[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-82696":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":23,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":40,"readmeContent":41,"aiSummary":42,"trendingCount":16,"starSnapshotCount":16,"syncStatus":43,"lastSyncTime":44,"discoverSource":45},82696,"ShardBrowser","ProxyShard\u002FShardBrowser","ProxyShard","Free, open-source anti-detect browser launcher for web scraping and multi-accounting. By the ProxyShard team. Engine-level fingerprint spoofing in Chromium 148 (WebGL \u002F WebGPU \u002F Client Hints \u002F fonts \u002F TLS), 170+ device profiles bundled, stable QUIC + WebRTC over SOCKS5.","",null,"TypeScript",360,56,13,1,0,9,53,276,38,93.27,"Other",false,"main",[26,27,28,29,30,31,32,33,34,35,36,37,38,39],"anti-detect-browser","browser-fingerprinting","chromium","fingerprint","multi-accounting","proxy","proxyshard","quic","react","rust","socks5","tauri","web-scraping","webrtc","2026-06-12 04:01:38","# ShardX Launcher\n\n\u003Cp align=\"center\">\n \u003Ca href=\"LICENSE\">\u003Cimg alt=\"License\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-MIT-blue?style=flat-square\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fpypi.org\u002Fproject\u002Fshardx\u002F\">\u003Cimg alt=\"PyPI version\" src=\"https:\u002F\u002Fimg.shields.io\u002Fpypi\u002Fv\u002Fshardx?style=flat-square&logo=pypi&logoColor=white&label=pypi&color=blue\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002F@proxyshard\u002Fshardx\">\u003Cimg alt=\"npm version\" src=\"https:\u002F\u002Fimg.shields.io\u002Fnpm\u002Fv\u002F@proxyshard\u002Fshardx?style=flat-square&logo=npm&logoColor=white&label=npm&color=red\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FProxyShard\u002FShardBrowser\u002Fstargazers\">\u003Cimg alt=\"GitHub stars\" src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FProxyShard\u002FShardBrowser?style=flat-square&logo=github&label=Stars&color=lightgrey\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FProxyShard\u002FShardBrowser\u002Fcommits\">\u003Cimg alt=\"Last commit\" src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flast-commit\u002FProxyShard\u002FShardBrowser?style=flat-square&color=success\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fpypi.org\u002Fproject\u002Fshardx\u002F\">\u003Cimg alt=\"PyPI downloads\" src=\"https:\u002F\u002Fimg.shields.io\u002Fpypi\u002Fdm\u002Fshardx?style=flat-square&logo=pypi&logoColor=white&label=pypi&color=brightgreen\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002F@proxyshard\u002Fshardx\">\u003Cimg alt=\"npm downloads\" src=\"https:\u002F\u002Fimg.shields.io\u002Fnpm\u002Fdt\u002F@proxyshard\u002Fshardx?style=flat-square&logo=npm&logoColor=white&label=npm&color=brightgreen\">\u003C\u002Fa>\n\u003C\u002Fp>\n\nA project by the **[ProxyShard](https:\u002F\u002Fproxyshard.com)** team — the\nproxy service with full **SOCKS5 UDP relay** (RFC 1928 §7) and active\n**p0f TCP-fingerprint spoofing** on the exit (so the OS the proxy\nclaims to be on actually matches the SYN\u002FACK shape sites see). ShardX\nis the in-house anti-detect browser stack we built to get the most out\nof those proxies: the launcher manages profiles, binds proxies, and\nships the patched **Chromium 148** browser that does the actual\nspoofing at the engine level.\n\n* **Site:** \u003Chttps:\u002F\u002Fproxyshard.com>\n* **Docs:** \u003Chttps:\u002F\u002Fdocs.proxyshard.com>\n* **UDP info:** \u003Chttps:\u002F\u002Fdocs.proxyshard.com\u002Feng\u002Four-products\u002Fabout-udp>\n* **p0f info:** \u003Chttps:\u002F\u002Fdocs.proxyshard.com\u002Feng\u002Four-products\u002Fp0f-spoofing>\n\nDrive ShardX whichever way fits the job — all four read from the same\non-disk state, so a profile is reachable from every entry-point with\nno sync step:\n\n* **Desktop UI** — workspace for day-to-day work (profiles, proxies,\n cookies, fingerprint editor).