# PlatPhorm BrowserOps Website: https://browserops.platphormnews.com Description: BrowserOps is the canonical browser automation, UI verification, route compliance, screenshot/artifact, accessibility, trace-propagation, and cross-site usability proof layer for the PlatPhormNews web mesh. ## Purpose BrowserOps proves that every trusted PlatPhormNews site is actually usable by humans and machines. It is not Trace, MCP, Docs, Claws, Evals, Sandbox, Webhooks, AgentUI, Atlas, Monitor, Sheets, Decks, or Base; those are integrations. ## Current Counts - Discovered sites: 177 - Trusted domains: 176 - Pending sitemap domains: 1 - Generated browser journey templates: 177 (source: root graph + base sitemap; not claimed as executed runs) - Public-safe runs in current registry: 20 - Public-safe artifacts in current registry: 17 - Standard route checks: 24 - Storage: persistent (neon) ## Public Read Endpoints - /api/health - /api/v1/health - /api/docs - /openapi.yaml - /openapi.json - /asyncapi.yaml - /api/mcp - /api/browserops/status - /api/browserops/journeys - /api/browserops/runs - /api/browserops/validate-url - /api/browserops/suite - /api/browserops/integrations - /api/browserops/integrations/{service}/events - /api/browserops/coverage - /api/browserops/evidence - /api/browserops/handoffs - /api/browserops/handoffs/{id}/events - /api/browserops/events - /api/web4/status - /api/web4/manifest - /api/web4/scorecard - /api/web4/fingerprints - /api/provenance/lookup - /api/provenance/verify - /api/v1/journeys - /api/v1/runs - /api/v1/network/sites - /api/v1/network/domains - /api/v1/network/trusted-domains - /api/v1/network/route-compliance - /api/v1/network/discovery-compliance - /api/v1/network/ui-compliance - /api/v1/network/trace-propagation - /api/v1/sitemaps/coverage - /api/v1/feeds - /api/v1/integrations - /api/v1/integrations/status - /api/v1/agent-policy - /api/v1/agent-policy/platforms - /api/v1/agent-policy/robots - /api/v1/agent-policy/summary - /api/v1/protected-actions - /llms.txt - /llms-full.txt - /llms-index.json - /rss.xml - /feed.xml - /sitemap.xml - /sitemap-index.xml - /robots.txt - /manifest.webmanifest - /.well-known/mcp.json - /.well-known/web4.json - /.well-known/provenance.json - /.well-known/agents.json - /.well-known/agent-policy.json - /.well-known/ai-policy.json - /.well-known/security.txt - /.well-known/trust.json ## Protected Actions - POST /api/browserops/run - POST /api/browserops/send-handoff - POST /api/v1/journeys - PUT /api/v1/journeys/{id} - DELETE /api/v1/journeys/{id} - POST /api/v1/journeys/{id}/run - POST /api/v1/journeys/{id}/dry-run - POST /api/v1/runs - POST /api/v1/runs/{id}/cancel - POST /api/v1/runs/{id}/publish-docs - POST /api/v1/runs/{id}/export-sheets - POST /api/v1/runs/{id}/generate-deck - POST /api/v1/network/run-smoke - POST /api/v1/network/graph/sync - POST /api/v1/sitemaps/sync - POST /api/v1/feeds/sync - POST /api/v1/protected-actions/{id}/confirm - POST /api/v1/protected-actions/{id}/execute ## BrowserOps Suite Role BrowserOps proves what happened in the browser. AgentUI remains the workflow UI surface. Spec remains the contract truth engine. MCP remains the tool registry. Sandbox remains the bounded execution lab. WebhookLab remains the event surface. Claws remains the planning and remediation harness. Trace remains the timeline observability spine. Monitor remains the infrastructure surface. Sheets remains the tabular evidence surface. Docs remains the publishing surface. Evals remains the scorecard and release gate. ## Handoff Model - Inbound handoffs use platphorm.handoff.v1 envelopes. - Public dry-runs validate envelopes and produce preview_ready state without remote dispatch. - Protected send-handoff requires PLATPHORM_API_KEY. - Protected send-handoff only attempts downstream delivery when dispatch=true; BrowserOps marks sent or accepted only after a trusted HTTPS response. - Handoff and run events are mirrored to /api/browserops/events and, when DATABASE_URL is configured, written to the database outbox for recovery. - BrowserOps says "Delegation requested", "Delegation accepted", "Delegation completed", "Delegation degraded", or "Delegation requires protected authorization"; it does not say "Sent" unless a downstream response confirms it. ## AsyncAPI Events - Event polling: /api/browserops/events?runId=&handoffId=&serviceId= - Run SSE: /api/browserops/runs/{id}/events - Handoff events: /api/browserops/handoffs/{id}/events - Integration events: /api/browserops/integrations/{service}/events - browserops.run.queued - browserops.run.started - browserops.run.step.started - browserops.run.step.completed - browserops.artifact.created - browserops.handoff.created - browserops.handoff.sent - browserops.handoff.completed - browserops.run.completed - browserops.run.failed - browserops.run.degraded ## Web4 Evidence - Web4 manifest: /.well-known/web4.json - Provenance policy: /.well-known/provenance.json - Scorecard: /api/web4/scorecard - Public-safe fingerprints: /api/web4/fingerprints - Provenance lookup: /api/provenance/lookup - Provenance verify: /api/provenance/verify - Raw JA4 and x-vercel-ja4-digest are not public provenance and are never contract-anchor eligible. ## Authentication Public-safe reads do not require authentication. Protected actions are satisfied by PLATPHORM_API_KEY via either: - Authorization: Bearer $PLATPHORM_API_KEY - X-PlatPhorm-API-Key: $PLATPHORM_API_KEY - Server-side Vercel environment for BrowserOps UI-triggered trusted-domain runs Service-specific platform key names are not supported. ## Public Boundary Public read-only access covers dashboard summaries, public-safe journey and run summaries, public-safe route/discovery/UI/trace propagation summaries, docs, discovery files, health, RSS/feed/sitemap outputs, and read-only MCP introspection. ## Protected Boundary Creating journeys, running browser journeys, network smoke tests, sensitive artifacts, replay/report/export/remediation actions, registry mutation, eval triggers, sandbox triggers, webhook simulations, and write actions require PLATPHORM_API_KEY. BrowserOps UI-triggered trusted-domain browser runs may use the server-side Vercel PLATPHORM_API_KEY when no operator key is entered. ## Run API Behavior - POST /api/browserops/run with dryRun=true is public-safe and returns preview_ready without launching a browser or storing a run record. - Run buttons in the Journey Catalog open a protected action panel; they are not raw links to POST-only endpoints. - GET /api/v1/journeys/{id}/run returns structured method_not_allowed JSON with allowedMethods: ["POST"]. - POST /api/v1/journeys/{id}/run without a request key uses the server-side Vercel PLATPHORM_API_KEY when configured; otherwise it returns structured auth_required or unavailable JSON. - Sandbox validation is explicit. BrowserOps does not silently replace a browser run with Sandbox. ## Trace Propagation Every BrowserOps run creates a root browser journey trace, child spans for browser work, propagates W3C traceparent/tracestate and safe PlatPhorm headers, and links to trace.platphormnews.com. Missing propagation is reported as degraded or failed, never hidden. ## Vercel JA4 Digest Policy x-vercel-ja4-digest is fingerprint-adjacent metadata. BrowserOps may use a redacted digest for protected trace correlation, but raw values are not exposed in public UI, RSS, sitemap, llms files, OpenAPI examples, client logs, or public artifacts. ## platphormctl Examples - platphormctl browserops check https://browserops.platphormnews.com - platphormctl browserops screenshot https://browserops.platphormnews.com - platphormctl browserops links https://browserops.platphormnews.com - platphormctl browserops flow browserops-homepage-smoke - platphormctl site inspect browserops - platphormctl mcp validate browserops - platphormctl policy inspect browserops ## MCP - Endpoint: /api/mcp - Tools: - get_browserops_status - list_browserops_journeys - get_browserops_journey - list_browserops_runs - get_browserops_run - get_browserops_run_timeline - list_browserops_artifacts - get_public_browserops_artifact - list_browserops_integrations - get_browserops_integration - get_browserops_suite_registry - get_browserops_coverage - get_browserops_web4_manifest - get_browserops_web4_status - get_browserops_scorecard - list_browserops_fingerprints - lookup_browserops_provenance - verify_browserops_provenance - send_browserops_handoff - run_browserops_journey - rerun_browserops_run - cancel_browserops_run - refresh_route_evidence - refresh_discovery_evidence - refresh_ui_compliance - publish_browserops_report_to_docs - send_browserops_results_to_evals - send_browserops_results_to_sheets - send_browserops_trace_update - rebuild_browserops_fingerprints - create_browserops_provenance - sign_browserops_provenance - publish_browserops_artifact_to_ipfs - list_journeys - get_journey - list_runs - get_run - get_run_steps - get_run_artifacts - get_run_screenshots - get_run_trace - get_run_report - get_site_ui_compliance - get_network_ui_compliance - get_route_compliance - get_discovery_compliance - get_trace_propagation_status - get_vercel_metadata - validate_standard_routes - validate_discovery_links - validate_accessibility - validate_trace_propagation - compare_runs - list_trusted_domains - validate_trusted_domain - get_integration_status - get_agent_policy - list_agent_platforms - get_agent_platform - evaluate_agent_access - get_robots_policy - get_ai_policy - get_trust_policy - get_discovery_manifest - get_public_access_summary - get_health - get_info - create_journey - update_journey - delete_journey - run_journey - dry_run_journey - run_site_smoke_test - run_network_smoke_test - cancel_run - generate_browser_remediation_plan - publish_docs_report - create_sheet_report - create_deck_summary - sync_network_graph - sync_sitemap_index - sync_feeds - trigger_eval - trigger_sandbox_test - trigger_webhook_simulation - update_agent_policy - refresh_agent_platform_registry - Resources: - browserops://journeys - browserops://runs - browserops://runs/{id} - browserops://runs/{id}/artifacts - browserops://runs/{id}/screenshots - browserops://runs/{id}/trace - browserops://network/ui-compliance - browserops://network/route-compliance - browserops://network/discovery-compliance - browserops://network/trace-propagation - browserops://network/trusted-domains - browserops://sites/{slug}/ui - browserops://sites/{slug}/vercel - browserops://integrations - browserops://openapi - browserops://llms - browserops://trust-policy - agent-policy://summary - agent-policy://platforms - agent-policy://robots - agent-policy://ai-policy - agent-policy://trust-policy - Prompts: - create_browser_journey - investigate_failed_journey - fix_ui_regression - generate_site_ui_remediation - design_cross_site_browser_test - review_accessibility_findings - validate_standard_routes - validate_trace_propagation - generate_browserops_patch - create_agentui_render_check - create_release_evidence_report - explain_run_api_protected_action - human_machine_ui_handoff ## Cross-Site Integrations - trace: https://trace.platphormnews.com - mcp: https://mcp.platphormnews.com - claws: https://claws.platphormnews.com - docs: https://docs.platphormnews.com - evals: https://evals.platphormnews.com - webhooklab: https://webhooklab.platphormnews.com - sandbox: https://sandbox.platphormnews.com - agentui: https://agentui.platphormnews.com - atlas: https://atlas.platphormnews.com - monitor: https://monitor.platphormnews.com - sheets: https://sheets.platphormnews.com - decks: https://decks.platphormnews.com - spec: https://spec.platphormnews.com - json: https://json.platphormnews.com - xml: https://xml.platphormnews.com - markdown: https://markdown.platphormnews.com - insights: https://insights.platphormnews.com - catalog: https://catalog.platphormnews.com - platphormctl: https://github.com/platphormnews/platphormctl ## Trust Policy Web dashboard, public-safe discovery, browser-based operations, trusted-domain discovery, standard route compliance, Vercel metadata capture, trace inspection, and agentic workflow discovery are intentionally supported for public read-only debugging and operator workflows. Mutating, administrative, ingestion, replay, fork, remediation, deployment, sync, test-triggering, reporting, and write actions require PLATPHORM_API_KEY. Updated: 2026-05-25T08:57:13.769Z ## Phase 2 Capabilities - network-wide browser journey synthesis from root graph and base sitemap - real Playwright journey execution where the runtime supports browsers - real screenshot capture with Blob storage when BLOB_READ_WRITE_TOKEN is configured - public-safe route, discovery, UI, trace propagation, and Vercel metadata summaries - JSON-RPC 2.0 MCP tools/resources/prompts - Run Action panel for protected POST-only BrowserOps execution - explicit Sandbox validation mode that does not replace BrowserOps runs - suite-aware handoff cockpit for AgentUI, Spec, MCP, Sandbox, WebhookLab, Claws, Trace, Monitor, Sheets, Docs, and Evals - AsyncAPI event contract for run, artifact, and handoff status updates - Web4 manifest, scorecard, public-safe fingerprints, and provenance lookup/verify surfaces - honest degraded state when persistence, Blob storage, or browser runtime is unavailable - no synthetic runs, screenshots, pass rates, route compliance, or anchor-only service lists