Objective
Integrate BearBrowser with the SourceOS/SociOS governed local-first agentic graph foundation.
BearBrowser should own browser/workspace state and origin-bound bridge behavior without allowing personal/enterprise profile bleed or raw browser-to-agent authority.
Required work
- Define
sourceos.sync.browser manifest.
- Add
.sourceos/manifest.json.
- Define workspace-bound browser session fixtures.
- Define browser tab/bookmark/session group boundaries.
- Define extension metadata policy class.
- Implement or document SourceChannel-style browser-to-local bridge requirements.
- Ensure personal browser state and enterprise workspace state do not bleed across profiles.
- Emit audit events for browser bridge allow/deny and session boundary changes.
Dangerous surfaces
- browser.bridge.agent
- browser.bridge.shell
- browser.extension.enable
- browser.session.cross_profile_move
- browser.workspace_session.restore
- browser.localhost.bridge
Acceptance criteria
- Browser/workspace state has explicit profile and workspace boundaries.
- High-risk browser-to-agent or browser-to-shell actions require SourceChannel and Policy Fabric.
- Extension enablement is policy-classed and auditable.
.sourceos/manifest.json validates against the sourceos-spec manifest contract once available.
Related
Objective
Integrate BearBrowser with the SourceOS/SociOS governed local-first agentic graph foundation.
BearBrowser should own browser/workspace state and origin-bound bridge behavior without allowing personal/enterprise profile bleed or raw browser-to-agent authority.
Required work
sourceos.sync.browsermanifest..sourceos/manifest.json.Dangerous surfaces
Acceptance criteria
.sourceos/manifest.jsonvalidates against the sourceos-spec manifest contract once available.Related