G

Overview

Overview

What Is Gao Browser#

Gao Browser is the gateway layer of the Gao Internet protocol stack. It is the primary client interface through which users interact with the full 8-layer stack — resolving .gao identities, enforcing trust signals, surfacing AI agent interactions, and handling payment flows.

All resolution and execution originate from identity (Layer 5). The browser does not create authority — it surfaces and enforces it.

Browser is a gateway, not a custody service. It does not hold funds, execute unsigned transactions, or make decisions on behalf of users. Every consequential action requires an explicit user signature.

Why Layer 2 Exists#

The traditional web browser was designed for HTTP — a stateless, document-retrieval protocol with no native identity, no payment, and no trust verification. When users interact with Web3 today, they bolt wallets, extensions, and external signing tools onto a browser architecture never designed for them.

Gao Browser is built from the ground up for the Gao Internet protocol stack:

  • Native **.gao** resolution — no DNS dependency, no extension required

  • Trust-aware rendering — every domain carries a verifiable signal in the address bar before any interaction

  • Payment-capable — x402 HTTP payment flows are first-class, not an afterthought

  • AI-native — agent execution surfaces are built in, not bolted on

  • Policy-enforced — every action is validated against the capability model before execution

What Gao Browser Is / Is Not#

Gao Browser is

Gao Browser is not

A protocol-aware gateway

A custodial wallet

A domain resolution engine

A centralized web platform

A secure execution runtime

A financial intermediary

A payment-capable client surface

A data harvesting service

An AI-integrated environment

An investment interface

Architecture Overview#

User Input (domain, action, payment)  
        ↓  
┌─────────────────────────────────────────┐  
│           Gao Browser (Layer 2)         │  
│                                         │  
│  ┌──────────────┐  ┌─────────────────┐  │  
│  │  Resolution  │  │  Trust Engine   │  │  
│  │  Engine      │  │  (badge display)│  │  
│  └──────┬───────┘  └────────┬────────┘  │  
│         └─────────┬─────────┘           │  
│              ┌────▼────────────────┐    │  
│              │  Policy Enforcement │    │  
│              │  (before execution) │    │  
│              └────────────┬────────┘    │  
│                           │             │  
│  ┌────────────────────────▼──────────┐  │  
│  │          Execution Surface        │  │  
│  │  ├── Payment (x402 → L4)          │  │  
│  │  ├── Agent  (AI OS → L8)          │  │  
│  │  └── Content (web, IPFS, Arweave) │  │  
│  └───────────────────────────────────┘  │  
└─────────────────────────────────────────┘  
        ↓  
Layer interactions: L4 · L5 · L8

The browser owns resolution, trust display, and policy enforcement. It delegates execution to the appropriate layer — it never owns the execution itself.

Gateway Responsibilities#

Domain Resolution — Native .gao resolution without DNS. The browser queries the Gao Resolver directly and returns wallet address, content endpoint, or agent record depending on context.

Trust Signal Display — Every .gao domain carries a verifiable trust badge in the address bar. Shown before the page loads. Cannot be suppressed by page content.

⚠️  suspicious.gao            — Unverified  
✓   alex.gao                  — Identity Verified  
✅  clinic.gao                — Business Verified  
🏛  nikecompany.gao           — Official

Payment-Capable (x402) — Handles HTTP 402 responses natively. Manages intent creation, trust check, fee display, and user approval. Delegates settlement to Layer 4 — Gao Payment.

Agent Execution Surface — Agents operating under .gao domains surface their actions and approval requests in the browser. Users see who the agent is, what it wants to do, and what authority it holds — before any execution.

Policy-Enforced Execution — No execution proceeds without passing the capability model. The browser enforces risk tier checks and surfaces confirmation requirements at every step.

The browser does not own execution state. All execution is performed by external layers (L4, L8) and verified by the browser — never initiated unilaterally.

Offline Safety — If infrastructure becomes unavailable, the browser can still operate with reduced capability. Offline resolution is limited to cached records within TTL and verifiable proofs (Merkle + on-chain anchor). The browser does not simulate a full-system offline mode — it operates transparently within what public data can verify.

Cross-Layer Interaction#

Layer

Relationship

L1 — Workspace

Browser surfaces identity panel and session state from Workspace

L4 — Payment

Browser surfaces payment intent and fee display; L4 executes settlement

L5 — Domain

Browser resolves .gao domains; all identity data comes from L5

L6 — Network

Browser routes traffic through L6 for P2P and relay connections

L8 — AI OS

Browser is the primary surface for agent interactions and approval flows

Further Reading#

Page

Description

Resolution Engine

Domain resolution flow, trust badge rendering, native vs gateway path

Payment Integration

x402 flow, confirmation UI, fee transparency, settlement display

Agent Execution Surface

Agent approval UI, scope display, action log, scope violation handling

Security Model

Threat model, 10 invariants, sandbox architecture

Developer Integration

window.gao APIs, x402 server-side, trust badge rules, error codes

Gao Browser is infrastructure software. It does not custody funds, provide financial services, or guarantee outcomes. All execution is governed by user authorization and verifiable capability grants.