From 3fb04e28c7255155019c72eea4f841cbc44a8994 Mon Sep 17 00:00:00 2001 From: Devanshu Rajesh Chicholikar Date: Thu, 14 May 2026 12:16:15 -0400 Subject: [PATCH] fix(manifest): remove unused scripting permission CWS v1.0.1 rejected for declaring scripting permission without using it (Violation reference: Purple Potassium). WXT injects inject.ts via web_accessible_resources, not chrome.scripting, so the permission was dead weight in the manifest. Audited the remaining five permissions (storage, tabs, alarms, unlimitedStorage, sidePanel); all have runtime references in background.ts, useDashboardData.ts, conversation-store.ts, or sidepanel. Version bumped 1.0.1 -> 1.0.2 for CWS resubmission. --- package.json | 2 +- wxt.config.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 21dd295..432dce0 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "saar", "description": "Saar: real-time AI usage tracker for Claude", "private": true, - "version": "1.0.1", + "version": "1.0.2", "type": "module", "engines": { "node": ">=20.0.0" diff --git a/wxt.config.ts b/wxt.config.ts index f1f8158..980dfea 100644 --- a/wxt.config.ts +++ b/wxt.config.ts @@ -12,7 +12,7 @@ export default defineConfig({ // 132-char limit for CWS short description. description: 'See token count, cost, and context usage live on claude.ai. All counting happens locally. No data ever leaves your browser.', homepage_url: 'https://getsaar.com', - permissions: ['storage', 'tabs', 'scripting', 'alarms', 'unlimitedStorage', 'sidePanel'], + permissions: ['storage', 'tabs', 'alarms', 'unlimitedStorage', 'sidePanel'], content_security_policy: { extension_pages: "script-src 'self' 'wasm-unsafe-eval'; object-src 'self'" },