yunti-browser-runtime 0.1.3 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,146 @@
1
+ # Extension Distribution Readiness
2
+
3
+ This document tracks browser-store readiness for the Yunti Browser Runtime
4
+ extension. It is intentionally an audit and submission plan first, not an
5
+ immediate permission rewrite.
6
+
7
+ ## Current Goal
8
+
9
+ Prepare for Chrome Web Store and Microsoft Edge Add-ons distribution while
10
+ preserving Yunti's local-first browser automation purpose:
11
+
12
+ - operate real user-opened Chrome/Edge pages through a local bridge;
13
+ - keep the unpacked extension path for developers and npm installs;
14
+ - avoid narrowing permissions until there is a tested replacement path;
15
+ - explain broad permissions honestly before any store submission.
16
+
17
+ ## Official Policy Baseline
18
+
19
+ The store-facing baseline for this project is:
20
+
21
+ - Chrome permissions must be declared in the manifest, and some permissions
22
+ trigger install warnings. The current `debugger` permission is especially
23
+ sensitive because Chrome warns that it can access the page debugger backend
24
+ and read/change site data.
25
+ - Chrome Web Store policy expects a narrow, easy-to-understand single purpose,
26
+ minimum permissions, and user-data use limited to the disclosed purpose.
27
+ - Chrome Web Store privacy disclosures must match the extension behavior and
28
+ privacy policy, especially when handling page content, browsing activity,
29
+ request data, screenshots, or form data.
30
+ - Edge Add-ons policy similarly requires permissions only when necessary for
31
+ the declared functionality, plus a privacy policy link and store metadata.
32
+ - Edge Add-ons submission requires a zip package, required visual assets, a
33
+ listing description, and a privacy policy link.
34
+
35
+ References:
36
+
37
+ - Chrome permissions reference:
38
+ https://developer.chrome.com/docs/extensions/reference/permissions-list
39
+ - Chrome permission declaration guide:
40
+ https://developer.chrome.com/docs/extensions/develop/concepts/declare-permissions
41
+ - Chrome Web Store program policies:
42
+ https://developer.chrome.com/docs/webstore/program-policies/policies
43
+ - Chrome Web Store Limited Use policy:
44
+ https://developer.chrome.com/docs/webstore/program-policies/limited-use
45
+ - Microsoft Edge extensions overview and publishing requirements:
46
+ https://learn.microsoft.com/en-us/microsoft-edge/extensions/
47
+ - Microsoft Edge Add-ons developer policies:
48
+ https://learn.microsoft.com/en-us/legal/microsoft-edge/extensions/developer-policies
49
+
50
+ ## Current Manifest Audit
51
+
52
+ Current file: `extension/manifest.json`.
53
+
54
+ | Manifest field | Current value | Why Yunti uses it | Store risk | P6.6.1 decision |
55
+ | --- | --- | --- | --- | --- |
56
+ | `manifest_version` | `3` | Required modern extension format. | Low. | Keep. |
57
+ | `permissions.activeTab` | present | Visible-tab capture fallback and temporary page access semantics. | Low to medium; generally narrower than persistent host access. | Keep. |
58
+ | `permissions.debugger` | present | CDP commands, target-level automation, console/runtime/network events, and low-level recovery. | High. Chrome shows a debugger warning and reviewers may ask why this is core. | Keep for now; store copy must explain this is the core browser automation transport. |
59
+ | `permissions.scripting` | present | Programmatically inject packaged content scripts into already-open supported pages after extension load or recovery. | Medium with broad host access; reviewers may ask why dynamic injection is needed. | Keep for developer/npm path so install does not require manual page refresh; explain it as recovery/registration, not arbitrary remote code execution. |
60
+ | `permissions.storage` | present | Local bridge URL, optional token, user id/name, and page match settings. | Low. | Keep. |
61
+ | `permissions.tabs` | present | Tab inventory, active tab selection, switching, and metadata routing. | Medium. Chrome may warn about browsing history. | Keep for now; evaluate whether any read paths can use host/activeTab data later. |
62
+ | `permissions.webRequest` | present | Sanitized network diagnostics and request observation. | Medium to high with broad hosts. | Keep for now; P6.6.2 should evaluate optionalizing network diagnostics. |
63
+ | `host_permissions` | `http://*/*`, `https://*/*` | Register and operate arbitrary user-selected http/https pages. | High because it maps to broad site access. | Keep for developer/npm path; store submission must decide broad access vs optional/site-request flow. |
64
+ | `host_permissions` | `http://127.0.0.1/*`, `http://localhost/*` | Local bridge communication. | Low but should be explained as local-only bridge access. | Keep. |
65
+ | `content_scripts.matches` | `http://*/*`, `https://*/*` | Observe and act on arbitrary web pages once loaded. | High because content scripts imply broad page access. | Keep for now; evaluate `optional_host_permissions` or user-triggered site access later. |
66
+
67
+ ## Store Submission Checklist
68
+
69
+ Required before submitting to either store:
70
+
71
+ - Store description with one clear purpose:
72
+ "Local browser runtime that lets user-authorized AI agents inspect and
73
+ operate the user's own Chrome/Edge pages through a local bridge."
