yunti-browser-runtime 0.1.3 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,145 @@
1
+ # Extension Distribution Readiness
2
+
3
+ This document tracks browser-store readiness for the Yunti Browser Runtime
4
+ extension. It is intentionally an audit and submission plan first, not an
5
+ immediate permission rewrite.
6
+
7
+ ## Current Goal
8
+
9
+ Prepare for Chrome Web Store and Microsoft Edge Add-ons distribution while
10
+ preserving Yunti's local-first browser automation purpose:
11
+
12
+ - operate real user-opened Chrome/Edge pages through a local bridge;
13
+ - keep the unpacked extension path for developers and npm installs;
14
+ - avoid narrowing permissions until there is a tested replacement path;
15
+ - explain broad permissions honestly before any store submission.
16
+
17
+ ## Official Policy Baseline
18
+
19
+ The store-facing baseline for this project is:
20
+
21
+ - Chrome permissions must be declared in the manifest, and some permissions
22
+ trigger install warnings. The current `debugger` permission is especially
23
+ sensitive because Chrome warns that it can access the page debugger backend
24
+ and read/change site data.
25
+ - Chrome Web Store policy expects a narrow, easy-to-understand single purpose,
26
+ minimum permissions, and user-data use limited to the disclosed purpose.
27
+ - Chrome Web Store privacy disclosures must match the extension behavior and
28
+ privacy policy, especially when handling page content, browsing activity,
29
+ request data, screenshots, or form data.
30
+ - Edge Add-ons policy similarly requires permissions only when necessary for
31
+ the declared functionality, plus a privacy policy link and store metadata.
32
+ - Edge Add-ons submission requires a zip package, required visual assets, a
33
+ listing description, and a privacy policy link.
34
+
35
+ References:
36
+
37
+ - Chrome permissions reference:
38
+ https://developer.chrome.com/docs/extensions/reference/permissions-list
39
+ - Chrome permission declaration guide:
40
+ https://developer.chrome.com/docs/extensions/develop/concepts/declare-permissions
41
+ - Chrome Web Store program policies:
42
+ https://developer.chrome.com/docs/webstore/program-policies/policies
43
+ - Chrome Web Store Limited Use policy:
44
+ https://developer.chrome.com/docs/webstore/program-policies/limited-use
45
+ - Microsoft Edge extensions overview and publishing requirements:
46
+ https://learn.microsoft.com/en-us/microsoft-edge/extensions/
47
+ - Microsoft Edge Add-ons developer policies:
48
+ https://learn.microsoft.com/en-us/legal/microsoft-edge/extensions/developer-policies
49
+
50
+ ## Current Manifest Audit
51
+
52
+ Current file: `extension/manifest.json`.
53
+
54
+ | Manifest field | Current value | Why Yunti uses it | Store risk | P6.6.1 decision |
55
+ | --- | --- | --- | --- | --- |
56
+ | `manifest_version` | `3` | Required modern extension format. | Low. | Keep. |
57
+ | `permissions.activeTab` | present | Visible-tab capture fallback and temporary page access semantics. | Low to medium; generally narrower than persistent host access. | Keep. |
58
+ | `permissions.debugger` | present | CDP commands, target-level automation, console/runtime/network events, and low-level recovery. | High. Chrome shows a debugger warning and reviewers may ask why this is core. | Keep for now; store copy must explain this is the core browser automation transport. |
59
+ | `permissions.storage` | present | Local bridge URL, optional token, user id/name, and page match settings. | Low. | Keep. |
60
+ | `permissions.tabs` | present | Tab inventory, active tab selection, switching, and metadata routing. | Medium. Chrome may warn about browsing history. | Keep for now; evaluate whether any read paths can use host/activeTab data later. |
61
+ | `permissions.webRequest` | present | Sanitized network diagnostics and request observation. | Medium to high with broad hosts. | Keep for now; P6.6.2 should evaluate optionalizing network diagnostics. |
62
+ | `host_permissions` | `http://*/*`, `https://*/*` | Register and operate arbitrary user-selected http/https pages. | High because it maps to broad site access. | Keep for developer/npm path; store submission must decide broad access vs optional/site-request flow. |
63
+ | `host_permissions` | `http://127.0.0.1/*`, `http://localhost/*` | Local bridge communication. | Low but should be explained as local-only bridge access. | Keep. |
64
+ | `content_scripts.matches` | `http://*/*`, `https://*/*` | Observe and act on arbitrary web pages once loaded. | High because content scripts imply broad page access. | Keep for now; evaluate `optional_host_permissions` or user-triggered site access later. |
65
+
66
+ ## Store Submission Checklist
67
+
68
+ Required before submitting to either store:
69
+
70
+ - Store description with one clear purpose:
71
+ "Local browser runtime that lets user-authorized AI agents inspect and
72
+ operate the user's own Chrome/Edge pages through a local bridge."