\n* **Local HTTP API** — Bearer-JWT auth on `127.0.0.1:40325`; create \u002F\n start \u002F stop profiles and grab a CDP endpoint from any language.\n* **MCP server** — drops into Claude Desktop \u002F Cursor for\n natural-language profile orchestration (HTTP API + browser-over-CDP).\n* **Standalone SDKs** — Python + Node libraries that ship the engine\n themselves and need no GUI at all; ideal for scrapers \u002F CI \u002F servers.\n\nSetup for each lives in [Usage](#usage) below.\n\n\u003Cp align=\"center\">\n \u003Cimg src=\"docs\u002Fscreenshots\u002F00-launcher-workspace.jpg\" alt=\"ShardX Launcher\" width=\"820\">\n\u003C\u002Fp>\n\n---\n\n## What it is\n\n**A free, open-source anti-detect browser for web scraping and\nmulti-accounting.**\n\nRun hundreds of isolated browser identities side by side, each one a\nfully-formed device with its own GPU, screen, fonts, audio stack,\ntimezone, locale, WebGL\u002FWebGPU caps, TLS ClientHello, UA-CH, WebRTC\npolicy, geolocation and cookies — every signal coherent with the\nothers, and every signal **spoofed inside Chromium's C++ engine**\n(Blink \u002F V8 \u002F network stack), not via JS injection that detectors trip\non instantly.\n\nYou get 170 ready-made device profiles out of the box (mac M1–M5,\nWindows desktops\u002Flaptops with RTX\u002FGTX\u002FIntel\u002FAMD GPUs, Linux\nworkstations), bind a SOCKS5 \u002F HTTP proxy to each one, and the\nlauncher handles the rest — auto-resolved timezone + locale +\ngeolocation from the proxy's exit country, isolated `user-data-dir`,\npersistent cookies, Widevine pre-warm, QUIC over the proxy's UDP\nrelay, no real-IP leaks via WebRTC.\n\nFree for any use — pair with [ProxyShard](https:\u002F\u002Fproxyshard.com)\nproxies for the QUIC + WebRTC stack to actually work end-to-end, or\nbring your own.\n\nWhat this gives you out of the box:\n\n| Test | Result |\n|-----------------------------------------------------------------|--------------------------------------------------------------------------|\n| [browserleaks.com\u002Fquic](https:\u002F\u002Fbrowserleaks.com\u002Fquic) | QUIC `True`, JA4 matches real Chrome, MTU 1232 over SOCKS5 UDP relay |\n| [fingerprint.com](https:\u002F\u002Ffingerprint.com\u002Fdemo) | Bot \u002F VPN \u002F DevTools \u002F browser-tampering all `Not detected` |\n| [browserscan.net](https:\u002F\u002Fwww.browserscan.net) | Authenticity **100%** |\n| [pixelscan.net](https:\u002F\u002Fpixelscan.net) | Fingerprint **consistent**, no proxy \u002F automation detected |\n| [fp.haru.gay](https:\u002F\u002Ffp.haru.gay) | `isBot: false`, every sub-signal `false` |\n| [antcpt.com\u002Fscore_detector](https:\u002F\u002Fantcpt.com\u002Fscore_detector\u002F) | reCAPTCHA v3 score **0.9** |\n| [networktest.twilio.com](https:\u002F\u002Fnetworktest.twilio.com) | TURN UDP \u002F TCP \u002F TLS + Voice — all **Pass** (no real-IP leak) |\n\n---\n\n## Fingerprint surfaces patched\n\nAll overrides live inside the browser engine — there is no JavaScript\nshim layer that detectors can spot, so spoofed values are consistent\nacross iframes, web workers, devtools and headless inspection.\n\n* **Device identity** — user agent, platform, vendor, CPU cores, RAM,\n touch points, full Sec-CH-UA stack (brand, version, architecture,\n bitness, mobile, model) with stable GREASE.\n* **Graphics** — WebGL renderer \u002F vendor \u002F extensions \u002F limits, WebGPU\n adapter + limits, deterministic per-profile noise for Canvas, DOMRect\n and ClientRects, color gamut and HDR claims.\n* **Audio** — sample rate, channel count, optional per-profile noise on\n raw audio samples.