<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom"><title>Todd Schiller - Cloudflare</title><link href="https://toddschiller.com/" rel="alternate"></link><link href="https://toddschiller.com/feeds/tag/cloudflare.atom.xml" rel="self"></link><id>https://toddschiller.com/</id><updated>2026-07-17T00:00:00-04:00</updated><subtitle>Human ✘ Artificial Intelligence</subtitle><entry><title>This Week in Extensibility: the Chrome Web Store bans two extension categories, Mozilla proposes a permission model for AI agents, Cloudflare runs customer code before signup</title><link href="https://toddschiller.com/blog/extensibility-radar-2026-07-17.html" rel="alternate"></link><published>2026-07-17T00:00:00-04:00</published><updated>2026-07-17T00:00:00-04:00</updated><author><name>Todd Schiller</name></author><id>tag:toddschiller.com,2026-07-17:/blog/extensibility-radar-2026-07-17.html</id><summary type="html">Week of July 10–17, 2026: the Chrome Web Store bans prediction-market and AI-guardrail-circumvention extensions and narrows what any extension may collect, Mozilla proposes a browser-mediated permission model for AI agents at the WebExtensions group, and Cloudflare ships a way to run a customer's code before they sign up.</summary><content type="html">&lt;!-- markdownlint-disable MD013 --&gt;
&lt;p&gt;The week was about boundaries, not new capabilities. The Chrome Web Store banned
two categories of extension outright and tightened what the rest may collect,
Mozilla floated a permission model to rein in AI agents, and the one capability
that actually shipped, Cloudflare running a customer's code before signup, is
itself a piece of tenant isolation.&lt;/p&gt;
&lt;h2&gt;Governance: the Chrome Web Store narrows data collection and bans two extension categories&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;Google published a Chrome Web Store policy update, effective August 1, that bans
two categories of extension outright.&lt;/strong&gt; Out: extensions that facilitate real-money
bets on predicted outcomes, and extensions built to bypass the safety guardrails
or usage limits of AI services. The
&lt;a href="https://developer.chrome.com/blog/cws-policy-updates-2026"&gt;updated policies&lt;/a&gt; also
tighten Limited Use for every listing: an extension may collect only data strictly
necessary to its disclosed single purpose, and developers must disclose any change
to their data handling after install.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Why it matters:&lt;/strong&gt; the store is the chokepoint for a large cross-browser extension
ecosystem, so its policy text sets what an extension is allowed to be. The data
rules move the baseline; the two bans are Google taking a side on specific uses.
This is announced policy, not yet enforced: compliance action starts August 1,
with no grace period after it.&lt;/p&gt;
&lt;h2&gt;Standards: a permission model for AI agents, and isolation keys for extension pages&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;Mozilla opened a proposal for a browser-mediated permission model for AI agents
at the WebExtensions Community Group.&lt;/strong&gt; Filed July 6 by Mozilla's c-nar, the
&lt;a href="https://github.com/w3c/webextensions/issues/1041"&gt;issue&lt;/a&gt; argues agent access today
is all-or-nothing and declarative rather than enforced, and sketches
WebExtensions-style request/grant/revoke/audit primitives so a user could scope an
agent's reach and revoke it mid-action. The open question, posed in the issue
itself: does an agent permission lifecycle belong in WebExtensions or on the wider
web platform? It awaits triage from Chrome, Firefox, and Safari. A separate July 4
proposal would
&lt;a href="https://github.com/w3c/webextensions/issues/1039"&gt;add cross-origin isolation manifest keys&lt;/a&gt;
to extension pages, unlocking SharedArrayBuffer and multithreaded WebAssembly for
uses like on-device inference; Chrome already ships it, Safari and Firefox are
supportive, and Firefox is blocked on process-model work.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Why it matters:&lt;/strong&gt; both move the boundary of what an extension or agent may touch,
and both are early. Mozilla's names a real gap, enforced and revocable agent
permissions, but it is a scoping question, not an agreed work item. The isolation
keys have all three engines supportive yet no spec text.&lt;/p&gt;
&lt;h2&gt;Agentic web: WebMCP debates batched and persistent tools&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;WebMCP debated two questions about how a page's tools run.&lt;/strong&gt; WebMCP lets a website
expose in-page tools for a user's agent to call; it is in a Chrome origin trial,
not a shipping default. A July 14 proposal for a
&lt;a href="https://github.com/webmachinelearning/webmcp/issues/222"&gt;&lt;code&gt;code mode&lt;/code&gt; &lt;code&gt;execute_tools&lt;/code&gt; batch primitive&lt;/a&gt;
