Fetch And Browser Runtime

The fetch/browser runtime covers outbound text requests, deterministic browser

snapshot contracts, and capture redaction.

HTTP Client

runtime-http-request accepts a method, URL, headers, body, timeout, redirect

policy, retry budget, and cache policy. It returns a stable response record with

status, headers, content type, body, elapsed time, retry count, and error code.

GET and POST are required. Redirect handling is explicit. TLS failures return a

stable http-tls-failure error. Cache hits return deterministic cached bodies

and mark the result as cached.

Browser Snapshot

runtime-browser-snapshot accepts a snapshot request and artifact root. It

returns page HTML, extracted text, metadata hooks, optional screenshot metadata,

elapsed time, and timeout status. The fake browser returns deterministic content

for tests and never starts a real browser process.

Capture Security

Capture previews and reports must redact URL query secrets, form values,

tokens, cookies, bearer credentials, and credential-shaped values before writing

or returning artifacts. Artifact validation fails closed when a preview leaks a

known secret marker.