[feat:extensions] add support to package web-bot-auth #62
+964
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
archandatta
force-pushed
the
archand/add-support/web-bot-auth
branch
from
01fb400 to
6380ccd
Compare
rgarcia
requested changes
Jan 11, 2026
Contributor
rgarcia
left a comment
rgarcia
left a comment
There was a problem hiding this comment.
Good feature addition! The overall structure is clean and the UX is thoughtful with helpful next-steps messaging.
Main areas to address:
- JWK vs PEM messaging: Several places in help text, logs, and comments refer to "JWK" but PEM format is also supported. Would be good to make this consistent.
- Error handling: A few places where
os.Staterrors other thanIsNotExistare silently ignored, and some URL update failures are warnings instead of errors. - Stability: Consider pinning the GitHub download to a specific commit to avoid upstream breaking changes.
- Crypto code: The stdlib already has
crypto/x509.MarshalPKCS8PrivateKeyfor Ed25519 - no need to hand-roll ASN.1.
rgarcia
approved these changes
Jan 12, 2026
Contributor
rgarcia
left a comment
rgarcia
left a comment
There was a problem hiding this comment.
lgtm - nice work on the crypto refactor to use stdlib and good test coverage. just a few minor nits.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note
Adds a new CLI flow to fetch, build, and package Cloudflare’s
web-bot-authbrowser extension with Kernel-specific configs, plus supporting utils and tests.kernel extensions build-web-bot-authcommand incmd/extensions.gowith flags--to,--url,--key,--upload; can auto-upload to Kernel under a specified namepkg/extensions/webbotauth.go: downloads GitHub archive, validates/converts Ed25519 keys (JWK/PEM), modifies policy/build templates, runsnpm install/build/bundle, extracts extension ID, and copies artifacts (.crx,update.xml,policy, built files) to outputpkg/util/crypto.go(ValidatePEMKey,IsPEMKey,ConvertJWKToPEM) and file ops inpkg/util/fileops.go(CopyFile,CopyDir,ModifyFile)pkg/extensions/webbotauth_test.goand crypto unit tests inpkg/util/crypto_test.goWritten by Cursor Bugbot for commit 5268e7a. This will update automatically on new commits. Configure here.