safari-pilot 0.1.0

package/bin/Safari Pilot.app/Contents/PlugIns/Safari Pilot Extension.appex/Contents/Resources/background.js

@@ -0,0 +1,294 @@
+// background.js — Extension Service Worker
+// Handles native messaging to the Safari app extension handler via
+// browser.runtime.sendNativeMessage, routes commands from content scripts,
+// manages cookie/DNR APIs, and tracks active tabs.
+
+(function () {
+  'use strict';
+
+  // ─── Constants ──────────────────────────────────────────────────────────────
+
+  // Bundle ID of the containing macOS app — Safari routes
+  // sendNativeMessage calls to the app's web extension handler.
+  const APP_BUNDLE_ID = 'com.safari-pilot.app';
+  const POLL_INTERVAL_MS = 200;
+
+  // ─── State ────────────────────────────────────────────────────────────────
+
+  let isConnected = false;
+  const activeTabs = new Map(); // tabId → { url, status }
+  let pollTimerId = null;
+
+  // ─── Native Messaging (sendNativeMessage-based) ───────────────────────────
+
+  /**
+   * Send a message to the native extension handler and return the response.
+   * Uses browser.runtime.sendNativeMessage (request/response per call).
+   */
+  function sendNativeRequest(message) {
+    return browser.runtime.sendNativeMessage(APP_BUNDLE_ID, message);
+  }
+
+  /**
+   * Poll the native handler for pending commands from the daemon.
+   * If a command is returned, route it to the content script,
+   * collect the result, and send it back via native messaging.
+   */
+  async function pollForCommands() {
+    try {
+      const response = await sendNativeRequest({ type: 'poll' });
+
+      if (response && response.command && response.command !== null) {
+        const cmd = response.command;
+        await executeAndReturnResult(cmd);
+      }
+    } catch (e) {
+      console.warn('[SafariPilot] Poll error:', e);
+    }
+  }
+
+  /**
+   * Execute a command received from the daemon (via poll) and send the
+   * result back through the native handler.
+   */
+  async function executeAndReturnResult(cmd) {
+    const commandId = cmd.id;
+
+    try {
+      let result;
+
+      if (cmd.script) {
+        // Route script execution to the active tab's content script
+        const tabs = await browser.tabs.query({
+          active: true,
+          currentWindow: true,
+        });
+        const tabId = tabs[0]?.id;
+
+        if (tabId != null) {
+          const responses = await browser.tabs.sendMessage(tabId, {
+            type: 'SAFARI_PILOT_COMMAND',
+            method: 'execute_script',
+            params: { script: cmd.script },
+          });
+          result = responses;
+        } else {
+          result = { ok: false, error: { message: 'No active tab' } };
+        }
+      } else {
+        result = { ok: true, value: null };
+      }
+
+      await sendNativeRequest({
+        type: 'result',
+        id: commandId,
+        result: result,
+      });
+    } catch (err) {
+      // Send error result back so the daemon doesn't hang
+      try {
+        await sendNativeRequest({
+          type: 'result',
+          id: commandId,
+          result: { ok: false, error: { message: err.message } },
+        });
+      } catch (sendErr) {
+        console.error('[SafariPilot] Failed to send error result:', sendErr);
+      }
+    }
+  }
+
+  // ─── Poll Loop ────────────────────────────────────────────────────────────
+
+  function startPolling() {
+    if (pollTimerId != null) return;
+    pollTimerId = setInterval(pollForCommands, POLL_INTERVAL_MS);
+    console.log('[SafariPilot] Polling started');
+  }
+
+  function stopPolling() {
+    if (pollTimerId != null) {
+      clearInterval(pollTimerId);
+      pollTimerId = null;
+      console.log('[SafariPilot] Polling stopped');
+    }
+  }
+
+  // ─── Cookie Operations ────────────────────────────────────────────────────
+
+  async function handleCookieGet(params) {
+    const result = await browser.cookies.get({
+      url: params.url,
+      name: params.name,
+      storeId: params.storeId,
+    });
+    return { ok: true, value: result };
+  }
+
+  async function handleCookieSet(params) {
+    const result = await browser.cookies.set({
+      url: params.url,
+      name: params.name,
+      value: params.value,
+      domain: params.domain,
+      path: params.path ?? '/',
+      secure: params.secure ?? false,
+      httpOnly: params.httpOnly ?? false,
+      sameSite: params.sameSite,
+      expirationDate: params.expirationDate,
+      storeId: params.storeId,
+    });
+    return { ok: true, value: result };
+  }
+
+  async function handleCookieRemove(params) {
+    const result = await browser.cookies.remove({
