increase performance by polyfilling ResizeObserver only if required

Run button on Windows stopped working as CodeRunner was hanging when
executing fs.promises.mkdir as described in electron/electron#20951
It started happening after electron update to v12 in 1f515e7.
This commit adds the workaround suggested in electron/electron#19554
that fixes the issue.

.dockerignore

@@ -0,0 +1,9 @@
+node_modules
+dist
+dist_electron
+.vs
+.vscode
+.github
+.git
+docs
+docker

.github/ISSUE_TEMPLATE/1-bug-report-scripts.md

@@ -0,0 +1,36 @@
+---
+name: Bug report (script bug or unexpected script behavior)
+about: Create a bug report for generated scripts to help privacy.sexy improve
+labels: bug
+title: '[BUG]: '
+---
+
+<!--
+Thank you for reporting an issue with generated script(s).
+Please fill in as much of the template below as you're able.
+As a small open source project with small community, it can sometimes take a long time for issues to be addressed so please be patient. 
+-->
+
+### Describe the bug
+
+<!-- A clear and concise description of what the bug is. -->
+
+### OS
+
+<!--
+Which OS are you using? What version of OS you were using?
+On Windows you can find it using "Start button" > "Settings" > "System" > "About".
+On macOS you can find it using "Apple menu (top left corner)" > "About This Mac".
+-->
+
+### Screenshots
+
+<!-- If applicable, add screenshots to help explain your problem. -->
+
+### Scripts
+
+<!-- Which scripts did you execute? If applicable, please paste the executed scripts or attach the generated privacy.sexy file . -->
+
+### Additional information
+
+<!-- Add any other context about the problem here. -->

.github/ISSUE_TEMPLATE/2-bug-report-generic.md

@@ -0,0 +1,52 @@
+---
+name: Bug report (unrelated to generated scripts)
+about: Create a bug report that's not related to generated scripts to help privacy.sexy improve
+labels: bug
+title: '[BUG]: '
+---
+
+<!--
+Thank you for reporting an issue.
+Please fill in as much of the template below as you're able.
+As a small open source project with small community, it can sometimes take a long time for issues to be addressed so please be patient. 
+-->
+
+### Describe the bug
+
+<!-- A clear and concise description of what the bug is. -->
+
+### To Reproduce
+
+<!-- 
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+-->
+
+### Expected behavior
+
+<!--
+A clear and concise description of what you expected to happen.
+-->
+
+### Screenshots
+
+<!--
+If applicable, add screenshots to help explain your problem.
+-->
+
+### Distribution
+
+<!--
+If applicable, mention how you were using privacy.sexy when the bug was encountered:
+- Web (on Desktop or mobile?)
+- Or desktop (Windows, macOS or Linux?)
+-->
+
+### Additional context
+
+<!--
+Add any other context about the problem here.
+-->

.github/ISSUE_TEMPLATE/3-feature_request.md

@@ -0,0 +1,27 @@
+---
+name: Feature request
+about: Suggest an idea for privacy.sexy
+labels: enhancement
+---
+
+<!--
+Thank you for suggesting an idea to make privacy better. 🤗
+
+Please fill in as much of the template below as you're able.
+-->
+
+### Problem Description
+
+<!-- Please add a clear and concise description of the problem you are seeking to solve with this feature request. Ex. I'm always frustrated when [...] -->
+
+### Proposed solution
+
+<!-- Describe the solution you'd like in a clear and concise manner. -->
+
+### Alternatives considered
+
+<!-- A clear and concise description of any alternative solutions or features you've considered. -->
+
+### Additional information
+
+<!-- Add any other context or screenshots about the feature request here. -->

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: true

.github/workflows/build-and-deploy.yaml

@@ -1,91 +0,0 @@
-name: Build & deploy
-
-on:
-  push:
-    branches:
-    - master
-
-jobs:
-  build-and-deploy:
-    runs-on: ubuntu-18.04
-    steps:
-      -
-        name: "Prepare: Checkout"
-        uses: actions/checkout@v1
-      -
-        name: "Prepare: Create AWS user profile"
-        run: >-
-          bash "aws/scripts/configure/create-user-profile.sh" \
-            --profile user \
-            --access-key-id ${{secrets.AWS_DEPLOYMENT_USER_ACCESS_KEY_ID}} \
-            --secret-access-key ${{secrets.AWS_DEPLOYMENT_USER_SECRET_ACCESS_KEY}} \
-            --region us-east-1
-      -
-        name: "Infrastructure: Deploy IAM stack"
-        run: >-
-          bash "aws/scripts/deploy/deploy-stack.sh" \
-            --template-file aws/iam-stack.yaml \
-            --stack-name privacysexy-iam-stack \
-            --capabilities CAPABILITY_IAM  \
-            --region us-east-1 --role-arn ${{secrets.AWS_IAM_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}
-      -
-        name: "Infrastructure: Deploy certificate stack"
-        run: >-
-          bash "aws/scripts/deploy/deploy-stack.sh" \
-            --template-file aws/certificate-stack.yaml \
-            --stack-name privacysexy-certificate-stack \
-            --region us-east-1 \
-            --role-arn ${{secrets.AWS_CERTIFICATE_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}
-      -
-        name: "Infrastructure: Deploy DNS stack"
-        run: >-
-          bash "aws/scripts/deploy/deploy-stack.sh" \
-            --template-file aws/dns-stack.yaml \
-            --stack-name privacysexy-dns-stack \
-            --region us-east-1 \
-            --role-arn ${{secrets.AWS_DNS_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}
-      -
-        name: "Infrastructure: Deploy web stack"
-        run: >-
-          bash "aws/scripts/deploy/deploy-stack.sh" \
-            --template-file aws/web-stack.yaml \
-            --stack-name privacysexy-web-stack \
-            --region us-east-1 \
-            --role-arn ${{secrets.AWS_WEB_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}
-      -
-        name: "App: Setup node"
-        uses: actions/setup-node@v1
-        with:
-          node-version: '11.x'
-      -
-        name: "App: Install dependencies"
-        run: npm install
-      -
-        name: "App: Run tests"
-        run: npm run test:unit
-      - 
-        name: "App: Build"
-        run: npm run build
-      -
-        name: "App: Deploy to S3"
-        run: >-
-          bash "aws/scripts/deploy/deploy-to-s3.sh" \
-            --folder dist \
-            --web-stack-name privacysexy-web-stack --web-stack-s3-name-output-name S3BucketName \
-            --storage-class ONEZONE_IA \
-            --role-arn ${{secrets.AWS_S3_SITE_DEPLOYMENT_ROLE_ARN}} \
-            --region us-east-1 \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}
-      -
-        name: "App: Invalidate CloudFront cache"
-        run: >-
-          bash "aws/scripts/deploy/invalidate-cloudfront-cache.sh" \
-            --paths "/*" \
-            --web-stack-name privacysexy-web-stack --web-stack-cloudfront-arn-output-name CloudFrontDistributionArn \
-            --role-arn ${{secrets.AWS_CLOUDFRONT_SITE_DEPLOYMENT_ROLE_ARN}} \
-            --region us-east-1 \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}

.github/workflows/bump-and-release.yaml

@@ -0,0 +1,17 @@
+name: Bump & release
+
+on:
+  push: # Ensure a new release is created for each new tag
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  bump-version-and-release:
+    if: github.event.base_ref == 'refs/heads/master'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: undergroundwires/bump-everywhere@master
+        with:
+          user: undergroundwires-bot
+          release-token: ${{ secrets.BUMP_GITHUB_PAT }} # Does not trigger release pipeline if we use default token: https://github.community/t5/GitHub-Actions/Github-Action-trigger-on-release-not-working-if-releases-was/td-p/34559
+                                                        # GitHub does not inject secrets if pipeline runs from fork or a fork is merged to main repo. 

.github/workflows/deploy-desktop.yaml

@@ -0,0 +1,34 @@
+name: Deploy desktop
+
+on:
+ release:
+   types: [created] # will be triggered when a NON-draft release is created and published.
+
+jobs:
+  publish-desktop-app:
+    name: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [macos, ubuntu, windows]
+      fail-fast: false # So publish runs for other OSes if one fails
+    runs-on: ${{ matrix.os }}-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: master # otherwise it defaults to the version tag missing bump commit
+          fetch-depth: 0 # fetch all history
+      - name: Checkout to bump commit
+        run: git checkout "$(git rev-list "${{ github.event.release.tag_name }}"..master | tail -1)"
+      - name: Setup node
+        uses: actions/setup-node@v1
+        with:
+          node-version: '14.x'
+      - name: Install dependencies
+        run: npm ci
+      - name: Run tests
+        run: npm run test:unit
+      - name: Publish desktop app
+        run: npm run electron:build -- -p always # https://nklayman.github.io/vue-cli-plugin-electron-builder/guide/recipes.html#upload-release-to-github
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          EP_GH_IGNORE_TIME: true # Otherwise publishing fails if GitHub release is more than 2 hours old https://github.com/electron-userland/electron-builder/issues/2074

.github/workflows/deploy-site.yaml

@@ -0,0 +1,117 @@
+name: Deploy site
+
+on:
+ release:
+   types: [created] # will be triggered when a NON-draft release is created and published.
+
+jobs:
+  aws-deploy: # see: https://github.com/undergroundwires/aws-static-site-with-cd
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: "Infrastructure: Checkout"
+        uses: actions/checkout@v2
+        with:
+          path: aws
+          repository: undergroundwires/aws-static-site-with-cd
+      -
+        name: "Infrastructure: Create AWS user profile & session name"
+        run: >-
+          bash "scripts/configure/create-user-profile.sh" \
+            --profile user \
+            --access-key-id ${{secrets.AWS_DEPLOYMENT_USER_ACCESS_KEY_ID}} \
+            --secret-access-key ${{secrets.AWS_DEPLOYMENT_USER_SECRET_ACCESS_KEY}} \
+            --region us-east-1 \
+          && \
+            echo "SESSION_NAME=${{github.actor}}-${{github.event_name}}-$(echo ${{github.sha}} | cut -c1-8)" >> $GITHUB_ENV
+        working-directory: aws
+      -
+        name: "Infrastructure: Deploy IAM stack"
+        run: >-
+          bash "scripts/deploy/deploy-stack.sh" \
+            --template-file stacks/iam-stack.yaml \
+            --stack-name privacysexy-iam-stack \
+            --capabilities CAPABILITY_IAM \
+            --parameter-overrides "WebStackName=privacysexy-web-stack DnsStackName=privacysexy-dns-stack \
+                                   CertificateStackName=privacysexy-cert-stack RootDomainName=privacy.sexy" \
+            --region us-east-1 --role-arn ${{secrets.AWS_IAM_STACK_DEPLOYMENT_ROLE_ARN}} \
+            --profile user --session ${{ env.SESSION_NAME }}
+        working-directory: aws
+      -
+        name: "Infrastructure: Deploy DNS stack"
+        run: >-
+          bash "scripts/deploy/deploy-stack.sh" \
+            --template-file stacks/dns-stack.yaml \
+            --stack-name privacysexy-dns-stack \
+            --parameter-overrides "RootDomainName=privacy.sexy" \
+            --region us-east-1 \
+            --role-arn ${{secrets.AWS_DNS_STACK_DEPLOYMENT_ROLE_ARN}} \
+            --profile user --session ${{ env.SESSION_NAME }}
+        working-directory: aws
+      -
+        name: "Infrastructure: Deploy certificate stack"
+        run: >-
+          bash "scripts/deploy/deploy-stack.sh" \
+            --template-file stacks/certificate-stack.yaml \
+            --stack-name privacysexy-cert-stack \
+            --capabilities CAPABILITY_IAM \
+            --parameter-overrides "IamStackName=privacysexy-iam-stack RootDomainName=privacy.sexy DnsStackName=privacysexy-dns-stack" \
+            --region us-east-1 \
+            --role-arn ${{secrets.AWS_CERTIFICATE_STACK_DEPLOYMENT_ROLE_ARN}} \
+            --profile user --session ${{ env.SESSION_NAME }}
+        working-directory: aws
+      -
+        name: "Infrastructure: Deploy web stack"
+        run: >-
+          bash "scripts/deploy/deploy-stack.sh" \
+            --template-file stacks/web-stack.yaml \
+            --stack-name privacysexy-web-stack \
+            --parameter-overrides "CertificateStackName=privacysexy-cert-stack DnsStackName=privacysexy-dns-stack \
+                                   RootDomainName=privacy.sexy UseDeepLinks=true" \
+            --capabilities CAPABILITY_IAM \
+            --region us-east-1 \
+            --role-arn ${{secrets.AWS_WEB_STACK_DEPLOYMENT_ROLE_ARN}} \
+            --profile user --session ${{ env.SESSION_NAME }}
+        working-directory: aws
+      -
+        name: "App: Checkout"
+        uses: actions/checkout@v2
+        with:
+          path: site
+          ref: master # otherwise we don't get version bump commit
+      -
+        name: "App: Setup node"
+        uses: actions/setup-node@v1
+        with:
+          node-version: '14.x'
+      -
+        name: "App: Install dependencies"
+        run: npm ci
+        working-directory: site
+      -
+        name: "App: Run tests"
+        run: npm run test:unit
+        working-directory: site
+      - 
+        name: "App: Build"
+        run: npm run build
+        working-directory: site
+      -
+        name: "App: Deploy to S3"
+        run: >-
+          bash "aws/scripts/deploy/deploy-to-s3.sh" \
+            --folder site/dist \
+            --web-stack-name privacysexy-web-stack --web-stack-s3-name-output-name S3BucketName \
+            --storage-class ONEZONE_IA \
+            --role-arn ${{secrets.AWS_S3_SITE_DEPLOYMENT_ROLE_ARN}} \
+            --region us-east-1 \
+            --profile user --session ${{ env.SESSION_NAME }}
+      -
+        name: "App: Invalidate CloudFront cache"
+        run: >-
+          bash "aws/scripts/deploy/invalidate-cloudfront-cache.sh" \
+            --paths "/*" \
+            --web-stack-name privacysexy-web-stack --web-stack-cloudfront-arn-output-name CloudFrontDistributionArn \
+            --role-arn ${{secrets.AWS_CLOUDFRONT_SITE_DEPLOYMENT_ROLE_ARN}} \
+            --region us-east-1 \
+            --profile user --session ${{ env.SESSION_NAME }}

