@duckduckgo/autoconsent 14.95.1 → 14.97.0

package/.agents/skills/proxy-testing/scripts/regional-proxy.mjs

@@ -0,0 +1,599 @@
+/**
+ * Playwright HTTPS regional proxy utilities for multi-region autoconsent testing.
+ *
+ * Launches a local Chromium browser with an HTTPS proxy selected by region, injects
+ * autoconsent into an isolated world (via CDP), and evaluates opt-out/opt-in flows.
+ * Chromium only - isolated worlds are reached through CDP, which Playwright exposes for
+ * Chromium alone.
+ *
+ * Requires env vars:
+ * - REGIONAL_PROXY_<REGION> (REGION is the uppercased two-letter region code)
+ * - REGIONAL_PROXY_USERNAME
+ * - REGIONAL_PROXY_PASSWORD
+ */
+
+/**
+ * @typedef {import('playwright').Page} Page
+ * @typedef {import('playwright').Browser} Browser
+ * @typedef {import('playwright').LaunchOptions} LaunchOptions
+ */
+
+/**
+ * @typedef {Object} TestOptions
+ * @property {'optOut'|'optIn'|null} [action='optOut']
+ * @property {string} [screenshotsDir]
+ * @property {number} [navigationTimeout=45000]
+ * @property {number} [completionTimeout=45000]
+ * @property {number} [detectionTimeout] - How long to wait for `cmpDetected` before giving up. Defaults to `completionTimeout`.
+ * @property {boolean} [headless=true]
+ * @property {LaunchOptions} [launchOptions]
+ */
+
+/**
+ * @typedef {Object} TestResult
+ * @property {string} url
+ * @property {string} region
+ * @property {string[]} cmpsDetected - All CMPs detected on the page.
+ * @property {string|null} cmpActedOn - The CMP that was actually opted out/in.
+ * @property {boolean} popupFound
+ * @property {boolean|null} optOutResult
+ * @property {boolean|null} optInResult
+ * @property {boolean|null} selfTestResult
+ * @property {boolean} autoconsentDone
+ * @property {boolean|null} isCosmetic
+ * @property {string[]} errors
+ * @property {number} duration
+ * @property {string[]} screenshotPaths
+ */
+
+/**
+ * @typedef {Object} AutoconsentContext
+ * @property {Object[]} received - All received autoconsent messages.
+ * @property {(type: string) => boolean} hasMessage
+ * @property {(timeout?: number, detectionTimeout?: number) => Promise<boolean>} waitForCompletion
+ * @property {(type: string, timeout?: number) => Promise<boolean>} waitForMessage
+ * @property {(url: string, region: string) => TestResult} collectResult
+ */
+
+/**
+ * Primitives the message handler uses to talk to a specific frame's content script.
+ * `frameRef` is the isolated world's execution-context uniqueId the message arrived from;
+ * the transport resolves it to the owning CDP session and the matching page-world context.
+ * @typedef {Object} MessageTransport
+ * @property {(frameRef: string, message: object) => Promise<void>} sendToContentScript
+ * @property {(frameRef: string, code: string) => Promise<any>} evalInMainWorld
+ */
+
+/**
+ * @typedef {(transport: MessageTransport) => (msg: any, frameRef: string) => Promise<void>} MessageHandlerFactory
+ */
+
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { chromium } from 'playwright';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const projectRoot = path.resolve(__dirname, '../../../..');
+
+const contentScript = fs.readFileSync(path.join(projectRoot, 'dist/autoconsent.playwright.js'), 'utf8');
+const rulesJson = JSON.parse(fs.readFileSync(path.join(projectRoot, 'rules/rules.json'), 'utf-8'));
+const fullRules = rulesJson.autoconsent;
+
+export const DEFAULT_REGIONS = ['us', 'gb', 'au', 'ca', 'de', 'fr', 'nl', 'ch', 'no', 'it', 'es', 'pl', 'se', 'dk', 'jp'];
+
+/**
+ * Build the Playwright proxy object for a region.
+ * @param {string} regionKey - Two-letter region code (e.g. 'us', 'gb').
+ * @param {NodeJS.ProcessEnv} [env]
+ * @returns {{ server: string, username: string, password: string }}
+ */
+export function buildProxyConfig(regionKey, env = process.env) {
+    const envVar = `REGIONAL_PROXY_${regionKey.toUpperCase()}`;
+    const endpoint = env[envVar];
+    const username = env.REGIONAL_PROXY_USERNAME;
+    const password = env.REGIONAL_PROXY_PASSWORD;
+
+    if (!endpoint || !username || !password) {
+        throw new Error(
+            `Missing proxy environment variables for region "${regionKey}". ` +
+                `Expected ${envVar}, REGIONAL_PROXY_USERNAME, and REGIONAL_PROXY_PASSWORD.`,
