JUWEL
Architecture · Browser-as-OS · v0.1
JUWEL ships as a Chromium fork. It installs like any browser — imports your Chrome data, runs every extension — then quietly takes over as the surface you live in: a full agentic OS where JUWEL and her Hive do the work. A second build, JUWEL Cursor, extends that reach from the browser to the whole machine.
The one thing none of them have. Every browser on the market is racing to let an agent act for you. Not one can prove what the agent did in a way you can check yourself. JUWEL signs a neutral receipt for every action — verify it offline, against our open verifier, without trusting us.
The thesis is no longer fringe: the browser is turning into the operating system where AI works alongside you. In 2025–26 the whole field moved at once — and the most credible builds are Chromium forks, not extensions, because only a fork can rewrite the new-tab, the omnibox, permissions, and the agent's reach into the page.
JUWEL's bet is the same shape — and the structure is proven: a browser half (the Chromium fork) and an agent half (the platform that drives it). We add a third half nobody else has: the proof half.
Handing an autonomous agent your logged-in sessions is the whole value — and the whole danger. The field already has its first injuries: prompt-injection from malicious page content, agents taking actions the user never authorized, a court injunction, named browser vulnerabilities. The reflex answer is "trust our guardrails." JUWEL's answer is different: don't trust us — verify.
Four layers in the app, plus a fifth that sits across all of them — the receipts bus — and a verifier that lives outside the system entirely. That externality is the point: the thing that checks JUWEL is not part of JUWEL.
npx @vextlabs/stoa-verifier ./receipt.json
No migration, no leap of faith. The first run is indistinguishable from switching browsers. The takeover is gradual and reversible — which is exactly why people will actually cross over.
One installer, Mac/Win/Linux. It's a real browser — nothing exotic to learn.
Imports your Chrome profile — tabs, passwords, extensions. Everything you had still works on day one.
New-tab and the omnibox become the JUWEL shell — the dock, the apps, the agent. The OS, inside the browser you already trust.
Set default + run standalone/kiosk and the browser chrome disappears. Now it's just JUWEL — per-customer, no VM per seat.
The same agent, the same receipts, two radii of reach. Most work lives in the browser; the rest needs the whole machine.
The Chromium fork. Agents run locally, inside your real, logged-in sessions — so they can actually do the work that remote computer-use agents can't: your email, your dashboards, your company tools.
Reach: anything on the web. Every click and submit signed. This is the wedge — install it and you're in.
Computer-use beyond the page. When a task escapes the browser — a native app, the file system, the desktop — JUWEL Cursor drives the machine itself, with the same approval gate and the same signed receipts.
Reach: the whole OS. The browser is the front door; Cursor is the rest of the house.
An extension is sandboxed and can be throttled by the host browser at any update. A fork lets the agent see and drive the page through CDP at the engine level — no permission theater, no surprise breakage.
Only a fork can replace the new-tab and omnibox with the JUWEL shell, and restyle the whole chrome. The OS feeling — dock, apps, takeover — is impossible from inside an extension's box.
The receipts tap has to sit below the agent, where actions actually commit — so nothing can act without being signed. That interception point only exists in a fork you control.
It's more work than an extension and that's the moat: the credible builds in this category are forks for exactly these reasons. We inherit a proven structure and add the one layer they're all missing.
Stand up the Chromium fork with auto-update; patch new-tab + omnibox to load the JUWEL shell. Profile import. The OS we've designed renders as the browser's home surface.
fork · patches shell existsWire the agent loop to CDP; expose tools over MCP. Tap the action layer so every navigate/click/type/submit emits a STOA receipt. Inline verify on each. This is the shippable product.
CDP · MCP receipts engine exists verifier existsDesktop build that drives native apps and the file system under the same approval + receipt model. Browser stays the front door; Cursor handles what escapes it.
computer-use approval + receipts sharedPublish/extend specialists in the Hive; share a run as a bundle of receipts anyone can verify offline. The audit trail becomes a distribution surface.
marketplace Hive existsThe shell, the dock and apps, the Hive, the signed-receipt engine (real ECDSA-P256 + Merkle chaining), and the offline verifier with tamper-to-fail — all live in the prototype. The product design of the browser-OS is done.
The Chromium fork itself, the CDP/MCP agent bindings, and computer-use are C++/systems engineering — not yet built. This document is the blueprint that scopes them. We claim the design and the proof layer; we don't yet claim the fork.
A browser anyone can ship. A receipt only we can offer.