.github/workflows/quality-checks.yaml

@@ -0,0 +1,26 @@
+name: Quality checks
+
+on: [ push, pull_request ]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        lint-command:
+          - npm run lint:vue
+          - npm run lint:yaml
+          - npm run lint:md
+          - npm run lint:md:relative-urls
+          - npm run lint:md:consistency
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup node
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      - name: Install dependencies
+        run: npm ci
+      - name: Lint
+        run: ${{ matrix.lint-command }}

.github/workflows/security-checks.yaml

@@ -0,0 +1,24 @@
+name: Security checks
+
+on:
+  push:
+  pull_request:
+    paths: [ '/package.json', '/package-lock.json' ] # Allow PRs to be green if they do not introduce dependency change
+  schedule:
+    - cron: '0 0 * * 0'
+
+jobs:
+  npm-audit:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Setup node
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      -
+        name: NPM audit
+        run: npm audit

.github/workflows/test.yaml

@@ -1,26 +1,25 @@
-name: Run tests
+name: Test
 
-on:
-  push:
-    branches:
-      - '*'
-      - '!master'
+on: [ push, pull_request ]
 
 jobs:
-  build-and-deploy:
-    runs-on: ubuntu-latest
+  run-tests:
+    strategy:
+      matrix:
+        os: [macos, ubuntu, windows]
+    runs-on: ${{ matrix.os }}-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
       -
         name: Setup node
         uses: actions/setup-node@v1
         with:
-          node-version: '11.x'
+          node-version: '14.x'
       -
         name: Install dependencies
-        run: npm install
+        run: npm ci
       -
         name: Run tests
         run: npm run test:unit

.gitignore

@@ -1,4 +1,6 @@
 node_modules
-/dist
+dist/
 .vs
-.vscode
+.vscode
+#Electron-builder output
+/dist_electron

.markdownlint.json

@@ -0,0 +1,4 @@
+{
+    "default": true,
+    "MD013": false
+}

CHANGELOG.md

@@ -1,25 +1,393 @@
 # Changelog
 
-- All notable changes to this project will be documented in this file.
+## 0.10.0 (2021-03-02)
 
-## [Unreleased]
+* allow functions to call other functions #53 | [7661575](https://github.com/undergroundwires/privacy.sexy/commit/7661575573c6d3e8f4bc28bfa7a124a764c72ef9)
+* add option to run script directly in desktop app | [9a6b903](https://github.com/undergroundwires/privacy.sexy/commit/9a6b903b9297802845043fd41115756acd4a145c)
+* add script to automatically kill devicecensus process | [c9b91f6](https://github.com/undergroundwires/privacy.sexy/commit/c9b91f6d8f9bd16308b6beda119e7154a985b6cf)
+* refactor disabling application experience and document better | [45a3669](https://github.com/undergroundwires/privacy.sexy/commit/45a3669443d82855a52f60524d341c15f380f9e7)
+* escape printed characters to prevent command injection #45 | [1260eea](https://github.com/undergroundwires/privacy.sexy/commit/1260eea690e4fa5420e58c9de9f88cc29cb242db)
+* move code area to right on bigger screens | [cf39e6d](https://github.com/undergroundwires/privacy.sexy/commit/cf39e6d2541ea547f41d9553c380c54c24c58038)
+* more scripts to disable speech recognition and Cortana | [ee43fd9](https://github.com/undergroundwires/privacy.sexy/commit/ee43fd92a019ebd26c13890f9146c5b5bb56afaf)
+* add more macos scripts for privacy cleanup | [b0a7d0b](https://github.com/undergroundwires/privacy.sexy/commit/b0a7d0b53b3d8ac144a0241d70c037f460b0c0cc)
+* add better error messages to setting vscode settings | [65226f3](https://github.com/undergroundwires/privacy.sexy/commit/65226f3984480d0bc7932fd8d76a328f08308850)
+* remove windows scripts for removing non-bloating system apps #55 | [15004ff](https://github.com/undergroundwires/privacy.sexy/commit/15004ff1f1fb85a1d92e11ef695bcb2f37110610)
+* remove "preview" disclaimer from macOS | [970221b](https://github.com/undergroundwires/privacy.sexy/commit/970221b996e25fe5b029cbaa78607c9bbc8c3c0e)
+* update screenshot | [bd41af4](https://github.com/undergroundwires/privacy.sexy/commit/bd41af466fd135f7dc2f171633e4f60d8547c373)
 
-## [0.2.0] - 2020-01-06
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.9.2...0.10.0)
 
-- Fixed typo in generated code.
-- Better URL validation for documentation links in `application.yaml`.
-- Slightly faster parsing of `application.yaml`
-- Styled no JS error that's shown when JavaScript is disabled.
-- The default selection is now *None* & instruction text is shown in code box when nothing is selected.
-- Added hyphen lines when rendering of long function names
-- Changed subtitle: added version as footer instead.
+## 0.9.2 (2021-02-13)
 
-## [0.1.0] - 2019-12-31
+* do not compile with unused locals vuejs/vetur#1063 | [73e0520](https://github.com/undergroundwires/privacy.sexy/commit/73e0520de70cdbaf0ecdc6e9be5e85f003fcfb79)
+* fix wrong path for NvTelemtry file in NVIDIA script | [34b8822](https://github.com/undergroundwires/privacy.sexy/commit/34b8822ac821acb47e483e21b57e380551bcf455)
+* refactor event handling to consume base class for lifecycling | [f1e21ba](https://github.com/undergroundwires/privacy.sexy/commit/f1e21babbfaac21903594a37e30163bfe3338279)
+* make compiler throw if a function call includes an unexpected parameter | [15353d0](https://github.com/undergroundwires/privacy.sexy/commit/15353d0e2513c89ee4ffd9d9c5e9e83ef69b96b6)
+* refactor vscode configuration scripts using functions #41 | [67b2d1c](https://github.com/undergroundwires/privacy.sexy/commit/67b2d1c11cd5b131dff93a4437db79d96ed8b3dc)
+* refactor state handling to make application available independent of the state | [df273f7](https://github.com/undergroundwires/privacy.sexy/commit/df273f7f635ab156ac51a8dfb3fec66c4979f1c4)
+* add test to ensure correct shared functions are being parsed | [d7de420](https://github.com/undergroundwires/privacy.sexy/commit/d7de420d5c91bd9ce64880cd4a4391ad3a0a5401)
+* refactor and add tests for NonCollapsingDirective | [5934b17](https://github.com/undergroundwires/privacy.sexy/commit/5934b1728328c3b2ece1597b74dd87477d162175)
+* add GitHub issue templates | [daa997b](https://github.com/undergroundwires/privacy.sexy/commit/daa997b21b624d133c6f5e4cd6b70214588f9144)
+* correct the typo in application.md (#60) | [575636e](https://github.com/undergroundwires/privacy.sexy/commit/575636e6b728a2bdd1a9bd72c57bbf2752f10887)
 
-- Initial release
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.9.1...0.9.2)
 
-## All releases
+## 0.9.1 (2021-01-23)
 
