duckduckgo
diff --git a/‎.cursorrules
Lines changed: 15 additions & 0 deletions b/‎.cursorrules
Lines changed: 15 additions & 0 deletions
diff --git a/‎.prettierignore
Lines changed: 2 additions & 0 deletions b/‎.prettierignore
Lines changed: 2 additions & 0 deletions
diff --git a/‎CODEOWNERS
Lines changed: 3 additions & 0 deletions b/‎CODEOWNERS
Lines changed: 3 additions & 0 deletions
diff --git a/‎injected/README.md
Lines changed: 58 additions & 184 deletions b/‎injected/README.md
Lines changed: 58 additions & 184 deletions
diff --git a/‎injected/docs/README.md
Lines changed: 31 additions & 0 deletions b/‎injected/docs/README.md
Lines changed: 31 additions & 0 deletions
diff --git a/‎injected/docs/api-reference.md
Lines changed: 35 additions & 0 deletions b/‎injected/docs/api-reference.md
Lines changed: 35 additions & 0 deletions
@@ -0,0 +1,15 @@
+# Content Scope Scripts - Cursor Rules
+
+## Documentation References
+
+When asked about Content Scope Scripts topics, refer to these documentation files:
+
+- **API Reference**: `injected/docs/api-reference.md`
+- **Feature Development**: `injected/docs/features-guide.md`
+- **Platform Integration**: `injected/docs/platform-integration.md`
+- **Development Utilities**: `injected/docs/development-utilities.md`
+- **Testing**: `injected/docs/testing-guide.md`
+- **Favicon**: `injected/docs/favicon.md`
+- **Message Bridge**: `injected/docs/message-bridge.md`
+- **Documentation Index**: `injected/docs/README.md`
+- **High-level Overview**: `injected/README.md` 
@@ -1,11 +1,13 @@
 build/**/*
 docs/**/*
+!injected/docs/**/*
 injected/src/types
 special-pages/pages/**/types
 injected/integration-test/extension/contentScope.js
 injected/src/features/Scriptlets
 **/*.json
 **/*.md
+!injected/docs/**/*.md
 **/*.html
 **/*.har
 **/*.css
@@ -1,5 +1,8 @@
 * @duckduckgo/content-scope-scripts-owners
 
+# Documentation - anyone can edit
+injected/docs/ *
+
 # Feature owners
 injected/src/features/fingerprinting-* @duckduckgo/content-scope-scripts-owners @jonathanKingston @englehardt
 injected/src/canvas.js @duckduckgo/content-scope-scripts-owners @jonathanKingston @englehardt
 