\n* **Screen & window** — full resolution + available area + DPR + color\n depth, max-size cap so the OS won't resize past the claimed\n dimensions.\n* **Locale** — timezone, ICU locale, primary language and the\n Accept-Language header auto-derived from the bound proxy's country.\n* **Geolocation** — coordinates either set manually or derived from the\n proxy's exit IP; host GPS \u002F Wi-Fi is never used.\n* **Network capability** — connection type, downlink, RTT, save-data,\n storage quota, JS heap limit, battery state, media-device counts.\n* **TLS ClientHello** — Chrome-148 cipher + signature-algorithm\n selection, extension shuffling, so JA4 \u002F Akamai \u002F Peetprint fingerprints\n match real Chrome.\n* **HTTP-3 over the proxy's UDP relay** — QUIC works end-to-end through\n SOCKS5; origin hostnames are resolved proxy-side.\n* **WebRTC policy** — `block` \u002F `tcp_only` \u002F `auto`. In `auto` traffic\n rides the proxy's UDP relay; otherwise WebRTC candidates report the\n proxy exit IP, never the host. STUN \u002F TURN targets on private\n networks are dropped.\n* **Speech voices** — full per-OS `speechSynthesis.getVoices()`\n enumeration (200+ macOS voices, SAPI + Google for Windows, Google-only\n for Linux).\n* **Fonts** — system font enumeration pinned to a per-profile set so\n font-list probes return the claimed device's fonts, not the host's.\n* **WebGPU on Linux** — disabled to match what real Linux Chrome\n actually exposes (most distros ship WebGPU off).\n* **Google validation headers** — the headers real Google Chrome adds to\n requests against Google properties (notably `x-client-data` — its\n absence is the loudest reCAPTCHA bot signal) are reproduced correctly.\n* **WebAuthn** — platform-authenticator availability matches the\n claimed device.\n* **Hardening** — Widevine pre-warmed per profile, headless markers\n stripped, devtools-protocol side-channels closed, sync hard-disabled,\n no keychain prompts, no Google account telemetry, no Privacy Sandbox\n enrollment data leaked.\n\n---\n\n## Launcher features\n\n* **Profile workspace** — per-profile `user-data-dir`, persistent\n Chrome sessions (\"Continue where you left off\" without the\n crash-restore bubble), bulk import, folder \u002F tag organisation, pin\n to top, clone.\n* **Fingerprint library** — 170 starter profiles shipped via CDN\n (31 mac-arm64 \u002F 120 windows-x64 \u002F 19 linux-x64). Profile editor\n randomises CPU \u002F RAM \u002F platform-version when you change the GPU.\n* **Proxy manager** — SOCKS5 \u002F HTTP \u002F HTTPS, bulk paste-import,\n per-proxy live test (TCP + UDP_ASSOCIATE probe + geo lookup), bind a\n proxy to a profile by id or inline-on-launch. Auto-resolves timezone\n \u002F locale \u002F geolocation from the proxy's exit country.\n* **Auto-runtime** — first launch pulls the patched ShardX Chromium\n build, Widevine CDM and the fingerprint library from CDN, places\n Widevine inside the framework, persists an etag so subsequent\n launches are zero-network.\n* **Local automation API** — axum HTTP server on `127.0.0.1`,\n JWT-Bearer auth. Full reference at\n [docs.proxyshard.com\u002Feng\u002Fshardx-launcher-api](https:\u002F\u002Fdocs.proxyshard.com\u002Feng\u002Fshardx-launcher-api\u002Fbinding-and-lifecycle?fallback=true),\n raw schema in [openapi.yaml](openapi.yaml). Create \u002F start \u002F stop\n profiles and get a CDP WebSocket URL programmatically.\n* **MCP server bundled** — drop into Claude Desktop \u002F IDE for\n natural-language profile orchestration.\n* **Cookie I\u002FO** — import \u002F export the profile's Chromium Cookies\n SQLite with v10 (mac \u002F linux) and AES-GCM + DPAPI (win) decryption.