Browser Extension
Install the Safeguard browser extension for Chrome, Edge, and Firefox to open Safeguard AI search in a side panel or sidebar.
Browser Extension
The Safeguard browser extension puts Safeguard's AI search one click away. Click the toolbar icon and a side panel (Chrome, Edge) or sidebar (Firefox) opens next to whatever page you're on, loaded with the same AI search experience you get at app.safeguard.sh/portal/search.
The extension is intentionally thin: it embeds that production search page in a panel and nothing else. There is no separate login flow, no local credential storage, and no direct API calls from the extension code itself — you sign in inside the embedded page exactly as you would in a browser tab, and the panel just carries that session along. If you're looking for IDE-integrated scanning instead, see IDE Support.
What it does
- Adds a toolbar icon titled Open Safeguard.
- Clicking it opens a panel that loads
https://app.safeguard.sh/portal/search. - Login and search both happen inside that embedded page, using your normal web session — the extension doesn't intercept, store, or forward credentials, and it doesn't call any Safeguard API on its own.
- The only browser permission requested is the panel API itself (
sidePanelon Chrome/Edge; no special permission needed for Firefox'ssidebar_action) — no host permissions, and no data is collected by the extension.
What the manifest actually declares
You don't have to take the "no data collected" claim on faith — it's visible in each browser's manifest.json.
Chrome and Edge declare exactly one permission and nothing else:
{
"manifest_version": 3,
"permissions": ["sidePanel"],
"side_panel": { "default_path": "panel.html" }
}Firefox's manifest goes a step further and explicitly asserts no data collection, via the browser_specific_settings.gecko.data_collection_permissions field AMO uses for its listing:
{
"browser_specific_settings": {
"gecko": {
"id": "safeguard-extension@safeguard.sh",
"strict_min_version": "113.0",
"data_collection_permissions": {
"required": ["none"]
}
}
},
"sidebar_action": { "default_panel": "panel.html" }
}No host_permissions array appears in any of the three manifests — the extension has no ability to read or intercept requests to app.safeguard.sh or any other site beyond what the embedded page itself does.
Supported browsers
Minimum versions differ per browser — check the one you're targeting:
| Browser | Minimum version | Panel mechanism |
|---|---|---|
| Chrome | 114+ | chrome.sidePanel (Manifest V3) |
| Edge | 114+ | chrome.sidePanel (Manifest V3) — same MV3 manifest as Chrome, no source changes needed |
| Firefox | 113+ | sidebar_action (Manifest V3) |
Chrome and Edge run identical extension code, since Edge is Chromium-based and accepts the same MV3 manifest and sidePanel API as Chrome. Firefox uses its own sidebar_action API instead of side_panel, so it doesn't need a background service worker — Chrome and Edge each run a small background.js service worker to manage the panel; Firefox does not.
Installing the extension
The extension isn't published to the Chrome Web Store, Edge Add-ons, or AMO yet, so today it's installed unpacked from source in each browser's developer mode.
Chrome
- Open
chrome://extensions. - Turn on Developer mode (top right).
- Click Load unpacked and select the
extensions/chrome/folder. - Pin the Safeguard icon, then click it — the side panel opens.
Edge
- Open
edge://extensions. - Turn on Developer mode (left sidebar).
- Click Load unpacked and select the
extensions/edge/folder. - Pin the Safeguard icon, then click it — the side panel opens.
Firefox
- Open
about:debugging#/runtime/this-firefox. - Click Load Temporary Add-on….
- Select the
manifest.jsonfile inside theextensions/firefox/folder.
The sidebar opens automatically on first load. To reopen it later, use View → Sidebar → Safeguard, or press Ctrl+B and pick Safeguard from the sidebar switcher dropdown.
Firefox temporary add-ons are removed when Firefox restarts — you'll need to load the extension again each session. This is a Firefox limitation of unpacked/temporary installs, not something specific to Safeguard.
Verifying the install
After loading the extension, run through this checklist to confirm it's working end to end — it's the same smoke test used during development of each browser build:
- Click the toolbar icon (Chrome/Edge) or open the sidebar (Firefox). The panel should open showing the login page — not a blank panel.
- Sign in. The search page should load in place of the login page once you authenticate.
- Run a search query. Results should render in the panel.
- Close and reopen the panel, then restart the browser entirely. You should still be signed in.
