Skip to content

[kernel 726] fix web bot auth extension #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
archandatta merged 11 commits into from
Jan 12, 2026
Merged

[kernel 726] fix web bot auth extension #110

archandatta merged 11 commits into from
Jan 12, 2026
+238 −61

Conversation

@archandatta
Copy link
Contributor

@archandatta archandatta commented Dec 19, 2025
edited by cursor bot
Loading

Note

Introduces enterprise policy-based installation for extensions and serves required files, improving reliability for extensions needing webRequest/webRequestBlocking.

  • In UploadExtensionsAndRestart, detect policy-required extensions, extract Chrome extension ID from update.xml, validate presence of update.xml and .crx, update enterprise policy, and only add --load-extension flags for non-policy extensions
  • Extend policy model: add ExtensionInstallForcelist, use update_url instead of local path, dedupe forcelist entries, and add ExtractExtensionIDFromUpdateXML with ID validation
  • Serve http://.../extensions/* from /home/kernel/extensions so Chrome can fetch update.xml and .crx
  • E2E: add TestWebBotAuthInstallation verifying ExtensionInstallForcelist and extension directory
  • Docker: make /chromium/flags bind mount writable

Written by Cursor Bugbot for commit 46a6e1e. This will update automatically on new commits. Configure here.

@archandatta archandatta force-pushed the archand/kernel-726/fix-web-bot-auth-extension branch from de5debc to 1af7c34 Compare January 7, 2026 15:46
@archandatta archandatta marked this pull request as ready for review January 7, 2026 16:08
cursor[bot]
cursor bot reviewed Jan 7, 2026
View reviewed changes
@archandatta archandatta requested a review from rgarcia January 7, 2026 17:20
@archandatta archandatta force-pushed the archand/kernel-726/fix-web-bot-auth-extension branch from 1af7c34 to f9e1cee Compare January 9, 2026 18:22
cursor[bot]
cursor bot reviewed Jan 9, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 9, 2026
View reviewed changes
rgarcia
rgarcia requested changes Jan 11, 2026
View reviewed changes
Copy link
Contributor

@rgarcia rgarcia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good progress on the Chrome enterprise policy implementation. The core logic for separating policy vs non-policy extensions looks solid.

Main concern: the deleted TestWebBotAuthInstallation test should be updated rather than removed - the new flow has significant behavior changes that warrant e2e coverage.

A few minor nits on style/perf, and a question about whether the /update.xml root route is necessary.

server/e2e/e2e_chromium_test.go
return targets, nil
}

func TestWebBotAuthInstallation(t *testing.T) {
Copy link
Contributor

@rgarcia rgarcia Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this test was verifying the web-bot-auth policy installation flow. rather than deleting it, could we update it to test the new behavior? the new flow (requiring update.xml + .crx, ExtensionInstallForcelist, update_url instead of path) seems important enough to have e2e coverage.

cursor[bot]
cursor bot reviewed Jan 12, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 12, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 12, 2026
View reviewed changes
@archandatta archandatta requested a review from rgarcia January 12, 2026 14:20
rgarcia
rgarcia approved these changes Jan 12, 2026
View reviewed changes
Copy link
Contributor

@rgarcia rgarcia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes since last review look good:

  • All nits addressed (idiomatic error declaration, strings.HasPrefix, package-level regex)
  • Removed non-deterministic /update.xml and /{filename}.crx routes
  • Re-added TestWebBotAuthInstallation with proper update.xml and .crx files
  • RuntimeAllowedHosts removal is correct - matches upstream web-bot-auth reference and force-installed extensions get manifest permissions automatically

Ship it 🚀

@archandatta archandatta merged commit cf3d9d6 into main Jan 12, 2026
5 checks passed
@archandatta archandatta deleted the archand/kernel-726/fix-web-bot-auth-extension branch January 12, 2026 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@rgarcia rgarcia rgarcia approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@archandatta @rgarcia