73
+ - Permission rationale for every manifest permission above.
74
+ - Privacy policy page that states:
75
+ - no hosted Yunti service is used in the default install path;
76
+ - observations are sent only to the local bridge on loopback by default;
77
+ - screenshots are visible pixels and may contain sensitive content;
78
+ - raw CDP diagnostics are a low-level exception and should be cleared;
79
+ - learning memory is local filesystem data;
80
+ - network/console/memory text is sanitized before storage or display;
81
+ - users can remove the extension and clear local memory.
82
+ - Store privacy/data disclosure answers aligned with `docs/SECURITY.md`.
83
+ - Visual assets:
84
+ - extension icon set for store and manifest;
85
+ - at least one screenshot of the optional local console;
86
+ - at least one screenshot or diagram of the extension popup zero-config state;
87
+ - optional short demo media showing local bridge + extension + agent workflow.
88
+ - Package artifact:
89
+ - `npm run package-extension` zip;
90
+ - package/manifest version consistency verified by `npm run release:check`;
91
+ - no local-only residue in public docs.
92
+ - Review notes:
93
+ - explain why `debugger` is core to browser automation;
94
+ - explain why broad host access exists in the developer/npm path;
95
+ - document the local-only bridge and no hosted relay default.
96
+
97
+ ## Permission Narrowing Options
98
+
99
+ These are follow-up options, not P6.6.1 changes:
100
+
101
+ | Option | Benefit | Cost / risk |
102
+ | --- | --- | --- |
103
+ | Keep broad host permissions for store release | Preserves current one-step operation after install. | Highest review and user-trust burden. |
104
+ | Move broad hosts to optional host permissions | Better minimum-permission story. | Requires new UX for granting host access and robust recovery when not granted. |
105
+ | Use `activeTab` for a user-invoked page grant path | Much smaller default warning surface. | Breaks always-on agent operation unless redesigned around explicit user gestures. |
106
+ | Make network diagnostics optional | Reduces review surface for users who only need DOM actions. | Splits tool availability and recovery guidance; needs schema/tool hint updates. |
107
+ | Keep unpacked-only for 0.2.0 and defer store listing | Avoids premature permission compromises. | Users still manually load the extension. |
108
+
109
+ Recommended next slice: keep current manifest behavior, but draft store-facing
110
+ permission and privacy copy. Then decide whether `webRequest` and broad hosts
111
+ should become optional before a real store submission.
112
+
113
+ ## Store Copy Draft
114
+
115
+ P6.6.2 store-facing copy is tracked in
116
+ [EXTENSION_STORE_COPY.md](EXTENSION_STORE_COPY.md). It contains draft short and
117
+ long descriptions, permission rationale, privacy-policy text, store data
118
+ disclosure guidance, reviewer notes, and the final review checklist.
119
+
120
+ ## Permission Strategy Decision
121
+
122
+ P6.6.3 pre-store permission strategy is tracked in
123
+ [EXTENSION_PERMISSION_STRATEGY.md](EXTENSION_PERMISSION_STRATEGY.md). The
124
+ current decision keeps the npm/unpacked developer path unchanged, does not
125
+ recommend submitting the current broad-permission manifest unchanged by default,
126
+ and defines a future store-candidate track for optional host access and optional
127
+ network diagnostics.
128
+
129
+ ## Current P6.6.1 Outcome
130
+
131
+ P6.6.1 completes when this audit is linked from public docs and the status files
132
+ identify the next store-readiness slice. It does not change extension runtime
133
+ behavior.
134
+
135
+ ## Current P6.6.2 Outcome
136
+
137
+ P6.6.2 completes when the draft store copy pack is available and linked from
138
+ this distribution readiness audit. It does not change extension runtime
139
+ behavior or the submitted manifest strategy.
140
+
141
+ ## Current P6.6.3 Outcome
142
+
143
+ P6.6.3 completes when the permission strategy decision is available and linked
144
+ from this distribution readiness audit. It does not change extension runtime
145
+ behavior or `extension/manifest.json`.
