Browser Extension

Chrome Manifest V3 extension. Auto-detects Solana dApps, intercepts transactions, and pairs with mobile.

Features

How It Works

1. Content script injects into Solana dApp pages
2. Detects wallet adapter's signTransaction calls
3. Checks bypass list — if site is trusted, allows through
4. Sends push notification to paired mobile device
5. Blocks TX until IntentCommit PDA is detected on-chain
6. Allows TX to proceed once intent is verified

Pairing Protocol

1. Extension generates ephemeral ECDH key pair (non-extractable)
2. Displays QR code containing public key + session ID
3. Mobile app scans QR, derives shared secret via ECDH
4. Both sides establish encrypted WebSocket channel
5. Pairing info stored in extension's chrome.storage.local

Popup Sections

• Connection Status — Shows RPC connection state and network
• Protocol Stats — Total commits, verifies, and current verify fee
• Intent Checker — Lookup pending intents by wallet + app ID
• Paired Devices — Manage paired mobile devices
• Bypass List — Manage trusted sites that skip 2FA

App Registry

The extension resolves app_id program addresses to human-readable names using a bundled app registry:

// Known apps resolved in popup and content script
Jupiter     JUP6LkbZbjS1jKKwa...
Raydium     675kPX9MHTjS2zt1qf...
Tensor      TSWAPaqyCSx2KABk68...
Magic Eden  M2mx93ekt1fmXSVkTr...
Marinade    MarBmsSgKXdrN1egZf...

Security

• All user input sanitized (no innerHTML)
• Request IDs use crypto.getRandomValues (not sequential)
• Pairing keys are non-extractable CryptoKey objects
• Bypass list limited to 50 entries with hostname validation
• Fail-closed: RPC errors block transactions (not fail-open)

Installation (Dev Mode)

1. Clone the repo: git clone https://github.com/selcuk07/intentguard
2. Open Chrome → chrome://extensions
3. Enable "Developer mode"
4. Click "Load unpacked" → select the extension/ directory