Add Wafir Issue Reporter Chrome Extension + patch Vite CVEs#189
Draft
Copilot wants to merge 4 commits into
Draft
Add Wafir Issue Reporter Chrome Extension + patch Vite CVEs#189Copilot wants to merge 4 commits into
Copilot wants to merge 4 commits into
Conversation
3 tasks
Agent-Logs-Url: https://github.com/BPS-Consulting/wafir/sessions/8a45f395-a07f-4274-a7d7-e65f5e8e79c6 Co-authored-by: DavidIsaacBPS <131489274+DavidIsaacBPS@users.noreply.github.com>
…nstants for field IDs, better fallback messages Agent-Logs-Url: https://github.com/BPS-Consulting/wafir/sessions/8a45f395-a07f-4274-a7d7-e65f5e8e79c6 Co-authored-by: DavidIsaacBPS <131489274+DavidIsaacBPS@users.noreply.github.com>
…all packages Agent-Logs-Url: https://github.com/BPS-Consulting/wafir/sessions/8a45f395-a07f-4274-a7d7-e65f5e8e79c6 Co-authored-by: DavidIsaacBPS <131489274+DavidIsaacBPS@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add issue reporter as a Chrome extension
Add Wafir Issue Reporter Chrome Extension + patch Vite CVEs
Apr 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Testers had no way to use Wafir without the dev team embedding the widget in their app and installing the Bridge as a GitHub App. This adds a standalone Chrome extension that injects the widget into any page, submitting issues directly via a GitHub PAT — no Bridge installation required.
New package:
apps/chrome-extensionArchitecture (Manifest V3):
injector.ts) — IIFE; injects the Wafir IIFE bundle + bridge script into every pagemain-world.ts) — IIFE injected into page context; interceptsfetchcalls to the synthetic originhttps://wafir-extension.invalidusing an exact origin comparison (notstartsWith) and routes them through Chrome messaging to the service workerjs-yaml), GitHub issue creation via REST API using the stored PAT, and ImgBB screenshot uploads (5-min expiry)Screenshot privacy warning is injected as a CSS
::afteron<wafir-widget>so it appears persistently near the widget button on every page, and is also prominently shown in the options UI.Build: three Vite passes —
vite build(options page + service worker as ESM),vite build --mode injector,vite build --mode main-world(both as self-contained IIFEs, required because manifest-declared content scripts run as classic scripts).The
wafirpackage itself is unchanged; the extension copies its pre-built IIFE fromnode_modules/wafir/dist/iife/wafir.jsat build time.Security: Vite CVE fixes
Upgraded Vite
7.2.4 → 7.3.2across all packages to address:server.fs.denybypass (GHSA, affects 7.1.0–7.3.1)Also added
vite: "^7.3.2"explicitly toapps/bridgedevDependencies so vitest's peer resolution no longer pins the old version —vite@7.2.4is fully removed from the lockfile.