api endpoint to upload custom extensions and restart

[rgarcia]

• Adds an API endpoint for receiving an upload of unpacked chrome extensions, placing them in /home/kernel/extensions/ and then restarting chromium
• Uses existing /chromium/flags overlay mechanism to override the flags we launch the instance with
• Replaces start-chromium.sh with a proper program since flag logic was getting complicated. I think this brings a little bit more sanity to the process of applying CHROMIUM_FLAGS (what we launch the instance with) and overlaying / merging the content of /chromium/flags at runtime
• Some updates to how the upstream CDP URL tracking / updating work to allow for additional subscribers to updates

Checklist

• A link to a related issue in our repository
• A description of the changes proposed in the pull request.
• @mentions of the person or team responsible for reviewing proposed changes.

---

Note

Adds POST /chromium/upload-extensions-and-restart and a new Go-based chromium-launcher, updates flag handling, DevTools proxy, OpenAPI/client, Docker images, and tests/CI.

• API:
  • POST /chromium/upload-extensions-and-restart: accepts zipped extensions, extracts to /home/kernel/extensions/<name>, updates runtime flags (/chromium/flags), restarts Chromium via supervisorctl, and waits for DevTools readiness.
  • Wire UpstreamManager and scale-to-zero controller into ApiService and server startup.
• Flag handling:
  • New chromiumflags lib to parse/merge base/runtime flags and write/read structured flag files; comprehensive unit tests.
• Launcher & Images:
  • Replace shell start-chromium.sh with Go chromium-launcher (supports headless/headful, flag merge, run-as-user); add unit tests and CI workflow.
  • Update headful/headless Dockerfiles to build/copy chromium-launcher and supervisor configs to invoke it.
• DevTools Proxy:
  • Add pub/sub (Subscribe) to UpstreamManager and broadcast updates; tests updated/added.
• OpenAPI/Client:
  • Extend spec with new endpoint; regenerate oapi client/server types and handlers.
• E2E/Playwright:
  • Add TestExtensionUploadAndActivation and Playwright command to verify title changes via content script.

^{Written by Cursor Bugbot for commit 322545f. This will update automatically on new commits. Configure here.}

---

TL;DR

Adds an API endpoint to upload and load custom browser extensions, triggering a browser restart.

Why we made these changes

This addresses a feature request to allow users to install their own browser extensions (e.g., ad-blockers, testing tools), enabling greater customization of the browser environment.

What changed?

• API: Added a new POST /chromium/upload-extensions-and-restart endpoint. It handles uploading zipped extensions, extracting them, updating runtime flags, and restarting the browser via supervisorctl.
• Chromium Launcher: Replaced the start-chromium.sh scripts with a new, unit-tested Go binary (chromium-launcher). This launcher is responsible for merging base and runtime flags, allowing extensions to be loaded dynamically.
• DevTools Proxy: Implemented a pub/sub mechanism in the UpstreamManager to notify the API service when the browser is ready after a restart, ensuring the request waits for completion.
• API Spec: Updated openapi.yaml and regenerated the Go client to include the new extension upload endpoint.

Validation

• Added a new end-to-end test (TestExtensionUploadAndActivation) that uploads a sample extension and uses Playwright to verify it is loaded and active in the browser.
• Added unit tests for the new chromium-launcher and chromiumflags library.
• Added a new GitHub Actions workflow to run the launcher's unit tests on every push.

^{Description generated by Mesa. Update settings}

[mesa-dot-dev]

Performed full review of e0ca1d9...7993d69

Analysis

1. Shell Script Flag Parsing Vulnerabilities - The flag merging logic may have edge cases with complex flag formats that could lead to unexpected behavior or security issues.

2. Hardcoded Ownership Assumptions - The implementation contains hardcoded ownership changes that make specific deployment assumptions, reducing flexibility for different environments.

3. External Dependencies in Tests - End-to-end tests rely on external services which could impact reliability and cause intermittent test failures.

4. Restart Coordination Race Conditions - Despite attention to synchronization, potential race conditions may exist in the DevTools proxy pub-sub mechanism during browser restarts.

Tip

⚡ Quick Actions

This review was generated by Mesa.

Actions:

• Configure your agents

Slash Commands:

• /review - Request a full code review
• /review latest - Review only changes since the last review
• /describe - Generate PR description. This will update the PR body or issue comment depending on your configuration
• /help - Get help with Mesa commands and configuration options

^{10 files reviewed | 0 comments | Review on Mesa | Edit Reviewer Settings}

[Sayan-]

generally looks good! a few small q's about the API

[Sayan-]

nit - redundant with the following switch

[Sayan-]

flag changes are slick! pending bot comments and otherwise lgtm

[rgarcia]

not finished yet but submitting comments so far