[feat:extensions] add support to package web-bot-auth #62
+950
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
archandatta
force-pushed
the
archand/add-support/web-bot-auth
branch
from
01fb400 to
6380ccd
Compare
rgarcia
requested changes
Jan 11, 2026
Contributor
rgarcia
left a comment
rgarcia
left a comment
There was a problem hiding this comment.
Good feature addition! The overall structure is clean and the UX is thoughtful with helpful next-steps messaging.
Main areas to address:
- JWK vs PEM messaging: Several places in help text, logs, and comments refer to "JWK" but PEM format is also supported. Would be good to make this consistent.
- Error handling: A few places where
os.Staterrors other thanIsNotExistare silently ignored, and some URL update failures are warnings instead of errors. - Stability: Consider pinning the GitHub download to a specific commit to avoid upstream breaking changes.
- Crypto code: The stdlib already has
crypto/x509.MarshalPKCS8PrivateKeyfor Ed25519 - no need to hand-roll ASN.1.
| // Error if no replacements were made | ||
| if modified == original { | ||
| return fmt.Errorf("pattern %q not found in file %s", oldStr, path) | ||
| } |
There was a problem hiding this comment.
ModifyFile fails with misleading error when replacement equals search
Medium Severity
The ModifyFile function returns a "pattern not found" error when modified == original, but this condition is also true when the search pattern exists but the replacement string is identical to it. If a user passes --url http://localhost:8000 (matching defaultLocalhostURL), all ModifyFile calls in buildWebBotAuthExtension will fail with a misleading error message, even though the pattern was found. The comparison doesn't distinguish between "pattern absent" and "replacement is no-op".
Additional Locations (1)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note
Introduces a streamlined way to prepare the Cloudflare
web-bot-authbrowser extension for Kernel.extensions build-web-bot-authcommand with flags--to,--url,--key(JWK or PEM), and--uploadto optionally upload under a given namepolicy.json, plist,update.xml) using a readableExtensionNamepathprivate_key.pem, and adds.gitignoreto exclude it from uploads.crx,update.xml, MV3 chromium files, policy/) to output directory and prints next stepsWritten by Cursor Bugbot for commit a34ef52. This will update automatically on new commits. Configure here.