Browser control and safety
Once the Chrome extension is connected, the agent can read page content, take screenshots, click links, fill forms, and navigate between pages. This is powerful — it's also the riskiest thing the agent does on your behalf — so there are two safety toggles you control.
Both toggles live in the Browser tab of the chat context panel, where you can see the extension status and configure the policy in the same place.
Read-only mode — when on, the agent can read and screenshot pages but cannot click, type, or submit forms. Great for "look at this and tell me what you see" tasks where you don't want the agent touching anything. Turn this off only when you specifically want the agent to interact with pages.
URL allowlist — a list of domains the agent is allowed to act on. The agent cannot navigate to or act on any URL not in the list. If the list is empty, all URLs are allowed — this is the permissive default. Add entries like example.com to lock things down. Useful if you want the agent to only ever touch your own site or a specific SaaS dashboard.
Combining the two — read-only mode and the allowlist are independent. You can be in read-only mode with an empty allowlist (the agent sees everything but can't act), or you can have interaction enabled but locked to a single domain (the agent can only act on that domain).
The audit trail — every browser action the agent takes is captured in the chat transcript. You can scroll back and see exactly what it clicked, typed, and loaded.