\n* **Cross-platform** — macOS arm64, Windows x64, Linux x64; native\n traffic lights on mac, custom titlebar elsewhere.\n\n---\n\n## Screenshots\n\n### Network — QUIC + WebRTC over SOCKS5\n\nQUIC handshake completes end-to-end through the SOCKS5 UDP relay;\nevery WebRTC probe (UDP \u002F TCP \u002F TLS) passes against Twilio's test\nsuite without leaking the host IP.\n\n| browserleaks.com\u002Fquic — QUIC `True`, JA4 matches Chrome 148 | networktest.twilio.com — every probe `Pass` |\n|-------------------------------------------------------------|------------------------------------------------------------|\n| ![QUIC](docs\u002Fscreenshots\u002F01-browserleaks-quic.jpg) | ![Twilio](docs\u002Fscreenshots\u002F04-twilio-webrtc.jpg) |\n\n### Bot \u002F automation detection\n\n| fingerprint.com — Bot \u002F VPN \u002F DevTools \u002F tampering `Not detected` | fp.haru.gay — `isBot: false`, every signal `false` |\n|-------------------------------------------------------------------|---------------------------------------------------------|\n| ![FP](docs\u002Fscreenshots\u002F03-fingerprint-com.jpg) | ![Haru](docs\u002Fscreenshots\u002F07-haru-bot-detect.jpg) |\n\n### Fingerprint consistency\n\n| ProxyShard's own browser-checker — no issues across 9 categories | pixelscan.net — Fingerprint **consistent** |\n|-------------------------------------------------------------------|---------------------------------------------------------|\n| ![ProxyShard](docs\u002Fscreenshots\u002F02-proxyshard-checker.jpg) | ![Pixelscan](docs\u002Fscreenshots\u002F06-pixelscan.jpg) |\n\n### Authenticity score\n\n| browserscan.net — Authenticity 100 %, locale honoured | antcpt.com — reCAPTCHA v3 score **0.9** |\n|-----------------------------------------------------------|------------------------------------------------------------|\n| ![Browserscan](docs\u002Fscreenshots\u002F05-browserscan.jpg) | ![reCAPTCHA](docs\u002Fscreenshots\u002F08-recaptcha-score.jpg) |\n\n---\n\n## Comparison with other anti-detect browsers\n\nAll three are patched Chromium forks — the differentiation is in *which*\nsurfaces each one bothers to patch, *how cleanly*, and what's wrapped\naround the engine.\n\n| Feature | ShardX (this project) | CloakBrowser | Multilogin \u002F AdsPower \u002F Dolphin |\n|---------------------------------------------------------------|------------------------------|------------------------------|------------------------------------------------|\n| WebGPU spoofing (`navigator.gpu` adapter + every limit) | ✅ full | ❌ untouched — host GPU leaks | ✅ full |\n| Client Hints (Sec-CH-UA-* full stack with GREASE) | ✅ full | ❌ partial \u002F inconsistent | ✅ full on Multilogin \u002F AdsPower, ❌ Dolphin |\n| Font enumeration pinned per profile | ✅ system-level | ❌ JS-only, host fonts still leak via CSS \u002F canvas font-render | ⚠️ partial |\n| V8 \u002F CDP side-channel hardening (preview-getters, inspector) | ✅ closed | ❌ open — CDP automation detectable | ⚠️ partial |\n| TLS ClientHello fingerprint (JA4) | ✅ matches real Chrome 148 | ⚠️ static \u002F drifts on uprev | ✅ matches the forked Chrome version |\n| QUIC \u002F HTTP-3 over SOCKS5 | ✅ stable end-to-end via UDP relay | ⚠️ implemented but unstable — falls back to TCP \u002F drops mid-session | ❌ disabled when proxy is set |\n| WebRTC over SOCKS5 (no real-IP leak via STUN) | ✅ proxy UDP relay or synth candidates | ⚠️ same UDP relay path, same instability | ⚠️ disable-only |\n| Consistency of generated profiles | ✅ coherent device (GPU ↔ CPU ↔ RAM ↔ UA ↔ fonts) | ❌ frequent contradictions (Win UA + Mac GPU, mobile UA + desktop screen, etc.) | ⚠️ varies |\n| Bundled fingerprint library | 170 real-device profiles | ❌ random generator — incoherent fingerprints (Win UA + Mac GPU, mobile UA + desktop screen, etc.) | catalog (subscription) |\n| Pricing | **Free** — only proxy costs | **Free** — engine only | Paid \u002F freemium |\n| Management UI | ✅ desktop app (this launcher) | ⚠️ CLI only — no GUI, profiles managed by hand \u002F scripts | ✅ desktop app |\n| Launcher source | **Open** (MIT, this repo) | **Open** (CLI) | Closed |\n\n### Why this matters in practice\n\nPublic \"is my browser human?