@@ -0,0 +1,164 @@
1
+ # Extension Permission Strategy
2
+
3
+ This document is the P6.6.3 pre-store permission strategy decision for Yunti
4
+ Browser Runtime. It turns the manifest audit and store-copy draft into a clear
5
+ product decision before any browser-store implementation work.
6
+
7
+ ## Decision Summary
8
+
9
+ Yunti will keep the current npm/unpacked extension path unchanged for the
10
+ current `0.2.0` development cycle:
11
+
12
+ - broad `http` / `https` host access remains acceptable for the local developer
13
+ and npm-installed extension path;
14
+ - `webRequest` remains available by default for local diagnostics;
15
+ - `debugger`, `tabs`, screenshots, CDP, network, console, upload, and tab
16
+ capabilities remain part of Yunti's core local browser automation surface;
17
+ - the current manifest should not be submitted to Chrome Web Store or Edge
18
+ Add-ons as the recommended store build without an explicit maintainer
19
+ decision.
20
+
21
+ The recommended store-candidate direction is a two-track model:
22
+
23
+ - **Developer/npm track**: preserve today's zero-config, broad-access local
24
+ runtime for users who intentionally install Yunti as a browser automation
25
+ tool.
26
+ - **Store-candidate track**: design and test a lower-warning permission mode
27
+ before submission, likely using optional host access and optional network
28
+ diagnostics where the browser APIs and Yunti UX can support it reliably.
29
+
30
+ This is a decision checkpoint, not a manifest rewrite.
31
+
32
+ ## Why This Decision
33
+
34
+ Yunti's core product promise is real local browser automation for arbitrary
35
+ user-opened Chrome/Edge pages. The current broad permissions support that
36
+ promise: an agent can observe, click, fill, scroll, inspect diagnostics, switch
37
+ tabs, and recover through CDP without forcing the user to grant site access on
38
+ every page first.
39
+
40
+ However, browser stores evaluate extension trust differently from a local
41
+ developer install:
42
+
43
+ - Chrome recommends optional permissions when functionality allows it, so users
44
+ get informed control over resource and data access.
45
+ - Chrome permission and host declarations can trigger user-visible install
46
+ warnings.
47
+ - Edge policy says extensions should request only permissions essential for the
48
+ declared functionality, and must clearly disclose dependency on non-integrated
49
+ software and testing steps.
50
+ - Yunti's current `debugger`, broad host access, `tabs`, and `webRequest`
51
+ combination is truthful for a browser automation runtime, but it is also the
52
+ highest-review-burden shape.
53
+
54
+ The safest product path is therefore:
55
+
56
+ 1. Do not weaken the local Yunti experience just to reduce store warnings.
57
+ 2. Do not submit a broad-permission store build casually.
58
+ 3. Build a store-candidate mode only after the permission UX and recovery
59
+ behavior are designed and tested.
60
+
61
+ ## Decision Matrix
62
+
63
+ | Option | Decision | Reason |
64
+ | --- | --- | --- |
65
+ | Submit current manifest unchanged to stores | Not recommended by default. | It preserves functionality, but broad host access plus `debugger` and `webRequest` creates high reviewer and user-trust burden. |
66
+ | Remove broad host permissions immediately | Rejected for now. | It would break the current zero-config observe/action workflow unless a replacement permission UX is implemented first. |
67
+ | Make `webRequest` optional before store submission | Recommended for design/prototype. | Network diagnostics are valuable but not required for every click/fill/scroll workflow. Optionalizing them may reduce review surface. |
68
+ | Move broad web access to optional host permissions | Recommended for design/prototype. | Better aligns with user-controlled access, but needs UX, content-script registration/injection changes, recovery guidance, and tests. |
69
+ | Keep npm/unpacked as the only 0.2.0 distribution path | Acceptable fallback. | Preserves the core product while avoiding premature store compromises. |
70
+
71
+ ## Permission Strategy
72
+
73
+ ### Developer / npm Track
74
+
75
+ Keep current behavior:
76
+
77
+ - `permissions`: `activeTab`, `debugger`, `storage`, `tabs`, `webRequest`.
78
+ - `host_permissions`: `http://*/*`, `https://*/*`, localhost bridge access.
79
+ - Static content scripts for `http` / `https` pages.
