Sitewipe — User Guide (web)

1. Getting started #

Sitewipe is a DevTools companion that clears, inspects, snapshots, and shares per-origin browser state without forcing you to log out.

Open the popup

Pin the Sitewipe icon to the Chrome toolbar.
Open the site you want to work with, then click the icon.
The header shows the current site’s hostname. If it reads Sitewipe cannot run on this page (restricted URL), switch to a regular http:// or https:// tab — Chrome blocks extensions on chrome://, the Web Store, and similar pages.

Layout

Top header: site name, User guide button (in the extension, opens this documentation in a new tab via chrome.runtime.getURL('src/doc/index.html'); you can also read this copy on the web), Advanced panel.
Tabs: Purge Inspect Profiles Snapshots.

2. Purge tab #

Clear selected data categories for the active origin in one click.

Steps

Read the live counts (cookies / localStorage / sessionStorage) at the top. Use Refresh counts after external changes.
Tick the data types to remove.
Optionally fill in whitelists (see section 3).
Click Preview & clear — Sitewipe estimates the impact first; nothing is deleted yet.
Confirm Proceed to clear in the dialog to execute.

What each checkbox removes

Toggle	Effect
Cookies	Removes all cookies for the origin via `chrome.browsingData`, or selectively if a whitelist is set.
Preserve session cookies	Skips cookies marked `session` during selective sweep — useful to stay logged in while clearing analytics/tracking cookies.
LocalStorage	Wipes `localStorage` for the origin; whitelisted keys are re-merged after.
SessionStorage	Clears the page’s `sessionStorage` in the MAIN world.
IndexedDB	Drops all IDB databases for the origin.
Cache storage	Empties the Service Worker Cache Storage.
Service workers	Unregisters every SW scope plus clears its storage.

Clearing cookies + localStorage usually logs you out. Use whitelists or the dry-run preview if you’re unsure.

3. Smart selective clear #

Keep auth state and important keys while everything else is wiped.

Where to set

Under the checkboxes, open the Keep (whitelist) block.
Enter Cookie names (one per line or comma-separated).
Enter localStorage keys the same way.

How it works

Cookies: when a whitelist is set or Preserve session cookies is on, Sitewipe loops cookies one by one and skips matching names instead of bulk-deleting.
localStorage: Sitewipe reads the matched keys, lets chrome.browsingData wipe the origin, then writes the saved values back. This works even when the page hasn’t been opened.
Whitelists are saved per recipe so different sites can have different rules.

Tip: common names to whitelist — session_id, auth_token, refresh_token, persist:root, feature_flags.

4. Impact preview (dry run) #

A safety net before any destructive action.

Preview & clear always opens a Purge impact dialog describing what would be removed. Nothing is touched until you press Proceed to clear.

What the dialog tells you

Origin — the scope of the action.
Targets — checked data types in plain language.
Cookies affected — estimated count and how many are kept by name.
localStorage keys removed — estimated count and how many will be restored.
sessionStorage keys cleared — count, when sessionStorage is selected.
An amber “may log you out” warning when bulk cookies or localStorage will be wiped without a whitelist.

Press Esc or Back to abort. The Purge tab keeps your current options so you can adjust and retry.

5. Inspect tab #

A focused replacement for DevTools’ Application panel.

Storage table — view, add, edit, and delete localStorage and sessionStorage entries inline.
Cookies — full CRUD on the active origin’s cookies (name, value, domain, path, secure, httpOnly, sameSite, session, partition key).
Service workers — list registrations and unregister a specific scope.
Cache storage — overview of cache names with sample URLs.
IndexedDB — list databases and stores, sample up to 45 rows per store for quick inspection.

Cookie partition keys and SameSite policies are preserved on edit — useful when debugging third-party / partitioned cookies (CHIPS).

6. Purge recipes (Profiles tab) #

Save your favourite combinations of toggles + whitelists and reuse them.

Save a preset

Open the Profiles tab.
Name the preset (e.g. Wipe cache + SW).
Optionally add one or more hostnames in Suggest on hostnames (e.g. app.example.com, localhost).
Tick the desired toggles, fill in the optional whitelist names.
Click Save preset.

Apply

When the current tab’s hostname matches a preset, a “Matches this site” band appears at the top of the Profiles tab.
Click Apply on any preset — Sitewipe copies its options and whitelists into the Purge tab.
Adjust if needed and run Preview & clear.

7. Snapshots #

Save and restore the full per-origin state — cookies + localStorage + sessionStorage.

The Purge tab refreshes its summary counts when you open the popup; use Clear all snapshots here to remove every saved snapshot (all origins).

Capture

Open the Snapshots tab.
(Optional) name the snapshot.
Click + New. The list shows time and approximate size.

Restore

Click the restore icon on any card.
A Restore preview diff shows storage values that will change.
Confirm to reload the tab into the saved state.

Export JSON — saves a portable snapshot file.
Copy snapshot string (Base64) — paste in chat or a ticket.
Import a Base64 string via the Advanced panel.

8. Auto snapshots (Event-triggered) #

Like Git for browser data — let Sitewipe capture each time storage changes so you can roll back.