74
+ - Permission rationale for every manifest permission above.
75
+ - Privacy policy page that states:
76
+ - no hosted Yunti service is used in the default install path;
77
+ - observations are sent only to the local bridge on loopback by default;
78
+ - screenshots are visible pixels and may contain sensitive content;
79
+ - raw CDP diagnostics are a low-level exception and should be cleared;
80
+ - learning memory is local filesystem data;
81
+ - network/console/memory text is sanitized before storage or display;
82
+ - users can remove the extension and clear local memory.
83
+ - Store privacy/data disclosure answers aligned with `docs/SECURITY.md`.
84
+ - Visual assets:
85
+ - extension icon set for store and manifest;
86
+ - at least one screenshot of the optional local console;
87
+ - at least one screenshot or diagram of the extension popup zero-config state;
88
+ - optional short demo media showing local bridge + extension + agent workflow.
89
+ - Package artifact:
90
+ - `npm run package-extension` zip;
91
+ - package/manifest version consistency verified by `npm run release:check`;
92
+ - no local-only residue in public docs.
93
+ - Review notes:
94
+ - explain why `debugger` is core to browser automation;
95
+ - explain why broad host access exists in the developer/npm path;
96
+ - document the local-only bridge and no hosted relay default.
97
+
98
+ ## Permission Narrowing Options
99
+
100
+ These are follow-up options, not P6.6.1 changes:
101
+
102
+ | Option | Benefit | Cost / risk |
103
+ | --- | --- | --- |
104
+ | Keep broad host permissions for store release | Preserves current one-step operation after install. | Highest review and user-trust burden. |
105
+ | Move broad hosts to optional host permissions | Better minimum-permission story. | Requires new UX for granting host access and robust recovery when not granted. |
106
+ | Use `activeTab` for a user-invoked page grant path | Much smaller default warning surface. | Breaks always-on agent operation unless redesigned around explicit user gestures. |
107
+ | Make network diagnostics optional | Reduces review surface for users who only need DOM actions. | Splits tool availability and recovery guidance; needs schema/tool hint updates. |
108
+ | Keep unpacked-only for 0.2.0 and defer store listing | Avoids premature permission compromises. | Users still manually load the extension. |
109
+
110
+ Recommended next slice: keep current manifest behavior, but draft store-facing
111
+ permission and privacy copy. Then decide whether `webRequest` and broad hosts
112
+ should become optional before a real store submission.
113
+
114
+ ## Store Copy Draft
115
+
116
+ P6.6.2 store-facing copy is tracked in
117
+ [EXTENSION_STORE_COPY.md](EXTENSION_STORE_COPY.md). It contains draft short and
118
+ long descriptions, permission rationale, privacy-policy text, store data
119
+ disclosure guidance, reviewer notes, and the final review checklist.
120
+
121
+ ## Permission Strategy Decision
122
+
123
+ P6.6.3 pre-store permission strategy is tracked in
124
+ [EXTENSION_PERMISSION_STRATEGY.md](EXTENSION_PERMISSION_STRATEGY.md). The
125
+ current decision keeps the npm/unpacked developer path unchanged, does not
126
+ recommend submitting the current broad-permission manifest unchanged by default,
127
+ and defines a future store-candidate track for optional host access and optional
128
+ network diagnostics.
