UI-TARS-desktop
UI-TARS-desktop is an open-source TypeScript-based desktop application for building multimodal AI agents that can control computers and browsers using vision models. It supports both local and remote execution, integrates with MCP tools, and includes a CLI, Web UI, and SDK for GUI automation.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | bytedance/UI-TARS-desktop |
| Owner | bytedance |
| Primary language | TypeScript |
| License | Apache-2.0 — OSI-approved |
| Stars | 37.8k |
| Forks | 3.8k |
| Open issues | 406 |
| Latest release | v0.3.0 (2025-11-04) |
| Last updated | 2026-07-01 |
| Source | https://github.com/bytedance/UI-TARS-desktop |
What UI-TARS-desktop is
TypeScript agent stack featuring vision-language model (UI-TARS) integration, browser/computer operators, MCP tool integration, streaming multi-tool support, and event-driven architecture. Supports headless CLI execution, Web UI, and remote operator deployment via isolated sandbox environments.
Get the UI-TARS-desktop source
Clone the repository and explore it locally.
git clone https://github.com/bytedance/UI-TARS-desktop.gitcd UI-TARS-desktop# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Node.js environment required; TypeScript/JavaScript primary. Local operators demand sufficient compute for vision model inference; remote operators abstract this but introduce latency and external dependency.
- MCP tool integration requires explicit configuration; pre-built integrations unknown. Shell commands, file I/O support noted but scope of available tools unclear.
- Model access: UI-TARS-1.5 model used; licensing, rate limits, and pricing for remote inference not documented in provided data.
- Event Stream Viewer and timing statistics aid debugging, but production observability (logging, tracing, alerting) not clearly described.
- Sandbox execution (AIO agent Sandbox) optional but recommended for isolated tool execution; setup complexity unknown.
When to avoid it — and what to weigh
- Strict Security / Airgapped Environments — Remote operators and cloud deployment may require external connectivity. Not suitable for highly restricted environments without network isolation review.
- Production Stability Required Without Vendor Lock-in — Project is young (created Jan 2025, v0.3.0 Nov 2025). Breaking API changes possible; remote operator relies on undisclosed cloud infrastructure.
- Non-Visual Task Automation — Designed for GUI-based workflows. Pure API or CLI tool automation may be over-engineered; use traditional orchestration tools instead.
- Compliance-Heavy Workflows — Computer/browser control with vision models may not meet audit trails or compliance requirements for regulated industries without custom logging/validation.
License & commercial use
Apache License 2.0 (Apache-2.0). Permissive OSI-compliant license allowing commercial use, distribution, and modification with attribution and indemnification clauses.
Apache 2.0 permits commercial use. However, code contributions or dependency chain may carry different licenses. Remote operators and cloud services (if any) are ByteDance-hosted and not covered by the license; terms of service unknown. Verify dependency licenses (Node.js, TypeScript ecosystem) and clarify any SaaS ToS before commercial deployment.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Strong |
| Assessment confidence | High |
Vision model inference on user screenshots/video captures; retention and privacy policies unknown. Remote operators transmit UI data to ByteDance servers; encryption, audit logs, and data handling SLAs not documented. Browser/desktop control requires elevated privileges; no isolation mechanism described beyond optional sandbox. Dependency supply-chain risk (Node.js ecosystem). Recommend security review before handling sensitive workflows.
Alternatives to consider
Anthropic Claude Computer Use API
Closed-source, managed vision-based computer control. Lower operational burden, better support guarantees, but higher per-use cost and vendor lock-in.
OpenAI Canvas + Custom RPA (UiPath, Automation Anywhere)
Traditional RPA with LLM orchestration layer. Better compliance, mature audit trails, but higher licensing cost and steeper learning curve.
LangChain + Vision Model (local) + Playwright/Selenium
DIY agent stack with full control. No vendor infrastructure, but requires substantial engineering effort and custom model integration.
Build on UI-TARS-desktop with DEV.co software developers
Explore UI-TARS-desktop's CLI, Web UI, or SDK to build intelligent agents. Start with the quickstart guide and evaluate vendor lock-in and security requirements for your use case.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
UI-TARS-desktop FAQ
Can I run UI-TARS-desktop fully on-premises without cloud calls?
What vision model does it use, and can I swap it?
How do I integrate custom tools beyond MCP?
Is the project suitable for production use?
Work with a software development agency
DEV.co helps companies turn open-source tools like UI-TARS-desktop into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your mcp servers stack.
Ready to automate your UI workflows?
Explore UI-TARS-desktop's CLI, Web UI, or SDK to build intelligent agents. Start with the quickstart guide and evaluate vendor lock-in and security requirements for your use case.