AetherBrowse Governance Contract
This defines browser execution governance for the SCBE execution plane.
Risk Tiers
REFLEX: read-style actions (navigate,screenshot,extract,scroll)DELIBERATION: write/act actions (click,type) or any job explicitly markedrisk_tier=DELIBERATION
Capability Gate
REFLEX: capability token not requiredDELIBERATION: requirescapability_tokenin job payload- Missing token at DELIBERATION tier blocks execution before any remote call
Verification Scoring
Per job score comes from deterministic checks:
- action success checks
verify.must_containstring checksverify.selectors_presentchecksverify.max_redirectscheck
Decision mapping:
score >= 0.90and capability valid ->ALLOW0.60 <= score < 0.90and capability valid ->QUARANTINEscore < 0.60->DENY(orNOISEwhen runner uses--noise-on-deny)- capability invalid ->
DENY/NOISE
DecisionRecord
Each job emits a DecisionRecord at:
artifacts/aetherbrowse_runs/<run_id>/decision_records/<job_id>.json
Each job also emits a trace payload:
artifacts/aetherbrowse_runs/<run_id>/traces/<job_id>.json
Each trace generates deterministic trace_hash (sha256 over canonical JSON).
Screenshot Hashes
Runner emits screenshot_hashes per job. If raw image bytes are available, hash is over image bytes. If API returns truncated base64, hash is over the returned base64 string.
Replay
Given a DecisionRecord + trace file:
- recompute
trace_hashfrom the trace JSON - compare with DecisionRecord
trace_hash - re-run verification checks from trace response payload
- verify resulting score maps to stored decision
One-Command Autopilot
Local service + swarm run (starts and stops service automatically):
.\scripts\run_aetherbrowse_autopilot.ps1
Cloud endpoint mode (no local service):
.\scripts\run_aetherbrowse_autopilot.ps1 `
-UseLocalService:$false `
-EndpointUrl "https://<cloud-run-host>/v1/integrations/n8n/browse" `
-ApiKey "<scbe-browser-api-key>"