GitHub
Lingphi AI / Lingent

Lingent Documentation

Web documentation, setup guides, security notes, and support links for Lingent.

Read docs Create an issue

Current product line

v0.23.0

Model access

user provider / localhost gateway

Security

Lingent is powerful because it runs in the browser and can interact with pages. That power must be explained and controlled clearly.

Model access

Lingent does not sell, lease, broker, or bundle third-party model tokens. Users connect their own provider credentials, local model servers, or a local gateway such as Manifold.

Recommended patterns:

  • Use Manifold or another localhost gateway when you want model access isolated

from the browser extension's direct provider configuration.

  • Use short-lived local session keys for local gateway experiments when

possible.

  • Keep provider keys in Settings, not in chat prompts.
  • Redact keys before sharing logs or screenshots.

Browser permissions

Lingent needs broad browser permissions to support page reading, side panel workflows, context menus, content scripts, storage, alarms, notifications, offscreen work, and optional advanced browser control.

Treat the permission set as part of the product contract:

  • Explain why each major permission exists.
  • Keep risky modes opt-in.
  • Prefer visible Settings controls over hidden behavior.
  • Disable tools that are not needed for a user's workflow.

Approvals

State-changing actions should be visible before execution. Lingent is designed to gate sensitive browser actions, persistent state changes, and replayed skills through approval prompts unless the user deliberately changes trust settings.

Examples of work that should be reviewed:

  • Posting a GitHub or Jira comment.
  • Merging, transitioning, or updating work items.
  • Navigating or typing into sensitive pages.
  • Scheduling future autonomous work.
  • Replaying a saved browser skill.

Activity records

The activity ledger is designed to preserve reviewability while reducing secret exposure. Tool arguments are redacted when they look like tokens, API keys, passwords, cookies, bearer credentials, or similar secrets. Results are truncated before storage.

Redaction is a safety layer, not permission to paste secrets into prompts.

User scripts and platform manifests

User-authored scripts should run in a sandboxed context, not inside the privileged background runtime. Platform manifests should be scoped to declared hosts and should not be allowed to redirect requests to unrelated origins.

When reviewing a new platform integration, check:

  • Host permissions.
  • Credential fields.
  • Write-capable tools.
  • Approval requirements.
  • Whether the integration needs cookies, bearer tokens, or no auth.