lens.browse(url=procurement.gc.ca/tender/41)
↳ tower.policy.url_check(host=*.gc.ca) ok
↳ lens.sandbox.spawn(profile=ephemeral)
↳ lens.extract(selector=table.tender-summary)
↳ crown.ingest(source=lens, doc=tender_41)
↳ knox.audit.append(0x7f45...)
lens.browse(url=procurement.gc.ca/tender/41)
↳ tower.policy.url_check(host=*.gc.ca) ok
↳ lens.sandbox.spawn(profile=ephemeral)
↳ lens.extract(selector=table.tender-summary)
↳ crown.ingest(source=lens, doc=tender_41)
↳ knox.audit.append(0x7f45...)
lens.browse(url=procurement.gc.ca/tender/41)
↳ tower.policy.url_check(host=*.gc.ca) ok
↳ lens.sandbox.spawn(profile=ephemeral)
↳ lens.extract(selector=table.tender-summary)
↳ crown.ingest(source=lens, doc=tender_41)
↳ knox.audit.append(0x7f45...)
lens.browse(url=procurement.gc.ca/tender/41)
↳ tower.policy.url_check(host=*.gc.ca) ok
↳ lens.sandbox.spawn(profile=ephemeral)
↳ lens.extract(selector=table.tender-summary)
↳ crown.ingest(source=lens, doc=tender_41)
↳ knox.audit.append(0x7f45...)
lens.browse(url=procurement.gc.ca/tender/41)
↳ tower.policy.url_check(host=*.gc.ca) ok
↳ lens.sandbox.spawn(profile=ephemeral)
↳ lens.extract(selector=table.tender-summary)
↳ crown.ingest(source=lens, doc=tender_41)
↳ knox.audit.append(0x7f45...)
lens.browse(url=procurement.gc.ca/tender/41)
↳ tower.policy.url_check(host=*.gc.ca) ok
↳ lens.sandbox.spawn(profile=ephemeral)
↳ lens.extract(selector=table.tender-summary)
↳ crown.ingest(source=lens, doc=tender_41)
↳ knox.audit.append(0x7f45...)

SIGNEDNOT JUST LOGGED

SOVEREIGNCHROMIUM · OUR ARCHITECTURE

KNOX CHAINTAMPER-EVIDENT

LENS

The only browser agent that produces a cryptographically signed action chain. Every navigation, extraction, and form interaction — signed, hash-chained, auditable. On your hardware. Under your policy.

SCROLL

Browser Control With a Chain of Custody.

Lens starts from Brave's hardened Chromium build, then rebuilds the security layer above it as our own: a sovereign sandbox, a policy-enforced network layer, and a Knox-signed audit chain. The browser foundation is open source. The architecture that makes it auditable — and admissible in a procurement audit — is ours.

↳ /0.1

Headless Browser Automation

AI agents browse under a declared policy: allowlisted domains, no SSRF, resource-capped subprocess. Navigation, form submission, and multi-step workflows execute within those constraints.

↳ /0.2

DOM Extraction

Parse any rendered page — including JavaScript-heavy SPAs — into structured JSON. CSS-selector and XPath targeting; attribute extraction; raw HTML capture for downstream processing.

↳ /0.3

Network Filtering

Every HTTP request monitored, logged, and filterable. Request allowlisting, SSRF protection, external call blocking.

↳ /0.4

Screenshot + PDF

Document any page state for compliance and audit. Full page captures, selected element snapshots, PDF generation.

↳ /0.5

Chrome Extension Support

Enhanced data collection capabilities. Load extensions in Chromium 112+ headless mode (--headless=new); capture instrumented interactions across page loads.

Core Capabilities

/browse

Navigate & Capture

Autonomous navigation to any URL. Capture full page content, element states, interactive responses.

/extract

Parse DOM

Convert HTML/JavaScript rendered content into structured JSON. Semantic element identification.

/screenshot

Visual State

Render any page state as image. Validate visual compliance, capture UI changes, document interactions.

/pdf

Document Export

Generate PDF from rendered pages. Headers/footers, page breaks, compliance documentation.

Isolated. Audited. Hosted in Canada.

Every browser instance runs in an isolated container. No internal network access. Only approved domains accessible. Full audit trail of every navigation, click, and data extraction.

↳ /0.6

SSRF Protection

RFC 1918 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), loopback (127.0.0.0/8), and cloud metadata link-local (169.254.0.0/16) blocked by default. IPv6 equivalents included. Configuration override available for authorized use.

↳ /0.7

Request Allowlisting

Only approved domains accessible. Whitelist mode or regex patterns. Block tracking, analytics, third-party scripts by policy.

↳ /0.8

Subprocess Isolation

Browser runs as non-root inside a Docker container with --no-new-privileges and a restrictive seccomp profile. Resource limits (CPU, memory, disk) enforced via cgroup v2. Automatic cleanup on session end.

↳ /0.9

Audit Trail

Every navigation, click, and extraction is Ed25519-signed and appended to Knox's hash-chain — not a log file, a tamper-evident receipt. Admissible in procurement audits. Replayable action-by-action.

System Integration

Lens connects to Echo, Crown, Atlas, and Knox as a core tool. Every extraction is Knox-attested before it enters Crown — meaning the knowledge graph carries cryptographic provenance for every web-sourced fact.

Ingress · /lens

Echo request accepted

Agent asks for web data. Tower policy validates the route class and target domains.

Signed

Execution

Lens executes

Sandboxed browser navigates, extracts, and validates. Every action Knox-signed in flight.

Hashed

Egress · Crown

Knox receipt emitted

Knox appends the final hash-chained receipt. Crown ingests with full provenance lineage.

Archived

Intent Policy Execution Receipt

Deployment Options

Lens runs on your hardware, in your environment. Docker-based deployment. Integration with CASTLE orchestration layer.

      # CLI in private beta — request access below
$ axe deploy lens \
  --namespace production \
  --replicas 8 \
  --resource-limit cpu=2,memory=4Gi \
  --allowlist-domains procurement.gc.ca,contracts.ca \
  --ssrf-mode deny-all \
  --audit-log /var/log/lens/audit.jsonl

# Lens now handling browser automation requests
# All data stays on your hardware
    

/ Contact · we read every inquiry

Talk to .

Demos, pilot deployments, government RFPs, technical questions. A person reads every inquiry.