OneProfile

OneProfile is a local-first migration tool for people who are done with browser split-brain.

It inventories Chromium-family profiles, builds a deterministic merge plan, and applies extension installs plus extension state artifacts into one canonical profile.

Supported sources include Chrome, Brave, Edge, Chromium, Vivaldi, Arc-derived Chromium profile folders, and any profile with Chromium-style Preferences, Extensions, and extension storage directories.

Why This Exists

Browser migration tools usually move bookmarks, history, cookies, and tabs. They do not solve extension state. That leaves users with six profiles, half-installed extensions, stale wallet contexts, lost settings, and no trustworthy way to converge back to one browser.

OneProfile is built for that exact gap.

What It Can Do

• Inventory every extension across many Chromium profiles.
• Detect duplicate extension IDs across profiles.
• Copy extension source versions into a canonical target profile.
• Merge normal Preferences.extensions.settings into the target profile.
• Detect Secure Preferences extension registrations and report browser-native install repair steps.
• Copy known extension storage artifact directories:
  • Local Extension Settings/<extension_id>
  • Sync Extension Settings/<extension_id>
  • IndexedDB/chrome-extension_<extension_id>_0.indexeddb.leveldb
  • File System/chrome-extension_<extension_id>_0
  • databases/chrome-extension_<extension_id>_0
  • Extension Rules/<extension_id>
  • DNR Extension Rules/<extension_id>
• Produce dry-run plans before mutating anything.
• Create a backup of files it replaces.
• Refuse symlink traversal.
• Detect wallet extensions as a special high-risk class.

Wallets

Wallet extensions are first-class in OneProfile, but wallet vaults are not generic settings files.

OneProfile detects known wallet extensions and preserves the migration context. By default it does not overwrite wallet vault artifacts because a raw vault merge can corrupt the profile, strand funds, or silently prefer one encrypted context over another.

For wallets, OneProfile's safe model is:

1. Detect every wallet extension instance.
2. Preserve source profile and extension IDs.
3. Install the wallet into the canonical browser profile.
4. Use the wallet's official import/export UI for seed phrases, private keys, accounts, and password rotation.
5. Verify the resulting wallet account list in the canonical profile.

There is no honest universal filesystem operation that turns multiple unrelated encrypted wallet vaults into one new vault password. If a wallet exposes an official export/import API, OneProfile can grow an adapter for it.

Install

No package install is required for local use:

node ./bin/oneprofile.mjs --help

Or install globally from a clone:

npm install -g .
oneprofile --help

Quick Start

Close all browsers first.

oneprofile inventory \
  --profile "$HOME/Library/Application Support/Google/Chrome/Default" \
  --profile "$HOME/Library/Application Support/BraveSoftware/Brave-Browser/Default" \
  --profile "$HOME/Library/Application Support/Vivaldi/Default"

Create a merge plan:

oneprofile plan \
  --target "$HOME/Library/Application Support/Vivaldi/Default" \
  --source "$HOME/Library/Application Support/Google/Chrome/Default" \
  --source "$HOME/Library/Application Support/BraveSoftware/Brave-Browser/Default" \
  --out oneprofile.plan.json

Dry-run it:

oneprofile apply --plan oneprofile.plan.json --dry-run

Apply it:

oneprofile apply --plan oneprofile.plan.json

Verify target:

oneprofile verify --target "$HOME/Library/Application Support/Vivaldi/Default"

Merge Policy

Default policy is latest-wins:

• If an extension appears once, copy it.
• If an extension appears in many profiles, choose the source with the newest extension artifact timestamp.
• Existing target profile data is backed up before replacement.
• Wallet vault artifacts are guarded by default.

To copy wallet artifacts anyway, use:

oneprofile plan ... --include-wallet-artifacts

That flag still does not decrypt, re-encrypt, export, import, or reset wallet vault passwords. It only copies opaque local artifacts.

Secure Preferences Boundary

Modern Chromium browsers often store extension registration in Secure Preferences, protected by integrity metadata. OneProfile inventories those entries and migrates extension code/state artifacts, but it does not forge secure-preference MACs to silently install extensions.

That is intentional. Silent extension installation is a malware primitive.

When a plan reports securePreferenceRepairs, install or enable those extensions through the browser-native UI or Web Store, then rerun oneprofile apply for storage artifacts if needed.

Repository Goals

OneProfile aims to become the browser-profile convergence layer:

• One browser.
• One canonical profile.
• No split-brain.
• No mystery extension drift.
• No pretending wallet crypto is a generic settings file.

Safety Model

OneProfile is local-only. It does not phone home, upload data, read seeds, print secrets, or bypass wallet authentication.

It is designed to make user-owned migration easier while keeping sensitive wallet operations inside official wallet flows.