would let an agent run several registered tools in one call, cutting roundtrips and
token use. A July 9 thread proposes
&lt;a href="https://github.com/webmachinelearning/webmcp/issues/212"&gt;worker-backed tools&lt;/a&gt; that
survive a page navigation and run without a visible tab.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Why it matters:&lt;/strong&gt; batching and persistence point the same way, agents doing more
per page and across navigations. Both are Community Group issues layered on a
single-vendor origin trial, so this is direction, not capability.&lt;/p&gt;
&lt;h2&gt;Infrastructure: Cloudflare runs customer code before signup&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;Cloudflare Workers for Platforms added a Temporary Accounts API.&lt;/strong&gt; The
&lt;a href="https://developers.cloudflare.com/changelog/post/2026-07-14-temporary-accounts-api/"&gt;new API&lt;/a&gt;,
shipped July 14, lets a platform provision a preview account and deploy a live
Worker before the end user signs in, then hand them a claim URL to make it
permanent. Workers for Platforms is the multi-tenant layer a product uses to run
its own customers' code in isolation; Cloudflare aims this at coding and agent
platforms that generate a working app first and ask for the signup second.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Why it matters:&lt;/strong&gt; the one thing that actually shipped this week, and it removes a
step: a customer's generated or customized code can run in an isolated sandbox
before they have an account. A small change to the onboarding edge of the isolation
layer that customization products build on.&lt;/p&gt;
&lt;h2&gt;Also worth knowing&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;The WebAssembly Community Group put multibyte array access to a phase-2 vote&lt;/strong&gt; at
its
&lt;a href="https://github.com/WebAssembly/meetings/blob/main/main/2026/CG-2026-07-14.md"&gt;July 14 call&lt;/a&gt;,
a proposal for efficient multi-byte loads and stores over byte arrays. Minutes are
not yet posted, so the outcome is unconfirmed.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Local-First Conf 2026 ran in Berlin July 12–14,&lt;/strong&gt; closing with an
&lt;a href="https://www.localfirstconf.com/"&gt;Ink &amp;amp; Switch Lab Day&lt;/a&gt; on the lab's
malleable-software projects. It is the venue where new end-user-programming
primitives tend to surface first, so watch for writeups.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;GitHub is locking down public stargazer and watcher data.&lt;/strong&gt; A
&lt;a href="https://github.blog/changelog/2026-06-30-upcoming-access-restrictions-to-public-api-endpoints-and-ui-views/"&gt;June 30 changelog&lt;/a&gt;
restricts the list-stargazers and list-watchers endpoints to admins and
collaborators and deprecates &amp;quot;repos watched by a user,&amp;quot; narrowing what third-party
tools built on public engagement data can read.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Shopify moved partner earnings to a GMV-share model.&lt;/strong&gt; A
&lt;a href="https://www.shopify.com/partners/blog/a-new-partner-earning-model"&gt;July 7 partner post&lt;/a&gt;
swapped subscription-only revenue share for 20% of subscription fees plus 0.1% of
eligible online GMV over four years, effective for deals signed on or after
August 10, tying app-partner earnings to merchant sales.&lt;/p&gt;
&lt;h2&gt;On the radar&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;July 20:&lt;/strong&gt; Deno Subhosting v1 API shuts down; platforms running end-user Deno
code must be on v2.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;July 22:&lt;/strong&gt; Next W3C WebAssembly Working Group meeting.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;July 28:&lt;/strong&gt; Target launch for the MCP &lt;code&gt;2026-07-28&lt;/code&gt; specification; Chrome 151
reaches stable and is scheduled to remove the last flag for re-enabling Manifest
V2 extensions.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;August 1:&lt;/strong&gt; Chrome Web Store policy enforcement begins.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;August 10:&lt;/strong&gt; Shopify's GMV-share partner earnings take effect.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;August 31:&lt;/strong&gt; Remaining Manifest V2 extensions scheduled for removal from the
Chrome Web Store.&lt;/li&gt;
&lt;/ul&gt;
&lt;hr /&gt;
&lt;p&gt;&lt;em&gt;This Week in Extensibility is curated by Todd Schiller. Research, drafting, and
fact checking are AI-assisted.&lt;/em&gt;&lt;/p&gt;
</content><category term="Extensibility"></category><category term="extensibility"></category><category term="plugins"></category><category term="sandboxes"></category><category term="web standards"></category><category term="Chrome"></category><category term="WebExtensions"></category><category term="WebMCP"></category><category term="Cloudflare"></category></entry></feed>