-- [Unreleased] : https://github.com/undergroundwires/privacy.sexy/compare/v0.2.0...HEAD
-- [v0.2.0] : https://github.com/undergroundwires/privacy.sexy/compare/v0.1.0...v0.2.0
-- [v0.1.0] : https://github.com/undergroundwires/privacy.sexy/releases/tag/v0.1.0
+* in CI/CD, allow publishing to github if release is more than 2 hours old electron-userland/electron-builder#2074 | [cf907d0](https://github.com/undergroundwires/privacy.sexy/commit/cf907d029a6d80682ba78ec887a9c4fab639db51)
+* in CI/CD, publish packages for other OSes if single one fails | [4015e2c](https://github.com/undergroundwires/privacy.sexy/commit/4015e2ccd8492e0693365b70fbfe3bd0ac7a6ea2)
+* specify desktop publish targets as defaults (may) change | [2316e3f](https://github.com/undergroundwires/privacy.sexy/commit/2316e3fb6867e5d765eafcf675b77f88bd2a0f52)
+* fix selection state indicator on cards not showing up | [8b0e47d](https://github.com/undergroundwires/privacy.sexy/commit/8b0e47da38c49cfe2645d7d25970c448ecd200f8)
+* transpile using babel for legacy browser support | [7930bef](https://github.com/undergroundwires/privacy.sexy/commit/7930bef48c4e9a4fe0823673958ed8377f5ee533)
+* fix node APIs no longer working on desktop nklayman/vue-cli-plugin-electron-builder#610, nklayman/vue-cli-plugin-electron-builder#742 | [d7f9ef1](https://github.com/undergroundwires/privacy.sexy/commit/d7f9ef1cbebe911aa19f29be8c5fa9360550793e)
+* improve explanation for selections | [229c13a](https://github.com/undergroundwires/privacy.sexy/commit/229c13a195dee92e4a31731b7b41c319273a16f1)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.9.0...0.9.1)
+
+## 0.9.0 (2021-01-15)
+
+* refactor application.yaml to become an os definition #40 | [f7557bc](https://github.com/undergroundwires/privacy.sexy/commit/f7557bcc0faf44e8395b68c7eb14c5f715f07b92)
+* refactor folders to move "/state" (IApplicationState) inside "/context" (IApplicationContext) | [3467241](https://github.com/undergroundwires/privacy.sexy/commit/34672414c3e0757173036e351df0a73c1708ded5)
+* add scripts to prevent family safety monitoring | [e14bf2b](https://github.com/undergroundwires/privacy.sexy/commit/e14bf2bfa03efe28ff39942c9891fca605f13eed)
+* rework Cortana scripts to remove duplicates, better document and support Windows version 2004/2009 #43 | [7cc161c](https://github.com/undergroundwires/privacy.sexy/commit/7cc161c828a3fa49f6f254e31834a95a502b7aa2)
+* rename Application to CategoryCollection #40 | [6fe858d](https://github.com/undergroundwires/privacy.sexy/commit/6fe858d86aeb0f8b6d5ae5c2a5e3c25ff32e5f6f)
+* add script to clean previous windows installation #35 | [3455a2c](https://github.com/undergroundwires/privacy.sexy/commit/3455a2ca6ce13f9b0e866d88532a5c3d6de30d4d)
+* refactor to allow switching ICategoryCollection context #40 | [2e40605](https://github.com/undergroundwires/privacy.sexy/commit/2e40605d59eb764768457c6af561487e7ff09777)
+* fix typo causing uninstalling capabilities to fail #51 | [c299e95](https://github.com/undergroundwires/privacy.sexy/commit/c299e95bc6d588317b69a9efcf5752ff5c9c3926)
+* improve uninstalling apps to show errors and exit if taking ownership fails #51 | [72e925f](https://github.com/undergroundwires/privacy.sexy/commit/72e925fb6f908cd58fb50618f29726b3fb54a7f1)
+* move application.yaml to collections/windows.yaml #40 | [6b83dcb](https://github.com/undergroundwires/privacy.sexy/commit/6b83dcbf8fa08b4efe9974c7d7a667458f7c595c)
+* recommend onedrive removal on strict mode | [663d63b](https://github.com/undergroundwires/privacy.sexy/commit/663d63bde08dd1b0d43ec144c758399cec90ec70)
+* document app connector removal and recommend on strict mode | [9d009c4](https://github.com/undergroundwires/privacy.sexy/commit/9d009c40dd411c73c7ae032a78ec51490ecce024)
+* recommend removing cortana taskbar icon on standard mode | [7ec889e](https://github.com/undergroundwires/privacy.sexy/commit/7ec889e759df04bba99d3b6c4d0597809bd94058)
+* fix unintended null file creation #52 | [2428de2](https://github.com/undergroundwires/privacy.sexy/commit/2428de23ee02de987e7e6ec80ebd67be369d9048)
+* add initial macOS support #40 | [8a8b731](https://github.com/undergroundwires/privacy.sexy/commit/8a8b7319d539b31c1d8ad9eaf541762d64f02493)
+* add scripts to manage chromium based edge | [86a2b2f](https://github.com/undergroundwires/privacy.sexy/commit/86a2b2fda0b6a2565c550758c7c175fa795926b7)
+* update screenshot | [c318bd3](https://github.com/undergroundwires/privacy.sexy/commit/c318bd301a2cbebbf5cdba06c0f18ac291aa4788)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.8.2...0.9.0)
+
+## 0.8.2 (2020-12-26)
+
+* replace ampersand in "Movies & TV app" with "and" to prevent batch file from misinterpreting it (#45) | [52d4313](https://github.com/undergroundwires/privacy.sexy/commit/52d4313156d2dcbc508b7271e7d9dfd45723d7bc)
+* update dependencies to latest #46 | [d9e44e2](https://github.com/undergroundwires/privacy.sexy/commit/d9e44e25744e5d0aa01b8fc0f0af74c48027aea3)
+* fix type assignment error after typescript upgrade | [55f936f](https://github.com/undergroundwires/privacy.sexy/commit/55f936fee9f86757f63fa8952d89711feb247e5b)
+* correct typos (#48) | [a744415](https://github.com/undergroundwires/privacy.sexy/commit/a744415eb2ab65ee4f519f863fdd6a43953377bb)
+* in ci/cd, do not run security checks if PRs do not change dependencies #48 | [54ba4db](https://github.com/undergroundwires/privacy.sexy/commit/54ba4dbb0bf8f08f9479f8facb2e12c786c1bc51)
+* rename app launch tracking tweak to make it more clear #44 | [b3117c2](https://github.com/undergroundwires/privacy.sexy/commit/b3117c27f283c2d5a25fd94021a9f628a272cda6)
+* refactor capabilities to use a shared function #41 #47 | [c4ec6a1](https://github.com/undergroundwires/privacy.sexy/commit/c4ec6a1445d2fd5eb923c97b54aee01e272e13a8)
+* rename "disable" to "uninstall" for removing capabilities #47 | [8cd3352](https://github.com/undergroundwires/privacy.sexy/commit/8cd3352017f9dc85f8efcd7b450d90f555d3e92e)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.8.1...0.8.2)
+
+## 0.8.1 (2020-11-16)
+
+* refactor removing bloatware to use functions #41 | [ffa279f](https://github.com/undergroundwires/privacy.sexy/commit/ffa279f3dfe51db564f0a3859543eb212170e173)
+* fix reinstalling store apps by searching appx for all users | [2c5ab3e](https://github.com/undergroundwires/privacy.sexy/commit/2c5ab3ea7da159cfb9fbfbbb7cdd28afbee965ea)
+* fix clearing jump lists causing os to break and user pin removal #37 | [92c3dd9](https://github.com/undergroundwires/privacy.sexy/commit/92c3dd923257ac940eab6cbab858698ed55a09b7)
+* fix reinstalling store apps by searching appx for all users | [4e72673](https://github.com/undergroundwires/privacy.sexy/commit/4e7267337301fe4a0480ba0603218fca25c2d096)
+* refactor unused imports | [45b8dd9](https://github.com/undergroundwires/privacy.sexy/commit/45b8dd972b1edf9e263858c23b27e7a1d2e07077)
+* fix not being able to uninstall system apps | [31e08d2](https://github.com/undergroundwires/privacy.sexy/commit/31e08d231d52e2a691400468b7c599c142a29448)
+* fix wrong app names caused by wrong Microsoft docs | [e41e40c](https://github.com/undergroundwires/privacy.sexy/commit/e41e40c5bf01e2971d3054fcd3a48f8465a96622)
+* unrecommend some system apps and document more | [29c7704](https://github.com/undergroundwires/privacy.sexy/commit/29c7704e0bd38f6e9923cde84accb569b02d2dd6)
+* fix not being able to rename paths including brackets | [ad1872e](https://github.com/undergroundwires/privacy.sexy/commit/ad1872e7cd4ad7ef9facf33fadfa8c6a55065dd3)
+* fix errors when file already exists | [c26bc20](https://github.com/undergroundwires/privacy.sexy/commit/c26bc209eb167aa71cad10b7f3ea02d0dedd97b0)
+* move Microsoft.Appconnector to right category | [b247b12](https://github.com/undergroundwires/privacy.sexy/commit/b247b12c3f009aab4350e33f4779fd193e570050)
+* replace deprecated github ::set-env command | [ab7d617](https://github.com/undergroundwires/privacy.sexy/commit/ab7d617886a65fe4f3c2daa929168e5678ccae60)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.8.0...0.8.1)
+
+## 0.8.0 (2020-11-01)
+
+* add support for different recommendation levels: strict and standard | [14be301](https://github.com/undergroundwires/privacy.sexy/commit/14be3017c55ed5e0d9bdecb63fcc4e1131e79ab0)
+* Add GroupMe and Spotify removal option (#34) | [3785c62](https://github.com/undergroundwires/privacy.sexy/commit/3785c623f837b182d82fa383dfe7709722a67248)
+* switch places of download and copy buttons | [50fb290](https://github.com/undergroundwires/privacy.sexy/commit/50fb29038ae19b17ec006093db02cf1e568d53c3)
+* change "download" button to "save" on desktop | [07fc555](https://github.com/undergroundwires/privacy.sexy/commit/07fc555324d8bf4fa3594a9701daaa124a873153)
+* show icons on cards during indeterminate and fully selected states | [1072505](https://github.com/undergroundwires/privacy.sexy/commit/1072505219edc47d82a91f148d1f310f32869fea)
+* add scripts to increase cryptography, enable camera notifications and remove todo app (#36) | [4c68408](https://github.com/undergroundwires/privacy.sexy/commit/4c68408f1ec339dc8d39c7ab044f825a7f7185cb)
+* update recommendations to be safer and consistent | [d0019c2](https://github.com/undergroundwires/privacy.sexy/commit/d0019c2c9b1eea620e2e8e02b586903ce62b80e3)
+* rework disabling metadata retrieval | [ac70b06](https://github.com/undergroundwires/privacy.sexy/commit/ac70b063b8a15bc528256185792939685be6b36f)
+* add all dist folders in gitignore because of files auto-generated by vscode | [1a9db31](https://github.com/undergroundwires/privacy.sexy/commit/1a9db31c7778c3269a71c0bd9665827efda70a02)
+* add support for shared functions #41 | [8ce06fa](https://github.com/undergroundwires/privacy.sexy/commit/8ce06facbd54184402a4b1af3c7303e64db85b8a)
+* hide scrollbars on code area when not overflowing | [fd28eaa](https://github.com/undergroundwires/privacy.sexy/commit/fd28eaad061c75ea1aa7e0f0d60ea37a7e52f8c4)
+* update screenshot | [cfedcd7](https://github.com/undergroundwires/privacy.sexy/commit/cfedcd724cad7708b30c7390a7bca3b6313b6726)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.7.6...0.8.0)
+
+## 0.7.6 (2020-10-18)
+
+* add docs for default0 pointing to github discussion (#30) | [a3fc378](https://github.com/undergroundwires/privacy.sexy/commit/a3fc3782efd346b4c99d2a0b40df2eb0229f5b36)
+* add robots.txt to explicitly allow indexing | [4c2f749](https://github.com/undergroundwires/privacy.sexy/commit/4c2f74949b0758d33049bdfa4f0124a28958f8ea)
+* add more reversibility | [19a092d](https://github.com/undergroundwires/privacy.sexy/commit/19a092dd31fb3588277f1ab3120b409d98506752)
+* refactor to read more from package.json | [784a67a](https://github.com/undergroundwires/privacy.sexy/commit/784a67afff681bc19147d03c947de0e165d97e87)
+* simplify "why" section | [77c3d2b](https://github.com/undergroundwires/privacy.sexy/commit/77c3d2bbb8d13db86bb82ed0b5cbeaacfdea3db9)
+* update dependencies to latest | [11e0613](https://github.com/undergroundwires/privacy.sexy/commit/11e06131655398db08faeeacff62062e46e0dddd)
+* run tests on all operating systems: macos, ubuntu, windows | [d9d7f62](https://github.com/undergroundwires/privacy.sexy/commit/d9d7f62d81d4d8f95104d33211e82641884d711f)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.7.5...0.7.6)
+
+## 0.7.5 (2020-09-14)
+
+* fix reverting (reinstalling) capabilities not working | [939d838](https://github.com/undergroundwires/privacy.sexy/commit/939d838e3535bb1c9b00c8ea9dacb735ae41d700)
+* fix tests and checks are not running on PRs | [82d5091](https://github.com/undergroundwires/privacy.sexy/commit/82d509129b4e4a5df4b84786a0d6842a7d26e888)
+* fix the recycling bin option (#32) | [15db311](https://github.com/undergroundwires/privacy.sexy/commit/15db3118012a172a2191a2afad57084a65b34642)
+* fix rendering issue in older edge/IE | [6efed72](https://github.com/undergroundwires/privacy.sexy/commit/6efed72bf25c2ddf0901caab7f22966ca13cd47a)
+* fix pasting in search bar after page load showing no results | [d169434](https://github.com/undergroundwires/privacy.sexy/commit/d1694341578288eeaf8b80caf9296a38d76789f0)