129
+
130
+ ## Current P6.6.1 Outcome
131
+
132
+ P6.6.1 completes when this audit is linked from public docs and the status files
133
+ identify the next store-readiness slice. It does not change extension runtime
134
+ behavior.
135
+
136
+ ## Current P6.6.2 Outcome
137
+
138
+ P6.6.2 completes when the draft store copy pack is available and linked from
139
+ this distribution readiness audit. It does not change extension runtime
140
+ behavior or the submitted manifest strategy.
141
+
142
+ ## Current P6.6.3 Outcome
143
+
144
+ P6.6.3 completes when the permission strategy decision is available and linked
145
+ from this distribution readiness audit. It does not change extension runtime
146
+ behavior or `extension/manifest.json`.
@@ -0,0 +1,167 @@
1
+ # Extension Permission Strategy
2
+
3
+ This document is the P6.6.3 pre-store permission strategy decision for Yunti
4
+ Browser Runtime. It turns the manifest audit and store-copy draft into a clear
5
+ product decision before any browser-store implementation work.
6
+
7
+ ## Decision Summary
8
+
9
+ Yunti will keep the current npm/unpacked extension path unchanged for the
10
+ current `0.2.0` development cycle:
11
+
12
+ - broad `http` / `https` host access remains acceptable for the local developer
13
+ and npm-installed extension path;
14
+ - `webRequest` remains available by default for local diagnostics;
15
+ - `debugger`, `scripting`, `tabs`, screenshots, CDP, network, console, upload, and tab
16
+ capabilities remain part of Yunti's core local browser automation surface;
17
+ - the current manifest should not be submitted to Chrome Web Store or Edge
18
+ Add-ons as the recommended store build without an explicit maintainer
19
+ decision.
20
+
21
+ The recommended store-candidate direction is a two-track model:
22
+
23
+ - **Developer/npm track**: preserve today's zero-config, broad-access local
24
+ runtime for users who intentionally install Yunti as a browser automation
25
+ tool.
26
+ - **Store-candidate track**: design and test a lower-warning permission mode
27
+ before submission, likely using optional host access and optional network
28
+ diagnostics where the browser APIs and Yunti UX can support it reliably.
29
+
30
+ This is a decision checkpoint, not a manifest rewrite.
31
+
32
+ ## Why This Decision
33
+
34
+ Yunti's core product promise is real local browser automation for arbitrary
35
+ user-opened Chrome/Edge pages. The current broad permissions support that
36
+ promise: an agent can observe, click, fill, scroll, inspect diagnostics, switch
37
+ tabs, and recover through CDP without forcing the user to grant site access on
38
+ every page first.
39
+
40
+ However, browser stores evaluate extension trust differently from a local
41
+ developer install:
42
+
43
+ - Chrome recommends optional permissions when functionality allows it, so users
44
+ get informed control over resource and data access.
45
+ - Chrome permission and host declarations can trigger user-visible install
46
+ warnings.
47
+ - Edge policy says extensions should request only permissions essential for the
48
+ declared functionality, and must clearly disclose dependency on non-integrated
49
+ software and testing steps.
50
+ - Yunti's current `debugger`, `scripting`, broad host access, `tabs`, and `webRequest`
51
+ combination is truthful for a browser automation runtime, but it is also the
52
+ highest-review-burden shape.
53
+
54
+ The safest product path is therefore:
55
+
56
+ 1. Do not weaken the local Yunti experience just to reduce store warnings.
57
+ 2. Do not submit a broad-permission store build casually.
58
+ 3. Build a store-candidate mode only after the permission UX and recovery
59
+ behavior are designed and tested.
60
+
61
+ ## Decision Matrix
62
+
63
+ | Option | Decision | Reason |
64
+ | --- | --- | --- |
65
+ | Submit current manifest unchanged to stores | Not recommended by default. | It preserves functionality, but broad host access plus `debugger` and `webRequest` creates high reviewer and user-trust burden. |
66
+ | Remove broad host permissions immediately | Rejected for now. | It would break the current zero-config observe/action workflow unless a replacement permission UX is implemented first. |
67
+ | Make `webRequest` optional before store submission | Recommended for design/prototype. | Network diagnostics are valuable but not required for every click/fill/scroll workflow. Optionalizing them may reduce review surface. |
68
+ | Move broad web access to optional host permissions | Recommended for design/prototype. | Better aligns with user-controlled access, but needs UX, content-script registration/injection changes, recovery guidance, and tests. |
69
+ | Keep npm/unpacked as the only 0.2.0 distribution path | Acceptable fallback. | Preserves the core product while avoiding premature store compromises. |
70
+
71
+ ## Permission Strategy
72
+
73
+ ### Developer / npm Track
74
+
75
+ Keep current behavior:
76
+
77
+ - `permissions`: `activeTab`, `debugger`, `scripting`, `storage`, `tabs`, `webRequest`.
