Permissions

Browy is a browser-automation agent. The side panel runs a chat UI; a companion native messaging host (a small Node.js process you install separately) runs the GitHub Copilot CLI as the LLM backend and returns tool calls that the extension executes against your browser.

This page explains why each permission in extension/manifest.json is required. The same text is the basis for the Chrome Web Store listing’s permission justification.

Summary

Browy is a general-purpose browser agent, so the permissions cover any site you might point it at. It only acts on tabs you target from the side panel. Host-touching tools (shell, filesystem, HTTP) are off until you opt in under Settings → Tools.

Permissions

sidePanel UI

Browy’s primary UI is the Chrome side panel (chat, history, settings). Required to register sidepanel.html.

debugger Core

The agent uses the Chrome DevTools Protocol (via chrome.debugger.attach) to take page snapshots, click and type by accessibility index, evaluate JavaScript, and capture network and console events. It’s how Browy reads and drives pages without brittle CSS selectors.

“Browy started debugging this browser”

Chrome shows its standard debugging banner while a session is active. Chrome requires it for any extension using the DevTools Protocol; detach the session and the banner goes away.

tabs Core

Read tab titles and URLs to populate the agent’s context (list_tabs, switch_tab), open new tabs (new_tab, navigate), and route the agent to the correct tab when you ask it to operate on “this page”.

activeTab Core

Used in addition to tabs so the side panel can identify the currently focused tab without prompting on every action.

scripting Core

Inject content scripts when the agent needs to evaluate JS in the page context (the evaluate_js tool) or extract structured data the snapshot can’t express.

storage Local

Persist chat history, user settings (model, reasoning effort, theme), and last-used tab. All storage is local (chrome.storage.local); nothing is uploaded.

nativeMessaging Core

Connect to the locally-installed Browy native host (com.browy.host), which runs the GitHub Copilot CLI on your machine. All LLM traffic flows through your own Copilot subscription, not a Browy server.

notifications UX

Surface “host disconnected”, “sign-in required”, and other actionable status messages outside the side panel so you don’t miss them while working in another tab.

downloads Optional

Save artifacts the agent produces (e.g. exported scrapes, generated files) to your Downloads folder via chrome.downloads.download.

alarms Internal

Periodic keep-alive pings for the background service worker. Chrome aggressively suspends MV3 service workers; alarms keep the native messaging port responsive without a busy loop.

host_permissions

<all_urls> Required

You’ll point Browy at any site you visit, so the extension declares permission for all URLs. The agent only attaches to tabs you target from the side panel. <all_urls> is the gate, not a license to crawl in the background.

How Browy is architected

Local native host

Page content goes to GitHub Copilot via the local Copilot CLI, exactly as if you ran gh copilot from a terminal.

No background activity

The agent acts only when you send a message in the side panel.

Strict tool allowlist

The native host runs every model call through a strict allowlist. Browser-driving tools are on by default and can each be turned off in Settings → Tools; host-touching tools (shell, filesystem, web_fetch) are off by default and only enabled if you opt in per-tool.

See also

Privacy & data The full data-handling summary.

Tools the agent has Every tool the agent can call, and the per-tool Settings toggles.

Security How to report a vulnerability.