+        );
+    }
+    if (endpoint.includes('://') || endpoint.includes('@') || /:\d+$/.test(endpoint)) {
+        throw new Error(
+            `${envVar} should be a bare hostname without scheme, credentials, or port. ` + 'The library adds https:// and port 443.',
+        );
+    }
+
+    return {
+        server: `https://${endpoint}:443`,
+        username,
+        password,
+    };
+}
+
+/**
+ * Launch a local Playwright browser through the HTTPS proxy for a region.
+ * @param {string} regionKey
+ * @param {Partial<TestOptions>} [options]
+ * @returns {Promise<Browser>}
+ */
+export async function launchRegionalProxyBrowser(regionKey, options = {}) {
+    return chromium.launch({
+        headless: options.headless ?? true,
+        ...(options.launchOptions ?? {}),
+        proxy: buildProxyConfig(regionKey),
+    });
+}
+
+/**
+ * Inject autoconsent into a page. Call before navigating to the target URL.
+ *
+ * The content script runs in an isolated world (via CDP) while `eval` snippets execute in
+ * the page's main world, mirroring the browser extension. Chromium only.
+ * @param {Page} page
+ * @param {Partial<TestOptions>} [options]
+ * @returns {Promise<AutoconsentContext>}
+ */
+export async function injectAutoconsent(page, options = {}) {
+    const action = 'action' in options ? options.action : 'optOut';
+    /** @type {any[]} */
+    const received = [];
+    const config = {
+        enabled: true,
+        autoAction: action,
+        disabledCmps: [],
+        enablePrehide: true,
+        detectRetries: 20,
+        enableCosmeticRules: true,
+        enableGeneratedRules: true,
+        enableHeuristicDetection: true,
+        enableHeuristicAction: true,
+        // The engine runs in the isolated world; eval snippets are forwarded to the main world.
+        isMainWorld: false,
+        logs: { lifecycle: true, rulesteps: true, detectionsteps: false, evals: false, errors: true },
+    };
+
+    // Remembers which frame (and its transport's sender) asked for a self test, so the
+    // follow-up `selfTest` message is routed back to the same content-script context even
+    // when several frames/CDP sessions are involved.
+    /** @type {{ send: MessageTransport['sendToContentScript'], frameRef: any } | null} */
+    let selfTestTarget = null;
+
+    // The transport-agnostic message handler. A transport supplies two primitives:
+    //   sendToContentScript(frameRef, message) - deliver to autoconsentReceiveMessage in the content-script world
+    //   evalInMainWorld(frameRef, code)        - run an eval snippet in the frame's MAIN world
+    // This split mirrors the browser extension: the engine lives in an isolated world,
+    // while `eval` snippets execute in the page's main world.
+    /** @type {MessageHandlerFactory} */
+    const createMessageHandler = ({ sendToContentScript, evalInMainWorld }) => {
+        return async function handleMessage(msg, frameRef) {
+            received.push(msg);
+            switch (msg.type) {
+                case 'init':
+                    await sendToContentScript(frameRef, { type: 'initResp', config, rules: { autoconsent: fullRules } });
+                    break;
+                case 'eval': {
+                    let result = false;
+                    try {
+                        result = await evalInMainWorld(frameRef, msg.code);
+                    } catch {}
+                    await sendToContentScript(frameRef, { id: msg.id, type: 'evalResp', result });
+                    break;
+                }
+                case 'optOutResult':
+                case 'optInResult':
+                    if (msg.scheduleSelfTest) {
+                        selfTestTarget = { send: sendToContentScript, frameRef };
+                    }
+                    break;
+                case 'autoconsentDone': {
+                    const target = selfTestTarget ?? { send: sendToContentScript, frameRef };
+                    await target.send(target.frameRef, { type: 'selfTest' });
+                    break;
+                }
+                case 'autoconsentError':
+                    console.error('autoconsent error:', msg.details);
+                    break;
+            }
+        };
+    };