Enable

Open the Snapshots tab on the target site.
Tick the checkbox labelled Auto-save snapshot when cookies / localStorage / sessionStorage change (per-origin, debounced; captures a baseline when you enable it).
A baseline Auto · baseline · HH:MM:SS appears immediately so you have a reference point.

Troubleshooting

After installing a new build, open chrome://extensions and reload Sitewipe so the updated content scripts are re-registered for the page.
The watch is scoped to the exact origin (scheme + host + port). Toggling it on https://app.example.com will not snapshot https://www.example.com; enable it on each origin you care about.
Rapid logout/login bursts may produce only one auto entry due to the 15 s per-origin throttle. Use the + New button to force an extra capture when needed.
If nothing appears on storage writes, confirm the page is not a restricted URL (chrome://, Web Store, etc.) and that the popup header doesn’t show the restricted-URL warning.

What gets captured

Storage writes — a MAIN-world content script installed at document_start patches Storage.prototype.setItem/removeItem/clear, so both localStorage.setItem(...) and Storage.prototype.setItem.call(...) are intercepted.
Cookie changes — the service worker subscribes to chrome.cookies.onChanged for each watched origin, so logout/login flows that only touch cookies (including httpOnly session cookies) still trigger an Auto · cookies · HH:MM:SS capture.

How it works

An ISOLATED content script bridges MAIN-world storage events to the service worker, forwarding only when the page’s origin is in your watch list.
Captures are debounced ~700 ms per origin and rate-limited to one per 15 s per origin across both sources.
If no tab is open with that origin during a cookie event, Sitewipe falls back to a cookies-only snapshot using chrome.cookies.getAll.
Toggling the watch on also retro-injects the storage patch into already-open tabs of that origin — no reload required.
The store keeps the most recent 150 entries.

Disable the watch when you no longer need it; auto entries can accumulate during heavy test flows.

9. Compare snapshots #

Pinpoint what data changed between two captures, or vs. the live tab.

Pick targets

In the Snapshots tab, use the two selects under Compare.
Choose either:
- Snapshot vs snapshot
- Snapshot vs live (compares the first select against the current tab)

Reading the diff

Area — cookie, localStorage, or sessionStorage.
Change — added, removed, or changed.
Key — cookie name (with domain/path detail) or storage key.
Values — short preview of left → right; hover the row to see full values.

10. Environment injection #

“Works on my machine? Send me your machine.” Share a complete reproducible state with a teammate.

Capture & share

Open the Advanced panel (top-right of the popup).
Copy as Mock JSON — copies a portable JSON describing cookies and storages.
Copy as CLI script — JavaScript you can paste in DevTools to recreate the state manually.
Copy snapshot string (Base64) from a snapshot card for a single one-liner share.

Apply on another machine

Open the same site, then the Advanced panel.
Paste into Inject environment (Mock JSON) and click Apply to this tab. Sitewipe wipes the origin and writes the payload back, then reloads.
Or paste a Base64 string into Import snapshot string (Base64) to add it to your Snapshots list before restoring.

Kill & reload

Kill & Reload is the nuclear option: cookies, storages, IndexedDB, caches and service workers are all removed for the origin, then the tab is hard-reloaded. Use it when a stuck Service Worker or cache is keeping a broken state alive.

11. Permissions #

Why Sitewipe asks for what it asks for.

Permission	Reason
`storage`	Save profiles, snapshots, and auto-watch settings locally.
`tabs`	Read the active tab URL and title to scope actions.
`scripting`	Probe and modify `localStorage`/`sessionStorage` in the page world.
`cookies`	Read, set, and remove cookies for the active origin.
`browsingData`	Bulk-clear cookies, IndexedDB, cache storage, service workers.
`webNavigation`	Currently declared in the manifest but unused by the background logic. Auto-snapshot installs its hook through two `content_scripts` at `document_start` and listens to `chrome.cookies.onChanged`; this row may be removed in a future cleanup.
`host_permissions` (`http`/`https`)	Required for cookies and scripting on the active origin.

Sitewipe will refuse to act on chrome://, the Chrome Web Store, and other restricted URLs — the popup shows a warning in those cases.

12. Changelog #

v2.0.1

Smart selective clear (cookie + localStorage whitelists).
Impact preview dialog before every purge.
Purge recipes with hostname suggestions.
Snapshot diff & compare (snapshot↔snapshot and snapshot↔live).
Event-triggered auto snapshots (debounced, per-origin opt-in).
Auto snapshots now react to chrome.cookies.onChanged as well, so cookie-only login/logout flows (including httpOnly sessions) produce an Auto · cookies · HH:MM:SS entry.
Storage interception moved to Storage.prototype and runs from a MAIN-world content script at document_start, catching both localStorage.setItem(...) and Storage.prototype.setItem.call(...) patterns before page code runs.
Enabling the watch immediately captures a baseline snapshot and retro-injects the storage hook into already-open tabs — no reload needed.
Cookies-only fallback: cookie events fire a snapshot even when no tab is open for the origin, by reading chrome.cookies.getAll.
Environment injection from Mock JSON via the Advanced panel.
This user guide.