78
+ - `host_permissions`: `http://*/*`, `https://*/*`, localhost bridge access.
79
+ - Static content scripts for `http` / `https` pages.
80
+ - Programmatic injection for already-open supported pages after extension load,
81
+ startup, bridge recovery, or target inventory refresh.
82
+ - Popup remains zero-config by default.
83
+ - Advanced page match patterns remain a runtime registration filter, not a
84
+ browser permission boundary.
85
+
86
+ This track is the default for local users who intentionally install the runtime
87
+ from npm and load the extension from the package directory.
88
+
89
+ ### Store-Candidate Track
90
+
91
+ Do not implement this until the next slice has a concrete design. The target
92
+ shape should evaluate:
93
+
94
+ - `optional_host_permissions` for broad `http` / `https` page access.
95
+ - A first-run or popup flow that clearly requests access for the current site
96
+ or all sites, without becoming a mandatory hub.
97
+ - Recovery messages when the agent cannot observe a page because host access
98
+ has not been granted.
99
+ - Whether content scripts should remain declarative, be dynamically registered,
100
+ or be injected after permission grant.
101
+ - Optionalizing network diagnostics so `webRequest` is requested only when the
102
+ user enables debugging.
103
+ - Whether `debugger` can remain required for the store candidate, with strong
104
+ single-purpose justification, or whether some workflows can operate before
105
+ debugger attachment.
106
+
107
+ The store-candidate track must remain additive. It must not remove the
108
+ developer/npm track or narrow Yunti into a page-only automation tool.
109
+
110
+ ## Required UX Before Store Submission
111
+
112
+ Before any store build with narrowed permissions:
113
+
114
+ - Popup should show a clear "grant access for this site" or equivalent action
115
+ when the current page is blocked by missing host permission.
116
+ - Agent-facing errors should say whether the page is unavailable because host
117
+ permission is missing, the bridge is offline, the page is unsupported, or the
118
+ browser blocked automatic injection.
119
+ - Tool hints and the packaged skill should explain how to recover:
120
+ `open page -> grant site access -> yunti_list_browser_targets`, with page
121
+ refresh only as a fallback.
122
+ - Optional network diagnostics should be visibly separate from basic DOM
123
+ automation.
124
+ - `doctor` should detect permission-mode problems and provide a human-readable
125
+ next step.
126
+
127
+ ## Required Engineering Work Before Store Submission
128
+
129
+ If the store-candidate track proceeds, the next implementation slices should be
130
+ small and testable:
131
+
132
+ 1. Add a permission-mode design/prototype for host access.
133
+ 2. Add a diagnostics-mode design/prototype for `webRequest`.
134
+ 3. Update extension popup state and background registration flow.
135
+ 4. Update MCP errors, `yunti_get_tool_usage_hints`, Tool Guide, and packaged
136
+ skill for missing-permission recovery.
137
+ 5. Add deterministic extension tests for permission-denied and permission-
138
+ granted paths.
139
+ 6. Add real-browser E2E coverage for:
140
+ - page blocked before host grant;
141
+ - grant access;
142
+ - auto-register existing pages;
143
+ - observe/action success;
144
+ - optional diagnostics enabled/disabled.
145
+ 7. Update store copy and privacy text after the final manifest strategy is
146
+ known.
147
+
148
+ ## Store Readiness Gate
149
+
150
+ A browser-store submission should not proceed until all of these are true:
151
+
152
+ - final manifest permissions match the submitted store copy;
153
+ - privacy policy URL is published and matches runtime behavior;
154
+ - support URL and reviewer test steps are confirmed;
155
+ - screenshots use non-sensitive demo pages;
156
+ - `npm run release:check` passes;
157
+ - real-browser E2E passes with the submitted extension package;
158
+ - no local token, private path, unpublished account detail, or internal-only
159
+ URL appears in store metadata;
160
+ - maintainer explicitly accepts the remaining `debugger` and host-access
161
+ warnings.