+* fix typo | [7dd15ed](https://github.com/undergroundwires/privacy.sexy/commit/7dd15ed06433e0e6583ab0fa46a683ce6554bbea)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.7.4...0.7.5)
+
+## 0.7.4 (2020-09-12)
+
+* fix checked checkbox has blue border | [4ae385b](https://github.com/undergroundwires/privacy.sexy/commit/4ae385b7fcea9014a68442714b7d99e2ee7df7d0)
+* fix spectre protection getting single lined #31 | [22b23a9](https://github.com/undergroundwires/privacy.sexy/commit/22b23a9ece446c7f9abd4ede293051eb616ad50a)
+* fix missing reg value in denying app access to account | [3c13a9e](https://github.com/undergroundwires/privacy.sexy/commit/3c13a9e837e06e097450b31d7eb0c0e6bf20cefb)
+* fix wrong path in clear all firefox user profile settings | [ee66196](https://github.com/undergroundwires/privacy.sexy/commit/ee66196d9a60f27d17ae7f62d02b4f119a47e6e0)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.7.3...0.7.4)
+
+## 0.7.3 (2020-09-12)
+
+* fix vscode settings file override and add more configs | [a0d6172](https://github.com/undergroundwires/privacy.sexy/commit/a0d61728ead04b4455437f85820121a848db9e00)
+* fix nvidia tweak error message, categorize and add reversibility | [99a2035](https://github.com/undergroundwires/privacy.sexy/commit/99a2035fdb0766a4dfc2753133eab0d7666516cd)
+* improve CPU specific tweaks by conditional platform checks and reversibility | [8df5faf](https://github.com/undergroundwires/privacy.sexy/commit/8df5faf4ef05a49da63973bd0fbb5c5d07d5bd93)
+* fix wrong path to the main telemetry file | [de4ac97](https://github.com/undergroundwires/privacy.sexy/commit/de4ac978bdda79573b36d355697b8a028d2c0beb)
+* fix naming of firefox cleanup to mention profiles | [3ab48b1](https://github.com/undergroundwires/privacy.sexy/commit/3ab48b1cf5f7f934f07e468ef2318ccee07f530c)
+* add reversibility and more scripts to denying app access with better structure | [1d465ee](https://github.com/undergroundwires/privacy.sexy/commit/1d465ee3189d0e5a827453b3f0eb4361efe23770)
+* fix comment lines are being detected as duplicate in validation | [b6ccb59](https://github.com/undergroundwires/privacy.sexy/commit/b6ccb5927a20412976a54fd2215eb645092f98a8)
+* add more detailed error message | [1f11c39](https://github.com/undergroundwires/privacy.sexy/commit/1f11c39773c12eccfb3efb898b58c2f6f37ab9ca)
+* fix typo in a test | [1f19b25](https://github.com/undergroundwires/privacy.sexy/commit/1f19b2528a69383e63e579d2885f01cd804abf6c)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.7.2...0.7.3)
+
+## 0.7.2 (2020-09-06)
+
+* update onesync documentation and do not recommend it as it breaks other apps | [f36d8bf](https://github.com/undergroundwires/privacy.sexy/commit/f36d8bfc7848bb65ac0c641e318a689bf3816ccf)
+* add reversibility for biometric disabling and do not recommend it | [db74531](https://github.com/undergroundwires/privacy.sexy/commit/db74531cd4139615c6d595959217d3651f099019)
+* fix bad highlighting of selected nodes when using keyboard navigation | [255133a](https://github.com/undergroundwires/privacy.sexy/commit/255133af4dfae40171406648a3e2920f16d71cb3)
+* add reversibility to removing bloatware | [c7b2a70](https://github.com/undergroundwires/privacy.sexy/commit/c7b2a703128470a05f12c9c6e8002444def37ef8)
+* fix indeterminate state being lost | [1f266c3](https://github.com/undergroundwires/privacy.sexy/commit/1f266c33535f72b69c65985bf2eff27cd2c5a104)
+* fix wording in default text in text area | [ca63a09](https://github.com/undergroundwires/privacy.sexy/commit/ca63a0979ef55d07d09d9443e5cea9aa888870a5)
+* add best practice suggestion to come back | [f4885b6](https://github.com/undergroundwires/privacy.sexy/commit/f4885b6f1c82752f2143934e336d6d1b1af03015)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.7.1...0.7.2)
+
+## 0.7.1 (2020-09-04)
+
+* fix some browsers (including firefox) downloading the script as a text file | [8c17929](https://github.com/undergroundwires/privacy.sexy/commit/8c17929151f9c4fa5f48564492bbf400ced95eea)
+* rename screenshot image file | [b8682a8](https://github.com/undergroundwires/privacy.sexy/commit/b8682a852a14ed6cf49986695d9510b840ac9d3d)
+* fix new/changed script higlighting not working on production builds | [8c38dd7](https://github.com/undergroundwires/privacy.sexy/commit/8c38dd73d8c7b77d8d341c0389f4d7229f9b97fd)
+* refactor unused imports | [6badfef](https://github.com/undergroundwires/privacy.sexy/commit/6badfef9daace0c5de3fd33652a82bfe22261b11)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.7.0...0.7.1)
+
+## 0.7.0 (2020-09-02)
+
+* [search] better (multilined) message when there are no results | [ec15af0](https://github.com/undergroundwires/privacy.sexy/commit/ec15af01dd020b364c2174fe562fd66227c2320c)
+* [search] added clear/close button | [d6fa9a2](https://github.com/undergroundwires/privacy.sexy/commit/d6fa9a2a03c0ebe68b94f0b80cc52b4e200c9213)
+* move script generation to /generation | [5df4587](https://github.com/undergroundwires/privacy.sexy/commit/5df458739d076719e350ba194c4f3f772884fcdb)
+* add auto-highlighting of selected/updated code | [b789250](https://github.com/undergroundwires/privacy.sexy/commit/b789250cb89e2130b08e1a927df8181cf945dfeb)
+* prompt admin priviliges automatically | [f8ba5c4](https://github.com/undergroundwires/privacy.sexy/commit/f8ba5c46e4923d9c35f200f8a08aa6437f7c0ecc)
+* add removal of ghost (default0) telemetry user | [c262681](https://github.com/undergroundwires/privacy.sexy/commit/c262681011f39b4412669b6cf233476f676ca550)
+* add more windows defender tweaks, categorization and reversibility | [1a34c73](https://github.com/undergroundwires/privacy.sexy/commit/1a34c7374ba56bafa0209bbb55c81b233bb419ed)
+* fix NTP script documentation is on wrong place | [3060ebf](https://github.com/undergroundwires/privacy.sexy/commit/3060ebf79cf242370433495cc3e1878b7581b202)
+* updated dependencies to latest and audit fixes (#25) | [c628aa9](https://github.com/undergroundwires/privacy.sexy/commit/c628aa9aef8ab7c815661d3c1711e7fbc65c69a2)
+* categorize, fix and extend windows log files cleanup | [594a14d](https://github.com/undergroundwires/privacy.sexy/commit/594a14d6ca76cbd27a21877b8c373c1930589ca6)
+* add more OneDrive cleanup scripts and categorize them | [978d7d0](https://github.com/undergroundwires/privacy.sexy/commit/978d7d08638dd161082f239ed088b12302f29458)
+* add disabling firefox telemetry | [f8b8b4c](https://github.com/undergroundwires/privacy.sexy/commit/f8b8b4c97ab734d5ba7370894b694993924388da)
+* add disabling ccleaner telemetry | [018b7e2](https://github.com/undergroundwires/privacy.sexy/commit/018b7e270f207aac926cb12f8069ebfcdce193ce)
+* Add disabling of PowerShell 7+ telemetry (#29) | [456e40b](https://github.com/undergroundwires/privacy.sexy/commit/456e40bedf9afcc846f9b13f1ea144cef6115cf6)
+* categorize, fix, make scripts reversible in "UI for privacy", "security improvements" and "configure browsers" | [532915b](https://github.com/undergroundwires/privacy.sexy/commit/532915b95da9fecd6b981d91bf489359e4e53caa)
+* fix "Configure Defender" being in wrong category #28 | [f709d6a](https://github.com/undergroundwires/privacy.sexy/commit/f709d6a566ed7846b677b383863deda9680a2a9c)
+* do not hardcode capability versions and make them reversible | [2afef4e](https://github.com/undergroundwires/privacy.sexy/commit/2afef4ea3d0d3d09aa1fa1eedba8493680bd8f10)
+* exclude paint, wordpad and notepad from bloatware removal | [d235dee](https://github.com/undergroundwires/privacy.sexy/commit/d235dee95514a01745aef9479d07f88ffb4b40b8)
+* add reversibility on category level | [f51e885](https://github.com/undergroundwires/privacy.sexy/commit/f51e8859eeb32c944126d692cfe03a0320c8b568)
+* refactor unused imports & variables | [a23d28f](https://github.com/undergroundwires/privacy.sexy/commit/a23d28f2cfa2d64d45460697cf5ee9d6b5920752)
+* fix search (got broken in b789250) with tests and refactorings | [8bbe6eb](https://github.com/undergroundwires/privacy.sexy/commit/8bbe6ebf750f1a1cbab493fb99b5ea91f4e21609)
+* update the screenshot to show off highlighting | [b4aacea](https://github.com/undergroundwires/privacy.sexy/commit/b4aacea2a3e0bbcf2d8a79ff67f51c0f19e888a6)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.6.2...0.7.0)
+
+## 0.6.2 (2020-08-16)
+
+* 🐛 fixed disabling error reporting for november 2019 update | [5967347](https://github.com/undergroundwires/privacy.sexy/commit/5967347b80976a519f6f4eb1972a62f3e600df2b)
+* 🐛 fixed blank screen and icons on mac | [7fac0fe](https://github.com/undergroundwires/privacy.sexy/commit/7fac0fe79f252e8f9dda4f6f83cd6fa4ba2b539f)
+* 🐛 fixed removing onedrive does not delete scheduled tasks | [b6bfc25](https://github.com/undergroundwires/privacy.sexy/commit/b6bfc2572740c0cd46d3bc0058fa767dd5fa862e)
+* ⚙️ enhanced tweak to disable for office telemetry | [afc3bfb](https://github.com/undergroundwires/privacy.sexy/commit/afc3bfb3b8896f332c9a196973ded3dce8fd21e4)
+* ✨ added script to clear dotnet telemery | [1663bfe](https://github.com/undergroundwires/privacy.sexy/commit/1663bfeac7b6580b1335ca5fcf3587b69c080c72)
+* 🐛 fixed changing time server not working | [c69998c](https://github.com/undergroundwires/privacy.sexy/commit/c69998c7cb29ffcf40f0af03b73150736581da69)
+* 🔥 removed disabling ClickToRun as it breaks office | [3d3380f](https://github.com/undergroundwires/privacy.sexy/commit/3d3380f27ebeea53f17f49974aaa89300ffaf2dd)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.6.1...0.6.2)
+
+## 0.6.1 (2020-08-09)
+
+* updated documentation | [5963d2b](https://github.com/undergroundwires/privacy.sexy/commit/5963d2bac551083f9d16cce6b851abf0e8b88ce7)
+* fixed typo in footer | [5c15a7a](https://github.com/undergroundwires/privacy.sexy/commit/5c15a7a64aaf24578a32713dec491bf494216303)
+* more scripts can be reverted | [831c014](https://github.com/undergroundwires/privacy.sexy/commit/831c014f977515454ee6dc664d77a8c434495501)
+* moved windows connect now to security & recommended | [6049a2b](https://github.com/undergroundwires/privacy.sexy/commit/6049a2b834d8d17af741f8d8f8b07cd15153b001)
+* fixed mac / linux download links | [4c8be45](https://github.com/undergroundwires/privacy.sexy/commit/4c8be45e287b5ea009d6f828f7f327f37850569e)
+* tweaks to disable webcam, speech and compatibility telemetry | [a5dbe66](https://github.com/undergroundwires/privacy.sexy/commit/a5dbe66fc175e39397f296ab2ff703e9b0ab4d7c)
+* refactorings | [66d4d39](https://github.com/undergroundwires/privacy.sexy/commit/66d4d39d5bf3db305450514c6b6224654dafbfb2)
+* fixed removing onedrive does not clean start menu / quick access | [1cc1219](https://github.com/undergroundwires/privacy.sexy/commit/1cc12195a3e9a11c590d3ed64d80299b50f74838)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.6.0...0.6.1)
+
+## 0.6.0 (2020-07-26)
+
+* fixed dead links in documentation | [25ce236](https://github.com/undergroundwires/privacy.sexy/commit/25ce236a7737decaf2eb9b8c29a4c4f34d43f770)
+* runs tests on each push on the repository | [73c4268](https://github.com/undergroundwires/privacy.sexy/commit/73c426844a0330718a9ab7de12b61ca05e853323)
+* code area now shows "how" before "why" | [4ff4b52](https://github.com/undergroundwires/privacy.sexy/commit/4ff4b52202b1c5dbfe2b80580bbe7d93132ab05c)
+* support for desktop versions #20 | [04b9b59](https://github.com/undergroundwires/privacy.sexy/commit/04b9b59e14766ccd251474ad3710baf1f682fd49)
+* reworked on footer & removed github icon | [60a5a2a](https://github.com/undergroundwires/privacy.sexy/commit/60a5a2aa4026d384bef9e6a203f1b7514a269c33)
+* updated dependencies to latest | [45816a2](https://github.com/undergroundwires/privacy.sexy/commit/45816a2bccb3d11a50e3f2bc19c0a6cc2587deaa)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.5.0...0.6.0)
+
+## 0.5.0 (2020-07-19)
+
+* added ability to revert (#21) | [9c063d5](https://github.com/undergroundwires/privacy.sexy/commit/9c063d59defa6297c64f50b49403e8bd10620de9)
+* search placeholder shows total scripts | [1d5225d](https://github.com/undergroundwires/privacy.sexy/commit/1d5225de07186f853f4cf7aedd4998f5d00c107a)
+* do not collapse card when on "Search" and "Select" | [dd7e141](https://github.com/undergroundwires/privacy.sexy/commit/dd7e1416b4df54bf71b719d4654db88769dc0994)