+      url: params.url,
+      name: params.name,
+      storeId: params.storeId,
+    });
+    return { ok: true, value: result };
+  }
+
+  async function handleCookieGetAll(params) {
+    const result = await browser.cookies.getAll({
+      url: params.url,
+      domain: params.domain,
+      name: params.name,
+      path: params.path,
+      secure: params.secure,
+      storeId: params.storeId,
+    });
+    return { ok: true, value: result };
+  }
+
+  // ─── Declarative Net Request Operations ───────────────────────────────────
+
+  async function handleDnrAddRule(params) {
+    await browser.declarativeNetRequest.updateDynamicRules({
+      addRules: [params.rule],
+      removeRuleIds: [],
+    });
+    return { ok: true, value: { added: true, ruleId: params.rule?.id } };
+  }
+
+  async function handleDnrRemoveRule(params) {
+    await browser.declarativeNetRequest.updateDynamicRules({
+      addRules: [],
+      removeRuleIds: [params.ruleId],
+    });
+    return { ok: true, value: { removed: true, ruleId: params.ruleId } };
+  }
+
+  // ─── execute_in_main (forward to content script) ──────────────────────────
+
+  async function handleExecuteInMain(message, sender) {
+    const tabId = sender?.tab?.id;
+    if (tabId == null) {
+      return { ok: false, error: { message: 'No tab context available' } };
+    }
+
+    try {
+      const [result] = await browser.tabs.sendMessage(tabId, {
+        type: 'SAFARI_PILOT_COMMAND',
+        method: message.method,
+        params: message.params ?? {},
+      });
+      return result ?? { ok: true, value: null };
+    } catch (err) {
+      return { ok: false, error: { message: err.message } };
+    }
+  }
+
+  // ─── Command Router ────────────────────────────────────────────────────────
+
+  async function handleCommand(message, sender) {
+    const { command, params } = message;
+
+    try {
+      switch (command) {
+        case 'execute_in_main':
+          return await handleExecuteInMain(message, sender);
+
+        case 'cookie_get':
+          return await handleCookieGet(params ?? {});
+
+        case 'cookie_set':
+          return await handleCookieSet(params ?? {});
+
+        case 'cookie_remove':
+          return await handleCookieRemove(params ?? {});
+
+        case 'cookie_get_all':
+          return await handleCookieGetAll(params ?? {});
+
+        case 'dnr_add_rule':
+          return await handleDnrAddRule(params ?? {});
+
+        case 'dnr_remove_rule':
+          return await handleDnrRemoveRule(params ?? {});
+
+        default:
+          return {
+            ok: false,
+            error: { message: `Unknown command: ${command}` },
+          };
+      }
+    } catch (err) {
+      return {
+        ok: false,
+        error: { message: err.message, name: err.name },
+      };
+    }
+  }
+
+  // ─── Runtime Message Listener ─────────────────────────────────────────────
+
+  browser.runtime.onMessage.addListener((message, sender, sendResponse) => {
+    // Health check
+    if (message && message.type === 'ping') {
+      sendResponse({ ok: true, type: 'pong', extensionVersion: '0.1.0' });
+      return false;
+    }
+
+    // Command dispatch from content-isolated.js
+    if (message && message.type === 'SAFARI_PILOT_COMMAND') {
+      handleCommand(message, sender).then(sendResponse);
+      return true; // Keep message channel open for async response
+    }
+
+    return false;
+  });
+
+  // ─── Tab Tracking ─────────────────────────────────────────────────────────
+
+  browser.tabs.onUpdated.addListener((tabId, changeInfo, tab) => {
+    if (changeInfo.status) {
+      activeTabs.set(tabId, {
+        url: tab.url ?? activeTabs.get(tabId)?.url,
+        status: changeInfo.status,
+      });
+    }
+  });
+
+  browser.tabs.onRemoved.addListener((tabId) => {
+    activeTabs.delete(tabId);
+  });
+
+  // ─── Initialization ────────────────────────────────────────────────────────
+
+  // Send status check on startup to register as connected
+  sendNativeRequest({ type: 'status' })
+    .then((response) => {
+      if (response && response.connected) {
+        isConnected = true;
+        console.log('[SafariPilot] Native handler connected, version:', response.version);
+      }
+    })
+    .catch((err) => {
+      console.warn('[SafariPilot] Initial status check failed:', err);
+    });
+
+  // Start polling for daemon commands
+  startPolling();
+})();

package/bin/Safari Pilot.app/Contents/PlugIns/Safari Pilot Extension.appex/Contents/Resources/content-isolated.js

@@ -0,0 +1,80 @@
+// content-isolated.js — ISOLATED world
+// This script CANNOT be modified by page JS. It serves as a trusted relay.