162
+
163
+ ## P6.6.3 Outcome
164
+
165
+ P6.6.3 completes when this decision is linked from distribution readiness docs
166
+ and status files. It does not change `extension/manifest.json` or runtime
167
+ behavior.
@@ -0,0 +1,213 @@
1
+ # Extension Store Copy Draft
2
+
3
+ This document is the P6.6.2 draft copy pack for future Chrome Web Store and
4
+ Microsoft Edge Add-ons submissions. It is written as reviewable product copy and
5
+ reviewer notes, not as a final legal policy.
6
+
7
+ Current status: draft for maintainer review. Do not submit this text to a store
8
+ until the maintainer has confirmed the final permission strategy, privacy-policy
9
+ URL, support URL, screenshots, and test instructions.
10
+
11
+ The current pre-store permission strategy decision is tracked in
12
+ `docs/EXTENSION_PERMISSION_STRATEGY.md`. Store copy must be reviewed again after
13
+ any manifest or permission-mode change.
14
+
15
+ ## Policy Baseline
16
+
17
+ This copy follows the browser-store principles recorded in
18
+ `docs/EXTENSION_DISTRIBUTION.md`:
19
+
20
+ - Chrome extension permissions, host permissions, and content script matches
21
+ must be declared in the manifest. Some permissions and match patterns can
22
+ trigger install warnings.
23
+ - Chrome recommends optional permissions when the feature can support runtime
24
+ user grants.
25
+ - Chrome Web Store policy expects user data use to be limited to the disclosed
26
+ single purpose and the narrowest permissions needed for implemented features.
27
+ - Edge Add-ons policy expects the extension to request only permissions
28
+ essential for functioning, clearly disclose data handling, and maintain a
29
+ relevant privacy policy.
30
+
31
+ Official references:
32
+
33
+ - Chrome permission declaration:
34
+ https://developer.chrome.com/docs/extensions/develop/concepts/declare-permissions
35
+ - Chrome Web Store program policies:
36
+ https://developer.chrome.com/docs/webstore/program-policies/policies
37
+ - Chrome Web Store Limited Use policy:
38
+ https://developer.chrome.com/docs/webstore/program-policies/limited-use
39
+ - Microsoft Edge Add-ons developer policies:
40
+ https://learn.microsoft.com/en-us/legal/microsoft-edge/extensions/developer-policies
41
+
42
+ ## One-Sentence Purpose
43
+
44
+ Local browser runtime that lets user-authorized AI agents inspect and operate
45
+ the user's own Chrome or Edge pages through a local MCP bridge.
46
+
47
+ ## Short Description
48
+
49
+ Yunti Browser Runtime connects MCP-capable AI agents to the user's local
50
+ Chrome/Edge browser so the agent can inspect pages, click, type, switch tabs,
51
+ capture screenshots, and read sanitized diagnostics through a local bridge.
52
+
53
+ ## Long Description Draft
54
+
55
+ Yunti Browser Runtime is a local-first browser automation extension for users
56
+ who want MCP-capable AI agents to operate their own Chrome or Edge pages.
57
+
58
+ The extension connects pages in the user's browser to a local bridge running on
59
+ the user's machine. Agents can then inspect the active page, click, type,
60
+ select, scroll, switch tabs, capture screenshots when needed, and read sanitized
61
+ network or console diagnostics. The default install path does not use a hosted
62
+ Yunti service.
63
+
64
+ Yunti is designed for explicit user-directed automation. The user installs the
65
+ runtime, loads or installs the extension, starts an MCP-capable agent, and keeps
66
+ control of which browser pages are open. The extension popup shows connection
67
+ status and keeps advanced settings, such as a custom bridge URL or optional
68
+ token, out of the default first-run path.
69
+
70
+ The extension needs broad browser access because browser automation must work
71
+ on user-selected websites, tabs, and application pages. Sensitive diagnostics
72
+ are minimized by default: page observation redacts credential-like values,
73
+ network and console summaries are sanitized before storage or display, and raw
74
+ CDP diagnostics are a low-level debugging exception that should be cleared after
75
+ use. Screenshots are real visible page pixels and may contain sensitive content,
76
+ so agents should request or use them only when visual evidence is needed.
