Safeguard.sh Documentation Center

Browser Extension

Install the Safeguard browser extension for Chrome, Edge, and Firefox to open Safeguard AI search in a side panel or sidebar.

Browser Extension

The Safeguard browser extension puts Safeguard's AI search one click away. Click the toolbar icon and a side panel (Chrome, Edge) or sidebar (Firefox) opens next to whatever page you're on, loaded with the same AI search experience you get at app.safeguard.sh/portal/search.

The extension is intentionally thin: it embeds that production search page in a panel and nothing else. There is no separate login flow, no local credential storage, and no direct API calls from the extension code itself — you sign in inside the embedded page exactly as you would in a browser tab, and the panel just carries that session along. If you're looking for IDE-integrated scanning instead, see IDE Support.

What it does

  • Adds a toolbar icon titled Open Safeguard.
  • Clicking it opens a panel that loads https://app.safeguard.sh/portal/search.
  • Login and search both happen inside that embedded page, using your normal web session — the extension doesn't intercept, store, or forward credentials, and it doesn't call any Safeguard API on its own.
  • The only browser permission requested is the panel API itself (sidePanel on Chrome/Edge; no special permission needed for Firefox's sidebar_action) — no host permissions, and no data is collected by the extension.

What the manifest actually declares

You don't have to take the "no data collected" claim on faith — it's visible in each browser's manifest.json.

Chrome and Edge declare exactly one permission and nothing else:

{
  "manifest_version": 3,
  "permissions": ["sidePanel"],
  "side_panel": { "default_path": "panel.html" }
}

Firefox's manifest goes a step further and explicitly asserts no data collection, via the browser_specific_settings.gecko.data_collection_permissions field AMO uses for its listing:

{
  "browser_specific_settings": {
    "gecko": {
      "id": "safeguard-extension@safeguard.sh",
      "strict_min_version": "113.0",
      "data_collection_permissions": {
        "required": ["none"]
      }
    }
  },
  "sidebar_action": { "default_panel": "panel.html" }
}

No host_permissions array appears in any of the three manifests — the extension has no ability to read or intercept requests to app.safeguard.sh or any other site beyond what the embedded page itself does.

Supported browsers

Minimum versions differ per browser — check the one you're targeting:

BrowserMinimum versionPanel mechanism
Chrome114+chrome.sidePanel (Manifest V3)
Edge114+chrome.sidePanel (Manifest V3) — same MV3 manifest as Chrome, no source changes needed
Firefox113+sidebar_action (Manifest V3)

Chrome and Edge run identical extension code, since Edge is Chromium-based and accepts the same MV3 manifest and sidePanel API as Chrome. Firefox uses its own sidebar_action API instead of side_panel, so it doesn't need a background service worker — Chrome and Edge each run a small background.js service worker to manage the panel; Firefox does not.

Installing the extension

The extension isn't published to the Chrome Web Store, Edge Add-ons, or AMO yet, so today it's installed unpacked from source in each browser's developer mode.

Chrome

  1. Open chrome://extensions.
  2. Turn on Developer mode (top right).
  3. Click Load unpacked and select the extensions/chrome/ folder.
  4. Pin the Safeguard icon, then click it — the side panel opens.

Edge

  1. Open edge://extensions.
  2. Turn on Developer mode (left sidebar).
  3. Click Load unpacked and select the extensions/edge/ folder.
  4. Pin the Safeguard icon, then click it — the side panel opens.

Firefox

  1. Open about:debugging#/runtime/this-firefox.
  2. Click Load Temporary Add-on….
  3. Select the manifest.json file inside the extensions/firefox/ folder.

The sidebar opens automatically on first load. To reopen it later, use View → Sidebar → Safeguard, or press Ctrl+B and pick Safeguard from the sidebar switcher dropdown.

Firefox temporary add-ons are removed when Firefox restarts — you'll need to load the extension again each session. This is a Firefox limitation of unpacked/temporary installs, not something specific to Safeguard.

Verifying the install

After loading the extension, run through this checklist to confirm it's working end to end — it's the same smoke test used during development of each browser build:

  1. Click the toolbar icon (Chrome/Edge) or open the sidebar (Firefox). The panel should open showing the login page — not a blank panel.
  2. Sign in. The search page should load in place of the login page once you authenticate.
  3. Run a search query. Results should render in the panel.
  4. Close and reopen the panel, then restart the browser entirely. You should still be signed in.