\" checkers — fingerprint.com,\npixelscan.net, browserscan.net, fp.haru.gay, antcpt's reCAPTCHA score\ndetector — generally don't bother to probe most of the surfaces below,\nso an anti-detect that fails any of them can still light up all green\non those pages and feel like everything's fine.\n\nReal production anti-fraud stacks (the ones banks, marketplaces, ad\nnetworks, ticketing sites, online betting and dating platforms run)\ndo check them, and the gap is exactly where accounts get flagged a\nfew sessions in instead of immediately:\n\n* `navigator.gpu.requestAdapter()` returns the **host** GPU on\n CloakBrowser, so a profile claiming an RTX 4060 on Windows leaks the\n Mac M-series adapter underneath. ShardX (and the paid anti-detects)\n return the claimed GPU with full WebGPU limits.\n* CDP wrappers, V8 inspector preview-getters and `Object.toString`\n side-channels are wide open on CloakBrowser and only partially closed\n on the paid anti-detects. ShardX patches close every documented side\n channel — automation stays invisible.\n* Font lists scraped via canvas font rendering or\n `document.fonts.check()` return the **host** font list on\n CloakBrowser no matter what the profile claims. ShardX pins the font\n enumeration at the system level so the result matches the device.\n* CloakBrowser's profile generator routinely emits incoherent\n fingerprints (Win32 platform with macOS user-agent, mobile UA with\n 1920×1080 screen, RTX GPU with `hardwareConcurrency=2`). ShardX's\n library is derived from real-device samples so every signal agrees\n with the others.\n* QUIC \u002F HTTP-3 over SOCKS5 is the new normal — major Google\n properties refuse to fall back to HTTP\u002F2 cleanly. The paid\n anti-detects disable QUIC entirely the moment a proxy is set;\n CloakBrowser implements UDP relay but it drops mid-session.\n ShardX rides the proxy's UDP relay end-to-end so HTTP\u002F3 stays up.\n\n---\n\n## Quick start\n\n### Option A — grab a pre-built release\n\nDownload the build for your OS from\n[GitHub Releases](..\u002F..\u002Freleases) — `.dmg` for macOS, `.msi` for\nWindows, `.AppImage` \u002F `.deb` for Linux — and run it.\n\nThe release isn't code-signed (no Apple Developer ID, no Authenticode\ncert), so the first launch is gated by the OS:\n\n* **macOS** — Gatekeeper sees an unsigned bundle that the browser\n just downloaded and refuses to open it. Depending on macOS version\n you get either *\"can't be opened because Apple cannot check it for\n malicious software\"* (mild) or *\"ShardX Launcher is damaged and\n can't be opened. Move it to the Trash.\"* (loud, since macOS 14+).\n **Both are fixed by stripping the quarantine attribute** the\n browser stamped on the .dmg — run once in Terminal:\n ```bash\n xattr -dr com.apple.quarantine \"\u002FApplications\u002FShardX Launcher.app\"\n ```\n After that the .app opens normally with a double-click. If you only\n see the mild \"developer cannot be verified\" warning, right-click on\n the .app → *Open* → *Open* in the confirmation also works.\n* **Windows** — SmartScreen shows *\"Windows protected your PC\"*.\n Click **More info** → **Run anyway**. Repeated launches don't\n re-prompt.\n* **Linux** — `.AppImage`: `chmod +x ShardX-Launcher.AppImage && .\u002FShardX-Launcher.AppImage`. `.deb`: `sudo apt install .\u002FShardX-Launcher.deb`.