Trust model

A local control boundary for AI browser work.

DocuBench keeps agent browser work visible, scoped, and reviewable. Agents work through a local workbench with site boundaries, typed browser tools, and activity review.

Assurance summary

How DocuBench keeps browser work bounded.

Each session runs through a local workbench with scoped MCP tabs, typed browser actions, navigation policy, content sanitization, and reviewable activity.

Local workbench boundary

The MCP workbench runs on your machine, binds to loopback, and uses a workbench-specific bearer token.

Scoped MCP tabs

Browser tools operate on tabs owned by the active workbench. Paid concurrent workbenches keep separate tab pools.

Named browser tools

Agents ask for typed actions such as read, screenshot, click, type, scroll, and drag.

Navigation policy

Unknown destinations can be rejected or sent to you for approval before the agent continues.

Sanitized content

Normal browser reads remove scripts, styles, tracking pixels, and hidden security/session fields.

Live review

Audit entries show session activity live, with optional local persistence for MCP Power User.

Browser boundaries

Agents operate inside MCP-owned tabs.

Browser tools use pool-local tab IDs from the active workbench. They can only address tabs owned by that workbench. When MCP Power User runs multiple workbenches at once, their tab pools and tab IDs stay separate.

DocuBench browser tabs run on Electron's embedded Chromium engine, the open-source browser engine used by Chrome and Edge. Agent-owned tabs are configured as isolated browser surfaces with sandboxing, context isolation, disabled Node integration, and normal web security enabled.

Navigation tab

Purpose

General scoped browsing

Boundary

Workbench allow list, deny list, and new-site policy

Site agent tab

Purpose

Repeated work on one configured website

Boundary

Configured site boundary

Developer host tab

Purpose

Local or developer-controlled workflows

Boundary

Configured host boundary with raw-content mode

Browser content and tool results

Sanitized page content from normal navigation and site agent tabs

Screenshots when visual state matters

Tool status, errors, and structured results

Raw HTML only from developer host tab configured for development workflows

What the agent can receive

Browser content is explicit, and normal reads are sanitized.

DocuBench does not collect or route browser page content, screenshots, or tool results through DocuBench cloud services. That information flows from the desktop app to the MCP client used by your AI agent. Your AI agent environment or model provider handles it according to its own policy.

Before actions run

Agent approval does not bypass workbench policy.

Your AI agent environment may ask whether a tool call is allowed. DocuBench still applies its own tab boundaries, navigation rules, action guards, and site policies before or during browser execution.

Workbench guard layers

Tool approval for the AI agent does not bypass DocuBench workbench policy.

Navigation checks run before explicit navigation and stay active for redirects, popups, and page-driven navigation.

Downloads from MCP tabs are blocked.

Password fields, file uploads, and ambiguous form submissions are restricted.

Navigation tabs allow only search-like GET submissions when they can be classified safely.

Activity review

local trail

Live audit

Review navigation attempts, approvals, denials, tool calls, statuses, and saved artifacts where enabled.

Local persistence

MCP Power User can save a local audit trail in the configured work folder.

Audit summaries redact sensitive parameter keys such as authorization, token, password, secret, and API key.

Review and audit

Visibility during the session, local records when enabled.

Audit is for visibility, review, and records you can use in your own governance process. Paid local persistence saves a workbench trail in your configured work folder.

Limits

What DocuBench does not control.

DocuBench gives you browser boundaries and review tools, but it does not replace your judgment about AI agents, model providers, websites, or data handling by the AI agent environment.

DocuBench does not choose or operate your AI agent, MCP client, or model provider.

DocuBench does not judge whether every agent decision is correct.

DocuBench does not make third-party websites safe or change their terms, permissions, or data handling.

Local audit persistence can support internal review or compliance workflows, but it is not a compliance certification or server-side audit service.

DocuBench processes account, authentication, billing, subscription, and limited service-operation data as described in the Privacy Policy.

DocuBench does not control how your connected AI agent environment stores or processes browser content and tool results after receiving them.

Practical safety checklist

Keep allow lists narrow.

Use separate workbenches for distinct trust boundaries.

Avoid putting secrets in site instructions.

Review audit activity for important sessions.

Next step

Use a browser workbench with boundaries you can inspect.

Start with a local workbench, narrow the sites an agent may use, and review the browser activity as it happens.

Open the manual