If step 4 fails — you're logged in during the session but land back on the login page after a full browser restart — see the cookie note below and the matching FAQ entry. If any other step fails (blank panel, login not loading, no results), start by confirming you're on a supported browser version (see the table above) before troubleshooting further.

Login and session persistence

The panel is just an embedded view of the production search page, so signing in works the same way it does in a normal browser tab: click through the panel's login page, authenticate, and the search UI loads in its place. There's no separate extension-level auth step and nothing extra to configure.

Because the panel keeps using your regular web session, closing and reopening it should leave you signed in — including across a browser restart — as long as the browser still holds a valid session cookie for app.safeguard.sh.

Cookie behavior to be aware of: the web app's session cookie is set with SameSite=Lax. Browsers can refuse to send a SameSite=Lax cookie inside a cross-site iframe context, which is effectively what the side panel/sidebar is. If you find that login doesn't persist across a browser restart (you're logged in during the session but land back on the login page after restarting), this cookie attribute is why. The fix lives server-side — marking the auth cookie SameSite=None; Secure — not in anything you control from the extension or browser settings.

Publishing to browser stores

For teams building or distributing their own copy of the extension, each browser has a documented store path:

StoreCostReview timeNotes
Chrome Web Store$5 one-time developer registration~1–3 daysDeclare sidePanel as the only permission — no host permissions, no data collected.
Microsoft Edge Add-onsFree (Partner Center)A few daysThe same zip built for the Chrome Web Store also works here, since Edge accepts Chrome MV3 manifests as-is.
addons.mozilla.org (AMO)FreeUsually under a day for simple extensionsBuild with npx web-ext build --source-dir extensions/firefox, or zip manually.

In each case, the listing should note that no permissions beyond the panel API are requested and no data is collected — that's the whole extension's permission footprint.

Packaging commands

Chrome (register at chrome.google.com/webstore/devconsole):

Compress-Archive -Path manifest.json,background.js,panel.html,panel.js,panel.css,icons -DestinationPath safeguard-chrome.zip

Edge (register at partner.microsoft.com/dashboard/microsoftedge) — the zip is built the same way and can reuse the Chrome Web Store build:

Compress-Archive -Path manifest.json,background.js,panel.html,panel.js,panel.css,icons -DestinationPath safeguard-edge.zip

Firefox (submit at addons.mozilla.org/developers/addon/submit) — either build with web-ext or zip manually, since there's no background script to include:

npx web-ext build --source-dir extensions/firefox
# or, manually:
# Compress-Archive -Path manifest.json,panel.html,panel.js,panel.css,icons -DestinationPath safeguard-firefox.zip

Note what's excluded from each zip: scripts/ (icon-generation tooling) is left out of the Chrome package, and there's no background.js in the Firefox package since sidebar_action doesn't use a background service worker.

FAQ & Troubleshooting

The panel opens but the page is blank. Confirm you're on a supported browser version (Chrome/Edge 114+, Firefox 113+) — the panel APIs the extension relies on don't exist on older versions.

I signed in, but I'm logged out again after restarting my browser. This is the SameSite=Lax cookie behavior described above — it's a browser security restriction on cookies inside a cross-site panel, not a broken login. You'll need to sign in again each session until the cookie is served with SameSite=None; Secure.

Does the extension talk to any Safeguard API directly? No. It has no host permissions and makes no API calls of its own — everything you see in the panel is the same app.safeguard.sh/portal/search page you'd get in a regular tab, doing its own login and search calls under your existing web session.

The Firefox extension disappeared after I restarted my browser. That's expected for a temporary add-on, not a bug — Firefox unloads anything installed via Load Temporary Add-on… on every restart. Reload it from about:debugging#/runtime/this-firefox each session, or use a build signed and installed through AMO once it's published there, which persists across restarts.

Can I use the same package for both the Chrome Web Store and Microsoft Edge Add-ons? Yes. Edge is Chromium-based and accepts the same Manifest V3 zip built for the Chrome Web Store without modification — you don't need a separate Edge-specific build.

Where do I find vulnerability scanning or editor-integrated findings? That's a different product surface — see IDE Support. This extension is AI search only.

  • Web Application — the full Safeguard web app, including the search experience this extension embeds.
  • Search — the Griffin AI-powered search page (/portal/search) that loads inside the panel.
  • Griffin AI — the natural-language security model behind that search experience.
  • IDE Support — editor-integrated scanning and findings, separate from this extension.

On this page