6.1 KiB
6.1 KiB
27. Browser Extension — Move to browser-ext/ and Update API Client
meta: id: shieldai-unified-restructure-27 feature: shieldai-unified-restructure priority: P1 depends_on: [shieldai-unified-restructure-23] tags: [extension, browser, api, migration]
objective:
- Move the browser extension from
packages/extension/tobrowser-ext/, update its build configuration, and rewrite the API client to communicate with the unified monolith's tRPC endpoints instead of the legacy Fastify API.
deliverables:
browser-ext/directory with all extension code:src/background/index.ts— Service worker (MV3)src/content/index.ts— Content script for phishing detectionsrc/popup/popup.html+popup.ts— Extension popup UIsrc/options/options.html+options.ts— Options pagesrc/lib/api-client.ts— Updated API clientsrc/lib/phishing-detector.ts— Phishing detection logic (preserved)src/lib/cache.ts— Request caching (preserved)src/lib/settings.ts— Extension settings (preserved)src/types/index.ts— TypeScript typespublic/manifest.json— Manifest V3public/icons/— Extension iconsvite.config.ts— Build configpackage.json— Dependencies
- Updated
browser-ext/src/lib/api-client.ts:- Communicates with
https://api.shieldai.com/api/trpc(or local dev URL) - Uses tRPC HTTP batch link for efficient requests
- Authenticates with API key (
x-api-keyheader) or JWT - Endpoints:
spamshield.checkNumber— check phone number reputationspamshield.classifySMS— classify SMS textextension.getAuthStatus— check if user is linkedextension.linkDevice— link extension to user account
- Error handling with retry logic
- Communicates with
- Updated
browser-ext/package.json:- Dependencies:
@trpc/client,superjson(for serialization) - Build scripts for Chrome/Firefox
- Dependencies:
- Updated manifest:
- Permissions:
activeTab,storage,declarativeNetRequest,notifications - Host permissions:
https://api.shieldai.com/*,https://*.shieldai.com/*
- Permissions:
steps:
- Create
browser-ext/directory at project root. - Move all files from
packages/extension/tobrowser-ext/:git mv packages/extension/src browser-ext/srcgit mv packages/extension/public browser-ext/publicgit mv packages/extension/vite.config.ts browser-ext/git mv packages/extension/package.json browser-ext/- Copy tests:
cp -r packages/extension/tests browser-ext/
- Update
browser-ext/package.json:- Change name to
@shieldai/browser-ext - Update dependencies: add
@trpc/client, remove legacy API client deps - Update build scripts
- Change name to
- Update
browser-ext/src/lib/api-client.ts:- Remove old Fastify REST client code
- Create tRPC proxy client:
import { createTRPCProxyClient, httpBatchLink } from '@trpc/client'; import type { AppRouter } from '../../../web/src/server/api/root'; export const api = createTRPCProxyClient<AppRouter>({ links: [httpBatchLink({ url: API_URL, headers: { 'x-api-key': API_KEY } })], }); - Note: Type import from web/ may need a shared types package or copy types. For now, use a generated type file.
- Update background script:
- On install: call
api.extension.linkDevicewith extension ID - On SMS received (if API available): call
api.spamshield.classifySMS - On call received: call
api.spamshield.checkNumber - Cache results using existing
cache.ts
- On install: call
- Update popup UI:
- Show auth status (linked/unlinked)
- Show recent spam detections
- Quick actions: "Check number", "Report spam"
- Use ShieldAI theme colors (import theme tokens or hardcode for now)
- Update content script:
- Preserve phishing detection logic
- Report detected phishing to
api.extension.reportPhishing
- Update options page:
- Settings for API key, notification preferences
- Link/unlink account flow
- Update build config:
vite.config.tsshould output todist/with correct manifest- Add scripts for
build:chromeandbuild:firefoxif needed
- Test extension:
- Load unpacked extension in Chrome
- Verify popup renders
- Test API calls against local dev server
steps:
- Unit: API client creates correct tRPC requests
- Unit: Background script caches API responses
- Integration: Extension popup successfully calls
spamshield.checkNumber - E2E: Install extension, link device, verify API key auth works
acceptance_criteria:
- Extension code lives in
browser-ext/and builds successfully - API client uses tRPC instead of legacy REST endpoints
- Background script handles install, SMS, and call events
- Popup UI shows auth status and recent detections
- Content script preserves phishing detection and reports to tRPC
- Options page allows API key configuration and account linking
- Extension works with both local dev and production API URLs
- All existing tests pass after migration
validation:
cd browser-ext && pnpm buildcompletes without errors- Load
browser-ext/dist/as unpacked extension in Chrome - Open popup and verify UI renders
- Test API call by entering a phone number → verify tRPC request in Network tab
- Run
cd browser-ext && pnpm testfor extension tests
notes:
- Reference legacy:
packages/extension/src/ - The extension cannot directly import from
web/due to build isolation. Options for tRPC types:- Generate a standalone type file from the web app's router and copy it to
browser-ext/src/types/trpc.ts - Create a shared
@shieldai/typespackage (but we're unifying, so avoid new packages) - Use
anyfor the router type in extension (not recommended) Recommended: Option 1 — generate types as part of web build.
- Generate a standalone type file from the web app's router and copy it to
- The extension's popup UI is currently plain HTML/TS. Consider using a lightweight framework (e.g., SolidJS for popup) for consistency with the web app, but this is optional.
- For Manifest V3, service workers have limited lifetime. Ensure API calls complete before worker sleeps.
- The
declarativeNetRequestAPI can block requests at the network level without a persistent background script. Consider using it for known phishing domains.