Part of the v4.2 parity push — the last phase, deferred until the rest of the architecture is stable.
Depends on
Why P3
These three platforms are high-maintenance. Class names are randomized, DOM is heavily obfuscated, APIs change under the hood. The userscript spends ~1,629 LOC on them plus another ~800 LOC in the anti-obfuscation stack (API interceptor, React Fiber walker, module hook).
This phase should probably be split into four sub-issues when work starts — one per platform plus one for the anti-obfuscation stack — rather than shipped as a single chunk. Listed here together because they share infrastructure.
Scope (at a high level)
Anti-obfuscation infrastructure
Per-platform handlers (one sub-issue each when actually started)
Capture Panel UI
These platforms use the capture-panel flow instead of the reader view (they need the underlying page visible for scrolling through comments, selecting text). Per docs/capture-panel-design.md:
Extension-native wins to exploit here
- No WebSocket CSP blocks — SW relay client was the reason to not put this off-platform.
- API interception via
declarativeNetRequest could replace some of the fetch() hook work — we can inspect requests directly at the network layer without needing to patch the page's fetch. Worth evaluating during implementation.
chrome.debugger API is another cheat code worth considering for especially-hostile platforms; high-friction auth prompts though, so only as a last resort.
Success criteria
Deferred until actual work starts — defined per sub-issue when this phase is split.
Notes
- Before starting this phase, confirm FB/IG/TikTok obfuscation patterns haven't shifted enough since v4.2's userscript version to invalidate the existing code. A platform review at the top of the work is cheaper than porting code that's already stale.
Part of the v4.2 parity push — the last phase, deferred until the rest of the architecture is stable.
Depends on
Why P3
These three platforms are high-maintenance. Class names are randomized, DOM is heavily obfuscated, APIs change under the hood. The userscript spends ~1,629 LOC on them plus another ~800 LOC in the anti-obfuscation stack (API interceptor, React Fiber walker, module hook).
This phase should probably be split into four sub-issues when work starts — one per platform plus one for the anti-obfuscation stack — rather than shipped as a single chunk. Listed here together because they share infrastructure.
Scope (at a high level)
Anti-obfuscation infrastructure
shared/api-interceptor.js(~595 LOC in the userscript) — hooksfetch()andXMLHttpRequestin the MAIN world (injected viachrome.scripting.executeScript({ world: 'MAIN' })) to capture Meta's GraphQL responses keyed byfb_api_req_friendly_nameanddoc_id. In the extension, the interceptor posts intercepted payloads back to the content script viawindow.postMessage.__reactFiber$*properties on DOM elements to extract component props.shared/module-hook.js(~121 LOC) — probes Facebook's internal__d()module registry. MAIN-world only.Per-platform handlers (one sub-issue each when actually started)
platforms/facebook.js, ~240 LOC) — ARIA roles (role="article",data-testid), API interception for GraphQL post data, React fiber fallback.platforms/instagram.js, ~964 LOC — the largest platform handler) — ARIA extraction, React fiber inspection for minified post data, API interception for comment threads, hashtag extraction.platforms/tiktok.js, ~425 LOC) —__NEXT_DATA__JSON parse with a DOM fallback (the__NEXT_DATA__path breaks whenever TikTok changes their Next.js setup).Capture Panel UI
These platforms use the capture-panel flow instead of the reader view (they need the underlying page visible for scrolling through comments, selecting text). Per
docs/capture-panel-design.md:chrome.sidePanelinfrastructure from Phase 0.Extension-native wins to exploit here
declarativeNetRequestcould replace some of thefetch()hook work — we can inspect requests directly at the network layer without needing to patch the page'sfetch. Worth evaluating during implementation.chrome.debuggerAPI is another cheat code worth considering for especially-hostile platforms; high-friction auth prompts though, so only as a last resort.Success criteria
Deferred until actual work starts — defined per sub-issue when this phase is split.
Notes