SourceOS-Linux · Copilot · May 7, 2026 · May 7, 2026 · May 7, 2026
diff --git a/agentplane/registration.yaml b/agentplane/registration.yaml
@@ -28,6 +28,7 @@ spec:
     defaultTtlMinutes: 120
     requiresPolicyDecision: true
     requiresProvenanceSink: true
+    operationPlaneContract: agentplane/workspace-operation-plane.yaml
   sessionStates:
     - requested
     - policy-pending
@@ -103,6 +104,22 @@ spec:
     policyDecisions: PolicyFabric
     provenanceEvents: AgentPlane
     workspaceState: ProphetWorkspace
+  workspaceOperations:
+    required: true
+    types:
+      - browser.session.start
+      - browser.capture.create
+      - browser.download.create
+      - browser.upload.create
+      - browser.automation.run
+      - browser.diagnostics.export_redacted
+    operationEvents:
+      - start
+      - progress
+      - failure
+      - retry
+      - cancel
+      - complete
   provenanceEvents:
     - browser.session.started
     - browser.session.ended

diff --git a/agentplane/session-lifecycle.example.yaml b/agentplane/session-lifecycle.example.yaml
@@ -55,3 +55,12 @@ spec:
     policyDecisions: PolicyFabric
     provenanceEvents: AgentPlane
     workspaceState: ProphetWorkspace
+  workspaceOperations:
+    contract: agentplane/workspace-operation-plane.yaml
+    types:
+      - browser.session.start
+      - browser.capture.create
+      - browser.download.create
+      - browser.upload.create
+      - browser.automation.run
+      - browser.diagnostics.export_redacted
diff --git a/agentplane/workspace-operation-plane.yaml b/agentplane/workspace-operation-plane.yaml
@@ -0,0 +1,98 @@
+apiVersion: sourceos.dev/v1alpha1
+kind: BrowserWorkspaceOperationContract
+metadata:
+  name: bearbrowser-workspace-operation-plane
+  labels:
+    sourceos.dev/product: BearBrowser
+spec:
+  principle: Browser side effects are WorkspaceOperations, not hidden runtime behavior.
+  operationTypes:
+    - browser.session.start
+    - browser.capture.create
+    - browser.download.create
+    - browser.upload.create
+    - browser.automation.run
+    - browser.diagnostics.export_redacted
+  artifacts:
+    - kind: BrowserSession
+      operationType: browser.session.start
+    - kind: WebCapture
+      operationType: browser.capture.create
+    - kind: DownloadArtifact
+      operationType: browser.download.create
+    - kind: UploadArtifact
+      operationType: browser.upload.create
+    - kind: BrowserAutomationRun
+      operationType: browser.automation.run
+    - kind: BrowserDiagnosticBundle
+      operationType: browser.diagnostics.export_redacted
+  controls:
+    redaction:
+      cookies: redact
+      credentials: redact
+      tokens: redact
+      authHeaders: redact
+      prompts: redact
+      sensitiveIds: redact
+    trustBoundaryRecords:
+      required: true
+      dimensions:
+        - externalSite
+        - connector
+        - authDomain
+        - thirdPartyAutomation
+    policyGates:
+      browser.automation.run:
+        decisions:
+          - block
+          - quarantine
+          - admit
+          - activate
+      browser.download.create:
+        decisions:
+          - block
+          - quarantine
+          - admit
+          - activate
+      browser.upload.create:
+        decisions:
+          - block
+          - quarantine
+          - admit
+          - activate
+      browser.capture.create:
+        decisions:
+          - block
+          - quarantine
+          - admit
+          - activate
+    actorAttribution:
+      required: true
+      actors:
+        - user
+        - agent
+        - system
+        - connector
+    operationEvents:
+      required: true
+      lifecycle:
+        - start
+        - progress
+        - failure
+        - retry
+        - cancel
+        - complete
+  durableStateRule:
+    requireOperationPlaneForDurableState: true
+    statement: No browser automation or capture creates durable workspace state outside the Operation Plane.
+  authority:
+    policyAuthority: PolicyFabric
+    statement: BearBrowser renders and obeys Policy Fabric decisions and is not policy authority.
+  integrationTargets:
+    - SocioProphet/prophet-core-contracts#1
+    - SocioProphet/prophet-platform#376
+    - SocioProphet/policy-fabric#46
+    - SourceOS-Linux/sourceos-spec#87
+    - SociOS-Linux/workstation-contracts#28
+    - SourceOS-Linux/sourceos-devtools#19
+    - SocioProphet/workspace-inventory#4
diff --git a/automation/playwright-adapter.yaml b/automation/playwright-adapter.yaml
@@ -17,6 +17,29 @@ spec:
     requireSessionToken: true
     requireEphemeralPort: true
     denyCredentialExport: true
+    operationContract: agentplane/workspace-operation-plane.yaml
+  workspaceOperations:
+    requiredTypes:
+      - browser.session.start
+      - browser.capture.create
+      - browser.download.create
+      - browser.upload.create
+      - browser.automation.run
+      - browser.diagnostics.export_redacted
+    operationEvents:
+      - start
+      - progress
+      - failure
+      - retry
+      - cancel
+      - complete
+    trustBoundaryRecords:
+      required: true
+      dimensions:
+        - externalSite
+        - connector
+        - authDomain
+        - thirdPartyAutomation
   events:
     required:
       - browser.session.started

