Integrate BearBrowser browser actions into Workspace Operation Plane with typed artifacts and redacted diagnostics

[Copilot]

This change makes browser-side effects first-class WorkspaceOperations instead of implicit runtime behavior. It adds explicit governance for browser sessions, captures, downloads/uploads, automation runs, and diagnostic exports with required redaction, trust boundaries, policy gates, actor attribution, and operation lifecycle events.

• Operation Plane contract

  • Added agentplane/workspace-operation-plane.yaml as the source contract for:
    • operation types:
      browser.session.start, browser.capture.create, browser.download.create, browser.upload.create, browser.automation.run, browser.diagnostics.export_redacted
    • typed artifacts:
      BrowserSession, WebCapture, DownloadArtifact, UploadArtifact, BrowserAutomationRun, BrowserDiagnosticBundle
    • controls: diagnostic redaction fields, trust-boundary dimensions, policy gate decisions, actor attribution model, OperationEvent lifecycle (start/progress/failure/retry/cancel/complete)
    • hard rule: no durable browser automation/capture state outside the Operation Plane

• Integration wiring across governance surfaces

  • Wired the contract into AgentPlane capability registration, policy contract, workspace surface, lifecycle example, mount plan, and automation adapters:
    • agentplane/registration.yaml
    • policy/bearbrowser-contract.yaml
    • prophet-workspace/browser-surface.yaml
    • agentplane/session-lifecycle.example.yaml
    • mounts/agent-browser-mounts.yaml
    • automation/playwright-adapter.yaml
    • automation/stagehand-adapter.yaml
    • automation/terminal-browser-adapters.yaml
  • Added explicit workspace-operation declarations and event lifecycle expectations in these manifests.
  • Added governed upload surface (agent-uploads) with policy-gated decision modes aligned to block/quarantine/admit/activate.

• Redaction + event model updates

  • Expanded provenance/event support to include the new browser operation event types in:
    • schemas/provenance-event.schema.json
    • scripts/bearbrowser-emit-event.py
  • Updated docs to align with operation-plane semantics and redacted diagnostics requirements:
    • docs/provenance-events.md
    • docs/agentplane-prophet-workspace-integration.md
    • docs/integration-contract.md

• Focused contract guardrail

  • Added scripts/verify-workspace-operation-plane.py to enforce required operation types, artifact kinds, redaction controls, trust-boundary dimensions, lifecycle states, PolicyFabric authority, and durable-state rule.

# agentplane/workspace-operation-plane.yaml (excerpt)
operationTypes:
  - browser.session.start
  - browser.capture.create
  - browser.download.create
  - browser.upload.create
  - browser.automation.run
  - browser.diagnostics.export_redacted

controls:
  operationEvents:
    lifecycle: [start, progress, failure, retry, cancel, complete]
  actorAttribution:
    actors: [user, agent, system, connector]

[mdheller]

Closing after capture/replay.

Replacement PR #34 landed the intended browser Workspace Operation Plane payload on current main.

Merged replacement commit: 586f66db25a33075e0df6c851008d11b4bc823e1

Content carried forward:

• AgentPlane registration and session lifecycle fixtures
• Browser Workspace Operation Plane contract
• Playwright, Stagehand, and terminal/browser adapter manifests
• AgentPlane / Prophet Workspace integration docs
• integration contract and provenance event docs
• browser mount plan
• policy contract
• Prophet Workspace browser surface
• provenance event schema and emitter update
• workspace-operation verifier
• sidecar status verification fix

Content intentionally omitted: none. The reason for replacement was branch mergeability/check hygiene, not content rejection.