+* opening a card scrolls to its content div | [31d2067](https://github.com/undergroundwires/privacy.sexy/commit/31d2067f076c3159483baec49975617dddbd158d)
+* all cards in same line now have same height | [a9f9e90](https://github.com/undergroundwires/privacy.sexy/commit/a9f9e9044385d9aed3b5551fc6c6823e813fd1e5)
+* patched loadash vulnerability (#18) | [92a7118](https://github.com/undergroundwires/privacy.sexy/commit/92a7118d1c5013312772e075b9ee5a79c93710b8)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.10...0.5.0)
+
+## 0.4.10 (2020-07-15)
+
+* fixed script errors & added tests | [9e722dd](https://github.com/undergroundwires/privacy.sexy/commit/9e722ddfb3825fb29d6298025baaaa033120d017)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.9...0.4.10)
+
+## 0.4.9 (2020-07-14)
+
+* disable office telemetry Disassembler0/Win10-Initial-Setup-Script#288 | [53cf595](https://github.com/undergroundwires/privacy.sexy/commit/53cf595e1726ee3de79137fd566978fd512d218f)
+* updated to may 2020 update | [909c44d](https://github.com/undergroundwires/privacy.sexy/commit/909c44d72a4a602ee8f27d06b6ec706c1e432ce1)
+* simplified docker builds | [f27a287](https://github.com/undergroundwires/privacy.sexy/commit/f27a2871d74e5117fc029be82caef12246e10879)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.8...0.4.9)
+
+## 0.4.8 (2020-07-11)
+
+* added more scripts #16 (#17) | [d8552c6](https://github.com/undergroundwires/privacy.sexy/commit/d8552c62ffea13ce62abce836c7dd4980eef6bb9)
+* stopping services before disabling #16 | [628c16e](https://github.com/undergroundwires/privacy.sexy/commit/628c16eb952495f5b3f6d794161b355f4b08b819)
+* can disable features, capabilities & remove onedrive #16 | [30efbcc](https://github.com/undergroundwires/privacy.sexy/commit/30efbcc621eb83dd5a9c1e66b8f1f5350eb95006)
+* updated one more typo (#19) | [d7a1325](https://github.com/undergroundwires/privacy.sexy/commit/d7a1325c0b7665ce712dc411965d00fc1d6fa384)
+* more tweaks #16 | [2c4eb78](https://github.com/undergroundwires/privacy.sexy/commit/2c4eb78c3f156cb0d033977cffbe7464697680f5)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.7...0.4.8)
+
+## 0.4.7 (2020-06-30)
+
+* removed HKU tweak as all HKU's are changed #10 | [c937af8](https://github.com/undergroundwires/privacy.sexy/commit/c937af8ee7da9aa95131e56abf7bf24800390fe6)
+* Fixed types + script in "Clear Windows log files" (#15) | [461a4f1](https://github.com/undergroundwires/privacy.sexy/commit/461a4f122b342369db5cc08c5e30961c64e68cdd)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.6...0.4.7)
+
+## 0.4.6 (2020-06-16)
+
+* Fixed Some More Issues (#12) | [52d5713](https://github.com/undergroundwires/privacy.sexy/commit/52d5713a99422cdf900aba819e49e998abac33cc)
+* removed failing continuous deployment #14 | [583c566](https://github.com/undergroundwires/privacy.sexy/commit/583c5660d6ac934b845a044e013357aa91f61c15)
+* Updated Some Tweaks (#11) | [0fc1845](https://github.com/undergroundwires/privacy.sexy/commit/0fc18459cde57684f00764815062f838f932aed5)
+* Updated Some More Tweaks (#13) | [019b838](https://github.com/undergroundwires/privacy.sexy/commit/019b838925e963b7ec052ac76c6faf5650b9eb67)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.5...0.4.6)
+
+## 0.4.5 (2020-06-13)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.4...0.4.5)
+
+## 0.4.4 (2020-05-24)
+
+* fixed close card button not being visible & cleanup | [0d2efe5](https://github.com/undergroundwires/privacy.sexy/commit/0d2efe5b05aa965458b78b8fa43754ce2f4fe11b)
+* new footer with privacy policy | [e2ab124](https://github.com/undergroundwires/privacy.sexy/commit/e2ab124fb799f56ada3570fdc911361cb803e889)
+* one command to lint everything "npm run lint" | [bb98d20](https://github.com/undergroundwires/privacy.sexy/commit/bb98d20637cbf1d524ebb2973e308773006e3153)
+* fix "group by" overflows on smaller screens | [c668a97](https://github.com/undergroundwires/privacy.sexy/commit/c668a97950a1cb7c8bf2a7fd8a72d1101e65e8ce)
+* clicking outside of a card closes it | [aab8f21](https://github.com/undergroundwires/privacy.sexy/commit/aab8f21a8d8dbed54798af581e6e1ad9e86a4be1)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.3...0.4.4)
+
+## 0.4.3 (2020-05-23)
+
+* removed redundant documentation | [749a140](https://github.com/undergroundwires/privacy.sexy/commit/749a140eb8dba09cb67fec2f8dec937e66e3cff5)
+* fixed broke link | [97b7e03](https://github.com/undergroundwires/privacy.sexy/commit/97b7e03233d9718a8df30cb01ce06ca9489a0295)
+* simplified heading | [226074c](https://github.com/undergroundwires/privacy.sexy/commit/226074c5342f7463c06fcff1457d352ca30295a3)
+* reading version from package.json instead of version file #5 | [691f989](https://github.com/undergroundwires/privacy.sexy/commit/691f989682179016ddcbf55a05cded29155288c9)
+* automatically increases patch number #5 | [3e3bc07](https://github.com/undergroundwires/privacy.sexy/commit/3e3bc07576f7c7e74e3e11fc7d197cbb9a9fb8c0)
+* using deployment operations from aws-static-site-with-cd | [997be71](https://github.com/undergroundwires/privacy.sexy/commit/997be7113f676888892ffa35566d9ebb58a3e9ea)
+* automated using bump-everywhere + more quality checks (#8) | [4a91e8c](https://github.com/undergroundwires/privacy.sexy/commit/4a91e8ccd8a707bc6bea34ee28cff7fa4f66ee2f)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.2...0.4.3)
+
+## 0.4.2 (2020-02-29)
+
+* added missing semicolon for masking | [e63ac4a](https://github.com/undergroundwires/privacy.sexy/commit/e63ac4ae67da68243a525af149ff30e5d485b641)
+* set font on input | [0c39a06](https://github.com/undergroundwires/privacy.sexy/commit/0c39a06be5e4b0a2031ad5e9f5220dd669afee53)
+* shortened all HKEY paths | [802b36b](https://github.com/undergroundwires/privacy.sexy/commit/802b36bdd8dcc1f0a2853fe7da2ea2fccd69a88c)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.1...0.4.2)
+
+## 0.4.1 (2020-01-11)
+
+* fixed search bug | [31364bd](https://github.com/undergroundwires/privacy.sexy/commit/31364bdfec503af09ffbb58044a17dfb833fc8d9)
+* hide grouping while searching | [92f1a36](https://github.com/undergroundwires/privacy.sexy/commit/92f1a36bcb1e1fe7c90efe8ccd3ede55991e9d9c)
+* 👀🔍  showing search queries | [97a7747](https://github.com/undergroundwires/privacy.sexy/commit/97a7747933d2b515cc03ab8243e6a8ae702ef16a)
+* more efficient queries with single lowercase | [19813b6](https://github.com/undergroundwires/privacy.sexy/commit/19813b691746d98670823025c460480400e34b6e)
+* using right 🔍 input type | [0ce354e](https://github.com/undergroundwires/privacy.sexy/commit/0ce354ea0956391ad3f37b252daac1127bfc601a)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.0...0.4.1)
+
+## 0.4.0 (2020-01-11)
+
+* 🔍 support for search | [89862b2](https://github.com/undergroundwires/privacy.sexy/commit/89862b2775703257b9dc2e19fbebde2c0d0fbda0)
+* more scripts & better organized | [95baf31](https://github.com/undergroundwires/privacy.sexy/commit/95baf3175b0d2c7df516f7893a96346b94ac8eca)
+* refactorings | [e3f82e0](https://github.com/undergroundwires/privacy.sexy/commit/e3f82e069e305f6d94eab335470c8e7b44295dd6)
+* more margin for the scripts | [5ea46ec](https://github.com/undergroundwires/privacy.sexy/commit/5ea46ecbf52236953d19f09a8eade08b83e6cd34)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.3.0...0.4.0)
+
+## 0.3.0 (2020-01-09)
+
+* added description & more descriptive title | [9957634](https://github.com/undergroundwires/privacy.sexy/commit/99576340b648550149871e2c0fe0b0d8c2dd0d7c)
+* allow robots | [eee0e78](https://github.com/undergroundwires/privacy.sexy/commit/eee0e785ec2c5e6bed53d21b4126a57773e35dba)
+* removed unused references | [cfd888f](https://github.com/undergroundwires/privacy.sexy/commit/cfd888f3afc5c260a0a4a73f2843b86b9f1df2cd)
+* 🚫 disable NVIDIA telemetry | [ab28f4e](https://github.com/undergroundwires/privacy.sexy/commit/ab28f4ed8538d51e1777c86302a63a0cd9c3cb2a)
+* backwards compatibility for fonts | [4bc13e1](https://github.com/undergroundwires/privacy.sexy/commit/4bc13e11926a6df77079646499e799742153b4ab)
+* added back meta needed for responsiveness | [ed872ef](https://github.com/undergroundwires/privacy.sexy/commit/ed872ef3d9f6c92afc0ce0d06998c60463a8b4e8)
+* fancy-font is renamed to main and now used | [6825001](https://github.com/undergroundwires/privacy.sexy/commit/6825001c61426194dc363b96b57a321241f3ba57)
+* added support for grouping | [ec6b3c5](https://github.com/undergroundwires/privacy.sexy/commit/ec6b3c54072a77bb4305da1c234db6c649218b88)
+* less hyphens as it looks better on mobile | [e0b080a](https://github.com/undergroundwires/privacy.sexy/commit/e0b080af69157f46ba12e2c25e794f5384671b51)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.2.0...0.3.0)
+
+## 0.2.0 (2020-01-06)
+
+* added GitHub Actions badge for build & deploy | [a229aca](https://github.com/undergroundwires/privacy.sexy/commit/a229aca68a92bbcd8e8176ac1dd25ce03509e074)
+* more badges 📛🏆📜 | [090e831](https://github.com/undergroundwires/privacy.sexy/commit/090e8319091044e53484ba8338510f6fb7c3cb80)
+* typo fixes + whitespace refactorings | [e99f210](https://github.com/undergroundwires/privacy.sexy/commit/e99f210c9dcf61a21e445e2a331384b6066f2c98)
+* switched content information to "why" section | [beb3c83](https://github.com/undergroundwires/privacy.sexy/commit/beb3c8339f83a224ca66ad8a911a9265ffe7c9c0)
+* fixed contribution URL | [7b4277d](https://github.com/undergroundwires/privacy.sexy/commit/7b4277d7706ccf6ba7e4b7b01aa46f8e3852cfc6)
+* fixed wrong relation + lighter style | [8d05b03](https://github.com/undergroundwires/privacy.sexy/commit/8d05b03c9f3c9fc015be6615da8c283809712065)
+* better URL validation | [aff463d](https://github.com/undergroundwires/privacy.sexy/commit/aff463dd64fecff92a786fcba88621dff6b1cf73)
+* refactoring to new function | [c646c10](https://github.com/undergroundwires/privacy.sexy/commit/c646c102730481c3f4648eb714dc0a84ce35b13c)
+* optimized find queries & refactorings | [d38f6cd](https://github.com/undergroundwires/privacy.sexy/commit/d38f6cd6a8b33e11df854c7abea05974dc04d4ce)
+* 🎨  styled no JS error | [c359f1d](https://github.com/undergroundwires/privacy.sexy/commit/c359f1d89c6874b3cc94154b993e33f58bd32268)
+* simplified finding duplicates | [57037aa](https://github.com/undergroundwires/privacy.sexy/commit/57037aaefcc0e80f0f4719cea89568490a731028)
+* fixed maintainability badge URL | [aaea47e](https://github.com/undergroundwires/privacy.sexy/commit/aaea47e7d15fe41dea26968db0107a0c53d108f3)
+* fixed wrong line dumps | [5ccc7c5](https://github.com/undergroundwires/privacy.sexy/commit/5ccc7c59528885ae7729197df3dfa00f924a2b3f)
+* refactorings in parsing | [2aa3742](https://github.com/undergroundwires/privacy.sexy/commit/2aa3742e30646bf1d1f3779419d161c3fb6c4808)
+* using free function | [20020af](https://github.com/undergroundwires/privacy.sexy/commit/20020af7c1d8de13948d8761fd4e7f0affb2badb)
+* default selection is now none | [3140cc6](https://github.com/undergroundwires/privacy.sexy/commit/3140cc663b86394d543de90228aa53e6a304d8d9)
+* added hyphen lines for longer names | [cced601](https://github.com/undergroundwires/privacy.sexy/commit/cced601d686d550f4225018e5311b7433efbb5ae)
+* more descriptive subtitle | [2cf9214](https://github.com/undergroundwires/privacy.sexy/commit/2cf9214b14d9720f747a71b3864ba7a28acf0ff4)
+* added footer with version | [10a34fa](https://github.com/undergroundwires/privacy.sexy/commit/10a34fae2f1a219ec52db0c74edb39b46ebd8abc)
+* using font variables | [60e6348](https://github.com/undergroundwires/privacy.sexy/commit/60e6348dc8d53f1e81ebdb2ec0e1962aac1e9842)
+* code-gen refactorings | [246e753](https://github.com/undergroundwires/privacy.sexy/commit/246e753ddc9dc8bf630e538663584bf3423cc749)
+* added text when nothing is chosen | [a7da75d](https://github.com/undergroundwires/privacy.sexy/commit/a7da75d4428090423b692ce45423f5bd300d8442)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.1.0...0.2.0)
+
+## 0.1.0 (2019-12-31)
+
+Initial release | [commits](https://github.com/undergroundwires/privacy.sexy/commit/4e7f244190c6ffbf7b20443e3e69cf2402c4268a)