@@ -1,202 +1,76 @@
-# Content scope scripts
-
-Content Scope Scripts handles injecting in DOM modifications in a browser context; it's a cross platform solution that requires some minimal platform hooks.
-
-## Content Scope Features API
-
-Each platform calls into the API exposed by content-scope-features.js where the relevant JavaScript file is included from features/. This file loads the relevant platform enabled features. The platform itself should adhere to the features lifecycle when implementing.
-
-The exposed API is a global called contentScopeFeatures and has three methods:
-- load
-  - Calls the load method on all the features
-- init
-  - Calls the init method on all the features
-  - This should be passed the arguments object which has the following keys:
-    - 'platform' which is an object with:
-      - 'name' which is a string of 'android', 'ios', 'macos' or 'extension'
-    - 'debug' true if debugging should be enabled
-    - 'globalPrivacyControlValue' false if the user has disabled GPC.
-    - 'sessionKey' a unique session based key.
-    - 'cookie' TODO
-    - 'site' which is an object with:
-      - 'isBroken' true if remote config has an exception.
-      - 'allowlisted' true if the user has disabled protections.
-      - 'domain' the hostname of the site in the URL bar
-      - 'enabledFeatures' this is an array of features/ to enable
-- urlChanged
-  - Called when the top frame URL is changed (for Single Page Apps)
-  - Also ensures that path changes for config 'conditional matching' are applied.
-- update
-  - Calls the update method on all the features
-
-## Features
-
-These files stored in the features directory must include an init function and optionally update and load explained in the features lifecycle.
-
-### `ConfigFeature` class 
-The [ConfigFeature](https://github.com/duckduckgo/content-scope-scripts/blob/main/injected/src/config-feature.js) class is extended by each feature to implement remote config handling. It provides the following methods:
-
-`getFeatureSettingEnabled`
-  - For simple boolean settings, return true if the setting is 'enabled'
-
-`getFeatureSetting`
-  - Return a specific setting from the feature settings
-
-`recomputeSiteObject`
-  - Recomputes the site object for the feature, e.g when the URL has changed.
-
-`ConfigFeature` class is also exportable and can be used by other scripts to build C-S-S like features that can handle remote configuration - currently used in [autofill.js](https://github.com/duckduckgo/duckduckgo-autofill/blob/main/src/site-specific-feature.js) to handle site specific autofill rules.
-
-## Features Lifecycle
-
-There are three stages that the content scope code is hooked into the platform:
-- `load`
-  - This should be reserved for work that should happen that could cause a delay in loading the feature.
-  - Given the current limitations of how we inject our code we don't have the Privacy Remote Configuration exceptions so authors should be wary of actually loading anything that would modify the page (and potentially breaking it).
-  - This limitation may be re-addressed in manifest v3
-  - One exception here is the first party cookie protections that are triggered on init to prevent race conditions.
-- `init`
-  - This is the main place that features are actually loaded into the extension.
-- `update`
-  - This allows the feature to be sent updates from the browser.
-  - If this is triggered before init, these updates will be queued and triggered straight after.
-
-### Platform specific integration details
-
-The [injected/entry-points/](https://github.com/duckduckgo/content-scope-scripts/tree/main/injected/entry-points) directory handles platform specific differences and is glue code into calling the contentScopeFeatures API.
-
-- In Firefox the code is loaded as a standard extension content script.
-- For Apple, Windows and Android the code is a UserScript that has some string replacements for properties and loads in as the page scope.
-  - Note: currently we don't implement the update calls as it's only required by cookie protections which we don't implement.
-- All other browsers the code is stringified, base64 encoded and injected in as a self deleting `<script>` tag.
-
-In the built output you will see these dramatic differences in the bundled code which is created into: /build
-
-#### App specific integration replacements
-
-- `$CONTENT_SCOPE$` - raw remote config object
-- `$USER_UNPROTECTED_DOMAINS$` - an array of user allowlisted domains
-- `$USER_PREFERENCES$` - an object containing:
-  - platform: `{ name: '<ios | macos | extension | android>' }`
-  - debug: boolean
-  - globalPrivacyControlValue: boolean
-  - sessionKey: `<CSRNG UUID 4 string>` (used for fingerprinting) - this should regenerate on browser close or every 24 hours.
-
-### Features scope injection utilities
-
-To handle the difference in scope injection we expose multiple utilities which behave differently per browser in src/utils.js and `ContentFeature` base class. for Firefox the code exposed handles [xrays correctly](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Sharing_objects_with_page_scripts) without needing the features to be authored differently.
-
-- `ContentFeature.defineProperty()`
-  - `defineProperty(object, propertyName, descriptor)` behaves the same as `Object.defineProperty(object, propertyName, descriptor)`
-  - The difference is for Firefox we export the relevant functions so it can go across the xray
-  - Use this method if `Object.getOwnPropertyDescriptors(object).propertyName` should to exist in the supporting browser.
-- `ContentFeature.wrapProperty(object, propertyName, descriptor)`
-  - A simple wrapper around `defineProperty()` that ignores non-existing properties and retains unspecified descriptor keys.
-  - Example usage: `this.wrapProperty('Navigator.prototype.userAgent', { get: () => 'fakeUA' })`
-- `ContentFeature.wrapMethod(object, propertyName, wrapperFn)`
-  - Overrides a native method. wrapperFn() will be called in place of the original method. The original method will be passed as the first argument.
-  - Example usage:
-    ```JavaScript
-    this.wrapMethod(Permissions.prototype, 'query', async function (originalFn, queryObject) {
-        if (queryObject.name === 'blocked-permission') {
-            return {
-                name: queryObject.name,
-                state: 'denied',
-                status: 'denied'
-            }
-        }
-        return await nativeImpl.call(this, queryObject)
-    })
-    ```
-- `ContentFeature.shimInterface(interfaceName, ImplClass, options)`
-  - API for shimming standard constructors. See the WebCompat feature and JSDoc for more details.
-  - Example usage:
-    ```javascript
-    this.shimInterface('MediaSession', MyMediaSessionClass, {
-        disallowConstructor: true,
-        allowConstructorCall: false,
-        wrapToString: true
-    })
-    ```
-- `ContentFeature.shimProperty(instanceHost, instanceProp, implInstance, readOnly = false)`
-  - API for shimming standard global objects. Usually you want to call `shimInterface()` first, and pass an object instance as `implInstance`. See the WebCompat feature and JSDoc for more details.
-  - Example usage:
-    ```javascript
-    this.shimProperty(Navigator.prototype, 'mediaSession', myMediaSessionInstance, true)
-    ```
-
-- `DDGProxy`
-  - Behaves a lot like `new window.Proxy` with a few differences:
-    - has an `overload` method to actually apply the function to the native property.
-    - Stores the native original property in _native such that it can be called elsewhere if needed without going through the proxy.
-    - Triggers `addDebugFlag` if get/apply is called.
-    - Sends debugging messaging if debug is enabled.
-    - Allows for remotely disabling the override based on script URL via `shouldExemptMethod`.
-    - Fixes `value.toString()` to appear like it was defined natively.
-  - Example usage:
-    ```JavaScript
-    const historyMethodProxy = new DDGProxy(this, History.prototype, 'pushState', {
-        apply (target, thisArg, args) {
-            applyRules(activeRules)
-            return DDGReflect.apply(target, thisArg, args)
-        }
-    })
-    historyMethodProxy.overload()
-    ```
-- `DDGReflect`
-  - Calls into wrappedJSObject.Reflect for Firefox but otherwise exactly the same as [window.Reflect](Sources/BrowserServicesKit/UserScript/ContentScopeUserScript.swift)
-
-### Testing Locally
-
-Depending on what you are changing, you may need to run the build processes locally, or individual tests.
-The following all run within GitHub Actions when you create a pull request, but you can run them locally as well.
-
-- eslint
-- Typescript
-- Unit tests (jasmine)
-- Feature Integration Tests (playwright)
-- Feature Build process
-
-If you want to get a good feeling for whether a PR or CI run will pass/fail, you can run the `test` command
-which chains most of the following together
+# Content Scope Scripts
 