If step 4 fails — you're logged in during the session but land back on the login page after a full browser restart — see the cookie note below and the matching FAQ entry. If any other step fails (blank panel, login not loading, no results), start by confirming you're on a supported browser version (see the table above) before troubleshooting further.
Login and session persistence
The panel is just an embedded view of the production search page, so signing in works the same way it does in a normal browser tab: click through the panel's login page, authenticate, and the search UI loads in its place. There's no separate extension-level auth step and nothing extra to configure.
Because the panel keeps using your regular web session, closing and reopening it should leave you signed in — including across a browser restart — as long as the browser still holds a valid session cookie for app.safeguard.sh.
Cookie behavior to be aware of: the web app's session cookie is set with
SameSite=Lax. Browsers can refuse to send aSameSite=Laxcookie inside a cross-site iframe context, which is effectively what the side panel/sidebar is. If you find that login doesn't persist across a browser restart (you're logged in during the session but land back on the login page after restarting), this cookie attribute is why. The fix lives server-side — marking the auth cookieSameSite=None; Secure— not in anything you control from the extension or browser settings.
Publishing to browser stores
For teams building or distributing their own copy of the extension, each browser has a documented store path:
| Store | Cost | Review time | Notes |
|---|---|---|---|
| Chrome Web Store | $5 one-time developer registration | ~1–3 days | Declare sidePanel as the only permission — no host permissions, no data collected. |
| Microsoft Edge Add-ons | Free (Partner Center) | A few days | The same zip built for the Chrome Web Store also works here, since Edge accepts Chrome MV3 manifests as-is. |
| addons.mozilla.org (AMO) | Free | Usually under a day for simple extensions | Build with npx web-ext build --source-dir extensions/firefox, or zip manually. |
In each case, the listing should note that no permissions beyond the panel API are requested and no data is collected — that's the whole extension's permission footprint.
Packaging commands
Chrome (register at chrome.google.com/webstore/devconsole):
Compress-Archive -Path manifest.json,background.js,panel.html,panel.js,panel.css,icons -DestinationPath safeguard-chrome.zipEdge (register at partner.microsoft.com/dashboard/microsoftedge) — the zip is built the same way and can reuse the Chrome Web Store build:
Compress-Archive -Path manifest.json,background.js,panel.html,panel.js,panel.css,icons -DestinationPath safeguard-edge.zipFirefox (submit at addons.mozilla.org/developers/addon/submit) — either build with web-ext or zip manually, since there's no background script to include:
npx web-ext build --source-dir extensions/firefox
# or, manually:
# Compress-Archive -Path manifest.json,panel.html,panel.js,panel.css,icons -DestinationPath safeguard-firefox.zipNote what's excluded from each zip: scripts/ (icon-generation tooling) is left out of the Chrome package, and there's no background.js in the Firefox package since sidebar_action doesn't use a background service worker.
FAQ & Troubleshooting
The panel opens but the page is blank. Confirm you're on a supported browser version (Chrome/Edge 114+, Firefox 113+) — the panel APIs the extension relies on don't exist on older versions.
I signed in, but I'm logged out again after restarting my browser.
This is the SameSite=Lax cookie behavior described above — it's a browser security restriction on cookies inside a cross-site panel, not a broken login. You'll need to sign in again each session until the cookie is served with SameSite=None; Secure.
Does the extension talk to any Safeguard API directly?
No. It has no host permissions and makes no API calls of its own — everything you see in the panel is the same app.safeguard.sh/portal/search page you'd get in a regular tab, doing its own login and search calls under your existing web session.
The Firefox extension disappeared after I restarted my browser.
That's expected for a temporary add-on, not a bug — Firefox unloads anything installed via Load Temporary Add-on… on every restart. Reload it from about:debugging#/runtime/this-firefox each session, or use a build signed and installed through AMO once it's published there, which persists across restarts.
Can I use the same package for both the Chrome Web Store and Microsoft Edge Add-ons? Yes. Edge is Chromium-based and accepts the same Manifest V3 zip built for the Chrome Web Store without modification — you don't need a separate Edge-specific build.
Where do I find vulnerability scanning or editor-integrated findings? That's a different product surface — see IDE Support. This extension is AI search only.
Related
- Web Application — the full Safeguard web app, including the search experience this extension embeds.
- Search — the Griffin AI-powered search page (
/portal/search) that loads inside the panel. - Griffin AI — the natural-language security model behind that search experience.
- IDE Support — editor-integrated scanning and findings, separate from this extension.