CONTRIBUTING.md

@@ -0,0 +1,34 @@
+# Contributing
+
+- Love your input! Contributing to this project should be as easy and transparent as possible, whether it's:
+  - Reporting a bug
+  - Discussing the current state of the code
+  - Submitting a fix
+  - Proposing new features
+  - Becoming a maintainer
+
+## Pull request process
+
+- [GitHub flow](https://guides.github.com/introduction/flow/index.html) with [GitOps](./img/architecture/gitops.png) is used
+- Your pull requests are actively welcomed.
+- The steps:
+  1. Fork the repo and create your branch from master.
+  2. If you've added code that should be tested, add tests.
+  3. If you've changed APIs, update the documentation.
+  4. Ensure the test suite passes.
+  5. Make sure your code lints.
+  6. Issue that pull request!
+- 🙏 DO
+  - Document your changes in the pull request
+- ❗ DON'T
+  - Do not update the versions, current version is only [set by the maintainer](./img/architecture/gitops.png) and updated automatically by [bump-everywhere](https://github.com/undergroundwires/bump-everywhere)
+
+## License
+
+By contributing, you agree that your contributions will be licensed under its [GNU General Public License v3.0](./LICENSE).
+
+## Read more
+
+- See [tests](./docs/tests.md) for testing
+- See [extend script](./README.md#extend-scripts) for quick steps to extend scripts
+- See [architecture overview](./README.md#architecture-overview) to deep dive into privacy.sexy codebase

Dockerfile

@@ -1,20 +1,12 @@
-# +-+-+-+-+-+ +-+-+-+-+-+
-# |B|u|i|l|d| |S|t|a|g|e|
-# +-+-+-+-+-+ +-+-+-+-+-+
+# Build
 FROM node:lts-alpine as build-stage
 WORKDIR /app
 COPY package*.json ./
 RUN npm install
 COPY . .
 RUN npm run build
-# For testing purposes, it's easy to run http-server on lts-alpine such as continuing from here:
-#       RUN npm install -g http-server
-#       EXPOSE 8080
-#       CMD [ "http-server", "dist" ]
 
-# +-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+
-# |P|r|o|d|u|c|t|i|o|n| |S|t|a|g|e|
-# +-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+
+# Production stage
 FROM nginx:stable-alpine as production-stage
 COPY --from=build-stage /app/dist /usr/share/nginx/html
 EXPOSE 80

README.md

@@ -1,126 +1,84 @@
 # privacy.sexy
 
-![Build & deploy status](https://github.com/undergroundwires/privacy.sexy/workflows/Build%20&%20deploy/badge.svg)
-![Vulnerabilities](https://snyk.io/test/github/undergroundwires/privacy.sexy/badge.svg)
-[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/undergroundwires/privacy.sexy/issues)
+> Enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆
+
+[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](./CONTRIBUTING.md)
 [![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/undergroundwires/privacy.sexy.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/undergroundwires/privacy.sexy/context:javascript)
 [![Maintainability](https://api.codeclimate.com/v1/badges/3a70b7ef602e2264342c/maintainability)](https://codeclimate.com/github/undergroundwires/privacy.sexy/maintainability)
+[![Tests status](https://github.com/undergroundwires/privacy.sexy/workflows/Test/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Quality checks status](https://github.com/undergroundwires/privacy.sexy/workflows/Quality%20checks/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Security checks status](https://github.com/undergroundwires/privacy.sexy/workflows/Security%20checks/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Bump & release status](https://github.com/undergroundwires/privacy.sexy/workflows/Bump%20&%20release/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Deploy status](https://github.com/undergroundwires/privacy.sexy/workflows/Build%20&%20deploy/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Auto-versioned by bump-everywhere](https://github.com/undergroundwires/bump-everywhere/blob/master/badge.svg?raw=true)](https://github.com/undergroundwires/bump-everywhere)
 
-Web tool to generate scripts for enforcing privacy & security best-practices such as stopping data collection of Windows and different softwares on it.
-> because privacy is sexy 🍑🍆
+## Get started
 
-[https://privacy.sexy](https://privacy.sexy)
+- Online version at [https://privacy.sexy](https://privacy.sexy)
+  - 💡 No need to run any compiled software on your computer.
+- Alternatively download offline version for [Windows](https://github.com/undergroundwires/privacy.sexy/releases/download/0.10.0/privacy.sexy-Setup-0.10.0.exe), [macOS](https://github.com/undergroundwires/privacy.sexy/releases/download/0.10.0/privacy.sexy-0.10.0.dmg) or [Linux](https://github.com/undergroundwires/privacy.sexy/releases/download/0.10.0/privacy.sexy-0.10.0.AppImage).
+  - 💡 Single click to execute your script.
+- ❗ Come back regularly to apply latest version for stronger privacy and security.
 
-## Why privacy.sexy
+[![privacy.sexy application](img/screenshot.png?raw=true)](https://privacy.sexy)
 
-- You don't need to run any compiled software on your system, just run the generated scripts.
-- It's open source, both application & infrastructure is 100% transparent
-  - Fully automated C/CD pipeline to AWS for provisioning serverless infrastructure using GitHub actions.
-- Have full visibility into what the tweaks do as you enable them.
+## Why
+
+- Rich tweak pool to harden security & privacy of the OS and other software on it
+- Free (both free as in beer and free as in speech)
+- No need to run any compiled software that has access to your system, just run the generated scripts
+- Have full visibility into what the tweaks do as you enable them
+- Ability to revert (undo) applied scripts
+- Everything is transparent: both application and its infrastructure are open-source and automated
 - Easily extendable
 
 ## Extend scripts
 
-Fork it & add more scripts in `src/application/application.yml` and send a pull request 👌
+1. Fork the repository
+2. Add more scripts in respective script collection in [collections](src/application/collections/) folder.
+   - 📖 If you're unsure about the syntax you can refer to the [collection files | documentation](docs/collection-files.md).
+   - 🙏 For any new script, please add `revertCode` and `docs` values if possible.
+3. Send a pull request 👌
 
 ## Commands
 
-- Setup and run
-  - For development:
-    - `npm install` to project setup.
-    - `npm run serve` to compile & hot-reload for development.
-  - Production (using Docker):
-    - Build `docker build -t undergroundwires/privacy.sexy .`
-    - Run `docker run -it -p 8080:8080 --rm --name privacy.sexy-1 undergroundwires/privacy.sexy`
-- Prepare for production: `npm run build`
-- Run tests: `npm run test:unit`
-- Lint and fix files: `npm run lint`
+- Project setup: `npm install`
+- Testing
+  - Run unit tests: `npm run test:unit`
+  - Lint: `npm run lint`
+- **Desktop app**
+  - Development: `npm run electron:serve`
+  - Production: `npm run electron:build` to build an executable
+- **Webpage**
+  - Development: `npm run serve` to compile & hot-reload for development.
+  - Production: `npm run build` to prepare files for distribution.
+  - Or run using Docker:
+    1. Build: `docker build -t undergroundwires/privacy.sexy:0.10.0 .`
+    2. Run: `docker run -it -p 8080:80 --rm --name privacy.sexy-0.10.0 undergroundwires/privacy.sexy:0.10.0`
 
-## Architecture
+## Architecture overview
 
 ### Application
 
-- Powered by **TypeScript** + **Vue.js** 💪
+- Powered by **TypeScript**, **Vue.js** and **Electron** 💪
   - and driven by **Domain-driven design**, **Event-driven architecture**, **Data-driven programming** concepts.
 - Application uses highly decoupled models & services in different DDD layers.
-  - **Domain layer** is where the application is modelled with validation logic.
-  - **Presentation Layer**
-    - Consists of Vue.js components & UI stuff.
-    - Event driven as in components simply listens to events from the state and act accordingly.
-  - **Application Layer**
-    - Keeps the application state
-      - The [state](src/application/State/ApplicationState.ts) is a mutable singleton & event producer.
-    - The application is defined & controlled in a [single YAML file](`\application\application.yaml`) (see [Data-driven programming](https://en.wikipedia.org/wiki/Data-driven_programming))
+- 📖 Read more on • [Presentation](./docs/presentation.md) • [Application](./docs/application.md)
 
-![DDD + vue.js](docs/app-ddd.png)
+![DDD + vue.js](img/architecture/app-ddd.png)
 
 ### AWS Infrastructure
 
-- The application runs in AWS 100% serverless and automatically provisioned using [CloudFormation files](/aws) and GitHub Actions.
-- Maximum security & automation and minimum AWS costs were the highest priorities of the design.
+[![AWS solution](img/architecture/aws-solution.png)](https://github.com/undergroundwires/aws-static-site-with-cd)
 
-![AWS solution](docs/aws-solution.png)
+- It uses infrastructure from the following repository: [aws-static-site-with-cd](https://github.com/undergroundwires/aws-static-site-with-cd)
+  - Runs on AWS 100% serverless and automatically provisioned using [GitHub Actions](.github/workflows/).
+  - Maximum security & automation and minimum AWS costs are the highest priorities of the design.
 
