This repository currently supports the latest 0.1.x release line.

WinCtl can observe and control a real Windows desktop. Treat it as a powerful automation tool, not a sandbox.

• Do not run it unattended on an administrator session.
• Do not use it for payments, account changes, password entry, 2FA, or destructive actions without explicit human confirmation.
• Prefer --expect-title or --expect-process when targeting a specific application.
• Use a dedicated low-privilege user account and a dedicated browser profile for autonomous workflows.

If you find a security issue, open a private security advisory or contact the maintainers privately instead of filing a public issue.