Brotab Extension Fails to Connect via NativeMessagingHosts on macOS
Description of the issue: Brotab extension cannot establish NativeMessaging connection despite proper configuration and path corrections for macOS.
Issue Summary
The brotab extension consistently fails with “Access to the specified native messaging host is forbidden” error, even after:
- Moving configuration from incorrect Linux paths (
~/.config/...) to correct macOS paths (~/Library/Application Support/...) - Adding both Chrome store and unpacked extension IDs to allowed_origins
- Confirming the extension works in Firefox with the same setup
Environment Details
System: macOS Sequoia 15.5 (24F74) / Darwin 24.5.0
Brave Version: 1.80.122 Chromium: 138.0.7204.157 (Official Build) (arm64)
Extension: brotab (manifest v2)
CLI Tool: brotab from PyPI
Configuration Status
NativeMessagingHosts config location: ~/Library/Application Support/BraveSoftware/Brave-Browser/NativeMessagingHosts/brotab_mediator.json
{
"name": "brotab_mediator",
"description": "This mediator exposes interface over TCP to control browser's tabs",
"path": "/Users/steward/.local/bin/bt_mediator",
"type": "stdio",
"allowed_extensions": [ "brotab_mediator@example.org" ],
"allowed_origins": [
"chrome-extension://mhpeahbikehnfkfnmopaigggliclhmnc/", # chrome store ext id
"chrome-extension://knldjmfmopnpolahpmmgbagdohdnhkik/" # unpacked hash id
]
}
Extension manifest (unpacked): Extension ID knldjmfmopnpolahpmmgbagdohdnhkik with proper nativeMessaging permissions.
Error Details
Console error: “Reason: Access to the specified native messaging host is forbidden”
Context: _generated_background_page.html at background.js:636
Trigger: Occurs during chrome.runtime.connectNative(NATIVE_APP_NAME) call
Steps to Reproduce
- Install brotab CLI tool:
uv tool install brotaborpip install brotab - Run
brotab install(creates config in wrong Linux paths) - Fix paths for macOS:
- Create:
~/Library/Application Support/BraveSoftware/Brave-Browser/NativeMessagingHosts/ - Move: config file from
~/.config/BraveSoftware/...to correct macOS location (see edit history for Details-hidden list of commands) - Optional: Create symlink for future installs
- Create:
- Load brotab extension in Brave (either from store or unpacked)
- Observe connection failure in extension console
Expected vs Actual Results
Expected: Extension connects to native messaging host, brotab list shows Brave tabs
Actual: Extension fails to connect, shows “forbidden” error, no tabs accessible via CLI
Additional Context
- Firefox works perfectly with identical configuration
- Chrome worked initially with unpacked extension but stopped after browser restart (even with mv2 legacy flag enabled)
- Extension fails in both store-installed and unpacked modes
- Binary path
/Users/steward/.local/bin/bt_mediatorexists and is executable
Questions
- Does Brave have additional sandbox/security restrictions beyond standard Chromium NativeMessaging?
- Are there macOS-specific permissions or quarantine issues affecting NativeMessaging in Brave?
- Does the unpacked extension ID requirement differ from Chrome’s behavior?
How can this issue be reproduced? Follow the steps above on macOS with Brave browser and the brotab extension/CLI tool combination.
I had Claude re-write my long answer for ease of flow — distilling & deduplicating from the initial debug log.