Release Notes: Chrome Extension 0.1.79

Version 0.1.79 moves insecure bridge WebSocket transport out of HTTPS page contexts.

What Changed

• HTTPS pages no longer open ws://.../extension directly from the content script.
• When an authorized HTTPS page is configured with an insecure ws: bridge URL, the content runtime asks the extension background service worker to own the WebSocket instead.
• The background service worker forwards bridge messages to the content runtime and forwards runtime protocol items back to the bridge.
• Non-HTTPS characterization paths keep the direct content-script WebSocket path used by existing runtime tests.

Why It Matters

Pages such as GitHub Pages are loaded over HTTPS and can warn or block insecure page-origin WebSocket connections as mixed content. The Chrome extension is the privileged runtime, so bridge transport should live in the extension context when the page context cannot safely open it.

Verification

• Added a regression test that loads the runtime on an HTTPS page with a ws://100.99.150.49:17345/extension bridge URL and verifies no page WebSocket is created.
• The same test verifies action calls still round-trip through the background bridge protocol.
• Full overlay runtime characterization and packaging tests pass.