80
+ - Popup remains zero-config by default.
81
+ - Advanced page match patterns remain a runtime registration filter, not a
82
+ browser permission boundary.
83
+
84
+ This track is the default for local users who intentionally install the runtime
85
+ from npm and load the extension from the package directory.
86
+
87
+ ### Store-Candidate Track
88
+
89
+ Do not implement this until the next slice has a concrete design. The target
90
+ shape should evaluate:
91
+
92
+ - `optional_host_permissions` for broad `http` / `https` page access.
93
+ - A first-run or popup flow that clearly requests access for the current site
94
+ or all sites, without becoming a mandatory hub.
95
+ - Recovery messages when the agent cannot observe a page because host access
96
+ has not been granted.
97
+ - Whether content scripts should remain declarative, be dynamically registered,
98
+ or be injected after permission grant.
99
+ - Optionalizing network diagnostics so `webRequest` is requested only when the
100
+ user enables debugging.
101
+ - Whether `debugger` can remain required for the store candidate, with strong
102
+ single-purpose justification, or whether some workflows can operate before
103
+ debugger attachment.
104
+
105
+ The store-candidate track must remain additive. It must not remove the
106
+ developer/npm track or narrow Yunti into a page-only automation tool.
107
+
108
+ ## Required UX Before Store Submission
109
+
110
+ Before any store build with narrowed permissions:
111
+
112
+ - Popup should show a clear "grant access for this site" or equivalent action
113
+ when the current page is blocked by missing host permission.
114
+ - Agent-facing errors should say whether the page is unavailable because host
115
+ permission is missing, the bridge is offline, the page is unsupported, or the
116
+ extension needs a refresh.
117
+ - Tool hints and the packaged skill should explain how to recover:
118
+ `open page -> grant site access -> refresh -> yunti_list_browser_targets`.
119
+ - Optional network diagnostics should be visibly separate from basic DOM
120
+ automation.
121
+ - `doctor` should detect permission-mode problems and provide a human-readable
122
+ next step.
123
+
124
+ ## Required Engineering Work Before Store Submission
125
+
126
+ If the store-candidate track proceeds, the next implementation slices should be
127
+ small and testable:
128
+
129
+ 1. Add a permission-mode design/prototype for host access.
130
+ 2. Add a diagnostics-mode design/prototype for `webRequest`.
131
+ 3. Update extension popup state and background registration flow.
132
+ 4. Update MCP errors, `yunti_get_tool_usage_hints`, Tool Guide, and packaged
133
+ skill for missing-permission recovery.
134
+ 5. Add deterministic extension tests for permission-denied and permission-
135
+ granted paths.
136
+ 6. Add real-browser E2E coverage for:
137
+ - page blocked before host grant;
138
+ - grant access;
139
+ - refresh/register;
140
+ - observe/action success;
141
+ - optional diagnostics enabled/disabled.
142
+ 7. Update store copy and privacy text after the final manifest strategy is
143
+ known.
144
+
145
+ ## Store Readiness Gate
146
+
147
+ A browser-store submission should not proceed until all of these are true:
148
+
149
+ - final manifest permissions match the submitted store copy;
150
+ - privacy policy URL is published and matches runtime behavior;
151
+ - support URL and reviewer test steps are confirmed;
152
+ - screenshots use non-sensitive demo pages;
153
+ - `npm run release:check` passes;
154
+ - real-browser E2E passes with the submitted extension package;
155
+ - no local token, private path, unpublished account detail, or internal-only
156
+ URL appears in store metadata;
157
+ - maintainer explicitly accepts the remaining `debugger` and host-access
158
+ warnings.
159
+
160
+ ## P6.6.3 Outcome
161
+
162
+ P6.6.3 completes when this decision is linked from distribution readiness docs
163
+ and status files. It does not change `extension/manifest.json` or runtime
164
+ behavior.
@@ -0,0 +1,210 @@
1
+ # Extension Store Copy Draft
2
+
3
+ This document is the P6.6.2 draft copy pack for future Chrome Web Store and
4
+ Microsoft Edge Add-ons submissions. It is written as reviewable product copy and
5
+ reviewer notes, not as a final legal policy.
6
+
7
+ Current status: draft for maintainer review. Do not submit this text to a store
8
+ until the maintainer has confirmed the final permission strategy, privacy-policy
9
+ URL, support URL, screenshots, and test instructions.