 #### GitOps: CI/CD to AWS
 
+- CI/CD is fully automated for this repo using different GIT events & GitHub actions.
+  - Versioning, tagging, creation of `CHANGELOG.md` and releasing is automated using [bump-everywhere](https://github.com/undergroundwires/bump-everywhere) action
 - Everything that's merged in the master goes directly to production.
-  - Deploy infrastructure ► Deploy web application ► Invalidate CloudFront Cache
-- See more at [build-and-deploy.yaml](.GitHub/workflows/build-and-deploy.yaml)
 
-![CI/CD to AWS with GitHub Actions](docs/ci-cd.png)
-
-##### CloudFormation
-
-![CloudFormation design](docs/aws-cloudformation.png)
-
-- AWS infrastructure is defined as code with following files:
-  - `iam-stack`: Creates & updates the deployment user.
-    - Everything in IAM layer is fine-grained using least privileges principle.
-    - Each deployment step has its own temporary credentials with own permissions.
-  - `certificate-stack.yaml`
-    - It'll generate SSL certification for the root domain and www subdomain.
-    - ❗ It [must](https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-invalid-viewer-certificate/) be deployed in `us-east-1` to be able to be used by CloudFront by `web-stack`.
-    - It uses CustomResource and a lambda instead of native `AWS::CertificateManager::Certificate` because:
-      - Problem:
-        - AWS variant waits until a certificate is validated.
-        - There's no way to automate validation without workaround.
-      - Solution:
-        - Deploy a lambda that deploys the certificate (so we don't wait until certificate is validated)
-        - Get DNS records to be used in validation & export it to be used later.
-  - `web-stack.yaml`: It'll deploy S3 bucket and CloudFront in front of it.
-  - `dns-stack.yaml`: It'll deploy Route53 hosted zone
-    - Each time Route53 hosted zone is re-created it's required to update the DNS records in the domain registrar. See *Configure your domain registrar*.
-- I use cross stacks instead of single stack or nested stacks because:
-  - Easier to test & maintain & smaller files and different lifecycles for different areas.
-  - It allows to deploy web bucket in different region than others as other stacks are global (`us-east-1`) resources.
-
-##### Initial deployment
-
-- ❗ Prerequisite: A registered domain name for website.
-
-1. **Configure build agent (GitHub actions)**
-   - Deploy manually `iam-stack.yaml` with stack name `privacysexy-iam-stack` (to follow the convention)
-     - It'll give you deploy user. Go to console &  generate secret id + key (Security credentials => Create access key) for the user [IAM users](https://console.aws.amazon.com/iam/home#/users).
-       - 🚶 Deploy secrets:
-         - Add secret id & key in GitHub Secrets.
-           - `AWS_DEPLOYMENT_USER_ACCESS_KEY_ID`, `AWS_DEPLOYMENT_USER_SECRET_ACCESS_KEY`
-         - Add more secrets given from Outputs section of the CloudFormation stack.
-     - Run GitHub actions to deploy rest of the application.
-       - It'll run `certificate-stack.yaml` and then `iam-stack.yaml`.
-
-2. **Configure your domain registrar**
-   - ❗ **Web stack will fail** after DNS stack because you need to validate your domain.
-   - 🚶 Go to your domain registrar and change name servers to NS values
-     - `dns-stack.yaml` outputs those in CloudFormation stack.
-     - You can alternatively find those in [Route53](https://console.aws.amazon.com/route53/home#hosted-zones)
-   - When nameservers of your domain updated, the certification will get validated automatically, you can then delete the failed stack in CloudFormation & re-run the GitHub actions.
-
-## Thank you for the awesome projects 🍺
-
-- [Vue.js](https://vuejs.org/) the only big JavaScript framework that's not backed by companies that make money off your data.
-- [liquor-tree](https://GitHub.com/amsik/liquor-tree) for the awesome & super extensible tree component.
-- [Ace](https://ace.c9.io/) for code box.
-- [FileSaver.js](https://GitHub.com/eligrey/FileSaver.js) for save file dialog.
-- [chai](https://GitHub.com/chaijs/chai) & [mocha](https://GitHub.com/mochajs/mocha) for making testing fun.
-- [js-yaml-loader](https://GitHub.com/wwilsman/js-yaml-loader) for ahead of time loading `application.yml`
-- [v-tooltip](https://GitHub.com/Akryum/v-tooltip) takes seconds to have a tooltip, exactly what I needed.
+[![CI/CD to AWS with GitHub Actions](img/architecture/gitops.png)](.github/workflows/)

aws.drawio

@@ -1 +0,0 @@
-<mxfile host="www.draw.io" modified="2019-12-27T14:40:11.720Z" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36" etag="6t_Q0ZRAKXZ_lLm1WdcF" version="12.4.3" type="device" pages="1"><diagram id="pFg2tUHn5hOZkmQyf_J4" name="Page-1">7Vvtd6I4F/9r+lEOEMLLR23rzJzdme3qPLMvXzwUomaLxA2x1f3rnwSIEoIWFdqd3bXnKLmEJNz7u69Jb8DtavuBhuvlZxKj5MY24+0NuLux7SAA/FsQdgXBD8yCsKA4LkjWgTDFf6GSKLttcIwypSMjJGF4rRIjkqYoYgotpJS8qN3mJFFnXYcLpBGmUZjo1F9wzJblW0DzQP+I8GIpZ7bM8s4qlJ1LQrYMY/JSIYH7G3BLCWHF1Wp7ixLBO8mX4rnxkbv7hVGUsjYPfB19Hf0+Wf6+DcbR9Mtksvm2hANYjPIcJpvyhe/IKsQpp03QAmeMhrRcPttJnqwJThmi9898ZsFe6waM9m9n8kYcZksUl40lWyWyE6PkCd2ShFBOSUnKBxzNcZJI0o0NoCn+OD0JH1HyQDLMMEn5vQiJSfmNZ0QZ5hL6sdbhkTBGVpUOwwQvxA1G1pxKNizBKZ9dAkVMEpZd9oPz91iL11xtFwLPBpnPcYSMDNFn/psZVHJlVpL4M7okSuGIhaBthVRK5gMiK8Tojncp79qeXzxSqgmQ+H85gA66BWlZwRu0S6iXMF/sRz4ggV+UYDgDGJatIUPDASWbNN7L+WWJGZquQ8GSuxfOPFX2e0xYNZmXMFCxwYEQe8GjaXbDXslNyd1A564r9bTKXuCYffEXvM5fiUW8yo1UlZvNEH9VM3KdGoXR0yKXXYXb8/zDu+STDbN1RUdkY463QoKjcj13S8aEFR4KTtjjKE5tA3M7PMccFdSI+Iz2OA5ZyH8EPeO/4Sr8i6SD8CUbZAylEU4ENTea4y/8xrRQqtmUT4m55s0ist7NZsNfprPbhGxijkvfWKeLDjAxMA1gBpWP76kgcW0dJIGOEUm7BiJ/bp/idPL8FMApjNFk+8N6+/NA18CcBWNK+DvXsdJo3ea8Z0XG/G8s5h9x0xZjpNwLHHg3tiv37jDlAxX4SQkVHNBM9RCYI9iku3s0KZ7gQsOt2eiKHog3LIMGy5btkiuN2K3bd45Ehxv1jGxohD5FYj0j3iyu1F6R4P485343RslXrZJrAg1w0i1UASdpnQNON0lTTjJHm+gJdY841xwC4J2HONvzLMv91yAuA90gDToq0mDgGa7zvmDTI0+JM/OBJDjadQu45mDzCJ7Kzn87KB0JvHV4rQsOdgIexwlU8EDdTEHfkAMr0WkH0VMjeFwNPBOODsRJcnH/uca3NFRUcH8GOzJXAKjmyrGC97VVnh6JCXHw+DTMQfc5THlErCfKjcjrW+4NYgRGdFjvbFWsdmbrsPVgcHvKfHZhTmquCDiNrggYsCHUBj0J2NcEfJ/OCYc9z07cRMR7j1y67kJcffz69WGqiRrFCyS1S5gEsiBpmNwfqCM1Wz70+ZEIkeai+wMxtit1NtwwogqW85zufq02fhODGVA277bl4EVrV209IIo5rwRY7k4m1YW6n+BVmZawkC4Qe11pBGNO4oKiJGT4Wa23NUm4fPRBOMFKFO2qlRPoBgb0LMf2i29PHbB4vXKMarWsNqzt2IbFAed5rmfbZmB558xSMEebJcfm/tUvh6ulB08TFOdeKXsPZBZOTtZH7avg5baEl/028OKiNZQigQoDD14GL+Aq8PIDeHrcngEli0//smpUil4GOxTSgYhyko1YnyALfzSukAZm0GHdybUMT5U2MC3dATZUI72+wmlbz/xVbq4pfg6jnZGhrZ6XfWcGRkK7amFO7Y30bWGAr+ZXPN9SXIt7oQfbF7nLce2gBp++bYqjgSqf63vyUKdw8aqHclvip5SXaXCnUD5zLaQsqxdI2Y5v+JWBaoUB4LYC2JDScFfptt6j4piC1HZvHLuG12LE2tNyeDKfZ6gfhOtpA0/1GE43ZMPfx4zROiG6vbw+Edhi9qsM7vl1JQ3grUMWIBoyCejUgrbVAHCuBlhWYCuyHgTXKcQbgECPxT9gttw8fv8BlPlqAEUiJi8tUxj88SqkT4NFzoAuYya3VhFym6sGPQVNz2vPu/92v8tcb/fTty+TzAzmA0uT+08UL/KjE8MoQpmwAJ9i/s6YvUkt+9azgDX+59WyKUkOpScNMg3AOn7IwndUhwVB220Qx+kJRXri9TG8JEK6JCaqHtnh6o0jxVdUoGXmH9FrQ5/3hzgajXtnNaXjOnfCf0DLUVMrv5N4qn46B/r2ZQEUcLiP24dh/FsZ1gXtykjnBlB8veryPbdNACXPSfhNHO3UsTbKWk8fhkkizvMJcYbxu6QRHUK+IYa6APID0zDBlTGS3CSGgeF7PAfJt0UDUxW7C4Im5J6rAC6oQd6EhgUq9bVeFMDR9NdvowD9Y1zfx3wz69+XKQc6ro/j/xSubUv11t2kxrC2twi9GuTaIhlaavbrgnbllXOxq53daGe8Zf4kz3H2j2V9k3TyXmb6WLLbV6xyXBF62I/oagcCng5FeisWNns53RL+L0M6eN6ldtIleNq6/cLcdQ4fLZEOLoQPdKChhtqOC7jN5jmV5zqO67mB86YIatjDeAU95xxYF42HkPGENc0pttn2GPujz1l1QNFVCSw0a9Jr2DgKGmogltnBGeVmruvVr32U/kI5f/tU4b3a/la506UKnwTapQ7gEOFAt7YRuPfWV2q5452y7bB+jKa1zgNvf8xvd5jJdDzXCuR3K6V/yxjb1l3Lp+FnTuAOhmro/K8w17owF8Zxfiaw2TZ2Yu4CDW+O/p87jfW6vqq+tqdBphrQlkKtVtM6s3DmSQunVPOOV/C6Co1bm8YTHa+Ibq6SoYxtNYvwgfumtSZfDmDWlF80Ofma6s/9CEVRk4bWFXmF4zhPfpqiEtVltghM3jHWsM/XPHHaZv9vsIXZP/wvMbj/Pw==</diagram></mxfile>