77
+
78
+ ## Permission Rationale Draft
79
+
80
+ Use this table as the source for Chrome Web Store permission justification,
81
+ Edge certification notes, and any public privacy-policy explanation.
82
+
83
+ | Manifest item | User-facing reason | Reviewer-facing detail | Keep / decide |
84
+ | --- | --- | --- | --- |
85
+ | `activeTab` | Allows temporary access to the visible tab for user-directed capture and fallback operations. | Used as a narrower visible-tab fallback where possible. It does not replace persistent access needed for the current automation workflow. | Keep. |
86
+ | `debugger` | Enables the local agent to control the user's browser tab through the browser's debugging protocol. | Core transport for CDP commands, target routing, console/runtime diagnostics, screenshots, and low-level recovery. This is high-sensitivity and must be explained as the product's primary browser automation mechanism. | Keep for current developer path; re-review before store submission. |
87
+ | `scripting` | Lets the extension inject its packaged content scripts into supported pages that were already open before the extension loaded. | Used for automatic page registration and recovery after install, browser startup, or background service worker restart. It does not execute remote code. | Keep for current developer path so users do not need to refresh pages by default; re-review before store submission. |
88
+ | `storage` | Saves local extension settings such as bridge URL, optional token, user id/name, and page match settings. | Stores local configuration only. It is not used for hosted sync by default. | Keep. |
89
+ | `tabs` | Lets the agent list and switch the user's open browser tabs. | Needed for tab inventory, target selection, activation, and routing metadata. Store copy should explain that tab metadata is used only for user-directed local automation. | Keep for current workflow; evaluate narrower alternatives later. |
90
+ | `webRequest` | Lets the runtime provide sanitized network diagnostics when debugging page automation. | Used for observation and diagnostics, not ad blocking or request modification. Because this combines with broad hosts, consider making network diagnostics optional in a later slice. | Keep for developer path; P6.6.3 should decide optionalization. |
91
+ | `host_permissions` for `http://*/*` and `https://*/*` | Lets the extension work on the web pages the user wants the agent to operate. | Broad host access supports arbitrary user-selected business apps, websites, and local workflows. This has the highest trust and review burden. Store submission must choose between broad access and an optional/site-grant UX. | Decision required before store submission. |
92
+ | `host_permissions` for `http://127.0.0.1/*` and `http://localhost/*` | Lets the extension communicate with the local bridge on the user's machine. | Required for local loopback communication. The default bridge URL is `http://127.0.0.1:48887`; no hosted relay is used by default. | Keep. |
93
+ | `content_scripts.matches` for `http://*/*` and `https://*/*` | Lets the extension observe and act on user-selected web pages. | Required for DOM observation, fresh element ids, click/fill/select/scroll actions, and page registration. Consider optional host permission UX before a store release if broad install-time warnings are unacceptable. | Decision required before store submission. |
94
+
95
+ ## Privacy Policy Draft
96
+
97
+ Yunti Browser Runtime is local-first software. In the default install path, the
98
+ extension communicates with a bridge on the user's own machine at
99
+ `http://127.0.0.1:48887`. Yunti does not provide a hosted relay service in the
100
+ default install path.
101
+
102
+ The extension may access page content, page titles, URLs, tab metadata, visible
103
+ page pixels in screenshots, console messages, and network request metadata when
104
+ the user directs an MCP-capable agent to inspect or operate browser pages. This
105
+ access is used to provide the single purpose of local browser automation.
106
+
107
+ The runtime minimizes sensitive data exposure where possible. Structured page
108
+ observation redacts credential-like values by default and supports stricter
109
+ redaction for likely personal information. Network URLs, headers, request
110
+ bodies, console messages, learning-memory text, and diagnostic summaries are
111
+ sanitized before storage or display. Cookies and raw authorization headers are
112
+ not returned by the documented network tools.
113
+
114
+ Screenshots are real visible page pixels and may contain sensitive information.
