Research: map BrowserTrace browser artifacts to OWASP AOS trace fields

[aaronlab]

Context

BrowserTrace now has an upstream standards feedback issue open with the OWASP Agent Observability Standard project:

• Clarify browser/GUI artifact references for OS Tool traces OWASP/www-project-agent-observability-standard#74

That issue asks how browser/GUI agent artifacts should be represented in AOS: screenshots, videos, current URLs, action labels, model decisions, status, and failed-step errors.

Goal

Create a small research note or docs section that maps BrowserTrace trace fields to the closest AOS concepts, without claiming BrowserTrace is AOS-compliant before that is true.

Useful fields to map:

• run id / step id
• screenshot artifact path or URI
• current browser URL
• action label / tool call
• model input / model output
• status and error
• future video recording artifact metadata
• public/export redaction state

Candidate AOS concepts to inspect:

• OS Tool events
• Resource
• FileWithUri
• FileWithBytes
• A2A task artifacts
• OpenTelemetry / OCSF trace event examples

Deliverable

A focused PR that adds one of these:

1. A short documentation note under docs/ explaining the current mapping and known gaps.
2. A table in an existing integration/observability doc if there is a better existing home.
3. A short research summary comment on this issue if the mapping is not ready for docs yet.

Guardrails

• Do not claim BrowserTrace implements AOS until there is real implementation and verification.
• Keep this vendor-neutral and standards-focused.
• Do not ask for stars, votes, reposts, or reciprocal promotion.

[aaronlab]

Research note from the current standards/community pass:

External context:

• OWASP AOS artifact question: Clarify browser/GUI artifact references for OS Tool traces OWASP/www-project-agent-observability-standard#74
• Browser Use screenshot-blob failure shape: Bug: Screenshot blob in tool result poisons conversation context → API 400 on all subsequent turns browser-use/browser-use#4742 (comment)
• UI-Trace telemetry discussion: open-research(vision): UI-Trace — agentic telemetry standard tosin2013/helmdeck#117 (comment)

Working mapping direction for BrowserTrace, without claiming AOS compliance yet:

BrowserTrace concept	Candidate standards shape	Notes / gap
run id / step id / action id	trace id, span/event id, task artifact id	Needs stable correlation across tool call, screenshot, URL, model decision, and error.
screenshot/video path	URI-style artifact reference, not raw inline message text	Prefer path/URI plus MIME type, digest, dimensions, timestamp, retention, and redaction state. Inline bytes should be opt-in and bounded.
current browser URL	separate event/resource attribute	Keep separate from screenshot so public exports can redact URL independently from visual artifacts.
action label / tool call	OS Tool request/result event	Preserve the action name, arguments summary, status, error, and linked artifact ids.
model decision summary	event attribute or linked model message summary	Keep compact. Do not force screenshots or full model I/O into every later conversation turn.
observation quality	event/artifact metadata	UI/browser evidence should distinguish observed, inferred, missing, stale, ambiguous, and redacted fields when possible.
public export redaction	artifact and field-level metadata	Public-safe exports should make omitted fields explicit rather than silently dropping evidence.

The main invariant to preserve is the artifact boundary: browser artifacts are durable debugging evidence for humans and trace consumers; model messages should only carry the minimum representation needed for the next model call. That boundary addresses the screenshot-blob/context-poisoning failure shape and also keeps AOS-style trace examples realistic for large or sensitive GUI artifacts.

Useful next contributor task: draft a small docs table from the rows above, then mark each row as one of implemented, partially implemented, or research gap. Keep it explicitly framed as a research mapping until AOS maintainers confirm the preferred representation.

[aaronlab]

Follow-up research note after checking the current OWASP AOS dev branch and upstream issue state.

Upstream status:

• Browser/GUI artifact clarification issue is still open with no maintainer reply yet: Clarify browser/GUI artifact references for OS Tool traces OWASP/www-project-agent-observability-standard#74
• AOS docs classify observable actions as agent steps and explicitly cover steps/toolCallRequest and steps/toolCallResult.
• Current schema includes file parts with FileWithBytes and FileWithUri. FileWithUri requires uri and allows optional mimeType and name; FileWithBytes is base64 content.
• Tool results have an executionId link back to the request and an isError flag.
• A2A and MCP sections currently describe protocol transport/guarding rather than a browser-specific artifact model.

Practical BrowserTrace mapping direction, still research-only and not an AOS compliance claim:

BrowserTrace field	Closest current AOS shape	Status
run id / step id	Step context plus tool execution/correlation id	Partially mapped; BrowserTrace would need a stable export-level correlation convention.
action label / tool call	steps/toolCallRequest with toolId, executionId, inputs, and reasoning	Partially mapped; BrowserTrace action labels are human-friendly and may need a normalized tool id.
status and error	steps/toolCallResult with executionId, result.outputs, and result.isError	Partially mapped; error detail shape needs a documented BrowserTrace-to-AOS convention.
screenshot or future video artifact	Prefer FileWithUri / URI-style artifact reference when sharing	Research gap; upstream has file URI/bytes primitives, but no browser screenshot/video example yet.
current browser URL	Separate metadata/attribute from the screenshot artifact	Research gap; keep separate so URL can be redacted independently from visual evidence.
model input/output	Message/tool reasoning or linked model-message summary	Research gap; avoid forcing full prompt/model I/O into every tool-result payload.
public/export redaction state	Field/artifact metadata	Research gap; BrowserTrace should preserve explicit omitted/redacted markers in any future mapping.

Current recommendation for docs: if we add an AOS mapping note, frame it as "BrowserTrace field mapping research" and mark every row as implemented, partially mapped, or research gap. The note should say that BrowserTrace is not AOS-compliant yet and is waiting on upstream guidance for browser/GUI artifact representation.

Implementation bias from this pass: keep screenshots/videos as URI-style durable artifacts by default, not inline base64, and keep current URL plus redaction state as separate metadata fields. That aligns with BrowserTrace's public-safe export model and avoids bloating later model-message/tool-result text.