[Phase 1.3.1] Default browser to clean profile — stop copying auth data

[richard-devbot]

Phase

Phase 1 — Critical Security | Track 1.3 — Authentication & Access | Priority: P0 CRITICAL

Vulnerability Details

File: operator_use/web/browser/service.py:286-310
CWE: CWE-522 — Insufficiently Protected Credentials

`_copy_auth_files()` copies real Chrome cookies, login data, local storage, and session storage into the automated browser. The LLM has full access to every logged-in account (banking, email, cloud dashboards, etc.).

Fix

• Default `browser.copy_auth` to `false` in config
• Only copy auth files when explicitly opted in: `"browser": {"copy_auth": true}`
• When copy_auth is true, log a WARNING about the security implications
• Add domain allowlist option: `"browser": {"copy_auth_domains": ["github.com"]}`

Acceptance Criteria

• Default browser profile is clean (no auth data copied)
• Config flag `browser.copy_auth` controls behavior
• WARNING logged when copy_auth is enabled
• Domain allowlist option available
• Security tests verify clean profile by default

References

• CWE-522
• Design Doc: docs/plans/2026-03-29-security-ai-guardrails-performance-design.md