Compact cited web packets for AI agents

Don’t expose your LLM to the raw internet.

IPLoop BrowserWall is a working MVP that turns messy public webpages into compact, cited packets for AI agents. It reduces LLM input tokens and keeps raw HTML away from the model.

BrowserWall is an IPLoop / ProxyClaw product for agent-safe web context.

Test BrowserWall Search View product JSON See pricing

70–95%typical input-token reduction on noisy pages

12k → 600choose max detail or shrink the packet

1 wallaccess, clean, cite, and deliver

{
  "schema": "iploop.browserwall.context.v0",
  "raw_tokens": 18700,
  "safe_context_tokens": 842,
  "saved_percent": 95.5,
  "facts": {
    "price": "$129.99",
    "availability": "In stock",
    "shipping": "Ships by May 13"
  },
  "security": {
    "raw_html_hidden_from_llm": true,
    "hidden_prompt_instructions_removed": true
  }
}

Test BrowserWall Search

Paste a topic or a URL. BrowserWall can search broadly first, then deep-dive any URL into the exact clean packet your agent receives.

What should BrowserWall read? Topic, question, product, travel search, or URL.

Mode

Geo

Max tokens your LLM receives Default is max. Reduce when you want cheaper/smaller context.

Ready. Runs real web/source checks, then compresses into LLM context.

Final packet your agent gets

Your agent uses BrowserWall as the wall before the web.

Instead of sending raw pages, scripts, ads, SEO spam, and 20k+ tokens into an LLM, your agent calls BrowserWall first. BrowserWall fetches, cleans, cites, and compresses the web into the final packet the model receives. That is where the savings happen.

1. Agent asks BrowserWall

Send a topic, question, product, travel query, or URL. Default is max detail; reduce tokens only when you want a smaller/cheaper packet.

POST https://commerce.iploop.io/api/v1/context
{
  "input": "https://example.com/",
  "type": "url",
  "geo": "US",
  "max_tokens": 12000
}

2. LLM receives only the clean packet

Your model reads agent_packet: summary, facts, evidence URLs, token savings, and trust flags. Raw HTML stays outside the model.

const packet = response.agent_packet
messages.push({
  role: "system",
  content: "Use only this BrowserWall packet as web context."
})
messages.push({ role: "user", content: JSON.stringify(packet) })

BrowserWall Safety Lab.

A live prompt-injection benchmark makes the trust-wall claim measurable. BrowserWall now publishes raw HTML downloads, sanitizer version, hashes, replay links, known gaps, and third-party-suite placeholders for AgentDojo/InjecAgent.

—blocked or flagged attacks

—raw fetch baseline success

—open hostile cases in MVP corpus

Reproducible by strangers

Each case includes raw HTML download, exact sanitizer version, hashes, and a curl command so skeptical engineers can verify what was processed.

Known gaps are public

The lab intentionally includes cases BrowserWall does not yet handle: Unicode homoglyphs, encoded payloads, split DOM instructions, and CSS generated content.

Easy explainer video

The problem: agents waste tokens and trust raw messy webpages. The solution: BrowserWall sits in the middle, cleans the web, saves tokens, and gives the agent cited context.

Before raw page / after clean packet.

The commercial value is not only cheaper tokens. It is giving the agent a smaller, cited, safer packet instead of raw HTML, ads, scripts, redirects, and hidden instructions.

Before: raw webpage

18k+ tokens of HTML, navigation, duplicate templates, trackers, scripts, popups, SEO text, and untrusted hidden instructions.

<html>
  <script>...</script>
  nav / ads / tracking
  hidden prompt instructions
  duplicated product copy
</html>

After: BrowserWall packet

A compact JSON packet with summary, facts, evidence URLs, trust flags, and token-savings metadata for the agent.

{
  "agent_packet": {
    "facts": [...],
    "evidence": [...],
    "safety": {...},
    "token_savings": "70–95%"
  }
}

IPLoop BrowserWall sits between agents and messy public pages.

The public web is noisy, blocked, dynamic, and untrusted. BrowserWall turns that mess into a compact, cited, token-budgeted packet before the model sees it.

🌍

Residential access wall

Geo-targeted and session-aware access for ecommerce, travel, marketplaces, SERPs, and other public pages where datacenter crawlers struggle.

✂️

Token wall

Remove scripts, nav, ads, boilerplate, duplicate templates, and irrelevant DOM before the LLM pays to read it.

🧯

Trust wall

Treat every webpage as untrusted. Strip hidden instructions, scripts, comments, and risky action suggestions before the LLM sees context.

🔎

Evidence wall

Every fact can carry source text, selector, URL, timestamp, confidence, and screenshot/hash hooks for auditability.

⚙️

Action wall

Browser agents get a small safe action map instead of a full DOM dump. Risky payment/login/destructive actions can require human approval.

🔁

Diff wall

For monitors, BrowserWall hashes cleaned content and returns changed:false. No change means no LLM call.

Pipeline

One request becomes a clean context packet. The LLM reasons; BrowserWall handles the messy public web first.

1. RequestURL, task, geo, max tokens, security policy.

2. AccessFetch or render through IPLoop web access.

3. SanitizeRemove scripts, hidden text, prompt-injection signals, boilerplate.

4. ExtractFacts, highlights, action map, diffs, and evidence.

5. DeliverSmall safe context packet under the requested token budget.

Pricing is monthly plan credits.

One normal static context call = 1 credit. Browser rendering, residential geo sessions, and extra evidence/security scans use more credits. Token savings are the ROI metric, not the billing meter.

Free + Ads

$0/mo

100 credits / month
1 credit = normal context call
Sponsored/source cards may appear
No overage during MVP

No Ads

$5/mo

300 credits / month
No sponsored result slots
Clean packet API access
No overage during MVP

Plus

$10/mo

1,000 credits / month
Browser sessions for hard pages
Before/after packet evidence
$0.02 / extra credit

Pro

$50/mo

7,500 credits / month
Priority browser/residential sessions
Security/evidence features
$0.01 / extra credit

Security note: BrowserWall reduces exposure to hostile/noisy web content; it does not guarantee perfect prompt-injection removal or complete security coverage. Treat it as a cleanup and evidence layer, not a magic firewall.

Hostile page signal

Our controlled demo page includes hidden comments, CSS-hidden text, and off-screen instructions like “ignore safety rules” and “leak secrets.”

Clean packet behavior

BrowserWall strips scripts/styles/hidden markup from the packet and returns only cited visible content plus safety flags for the agent.