| title | Extension Install & Distribution |
|---|---|
| slug | /reference/extension-install-and-distribution |
Date: March 30, 2026
This document covers extension-specific install and rollout. The full local demo, peer pairing, and production deployment flow lives in Demo & Deploy Runbook. The canonical stage-based release checklist lives in Production Release Checklist. The current public-release boundary lives in Current Release Status.
The primary builder download path is the rolling GitHub prerelease:
This prerelease is updated from successful merges to main and is the easiest way to grab a fresh
packaged build without cloning the repo first.
Versioned v* releases remain available on the main Releases page:
Use those when you want a more deliberate, versioned artifact instead of the rolling builder channel.
Clone, build, and load -- no environment file needed for mock mode:
git clone https://github.com/greenpill-dev-guild/coop.git
cd coop
bun install
cd packages/extension && bun run buildLoad into Chrome:
- Open
chrome://extensions - Turn on Developer mode (top-right toggle)
- Click Load unpacked
- Select the folder
packages/extension/dist/chrome-mv3 - Pin the extension icon and open the sidepanel from the toolbar
After code changes, rebuild with bun run build in packages/extension/ and click the
reload icon on the extension card in chrome://extensions.
:::info
No .env.local needed for first run. The defaults (sepolia, mock onchain/archive,
session off) work out of the box. Create .env.local at the repo root only when you need
live rails or custom signaling URLs.
:::
For development with live-reload and all local services:
bun install
bun run devThis starts the extension, receiver PWA, docs, and signaling server through the repo-native dev coordinator.
The lower-level scripts automatically set VITE_COOP_SIGNALING_URLS and
VITE_COOP_RECEIVER_APP_URL for the extension build.
If you only need the extension:
bun run dev:extensionOptional .env.local at the repo root (do not create package-specific env files):
VITE_COOP_CHAIN=sepolia
VITE_COOP_ONCHAIN_MODE=mock
VITE_COOP_ARCHIVE_MODE=mock
VITE_COOP_SESSION_MODE=off
VITE_COOP_RECEIVER_APP_URL=http://127.0.0.1:3001
VITE_COOP_SIGNALING_URLS=ws://127.0.0.1:3103For local live Sepolia rehearsals without editing .env.local:
bun run dev:app
bun run dev:api
bun run dev:extension:local-live-sepoliaThat profile enables live onchain/archive/session rails while keeping the receiver and signaling origins local to your machine.
This is the preferred peer-demo mode when the extension is under active development.
Set:
VITE_COOP_RECEIVER_APP_URL=https://coop.town
VITE_COOP_SIGNALING_URLS=wss://api.coop.townThen rebuild the extension and reload it in Chrome. The receiver bridge content script is patched at build time so the extension can inject on the configured production PWA origin.
The canonical receiver protocol, route ownership, and member-private intake flow now live in Receiver Pairing & Intake.
For sharing a local unpublished build with trusted testers who will not clone the repo:
bun run package:extension:public-releaseThe package script writes archives into packages/extension/dist/archives/. Share the generated zip
directly or upload it to a file host. The archive contains manifest.json at the root, so testers
can unzip it and load that folder directly in Chrome.
- Download and unzip the archive into a folder (e.g.
~/coop-extension/) - Open Chrome and go to
chrome://extensions - Turn on Developer mode (top-right toggle)
- Click Load unpacked
- Select the unzipped folder (the one containing
manifest.json) - Pin the extension icon and open the sidepanel
The extension will work in mock mode immediately. No credentials or environment setup required.
Use this order:
UnlistedPublic
Release checklist:
- Set
VITE_COOP_RECEIVER_APP_URLto the exact production HTTPS receiver origin for the release candidate. - Preferred one-command public extension release:
bun run release:extension:public-release - If you want the manual split instead, use
bun run validate:public-release,bun run validate:store-readiness, andbun run package:extension:public-release. - If the build enables live Safe, session-key, or archive rails, use
bun run package:extension:operator-liveandbun run validate:operator-live. - Built archives land in
packages/extension/dist/archives/. - Raw unpacked extension output lands in
packages/extension/dist/chrome-mv3. - Record the first-run local-AI network trace for reviewer notes.
- Keep the rolling builder prerelease (
builder-latest) separate from versioned tagged releases intended for broader stability. - Upload the generated archive to the Chrome Web Store dashboard, or share it directly with trusted testers for manual unpacked install.
- Add reviewer notes for sidepanel entry, passkey setup, receiver pairing and private intake, mock vs live modes, Smart Session limits for Green Goods actions, opt-in scheduled capture, and local-first data handling.
VITE_COOP_RECEIVER_APP_URL is not just a runtime convenience. store-readiness validates that it
produces the exact host_permissions and receiver-bridge content-script matches for the packaged
extension, so keep it on the final production HTTPS origin for release builds.
Profile overlays live at:
config/env/profiles/local-live-sepolia.envconfig/env/profiles/public-release.envconfig/env/profiles/operator-live.env
Release note for manual verification:
- Automation now covers popup roundup, popup manual-gate errors, file review/save, audio retry, publish/archive handoff, receiver sync, and mock-path sidepanel member-account plus garden-pass flows.
- Successful popup
Capture TabandScreenshotsaves still need a real-click manual check in Chrome because the popupactiveTabgrant is not reproducible under Playwright. - Remote knowledge-skill import remains quarantined from the shipped build and should stay that way unless the dedicated re-enable checklist is completed.
Do not ship any embedded Filecoin or operator private key in a public Chrome Web Store build. The current Filecoin registry path uses a member-local signer that is provisioned on-device for the authenticated passkey member at runtime.
The extension requests broad capabilities and will likely receive extra review attention:
tabsactiveTabscriptingsidePaneloffscreen- exact receiver-origin host permissions for the receiver bridge
Keep the listing, reviewer notes, and privacy answers unusually clear.