compare to Playwright ? Playwright's main advantage is it has official support for multiple languages.

hugsOP6mo ago

> I do think Playwright is the defacto standard now

part of my plan with vibium post-v1 is to give that massive (and it truly is massive, i'm not bragging) installed base of selenium users an upgrade path to more agentic coding options.

9999000009996mo ago

Are you solo developing vibium ?

Playwright really simplifies getting setup. It won't work for everyone, but within 30 seconds Playwright will download it's needed browsers along with a test runner.

I also find the documentation is much better/consolidated.

Definitely open to helping you out if I can be of assistance.

1 more reply

steve_adams_866mo ago

Selenium is distinctly more popular among scientists in my experience. I've only seen playwright at startups.

3 more replies

jjmarr6mo ago

Selenium was a part of my degree. I had a course involving it.

mbrochh5mo ago

You might also want to look into Stagewright.

maxloh6mo ago

Any idea how did Puppeteer lose the race?

9999000009995mo ago

The Puppeteer team moved to from Google, to Microsoft and started Playwright.

https://blog.logrocket.com/playwright-vs-puppeteer/

1 more reply

rukuu0016mo ago· 6 in thread

Hey man, just wanted to say thanks for Selenium - it was a game changer and had a big impact on my professional life.

I’m interested in checking out Vibium - I’ve been a reluctant adopter of Playwright and hopeful for a new approach.

hugsOP6mo ago

pkiv6mo ago

If you're already using Playwright, I'd love for you to give Stagehand a try (https://github.com/browserbase/stagehand) - it has compatible-ish API, but built for automation, not testing.

zenmac6mo ago

Hmmm so it is basically using https://www.director.ai for the AI natural language stuff right?

1 more reply

hugsOP6mo ago

stagehand is good stuff!

irjustin5mo ago

> I’ve been a reluctant adopter of Playwright and hopeful for a new approach.

Out of curiosity, why?

Personally, I'm a massive lover of playwright. Flakiness has been so much lower for us.

1 more reply

m00dy5mo ago

I think the future is mobile when it comes AI agents, If you are also looking for a new approach, I would suggest DeepWalker. It is mobile first automation, currently works on android.

[0]: https://deepwalker.xyz

moss_dog6mo ago· 6 in thread

ramoz6mo ago

If using Claude Code, a simple hook can govern `browser_navigate` (mcp)

A custom sh script or something for whitelists would take ~5min to setup.

For more robust governance (many policies), you can write Rego using https://github.com/eqtylab/cupcake

https://code.claude.com/docs/en/hooks#mcp-tool-naming

moss_dog6mo ago

Thank you for the links / info! I'm looking forward to digging into this.

hugsOP6mo ago

fully aware of the "blast radius" risk of using claude to do stuff. i'm doing all my vibium dev in a vm using UTM (and you should, too!). wonder if there are some network rules we can add.

i did post a v2 roadmap on the github repo. might be time to start the draft for v3!

falcor846mo ago

As I see it, the only real solution is to put it into a container that has a firewall with a short whitelist.

moss_dog6mo ago

1 more reply

michelb5mo ago

Maybe this is something: https://github.com/vibheksoni/stealth-browser-mcp

dmd6mo ago· 4 in thread

hugsOP6mo ago

> inject js, modify the DOM, and most crucially monitor/modify network requests

not yet. definitely on the roadmap, though. goal is to embrace what playwright has done well, then extend what's possible...

dmd6mo ago

3 more replies

doctorpangloss6mo ago

all i want is monitored network requests, because flutter + amazon appsync apps are so radioactive

hugsOP6mo ago

good feedback. thank you!

suchintan6mo ago· 3 in thread

This is very cool. We were thinking about doing something very similar with Skyvern

What was the reason you went down this path instead of extending selenium with AI features?

hugsOP6mo ago

i partially addressed this in the "why vibium" section of the v1 announcement: https://github.com/VibiumDev/vibium/blob/main/docs/updates/2...

suchintan6mo ago

This makes sense. I guess I wanted to understand why starting from scratch was better than "fixing" selenium, but perhaps "fixing" selenium isn't an option?

hugsOP6mo ago

2 more replies

christophilus6mo ago· 3 in thread

Nice. I was just thinking of building this very thing. Glad to see I won’t have to. I’ll check it out after the holidays.

hugsOP6mo ago

what specific things were you looking for?

christophilus6mo ago

xnx6mo ago

You might try Google Antigravity since it is natively designed to test in the browser as it codes.

pryelluw6mo ago· 3 in thread

Any plans to support local models through llama.cpp or similar?

hugsOP6mo ago

100% yes. favorites?

pryelluw6mo ago

I daily drive llama.cpp so that please.

hugsOP6mo ago

which local models? (e.g. qwen, llama, mistral?)