115
+ Raw CDP diagnostics are a low-level debugging exception and may contain
116
+ sensitive payloads. Users and agents should prefer sanitized observations and
117
+ diagnostics, use screenshots and raw CDP only when needed, and clear raw CDP
118
+ diagnostics after debugging.
119
+
120
+ Learning memory, if used, is stored on the local filesystem under the user's
121
+ Yunti data directory. Users can delete local learning memory and can remove the
122
+ browser extension at any time.
123
+
124
+ Yunti Browser Runtime does not intentionally collect data for advertising,
125
+ profiling, resale, or cross-site tracking. External agents that call Yunti MCP
126
+ tools may have their own data handling policies; users should review the agent
127
+ they choose to connect.
128
+
129
+ ## Store Data Disclosure Draft
130
+
131
+ These answers are draft guidance for store forms. Final answers must match the
132
+ actual submitted build and privacy policy.
133
+
134
+ | Data surface | Accessed? | Stored by Yunti by default? | Sent to hosted Yunti service? | Draft disclosure |
135
+ | --- | --- | --- | --- | --- |
136
+ | Page content / DOM text | Yes, when an agent observes or operates a page. | No persistent DOM storage by default. | No. | Used only for local browser automation and redacted by default for credential-like values. |
137
+ | URLs and tab titles | Yes. | May appear in sanitized runtime summaries or local diagnostics. | No. | Used for tab selection, routing, and user-visible diagnostics. |
138
+ | Screenshots | Yes, when requested by an agent/tool. | Not persisted by the extension by default. | No hosted Yunti service by default. | Visible pixels may contain sensitive content; use only when visual inspection is needed. |
139
+ | Network diagnostics | Yes, for pages where the extension is active. | Sanitized summaries may be cached locally in memory. | No. | Used to debug page automation; cookies and raw authorization headers are not returned by documented tools. |
140
+ | Console diagnostics | Yes. | Sanitized summaries may be cached locally in memory. | No. | Used to debug page automation and JavaScript errors. |
141
+ | Learning memory | Optional MCP feature. | Yes, local filesystem only when the user/agent writes memory. | No. | Sanitized before disk writes; users can delete memory. |
142
+ | Bridge settings | Yes. | Yes, in extension local storage. | No. | Stores bridge URL, optional token, user id/name, and page-match settings. |
143
+
144
+ ## Reviewer Notes Draft
145
+
146
+ Yunti Browser Runtime depends on local software outside the extension: an MCP
147
+ server and bridge installed through npm. The extension is not useful by itself;
148
+ it is the browser-side component for the local runtime. Submission notes should
149
+ include install and test steps:
150
+
151
+ 1. Install Node.js 22 or newer.
152
+ 2. Install the runtime package.
153
+ 3. Start or configure an MCP-capable agent so it launches the local bridge.
154
+ 4. Install the extension build.
155
+ 5. Open or keep an `http` or `https` page; the extension auto-registers
156
+ accessible pages and only needs a refresh if browser restrictions prevent
157
+ injection.
158
+ 6. Run `yunti-browser-runtime doctor`.
159
+ 7. Verify that the extension shows a connected page and that MCP tools can list
160
+ browser targets.
161
+
162
+ Reviewer explanation for broad access:
163
+
164
+ ```text
165
+ Yunti Browser Runtime is a local browser automation runtime. Its single purpose
166
+ is to let a user-authorized MCP agent inspect and operate the user's own
167
+ Chrome/Edge pages through a local bridge. Broad web access is currently required
168
+ because the user may ask the agent to operate arbitrary websites and business
169
+ applications that are already open in the browser. The default path does not use
170
+ a hosted Yunti service; observations route to the local bridge on loopback.
171
+ ```
172
+
173
+ Reviewer explanation for `debugger`:
174
+
175
+ ```text
176
+ The debugger permission is part of the core automation transport. It lets the
177
+ runtime use Chrome DevTools Protocol for target routing, tab-level automation,
178
+ screenshots, console/runtime diagnostics, and low-level recovery. The extension
179
+ does not use debugger access for advertising, profiling, or unrelated browsing
180
+ history collection.
181
+ ```
182
+
183
+ Reviewer explanation for local bridge dependency:
184
+
185
+ ```text
186
+ The extension communicates with local software running on the user's own
187
+ machine, normally at http://127.0.0.1:48887. This local bridge is installed as
188
+ part of yunti-browser-runtime and is required for the extension's primary
189
+ browser automation function.
