[Phase 1.3.1] Default browser to clean profile — stop copying auth data #20
Description
Phase
Phase 1 — Critical Security | Track 1.3 — Authentication & Access | Priority: P0 CRITICAL
Vulnerability Details
File: operator_use/web/browser/service.py:286-310
CWE: CWE-522 — Insufficiently Protected Credentials
`_copy_auth_files()` copies real Chrome cookies, login data, local storage, and session storage into the automated browser. The LLM has full access to every logged-in account (banking, email, cloud dashboards, etc.).
Fix
- Default `browser.copy_auth` to `false` in config
- Only copy auth files when explicitly opted in: `"browser": {"copy_auth": true}`
- When copy_auth is true, log a WARNING about the security implications
- Add domain allowlist option: `"browser": {"copy_auth_domains": ["github.com"]}`
Acceptance Criteria
- Default browser profile is clean (no auth data copied)
- Config flag `browser.copy_auth` controls behavior
- WARNING logged when copy_auth is enabled
- Domain allowlist option available
- Security tests verify clean profile by default
References
- CWE-522
- Design Doc:
docs/plans/2026-03-29-security-ai-guardrails-performance-design.md