Website

Extension Development Guide

Extension Development Guide

Build privacy-respecting browser extensions for Macro.

Diagram 1

Extension Philosophy

Macro discourages extensions (they expand attack surface), but supports limited extension API for essential tools.

Guidelines

  • Most features should integrate via Web3 API, not extensions

  • Extensions undergo privacy review

  • Minimal permissions required

  • Open source preferred

Supported APIs

Macro supports Chromium Extension API v3.

Manifest V3 Only

Macro only supports Manifest V3 (MV2 deprecated).

{
  "manifest_version": 3,
  "name": "My Privacy Extension",
  "version": "1.0.0",
  "permissions": ["storage"],
  "host_permissions": ["https://api.example.com/*"]
}

Available APIs

  • chrome.storage (local storage only, no sync)

  • chrome.tabs (limited)

  • chrome.windows (limited)

  • chrome.scripting (content scripts)

  • Service workers

Restricted APIs

  • chrome.webRequest (limited to declarative net request)

  • chrome.cookies (requires explicit permission)

  • chrome.history (blocked)

  • chrome.browsingData (blocked)

Privacy Requirements

All extensions must:

No Telemetry

  • No analytics

  • No tracking

  • No external data transmission without explicit user consent

Minimal Permissions

  • Request only necessary permissions

  • Explain why each permission is needed

  • Use optional permissions when possible

Profile Isolation

  • Respect Privacy Profile boundaries

  • Don't correlate data across profiles

  • Store data per-profile when possible

Testing

Load Unpacked Extension

  1. Open Macro

  2. Go to macro://extensions

  3. Enable "Developer mode"

  4. Click "Load unpacked"

  5. Select your extension directory

Test in Different Profiles

  • Load extension in Work profile

  • Switch to Degen profile

  • Verify data isolation

  • Check permission scoping

Submission

To list extension in Macro directory:

  1. Open source your code (GitHub)

  2. Submit for privacy review

  3. Provide detailed permission justification

  4. Pass security audit

Review criteria:

  • No telemetry

  • Minimal permissions

  • Profile-aware

  • Open source

  • Clear privacy policy

Best Practices

  • Use Web3 API instead of extensions when possible

  • Store sensitive data in user's wallet, not extension storage

  • Respect Macro's privacy principles

  • Provide clear opt-in for any external requests

  • Document all permissions in README

Build privacy-respecting tools.

PreviousPerformance Optimization GuideNextRoadmap

Last updated