10
+
11
+ The current pre-store permission strategy decision is tracked in
12
+ `docs/EXTENSION_PERMISSION_STRATEGY.md`. Store copy must be reviewed again after
13
+ any manifest or permission-mode change.
14
+
15
+ ## Policy Baseline
16
+
17
+ This copy follows the browser-store principles recorded in
18
+ `docs/EXTENSION_DISTRIBUTION.md`:
19
+
20
+ - Chrome extension permissions, host permissions, and content script matches
21
+ must be declared in the manifest. Some permissions and match patterns can
22
+ trigger install warnings.
23
+ - Chrome recommends optional permissions when the feature can support runtime
24
+ user grants.
25
+ - Chrome Web Store policy expects user data use to be limited to the disclosed
26
+ single purpose and the narrowest permissions needed for implemented features.
27
+ - Edge Add-ons policy expects the extension to request only permissions
28
+ essential for functioning, clearly disclose data handling, and maintain a
29
+ relevant privacy policy.
30
+
31
+ Official references:
32
+
33
+ - Chrome permission declaration:
34
+ https://developer.chrome.com/docs/extensions/develop/concepts/declare-permissions
35
+ - Chrome Web Store program policies:
36
+ https://developer.chrome.com/docs/webstore/program-policies/policies
37
+ - Chrome Web Store Limited Use policy:
38
+ https://developer.chrome.com/docs/webstore/program-policies/limited-use
39
+ - Microsoft Edge Add-ons developer policies:
40
+ https://learn.microsoft.com/en-us/legal/microsoft-edge/extensions/developer-policies
41
+
42
+ ## One-Sentence Purpose
43
+
44
+ Local browser runtime that lets user-authorized AI agents inspect and operate
45
+ the user's own Chrome or Edge pages through a local MCP bridge.
46
+
47
+ ## Short Description
48
+
49
+ Yunti Browser Runtime connects MCP-capable AI agents to the user's local
50
+ Chrome/Edge browser so the agent can inspect pages, click, type, switch tabs,
51
+ capture screenshots, and read sanitized diagnostics through a local bridge.
52
+
53
+ ## Long Description Draft
54
+
55
+ Yunti Browser Runtime is a local-first browser automation extension for users
56
+ who want MCP-capable AI agents to operate their own Chrome or Edge pages.
57
+
58
+ The extension connects pages in the user's browser to a local bridge running on
59
+ the user's machine. Agents can then inspect the active page, click, type,
60
+ select, scroll, switch tabs, capture screenshots when needed, and read sanitized
61
+ network or console diagnostics. The default install path does not use a hosted
62
+ Yunti service.
63
+
64
+ Yunti is designed for explicit user-directed automation. The user installs the
65
+ runtime, loads or installs the extension, starts an MCP-capable agent, and keeps
66
+ control of which browser pages are open. The extension popup shows connection
67
+ status and keeps advanced settings, such as a custom bridge URL or optional
68
+ token, out of the default first-run path.
69
+
70
+ The extension needs broad browser access because browser automation must work
71
+ on user-selected websites, tabs, and application pages. Sensitive diagnostics
72
+ are minimized by default: page observation redacts credential-like values,
73
+ network and console summaries are sanitized before storage or display, and raw
74
+ CDP diagnostics are a low-level debugging exception that should be cleared after
75
+ use. Screenshots are real visible page pixels and may contain sensitive content,
76
+ so agents should request or use them only when visual evidence is needed.
77
+
78
+ ## Permission Rationale Draft
79
+
80
+ Use this table as the source for Chrome Web Store permission justification,
81
+ Edge certification notes, and any public privacy-policy explanation.