+//
+// Role: Secure bridge between the background service worker and the MAIN world
+// content script. Page JavaScript operates in a separate context and cannot
+// read or tamper with this script's state or the browser extension API.
+//
+// Message flow:
+//   Background (runtime.sendMessage)
+//     → ISOLATED world (browser.runtime.onMessage)
+//       → MAIN world (window.postMessage with type SAFARI_PILOT_CMD)
+//         → ISOLATED world (window.addEventListener 'message' SAFARI_PILOT_RESPONSE)
+//           → Background (sendResponse callback)
+
+(() => {
+  'use strict';
+
+  let nextRequestId = 0;
+  const pendingRequests = new Map();
+
+  // ─── MAIN World → ISOLATED World ──────────────────────────────────────────
+  // Receive responses from the MAIN world content script.
+  // Only process messages from the same window (blocks cross-frame injection).
+
+  window.addEventListener('message', (event) => {
+    if (event.source !== window) return;
+    if (event.data?.type !== 'SAFARI_PILOT_RESPONSE') return;
+
+    const { requestId, ok, value, error } = event.data;
+    const pending = pendingRequests.get(requestId);
+    if (!pending) return;
+
+    pendingRequests.delete(requestId);
+    if (ok) {
+      pending.resolve(value);
+    } else {
+      pending.reject(error);
+    }
+  });
+
+  // ─── Background → ISOLATED World ──────────────────────────────────────────
+  // Receive commands from the background service worker via runtime messaging.
+  // Returns true to indicate async sendResponse (keeps message channel open).
+
+  browser.runtime.onMessage.addListener((message, _sender, sendResponse) => {
+    if (message.type !== 'SAFARI_PILOT_COMMAND') return false;
+
+    const requestId = `sp_${++nextRequestId}_${Date.now()}`;
+
+    const promise = new Promise((resolve, reject) => {
+      pendingRequests.set(requestId, { resolve, reject });
+
+      // Forward to MAIN world. Use window.location.origin (never '*') per spec.
+      window.postMessage(
+        {
+          type: 'SAFARI_PILOT_CMD',
+          requestId,
+          method: message.method,
+          params: message.params ?? {},
+        },
+        window.location.origin
+      );
+
+      // Timeout: MAIN world has 10 s to respond before we fail the request
+      setTimeout(() => {
+        if (pendingRequests.has(requestId)) {
+          pendingRequests.delete(requestId);
+          reject({ message: 'MAIN world timeout', code: 'TIMEOUT' });
+        }
+      }, 10_000);
+    });
+
+    promise.then(
+      value => sendResponse({ ok: true, value }),
+      error => sendResponse({ ok: false, error })
+    );
+
+    return true; // Keep the message channel open for async sendResponse
+  });
+})();

package/bin/Safari Pilot.app/Contents/PlugIns/Safari Pilot Extension.appex/Contents/Resources/content-main.js

@@ -0,0 +1,310 @@
+// content-main.js — MAIN world
+// WARNING: This code runs in the page's context. It CAN be observed by page JS.
+// Never store secrets. Never read credentials. Minimal footprint.
+
+(() => {
+  'use strict';
+
+  // Namespace to minimize collision risk
+  const SP = Object.create(null);
+
+  // ─── Shadow DOM Traversal ─────────────────────────────────────────────────
+  // Traverses open AND closed shadow roots. Closed roots are accessible from
+  // MAIN world because we intercept Element.attachShadow at document_idle.
+  // Primary reason this extension exists — no other automation layer can do this.