190
+ ```
191
+
192
+ ## Final Review Checklist
193
+
194
+ Before store submission:
195
+
196
+ - Confirm whether broad `http` / `https` host access remains in the submitted
197
+ manifest or moves to optional host permissions.
198
+ - Confirm whether `webRequest` remains always-on or becomes an optional
199
+ diagnostics feature.
200
+ - Confirm the submitted build follows the accepted strategy in
201
+ `docs/EXTENSION_PERMISSION_STRATEGY.md`.
202
+ - Confirm the final privacy-policy URL and support URL.
203
+ - Confirm screenshots do not expose real private browser data.
204
+ - Confirm all store form answers match the submitted manifest and package.
205
+ - Confirm reviewer test steps work on a clean machine.
206
+ - Confirm no npm token, local path, private account, or unpublished internal
207
+ detail appears in public store metadata.
208
+
209
+ ## P6.6.2 Outcome
210
+
211
+ P6.6.2 is complete when this copy pack is linked from distribution readiness
212
+ docs and status files. It intentionally does not change the extension manifest
213
+ or runtime behavior.
package/docs/INSTALL.md CHANGED
@@ -63,7 +63,8 @@ Development loading:
63
63
  2. Enable developer mode.
64
64
  3. Choose "Load unpacked".
65
65
  4. Select the project `extension/` directory.
66
- 5. Open or refresh any `http` or `https` page.
66
+ 5. Open or keep any `http` or `https` page. The extension automatically tries
67
+ to inject and register accessible existing pages.
67
68
  6. Do not open the extension popup unless you want to confirm status or
68
69
  customize settings.
69
70
 
@@ -150,8 +151,9 @@ npm run print-config -- --agent cline --human
150
151
  ```
151
152
 
152
153
  Add the printed server entry to Cline's MCP settings. Keep the extension loaded
153
- in Chrome/Edge and refresh the target page so the content script registers a
154
- fresh `browserSessionId`.
154
+ in Chrome/Edge. The extension should register accessible `http`/`https` pages
155
+ automatically; refresh the target page only if browser restrictions or a failed
156
+ doctor check make it necessary.
155
157
 
156
158
  ## Check Health
157
159
 
@@ -187,7 +189,9 @@ runs the unit test suite, and verifies the npm package contents with
187
189
 
188
190
  ## Common Recovery
189
191
 
190
- - If tools say no browser tab is connected, refresh the target page.
192
+ - If tools say no browser tab is connected, call `yunti_list_browser_targets`
193
+ or run doctor first; the extension will try to auto-register accessible pages.
194
+ Refresh the target page only as a fallback.
191
195
  - If doctor reports `authorized: false` with `authRequired: true`, set
192
196
  `YUNTI_BROWSER_BRIDGE_TOKEN` and save the same token in the extension popup.
193
197
  - If an old `browserSessionId` fails, call `yunti_list_browser_targets` again
@@ -198,8 +202,9 @@ runs the unit test suite, and verifies the npm package contents with
198
202
  is rejected.
199
203
  - For closing a raw `tabId` or `targetId`, use `yunti_cdp_send_command` with
200
204
  `Target.closeTarget` instead of `yunti_close_page`.
201
- - If the extension was reloaded, refresh browser pages so the content script can
202
- register again.
205
+ - If the extension was reloaded, it should scan and register accessible pages
206
+ automatically. Refresh browser pages only if the page cannot be injected or
207
+ remains invisible after the recovery check.
203
208
 
204
209
  ## Real Browser Smoke Test
205
210
 
@@ -212,6 +217,7 @@ YUNTI_E2E=1 npm run test:e2e
212
217
 
213
218
  It uses Playwright with a persistent Chromium profile, loads the unpacked
214
219
  extension, starts a local test page, starts the bridge, and verifies MCP list
215
- targets, page snapshot, click/fill, and CDP `Runtime.evaluate`. Install
220
+ targets, page snapshot, `observe -> click uid -> verify`, fill, and CDP
221
+ `Runtime.evaluate`. Install
216
222
  Playwright and Chromium before enabling it. Failures print the artifact
217
223
  directory containing screenshot and error log paths.