Add transparent browser automation permission mesh

[mdheller]

Parent standard: SocioProphet/prophet-platform-standards#12

Purpose

BearBrowser should implement the browser-specific portion of Host Runtime Contract v0.1: transparent, user-readable, policy-gated browser automation. Browser automation must never be hidden or ambient. Every sensitive operation should be tied to a capability, permission request, visible reason, expected side effects, and receipt.

Required event families

browser.permission.requested
browser.permission.granted_once
browser.permission.granted_session
browser.permission.denied
browser.dom.read
browser.dom.write
browser.screenshot.capture
browser.clipboard.read
browser.clipboard.write
browser.download.created
browser.native_host.connected
browser.extension.blocked
browser.profile.boundary_crossed
browser.automation.action_started
browser.automation.action_completed
browser.automation.action_failed

Required controls

• Screenshot guard.
• Clipboard guard.
• Coordinate-mode declaration.
• Pixel/target validation where available.
• Grant TTL for automation dispatch.
• Visible pre-action disclosure for write/destructive actions.
• DOM read/write boundary classification.
• Native-host bridge attestation.
• Profile/container boundary eventing.
• Redacted diagnostic export.

Acceptance criteria

• Browser automation operations require an explicit capability ID.
• Screenshot/clipboard/DOM write/download/native-host operations require permission receipts.
• User can see tool, target resource, scope, side effects, and TTL before granting.
• Grants support deny, once, session, project, and policy-bound modes.
• Browser diagnostic export redacts URLs/paths/session IDs by default unless explicitly elevated.
• Tests cover grant denial, grant expiry, background automation blocking, and profile-boundary crossing.