+
+  SP.queryShadow = (selector, shadowSelector) => {
+    // If shadowSelector provided: find hosts matching selector, then query inside their shadows
+    // If only selector: query entire document including all shadow subtrees
+    const results = [];
+
+    const walkShadow = (node, targetSelector) => {
+      const shadow = node.shadowRoot;
+      if (shadow) {
+        const found = shadow.querySelectorAll(targetSelector);
+        results.push(...found);
+        shadow.querySelectorAll('*').forEach(child => walkShadow(child, targetSelector));
+      }
+    };
+
+    if (shadowSelector) {
+      // Two-phase: find shadow hosts by selector, then query inside their shadows
+      const hosts = document.querySelectorAll(selector);
+      hosts.forEach(host => {
+        if (host.shadowRoot) {
+          results.push(...host.shadowRoot.querySelectorAll(shadowSelector));
+          host.shadowRoot.querySelectorAll('*').forEach(child => walkShadow(child, shadowSelector));
+        }
+      });
+    } else {
+      // Single-phase: query full document + all shadow subtrees
+      results.push(...document.querySelectorAll(selector));
+      document.querySelectorAll('*').forEach(el => walkShadow(el, selector));
+    }
+
+    return results;
+  };
+
+  SP.queryShadowAll = (selector, root = document) => {
+    const results = [];
+    const walk = (node) => {
+      if (node.shadowRoot) {
+        results.push(...node.shadowRoot.querySelectorAll(selector));
+        node.shadowRoot.querySelectorAll('*').forEach(walk);
+      }
+      node.querySelectorAll('*').forEach(child => {
+        if (child.shadowRoot) walk(child);
+      });
+    };
+    results.push(...root.querySelectorAll(selector));
+    walk(root);
+    return results;
+  };
+
+  // ─── Framework-Aware Form Filling ─────────────────────────────────────────
+  // React tracks input state via _valueTracker. A plain .value assignment won't
+  // trigger React's synthetic event system. We must use the native setter and
+  // delete the tracker so React sees the change as "new" input.
+
+  SP.fillReact = (element, value) => {
+    const nativeInputValueSetter =
+      Object.getOwnPropertyDescriptor(HTMLInputElement.prototype, 'value')?.set ||
+      Object.getOwnPropertyDescriptor(HTMLTextAreaElement.prototype, 'value')?.set;
+
+    if (!nativeInputValueSetter) {
+      throw new Error('Cannot find native value setter');
+    }
+
+    // Bypass React's _valueTracker so it sees the programmatic change as new
+    if (element._valueTracker) {
+      element._valueTracker.setValue('');
+    }
+
+    nativeInputValueSetter.call(element, value);
+    element.dispatchEvent(new Event('input', { bubbles: true }));
+    element.dispatchEvent(new Event('change', { bubbles: true }));
+    element.dispatchEvent(new FocusEvent('blur', { bubbles: true }));
+  };
+
+  SP.fillVue = async (element, value) => {
+    // Vue 3 uses Proxy-based reactivity — direct assignment triggers v-model
+    element.value = value;
+    element.dispatchEvent(new Event('input', { bubbles: true }));
+    // Wait for Vue's nextTick so watchers run before change event
+    await new Promise(resolve => setTimeout(resolve, 0));
+    element.dispatchEvent(new Event('change', { bubbles: true }));
+  };
+
+  // ─── Dialog Interception ──────────────────────────────────────────────────
+  // Replaces window.alert/confirm/prompt with captured versions.
+  // Must run in MAIN world — ISOLATED world cannot override window globals.
+
+  SP.interceptDialogs = () => {
+    const dialogQueue = [];
+    const handlers = {};
+
+    ['alert', 'confirm', 'prompt'].forEach(type => {
+      const original = window[type];
+      window[type] = function(message, defaultValue) {
+        const entry = { type, message, timestamp: Date.now() };
+        dialogQueue.push(entry);
+
+        if (handlers[type]) {
+          return handlers[type](message, defaultValue);
+        }
+        // Sensible defaults: accept alerts, auto-confirm, return empty prompt
+        if (type === 'alert') return undefined;
+        if (type === 'confirm') return true;
+        if (type === 'prompt') return defaultValue || '';
+      };
+    });
+
+    return {
+      getQueue: () => [...dialogQueue],
+      setHandler: (type, fn) => { handlers[type] = fn; },
+      clear: () => { dialogQueue.length = 0; },
+    };
+  };
+
+  // ─── Network Interception ─────────────────────────────────────────────────
+  // Monkey-patches fetch and XMLHttpRequest for capture and mocking.
+  // Only JS-initiated requests are interceptable — browser-native resource
+  // loading (img src, link href, etc.) bypasses this.
