feat: add space-scoped privacy protections#243
Conversation
Greptile SummaryThis PR adds a full space-scoped privacy pipeline: an AdGuard-backed WebKit content-blocking system with per-space filter selection, on-disk shard caching, incremental refresh, and scheduling; fingerprinting protection via a deterministic JS profile; and cookie-policy enforcement. Privacy settings are wired into
Confidence Score: 2/5Not safe to merge: the inverted guard in resolveFilterSource causes unauthorized network fetches when ad-block settings change with no cache present, and the double-escaped regex silently narrows the scope of third-party tracker blocking. Two bugs with direct behavioral impact (unintended network I/O in resolveFilterSource, broken subdomain regex in regexForDomain) and one correctness issue in the cancellation path lower confidence significantly despite solid overall architecture and good test coverage. ora/Features/Privacy/Services/AdBlockService.swift (resolveFilterSource logic and cancellation handling), ora/Features/Privacy/Services/BrowserPrivacyService.swift (regexForDomain backslash escaping) Important Files Changed
Sequence DiagramsequenceDiagram
participant UI as SpacesSettingsView
participant SS as SettingsStore
participant ABS as AdBlockService (actor)
participant FUS as FilterListUpdateService
participant CCS as ContentBlockerCompileService
participant CAS as ContentBlockerArtifactStore
participant NC as NotificationCenter
participant TM as TabManager
participant BP as BrowserPage
participant BPS as BrowserPrivacyService
UI->>SS: setPrivacySettings(for: containerID)
UI->>ABS: refreshSpace(containerId:, reason: .settingsChanged)
ABS->>SS: privacySettings(for: containerID)
ABS->>FUS: fetchLatest(for: record) [if allowNetworkFetch]
FUS-->>ABS: FilterListFetchResult
ABS->>CCS: compile(record:, rawText:)
CCS-->>ABS: CompiledFilterArtifacts
ABS->>CAS: storeCompiledArtifacts(...)
ABS->>SS: notifySpacePrivacySettingsChanged(for: containerID)
SS->>NC: post(.spacePrivacySettingsChanged)
NC->>TM: refreshPrivacySettings(for: containerID)
TM->>BP: refreshBrowserPageForPrivacySettings()
BP->>BPS: prepareConfiguration(_:spaceID:completion:)
BPS->>CAS: ruleListIdentifiers(for:revision:)
BPS-->>BP: completion() - isReadyForNavigation = true
BP->>BP: flushPendingNavigationIfNeeded()
Reviews (1): Last reviewed commit: "feat(privacy): wire space protections in..." | Re-trigger Greptile |
Major changes
Minor changes