Terminal-first
Content should be viewable through command output and searchable text.
guarded browsing · network visibility · explicit boundaries
Browser + Network Safety
Phase1 browser workflows are meant to be terminal-first and inspectable. The browser should help operators view and reason about content without becoming a hidden, full-trust web runtime.
browser model
A terminal-first browser should be inspectable.
The Phase1 browser idea is not a normal browser replacement. It is a guarded inspection surface for operators. It should show what was requested, what was returned, and what was simplified, stripped, or blocked.
Guarded by default
Network behavior should stay behind clear safety and trust boundaries.
No hidden runtime
The browser should not silently execute active web content like a full browser.
scheme boundaries
URL schemes need explicit rules.
Browser docs should explain which schemes are supported, which are blocked, and why. This prevents confusion when a URL behaves differently from a full desktop browser.
Expected primary public web scheme when network access is available.
Useful for local or explicit non-TLS test workflows, with clear warnings.
Should be guarded carefully because it can imply host filesystem access.
Should not be treated like a normal clickable browser script path.
active content
Active content should be stripped, blocked, or clearly labeled.
If Phase1 renders or extracts web content, users should know whether scripts were removed, styles were simplified, forms were disabled, and media was ignored. The safest documentation posture is to assume simplified inspection unless a build explicitly says otherwise.
- Do not silently run scripts from arbitrary pages.
- Label stripped or simplified HTML output clearly.
- Do not ask users for credentials through the browser workflow.
- Keep page inspection text-first and auditable.
loopback + local testing
Local browsing is useful, but it is still a boundary.
Loopback workflows are valuable for testing local docs, local development servers, and generated output. They should still be documented as a boundary because local services can expose sensitive information or trigger host behavior.
Local docs
Useful for previewing generated site and docs pages.
Development servers
Helpful for testing, but should be obvious when local network access is involved.
Host awareness
Localhost is still the host environment, not the virtual filesystem.
command flow
Browser commands should produce inspectable output.
Exact commands can vary by build. The command reference remains the main map, but browser workflows should follow this style: request, inspect metadata, inspect text, then decide whether to save or discard output.
Request a page through the guarded browser path.
Inspect status, content type, redirect, and cache metadata where available.
Inspect simplified HTML or extracted text when supported.
Save output only when the storage boundary is clear.
visibility
Network behavior should leave a visible trail.
When network access is part of a workflow, Phase1 should make the request visible. Useful details include URL, scheme, redirect, status, content type, output location, and whether content was stripped or simplified.
The requested URL should be visible in output or audit notes.
HTTP status and failure states should be easy to read.
Operators should know if the result was HTML, text, JSON, or something else.
Saved output should identify where it went and how to remove it.
operator checklist
Before browsing, ask five questions.
- What scheme is this? Prefer explicit HTTP/HTTPS behavior.
- Does this touch localhost? Treat loopback as a host boundary.
- Is active content blocked? Do not assume arbitrary scripts are safe.
- Does this ask for credentials? Do not enter passwords or private keys into normal browsing workflows.
- Where does output go? Know whether content is temporary, VFS-backed, or host-backed.
non-claims
Browser docs are safety guidance, not a secure-browser claim.
This page does not claim Phase1 is a production web browser, privacy browser, hardened sandbox, malware-analysis environment, anonymity tool, or complete web runtime. It documents the intended guarded browsing model and public boundaries.