Add BearBrowser service graph fixture

Author: mdheller

examples/services/bearbrowser.service.json

@@ -0,0 +1,58 @@
+{
+  "schema_version": "sourceos.service.v0.1",
+  "service_id": "dev.sourceos.bearbrowser",
+  "display_name": "BearBrowser",
+  "description": "SourceOS private, secure, agent-aware browser product surface. Upstream engine provenance must not leak into product identity surfaces.",
+  "owner": {
+    "org": "SourceOS-Linux",
+    "repo": "BearBrowser",
+    "team": "browser"
+  },
+  "authority_domain": "app",
+  "lifecycle": {
+    "start_mode": "demand",
+    "restart_policy": "policy",
+    "disable_policy": "User may disable non-core helpers; security broker remains product-scoped."
+  },
+  "capabilities": {
+    "required": [
+      "browser.profile.read",
+      "browser.renderer.spawn",
+      "browser.gpu.spawn",
+      "network.client.web",
+      "diagnostics.local.incident"
+    ],
+    "optional": [
+      "ai.inference.local",
+      "security.reputation.query",
+      "telemetry.emit.local"
+    ],
+    "denied": [
+      "telemetry.emit.remote.default",
+      "ipc.lookup.cloud.sync.ambient",
+      "identity.product.upstream_leak"
+    ]
+  },
+  "data_classes": [
+    "browser_profile",
+    "web_content",
+    "download_metadata",
+    "extension_state",
+    "local_diagnostics"
+  ],
+  "launch_triggers": [
+    "user.launch",
+    "url.open",
+    "session.restore"
+  ],
+  "resource_budget": {
+    "memory_mb_soft": 2048,
+    "helper_process_limit": 64,
+    "denial_storm_per_minute": 20
+  },
+  "observability": {
+    "emits_events": true,
+    "health_endpoint": "local://bearbrowser/statez",
+    "incident_bundle": true
+  }
+}