1 more reply

michelb6mo ago· 2 in thread

Interesting, I've been using this skill https://github.com/SawyerHood/dev-browser to save on context and get some more speed. Will try this out!

hugsOP6mo ago

yeah, looking to play more with (and support) skills with vibium soon.

chews6mo ago

big virtual hugs for @hugs... thank you for the Christmas gift of fewer keystrokes :-)

anamexis6mo ago· 2 in thread

My number one question would be how it compares to Playwright -- differences in design goals, capabilities, advantages and disadvantages.

hugsOP6mo ago

it's a good questionn! i partially addressed this in the "why vibium" section of the v1 announcement: https://github.com/VibiumDev/vibium/blob/main/docs/updates/2...

to save a click, i'll post it here, too:

-----------

why vibium?

there are dozens of "ai-powered browser" tools now. so why this one?

vibium takes the same approach. batteries included. great dx. but built for where the industry is going: ai agents that need to drive browsers.

community and ecosystem are the moat.

anamexis6mo ago

Thanks! I don't think it really answers my question though.

AFAIK Playwright also takes the approach of batteries included, great dx, and has a lot of good integration with AI agents.

Basically, what sets Vibium apart?

1 more reply

nivekney6mo ago· 2 in thread

Aside from the project itself, I am learning a lot just from reading the commits. Mostly about the process when one knows how they'd do it.

https://github.com/VibiumDev/vibium/commits/main/?after=ffc3...

therunninglight6mo ago

likewise, watching it take shape in real time is fascinating

hugsOP6mo ago

thanks. if ai-assisted development is the future of software (and i think it is), it was important i put my money where my mouth is and develop it by doing exactly that.

rahimnathwani6mo ago· 2 in thread

If an agent gets a copy of the screen using browser_screenshot and then wants to click somewhere on that screen, how is it meant to find the right css selector to pass to browser_click?

There's a browser_find method, but that assumes you already know what type of element it is. But I can't always tell what type of element something is just by looking at a screenshot.

What have I missed or misunderstood?

coty6mo ago

For right now, the MCP server doesn’t expose quite enough to navigate on its own.

This and much more will be coming soon. See the V2 roadmap for more insight: https://github.com/VibiumDev/vibium/blob/main/V2-ROADMAP.md

hugsOP6mo ago

one of the wild things about vibe coding is... i want to add that feature, but i'm slightly more interested in using the prompt/spec you might have used to create it, not the patch itself.

2 more replies

didip6mo ago· 2 in thread

And this handles login sessions, cookies, etc.? So much of the modern web is now hidden behind login sessions.

hugsOP6mo ago

there's generally only 3 ways to make money in browser automation:

1) test automation (my specialty)

2) data scraping / crawling

3) business/robotic process automation (e.g. back-office data entry, processing invoices, etc.)

when it comes to handling login sessions, cookies, etc. test automation is the easiest. (you create disposable test logins and use them in each test. it's mostly a solved problem.)

mlrtime5mo ago

entergy.com ... I'm hoping your tool or playwright will help me get it into home assistant.

starik366mo ago· 2 in thread

How do you install it into Claude Desktop? I tried the following, but it fails.

    "vibium": {
      "command": "npx",
      "args": [
        "-y",
        "@vibium/mcp@latest"
      ]
    }

therunninglight6mo ago

"vibium": {

"command": "npx",

"args": [

"-y",

"vibium"

]

}

source: https://www.linkedin.com/posts/apzal-bahin_ai-mcp-browseraut...

starik365mo ago

That didn't work - generates errors. But there is a PR in progress that should fix it at some point soon.

badlogic6mo ago· 2 in thread

Neat. Any reason why the MCP server doesn't expose a JavaScript/eval tool? Current models excel at writing JS to drive and inspect the DOM. They aren't great at driving browsers via screenshots.

coty6mo ago

hugsOP6mo ago

> why the MCP server doesn't expose a JavaScript/eval tool?

no reason other than my number #1 goal was "ship something". i only started the actual coding on dec 11. it's been a bit of a sprint the last two weeks!

though "image-based" vs "dom-based" testing approaches is a very big topic! (look forward to researching that more in the future.)

v1 announcement: https://github.com/VibiumDev/vibium/blob/main/docs/updates/2...

captainregex6mo ago· 2 in thread

hugsOP6mo ago

good security will always be the eternal enemy of easy automation.

therunninglight6mo ago

the realm of bots vs bots

OutOfHere6mo ago· 2 in thread

I will wait for full Python and Go support.

therunninglight6mo ago

python client coming soon to PyPi

hugsOP6mo ago

have plans for new year's eve?

hcoura6mo ago· 1 in thread

How does it handle context bloat between the browser and the llm?

