{ "slug": "browser-extension", "meta": { "title": "Browser Extension | ChromVoid", "description": "Localhost autofill, copy, and TOTP without browser storage." }, "hero": { "label": "Browser Extension", "title": "Autofill without trusting the browser.", "description": "The browser shell talks to Desktop Gateway on localhost. Secrets stay in the desktop app, not in the browser profile.", "audience": "For browser-first workflows that still keep secrets outside the browser profile." }, "useCases": { "title": "When the extension fits", "intro": "Use the extension when you want fast browser-side actions without moving trust into the profile.", "cards": [ { "title": "Autofill the active site", "body": "Fill username, password, and OTP from a short-lived grant tied to the current page." }, { "title": "Copy on demand", "body": "Copy values from the popup while keeping browser storage empty." }, { "title": "Keep scope narrow", "body": "Only the active site gets the current action, so the extension stays a thin shell." } ] }, "howItWorks": { "title": "Request path", "intro": "A popup action goes through the service worker and localhost before Core decides what to reveal.", "steps": [ { "title": "Open the popup", "body": "The user starts from the extension popup, not from injected controls inside the form." }, { "title": "Broker through localhost", "body": "The request passes through the service worker and Desktop Gateway on 127.0.0.1." }, { "title": "Return a short-lived grant", "body": "Core resolves the request and only then fills, copies, or reveals OTP data." } ], "diagrams": [ { "src": "/assets/diagrams/browser-extension-flow.svg", "alt": "Browser extension request path", "title": "Browser extension flow", "description": "Popup, service worker, Desktop Gateway, and Core in one path." } ] }, "security": { "title": "Boundary checks", "cards": [ { "title": "No browser vault", "body": "The extension never becomes a second secret store inside the browser profile." }, { "title": "Localhost only", "body": "All privileged requests go through the local Desktop Gateway boundary." }, { "title": "Short-lived grants", "body": "Authentication actions expire quickly and do not survive lock or revoke." } ] }, "limitations": { "title": "Limits and scope", "intro": "The page is honest about what the extension does not try to do.", "items": [ "It requires the desktop app to be running and reachable on localhost.", "It does not store secrets in extension storage or sync them through the browser profile.", "It is not a general browser password manager replacement." ], "notTitle": "Not a browser vault", "notBody": "The extension is only a browser-side shell for local secret delivery." }, "cta": { "title": "Use the browser extension with a desktop Core.", "body": "The landing demo shows the browser shell, the popup, and the localhost boundary together." }, "ui": { "generic": { "audience": "Who this is for", "useCases": "Use cases", "how": "How it works", "security": "Security", "limitations": "Limitations", "threatModel": "Threat Model", "download": "Download", "backHome": "Back home", "technicalDiagram": "Technical diagram", "badges": { "inDevelopment": "In development", "pro": "PRO" } }, "browserExtension": { "desktop": { "runtimeProof": "Runtime contract", "runtimeTitle": "Browser-grade UX without turning the browser into the vault.", "runtimeIntro": "This page explains why the extension still feels like familiar autofill while refusing to become a second secret store inside the browser profile.", "flow": "Request path", "flowTitle": "One request path, one localhost boundary, one policy authority.", "flowIntro": "Every request takes the same route: page and popup go through the service worker, Desktop Gateway brokers the call, and Core decides whether a short-lived grant can exist.", "boundary": "Trust boundary", "boundaryTitle": "What stays in the browser, and what must stay outside it.", "boundaryIntro": "The architecture is explicit by layer. The browser gets interface convenience; Gateway gets brokering; Core keeps the secrets and the policy decisions.", "browserEyebrow": "Browser", "gatewayEyebrow": "Desktop Gateway", "coreEyebrow": "Core", "browserTitle": "UI boundary", "gatewayTitle": "Local broker", "coreTitle": "Policy and secrets", "browserBody": "The extension lives inside the browser runtime, so its contract stays narrow: render the interface, send the request, receive the answer.", "gatewayBody": "Desktop Gateway is the only entry point on `127.0.0.1`. It brokers every service-worker request and prevents the browser from growing a side channel.", "coreBody": "Core remains the only place where secrets, policy, and grant decisions exist. Even error responses are shaped to avoid proving too much.", "browserHighlights": [ "Stores only pairing and grant metadata with explicit TTLs.", "Provides popup, autofill, and TOTP without a local browser vault.", "Cannot talk directly to cloud relays, WebRTC, or the phone." ], "gatewayHighlights": [ "Brokers all extension traffic through localhost.", "Separately checks reachability, authorization, and session state.", "Loses access immediately on lock, revoke, or grant expiry." ], "coreHighlights": [ "Validates origin, vault state, and user confirmation.", "Issues session, site, or single-action grants.", "Normalizes errors so the browser cannot prove secret existence." ], "audienceHighlight": "Who this is for", "audienceTitle": "Autofill without trusting the browser.", "audienceCopy": "Built for people who want a browser-native workflow but do not want a second vault, hidden sync cache, or cloud account to become the source of truth.", "metrics": [ { "label": "Transport", "value": "127.0.0.1", "copy": "The extension knows only the local Desktop Gateway." }, { "label": "Storage", "value": "Zero cache", "copy": "Passwords and keys never persist in extension storage." } ], "diagramBadge": "Technical diagram", "diagramSupportBadge": "Grant lifecycle", "browserWindow": { "browserWindow": "Browser runtime", "popupLabel": "Popup", "popupTitle": "ChromVoid Extension", "popupTag": "No browser vault", "pageLabel": "Site form", "pageTitle": "The form stays on the page. The action comes from the popup.", "pageCopy": "The extension detects username, password, and OTP fields, but the commands start from the ChromVoid popup. Extension controls are not injected into the form DOM.", "username": "Username", "password": "Password", "otp": "TOTP", "pageState": "Action starts from the popup", "pageStateFilled": "The popup already inserted data into the site form", "pageStateReady": "The site form is ready to submit", "pageAction": "Sign in", "popupState": "OTP ready", "fillCredentials": "Fill credentials", "fillOtp": "Fill OTP field", "copyAction": "Copy", "protocolIntro": "The user works through the popup: the extension shows the entry for the current site and separately triggers autofill, OTP, or copy with a short-lived grant." } }, "mobile": { "heroLead": "Autofill works through the popup while secrets stay in Core on the desktop. The extension holds no vault and caches no passwords.", "heroNoteTitle": "Not a vault. Not a sync cache.", "heroNoteBody": "The extension requests a short-lived grant from Desktop Gateway on 127.0.0.1. After revoke or lock the data disappears from the browser.", "heroFacts": [ "Transport · 127.0.0.1", "Storage · Zero cache" ], "summaryTitle": "What to understand before installing", "summaryAudience": "Who this is for", "summaryOutcome": "What you get", "summaryAfterRevoke": "After revoke", "diagramSummary": "Show technical diagram" }, "protocolNodes": [ { "title": "Browser", "body": "Autofill the active site" }, { "title": "Service Worker", "body": "Broker through localhost" }, { "title": "127.0.0.1", "body": "No browser vault" }, { "title": "Core", "body": "Return a short-lived grant" } ], "stage": { "demo": { "username": "alex@chromvoid.dev", "password": "Tr0ub4dor&3", "passwordMask": "••••••••••••", "otp": "431 982", "otpOptionLabel": "Authenticator" } } } } }