\n\n### Linux system dependencies\n\nThe bundled Chromium engine needs `unzip` + the standard set of shared\nlibraries any Chromium fork links against. On a fresh Debian \u002F Ubuntu:\n\n```bash\nsudo apt install -y \\\n unzip ca-certificates fonts-liberation \\\n libnss3 libnspr4 libatk1.0-0 libatk-bridge2.0-0 libcups2 \\\n libxkbcommon0 libxcomposite1 libxdamage1 libxfixes3 libxrandr2 \\\n libgbm1 libpango-1.0-0 libcairo2 libasound2 libxshmfence1\n```\n\n### Option B — build from source\n\n```bash\ncd rust\u002Fshardx-launcher\nnpm install\nnpm run tauri dev # dev (hot reload)\n# or\nnpm run tauri build # release .app \u002F .msi \u002F .AppImage in src-tauri\u002Ftarget\u002Frelease\u002Fbundle\u002F\n```\n\n### First launch\n\nThe app downloads the patched browser (~150 MB), Widevine (~16 MB) and\nthe fingerprint library (~470 KB) from our CDN, places everything\nunder\n\n* `~\u002FLibrary\u002FApplication Support\u002Fshardx-launcher\u002F` (mac)\n* `%APPDATA%\\shardx-launcher\\` (win)\n* `~\u002F.config\u002Fshardx-launcher\u002F` (linux)\n\nand you're ready to bind a proxy and launch your first profile.\n\n---\n\n## Usage\n\nFour interchangeable ways to drive ShardX — pick whichever matches the\njob. All four read from the same on-disk state, so a profile created in\nthe UI is reachable from the API, the MCP server and the SDKs without\nany sync step.\n\n### 1. Desktop UI\n\nDay-to-day workflow lives here. Open the app, add a proxy\n(*Proxies* → *Add proxy* — paste `socks5:\u002F\u002Fuser:pass@host:port` or\nbulk-paste a list, hit *Test* to run a TCP + UDP_ASSOCIATE + geo\nprobe), bind it to a profile (*Profiles* → pick one → *Bind proxy*),\nand hit *Start*. The launcher takes care of:\n\n* downloading the engine + Widevine + 170 starter profiles on first\n launch (etag-cached afterward);\n* per-profile `user-data-dir` so cookies \u002F cache \u002F extensions stay\n isolated;\n* resolving timezone \u002F locale \u002F geolocation from the proxy's exit\n country before each launch;\n* deciding QUIC + WebRTC policy from a live UDP probe — QUIC stays on\n when the proxy supports UDP, off when it doesn't, no manual toggle\n needed;\n* re-binding to the same `user-data-dir` next time so you get\n *\"Continue where you left off\"* without the crash-restore bubble.\n\nBulk import \u002F export, folders, tags, pin-to-top, clone, cookie\nimport \u002F export (Chromium SQLite v10 \u002F DPAPI), and a fingerprint\neditor that randomises coherent hardware (CPU ↔ RAM ↔ platform version)\nare all in the workspace.\n\n### 2. Local automation API\n\nAn axum HTTP server bound to `127.0.0.1:40325` (port configurable in\n*Settings → Automation API*). Use this when you want to drive the\nlauncher from your own code — Python, Go, curl, anything that speaks\nHTTP. Every endpoint except `GET \u002Fhealth` requires a Bearer JWT shown\nin *Settings → Automation API* (regenerate rotates the signing secret\nlive).\n\n* **Reference docs:** \u003Chttps:\u002F\u002Fdocs.proxyshard.com\u002Feng\u002Fshardx-launcher-api\u002Fbinding-and-lifecycle>\n* **OpenAPI schema:** [openapi.yaml](openapi.yaml)\n\nLaunching a profile and getting a CDP endpoint:\n\n```bash\nTOKEN=\"\u003Cfrom Settings → Automation API>\"\nBASE=\"http:\u002F\u002F127.0.0.1:40325\"\n\n# Start the profile in CDP mode — returns the websocket the browser\n# is listening on. Reuse it with any CDP client (puppeteer, raw WS,\n# patchright, your own).\ncurl -s -X POST \"$BASE\u002Fprofiles\u002Fwin-rtx4060\u002Fstart?cdp=true&headless=false\" \\\n -H \"Authorization: Bearer $TOKEN\" | jq .\n# → {\"id\":\"win-rtx4060\",\"cdp_url\":\"ws:\u002F\u002F127.0.0.1:53217\u002Fdevtools\u002Fbrowser\u002F…\",\"pid\":48211}\n\n# Stop it.