Any plans of exposing more of the browser? For instance playwright is able to store tracing files the agent may decide to read to understand some requests / payloads…

Any plans on allowing the agent to run an arbitrary js script?

hugsOP6mo ago

rancar26mo ago· 1 in thread

I wasn’t able to gather the future state plans beyond what’s noted in the V2 plans:

https://github.com/VibiumDev/vibium/blob/main/V2-ROADMAP.md

hugsOP6mo ago

short term: yeah, we should totally add agent skills asap! new year's eve goal?

as far as long term plans go, i like the tim o'reilly quote: "create more value than you capture".

i'm betting on industry cooperation, standards, and shared prosperity. that's my 5 year plan!

mannanj6mo ago· 1 in thread

hugsOP6mo ago

lots of people have already been posting examples of how they used vibium on linkedin. (code's only been available for a day or two, so we're just getting started!)

eth0up6mo ago· 1 in thread

I recently conducted a little research project involving YouTube comments, where selenium made it possible. Quite cool to see the legend here, still active.

Thanks, from a very tiny human.

hugsOP6mo ago

thanks for using it! <heart-emoji/>

saikatsg6mo ago· 1 in thread

The good old days of browser automation! Thanks a lot for Selenium and all the best for Vibium :)

hugsOP5mo ago

thanks!

palidanx6mo ago· 1 in thread

We were looking at seeing if a model could look at the screenshot of the failure, some of the original website source code, and try to fix the failing test.

My question is with vibium, would it make more sense to port the legacy tests over to vibium, and if a test fail, use its capabilities to try to self-heal?

hugsOP6mo ago

i apologize, but i'll answer your question with a metaphor.

i want to build an island resort and a bridge from the mainland to get there. do i build the island resort first or the bridge first?

so for now, i'm just focusing on building the island resort at the moment. but i really, really want to build that bridge, too, asap.

gsnedders5mo ago· 1 in thread

Is there any plan about how to deal with indirect prompt injection attacks that could trivially be lurking in malicious web pages, given the agent can navigate to an arbitrary URL?

hugsOP5mo ago

short-term mediation is always always always run it in a virtual machine with as minimal credentials as possible.

j2kun6mo ago· 1 in thread

Is this something you use to generate static browser tests that no longer use the LLM? Or would you need to use the LLM every time you run the tests?

therunninglight6mo ago

- No LLM Getting Started with Vibium (beginner-friendly): https://github.com/VibiumDev/vibium/blob/main/docs/tutorials...

- MCP option (where tokens will eventually get burned) Getting Started with Vibium MCP: https://github.com/VibiumDev/vibium/blob/main/docs/tutorials...

jeff4f5da26mo ago· 1 in thread

Since it's in go, wouldn't it be great if it also expose go api?

hugsOP6mo ago

yes, yes it would!

michaelsbradley6mo ago· 1 in thread

Anyone attempting something similar for Qt/QML based apps?

rubymamis5mo ago

I thought about it as well. Might do it at some point.

jstummbillig6mo ago· 1 in thread

Cool. Can this currently be used with codex in the same way?

hugsOP6mo ago

not today. but the plan is to be very "big tent" and support as many options as possible.

ripped_britches6mo ago· 1 in thread

What is the benefit of using this instead of playwright?

hugsOP6mo ago

it will be more obvious in v2.

v1 is about getting to a base-line of functionality.

things get interesting in v2: https://github.com/VibiumDev/vibium/blob/main/V2-ROADMAP.md

password-app5mo ago

Congrats on shipping v1. The "sense-think-act" architecture is exactly what's needed for agentic workflows.

Re: the login handling discussion upthread—I've been using browser-use for automated password rotation (breach response use case). Two patterns that might be relevant to Vibium's roadmap:

These patterns should work with any browser automation framework. Built a Mac app around this: https://thepassword.app

Would love to see Vibium add first-class support for credential injection in the API—it's the missing piece for any security-sensitive automation.

jaredwy6mo ago

Hey! You really helped my career. We chatted a lot maybe 13-15 years ago and really helped atlassian scale their selenium tests at the time.

So glad to see you are still in this space!

rule20255mo ago

What can this mainly do? How is it different from Chrome devtools MCP?

mintflow5mo ago

great project, just add the mcp and try in claude code, it automatically help me to broser a local forum and give a summary of hot posts today.

this is the second MCP i added, quit impressive.

Merry christmas!

xpe5mo ago

I'm thinking about various security models. When it comes to browser integration, I'm particularly interested in defense-in-depth rather than trusting the shIP activities to the captAIn.

Putting on my dark humor hat, if all else fails, there could be a "time to panic" mode triggered by certain criteria (e.g. a regex matching "your bank account balance is $0").

[1]: maybe overruled is a better term?

[2]: https://en.wikipedia.org/wiki/Reflex_arc

[3]: https://www.schneier.com/blog/archives/2007/02/the_psycholog...

[4]: https://www.anthropic.com/research/agentic-misalignment

j / k navigate · click thread line to collapse