Policy-envelope interpreter
chrome://policyenterprise MDMMV3
Ingests a managed-Chrome policy export, resolves the developer-mode/extension-settings interaction, and computes the exact capability envelope available to unpacked extensions by subtracting blocked permissions and runtime-blocked hosts from the full MV3 permission set. The environment was mapped before a single tool was built.
Single-file IDE & control plane name withheld
File System Access APIIndexedDBsingle-file
An extension IDE, deployment pipeline, settings store, and bookmark manager in one self-contained HTML file run from file://. Manages multiple unpacked extensions, scaffolds new ones, and ingests whole-folder bundles through a fenced-block format with a name-match guard against accidental cross-paste. Writes real files via the File System Access API; autosave rides IndexedDB with signature comparison.
Privileged bridge extension
postMessage protocolchrome.bookmarksleast privilege
Grants the control plane Chrome-level reach from a file:// origin over a request/response envelope protocol: seven commands covering namespaced storage, full bookmark-tree read/write with favicon capture, and window/tab launching. A pinned manifest key fixes the extension ID; permissions are scoped to exactly three APIs.
Universal in-page toolkit
offscreen documentsshadow DOMSPA routing
A dual-FAB overlay injected across a single-page-app estate: route patching and MutationObserver unified into one onRoute(), a display wake-lock kept alive by a near-silent offscreen audio loop, scroll-capture-to-text, a local-tool launcher, copy/paste slots, a keystroke feed, and a global styles sheet propagated live across iframes and shadow roots.
Site-documentation surface
element pickingselector capture
An element picker with a persistent documentation table that records target identity per click — ignoring any injected UI — so every internal domain gets structured selector documentation that downstream extraction tools import.
SSO session vault
chrome.cookiesrace conditions
Persists authenticated BI sessions across browser restarts by vaulting cookies across the analytics host and the SSO identity host and re-injecting on startup. A lost-update race from parallel storage writes was diagnosed and resolved by merging all cookies into a single write.
SAP data-extraction extension
SAPUI5 internalsMAIN-world injectionnested iframes
Crosses JavaScript world boundaries to read SAPUI5 binding contexts directly (a content script’s isolated world can’t see window.sap), fans extraction triggers across nested iframes, and returns payloads through a shadow-DOM sidebar. Four extraction modes: query-panel scrape, object/variable definition reads, coordinate-grid tables, and indent-stack tree reconstruction.