What a guardian is for
Most automation asks you to trust it completely or not at all. It runs with your full reach and hopes for the best, or it stays boxed away where it cannot help. A guardian is the third option: full reach, with a light left on, so you can always see where it went and stop it before it goes somewhere it should not.
The idea is old. Night watchmen carried a lantern not to work by, but to be seen working - a moving light that told the street someone was awake and accountable. Ghostlight borrows the posture: the automation is visible while it acts, and the boundaries it must respect are declared in advance, in plain words, where both you and it can read them.
Three promises
It is visible
When the agent moves, you see the cursor. When it clicks, a ripple. When a boundary stops it, a ribbon says so on the page itself - not buried in a log you will never open. Nothing important happens in the dark.
It is bounded
Reach is granted, never assumed. A policy names the domains and the kinds of action allowed, and everything outside that is refused by default. The refusal is explained, not silent, so a wrong turn teaches you something instead of just failing.
It is yours
No account, no cloud, no telemetry. The engine runs locally and keeps running whether or not anyone is selling you anything. What it sees stays on your machine, in your browser, under your policy.
What the lantern reveals
The point of a visible guardrail is not decoration. It is that a person watching can catch, in the moment, the one action that should not happen - the tab that should have stayed closed, the field that should have stayed empty, the domain that was never meant to be touched. A silent guard cannot be corrected until after the harm. A lantern can.
A light left burning, so the halls stay safe.
That is the whole of it. Give capable automation real reach, then keep the lantern lit so the reach is always accountable to the person who granted it.
Reading list
- The capability model: read, action, write, and execute, classified per call.
- Identity-bound grants: who is acting, and what that identity is allowed to touch.
- Sacred domains: the never-touch list that no policy can override.
- The audit trail: every decision recorded, allow or deny, with its reason.