Summary
Implement BearBrowser alignment with the SourceOS Helper Causal Receipts v0.1 architecture contract introduced in SourceOS-Linux/sourceos-shell PR #13.
BearBrowser is one of the highest-risk integration surfaces because browser-visible actions can trigger native file UI, preview, cache cleanup, thumbnailing, WebKit-like helper fan-out, credential-adjacent probes, network-shaped helpers, and policy-denied service lookups.
Required capabilities
- Emit
root_intent.created for:
- native file picker open/save actions
- download preview actions
- PDF/image/office preview actions
- web thumbnail generation
- browser cache cleanup
- page-share/memory candidate helper actions
- Emit
helper.spawn for every preview/cache/thumbnail subprocess.
- Emit
capability.request for sensitive service access:
- network egress
- DNS lookup
- pasteboard
- cookies/session/local storage
- credential store
- browser extension APIs
- analytics/telemetry
- account lookup
- file-provider/cloud sync surfaces
- Emit
helper.exit and receipt completeness for every helper lifecycle.
- Normalize teardown races rather than surfacing raw low-level noise.
Policy profiles to enforce
file_picker.native_ui.v1preview.local_only.v1preview.web_thumbnail.local_only.v1cache_cleanup.local_only.v1
Security invariants
- Web thumbnail helpers never inherit browser session authority.
- Preview helpers deny network and DNS by default.
- Cache cleanup does not receive network authority by default.
- Native file picker helpers do not inherit browser cookies, session state, or extension authority.
- Expected sandbox denials are recorded as containment evidence, not noisy alerts.
- Unexpected capability requests are policy-regression candidates.
Acceptance criteria
- File picker actions produce a root intent and helper DAG.
- Web thumbnail helpers cannot read cookies, credentials, local/session storage, extension APIs, pasteboard, or network by default.
- Cache cleanup records whether any network-shaped helper was spawned and whether egress was denied.
- Local preview tests fail if network, DNS, analytics, account lookup, or pasteboard is allowed.
- BearBrowser exposes or emits enough receipts for SourceOS Shell's “Why did this run?” inspector.
Validation path
Summary
Implement BearBrowser alignment with the SourceOS Helper Causal Receipts v0.1 architecture contract introduced in
SourceOS-Linux/sourceos-shellPR #13.BearBrowser is one of the highest-risk integration surfaces because browser-visible actions can trigger native file UI, preview, cache cleanup, thumbnailing, WebKit-like helper fan-out, credential-adjacent probes, network-shaped helpers, and policy-denied service lookups.
Required capabilities
root_intent.createdfor:helper.spawnfor every preview/cache/thumbnail subprocess.capability.requestfor sensitive service access:helper.exitand receipt completeness for every helper lifecycle.Policy profiles to enforce
file_picker.native_ui.v1preview.local_only.v1preview.web_thumbnail.local_only.v1cache_cleanup.local_only.v1Security invariants
Acceptance criteria
Validation path
check_helper_receipts.pyfrom the artifact packet.SourceOS-Linux/sourceos-shellPR Lane 13: Build full LibreWolf-derived BearBrowser binaries through Nix #13 once merged.