+
+    // Isolated-world injection requires CDP, which Playwright exposes for Chromium only.
+    const browserName = page.context().browser()?.browserType().name();
+    if (browserName && browserName !== 'chromium') {
+        throw new Error(`regional-proxy supports Chromium only (got "${browserName}").`);
+    }
+    await injectIntoIsolatedWorld(page, createMessageHandler);
+
+    function hasMessage(/** @type {string} */ type) {
+        return received.some((m) => m.type === type);
+    }
+
+    async function waitForCompletion(timeout = 45000, detectionTimeout = timeout) {
+        const start = Date.now();
+        while (Date.now() - start < timeout) {
+            if (hasMessage('optOutResult') || hasMessage('optInResult')) {
+                return true;
+            }
+            // Detection-only mode (action: null): no action result will arrive.
+            if (!action && hasMessage('popupFound')) {
+                return true;
+            }
+            // Bail out early only if no CMP was detected within the detection window. This defaults
+            // to the full timeout, so slow regional pages that detect late are not abandoned (which
+            // would otherwise yield a false "No CMP detected" and end before opt-out can finish).
+            if (Date.now() - start > detectionTimeout && !hasMessage('cmpDetected')) {
+                return false;
+            }
+            await new Promise((r) => setTimeout(r, 500));
+        }
+        return false;
+    }
+
+    async function waitForMessage(/** @type {string} */ type, timeout = 30000) {
+        const start = Date.now();
+        while (Date.now() - start < timeout) {
+            if (hasMessage(type)) return true;
+            await new Promise((r) => setTimeout(r, 500));
+        }
+        return false;
+    }
+
+    function collectResult(/** @type {string} */ url, /** @type {string} */ region) {
+        /** @type {TestResult} */
+        const result = {
+            url,
+            region,
+            cmpsDetected: [],
+            cmpActedOn: null,
+            popupFound: false,
+            optOutResult: null,
+            optInResult: null,
+            selfTestResult: null,
+            autoconsentDone: false,
+            isCosmetic: null,
+            errors: [],
+            duration: 0,
+            screenshotPaths: [],
+        };
+        for (const msg of received) {
+            switch (msg.type) {
+                case 'cmpDetected':
+                    result.cmpsDetected.push(msg.cmp);
+                    break;
+                case 'popupFound':
+                    result.popupFound = true;
+                    break;
+                case 'optOutResult':
+                    result.optOutResult = msg.result;
+                    result.cmpActedOn = msg.cmp;
+                    break;
+                case 'optInResult':
+                    result.optInResult = msg.result;
+                    result.cmpActedOn = msg.cmp;
+                    break;
+                case 'selfTestResult':
+                    result.selfTestResult = msg.result;
+                    break;
+                case 'autoconsentDone':
+                    result.autoconsentDone = true;
+                    result.isCosmetic = msg.isCosmetic;
+                    break;
+                case 'autoconsentError':
+                    result.errors.push(msg.details?.msg || JSON.stringify(msg.details));
+                    break;
+            }
+        }
+        return result;
+    }
+
+    return { received, hasMessage, waitForCompletion, waitForMessage, collectResult };
+}
+
+/**
+ * Isolated-world injection via CDP (Chromium only). For each frame we create a dedicated isolated
+ * world via `Page.createIsolatedWorld`, then inject the content script there and bridge messages
+ * over a per-context CDP binding.
+ *
+ * @param {Page} page
+ * @param {MessageHandlerFactory} createMessageHandler
+ */
+async function injectIntoIsolatedWorld(page, createMessageHandler) {
+    // Isolated world name: `<prefix><pageWorldUniqueId><separator><frameId>`. Encoding the page-world
+    // uniqueId lets us later run eval snippets in that frame's main world.
+    const WORLD_PREFIX = 'autoconsent_iw_';