-```shell
-# run this if you want some confidence that your PR will pass
-npm test
-```
+Content Scope Scripts handles injecting DOM modifications in a browser context; it's a cross-platform solution that requires some minimal platform hooks.
+
+## Quick Start
+
+Content Scope Scripts provides a unified API for browser privacy features across multiple platforms (Firefox, Chrome, Safari, Android, iOS). Features are loaded dynamically based on remote configuration and can be enabled/disabled per site.
+
+## Documentation
+
+📚 **Detailed documentation is available in the [docs](./docs/) directory:**
+
+- **[API Reference](./docs/api-reference.md)** - Complete reference for the Content Scope Features API
+- **[Features Guide](./docs/features-guide.md)** - How to develop features and understand the feature lifecycle  
+- **[Platform Integration](./docs/platform-integration.md)** - Platform-specific implementation details
+- **[Development Utilities](./docs/development-utilities.md)** - Scope injection utilities and development tools
+- **[Testing Guide](./docs/testing-guide.md)** - Local testing and development workflow
+
+## Key Concepts
 
-#### eslint
+### Features
+Features are JavaScript modules that implement privacy protections. Each feature:
+- Extends the `ConfigFeature` class for remote configuration support
+- Implements the feature lifecycle (`load`, `init`, `update`)
+- Can be enabled/disabled per site via remote configuration
 
-See root-level package for lint commands
+### Platform Support
+- **Firefox**: Standard extension content scripts
+- **Apple/Android**: UserScripts with string replacements
+- **Other browsers**: Base64-encoded script injection
 
-#### Typescript
+### API
+The global `contentScopeFeatures` object provides:
+- `load()` - Initialize features that may cause loading delays
+- `init(args)` - Main feature initialization with platform/site configuration
+- `urlChanged()` - Handle Single Page App navigation
+- `update()` - Receive browser updates
 
-See root-level package for Typescript commands
+---
 
-#### Unit Tests (jasmine)
+## Architecture Overview
 
-Everything for unit-testing is located in the `unit-test` folder. Jasmine configuration is in `unit-test/jasmine.json`.
+![Content Scope Scripts architecture diagram](./docs/img/feature-explanation.png)
 