\ncurl -s -X POST \"$BASE\u002Fprofiles\u002Fwin-rtx4060\u002Fstop\" \\\n -H \"Authorization: Bearer $TOKEN\"\n```\n\nEndpoints cover profiles (create \u002F edit \u002F delete \u002F start \u002F stop \u002F list\nrunning), proxies (add \u002F delete \u002F list), fingerprints (generate, list\nlibrary), folders, cookies (export \u002F import) and a fingerprint\ngenerator — full list in the OpenAPI file.\n\n### 3. MCP server\n\nA [Model Context Protocol](https:\u002F\u002Fmodelcontextprotocol.io) server for\nClaude Desktop, Cursor and any other MCP client. Wraps both the\nlauncher's HTTP API and the browser-over-CDP (via patchright) so a\nlanguage model can:\n\n* manage profiles \u002F proxies \u002F fingerprints \u002F folders \u002F cookies through\n the launcher;\n* navigate \u002F click \u002F type \u002F wait \u002F screenshot in a live ShardX\n profile, with the profile auto-starting when needed.\n\nThe app doesn't run the server itself — open *Settings → MCP server →\nDownload MCP server*, pick a folder, then `npm install` and register\nwith your MCP client. Full setup, env vars and tool list in\n**[mcp\u002FREADME.md](mcp\u002FREADME.md)**.\n\nMinimal stdio registration:\n\n```json\n{\n \"mcpServers\": {\n \"shardx\": {\n \"command\": \"node\",\n \"args\": [\"\u002FABSOLUTE\u002FPATH\u002Fmcp\u002Findex.js\"],\n \"env\": {\n \"SHARDX_API\": \"http:\u002F\u002F127.0.0.1:40325\",\n \"SHARDX_TOKEN\": \"\u003CBearer token>\"\n }\n }\n }\n}\n```\n\n### 4. Standalone SDKs (Python \u002F Node)\n\nSelf-contained client libraries that **don't need the desktop app at\nall** — they download the same engine + fingerprint library on first\nuse and launch profiles directly via subprocess, with [patchright](https:\u002F\u002Fgithub.com\u002FKaliiiiiiiiii-Vinyzu\u002Fpatchright)\n(stealth Playwright) attached for control. Same pre-launch pipeline as\nthe launcher: UDP probe → conditional QUIC, geo-resolve for auto\nfields, screen strategy, host-aware hardware randomisation.\n\nUse the SDK when you want ShardX as a library inside a scraper \u002F CI\njob \u002F server-side worker without installing the GUI.\n\n* **Python** — [sdks\u002Fpython\u002FREADME.md](sdks\u002Fpython\u002FREADME.md) — `pip install shardx`\n* **Node** — [sdks\u002Fnode\u002FREADME.md](sdks\u002Fnode\u002FREADME.md) — `npm install @proxyshard\u002Fshardx`\n\n---\n\n## Licensing\n\nThe **launcher** (everything in this `rust\u002Fshardx-launcher\u002F` directory\n— Tauri shell, React UI, Rust source) is open source under the **MIT\nLicense** — see [LICENSE](LICENSE). Use it, fork it, modify it, ship\nit, commercially or otherwise.\n\nThe **browser engine** (the patched Chromium 148 binary that the\nlauncher downloads from our CDN on first run) is distributed as a\n**closed-source binary**. Its source is not published in this\nrepository or elsewhere, and the following are explicitly **not\npermitted**:\n\n* reverse engineering, disassembly, decompilation, or any attempt to\n extract or reconstruct the engine source;\n* redistributing a modified version of the engine;\n* using the engine — or any binary derived from it, with or without\n modification — as part of a commercial anti-detect \u002F browser \u002F\n fingerprint-spoofing product or service.\n\nPersonal use, web scraping, multi-accounting and integration with the\nlauncher's automation API are all fine. If you want to build something\ncommercial on top of the engine, contact us first.\n","ShardBrowser 是一个免费开源的反检测浏览器启动器,专为网络爬虫和多账号管理设计。该项目基于 Chromium 148 引擎,支持 WebGL、WebGPU、Client Hints、字体和 TLS 的指纹伪装,并内置了超过 170 种设备配置文件,同时支持稳定的 QUIC 和通过 SOCKS5 的 WebRTC 通信。ShardBrowser 适用于需要绕过网站检测机制进行数据抓取或同时管理多个在线账户的场景。其核心功能包括设备指纹伪装、代理绑定以及跨平台的用户界面和API接口,便于开发者集成到各种自动化流程中。",2,"2026-06-11 04:08:58","CREATED_QUERY"]