Create src/content/autofill.ts — runs on all HTTP(S) pages.
- On page load, scan for
<input type="password">and nearby text/email inputs - If a password field is found, the page is a login form candidate
- Extract the page's domain (e.g.
github.comfromhttps://github.com/login) - Send
{ type: 'AUTOFILL_LOOKUP', payload: { domain } }to service worker - If matches found, inject a small floating "My SPACE" badge near the password field
- User clicks the badge → extension sends
AUTOFILL_GETto decrypt the value → fills the form
Form detection heuristics
1. Find all <input type="password"> elements
2. For each password field, walk up to the nearest <form> or container
3. Within that container, find:
- <input type="email"> or <input type="text"> nearest above
the password field → username
- The password field itself → password
4. If no <form>, look for inputs within a shared parent div
URL matching logic
- Store the
urlfield on secrets as a full URL (e.g.https://github.com/login) - Match by domain: extract hostname from the secret's
urland compare with the current page's hostname - If multiple secrets match the same domain, show all matches in a dropdown
- If the secret's
urlpath matches the current path, prioritise it over domain-only matches