{
  "metadata": {
    "name": "SafePrompt \u2014 Chrome force-install (Intune Settings catalog)",
    "description": "Microsoft Intune Configuration Profile for Windows 10/11. Force-installs the SafePrompt extension on managed Chrome browsers and pushes tenant credentials via chrome.storage.managed (FR36, FR37, FR61).",
    "platform": "windows10",
    "targetBrowser": "chrome",
    "version": "1.0.0",
    "vendor": "M-KIS Innovation"
  },
  "settings": [
    {
      "name": "ExtensionInstallForcelist",
      "registryPath": "Software\\Policies\\Google\\Chrome\\ExtensionInstallForcelist",
      "registryKind": "REG_MULTI_SZ",
      "settingDefinitionId": "device_vendor_msft_policy_config_chrome~policy~googlechrome~extensions_extensioninstallforcelist",
      "value": [
        "<EXTENSION_ID>;https://clients2.google.com/service/update2/crx"
      ]
    },
    {
      "name": "ExtensionSettings",
      "registryPath": "Software\\Policies\\Google\\Chrome\\ExtensionSettings",
      "registryKind": "REG_SZ",
      "settingDefinitionId": "device_vendor_msft_policy_config_chrome~policy~googlechrome~extensions_extensionsettings",
      "value": {
        "<EXTENSION_ID>": {
          "installation_mode": "force_installed",
          "update_url": "https://clients2.google.com/service/update2/crx",
          "toolbar_pin": "force_pinned",
          "runtime_blocked_hosts": [],
          "runtime_allowed_hosts": [
            "https://chatgpt.com",
            "https://claude.ai",
            "https://gemini.google.com",
            "https://chat.qwen.ai",
            "https://chat.deepseek.com",
            "https://openrouter.ai"
          ]
        }
      }
    },
    {
      "name": "3rdparty.extensions.<EXTENSION_ID>.policy",
      "registryPath": "Software\\Policies\\Google\\Chrome\\3rdparty\\extensions\\<EXTENSION_ID>\\policy",
      "registryKind": "REG_SZ",
      "comment": "Managed storage values consumed by the SafePrompt extension via chrome.storage.managed (FR61 \u2014 License Bootstrap Path A).",
      "value": {
        "tenant_api_key": "<TENANT_API_KEY>",
        "tenant_id": "<TENANT_UUID>"
      }
    },
    {
      "name": "ExtensionInstallSources",
      "registryPath": "Software\\Policies\\Google\\Chrome\\ExtensionInstallSources",
      "registryKind": "REG_MULTI_SZ",
      "comment": "Whitelist the SafePrompt CDN so future self-hosted .crx builds (Epic 10 story 10.05) can install outside the Chrome Web Store.",
      "value": [
        "https://cdn-safeprompt.m-kis.fr/*"
      ]
    }
  ]
}