+    const WORLD_SEPARATOR = '_frame_';
+    const BINDING_PREFIX = 'autoconsentSendMessage_';
+
+    /** @type {Map<string, string>} isolated-world uniqueId -> page (main) world uniqueId */
+    const isolated2pageWorld = new Map();
+    /** @type {Map<string, any>} isolated-world uniqueId -> CDP session that owns it */
+    const sessionByContext = new Map();
+    /** @type {Map<string, string>} binding name -> isolated-world uniqueId */
+    const contextByBinding = new Map();
+
+    const handle = createMessageHandler({
+        sendToContentScript: async (isolatedUniqueId, message) => {
+            const client = sessionByContext.get(isolatedUniqueId);
+            if (!client) return;
+            try {
+                await client.send('Runtime.evaluate', {
+                    expression: `autoconsentReceiveMessage(${JSON.stringify(message)})`,
+                    uniqueContextId: isolatedUniqueId,
+                    awaitPromise: true,
+                    // Some pages' CSP would otherwise block evaluating in the isolated world.
+                    allowUnsafeEvalBlockedByCSP: true,
+                });
+            } catch {
+                // The context may be gone if the frame navigated or detached.
+            }
+        },
+        evalInMainWorld: async (isolatedUniqueId, code) => {
+            const client = sessionByContext.get(isolatedUniqueId);
+            const pageWorldUniqueId = isolated2pageWorld.get(isolatedUniqueId);
+            if (!client || !pageWorldUniqueId) return false;
+            const { result, exceptionDetails } = await client.send('Runtime.evaluate', {
+                expression: code,
+                uniqueContextId: pageWorldUniqueId,
+                returnByValue: true,
+                awaitPromise: true,
+                // Eval snippets must run even when the page's CSP disallows eval.
+                allowUnsafeEvalBlockedByCSP: true,
+            });
+            return exceptionDetails ? false : (result?.value ?? false);
+        },
+    });
+
+    async function attachToSession(/** @type {any} */ client) {
+        client.on('Runtime.executionContextCreated', async (/** @type {any} */ event) => {
+            const { context } = event;
+            const frameId = context.auxData?.frameId;
+
+            // Our isolated world finished initializing: wire up its binding and content script.
+            if (context.auxData?.type === 'isolated' && typeof context.name === 'string' && context.name.startsWith(WORLD_PREFIX)) {
+                const separatorIndex = context.name.indexOf(WORLD_SEPARATOR);
+                const pageWorldUniqueId = context.name.slice(WORLD_PREFIX.length, separatorIndex);
+                const intendedFrameId = context.name.slice(separatorIndex + WORLD_SEPARATOR.length);
+                // Chromium may create the named world in other frames too; keep only the one we asked for.
+                if (intendedFrameId !== frameId) return;
+
+                isolated2pageWorld.set(context.uniqueId, pageWorldUniqueId);
+                sessionByContext.set(context.uniqueId, client);
+
+                const bindingName = `${BINDING_PREFIX}${context.uniqueId.replace(/\W/g, '_')}`;
+                contextByBinding.set(bindingName, context.uniqueId);
+                try {
+                    await client.send('Runtime.addBinding', { name: bindingName, executionContextName: context.name });
+                    // CDP bindings take a single string arg, so wrap it in the shape the content script expects.
+                    await client.send('Runtime.evaluate', {
+                        expression: `window.autoconsentSendMessage = (m) => { window.${bindingName}(JSON.stringify(m)); return Promise.resolve(); };\n${contentScript}`,
+                        uniqueContextId: context.uniqueId,
+                        allowUnsafeEvalBlockedByCSP: true,
+                    });
+                } catch {
+                    // The frame may have navigated or detached before we finished wiring it up.
+                }
+                return;
+            }
+
+            // A regular page (main) world: request an isolated world for it, tagged with its id.
+            if (!frameId || context.auxData?.type !== 'default' || !context.origin || context.origin === '://') return;