82
+
83
+ | Manifest item | User-facing reason | Reviewer-facing detail | Keep / decide |
84
+ | --- | --- | --- | --- |
85
+ | `activeTab` | Allows temporary access to the visible tab for user-directed capture and fallback operations. | Used as a narrower visible-tab fallback where possible. It does not replace persistent access needed for the current automation workflow. | Keep. |
86
+ | `debugger` | Enables the local agent to control the user's browser tab through the browser's debugging protocol. | Core transport for CDP commands, target routing, console/runtime diagnostics, screenshots, and low-level recovery. This is high-sensitivity and must be explained as the product's primary browser automation mechanism. | Keep for current developer path; re-review before store submission. |
87
+ | `storage` | Saves local extension settings such as bridge URL, optional token, user id/name, and page match settings. | Stores local configuration only. It is not used for hosted sync by default. | Keep. |
88
+ | `tabs` | Lets the agent list and switch the user's open browser tabs. | Needed for tab inventory, target selection, activation, and routing metadata. Store copy should explain that tab metadata is used only for user-directed local automation. | Keep for current workflow; evaluate narrower alternatives later. |
89
+ | `webRequest` | Lets the runtime provide sanitized network diagnostics when debugging page automation. | Used for observation and diagnostics, not ad blocking or request modification. Because this combines with broad hosts, consider making network diagnostics optional in a later slice. | Keep for developer path; P6.6.3 should decide optionalization. |
90
+ | `host_permissions` for `http://*/*` and `https://*/*` | Lets the extension work on the web pages the user wants the agent to operate. | Broad host access supports arbitrary user-selected business apps, websites, and local workflows. This has the highest trust and review burden. Store submission must choose between broad access and an optional/site-grant UX. | Decision required before store submission. |
91
+ | `host_permissions` for `http://127.0.0.1/*` and `http://localhost/*` | Lets the extension communicate with the local bridge on the user's machine. | Required for local loopback communication. The default bridge URL is `http://127.0.0.1:48887`; no hosted relay is used by default. | Keep. |
92
+ | `content_scripts.matches` for `http://*/*` and `https://*/*` | Lets the extension observe and act on user-selected web pages. | Required for DOM observation, fresh element ids, click/fill/select/scroll actions, and page registration. Consider optional host permission UX before a store release if broad install-time warnings are unacceptable. | Decision required before store submission. |
93
+
94
+ ## Privacy Policy Draft
95
+
96
+ Yunti Browser Runtime is local-first software. In the default install path, the
97
+ extension communicates with a bridge on the user's own machine at
98
+ `http://127.0.0.1:48887`. Yunti does not provide a hosted relay service in the
99
+ default install path.
100
+
101
+ The extension may access page content, page titles, URLs, tab metadata, visible
102
+ page pixels in screenshots, console messages, and network request metadata when
103
+ the user directs an MCP-capable agent to inspect or operate browser pages. This
104
+ access is used to provide the single purpose of local browser automation.
105
+
106
+ The runtime minimizes sensitive data exposure where possible. Structured page
107
+ observation redacts credential-like values by default and supports stricter
108
+ redaction for likely personal information. Network URLs, headers, request
109
+ bodies, console messages, learning-memory text, and diagnostic summaries are
110
+ sanitized before storage or display. Cookies and raw authorization headers are
111
+ not returned by the documented network tools.
112
+
113
+ Screenshots are real visible page pixels and may contain sensitive information.
114
+ Raw CDP diagnostics are a low-level debugging exception and may contain
115
+ sensitive payloads. Users and agents should prefer sanitized observations and
116
+ diagnostics, use screenshots and raw CDP only when needed, and clear raw CDP
117
+ diagnostics after debugging.
118
+
119
+ Learning memory, if used, is stored on the local filesystem under the user's
120
+ Yunti data directory. Users can delete local learning memory and can remove the
121
+ browser extension at any time.
122
+
123
+ Yunti Browser Runtime does not intentionally collect data for advertising,
124
+ profiling, resale, or cross-site tracking. External agents that call Yunti MCP
125
+ tools may have their own data handling policies; users should review the agent
126
+ they choose to connect.
127
+
128
+ ## Store Data Disclosure Draft
129
+
130
+ These answers are draft guidance for store forms. Final answers must match the
131
+ actual submitted build and privacy policy.
