- Manifest V3 browser extension that detects phishing sites impersonating Microsoft 365 sign-in pages.
- Key components: detection engine, policy/branding management, and popup/options interfaces.
- Files are packaged directly—no build step. All guidance in this file applies repository-wide.
- Plain JavaScript ES modules; filenames use
kebab-case.js. - Two-space indentation and required semicolons.
- Avoid build tooling; source files are shipped as-is.
- Use Conventional Commit prefixes such as
feat:,fix:, ordocs:. - Keep commits small and focused.
- Summarize manual testing in pull request descriptions.
- No automated tests for the extension itself. Manually verify using the steps in TESTING_GUIDE.md:
- Load the extension via
chrome://extensions→ Load unpacked. - Open
test-extension-loading.htmlto confirm the service worker, content scripts, and detection engine. - Exercise the popup and options pages.
- Load the extension via
- Optional lint check:
npx eslint scripts options popup.
scripts/– background, content, and modular detection/policy code.config/–branding.jsonandmanaged_schema.jsonfor policy and branding.rules/– detection rules indetection-rules.json.popup/&options/– UI pages and supporting scripts.images/– extension icons.docs/– additional project documentation.
- Follow SECURITY.md for reporting vulnerabilities.
- Extension handles policy and branding data; avoid storing or transmitting unnecessary user information.
- Target browsers: Chromium-based (Chrome 88+).
- Document notable changes in
CHANGELOG.md. - Licensed under AGPL-3.0; see
ATTRIBUTIONS.mdfor third-party assets.