+            try {
+                await client.send('Page.createIsolatedWorld', {
+                    frameId,
+                    worldName: `${WORLD_PREFIX}${context.uniqueId}${WORLD_SEPARATOR}${frameId}`,
+                });
+            } catch {
+                // The frame may have navigated or detached.
+            }
+        });
+
+        client.on('Runtime.executionContextDestroyed', (/** @type {any} */ event) => {
+            const uniqueId = event.executionContextUniqueId;
+            if (!uniqueId) return;
+            isolated2pageWorld.delete(uniqueId);
+            sessionByContext.delete(uniqueId);
+        });
+
+        client.on('Runtime.bindingCalled', (/** @type {any} */ event) => {
+            const isolatedUniqueId = contextByBinding.get(event.name);
+            if (!isolatedUniqueId) return;
+            let msg;
+            try {
+                msg = JSON.parse(event.payload);
+            } catch {
+                return;
+            }
+            handle(msg, isolatedUniqueId);
+        });
+
+        // Page must be enabled before createIsolatedWorld; Runtime.enable replays existing contexts.
+        await client.send('Page.enable');
+        await client.send('Runtime.enable');
+    }
+
+    // The page session covers the main frame and all same-process (in-process) iframes.
+    await attachToSession(await page.context().newCDPSession(page));
+
+    // Out-of-process iframes (OOPIFs) are separate CDP targets, so each needs its own session.
+    // newCDPSession throws for in-process frames, which are already handled above.
+    const attachedFrames = new WeakSet();
+    async function attachToOopif(/** @type {import('playwright').Frame} */ frame) {
+        if (!frame.parentFrame() || attachedFrames.has(frame)) return;
+        // Mark synchronously (before any await) so concurrent frameattached/framenavigated events
+        // can't open duplicate sessions for the same frame. Unmark on failure so a later event retries.
+        attachedFrames.add(frame);
+        let client;
+        try {
+            client = await page.context().newCDPSession(frame);
+        } catch {
+            // In-process frame (already covered by the page session) or the frame detached.
+            attachedFrames.delete(frame);
+            return;
+        }
+        try {
+            await attachToSession(client);
+        } catch {
+            // Wiring up the session failed (e.g. the OOPIF navigated/detached). Detach the
+            // half-initialized session before unmarking, otherwise a retry would open a second
+            // session for the same frame, leaving duplicate listeners and possible double injection.
+            try {
+                await client.detach();
+            } catch {
+                // The session may already be gone.
+            }
+            attachedFrames.delete(frame);
+        }
+    }
+    page.on('frameattached', attachToOopif);
+    page.on('framenavigated', attachToOopif);
+    await Promise.all(page.frames().map(attachToOopif));
+}
+
+/**
+ * Test a URL using an already-created Playwright page.
+ * @param {Page} page
+ * @param {string} url
+ * @param {string} regionKey
+ * @param {Partial<TestOptions>} [options]
+ * @returns {Promise<TestResult>}
+ */
+export async function testPage(page, url, regionKey, options = {}) {
+    const navTimeout = options.navigationTimeout ?? 45000;
+    const completionTimeout = options.completionTimeout ?? 45000;
+    const detectionTimeout = options.detectionTimeout ?? completionTimeout;
+    const screenshotsDir = options.screenshotsDir ?? path.join(projectRoot, 'test-results/regional-proxy');
+    const startTime = Date.now();
+
+    try {
+        const ctx = await injectAutoconsent(page, options);
+        await page.goto(url, { waitUntil: 'commit', timeout: navTimeout });
+
+        const completed = await ctx.waitForCompletion(completionTimeout, detectionTimeout);
+        if (completed && !ctx.hasMessage('selfTestResult')) {
+            await ctx.waitForMessage('selfTestResult', 10000);
+        }
+        if (completed) {
+            await page.waitForTimeout(1500);
+        }
+
+        const result = ctx.collectResult(url, regionKey);