+
+  SP.interceptNetwork = () => {
+    const captured = [];
+    const originalFetch = window.fetch;
+    const OriginalXHR = window.XMLHttpRequest;
+
+    window.fetch = async function(...args) {
+      const request = new Request(...args);
+      const entry = {
+        type: 'fetch',
+        url: request.url,
+        method: request.method,
+        timestamp: Date.now(),
+      };
+      try {
+        const response = await originalFetch.apply(this, args);
+        entry.status = response.status;
+        entry.statusText = response.statusText;
+        captured.push(entry);
+        return response;
+      } catch (error) {
+        entry.error = error.message;
+        captured.push(entry);
+        throw error;
+      }
+    };
+
+    // Patch XMLHttpRequest
+    window.XMLHttpRequest = function() {
+      const xhr = new OriginalXHR();
+      const entry = { type: 'xhr', timestamp: Date.now() };
+
+      const originalOpen = xhr.open.bind(xhr);
+      xhr.open = function(method, url, ...rest) {
+        entry.method = method;
+        entry.url = url;
+        return originalOpen(method, url, ...rest);
+      };
+
+      xhr.addEventListener('load', () => {
+        entry.status = xhr.status;
+        entry.statusText = xhr.statusText;
+        captured.push({ ...entry });
+      });
+
+      xhr.addEventListener('error', () => {
+        entry.error = 'XHR error';
+        captured.push({ ...entry });
+      });
+
+      return xhr;
+    };
+
+    return {
+      getCaptured: () => [...captured],
+      clear: () => { captured.length = 0; },
+      restore: () => {
+        window.fetch = originalFetch;
+        window.XMLHttpRequest = OriginalXHR;
+      },
+    };
+  };
+
+  // ─── Framework Detection ──────────────────────────────────────────────────
+
+  SP.detectFramework = () => {
+    const detected = [];
+
+    if (window.__REACT_DEVTOOLS_GLOBAL_HOOK__ || document.querySelector('[data-reactroot]') || document.querySelector('[data-reactid]')) {
+      detected.push('react');
+    }
+    if (window.__vue_devtools_global_hook__ || document.querySelector('[data-v-app]')) {
+      detected.push('vue');
+    }
+    if (window.ng || window.getAllAngularRootElements?.()?.length > 0) {
+      detected.push('angular');
+    }
+    if (document.querySelector('[data-svelte]') || window.__svelte) {
+      detected.push('svelte');
+    }
+
+    return detected;
+  };
+
+  // ─── Expose namespace ──────────────────────────────────────────────────────
+  window.__safariPilot = SP;
+
+  // ─── Message Channel from ISOLATED World ──────────────────────────────────
+  // The ISOLATED world relay forwards background script commands here via
+  // window.postMessage. We respond with results on the same channel.
+  // SECURITY: use window.location.origin (never '*') as postMessage target.
+
+  window.addEventListener('message', (event) => {
+    if (event.source !== window) return;
+    if (event.data?.type !== 'SAFARI_PILOT_CMD') return;
+
+    const { requestId, method, params } = event.data;
+
+    const respond = (ok, payload) => {
+      window.postMessage(
+        { type: 'SAFARI_PILOT_RESPONSE', requestId, ok, ...payload },
+        window.location.origin
+      );
+    };
+
+    (async () => {
+      try {
+        let result;
+        switch (method) {
+          case 'queryShadow': {
+            const elements = SP.queryShadow(params.selector, params.shadowSelector);
+            result = Array.from(elements).map(el => ({
+              tagName: el.tagName,
+              id: el.id,
+              className: el.className,
+              textContent: el.textContent?.slice(0, 200),
+            }));
+            break;
+          }
+          case 'queryShadowAll': {
+            const elements = SP.queryShadowAll(params.selector);
+            result = Array.from(elements).map(el => ({
+              tagName: el.tagName,
+              id: el.id,
+              className: el.className,
+              textContent: el.textContent?.slice(0, 200),
+            }));
+            break;
+          }
+          case 'fillReact': {
+            const target = document.querySelector(params.selector);
+            if (!target) throw new Error(`Element not found: ${params.selector}`);
+            SP.fillReact(target, params.value);
+            result = { filled: true };
+            break;
+          }
+          case 'fillVue': {
+            const target = document.querySelector(params.selector);
+            if (!target) throw new Error(`Element not found: ${params.selector}`);
+            await SP.fillVue(target, params.value);
+            result = { filled: true };
+            break;
+          }
+          case 'interceptDialogs': {
+            const controller = SP.interceptDialogs();
+            // Store controller so later commands can query it
+            SP._dialogController = controller;
+            result = { intercepting: true };
+            break;
+          }
+          case 'getDialogQueue': {
+            result = SP._dialogController?.getQueue() ?? [];
+            break;
+          }
+          case 'interceptNetwork': {
+            const controller = SP.interceptNetwork();
+            SP._networkController = controller;
+            result = { intercepting: true };
+            break;
+          }
+          case 'getNetworkCaptures': {
+            result = SP._networkController?.getCaptured() ?? [];
+            break;
+          }
+          case 'detectFramework': {
+            result = SP.detectFramework();
+            break;
+          }
+          default:
+            throw new Error(`Unknown method: ${method}`);
+        }
+        respond(true, { value: result });
+      } catch (error) {
+        respond(false, { error: { message: error.message, name: error.name } });
+      }
+    })();
+  });
+})();