SPIRITT Agent

About

SPIRITT Browser Bridge lets your SPIRITT workspace agent act on your behalf on websites you're already logged into, without ever asking for your passwords.

═══ How it works ═══

Your agent needs to read your Gmail, fetch your LinkedIn connections, or fill a form in your account on some service. Instead of asking for credentials, the agent asks the extension to share your session. You simply select the domains you want to grant access to and click Share. The agent can now act as you on those sites.

You stay in control:
• You pick which sites to share. Nothing leaves your browser without your click.
• Each share is a single domain. The extension does not bulk-export your browsing data.
• You can revoke any session at any time, or all of them in one click.
• Notifications confirm every share, refresh, and revoke.

═══ What gets shared ═══

For each domain you explicitly select:
• Cookies for that domain (the same ones the site already gave your browser)
• Local storage and session storage for that domain
• Your browser's User-Agent string (so the agent's request looks like it came from your real browser)

What never gets shared:
• Anything from a domain you did not explicitly select
• Your browsing history
• Your bookmarks, passwords, downloads, or any other browser data
• Anything to any third party — only to the SPIRITT workspace URL you configure

═══ Where the data goes ═══

The extension transmits the selected session data over HTTPS to the SPIRITT workspace URL you configure in the popup. Nothing is sent anywhere else. No analytics, no telemetry, no third-party servers.

Your workspace stores the session in its own private storage. From there, your workspace's AI agent can use the session to perform the task you asked for.

═══ Who this is for ═══

You have a SPIRITT workspace (https://workspaces.spiritt.ai) and you want your agent to do real work on the web for you. This extension is the bridge that makes that possible without handing over credentials.

If you don't have a SPIRITT workspace, this extension does nothing useful. Get one first.

═══ Security model ═══

• All transmission is HTTPS to a URL you configure.
• The extension contains no remote code (Manifest V3, strict CSP).
• The extension does not run on pages you visit; it only acts when you click a button in the popup.
• Source code is open: https://gitlab.com/spiritt/tenants/spiritt/sandbox-browser-kit
• Read the privacy policy: https://sandbox-browser-kit-68db13.gitlab.io/

═══ Permissions, explained ═══

• cookies — read cookies for the specific domains you select, to share with your workspace
• storage — remember your workspace URL between extension loads
• activeTab — read localStorage and sessionStorage from the tab of the domain you selected
• tabs — auto-detect your open SPIRITT workspace tab to fill in the URL
• scripting — extract localStorage and sessionStorage values from the selected domain (one read-only function, never modifies the page)
• notifications — confirm shares, refreshes, and revokes
• host_permissions <all_urls> — required so the extension can read cookies and storage for any site you choose to share; the domain list is fully user-driven, nothing is read until you click Share

═══ Open source ═══

Source code, issue tracker, and the relay server you can self-host:
https://gitlab.com/spiritt/tenants/spiritt/sandbox-browser-kit

License: All Rights Reserved

═══ Support ═══

File an issue on the GitLab project linked above, or reach the team through your SPIRITT workspace.