Skip to main content

General Questions

ContextFort is a Chrome extension that provides visibility and control over browser-based AI agents. It helps you:
  • See what agents do: Captures screenshots of every action
  • Control agent behavior: Block specific actions or URLs
  • Protect your sessions: Keeps human and agent sessions separate
  • Track agent activity: Maintains detailed logs of agent sessions
Think of it as a “security camera” and “access control system” for AI agents using your browser.
Browser-based AI agents (like Claude Computer Use, GPT-4 with browsing, etc.) interact with websites on your behalf. Without visibility, you can’t see:
  • What actions the agent is taking
  • What information it’s reading or submitting
  • Whether it’s accessing sensitive sites inappropriately
  • If it’s mixing context between different services
ContextFort solves these problems by giving you complete transparency and control.
Yes, ContextFort is currently free and open-source. The source code is available on GitHub.There are no plans to charge for core features, though premium features may be introduced in the future.
ContextFort is agent-agnostic. It works with any browser-based agent, including:
  • Anthropic Claude (Computer Use)
  • OpenAI GPT-4 with web browsing
  • Google Gemini
  • Custom agent implementations
  • Selenium/Playwright automation
As long as the agent uses Chrome and you can organize tabs into groups, ContextFort will work.

Data & Privacy

All data is stored locally on your computer using Chrome’s chrome.storage.local API.ContextFort stores:
  • Screenshots of agent actions
  • Session metadata (timestamps, URLs visited)
  • Cookie snapshots for session isolation
  • Blocking rules you’ve configured
Nothing is sent to external servers. Your data never leaves your machine unless you explicitly export it.
The source code includes PostHog integration for optional analytics, but it is disabled by default.
const ENABLE_POSTHOG = true;  // Set to false to completely disable
If enabled, it tracks:
  • Extension installed/updated events
  • Feature usage (no personal data)
  • No screenshot content
  • No URLs visited
  • No session data
You can verify this in the source code (background.js:2) or completely remove the PostHog code before installing.
ContextFort captures screenshots when agents interact with pages. This means:YES, screenshots could contain visible passwords if:
  • Agent types into password fields (visible as dots/asterisks)
  • Agent triggers password autofill that shows passwords
  • Pages display passwords in plain text
NO, ContextFort does NOT:
  • Log keystrokes directly
  • Extract password values from form fields
  • Store passwords separately from screenshots
  • Send passwords anywhere
Treat ContextFort’s screenshots as sensitive. They may contain information you wouldn’t want others to see. Screenshots are stored in Chrome’s local storage on your device.
ContextFort only tracks URLs visited during active agent sessions. Your normal browsing is not tracked.For agent sessions, it stores:
  • URLs the agent navigates to
  • Page titles
  • Timestamps of visits
This is necessary for:
  • Context mixing prevention
  • Session timeline visualization
  • Debugging agent behavior
Only sessions in tab groups with the ⌛ emoji are tracked. Regular browsing is completely ignored.
Delete all data:
  1. Right-click the ContextFort extension icon
  2. Select “Inspect service worker”
  3. In the console, run:
chrome.storage.local.clear();
chrome.runtime.reload();
Or uninstall the extension:
  • Go to chrome://extensions
  • Click “Remove” on ContextFort
  • All data is automatically deleted
Selective deletion:
  • Use the dashboard to delete individual sessions
  • Export data before deletion if you want backups

Agent Detection

ContextFort doesn’t technically “detect” agents. Instead, you tell it when an agent is active by using Chrome’s tab groups:
  1. Create a tab group (right-click tab → “Add tab to group”)
  2. Name the group with the ⌛ (hourglass) emoji
  3. ContextFort automatically starts tracking that tab
When you change ⌛ to ✅ (checkmark), tracking stops.
This manual approach ensures ContextFort only tracks what you explicitly want tracked, avoiding false positives from regular browsing.
If you start an agent without the ⌛ emoji:
  • ContextFort won’t track the session
  • No screenshots will be captured
  • No session isolation will occur
  • Agent will use your normal browser cookies
You can add the emoji mid-session:
  1. Right-click the tab
  2. Add to a new group
  3. Name with ⌛
  4. ContextFort will start tracking from that point forward
Session isolation won’t retroactively apply. If the agent already accessed sites using your cookies, that can’t be undone.
Yes! Create multiple tab groups, each with its own ⌛ emoji:
  • ⌛ Research Agent (Group 1)
  • ⌛ Shopping Agent (Group 2)
  • ⌛ Testing Agent (Group 3)
Each group gets its own independent session with separate:
  • Screenshot timelines
  • Session cookies
  • Visited URLs
  • Blocking rules (if configured per-session)
Each group can only contain ONE tab. If you add multiple tabs to a group, ContextFort will automatically ungroup the extras.
When the agent tab is closed:
  1. Session is marked as “ended”
  2. End timestamp is recorded
  3. Session duration is calculated
  4. Tab is removed from active tracking
  5. All data is preserved in storage
The session remains viewable in the dashboard, including all screenshots and visited URLs.
Closing the tab does NOT delete the session data. Use the dashboard to explicitly delete sessions you no longer need.

