Skip to content

fix(manifest): remove unused scripting permission [v1.0.2]#63

Merged
DevanshuNEU merged 1 commit into
OpenCodeIntel:mainfrom
DevanshuNEU:fix/v1-0-2-cws-scripting-permission
May 14, 2026
Merged

fix(manifest): remove unused scripting permission [v1.0.2]#63
DevanshuNEU merged 1 commit into
OpenCodeIntel:mainfrom
DevanshuNEU:fix/v1-0-2-cws-scripting-permission

Conversation

@DevanshuNEU

@DevanshuNEU DevanshuNEU commented May 14, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

Why

CWS rejected the v1.0.1 submission (2026-05-11) with violation code Purple Potassium: the manifest declared the scripting permission without any runtime use. WXT injects inject.ts via web_accessible_resources, not chrome.scripting, so the permission was dead weight.

What ships

  • Removes scripting from the permissions array in wxt.config.ts
  • Bumps package.json version 1.0.1 -> 1.0.2

Two lines across two files. No behavior change.

Permission audit (remaining 5)

Verified each has at least one runtime reference:

Permission Used by
storage background.ts, useDashboardData.ts, conversation-store.ts, sidepanel
tabs background.ts (tab activation + URL inspection for claude.ai routing)
alarms background.ts (periodic conversation cleanup)
unlimitedStorage conversation-store.ts (multi-account history retention)
sidePanel background.ts (chrome.sidePanel.open), sidepanel entrypoint

Test plan

  • CI: Typecheck, Test+Coverage, Build all green
  • After merge: bun run zip and resubmit to CWS Developer Dashboard
  • CWS review clears without permission flag (target ~3-5 day window)
  • Manual E2E smoke deferred (single-line manifest change, zero behavior delta)

Related

Summary by CodeRabbit

  • Chores
    • Version updated to 1.0.2
    • Removed scripting permission from extension manifest

Review Change Stack

@DevanshuNEU
fix(manifest): remove unused scripting permission
3fb04e2 
CWS v1.0.1 rejected for declaring scripting permission without
using it (Violation reference: Purple Potassium). WXT injects
inject.ts via web_accessible_resources, not chrome.scripting,
so the permission was dead weight in the manifest. Audited the
remaining five permissions (storage, tabs, alarms, unlimitedStorage,
sidePanel); all have runtime references in background.ts,
useDashboardData.ts, conversation-store.ts, or sidepanel.

Version bumped 1.0.1 -> 1.0.2 for CWS resubmission.
@vercel

vercel Bot commented May 14, 2026

Copy link
Copy Markdown

@DevanshuNEU is attempting to deploy a commit to the Dev's projects Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai

coderabbitai Bot commented May 14, 2026
edited
Loading

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d657f76f-4c87-4975-97a2-eef1a52b54cf

📥 Commits

Reviewing files that changed from the base of the PR and between 03f988e and 3fb04e2.

📒 Files selected for processing (2)
  • package.json
  • wxt.config.ts
📝 Walkthrough

Walkthrough

This PR updates extension metadata and manifest configuration: the version is incremented to 1.0.2 in package.json, and the scripting permission is removed from the WXT configuration's manifest permissions, leaving storage, tabs, alarms, unlimitedStorage, and sidePanel.

Changes

Release Configuration Updates

Layer / File(s) Summary
Version bump to 1.0.2
package.json		 Version field updated from 1.0.1 to 1.0.2.
Scripting permission removal
wxt.config.ts		 scripting permission removed from manifest.permissions array while retaining other permissions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

Poem

🐰 A version hops forward, one point higher still,
While scripting takes leave with a gentle goodwill,
Configuration flows light, permissions refined,
This little release leaves cruft far behind! 🌟

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: removing the unused scripting permission and reflecting the version bump.
Description check ✅ Passed The description is comprehensive, covering the why, what changed, permission audit, and test plan; all required template sections are addressed.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@DevanshuNEU DevanshuNEU merged commit ea85ffd into OpenCodeIntel:main May 14, 2026
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DevanshuNEU