CloviBrowse

Internal browser-capability layer (Phase 1). Not publicly exposed. Plugins call it for disposable isolated browser sessions.

• POST /api/v1/session — launch ephemeral isolated container
• GET /api/v1/session/:id — status
• DELETE /api/v1/session/:id — reap
• POST /api/v1/detonate {url} — disposable detonation (screenshot + redirect chain)
• POST /api/v1/detonate-html {html} — disposable render of an uploaded HTML/SVG blob (screenshot + static threat signals)
• POST /api/v1/fetch {url} — programmatic navigate (screenshot + title + text + links) for CloviAgent
• GET /api/v1/accessibility?url=... — axe-core a11y scan (CloviAble-facing)
• GET /api/health · GET /api/v1/meter/summary

TTL idle-reaper: 10 min. Engine: kasmweb/chrome on rbnet. rm+run only.