Session Isolation

Session isolation keeps your human browsing sessions separate from agent sessions:When agent starts (⌛):
  1. ContextFort captures all cookies for the current domain
  2. Saves them as your “human session”
  3. Clears all cookies from the browser
  4. If an agent session exists for that domain, restores those cookies
  5. If not, prompts you to log in with agent credentials
When agent stops (✅):
  1. Captures current cookies as “agent session”
  2. Clears all cookies
  3. Restores your original human session cookies
  4. Reloads the page
This ensures agents never use your personal accounts, and you never see agent activity in your normal browsing.
It depends on your use case:Recommended approach:
  • Create dedicated agent accounts for services the agent will use
  • Use your personal accounts for human browsing
  • Session isolation keeps them separate
Alternative:
  • Let the agent use your personal account
  • Accept that agent actions will appear in your account history
  • Still beneficial for visibility and control
Using personal accounts with agents can be risky for:
  • Banking/financial sites
  • Work accounts
  • Social media (agent posts will appear as you)
  • E-commerce (agent could make purchases)
Currently, ContextFort is designed to keep sessions separate. To share a session:Workaround:
  1. Start agent in normal tab (no tab group)
  2. Don’t use the ⌛ emoji
  3. Agent uses your regular cookies
  4. No session isolation occurs
Downside:
  • No screenshot capture
  • No blocking enforcement
  • No visibility into agent actions
This is intentional. The purpose of ContextFort is isolation. If you want shared sessions, you don’t need ContextFort for that interaction.
Current limitation: ContextFort only isolates cookies, not localStorage or sessionStorage.This means:
  • Agents may access localStorage data from your human session
  • localStorage changes persist after agent stops
  • Some sites store authentication in localStorage, not cookies
Workaround:
  • Manually clear localStorage before agent sessions
  • Use Chrome DevTools: F12 → Application → Storage → Clear site data
Future versions may add localStorage isolation, but it’s not currently implemented.

Blocking & Controls

ContextFort offers three types of blocking:1. Action Blocking
  • Blocks agents from clicking specific buttons or filling specific inputs
  • Matches elements by tag, ID, class, text content
  • Prevents event propagation when blocked
  • Shows visual feedback (red border flash)
2. URL Blocking (Context Mixing Prevention)
  • Blocks navigation to certain domains
  • Prevents mixing context from different services
  • Example: Block agent from visiting bank after visiting shopping site
3. Governance Rules
  • High-level policies applied via Declarative Net Request
  • Disallow all clickable URLs (no hyperlink following)
  • Disallow URLs with query parameters
  • More performant but less granular
All blocking is configured through the dashboard.
ContextFort’s blocking is strong but not foolproof:What it can block:
  • Regular DOM events (clicks, inputs, form submissions)
  • Browser navigation via window.location
  • Link clicks
  • Form interactions
What it CANNOT block:
  • Direct JavaScript execution that bypasses events
  • Native automation tools (Selenium, Playwright) with direct CDP access
  • Browser extensions that inject code
  • Actions taken outside the browser
ContextFort is designed for monitoring and light control, not as a security sandbox. Determined agents with low-level access can bypass it.
When ContextFort blocks an agent action:
  1. Event is prevented: Click/input doesn’t execute
  2. Visual feedback: Element briefly shows red border
  3. Notification shown: In-page toast notification appears
  4. Agent stops: Stop button is automatically clicked
  5. Badge alert: Extension icon shows ⛔ for 3 seconds
  6. Session continues: Session isn’t ended, just paused
You can:
  • Review what was blocked in the dashboard
  • Remove the block and resume
  • End the session
Yes, using URL blocking rules:Deny list approach:
  • Allow agent everywhere except specific domains
  • Add blocking rules for forbidden domains
  • Example: Block bank.com, allow everything else
Allow list approach:
  • Use domain blocking with empty string
  • Block navigation if ANY non-allowed domain was visited
  • More restrictive
Configuration: Dashboard → Controls → URL Blocking → Add Rule
URL blocking is checked on navigation. If agent is already on a blocked domain, it won’t be kicked off until it tries to navigate.

