Audiobook extension workflow

Me:

I have two repos, the main private https://github.com/vacuumboots/audioproctor and the public https://github.com/vacuumboots/audioproctor-extension.

If I want to push an update to the extension, my understanding is that I should go to the dev branch and create an issue. I should then make a pr, and accept it on the dev branch. Then, I should download the extension directory, and load the unpacked extension on a chromebook. I should go through https://github.com/vacuumboots/audioproctor/blob/main/docs/test-runs/2026-04-26-managed-chromebook-pilot.md. If it passes all of those, I should then merge to main, which will automatically update https://github.com/vacuumboots/audioproctor-extension. I should then manually upload the new version to the chrome webstore.

Does that sound correct?

Initializing agent… ────────────────────────────────────────

┊ 📚 skill github-pr-workflow 0.2s ┊ 📚 skill github-repo-management 0.2s ┊ 📚 skill github-issues 0.1s ┊ 📋 plan 3 task(s) 0.0s ┊ 🔎 find 2026-04-26-managed-chromebook-pilot.md 1.0s ┊ 🔎 grep audioproctor-extension|chrome web store|webstore|extension sync|subtree|submodule|git subtree|mirror 0.9s ┊ 💻 $ git branch -a && printf ‘\n—REMOTES—\n’ && git remote -v && printf ‘\n—STATUS—\n’ && git status –short –branch 2.0s ┊ 📖 read docs/OPERATIONS.md 1.1s ┊ 📖 read docs/test-runs/2026-04-26-managed-chromebook-pilot.md 1.6s ┊ 📖 read docs/release-checklist.md 1.4s ┊ 📖 read extension/README.md 1.6s ┊ 📖 read RELEASE_SOURCE_OF_TRUTH.md 0.9s ┊ 📖 read .github/workflows/sync-extension.yml 4.7s ┊ 🔎 grep Feature branches off dev|PR dev → main|dev branch|feature branches off dev|merge to dev|merge to main 0.4s ┊ 💻 $ git ls-remote https://github.com/vacuumboots/audioproctor-extension.git refs/heads/main && printf ‘\n’ && git subtree split –prefix=extension HEAD 40.9s ┊ 📖 read docs/managed-chromebook-pilot-checklist.md 1.1s ┊ 🔎 grep Load unpacked|force-install|Developer mode|Chrome Web Store|managed Chromebook 0.3s ┊ 📋 plan update 3 task(s) 0.0s ┊ 📋 plan update 1 task(s) 0.0s

╭─ ⚕ Hermes───────────────────────────────────────────────────────────────────────────────────────────────────────────╮ Mostly yes, but with 3 important corrections.

Short version:
1. Yes: start from dev, create an issue, make a feature branch, open a PR, merge into dev first.
2. Yes: test the extension on a real Chromebook against the managed pilot checklist/run sheet.
3. Yes: after validation, promote to main.
4. Yes: once main has the extension change, the public repo is supposed to sync automatically.
5. Yes: Chrome Web Store upload is still manual.

Corrections:

1. Don’t test by “downloading the extension directory” onto the managed Chromebook
For the formal managed Chromebook pilot, your own docs say the extension should be force-installed from the Chrome Web Store, not sideloaded:
- docs/managed-chromebook-pilot-checklist.md: MC-01 expects automatic install on a managed device
- docs/test-runs/2026-04-26-managed-chromebook-pilot.md: deployment method is “Google Admin force-install (Chrome Web Store)”
- README.md says managed Chromebooks should receive it through Google Admin Console by force-installing the store listing

So:
- For local/dev sanity testing: yes, load unpacked from extension/ in chrome://extensions on a regular Chrome browser.
- For the real managed Chromebook validation: use the Web Store-installed version on the managed Chromebook, because that is the real deployment path you care about.

2. The public repo does not update from dev; it updates from main
Your sync workflow is:
- .github/workflows/sync-extension.yml
- triggered on push to main
- only when extension/** changes
- or manually via workflow_dispatch

And extension/README.md says:
- “Main-branch changes to extension/** are automatically pushed to the public repo via GitHub Actions.”

So the sequence is:
- work on feature branch off dev
- PR into dev
- validate
- PR/merge dev -> main
- then main triggers sync to vacuumboots/audioproctor-extension

3. “Automatically update” should be read as “automatic if the workflow succeeds”
Your docs are explicit that you should verify the mirror:
- docs/OPERATIONS.md says compare:
  git subtree split --prefix=extension HEAD
  vs public repo main SHA
- docs/release-checklist.md says confirm public repo main reflects current extension content
- docs/OPERATIONS.md says if mirror mismatch, run sync workflow and re-check

I checked current state locally, and right now the mirror is matching:
- public repo main SHA: ade0de7c49335df16489eaf1a66e03dc8728272f
- current extension subtree SHA: ade0de7c49335df16489eaf1a66e03dc8728272f

So your intended automation is working at the moment, but it is still something to verify, not assume.

What I’d call the correct workflow

1. Create/track the work
- Create a GitHub issue in the private repo
- Create a feature branch from dev

2. Implement
- Make the extension changes in the private repo’s extension/ directory
- Commit to the feature branch
- Open PR to dev

3. Dev validation
- Review/merge into dev
- Do local sanity testing with load-unpacked if useful
- Also test any app-side behavior if the extension depends on API/session behavior

4. Managed Chromebook validation
- Use a managed Chromebook with the extension force-installed via Google Admin / Chrome Web Store
- Run the full checklist in docs/managed-chromebook-pilot-checklist.md
- Record results in docs/test-runs/2026-04-26-managed-chromebook-pilot.md or a new dated run sheet
- This is the right place to verify MC-01..MC-20

5. Release to main
- PR dev -> main
- Merge to main once validation passes

6. Verify public mirror
- Confirm the sync workflow ran successfully
- Confirm the public repo main matches the private extension subtree
- If needed, manually run “Sync extension to public repo”

7. Attestation/docs
For extension-affecting changes, your own done criteria say also update:
- RELEASE_SOURCE_OF_TRUTH.md
- CHANGELOG.md
- managed Chromebook run sheet, if behavior changed

8. Chrome Web Store release
- Build/package the release artifact
- Upload the new version manually to the Chrome Web Store
- Then update release metadata/attestation as needed

One more subtle point

If you merge to main before uploading the new version to the Chrome Web Store, then:
- the public source repo may show newer code
- but managed Chromebooks force-installed from the Web Store will still be running the previous published version
- that’s okay temporarily, but you should treat “main/public mirror updated” and “store version published” as separate milestones

So the clean mental model is:
- main = source of truth for code
- public mirror = public auditable source
- Chrome Web Store = actual deployed managed-device artifact

My recommendation

Yes, use this flow:

Issue -> feature branch off dev -> PR to dev -> test -> managed Chromebook pilot -> PR/merge dev -> main -> verify public mirror sync -> manual Chrome Web Store upload

But change your testing assumption to:
- load unpacked for local development only
- use Web Store force-install on the managed Chromebook for the real acceptance test