Security + Consent

Safe agent work needs visible boundaries.

Nova treats site data, proxy use, external calls, and mutating actions as controlled surfaces. Users should understand why an approval is needed and what happens after it.

Browser Surface Framework Gates

Trust Model

Approvals remain part of the surface.

Security is not a hidden policy file. Nova brings sensitive decisions into the visible work flow: site data, proxy access, shell boundaries, and external connections.

Scoped grants limit access to cookies, storage, and domain context.
Redaction protects tokens, proxy credentials, and sensitive output.
Navigation safety prevents unclear or duplicate browser actions.

Controlled Areas

Site DataCookie, storage, and cache access only with a traceable scope.

ProxyCredentials and runtime state stay separate from normal browser actions.

External MCPExternal tools run through explicit routing and security rules.

ApprovalsMutating actions can be visibly paused and confirmed.

User Confidence

The best security surface is understandable.

The website therefore presents security not as an alarm system, but as a calm control room for agent work.

Scope

Limit

Which domain, tab, and data may be used?

Explain

Which action will run, and why is it relevant for the task?

Record

Trace

Result, error, and approval status remain readable for later runs.