You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
main when this is ready to leave backlog. This should likely start as a dedicated V2 integration branch, for example integration/browser-extension, because it spans extension UI, backend sessions/certificates, auth, and cross-site browser behavior.
Classification
type:feature / v2-backlog / cross-surface
Labels: enhancement, backlog.
Problem
Humanly currently works when users write inside the Humanly web app or an assigned task flow. Pedro proposed a Grammarly-style extension surface: Humanly should be embeddable into arbitrary website text inputs so a user can write in places like email compose boxes and optionally attach a Humanly-generated writing process proof when they send.
The desired product feel is:
Humanly appears around normal text inputs, textareas, or rich-text compose boxes without forcing the user to open the Humanly editor first.
The user can choose whether Humanly records the process for a particular field/session.
When the user sends/submits the content, they can choose whether to attach or include a generated process artifact, such as a certificate/replay link or export.
This is explicitly not a near-term hotfix. It is a complex V2 feature requiring product design, privacy/security decisions, extension architecture, and backend support.
Expected behavior
For an MVP-worthy V2 slice:
A Chrome extension can detect standard web writing surfaces, at minimum:
textarea
text-like input fields where appropriate
common contenteditable compose boxes, with Gmail compose as a target fixture
The extension shows a small Humanly control near the active writing field with clear states:
Off / not recording
Ready to record
Recording
Proof ready / attach available
Error / unsupported field
Recording is opt-in per field/session unless the user has explicitly enabled a trusted-domain default.
The extension records Humanly-compatible provenance events for the external field:
keystrokes / text diffs
paste events
focus/blur and selection where feasible
AI usage only if routed through Humanly extension UI, not covertly inferred
On send/submit, the user gets a choice to include Humanly proof:
attach a generated certificate/export when the host page supports file attachment safely, or
insert a Humanly certificate/replay link/footer when attachment is not technically reliable, or
skip attaching anything.
The generated proof should connect to existing Humanly certificate/replay concepts instead of inventing a separate evidence format.
The extension must never record password fields, credit-card/payment fields, hidden fields, or browser/system UI. It must provide a domain allow/block mechanism and an obvious recording indicator.
Trigger / Product scenario
User installs the Humanly browser extension and signs into Humanly.
User opens Gmail and starts composing an email.
Humanly detects the compose area and shows a small opt-in control.
User enables recording for this compose session.
User writes, pastes, revises, and optionally uses Humanly-supported AI assistance.
User clicks Send.
Humanly asks whether to attach/include the writing process proof.
If accepted, the sent email includes a Humanly certificate/replay link or attachment; if declined, the email sends normally and the local/session data is handled according to the chosen retention policy.
Where the work likely lives
This likely needs a new browser-extension package plus changes to existing tracking/certificate surfaces:
New package TBD, likely packages/browser-extension or apps/browser-extension
Chrome Manifest V3 setup
content scripts for field detection and event capture
background/service worker for auth/session coordination
extension popup/settings UI
Existing tracker package
packages/tracker/src/tracker.ts
packages/tracker/src/types.ts
Reuse or adapt event normalization so external-field traces remain compatible with Humanly provenance logs.
Production QA includes at least Gmail compose and one generic textarea fixture before release.
Out of scope
No implementation in the current task.
No Firefox/Safari extension in the first pass unless explicitly reprioritized.
No guarantee that every arbitrary website or custom editor works in V2 MVP.
No automatic recording without user-visible consent.
No attempt to infer external AI usage outside Humanly-controlled tools for this feature.
No bypassing host-site security policies or private browser/system UI.
Open questions
Should extension sessions be saved as normal Humanly documents, separate external-writing sessions, or ephemeral certificate-only records?
Should users be allowed to generate proof without storing full text, storing only hashes plus events, or does the certificate need full content for verification?
What is the default retention policy for email-like/private writing?
How should proof be represented in email: PDF attachment, JSON attachment, certificate URL, footer text, or user-selectable options?
How should domain-level defaults work for personal users versus admin/organization managed deployments?
What is the minimum viable set of host pages for V2 launch: Gmail only, Gmail + generic textareas, or broader app set?
Reference
Conversation request from Pedro/user:
Pedro: it would be cool to embed Humanly into any text input box, like Grammarly.
User can choose whether to attach the generated writing process when sending.
Example: writing an email and attaching the Humanly process proof.
Target branch
mainwhen this is ready to leave backlog. This should likely start as a dedicated V2 integration branch, for exampleintegration/browser-extension, because it spans extension UI, backend sessions/certificates, auth, and cross-site browser behavior.Classification
type:feature/v2-backlog/cross-surfaceLabels:
enhancement,backlog.Problem
Humanly currently works when users write inside the Humanly web app or an assigned task flow. Pedro proposed a Grammarly-style extension surface: Humanly should be embeddable into arbitrary website text inputs so a user can write in places like email compose boxes and optionally attach a Humanly-generated writing process proof when they send.
The desired product feel is:
This is explicitly not a near-term hotfix. It is a complex V2 feature requiring product design, privacy/security decisions, extension architecture, and backend support.
Expected behavior
For an MVP-worthy V2 slice:
textareainputfields where appropriatecontenteditablecompose boxes, with Gmail compose as a target fixtureTrigger / Product scenario
Where the work likely lives
This likely needs a new browser-extension package plus changes to existing tracking/certificate surfaces:
packages/browser-extensionorapps/browser-extensionpackages/tracker/src/tracker.tspackages/tracker/src/types.tspackages/backend/src/routes/document.routes.tspackages/backend/src/routes/certificate.routes.tspackages/backend/src/services/certificate.service.tspackages/frontend-user/src/app/certificates/[id]/page.tsxpackages/frontend-user/src/app/verify/[token]/page.tsxpackages/shared/src/types/*Scope
Initial design and MVP scope:
Acceptance criteria
textareawithout breaking typing, paste, undo/redo, or IME input.Out of scope
Open questions
Reference
Conversation request from Pedro/user:
Related existing concepts: