safari-pilot 0.1.0 → 0.1.1

package/.claude-plugin/plugin.json

@@ -4,7 +4,7 @@
   "description": "Native Safari browser automation for AI agents on macOS",
   "author": "Aakash Kumar",
   "license": "MIT",
-  "homepage": "https://github.com/aakashkumar/safari-pilot",
+  "homepage": "https://github.com/RTinkslinger/safari-pilot",
   "components": {
     "mcpServers": {
       "safari": {

package/README.md

@@ -23,48 +23,71 @@ Safari Pilot gives Claude Code direct control of Safari through AppleScript and
 ### As a Claude Code Plugin (Recommended)
 
 ```bash
-claude plugin add safari-pilot
+claude plugin add --from npm safari-pilot
 ```
 
-### Manual Installation
+This installs the MCP server, Swift daemon, and skill definition. The plugin activates automatically on macOS.
+
+### From npm (standalone)
+
+```bash
+npm install -g safari-pilot
+```
+
+### From Source
 
 ```bash
-git clone https://github.com/aakashkumar/safari-pilot.git
+git clone https://github.com/RTinkslinger/safari-pilot.git
 cd safari-pilot
 npm install
 npm run build
+cd daemon && swift build -c release && cp .build/release/SafariPilotd ../bin/
 ```
 
-## Prerequisites
-
-- **macOS 12.0 (Monterey)** or later
-- **Safari** (pre-installed on every Mac)
-- **Node.js 20+**
-
-### Required Safari Setting
+## Setup
 
-Enable "Allow JavaScript from Apple Events":
+### 1. Enable JavaScript from Apple Events (Required, one-time)
 
 1. Open **Safari > Settings > Advanced**
 2. Check **"Show features for web developers"**
 3. Go to **Safari > Develop** menu
 4. Check **"Allow JavaScript from Apple Events"**
 
-This is a one-time setting that persists across Safari restarts.
+This persists across Safari restarts.
 
-### Optional: Safari Web Extension
+### 2. Install the Safari Extension (Recommended)
 
-For advanced features (closed Shadow DOM traversal, CSP bypass, dialog interception, network mocking), install the bundled Safari extension:
+The extension unlocks advanced features that are impossible without it.
 
-```bash
-# Build the extension (requires Xcode)
-bash scripts/build-extension.sh
+**Download the signed, notarized extension** from the [latest GitHub Release](https://github.com/RTinkslinger/safari-pilot/releases/latest):
 
-# Open the app to trigger Safari's extension enable prompt
-open "bin/Safari Pilot.app"
-```
+1. Download `Safari Pilot.zip`
+2. Extract it
+3. Open `Safari Pilot.app`
+4. Go to **Safari > Settings > Extensions**
+5. Enable **Safari Pilot**
+6. Set to **"Allow on all websites"** when prompted
+7. Click **"Manage Profiles"** and enable for your active profile
+
+The extension is signed with Developer ID and notarized by Apple — it persists permanently across Safari restarts. No "Allow Unsigned Extensions" needed.
+
+**What the extension adds:**
+
+| Feature | Without Extension | With Extension |
+|---|---|---|
+| Closed Shadow DOM | Invisible | Full traversal via `queryShadow` |
+| Strict CSP sites (GitHub, etc.) | JS execution blocked | Bypassed via MAIN world |
+| alert()/confirm()/prompt() | Blocks JS forever | Intercepted, returns instantly |
+| Network request capture | Read-only via Performance API | Full intercept, mock, throttle |
+| React/Vue internal state | Basic native setter | Deep framework manipulation |
 
-Then enable it in **Safari > Settings > Extensions > Safari Pilot**.
+Without the extension, Safari Pilot still works for ~80% of use cases (navigation, form filling, text extraction, screenshots, cookies, tab management).
+
+### System Requirements
+
+- **macOS 12.0 (Monterey)** or later
+- **Safari** (pre-installed on every Mac)
+- **Node.js 20+**
 