+        result.duration = Date.now() - startTime;
+
+        if (!completed && !ctx.hasMessage('cmpDetected')) {
+            result.errors.push('No CMP detected (site may not show a cookie banner in this region)');
+        } else if (!completed) {
+            result.errors.push('Timed out waiting for autoconsent to complete');
+        }
+
+        try {
+            const domain = new URL(url).hostname;
+            const filepath = path.join(screenshotsDir, `${domain}-${regionKey}-final.jpg`);
+            fs.mkdirSync(screenshotsDir, { recursive: true });
+            await page.screenshot({ path: filepath, quality: 50, scale: 'css', timeout: 5000, type: 'jpeg' });
+            result.screenshotPaths.push(filepath);
+        } catch {}
+
+        return result;
+    } catch (e) {
+        return {
+            url,
+            region: regionKey,
+            cmpsDetected: [],
+            cmpActedOn: null,
+            popupFound: false,
+            optOutResult: null,
+            optInResult: null,
+            selfTestResult: null,
+            autoconsentDone: false,
+            isCosmetic: null,
+            errors: [e instanceof Error ? e.message : String(e)],
+            duration: Date.now() - startTime,
+            screenshotPaths: [],
+        };
+    }
+}
+
+/**
+ * High-level: test a URL in a specific region.
+ * Launches Playwright through the region proxy, injects autoconsent, waits for
+ * results, screenshots, and closes the browser.
+ * @param {string} url
+ * @param {string} regionKey
+ * @param {Partial<TestOptions>} [options]
+ * @returns {Promise<TestResult>}
+ */
+export async function testUrl(url, regionKey, options = {}) {
+    let browser = null;
+    try {
+        browser = await launchRegionalProxyBrowser(regionKey, options);
+        const page = await browser.newPage();
+        return await testPage(page, url, regionKey, options);
+    } catch (e) {
+        return {
+            url,
+            region: regionKey,
+            cmpsDetected: [],
+            cmpActedOn: null,
+            popupFound: false,
+            optOutResult: null,
+            optInResult: null,
+            selfTestResult: null,
+            autoconsentDone: false,
+            isCosmetic: null,
+            errors: [e instanceof Error ? e.message : String(e)],
+            duration: 0,
+            screenshotPaths: [],
+        };
+    } finally {
+        try {
+            await browser?.close();
+        } catch {}
+    }
+}
+
+/**
+ * Test one URL across several regions.
+ * @param {string} url
+ * @param {string[]} [regions]
+ * @param {Partial<TestOptions>} [options]
+ * @returns {Promise<TestResult[]>}
+ */
+export async function testRegions(url, regions = DEFAULT_REGIONS, options = {}) {
+    const results = [];
+    for (const region of regions) {
+        results.push(await testUrl(url, region, options));
+    }
+    return results;
+}
+
+/**
+ * Format a TestResult as a human-readable line.
+ * @param {TestResult} result
+ * @returns {string}
+ */
+export function formatResult(result) {
+    const actionResult = result.optOutResult ?? result.optInResult;
+    const actionAttempted = result.optOutResult !== null || result.optInResult !== null;
+    let status;
+    if (actionAttempted && actionResult) status = 'PASS';
+    else if (actionAttempted && !actionResult) status = 'ACTION FAILED';
+    else if (result.cmpsDetected.length > 0) status = 'PARTIAL';
+    else status = 'NO CMP';
+
+    const parts = [
+        `${status} [${result.region}] ${result.url}`,
+        `  CMP: ${result.cmpActedOn || 'none'}${result.cmpsDetected.length > 1 ? ` (also detected: ${result.cmpsDetected.filter((c) => c !== result.cmpActedOn).join(', ')})` : ''}`,
+        `  Popup: ${result.popupFound} | OptOut: ${result.optOutResult} | OptIn: ${result.optInResult} | SelfTest: ${result.selfTestResult}`,
+        `  Done: ${result.autoconsentDone}${result.isCosmetic ? ' (cosmetic)' : ''} | ${result.duration}ms`,
+    ];
+    if (result.errors.length > 0) {
+        parts.push(`  Errors: ${result.errors.join('; ')}`);
+    }
+    if (result.screenshotPaths.length > 0) {
+        parts.push(`  Screenshots: ${result.screenshotPaths.join(', ')}`);
+    }
+    return parts.join('\n');
+}

