Built a chrome extension with Sourcegraph Cody?
We'll make it production-ready.
Chrome extensions have unique security considerations — they run in users' browsers with elevated permissions, can access browsing data, and must pass Chrome Web Store review. AI tools can scaffold an extension quickly, but the security requirements, Manifest V3 compliance, and store submission guidelines need careful attention.
Chrome Extension challenges in Sourcegraph Cody apps
Building a chrome extension with Sourcegraph Cody is a great start — but these challenges need attention before launch.
Manifest V3 compliance
Chrome is migrating to Manifest V3, which changes how extensions work — service workers instead of background pages, restricted remote code execution, and new permission models. AI tools sometimes generate Manifest V2 code that won't be accepted.
Permission minimization
Chrome Web Store reviews extensions for excessive permissions. Request only the permissions you actually need. AI tools often request broad permissions ('tabs', 'storage', 'activeTab') when narrower permissions would suffice.
Content Security Policy
Extensions must comply with strict CSP rules. No inline scripts, no eval(), no remote code loading. AI-generated code sometimes violates these rules, causing the extension to fail silently.
Data privacy
Extensions that access browsing data must have a privacy policy, explain what data is collected, and handle it securely. Chrome Web Store requires this disclosure for approval.
Cross-browser compatibility
If you want to publish on Firefox, Safari, and Edge too, your extension needs to handle API differences between browsers. AI tools usually target Chrome only.
What we check in your Sourcegraph Cody chrome extension
Common Sourcegraph Cody issues we fix
Beyond chrome extension-specific issues, these are Sourcegraph Cody patterns we commonly fix.
Suggestions based on deprecated or low-quality code patterns found in the existing codebase
Cody's suggestions are grounded in your actual codebase, which means if the codebase contains outdated patterns, deprecated library usage, or known-bad code, Cody will suggest those same patterns in new code — amplifying technical debt.
Cross-repo context can leak patterns from one team's code into another team's service
In large organizations where Cody indexes multiple repositories, suggestions can carry patterns from one team's codebase into another, introducing unfamiliar dependencies, different error handling conventions, or architectural approaches that do not belong in the target service.
Security vulnerabilities in existing code recommended as reference implementations
If the indexed codebase contains known security issues that have not yet been patched — unparameterized queries, missing auth checks, insecure deserialization — Cody may suggest these patterns as examples when generating similar code.
Performance anti-patterns replicated from existing high-traffic code paths
When Cody finds existing code as a reference for a new feature, it may replicate performance issues — N+1 queries, missing indexes, blocking synchronous calls — that are accepted in the existing code but will be problematic at the scale of the new feature.
Start with a self-serve audit
Get a professional review of your Sourcegraph Cody chrome extension at a fixed price.
External Security Scan
Black-box review of your public-facing app. No code access needed.
- OWASP Top 10 vulnerability check
- SSL/TLS configuration analysis
- Security header assessment
- Expert review within 24h
Code Audit
In-depth review of your source code for security, quality, and best practices.
- Security vulnerability analysis
- Code quality review
- Dependency audit
- Architecture review
- Expert + AI code analysis
Complete Bundle
Both scans in one package with cross-referenced findings.
- Everything in both products
- Cross-referenced findings
- Unified action plan
100% credited toward any paid service. Start with an audit, then let us fix what we find.
Frequently asked questions
Can I build a chrome extension with Sourcegraph Cody?
Sourcegraph Cody is a great starting point for a chrome extension. It handles the initial scaffolding well, but chrome extensions have specific requirements — manifest v3 compliance and permission minimization — that need professional attention before launch.
What issues does Sourcegraph Cody leave in chrome extensions?
Common issues include: suggestions based on deprecated or low-quality code patterns found in the existing codebase, cross-repo context can leak patterns from one team's code into another team's service, security vulnerabilities in existing code recommended as reference implementations. For a chrome extension specifically, these issues are compounded by the need for manifest v3 compliance.
How do I make my Sourcegraph Cody chrome extension production-ready?
Start with our code audit ($19) to get a clear picture of what needs fixing. For most Sourcegraph Cody-built chrome extensions, the critical path is: security review, then fixing core flow reliability, then deployment. We provide a fixed quote after the audit.
How much does it cost to fix a Sourcegraph Cody-built chrome extension?
Our code audit is $19 and gives you a complete report of issues. Fixes start at $199 with our Fix & Ship plan. For larger chrome extension projects, we provide a custom fixed quote after the audit — no hourly billing.
Get your Sourcegraph Cody chrome extension production-ready
Tell us about your project. We'll respond within 24 hours with a clear plan and fixed quote.