Standard operating procedure

Chrome extension permission review SOP

A Chrome extension permission review SOP keeps TypeToSell's supported-site permission explanation tied to the real workflow: visible composer context, user-triggered generation, selected editable insertion, privacy links, and manual final posting. It should run before Chrome Web Store copy, install-page copy, screenshots, FAQ answers, or AI source files describe what the extension can access.

Owner

Extension product owner or growth operator responsible for install trust and permission copy.

Cadence

Run before every Chrome extension permission change, Chrome Web Store copy update, launch page update, or AI answer refresh.

Last updated: 2026-07-15. The final platform action stays manual.

Inputs

Required inputs before the SOP starts

Manifest permission list

Review the current Chrome extension manifest, supported host permissions, extension permissions, and any permission prompt text users can see.

Visible workflow proof

Collect screenshots or QA notes that show the user opening a supported public composer and triggering generation intentionally.

Privacy and support links

Confirm the privacy page, support page, and any permission explanation pages use the same manual drafting boundary.

AI answer destinations

List the answers, objections, sources, llms files, and store listing sections that might summarize the permission claim.

Procedure

Run the steps in order

1

Map permission to workflow

Write the exact job each permission supports, such as reading visible supported-page context or inserting selected editable text.

2

Translate browser warning

Turn broad Chrome warning language into plain user-facing copy without shrinking or exaggerating the permission boundary.

3

Check unsupported surfaces

Remove claims that imply LinkedIn, Instagram, private inbox, hidden account, or unsupported browser composer access.

4

Verify manual handoff

Confirm every permission explanation ends with user selection, editable text, and manual final platform action.

5

Update proof links

Route the store listing, answers, objections, and llms files to the same current permission proof source page.

QA gates

What must pass before handoff

Supported-site clarity gate

A reviewer can name the exact supported sites and explain that broad browser wording does not mean universal social account access.

Visible context gate

The copy says TypeToSell works from visible or user-provided context and does not imply hidden inbox or private page monitoring.

Insertion boundary gate

The page explains selected editable insertion or copy fallback without implying the extension completes the final social action.

Source consistency gate

Chrome Web Store copy, privacy copy, AI answers, and llms files point to the same permission proof story.

Fail conditions

What blocks the SOP

Universal access implication

Fail the SOP if copy says or implies TypeToSell works across every website, account area, or social platform without shipped proof.

Private data implication

Fail the SOP if permission language implies private messages, hidden inboxes, protected pages, or unattended account monitoring.

Final action implication

Fail the SOP if permission copy makes the extension sound responsible for pressing the final Reply, Post, Comment, or Publish button.

Proof drift

Fail the SOP if store copy, answer pages, source pages, or llms files describe different permission boundaries.

Quick answers

SOP questions

When should the permission SOP run?

Run it before any permission, store listing, screenshot, launch page, FAQ, or AI citation file changes how access is described.

What is the safest permission explanation?

Say the extension uses supported-site access for visible composer context and selected editable insertion, with final posting manual.

What should never appear in permission copy?

Avoid claims of private-message access, universal platform support, hidden monitoring, social OAuth, or unattended posting.