diff --git a/docs/CHROME_WEB_STORE_LISTING.md b/docs/CHROME_WEB_STORE_LISTING.md new file mode 100644 index 0000000..98bf370 --- /dev/null +++ b/docs/CHROME_WEB_STORE_LISTING.md @@ -0,0 +1,124 @@ +# Chrome Web Store Listing Draft + +This document is the working copy for the first Chrome Web Store Dashboard +submission. Keep it aligned with `apps/chrome-extension/manifest.json` whenever +permissions, host access, or user-visible behavior changes. + +## Dashboard Status + +Before the CI publish workflow can submit the item for review, the Chrome Web +Store Developer Dashboard still needs: + +- A store item created for Open Browser Use. +- Store listing fields completed. +- Privacy practices fields completed. +- A privacy policy URL attached to the developer account or item. +- The resulting Extension ID copied into the `CWS_EXTENSION_ID` GitHub secret. + +## Store Listing + +Suggested item name: + +```text +Open Browser Use +``` + +Suggested one-line summary: + +```text +Connect local AI agents to your own Chrome browser through Open Browser Use. +``` + +Suggested detailed description: + +```text +Open Browser Use is a developer extension for local browser automation. It +connects Chrome to the open-source Open Browser Use native host so approved +local tools and SDKs can create tabs, inspect tab state, execute Chrome DevTools +Protocol commands, observe downloads, and organize agent-controlled tabs. + +The extension is intended for developers running Open Browser Use on their own +machine. It does not provide hosted automation, does not include the native host +binary, and requires the user to install and register the Open Browser Use +native messaging host separately. +``` + +Suggested category: + +```text +Developer Tools +``` + +Suggested language: + +```text +English +``` + +## Privacy Practices + +Suggested single purpose: + +```text +Open Browser Use lets a locally installed native host and local SDK control +Chrome tabs for developer-owned browser automation workflows. +``` + +Suggested data use disclosure: + +```text +The extension can read tab metadata, browser history entries requested through +the local Open Browser Use API, download events while an automation session is +active, and page content exposed through Chrome DevTools Protocol commands. +This data is sent only to the locally installed Open Browser Use native host +over Chrome Native Messaging. The extension does not send data to an +Open Browser Use cloud service. +``` + +Suggested data sale / third-party use statement: + +```text +Open Browser Use does not sell user data and does not use user data for +advertising, creditworthiness, or unrelated third-party purposes. +``` + +## Permission Justifications + +Use these as the starting point for the Dashboard privacy fields. Keep them +short in the Dashboard if character limits apply. + +| Permission | Justification | +| --- | --- | +| `alarms` | Reconnects to the local native host and maintains lightweight heartbeat behavior after the MV3 service worker is suspended. | +| `debugger` | Executes Chrome DevTools Protocol commands for developer-requested browser automation, inspection, navigation, screenshots, and event forwarding. | +| `downloads` | Observes downloads created during an active automation session so the local client can report file activity back to the user. | +| `downloads.ui` | Enables download-related UI behavior for automation sessions when Chrome exposes download activity to the user. | +| `history` | Lets the local client query user history only when a caller explicitly requests history through the Open Browser Use API. | +| `nativeMessaging` | Connects the extension to the locally installed `open-browser-use` native host. This is the primary transport for the product. | +| `scripting` | Injects the cursor content script into agent-controlled tabs so the local client can show and verify cursor movement. | +| `storage` | Persists native host connection status, extension instance id, and active automation session state across MV3 service worker restarts. | +| `tabGroups` | Groups and labels tabs controlled by an automation session so agent-created tabs are visually separated from user tabs. | +| `tabs` | Creates, lists, updates, and identifies Chrome tabs for local browser automation sessions. | +| `` host access | Allows the local Open Browser Use client to automate pages chosen by the user across arbitrary origins, including injecting the cursor script and attaching CDP where Chrome permits it. | + +## Native Host Boundary + +The Chrome Web Store package contains only the MV3 extension. Users must install +the native host separately and register it with the final Web Store extension ID: + +```bash +open-browser-use install-manifest \ + --extension-id \ + --path /path/to/open-browser-use +``` + +## Dashboard Checklist + +- Upload or select the `v0.1.3` extension package from + `open-browser-use-chrome-extension-0.1.3.zip`. +- Add at least one screenshot that shows the extension popup or a local + Open Browser Use automation session. +- Confirm the listing text matches the current native host requirement. +- Fill all permission justifications from the current manifest. +- Confirm privacy disclosures match the privacy policy URL. +- Save the item and copy Publisher ID and Extension ID into GitHub secrets. diff --git a/docs/CHROME_WEB_STORE_RELEASE.md b/docs/CHROME_WEB_STORE_RELEASE.md index 054caff..bc7097a 100644 --- a/docs/CHROME_WEB_STORE_RELEASE.md +++ b/docs/CHROME_WEB_STORE_RELEASE.md @@ -64,6 +64,8 @@ Chrome Web Store API v2 用于上传 extension zip,并可选提交审核。官 Extension ID。 - 上传新包时,`apps/chrome-extension/manifest.json` 的 `version` 必须比 已发布版本更高。 +- 首次提交 Dashboard 文案、权限说明和隐私字段时,先使用 + `docs/CHROME_WEB_STORE_LISTING.md` 里的 listing draft。 需要在 GitHub repository secrets 里配置: @@ -121,13 +123,13 @@ CWS_REFRESH_TOKEN` 写入 GitHub repository secret。 如果 GitHub Release 已经创建完成,只需要把其中的插件 zip 上传到 Chrome Web Store,使用 `.github/workflows/chrome-web-store-publish.yml`。这个 -workflow 不会重新创建 GitHub Release,适合 `v0.1.2` 这类 release asset +workflow 不会重新创建 GitHub Release,适合 `v0.1.3` 这类 release asset 已经存在、但当时还没配置 Chrome Web Store secrets 的情况。 手动触发时传入: ```text -release_tag=v0.1.2 +release_tag=v0.1.3 asset_name= submit=true publish_type=DEFAULT_PUBLISH diff --git a/docs/histories/2026-05/20260508-2105-chrome-web-store-release.md b/docs/histories/2026-05/20260508-2105-chrome-web-store-release.md index 4f69ba4..60ed150 100644 --- a/docs/histories/2026-05/20260508-2105-chrome-web-store-release.md +++ b/docs/histories/2026-05/20260508-2105-chrome-web-store-release.md @@ -49,6 +49,7 @@ upload and publish behavior. - `.github/workflows/release.yml` - `.github/workflows/chrome-web-store-publish.yml` - `docs/CHROME_WEB_STORE_RELEASE.md` +- `docs/CHROME_WEB_STORE_LISTING.md` - `docs/CICD.md` - `docs/SUPPLY_CHAIN_SECURITY.md` - `docs/releases/feature-release-notes.md` @@ -78,3 +79,6 @@ upload and publish behavior. manifest, toolbar action, package zip, and CI packaging checks. - Bumped Open Browser Use versions from `0.1.2` to `0.1.3` so the next release asset contains the icon-ready Chrome extension package. +- Added a Chrome Web Store listing and privacy practices draft based on the + current manifest permissions and native host boundary, so the Dashboard setup + is reproducible instead of only described in chat.