# Browser Operation Policy for strikefuse

## STRICT RULE — Pi Singleton
- **NEVER** use Pi's `browser-tools` singleton on `127.0.0.1:9222`
- This browser has the user's LinkedIn login and personal browsing state
- **NEVER** use `ensure-chromium`, `browser-start.js`, `browser-nav.js`, etc.
- **NEVER** take screenshots, `browser-eval.js`, or any browser-tools skill command

## ALLOWED — Cultguard Chrome
- Use `/home/mnm/workspaces/cultguard-chrome/result` (symlink to latest Nix store)
  or the resolved path `/nix/store/b8qgjyz2rh8604d14kz1r911wdq43fn0-chromium-cultguard-146.0.7680.177/`
- Always use **fresh profile** (`--user-data-dir=/tmp/`) or `--incognito`
- Always use `--headless` for automation
- Never reuse profiles between runs — this leaks state
- No proxy configured — traffic goes out directly (no identity leak from proxy)

## Why Cultguard Chrome
- Patches: cdp-stealth, chrome-branding, drm-spoof, gpu-profile
- Appears as genuine Google Chrome to bot detection
- CDP debugger is hidden from JS inspection
- Does not carry any user sessions

## Verification approach for LinkedIn
Since LinkedIn blocks unauthenticated access (auth wall), we cannot scrape
`/company/X/about/` directly. Instead we:
1. Search Google/Bing for `"domain.com" "linkedin"`
2. Scrape search-result snippets
3. Check if the domain appears as the company website in the snippet
4. Extract company name, industry, size when available

## Files using this policy
- `bin/linkedin_verify_chrome.sh` — cultguard-based search scraper
- Any future browser-based script must use cultguard-chrome ONLY