package/.claude/skills/proxy-testing/SKILL.md

@@ -0,0 +1,6 @@
+---
+name: proxy-testing
+description: Test autoconsent rules across geographic regions with HTTPS regional proxies in Playwright. Use when verifying region-dependent CMP behavior with standard Playwright browsers and proxy authentication.
+---
+
+@.agents/skills/proxy-testing/SKILL.md

package/AGENTS.md

@@ -60,7 +60,7 @@ CMPs behave differently by region:
 
 Use `if`/`then`/`else` to handle regional variants within a single rule.
 
-**All rule changes MUST be tested across geographic regions** to catch regional popup variations. Test from real geographic locations using available regional-testing tooling (e.g. proxy-based remote browsers).
+**All rule changes MUST be tested across ALL supported geographic regions** to catch regional popup variations. Test from real geographic locations using available regional testing tooling (e.g. `proxy-testing` skill).
 
 ### Generic vs Site-Specific Rules
 
@@ -102,7 +102,7 @@ Single-string selectors cannot pierce — use arrays whenever the target is insi
 shadow root or same-origin iframe.
 
 ### General Guidelines and Gotchas
-- **Regional testing is mandatory** for any rule change — CMPs behave differently under GDPR (EU), CCPA (US), and other jurisdictions. Run the rule against different regions using available regional-testing tooling before considering the change done.
+- **Regional testing is mandatory** for any rule change — CMPs behave differently under GDPR (EU), CCPA (US), and other jurisdictions. Run the rule against different regions using available regional testing tooling before considering the change done.
 - When verifying a rule, **look at the screenshots** on top of the API results — sometimes a rule reports success, but the popup is not actually handled - a screenshot will detect this.
 - **Paywalls do not need to be handled.** If the website presents the choice to pay or agree to cookies, the correct solution is to disable the feature on that site, so no code changes required in this case.
 - If the pop-up has an explicit "reject"-like button, you should first consider why HEURISTIC rule didn't handle it. A fix to the heuristic rule is always preferred to a new rule, as long as it doesn't cause potential false-positives on other sites.
@@ -170,4 +170,4 @@ After creating or modifying a rule:
 3. `npx playwright test tests/<name>.spec.ts` — run the E2E test
 4. `npm run prepublish` — full build including extension bundle
 5. Validate that the rule stops matching after the popup is dismissed and the page is reloaded (unless it's a cosmetic rule).
-6. Check the rule works across geographic regions using available regional-testing tooling.
+6. Check the rule works across all supported geographic regions using available regional testing tooling.

package/CHANGELOG.md

@@ -1,3 +1,32 @@
+# v14.97.0 (Fri Jun 19 2026)
+
+#### 🚀 Enhancement
+
+- Extend bbc.com rule to cover bbc.co.uk [#1400](https://github.com/duckduckgo/autoconsent/pull/1400) ([@cursoragent](https://github.com/cursoragent) [@muodov](https://github.com/muodov))
+
+#### Authors: 2
+
+- Cursor Agent ([@cursoragent](https://github.com/cursoragent))
+- Maxim Tsoy ([@muodov](https://github.com/muodov))
+
+---
+
+# v14.96.0 (Thu Jun 18 2026)
+
+#### 🚀 Enhancement
+
+- Prompt AI to test in all regions [#1398](https://github.com/duckduckgo/autoconsent/pull/1398) ([@muodov](https://github.com/muodov))
+- Bump tldts-experimental from 7.0.30 to 7.4.3 [#1396](https://github.com/duckduckgo/autoconsent/pull/1396) ([@dependabot[bot]](https://github.com/dependabot[bot]))
+- Add Playwright HTTPS proxy testing skill [#1387](https://github.com/duckduckgo/autoconsent/pull/1387) ([@cursoragent](https://github.com/cursoragent) [@muodov](https://github.com/muodov))
+
+#### Authors: 3
+
+- [@dependabot[bot]](https://github.com/dependabot[bot])
+- Cursor Agent ([@cursoragent](https://github.com/cursoragent))
+- Maxim Tsoy ([@muodov](https://github.com/muodov))
+
+---
+
 # v14.95.1 (Wed Jun 17 2026)
 
 #### 🐛 Bug Fix