132
+
133
+ | Data surface | Accessed? | Stored by Yunti by default? | Sent to hosted Yunti service? | Draft disclosure |
134
+ | --- | --- | --- | --- | --- |
135
+ | Page content / DOM text | Yes, when an agent observes or operates a page. | No persistent DOM storage by default. | No. | Used only for local browser automation and redacted by default for credential-like values. |
136
+ | URLs and tab titles | Yes. | May appear in sanitized runtime summaries or local diagnostics. | No. | Used for tab selection, routing, and user-visible diagnostics. |
137
+ | Screenshots | Yes, when requested by an agent/tool. | Not persisted by the extension by default. | No hosted Yunti service by default. | Visible pixels may contain sensitive content; use only when visual inspection is needed. |
138
+ | Network diagnostics | Yes, for pages where the extension is active. | Sanitized summaries may be cached locally in memory. | No. | Used to debug page automation; cookies and raw authorization headers are not returned by documented tools. |
139
+ | Console diagnostics | Yes. | Sanitized summaries may be cached locally in memory. | No. | Used to debug page automation and JavaScript errors. |
140
+ | Learning memory | Optional MCP feature. | Yes, local filesystem only when the user/agent writes memory. | No. | Sanitized before disk writes; users can delete memory. |
141
+ | Bridge settings | Yes. | Yes, in extension local storage. | No. | Stores bridge URL, optional token, user id/name, and page-match settings. |
142
+
143
+ ## Reviewer Notes Draft
144
+
145
+ Yunti Browser Runtime depends on local software outside the extension: an MCP
146
+ server and bridge installed through npm. The extension is not useful by itself;
147
+ it is the browser-side component for the local runtime. Submission notes should
148
+ include install and test steps:
149
+
150
+ 1. Install Node.js 22 or newer.
151
+ 2. Install the runtime package.
152
+ 3. Start or configure an MCP-capable agent so it launches the local bridge.
153
+ 4. Install the extension build.
154
+ 5. Open and refresh an `http` or `https` page.
155
+ 6. Run `yunti-browser-runtime doctor`.
156
+ 7. Verify that the extension shows a connected page and that MCP tools can list
157
+ browser targets.
158
+
159
+ Reviewer explanation for broad access:
160
+
161
+ ```text
162
+ Yunti Browser Runtime is a local browser automation runtime. Its single purpose
163
+ is to let a user-authorized MCP agent inspect and operate the user's own
164
+ Chrome/Edge pages through a local bridge. Broad web access is currently required
165
+ because the user may ask the agent to operate arbitrary websites and business
166
+ applications that are already open in the browser. The default path does not use
167
+ a hosted Yunti service; observations route to the local bridge on loopback.
168
+ ```
169
+
170
+ Reviewer explanation for `debugger`:
171
+
172
+ ```text
173
+ The debugger permission is part of the core automation transport. It lets the
174
+ runtime use Chrome DevTools Protocol for target routing, tab-level automation,
175
+ screenshots, console/runtime diagnostics, and low-level recovery. The extension
176
+ does not use debugger access for advertising, profiling, or unrelated browsing
177
+ history collection.
178
+ ```
179
+
180
+ Reviewer explanation for local bridge dependency:
181
+
182
+ ```text
183
+ The extension communicates with local software running on the user's own
184
+ machine, normally at http://127.0.0.1:48887. This local bridge is installed as
185
+ part of yunti-browser-runtime and is required for the extension's primary
186
+ browser automation function.
187
+ ```
188
+
189
+ ## Final Review Checklist
190
+
191
+ Before store submission:
192
+
193
+ - Confirm whether broad `http` / `https` host access remains in the submitted
194
+ manifest or moves to optional host permissions.
195
+ - Confirm whether `webRequest` remains always-on or becomes an optional
196
+ diagnostics feature.
197
+ - Confirm the submitted build follows the accepted strategy in
198
+ `docs/EXTENSION_PERMISSION_STRATEGY.md`.
199
+ - Confirm the final privacy-policy URL and support URL.
200
+ - Confirm screenshots do not expose real private browser data.
201
+ - Confirm all store form answers match the submitted manifest and package.
202
+ - Confirm reviewer test steps work on a clean machine.
203
+ - Confirm no npm token, local path, private account, or unpublished internal
204
+ detail appears in public store metadata.
205
+
206
+ ## P6.6.2 Outcome
207
+
208
+ P6.6.2 is complete when this copy pack is linked from distribution readiness
209
+ docs and status files. It intentionally does not change the extension manifest
210
+ or runtime behavior.
package/docs/INSTALL.md CHANGED
@@ -212,6 +212,7 @@ YUNTI_E2E=1 npm run test:e2e
212
212
 
213
213
  It uses Playwright with a persistent Chromium profile, loads the unpacked
214
214
  extension, starts a local test page, starts the bridge, and verifies MCP list
215
- targets, page snapshot, click/fill, and CDP `Runtime.evaluate`. Install
215
+ targets, page snapshot, `observe -> click uid -> verify`, fill, and CDP
216
+ `Runtime.evaluate`. Install
216
217
  Playwright and Chromium before enabling it. Failures print the artifact
217
218
  directory containing screenshot and error log paths.