Skip to main content
Browser work touches real websites, credentials, files, and signed browser capabilities. Keep secrets out of prompts and logs, and use policy boundaries before the browser touches sensitive systems.

Credentials

CredentialWhere it belongs
Webcompute API keyweb login, WEBCOMPUTE_API_KEY, or new Web({ apiKey })
Model provider keyProvider-specific environment variable such as OPENROUTER_API_KEY, OPENAI_API_KEY, or another verified model route key
User secrets for agent runs--secret name=ENV_VAR in the CLI or SDK variables with domain scope
Debug UI and CDP URLsShort-lived internal logs or UI only, never public transcripts
Do not paste real keys into prompts, issue trackers, source control, or shared transcripts.

Signed browser capabilities

Debug UI and CDP URLs are bearer capabilities. Anyone with the URL can inspect or control the browser within that capability’s scope. Use them intentionally:
  • Request --debug-url only when a human needs it.
  • Redact signed URLs from logs.
  • Avoid passing signed URLs back into untrusted model prompts.
  • Close browsers when inspection is complete.

Policy boundaries

Browser policy lets you limit where a browser can go and how it handles downloads, uploads, private-network access, and approvals. 
const browser = await web.browser.create({
  policy: {
    allowedDomains: ["sec.gov"],
    downloads: { mode: "allow", maxBytes: 25_000_000 },
    uploads: { mode: "requireApproval" },
    approvals: { destructiveActions: "requireApproval" },
  },
});
Use strict domain policy for workflows with known targets. Use approvals when the workflow can touch authentication, file upload, form submission, destructive actions, payments, purchases, legal acceptance, or other sensitive behavior. Reference: secrets and user input, policy and proxy, policy reference, proxy reference, and environment variables.