This page is the full technical walkthrough of Zero Hour. If you've ever wanted to understand exactly what a Chrome extension does between the moment you click "Save snipe" and the moment your bid lands on eBay, this is for you.
The five-stage lifecycle of a snipe
Stage 1: You save the snipe
You're on an eBay auction page, or you've pasted a URL into the Zero Hour popup. The Add Snipe sheet shows the item with current price, end time, and a max-bid input. You confirm and tap Save.
What happens locally:
- The snipe is persisted to
chrome.storage.localas a single object:{ itemId, maxBid, leadTime, endTimeMs, ... }. - The service worker registers a Chrome alarm:
chrome.alarms.create('snipe-{id}', { when: endTimeMs - 30000 }). - The popup updates to show the new snipe in the Active list.
No network request leaves your machine. Saving a snipe is a local-only operation.
Stage 2: the 30-second wake-up
Chrome's service worker is normally idle between events. The chrome.alarms API is the only reliable way to wake it for scheduled work in Manifest V3.
At 30 seconds before your snipe's fire time, Chrome wakes the service worker. The worker:
- Reads the snipe back from
chrome.storage.local. - Looks for an existing eBay listing tab to reuse (keeps your Forter session warm) or opens a fresh background tab on the listing URL.
- Schedules a high-precision in-memory
setTimeoutfor the actual fire time. Alarms are accurate to the second;setTimeouthandles the sub-second precision once the worker is awake.
Stage 3: firing the bid
At T-minus-your-lead-time (default 6 seconds before close):
- The service worker uses a background tab on the eBay listing so the bid runs from within eBay's own origin, with your session cookies and any anti-fraud scripts already loaded.
- A content script inside that tab composes the bid using the live data eBay's own page provides, then submits it. The flow is the same one a manual bidder triggers when they hit "Confirm bid" in the closing seconds. The only difference is that Zero Hour fires it at a precisely chosen moment instead of waiting on a human click.
- Responses are parsed locally. A successful confirmation is recorded as a win-pending. If your eBay session has expired between the warm-up and the fire, the result is surfaced as auth-required rather than silently retried.
- Snipe status is written back to
chrome.storage.local:won_pending,outbid,auth_required, orfailed. If Zero Hour opened the tab itself, it closes it.
Your eBay password is never typed into Zero Hour, never sent to a server, and never stored, because the extension talks to eBay through your already-logged-in browser tab.
Stage 4: confirmation
30 seconds after the auction's official end time, the worker fetches the listing's public page once more to verify the final result. If the snipe was marked won_pending and the public page confirms you won, the status becomes won and the winning price is recorded. If you were outbid in the closing seconds, the status updates to outbid.
Stage 5: notification
A Chrome system-level notification fires:
- Won: YOU WON — [item title] · Final $47
- Lost: Outbid — [item title] · Winning bid was $52
- Failed: Snipe failed — [item title] · Re-auth required
Click the notification to open the popup with the Completed tab pre-selected. On a win, there's a particle-burst celebration overlay.
Reliability hardening
Clock drift
The user's local clock can be off by several seconds. At extension startup, and once per day thereafter, Zero Hour fetches a trusted timestamp from zerohourbid.com/api/time and stores the offset. All snipe scheduling applies the offset.
Service worker suspension
Chrome may suspend the service worker between events. The 30-second-ahead alarm wake-up exists specifically to handle this. Even if the worker has been suspended for hours, the alarm wakes it in time to run the pre-fetch.
Multiple simultaneous snipes
If two snipes fire within the same second, the worker staggers them by 100ms to avoid rate-limit triggers. Bid POSTs are non-blocking, so the second snipe doesn't wait for the first to complete.
Cookie freshness
The bid runs from inside an eBay tab on your machine, so the request carries whatever session your browser has at that instant. If the cookie was invalid at fire time the bid fails with auth_required and we surface it; we never silently retry a real-money action.
What this architecture cannot do
For transparency:
- Fire when your browser is closed.
- Fire when your computer is asleep.
- Fire if you've uninstalled or disabled the extension.
- Survive a browser crash within the final 30 seconds. Browser crashes are out of our control.
These are the structural costs of never trusting a third party with your credentials.