+*High-level overview of how Content Scope Scripts are built and integrated into platforms (example: macOS).* 
+
+## Development
+
+### Quick Test
 ```shell
-npm run test-unit
+npm test
 ```
 
-#### Feature Integration Tests (playwright)
-Everything within `integration-test` is integration tests controlled by Playwright.
-
+### Individual Commands
 ```shell
-npm run test-int
+npm run test-unit    # Unit tests (Jasmine)
+npm run test-int     # Integration tests (Playwright)  
+npm run build        # Build platform-specific artifacts
 ```
 
-#### Feature Build process
+### Project Structure
+- `src/features/` - Feature implementations
+- `entry-points/` - Platform-specific entry points
+- `unit-test/` - Unit test suite
+- `integration-test/` - Integration test suite
 
-To produce all artefacts that are used by platforms, just run the `npm run build` command.
-This will create platform specific code within the `build` folder (that is not checked in)
+## Third-Party Libraries
+- [Adguard Scriptlets](https://github.com/AdguardTeam/Scriptlets)
 
-```shell
-npm run build
-```
+---
 
-#### Third-Party Libraries
+## Third-Party Libraries
 We make use of the following submodules:
-- [Adguard Scriptlets](https://github.com/AdguardTeam/Scriptlets)
+- [Adguard Scriptlets](https://github.com/AdguardTeam/Scriptlets) 
+
+For detailed information about any specific topic, please refer to the [documentation](./docs/).
@@ -0,0 +1,31 @@
+# Content Scope Scripts Documentation
+
+This directory contains detailed documentation for the Content Scope Scripts project.
+
+## Documentation Index
+
+### Core Documentation
+
+- **[API Reference](./api-reference.md)** - Complete reference for the Content Scope Features API
+- **[Features Guide](./features-guide.md)** - How to develop features and understand the feature lifecycle
+- **[Platform Integration](./platform-integration.md)** - Platform-specific implementation details and integration patterns
+
+### Development Resources
+
+- **[Development Utilities](./development-utilities.md)** - Scope injection utilities and development tools
+- **[Testing Guide](./testing-guide.md)** - Local testing and development workflow
+
+### Existing Documentation
+
+- **[Favicon](./favicon.md)** - Favicon-related documentation
+- **[Message Bridge](./message-bridge.md)** - Message bridge implementation details
+
+## Getting Started
+
+If you're new to Content Scope Scripts, start with the main [README](../README.md) for a high-level overview, then dive into the specific documentation based on your needs:
+
+- **Building features?** → [Features Guide](./features-guide.md)
+- **Integrating with a platform?** → [Platform Integration](./platform-integration.md)
+- **Using the API?** → [API Reference](./api-reference.md)
+- **Developing utilities?** → [Development Utilities](./development-utilities.md)
+- **Testing your changes?** → [Testing Guide](./testing-guide.md)
@@ -0,0 +1,35 @@
+# Content Scope Features API Reference
+
+Each platform calls into the API exposed by [content-scope-features.js](../src/content-scope-features.js) where the relevant JavaScript file is included from `features/`. This file loads the relevant platform enabled features. The platform itself should adhere to the features lifecycle when implementing.
+
+## Global API: `contentScopeFeatures`
+
+The exposed API is a global called `contentScopeFeatures` and has three methods:
+
+### `load()`
+
+Calls the load method on all the features
+
+### `init(arguments)`
+
+Calls the init method on all the features. This should be passed the arguments object which has the following keys:
+
+- **`platform`** - An object with:
+    - `name` - A string of 'android', 'ios', 'macos' or 'extension'
+- **`debug`** - `true` if debugging should be enabled
+- **`globalPrivacyControlValue`** - `false` if the user has disabled GPC
+- **`sessionKey`** - A unique session based key
+- **`cookie`** - TODO
+- **`site`** - An object with:
+    - `isBroken` - `true` if remote config has an exception
+    - `allowlisted` - `true` if the user has disabled protections
+    - `domain` - The hostname of the site in the URL bar
+    - `enabledFeatures` - An array of features to enable
+
+### `urlChanged()`
+
+Called when the top frame URL is changed (for Single Page Apps). Also ensures that path changes for config 'conditional matching' are applied.
+
+### `update()`
+
+Calls the update method on all the features