Summary
Add a policy to restrict browser agent tools to specific domains, independent of the fetch tool.
Problem
Organizations need to balance developer productivity with security. Currently, the only way to restrict agents from
autonomously controlling public websites is to disable browser tools entirely via BrowserChatTools: false.
However, this also prevents legitimate local development use cases (e.g., testing a localhost app with an agent).
The alternative — using ChatAgentNetworkFilter with ChatAgentAllowedNetworkDomains: ["localhost"] — is too
broad: it also blocks the fetch tool from accessing external content, degrading general agent usefulness.
There is currently no policy that says: "agents may use browser tools, but only on localhost."
Proposed Solution
Add a new dedicated policy for browser tool domain restrictions, separate from the fetch tool:
- Policy name:
BrowserChatToolsAllowedDomains
- Setting:
workbench.browser.chatTools.allowedDomains
- Type: Array of domain patterns (wildcards supported)
- Example:
["localhost", "127.0.0.1", "*.internal.example.com"]
When set, agents can use browser tools (click, navigate, type, etc.) only on matching domains. The fetch tool
remains unaffected.
This complements BrowserChatTools (the on/off switch) with fine-grained domain control.
Expected Behavior
An organization sets:
BrowserChatTools: true
BrowserChatToolsAllowedDomains: ["localhost", "127.0.0.1"]
Result:
- ✅ Agents can control pages on localhost
- ❌ Agents cannot click/navigate/automate public websites
- ✅ Fetch tool continues to work on external URLs
Current Behavior
Only a binary on/off exists for browser tools (BrowserChatTools). Domain-scoped browser tool access is not possible
without also restricting the fetch tool via ChatAgentNetworkFilter, which is overly broad.
Additional Context
This feature would allow organizations that have disabled BrowserChatTools for security reasons to safely re-enable
it, scoped to internal/local development environments — unlocking productivity benefits without exposing a risk of
agents automating public websites.
Summary
Add a policy to restrict browser agent tools to specific domains, independent of the fetch tool.
Problem
Organizations need to balance developer productivity with security. Currently, the only way to restrict agents from
autonomously controlling public websites is to disable browser tools entirely via
BrowserChatTools: false.However, this also prevents legitimate local development use cases (e.g., testing a localhost app with an agent).
The alternative — using
ChatAgentNetworkFilterwithChatAgentAllowedNetworkDomains: ["localhost"]— is toobroad: it also blocks the fetch tool from accessing external content, degrading general agent usefulness.
There is currently no policy that says: "agents may use browser tools, but only on localhost."
Proposed Solution
Add a new dedicated policy for browser tool domain restrictions, separate from the fetch tool:
BrowserChatToolsAllowedDomainsworkbench.browser.chatTools.allowedDomainsWhen set, agents can use browser tools (click, navigate, type, etc.) only on matching domains. The fetch tool
remains unaffected.
This complements BrowserChatTools (the on/off switch) with fine-grained domain control.
Expected Behavior
An organization sets:
BrowserChatTools: true
BrowserChatToolsAllowedDomains: ["localhost", "127.0.0.1"]
Result:
Current Behavior
Only a binary on/off exists for browser tools (BrowserChatTools). Domain-scoped browser tool access is not possible
without also restricting the fetch tool via ChatAgentNetworkFilter, which is overly broad.
Additional Context
This feature would allow organizations that have disabled BrowserChatTools for security reasons to safely re-enable
it, scoped to internal/local development environments — unlocking productivity benefits without exposing a risk of
agents automating public websites.