Secrets and user input

CLI secrets

export DEMO_ACCOUNT_EMAIL="person@example.com"

web agent \
  --url https://example.com/login \
  --allow-domain example.com \
  --secret accountEmail=DEMO_ACCOUNT_EMAIL \
  --approval ask \
  "Open the account page and summarize the billing status. Do not change settings."

The CLI reads DEMO_ACCOUNT_EMAIL from your environment and exposes it as accountEmail only to the browser-agent run.

When --allow-domain is present, the secret is scoped to that domain. When no domain is present, the CLI scopes secrets to the start URL domain when it can.

SDK variables

const agent = web.agent({
  model,
  browser: { policy: { allowedDomains: ["example.com"] } },
  approval: "ask",
  variables: {
    accountEmail: {
      value: process.env.DEMO_ACCOUNT_EMAIL ?? "",
      sensitive: true,
      allowedDomains: ["example.com"],
      description: "Demo account email for read-only billing review.",
    },
  },
});

Use descriptions to tell the agent what a variable is for. Keep the raw value out of logs, prompts, and final answers.

Ask for user input

If the workflow needs a human decision, use approvals instead of hiding the decision inside a prompt.

Examples:

Approve a form submission.

Confirm a file upload.

Decide whether a blocker should stop the run.

Review output before sending it to another system.

Public examples should stay read-only. Do not make unattended account changes, purchases, legal acceptances, or destructive operations.

​CLI secrets

​SDK variables

​Ask for user input

CLI secrets

SDK variables

Ask for user input