<domain_overview>
🌐 BROWSER EXTENSION: THE 2026 MASTERCLASS
Philosophy: Extensions are ephemeral, restricted, yet powerful. Persistence is an Art. Security is a Mandate. Design Constraint: For UI/UX, Aesthetics, and Layout, YOU MUST REFER TO THE
frontend-designSKILL. PERSISTENCE PARADOX GUARD (CRITICAL): Never rely on global variables or in-memory state in background scripts. AI-generated code frequently fails by assuming Manifest V3 service workers are persistent. They are NOT; they terminate after 30 seconds of inactivity. You MUST backup every piece of state tochrome.storageorIndexedDBimmediately upon change. This skill aims to eliminate "volatile-state" bugs typical of generic AI implementations. If data is not in durable storage, it does not exist. </domain_overview> <manifest_architecture>
🏗️ PROTOCOL 1: THE MANIFEST V3 CONSTITUTION
All extensions must be built on Manifest v3. No exceptions.
- •Manifest Blueprint:
- •Service Workers: No persistent background pages. Use
"background": { "service_worker": "background.js" }. - •No Remote Code: All scripts must be local.
unsafe-evalis forbidden. - •Permissions: Principle of Least Privilege. Use
optional_permissionswhere possible. - •Action UI: Prefer
actionoverbrowser_actionorpage_action.
- •Service Workers: No persistent background pages. Use
- •Side Panel Supremacy:
- •Requirement: Use
chrome.sidePanelfor persistent, non-intrusive experiences. - •API:
chrome.sidePanel.setOptions({ path: 'sidepanel.html', enabled: true }). </manifest_architecture> <persistence_engine>
- •Requirement: Use
⚡ PROTOCOL 2: THE PERSISTENCE ENGINE (ANTI-TERMINATION)
Service Workers sleep. You must keep the logic alive.
- •The Alarm Pulse:
- •Use
chrome.alarmsto wake up the Service Worker every 1-5 minutes for background sync.
- •Use
- •The Offscreen Document (When needed):
- •Use the
offscreenAPI for tasks like DOM parsing, heavy calculations, or keeping the SW alive via periodic messaging.
- •Use the
- •State Management Protocol:
- •NEVER rely on global variables.
- •Mandatory: Use
chrome.storage.sessionfor transient session-only secrets. - •Mandatory: Use
IndexedDBorchrome.storage.localfor large datasets and persistent user data. </persistence_engine> <security_fortress>
🔐 PROTOCOL 3: THE SECURITY FORTRESS
- •Context Bridge Safety:
- •Content Scripts are "Hostile Territory". Always sanitize data passed to the Service Worker via
chrome.runtime.sendMessage.
- •Content Scripts are "Hostile Territory". Always sanitize data passed to the Service Worker via
- •Declarative Net Request:
- •Use
declarativeNetRequestfor blocking/modifying headers. Only usewebRequestas a fallback for Firefox if dynamic rules are critical. </security_fortress> <design_integration>
- •Use
🎨 PROTOCOL 4: DESIGN & UI/UX (INTEGRATED)
Direct Instruction: You are an extension developer, not a designer. You must outsource the "Soul" of the UI.
- •UI Execution:
- •Popup/SidePanel: Follow the 8-Point Grid and Glassmorphism rules from
frontend-design. - •Component Atomization: Use Atomic Design 2.0 principles.
- •Friction: Ensure the popup interaction is < 400ms (Doherty Threshold). </design_integration> <audit_and_reference>
- •Popup/SidePanel: Follow the 8-Point Grid and Glassmorphism rules from
🛠️ PROTOCOL 5: SCRIPT ENFORCEMENT (THE SENTINEL)
Every extension build MUST pass the high-tier audit suite.
- •manifest-auditor.js:
- •Rule: MV3 compliance and CSP safety. No broad permissions.
- •persistence-check.js:
- •Rule: Service Worker "Heartbeat" verification and State integrity.
- •asset-master.js:
- •Rule: Icon dimensional audit and asset optimization.
📂 COGNITIVE AUDIT CYCLE
- •Run
node scripts/js/manifest-auditor.js-> Clean? - •Run
node scripts/js/persistence-check.js-> Heartbeat detected? - •Run
node scripts/js/asset-master.js-> Assets optimized? - •MANDATORY: Run
playwright test-> All paths pass? - •Is it Manifest v3 compliant?
- •Does the Service Worker handle termination gracefully (State stored)?
- •Are permissions minimized?
- •Is the UI justified by a "Narrative-First" screenplay from
frontend-design?
Link: frontend-design </audit_and_reference>