Supervision & Compliance

Running many agent browsers in parallel raises two operator questions: what is each agent doing right now? and can I prove what happened afterwards? Shade answers both without feeding every page tree back through a model.

Fleet console

The Fleet Console (shade-browser-mcp dashboard, fronted by the hosted product at your account URL) shows a live, tenant-filtered view of your slots:

• one card per claimed slot with its URL/title, liveness, and a structured event stream (navigation, clicks, form edits, downloads, wallet prompts, leak checks, takeover state);
• a usage rollup (/api/usage): slot-hours and per-tool call counts;
• strict tenant isolation: each customer key sees only its own slots and events, and no slot's CDP auth_token is ever exposed to the browser — only a boolean token_present.

The console reconstructs activity from the structured event log, so watching a busy fleet does not cost a full accessibility snapshot per page.

Human takeover

When an agent needs a human in the loop — a CAPTCHA, a login, a judgment call — the console can take over a slot: it focuses that slot's live browser so a person drives the same session the agent is using, and records takeover / resume markers in the audit trail. Takeover is a shared-live-view handoff, not a hard automation lock: coordinate so the agent pauses while a human drives.

Tamper-evident audit trail

Every browser action is appended to a per-engagement JSONL log with sensitive values redacted (bearer tokens, cookies, auth headers never persist). Each entry is hash-chained:

entry_hash = sha256(prev_hash + canonical-content-of-this-entry)

Editing, deleting, reordering, or truncating any earlier entry changes every following entry_hash, so silent tampering is detectable. Verify a log:

shade-browser-mcp audit-verify /path/to/browser-events.jsonl
# {"ok": true, "broken_at": null}   -> exit 0
# {"ok": false, "broken_at": 42}    -> exit 1 (first broken entry id)

This supports record-keeping obligations such as the EU AI Act's Article 12 logging expectations for high-risk AI systems.

Honest scope: this is tamper-evident, not tamper-proof. A party who can rewrite the entire log tail can recompute valid hashes. For end-to-end assurance, periodically export the latest entry_hash to the customer or a write-once store and check it back against the live log — any divergence proves the log was altered after that anchor.