feat: self-hosted overleaf

[Junyi-99]

Note

Adds a settings page to request host permissions and dynamically register content scripts, enabling self-hosted Overleaf support; converts the popup to a React app and updates build/manifest.

• Extension Manifest/Permissions:
  • Replace static content_scripts with dynamic registration via scripting API; widen web_accessible_resources to *://*/*.
  • Add optional_host_permissions: '*://*/*', new permissions (scripting, activeTab), and options_page (settings.html).
  • Keep host_permissions for Overleaf; strip permissions_explanation at build time.
• Background/Runtime:
  • Add requestHostPermission handler and auto-register content scripts when permissions are granted (registerContentScriptsIfPermitted).
  • New libs/permissions.ts to (un)register content scripts for granted origins.
  • Expose requestHostPermission in intermediate.ts and add handler name in constants.
• Settings UI:
  • New React-based settings (public/settings.html, views/extension-settings/...) with Host Permission widget to request and list granted origins (uses chrome.permissions).
• Popup:
  • Replace static HTML with React popup (public/popup.html, views/extension-popup/...) and guidance + link to settings.
• Build/Tooling:
  • Vite configs and package.json scripts updated to build settings and popup bundles.
  • Minor log added in main.tsx.

^{Written by Cursor Bugbot for commit 677ab6b. This will update automatically on new commits. Configure here.}

[Copilot]

Pull request overview

This PR adds support for self-hosted Overleaf instances by implementing a browser extension settings page where users can request host permissions for their custom domains. The implementation enables PaperDebugger to work with any Overleaf instance, not just the official overleaf.com domain.

Key Changes:

• Added extension settings and popup UI pages with React-based components for managing host permissions
• Implemented dynamic content script registration based on granted permissions
• Added optional host permissions (*://*/*) to support arbitrary self-hosted domains

Reviewed changes

Copilot reviewed 24 out of 25 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
vite.config.ts	Added build configurations for settings and popup entry points
package.json	Added build scripts for settings and popup bundles
manifest.json	Added optional host permissions, scripting permission, and options page; removed static content_scripts in favor of dynamic registration
shared/constants.ts	Added REQUEST_HOST_PERMISSION handler name constant
background.ts	Added requestHostPermissionHandler and initialized content script registration
intermediate.ts	Exported requestHostPermission function using makeFunction pattern
libs/permissions.ts	Implemented dynamic content script registration based on granted permissions
views/extension-settings/*	Created settings page with host permission management UI components
views/extension-popup/*	Refactored popup from static HTML to React-based implementation with self-hosted setup instructions
popup.ts	Added standalone popup script (appears to be unused/test code)
public/settings.html	Added HTML entry point for settings page
public/popup.html	Simplified popup HTML to load React app instead of inline styles
main.tsx	Added debug logging for PaperDebugger initialization

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This file (popup.ts) appears to be unused/dead code. The popup is implemented using React in src/views/extension-popup/app.tsx, making this vanilla JavaScript implementation redundant. Additionally, it references a non-existent myButton element and contains hardcoded test logic for requesting Google permissions. Consider removing this file.

Suggested change

	/*
	* popup.ts
	*
	* Script for the extension popup page.
	* Handles the request host permission button click.
	*/
	// Disable context menu (right-click) to comply with CSP
	document.addEventListener('contextmenu', (e) => {
	e.preventDefault();
	return false;
	});
	document.getElementById('myButton')?.addEventListener('click', async () => {
	const origin = "https://www.google.com/";
	try {
	// 直接调用 background script，类似于 intermediate.ts 中的实现
	const response = await chrome.runtime.sendMessage({
	action: "requestHostPermission",
	args: origin,
	});
	if (response?.error) {
	console.error("Error requesting permissions:", response.error);
	alert(`Permission request failed: ${response.error}`);
	} else if (response === true) {
	console.log(`Permission granted for ${origin}`);
	alert(`Permission granted for ${origin}`);
	} else {
	console.log(`Permission denied for ${origin}`);
	alert(`Permission denied for ${origin}`);
	}
	} catch (error) {
	console.error("Error requesting permissions:", error);
	const errorMessage = error instanceof Error ? error.message : String(error);
	alert(`Error: ${errorMessage}`);
	}
	});

[cursor]

This PR is being reviewed by Cursor Bugbot

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[Junyi-99]

needs change

[Junyi-99]

lgtm, but needs test

[cursor]

Bug: Host permission pattern missing wildcard for paths

The host_permissions value *://*.overleaf.com/ only matches the root path (e.g., https://www.overleaf.com/) due to the trailing / without a wildcard. The extension needs to work on project pages like https://www.overleaf.com/project/abc123, which won't match this pattern. The pattern needs *://*.overleaf.com/* (with /* at the end) to match all paths and allow the content scripts to be injected on project pages.