Technical Questions

Storage usage depends on agent activity:Typical session (1 hour, moderate activity):
  • 50 screenshots @ ~500KB each = ~25MB
  • Session metadata: <1MB
  • Total: ~26MB
Maximum storage:
  • ContextFort limits to 100 screenshots (FIFO buffer)
  • Approximately 50MB maximum for screenshots
  • Plus session metadata: ~5-10MB for many sessions
  • Total cap: ~60MB in extreme cases
Chrome storage limits:
  • chrome.storage.local quota: ~5MB (but can request unlimited)
  • ContextFort requests unlimitedStorage permission
  • No practical limit on modern systems
You can check actual usage at chrome://quota-internals
Performance impact:Minimal impact during normal browsing:
  • Extension only active when ⌛ emoji present
  • No CPU usage when agent isn’t running
Moderate impact during agent sessions:
  • Screenshot capture: ~50-100ms per screenshot
  • Storage write: ~10-50ms per write (queued)
  • Event listeners: <1ms overhead per event
Factors that increase impact:
  • Very fast agents (many actions per second)
  • Large screenshots (4K displays)
  • Low-end hardware
  • Many simultaneous agent sessions
If you experience slowness, try reducing agent speed or clearing old screenshots.
Yes, but you need to enable it:
  1. Go to chrome://extensions
  2. Find ContextFort
  3. Click “Details”
  4. Enable “Allow in incognito”
Benefits of incognito:
  • Clean slate cookies every time
  • No cross-session contamination
  • Better isolation
Limitations:
  • Session profiles won’t persist across browser restarts
  • Extensions may behave differently
  • Some sites detect and block incognito mode
Yes! ContextFort is open source under the MIT License.Source code:You can:
  • Review the code for security
  • Fork and modify for your needs
  • Contribute improvements
  • Report issues
  • Build from source instead of installing from Chrome Web Store
Yes, the dashboard includes export functionality:What can be exported:
  • Session metadata (times, URLs, counts)
  • Screenshot metadata (timestamps, events)
  • Screenshots as base64 or image files
  • Blocking rules configuration
Export formats:
  • JSON (for re-importing or processing)
  • CSV (for spreadsheet analysis)
  • ZIP archive (with images)
Use cases:
  • Backup before clearing storage
  • Sharing with team for review
  • Compliance/audit trails
  • Analyzing agent behavior patterns
Exported data can be large (screenshots are base64-encoded). Expect ~1.5x the storage size for JSON exports.

Troubleshooting

Chrome updates sometimes break extensions:
  1. Check extension is still enabled: chrome://extensions
  2. Update ContextFort: It may need to update for new Chrome version
  3. Reload extension: Click refresh icon on extension card
  4. Check minimum version: ContextFort requires Chrome 134+
  5. Reinstall if needed: Uninstall and reinstall from Chrome Web Store
Quick fixes:
  1. Hard refresh: Ctrl+Shift+R (or Cmd+Shift+R on Mac)
  2. Clear extension cache:
    • chrome://extensions
    • Toggle ContextFort off then on
  3. Check console errors:
    • F12 on dashboard
    • Look for red errors
    • Report to GitHub if you see errors
  4. Try different browser profile:
    • Create new Chrome profile
    • Install ContextFort there
    • Test if issue persists
Resources:
  1. Documentation: You’re reading it! Check other sections.
  2. GitHub Issues: github.com/yourusername/contextfort/issues
  3. GitHub Discussions: For questions, not bug reports
  4. Discord Community: discord.gg/contextfort
Before asking:
  • Check Troubleshooting
  • Search existing GitHub issues
  • Include browser version and steps to reproduce
For security vulnerabilities, email [email protected] instead of posting publicly.

Future Development

Under consideration:
  • localStorage/sessionStorage isolation
  • Automatic agent detection (no emoji needed)
  • Video recording instead of screenshots
  • Multi-browser support (Firefox, Safari)
  • Team collaboration features
  • Cloud sync for enterprise
  • Real-time monitoring API
  • Agent behavior analytics
Contributing:
  • Feature requests on GitHub
  • Vote on proposals in Discussions
  • Submit PRs with implementations
Current plan:
  • Core features remain free forever
  • Open source license won’t change (MIT)
  • Possible premium features for enterprise:
    • Cloud sync
    • Team management
    • Advanced analytics
    • Priority support
Individual users will always have access to the full core feature set for free.

Build docs developers (and LLMs) love

Get started for freeTalk to us