diff --git a/automation/stagehand-adapter.yaml b/automation/stagehand-adapter.yaml
@@ -17,6 +17,29 @@ spec:
     requireStructuredExtractionPolicy: true
     denyCredentialExport: true
     denyPolicyBypass: true
+    operationContract: agentplane/workspace-operation-plane.yaml
+  workspaceOperations:
+    requiredTypes:
+      - browser.session.start
+      - browser.capture.create
+      - browser.download.create
+      - browser.upload.create
+      - browser.automation.run
+      - browser.diagnostics.export_redacted
+    operationEvents:
+      - start
+      - progress
+      - failure
+      - retry
+      - cancel
+      - complete
+    trustBoundaryRecords:
+      required: true
+      dimensions:
+        - externalSite
+        - connector
+        - authDomain
+        - thirdPartyAutomation
   events:
     required:
       - browser.session.started

diff --git a/automation/terminal-browser-adapters.yaml b/automation/terminal-browser-adapters.yaml
@@ -13,6 +13,29 @@ spec:
     denyCredentialExport: true
     denyAmbientHostFilesystem: true
     requireProvenanceEvents: true
+    operationContract: agentplane/workspace-operation-plane.yaml
+  workspaceOperations:
+    requiredTypes:
+      - browser.session.start
+      - browser.capture.create
+      - browser.download.create
+      - browser.upload.create
+      - browser.automation.run
+      - browser.diagnostics.export_redacted
+    operationEvents:
+      - start
+      - progress
+      - failure
+      - retry
+      - cancel
+      - complete
+    trustBoundaryRecords:
+      required: true
+      dimensions:
+        - externalSite
+        - connector
+        - authDomain
+        - thirdPartyAutomation
   adapters:
     - name: carbonyl
       capability: browser.terminal.carbonyl

diff --git a/docs/agentplane-prophet-workspace-integration.md b/docs/agentplane-prophet-workspace-integration.md
@@ -34,6 +34,7 @@ Commands must include or resolve:
 - Downloads, captures, profile state, and provenance are governed mounts.
 - Remote debugging is denied unless explicitly granted.
 - Terminal browser backends are capability classes, not authority grants.
+- Durable browser automation/capture/download/upload state is admitted through Workspace Operation Plane records only.
 
 ## Prophet Workspace state
 
@@ -79,4 +80,4 @@ Prophet Workspace adapter:
 
 ## Events
 
-BearBrowser uses the event contract in `docs/provenance-events.md` and the lifecycle example in `agentplane/session-lifecycle.example.yaml`.
+BearBrowser uses the event contract in `docs/provenance-events.md`, lifecycle example in `agentplane/session-lifecycle.example.yaml`, and the Workspace Operation Plane contract in `agentplane/workspace-operation-plane.yaml`.
diff --git a/docs/integration-contract.md b/docs/integration-contract.md
@@ -5,6 +5,7 @@ BearBrowser integrates with:
 - AgentPlane for runtime registration and capability discovery
 - PolicyFabric for network, file, credential, and capture policy
 - Prophet Workspace for user-visible workspace control
+- Workspace Operation Plane for browser session, capture, download, upload, automation, and redacted diagnostics records
 - TopoLVM/local mount planning for browser state and downloads
 - Matrix/Hermes for command, event, and session coordination
 - Sherlock/Holmes where browser activity becomes inspectable operational evidence

diff --git a/docs/provenance-events.md b/docs/provenance-events.md
@@ -2,6 +2,20 @@
 
 BearBrowser emits provenance events so AgentPlane, PolicyFabric, and Prophet Workspace can reconstruct browser activity without relying on opaque agent logs.
 
