Shelvia
Conceptbeta

Browser Capture

Browser Capture captures. It does not control. Every send is a user click in the popup, every capture lands in the review queue, and nothing becomes trusted memory without human approval.

Principle

Browser Capture captures, it does not control. The extension reads visible content the user is already looking at, the user clicks Send in the popup, and the capture enters the review queue. There is no background capture, no autonomous run, no agent loop, and no silent navigation.

  • User-initiated only, every send requires an explicit click in the popup. No background capture, no auto-capture on navigation, no scheduled capture.
  • No cookies, no session tokens, no Authorization headers, the extension reads visible content, not credentials.
  • No full DOM scraping, visible text and the user's selection only. Hidden, off-screen, script, style, and input subtrees are filtered before the payload is built.
  • Narrow host permissions, only the five supported AI hosts plus a small retained experimental set. No <all_urls>, no webRequest, no history, no full tabs.
  • Local preview + edit + redact before send, the captured body lives in extension memory until you click Send.
  • Screenshots stay off, capture is text-only in 0.3.0.

Supported hosts

  • chatgpt.com
  • claude.ai
  • perplexity.ai (and www.perplexity.ai)
  • gemini.google.com
  • notebooklm.google.com

A small set of additional hosts is supported experimentally for power users; the public-facing supported set is the five above.

What happens after Send

  • The payload is validated against the same size, URL-protocol, private-host, and forbidden-key rules every API write goes through.
  • The capture lands in the review queue as a candidate, never trusted memory directly.
  • A workspace member reviews each capture in the review surface, where a provenance card shows the source tool, host, page title, page URL, capture method, browser, and extension version.
  • Approval is the only path from capture to trusted memory.

Not yet supported

  • Screenshot upload, payloads that include a screenshot_blob are rejected.
  • Continue Pack, the popup carries a disabled disclosure shell; no working endpoint yet.
  • Agent Compatibility, integration capabilities are reachable today; per-runtime manual attestation is ongoing.
  • Browser automation, autonomous capture, or silent capture, never on the roadmap.

For runnable code samples and the developer reference, see /developers. For the trust model in depth, see /security.