Integrate BearBrowser with Workspace Operation Plane and redacted diagnostics

[mdheller]

Purpose

Make BearBrowser a governed browser/workspace surface where browser sessions, captures, downloads, uploads, automation runs, and diagnostics become WorkspaceOperations instead of hidden browser side effects.

Required operation types

• browser.session.start
• browser.capture.create
• browser.download.create
• browser.upload.create
• browser.automation.run
• browser.diagnostics.export_redacted

Required artifacts

• BrowserSession
• WebCapture
• DownloadArtifact
• UploadArtifact
• BrowserAutomationRun
• BrowserDiagnosticBundle

Required controls

• Credential and cookie redaction for diagnostic exports.
• TrustBoundary records for external sites, connectors, auth domains, and third-party automation.
• Policy gates for browser automation, downloads, uploads, and captured content.
• Actor attribution for user, agent, system, and connector initiated browser actions.
• OperationEvent emission for start/progress/failure/retry/cancel/complete.

Integration targets

• SocioProphet/prophet-core-contracts#1
• SocioProphet/prophet-platform#376
• SocioProphet/policy-fabric#46
• SourceOS-Linux/sourceos-spec#87
• SociOS-Linux/workstation-contracts#28
• SourceOS-Linux/sourceos-devtools#19
• SocioProphet/workspace-inventory#4

Acceptance criteria

• Browser captures and downloads produce typed artifacts with provenance.
• Browser automation runs are delegated and auditable.
• Diagnostic export redacts cookies, tokens, auth headers, prompts, and sensitive IDs.
• Downloads/uploads can be blocked, quarantined, admitted, or activated through policy gates.
• BearBrowser does not become policy authority; it renders and obeys Policy Fabric decisions.

Hard rule

No browser automation or capture creates durable workspace state outside the Operation Plane.

[mdheller]

@copilot please implement this as a bounded BearBrowser Operation Plane integration slice.

Scope:

• Add operation-shaped records/examples for browser.session.start, browser.capture.create, browser.download.create, browser.upload.create, browser.automation.run, and browser.diagnostics.export_redacted.
• Add typed artifact examples for BrowserSession, WebCapture, DownloadArtifact, UploadArtifact, BrowserAutomationRun, and BrowserDiagnosticBundle.
• Add redaction helper/stub or fixture for cookies, bearer tokens, OAuth tokens, auth headers, prompts, and sensitive IDs.
• Add TrustBoundary examples for external sites, connectors, auth domains, and third-party automation.

Use current seams:

• SocioProphet/prophet-core-contracts#1 fixtures and schemas.
• SocioProphet/prophet-platform#376 runtime boundary/command helper shape.
• SourceOS-Linux/sourceos-devtools#19 conformance runner.
• SociOS-Linux/workstation-contracts#28 and SourceOS-Linux/sourceos-spec#87.

Validation:

• Add tests or fixtures for capture, download, automation delegation, blocked/quarantined download, and redacted diagnostics.
• Do not implement full browser runtime behavior, policy rules, ledger persistence, or UI shell here.

PR evidence required:

• Summary of files changed.
• Validation commands run and output.
• Explanation of how BearBrowser avoids hidden workspace side effects.