+## Workspace Operation Plane mapping
+
+BearBrowser browser side effects must map to WorkspaceOperations:
+
+- `browser.session.start` -> `BrowserSession`
+- `browser.capture.create` -> `WebCapture`
+- `browser.download.create` -> `DownloadArtifact`
+- `browser.upload.create` -> `UploadArtifact`
+- `browser.automation.run` -> `BrowserAutomationRun`
+- `browser.diagnostics.export_redacted` -> `BrowserDiagnosticBundle`
+
+Each operation emits `OperationEvent` lifecycle states: `start`, `progress`, `failure`, `retry`, `cancel`, and `complete`.
+Operation records require actor attribution (`user`, `agent`, `system`, or `connector`) and TrustBoundary metadata (`externalSite`, `connector`, `authDomain`, `thirdPartyAutomation`).
+
 ## Event envelope
 
 Each event should include:
@@ -20,7 +34,7 @@ Each event should include:
 - `decision` for policy events
 - `reason` for denied actions
 
-Events must not contain passwords, payment card values, passkey private material, biometric material, tokens, cookies, or other secret values.
+Events must not contain passwords, payment card values, passkeys private material, biometric material, tokens, cookies, auth headers, prompt content, sensitive IDs, or other secret values.
 
 ## Required events
 

diff --git a/mounts/agent-browser-mounts.yaml b/mounts/agent-browser-mounts.yaml
@@ -21,6 +21,14 @@ spec:
       provenance:
         emitOnCreate: browser.download.created
         requireSha256: true
+        workspaceOperationType: browser.download.create
+      policyGate:
+        required: true
+        decisionModes:
+          - block
+          - quarantine
+          - admit
+          - activate
     - name: profile
       mountClass: agent-profile
       purpose: Ephemeral browser profile state, cookies, local storage, extension state, and browser cache partition metadata.
@@ -44,6 +52,36 @@ spec:
       provenance:
         emitOnCreate: browser.capture.created
         requireSha256: true
+        workspaceOperationType: browser.capture.create
+      policyGate:
+        required: true
+        decisionModes:
+          - block
+          - quarantine
+          - admit
+          - activate
+    - name: uploads
+      mountClass: agent-uploads
+      purpose: Files staged for browser upload operations under PolicyFabric control.
+      defaultPath: /workspace/uploads
+      mode: readOnly
+      governed: true
+      required: false
+      persistByDefault: false
+      restrictions:
+        requireExplicitGrant: true
+        denySymlinkEscape: true
+        denyDeviceFiles: true
+      provenance:
+        emitOnUse: browser.upload.created
+        workspaceOperationType: browser.upload.create
+      policyGate:
+        required: true
+        decisionModes:
+          - block
+          - quarantine
+          - admit
+          - activate
     - name: cache
       mountClass: agent-cache
       purpose: Disposable network and browser build/runtime cache.
@@ -90,3 +128,7 @@ spec:
     - ~/.kube
     - /var/run/docker.sock
     - /var/run/podman/podman.sock
+  durableState:
+    operationPlaneRequired: true
+    operationContract: agentplane/workspace-operation-plane.yaml
+    statement: No browser automation or capture creates durable workspace state outside the Operation Plane.
diff --git a/policy/bearbrowser-contract.yaml b/policy/bearbrowser-contract.yaml
@@ -88,6 +88,7 @@ spec:
         noAmbientCloudCredentialAccess: true
         allowedMountClasses:
           - agent-downloads
+          - agent-uploads
           - agent-profile
           - agent-captures
           - agent-cache
@@ -134,3 +135,27 @@ spec:
     eventSink: AgentPlane
     policyDecisionSink: PolicyFabric
     workspaceVisibilitySink: ProphetWorkspace
+  workspaceOperations:
+    required: true
+    operationContract: agentplane/workspace-operation-plane.yaml
+    requiredTypes:
+      - browser.session.start
+      - browser.capture.create
+      - browser.download.create
+      - browser.upload.create
+      - browser.automation.run
+      - browser.diagnostics.export_redacted
+    operationEventLifecycle:
+      - start
+      - progress
+      - failure
+      - retry
+      - cancel
+      - complete
+    policyAuthority: PolicyFabric
+    policyMediatedTypes:
+      - browser.capture.create
+      - browser.download.create
+      - browser.upload.create
+      - browser.automation.run
+      - browser.diagnostics.export_redacted