 ## Quick Start
 
@@ -86,6 +109,10 @@ Test the checkout flow on staging.mystore.com — add to cart, fill payment, ver
 Monitor news.ycombinator.com for any post about our company
 ```
 
+```
+Open my X.com bookmarks and extract the top 5 posts with author profiles
+```
+
 ## Tool Catalog (74 Tools)
 
 ### Navigation (7)
@@ -153,8 +180,14 @@ Claude Code
 |  | (deep DOM)|  | (1ms p50) |  | (fallback)     | |
 |  +-----------+  +-----------+  +----------------+ |
 +--------------------------------------------------+
-         |               |                |
-         v               v                v
+    |                   |                |
+    v                   v                v
++--------------------------------------------------+
+|  Safari Web Extension    Swift Daemon    osascript|
+|  (MAIN world access)    (persistent)   (fallback) |
++--------------------------------------------------+
+    |                   |                |
+    v                   v                v
 +--------------------------------------------------+
 |              Safari (macOS native)                 |
 |  Your real browser with all your sessions          |
@@ -169,7 +202,7 @@ Claude Code
 | **Swift Daemon** | **1ms p50** | All AppleScript capabilities, persistent process | Default when daemon is running |
 | **AppleScript (osascript)** | ~90ms | Basic navigation, forms, extraction, screenshots | Fallback when daemon unavailable |
 
-The engine selector automatically picks the best available engine for each command. If the daemon isn't running, it falls back to raw AppleScript. If a command needs Shadow DOM access and the extension isn't installed, it returns a clear error with instructions.
+The engine selector automatically picks the best available engine for each command. Each tier falls back gracefully to the next — no configuration needed.
 
 ## Performance
 
@@ -187,65 +220,27 @@ Over a 500-command session, the daemon saves ~40 seconds of pure overhead vs raw
 
 Safari Pilot runs on your local machine with access to your real browser sessions. The security model is defense-in-depth:
 
-### Tab Ownership
-The agent can **only** interact with tabs it created via `safari_new_tab`. Your existing tabs (banking, email, personal) are untouchable. Ownership is enforced at the server level — there is no bypass.
+**Tab Ownership** — The agent can **only** interact with tabs it created via `safari_new_tab`. Your existing tabs (banking, email, personal) are untouchable. Enforced at the server level — no bypass.
 
-### Domain Policy
-Per-domain rate limits prevent runaway automation. Banking and financial domains are flagged as untrusted by default.
+**Domain Policy** — Per-domain rate limits prevent runaway automation. Banking and financial domains flagged as untrusted by default.
 
-### Rate Limiter + Circuit Breaker
-Global limit of 120 actions/minute. Per-domain limits configurable. Circuit breaker trips after 5 consecutive errors, backs off for 120 seconds.
+**Rate Limiter + Circuit Breaker** — Global limit of 120 actions/minute. Circuit breaker trips after 5 consecutive errors, backs off for 120 seconds.
 
-### IDPI Scanner
-Indirect Prompt Injection defense. Scans extracted text for 9 known injection patterns (role reassignment, fake system prompts, base64 payloads, hidden text, etc.).
+**IDPI Scanner** — Indirect Prompt Injection defense. Scans extracted text for 9 known injection patterns.
 
-### Kill Switch
-`safari_emergency_stop` immediately halts all automation and blocks further calls. One command, full stop.
+**Kill Switch** — `safari_emergency_stop` immediately halts all automation. One command, full stop.
 
-### Human Approval
-Sensitive actions (OAuth consent, financial forms, downloads) are flagged and require explicit approval.
+**Human Approval** — Sensitive actions (OAuth consent, financial forms, downloads) flagged for explicit approval.
 
-### Audit Logging
-Every tool call is logged with timestamp, tool name, URL, parameters (passwords redacted), result, and latency. Session-end hook produces a summary.
+**Audit Logging** — Every tool call logged with timestamp, tool name, URL, parameters (passwords redacted), result, and latency.
 
-### Screenshot Redaction
-Cross-origin iframes are blurred in screenshots. Password fields are redacted.
+**Screenshot Redaction** — Cross-origin iframes blurred. Password fields redacted.
 
-### No Credential Access
-Safari Pilot **never** accesses the macOS Keychain. Authentication works through real browser interaction, same as you clicking.
+**No Credential Access** — Safari Pilot **never** accesses the macOS Keychain. Authentication works through real browser interaction.
 
 ## Development
 
-### Project Structure
-
-```
-safari-pilot/
-├── src/                    # TypeScript MCP server
-│   ├── server.ts           # Main server + tool registration
-│   ├── engines/            # AppleScript, Daemon, Extension engines
-│   ├── security/           # 9 security modules
-│   └── tools/              # 14 tool category modules
-├── daemon/                 # Swift persistent daemon
-│   ├── Sources/            # Swift source code
-│   └── Tests/              # Swift tests (custom runner)
-├── extension/              # Safari Web Extension
-│   ├── manifest.json       # Manifest V3
-│   ├── content-main.js     # MAIN world (Shadow DOM, React filling)
-│   ├── content-isolated.js # ISOLATED world relay
-│   └── background.js       # Service worker + native messaging
-├── skills/                 # Claude Code skill definition
-├── hooks/                  # Session start/end hooks
-├── scripts/                # Install, update, build scripts
-└── test/                   # 1,167 tests
-    ├── unit/               # 705 unit tests
-    ├── integration/        # 372 integration tests
-    ├── security/           # 27 security tests
-    ├── e2e/                # 31 E2E tests (real Safari)
-    ├── canary/             # Deployment canary test
-    └── fixtures/           # HTML test pages
-```
-
-### Building
+### Building from Source
 
 ```bash
 # TypeScript server
@@ -315,10 +310,13 @@ Safari Pilot is built from scratch — no code from third-party Safari MCP packa
 **Q: Does the Swift daemon run all the time?**
 Only when Claude Code is active. The LaunchAgent starts the daemon on demand and it shuts down with the session.
 
+**Q: Do I need the Safari extension?**
+No — Safari Pilot works without it for ~80% of use cases. The extension adds Shadow DOM traversal, CSP bypass, dialog interception, and network mocking. Install it from the [GitHub Release](https://github.com/RTinkslinger/safari-pilot/releases/latest) if you need those features.
+
 ## License
 
 MIT — see [LICENSE](LICENSE).
 
 ## Author
 
-Built by [Aakash Kumar](https://github.com/aakashkumar) with Claude.
+Built by [Aakash Kumar](https://github.com/RTinkslinger) with Claude.

package/bin/Safari Pilot.app/Contents/PlugIns/Safari Pilot Extension.appex/Contents/Resources/background.js

@@ -11,13 +11,17 @@
   // Bundle ID of the containing macOS app — Safari routes
   // sendNativeMessage calls to the app's web extension handler.
   const APP_BUNDLE_ID = 'com.safari-pilot.app';
-  const POLL_INTERVAL_MS = 200;
+  const POLL_IDLE_MS = 5000;
+  const POLL_ACTIVE_MS = 200;
+  const ACTIVE_COOLDOWN_MS = 10000;
 
   // ─── State ────────────────────────────────────────────────────────────────
 
   let isConnected = false;
   const activeTabs = new Map(); // tabId → { url, status }
   let pollTimerId = null;
+  let currentPollInterval = POLL_IDLE_MS;
+  let lastCommandTime = 0;
 
   // ─── Native Messaging (sendNativeMessage-based) ───────────────────────────
 
@@ -39,14 +43,35 @@
       const response = await sendNativeRequest({ type: 'poll' });
 
       if (response && response.command && response.command !== null) {
+        lastCommandTime = Date.now();
+        switchToActivePolling();
         const cmd = response.command;
         await executeAndReturnResult(cmd);
+      } else if (currentPollInterval === POLL_ACTIVE_MS &&
+                 Date.now() - lastCommandTime > ACTIVE_COOLDOWN_MS) {
+        switchToIdlePolling();
       }
     } catch (e) {
       console.warn('[SafariPilot] Poll error:', e);
     }
   }
 
+  function switchToActivePolling() {
+    if (currentPollInterval === POLL_ACTIVE_MS) return;
+    currentPollInterval = POLL_ACTIVE_MS;
+    stopPolling();
+    pollTimerId = setInterval(pollForCommands, POLL_ACTIVE_MS);
+    console.log('[SafariPilot] Switched to active polling (200ms)');
+  }
+
+  function switchToIdlePolling() {
+    if (currentPollInterval === POLL_IDLE_MS) return;
+    currentPollInterval = POLL_IDLE_MS;
+    stopPolling();
+    pollTimerId = setInterval(pollForCommands, POLL_IDLE_MS);
+    console.log('[SafariPilot] Switched to idle polling (5s)');
+  }
+
   /**
    * Execute a command received from the daemon (via poll) and send the
    * result back through the native handler.
@@ -102,8 +127,9 @@
 
   function startPolling() {
     if (pollTimerId != null) return;
-    pollTimerId = setInterval(pollForCommands, POLL_INTERVAL_MS);
-    console.log('[SafariPilot] Polling started');
+    currentPollInterval = POLL_IDLE_MS;
+    pollTimerId = setInterval(pollForCommands, POLL_IDLE_MS);
+    console.log('[SafariPilot] Polling started (idle: 5s)');
   }
 
   function stopPolling() {
@@ -247,7 +273,22 @@
   browser.runtime.onMessage.addListener((message, sender, sendResponse) => {
     // Health check
     if (message && message.type === 'ping') {
-      sendResponse({ ok: true, type: 'pong', extensionVersion: '0.1.0' });
+      sendResponse({ ok: true, type: 'pong', extensionVersion: '0.1.1' });
+      return false;
+    }
+
+    // MCP server session signal — switch to active polling
+    if (message && message.type === 'session_start') {
+      lastCommandTime = Date.now();
+      switchToActivePolling();
+      sendResponse({ ok: true, polling: 'active' });
+      return false;
+    }
+
+    // MCP server session end — switch to idle polling
+    if (message && message.type === 'session_end') {
+      switchToIdlePolling();
+      sendResponse({ ok: true, polling: 'idle' });
       return false;
     }
 

package/bin/Safari Pilot.app/Contents/PlugIns/Safari Pilot Extension.appex/Contents/Resources/manifest.json

@@ -1,7 +1,7 @@
 {
   "manifest_version": 3,
   "name": "Safari Pilot",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Native Safari automation for AI agents",
   "permissions": [
     "activeTab",

package/bin/Safari Pilot.app/Contents/PlugIns/Safari Pilot Extension.appex/Contents/_CodeSignature/CodeResources

@@ -6,7 +6,7 @@
 	<dict>
 		<key>Resources/background.js</key>
 		<data>
-		IIGHqCWhaR5xSkkHbk6g1j6mywE=
+		Yf5ESv+koRTEyqQ0lrN34bNprVA=
 		</data>
 		<key>Resources/content-isolated.js</key>
 		<data>
@@ -30,7 +30,7 @@
 		</data>
 		<key>Resources/manifest.json</key>
 		<data>
-		faqyT7ozgTX6yxruffIzdIDGx5o=
+		QjWAEfk/0LZsMZn/195jgOahj5M=
 		</data>
 	</dict>
 	<key>files2</key>
@@ -39,7 +39,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			LvhT32gMdjJT/baOfo8UpVM7Geu8zPW0nuyzd+2v5X0=
+			j/Injy0/XGM9j2ND0hWwUDDnkY/a/+NSpc6gG1M0dzE=
 			</data>
 		</dict>
 		<key>Resources/content-isolated.js</key>
@@ -81,7 +81,7 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			XUi1juiB1sdwbFL879wo8rcVO/GHryZs0DfXc5/FvKY=
+			A13Wg0RV6m8VaBpEMa9C8G8s++ZG4tlOCKjDo1WzlbM=
 			</data>
 		</dict>
 	</dict>

package/bin/Safari Pilot.app/Contents/_CodeSignature/CodeResources

@@ -18,15 +18,15 @@
 		</data>
 		<key>Resources/Base.lproj/Main.storyboardc/Info.plist</key>
 		<data>
-		fsSXicvXuSgX4uqNLVj2Cc0jt0o=
+		z8DOn+PGU5ss7IcA1E+1Lni8Hfo=
 		</data>
 		<key>Resources/Base.lproj/Main.storyboardc/MainMenu.nib</key>
 		<data>
-		Ydw0ENnnCVTPKhxR12vF9bh5K90=
+		m6dpidgdJI81r64bzwNhqF0TdmY=
 		</data>
 		<key>Resources/Base.lproj/Main.storyboardc/NSWindowController-B8D-0N-5wS.nib</key>
 		<data>
-		Am4HlE4kpa5zGAJAjaHJzmEbKXc=
+		DaNLcAEwjC0i0Da2VPl5/eCPuFs=
 		</data>
 		<key>Resources/Base.lproj/Main.storyboardc/XfG-lQ-9wD-view-m2S-Jp-Qdl.nib</key>
 		<data>
@@ -51,7 +51,7 @@
 		<dict>
 			<key>cdhash</key>
 			<data>
-			cTYpRmTuK4nMu0eyyBx63jp4hzs=
+			yEwje1XDJNMr/HJ3JOgzH1quMLo=
 			</data>
 			<key>requirement</key>
 			<string>identifier "com.safari-pilot.app.Extension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = V37WLKRXUJ</string>
@@ -81,21 +81,21 @@
 		<dict>
 			<key>hash2</key>
 			<data>
-			DqnfX1/47/7tF4tqFw4faFQQ4ZY22JXxC6R6Tq1lz4Y=
+			nYaxkzmg1//wFsddjDY4LOK5DsLV15qYrs3mYej1w2U=
 			</data>
 		</dict>
 		<key>Resources/Base.lproj/Main.storyboardc/MainMenu.nib</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			iP4l9avYR1vMxXTZXeN07PLg9l+mTly0rAUHrsrTK58=
+			QsPW1DpbkxSuis1gkkz9fMXkjqIrrpEOjsv4ZEk+MXE=
 			</data>
 		</dict>
 		<key>Resources/Base.lproj/Main.storyboardc/NSWindowController-B8D-0N-5wS.nib</key>
 		<dict>
 			<key>hash2</key>
 			<data>
-			sLOJ8XsI4tMsytNqVBJt51fEdOQh9LVou7/WD9OWoVk=
+			G/Cq4XOcnVUM3hKsueePQK+NQnksmI9LonAofrpa+qY=
 			</data>
 		</dict>
 		<key>Resources/Base.lproj/Main.storyboardc/XfG-lQ-9wD-view-m2S-Jp-Qdl.nib</key>

package/extension/background.js

@@ -11,13 +11,17 @@
   // Bundle ID of the containing macOS app — Safari routes
   // sendNativeMessage calls to the app's web extension handler.
   const APP_BUNDLE_ID = 'com.safari-pilot.app';
-  const POLL_INTERVAL_MS = 200;
+  const POLL_IDLE_MS = 5000;
+  const POLL_ACTIVE_MS = 200;
+  const ACTIVE_COOLDOWN_MS = 10000;
 
   // ─── State ────────────────────────────────────────────────────────────────
 
   let isConnected = false;
   const activeTabs = new Map(); // tabId → { url, status }
   let pollTimerId = null;
+  let currentPollInterval = POLL_IDLE_MS;
+  let lastCommandTime = 0;
 
   // ─── Native Messaging (sendNativeMessage-based) ───────────────────────────
 
@@ -39,14 +43,35 @@
       const response = await sendNativeRequest({ type: 'poll' });
 
       if (response && response.command && response.command !== null) {
+        lastCommandTime = Date.now();
+        switchToActivePolling();
         const cmd = response.command;
         await executeAndReturnResult(cmd);
+      } else if (currentPollInterval === POLL_ACTIVE_MS &&
+                 Date.now() - lastCommandTime > ACTIVE_COOLDOWN_MS) {
+        switchToIdlePolling();
       }
     } catch (e) {
       console.warn('[SafariPilot] Poll error:', e);
     }
   }
 
+  function switchToActivePolling() {
+    if (currentPollInterval === POLL_ACTIVE_MS) return;
+    currentPollInterval = POLL_ACTIVE_MS;
+    stopPolling();
+    pollTimerId = setInterval(pollForCommands, POLL_ACTIVE_MS);
+    console.log('[SafariPilot] Switched to active polling (200ms)');
+  }
+
+  function switchToIdlePolling() {
+    if (currentPollInterval === POLL_IDLE_MS) return;
+    currentPollInterval = POLL_IDLE_MS;
+    stopPolling();
+    pollTimerId = setInterval(pollForCommands, POLL_IDLE_MS);
+    console.log('[SafariPilot] Switched to idle polling (5s)');
+  }
+
   /**
    * Execute a command received from the daemon (via poll) and send the
    * result back through the native handler.
@@ -102,8 +127,9 @@
 
   function startPolling() {
     if (pollTimerId != null) return;
-    pollTimerId = setInterval(pollForCommands, POLL_INTERVAL_MS);
-    console.log('[SafariPilot] Polling started');
+    currentPollInterval = POLL_IDLE_MS;
+    pollTimerId = setInterval(pollForCommands, POLL_IDLE_MS);
+    console.log('[SafariPilot] Polling started (idle: 5s)');
   }
 
   function stopPolling() {
@@ -247,7 +273,22 @@
   browser.runtime.onMessage.addListener((message, sender, sendResponse) => {
     // Health check
     if (message && message.type === 'ping') {
-      sendResponse({ ok: true, type: 'pong', extensionVersion: '0.1.0' });
+      sendResponse({ ok: true, type: 'pong', extensionVersion: '0.1.1' });
+      return false;
+    }
+
+    // MCP server session signal — switch to active polling
+    if (message && message.type === 'session_start') {
+      lastCommandTime = Date.now();
+      switchToActivePolling();
+      sendResponse({ ok: true, polling: 'active' });
+      return false;
+    }
+
+    // MCP server session end — switch to idle polling
+    if (message && message.type === 'session_end') {
+      switchToIdlePolling();
+      sendResponse({ ok: true, polling: 'idle' });
       return false;
     }
 

package/extension/manifest.json

@@ -1,7 +1,7 @@
 {
   "manifest_version": 3,
   "name": "Safari Pilot",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Native Safari automation for AI agents",
   "permissions": [
     "activeTab",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "safari-pilot",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Native Safari browser automation for AI agents on macOS",
   "type": "module",
   "main": "dist/index.js",

package/scripts/build-extension.sh

@@ -111,10 +111,9 @@ codesign --force --options runtime --timestamp \
   --sign "$SIGN_IDENTITY" \
   "$APP_PATH"
 
-# Step 8: Verify signature
-echo "Verifying signatures..."
+# Step 8: Verify codesign (spctl check deferred until after notarization)
+echo "Verifying code signature..."
 codesign --verify --deep --strict --verbose=2 "$APP_PATH"
-spctl -a -t exec -vv "$APP_PATH"
 
 echo "=== Notarizing ==="
 
@@ -132,4 +131,8 @@ xcrun stapler staple "$APP_PATH"
 rm "$ROOT/bin/Safari Pilot.zip"
 ditto -c -k --keepParent "$APP_PATH" "$ROOT/bin/Safari Pilot.zip"
 
+# Step 13: Verify with Gatekeeper (now notarized)
+echo "Verifying Gatekeeper acceptance..."
+spctl -a -t exec -vv "$APP_PATH"
+
 echo "=== Signed, Notarized, and Stapled ==="