aws/certificate-stack.yaml

@@ -1,211 +0,0 @@
-AWSTemplateFormatVersion: '2010-09-09'
-Description: Creates certificate for the root + www subdomain. !! It must be deployed in us-east-1 to be able to be used by CloudFront.
-
-Parameters:
-  
-  RootDomainName:
-    Type: String
-    Default: privacy.sexy
-    Description: The root DNS name of the website e.g. privacy.sexy
-    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
-    ConstraintDescription: Must be a valid root domain name
-  
-  IamStackName:
-    Type: String
-    Default: privacysexy-iam-stack
-    Description: Name of the IAM stack.
-  
-Resources:
-
-  # The lambda workaround exists to be able to automate certificate deployment.
-  # Problem:
-  #   Normally AWS AWS::CertificateManager::Certificate waits until a certificate is validated
-  #   And there's no way to get validation DNS records from it to validate it.
-  # Solution:
-  #   Deploy a lambda that deploys the certificate (so we don't wait until certificate is validated)
-  #   Get DNS records to be used in validation & export it to be used later.
-  
-  AcmCertificateForHostedZone:
-    Type: Custom::VerifiableCertificate #A Can use AWS::CloudFormation::CustomResource or Custom::String
-    Properties:
-      ServiceToken: !GetAtt ResolveCertificateLambda.Arn
-      # Lambda gets the following data:
-      RootDomainName: !Ref RootDomainName # Lambda will create both for root and www.root
-      Tags:
-        -
-          Key: Name
-          Value: !Ref RootDomainName
-        -
-          Key: Application
-          Value: privacy.sexy
-
-  ResolveCertificateLambda:
-    Type: AWS::Lambda::Function
-    Properties:
-      Description: Deploys certificate for root domain name + www and returns immediately arn + verification records.
-      Role:
-        Fn::ImportValue: !Join [':', [!Ref IamStackName, ResolveCertificateLambdaRoleArn]]
-      FunctionName: !Sub ${AWS::StackName}-cert-resolver-lambda # StackName- required for role to function
-      Handler: index.handler
-      Runtime: nodejs12.x
-      Timeout: 30
-      Tags: 
-        -
-          Key: Application
-          Value: privacy.sexy
-      Code:
-        # Inline script is not the best way. Some variables are named shortly to not exceed the limit 4096 but it's the cheapest way (no s3 file)
-        ZipFile: >
-          'use strict';
-          const aws = require('aws-sdk');
-          const acm = new aws.ACM();
-          const log = (t) => console.log(t);
-
-          exports.handler = async (event, context) => {
-            log(`Request recieved:\n${JSON.stringify(event)}`);
-            const userData = event.ResourceProperties;
-            const rootDomain = userData.RootDomainName;
-            let data = null;
-            try {
-              switch(event.RequestType) {
-                case 'Create':
-                  data = await handleCreateAsync(rootDomain, userData.Tags);
-                  break;
-                case 'Update':
-                  data = await handleUpdateAsync();
-                  break;
-                case 'Delete':
-                  data = await handleDeleteAsync(rootDomain);
-                  break;
-              }
-              await sendResponseAsync(event, context, 'SUCCESS', data);
-            } catch(error) {
-              await sendResponseAsync(event, context, 'ERROR', {
-                title: `Failed to ${event.RequestType}, see error`,
-                error: error
-              });
-            }
-          }
-
-          async function handleCreateAsync(rootDomain, tags) {
-            const { CertificateArn } = await acm.requestCertificate({
-              DomainName: rootDomain,
-              SubjectAlternativeNames: [`www.${rootDomain}`],
-              Tags: tags,
-              ValidationMethod: 'DNS',
-            }).promise();
-            log(`Cert requested:${CertificateArn}`);
-            const waitAsync = (ms) => new Promise(resolve => setTimeout(resolve, ms));
-            const maxAttempts = 10;
-            let options = undefined;
-            for (let attempt = 0; attempt < maxAttempts && !options; attempt++) {
-              await waitAsync(2000);
-              const { Certificate } = await acm.describeCertificate({ CertificateArn }).promise();
-              if(Certificate.DomainValidationOptions.filter((o) => o.ResourceRecord).length === 2) {
-                options = Certificate.DomainValidationOptions;
-              }
-            }
-            if(!options) {
-              throw new Error(`No records after ${maxAttempts} attempts.`);
-            }
-            return getResponseData(options, CertificateArn, rootDomain);
-          }
-
-          async function handleDeleteAsync(rootDomain) {
-            const certs = await acm.listCertificates({}).promise();
-            const cert = certs.CertificateSummaryList.find((cert) => cert.DomainName === rootDomain);
-            if (cert) {
-              await acm.deleteCertificate({ CertificateArn: cert.CertificateArn }).promise();
-              log(`Deleted ${cert.CertificateArn}`);
-            } else {
-              log('Cannot find'); // Do not fail, delete can be called when e.g. CF fails before creating cert
-            }
-            return null;
-          }
-
-          async function handleUpdateAsync() {
-            throw new Error(`Not yet implemented update`);
-          }
-
-          function getResponseData(options, arn, rootDomain) {
-            const findRecord = (url) => options.find(option => option.DomainName === url).ResourceRecord;
-            const root = findRecord(rootDomain);
-            const www = findRecord(`www.${rootDomain}`);
-            const data = {
-                CertificateArn: arn,
-                RootVerificationRecordName: root.Name,
-                RootVerificationRecordValue: root.Value,
-                WwwVerificationRecordName: www.Name,
-                WwwVerificationRecordValue: www.Value,
-            };
-            return data;
-          }
-
-          /* cfn-response can't async / await :( */
-          async function sendResponseAsync(event, context, responseStatus, responseData, physicalResourceId) {
-            return new Promise((s, f) => {
-              var b = JSON.stringify({
-                        Status: responseStatus,
-                        Reason: `See the details in CloudWatch Log Stream: ${context.logStreamName}`,
-                        PhysicalResourceId: physicalResourceId || context.logStreamName,
-                        StackId: event.StackId,
-                        RequestId: event.RequestId,
-                        LogicalResourceId: event.LogicalResourceId,
-                        Data: responseData
-              });
-              log(`Response body:\n${b}`);
-              var u = require("url").parse(event.ResponseURL);
-              var r = require("https").request(
-                {
-                  hostname: u.hostname,
-                  port: 443,
-                  path: u.path,
-                  method: "PUT",
-                  headers: {
-                    "content-type": "",
-                    "content-length": b.length
-                  }
-                }, (p) => {
-                  log(`Status code: ${p.statusCode}`);
-                  log(`Status message: ${p.statusMessage}`);
-                  s(context.done());
-                });
-              r.on("error", (e) => {
-                log(`request failed: ${e}`);
-                f(context.done(e));
-              });
-              r.write(b);
-              r.end();
-            });
-          }
-
-Outputs:
-  CertificateArn:
-    Description: The Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate.
-    Value: !GetAtt AcmCertificateForHostedZone.CertificateArn
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', CertificateArn ]]
-
-  RootVerificationRecordName:
-    Description: Name for root domain CNAME verification record
-    Value: !GetAtt AcmCertificateForHostedZone.RootVerificationRecordName
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', RootVerificationRecordName ]]
-
-  RootVerificationRecordValue:
-    Description: Value for root domain name CNAME verification record
-    Value: !GetAtt AcmCertificateForHostedZone.RootVerificationRecordValue
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', RootVerificationRecordValue ]]
-
-  WwwVerificationRecordName:
-    Description: Name for www domain name CNAME verification record
-    Value: !GetAtt AcmCertificateForHostedZone.WwwVerificationRecordName
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', WwwVerificationRecordName ]]
-
-  WwwVerificationRecordValue:
-    Description: Value for www domain name CNAME verification record
-    Value: !GetAtt AcmCertificateForHostedZone.WwwVerificationRecordValue
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', WwwVerificationRecordValue ]]

aws/dns-stack.yaml

@@ -1,61 +0,0 @@
-AWSTemplateFormatVersion: '2010-09-09'
-Description: Creates hosted zone & sets up records for the CloudFront URL.
-
-Parameters:
-
-  RootDomainName:
-    Type: String
-    Default: privacy.sexy
-    Description: The root DNS name of the website e.g. privacy.sexy
-    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
-    ConstraintDescription: Must be a valid root domain name
-  
-  CertificateStackName:
-    Type: String
-    Default: privacysexy-certificate-stack
-    Description: Name of the certificate stack.
-
-Resources:
-
-  DNSHostedZone:
-    Type: AWS::Route53::HostedZone
-    Properties:
-      Name: !Ref RootDomainName
-      HostedZoneConfig:
-        Comment: !Join ['', ['Hosted zone for ', !Ref RootDomainName]]
-      HostedZoneTags:
-        -
-          Key: Application
-          Value: privacy.sexy
-
-  CertificateValidationDNSRecords:
-    Type: AWS::Route53::RecordSetGroup
-    Properties: 
-      HostedZoneId: !Ref DNSHostedZone
-      RecordSets:
-        -
-          Name: 
-            Fn::ImportValue: !Join [':', [!Ref CertificateStackName, RootVerificationRecordName]]
-          Type: 'CNAME'
-          TTL: '60'
-          ResourceRecords:
-            - Fn::ImportValue: !Join [':', [!Ref CertificateStackName, RootVerificationRecordValue]]
-        -
-          Name: 
-            Fn::ImportValue: !Join [':', [!Ref CertificateStackName, WwwVerificationRecordName]]
-          Type: 'CNAME'
-          TTL: '60'
-          ResourceRecords:
-            - Fn::ImportValue: !Join [':', [!Ref CertificateStackName, WwwVerificationRecordValue]]
-
-Outputs:
-  
-  DNSHostedZoneNameServers:
-    Description: Name servers to update in domain registrar.
-    Value: !Join ['           ', !GetAtt DNSHostedZone.NameServers]
- 
-  DNSHostedZoneId:
-    Description: The ID of the hosted zone that you want to create the record in.
-    Value: !Ref DNSHostedZone
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', DNSHostedZoneId ]]

aws/iam-stack.yaml

@@ -1,496 +0,0 @@
-AWSTemplateFormatVersion: '2010-09-09'
-Description: |-
-  > Deploys the identity management for the deployment
-
-# Granulatiy cheatsheet: https://iam.cloudonaut.io/
-
-Parameters:
-    WebStackName:
-      Type: String
-      Default: privacysexy-web-stack
-      Description: Name of the web stack.
-    DnsStackName:
-      Type: String
-      Default: privacysexy-dns-stack
-      Description: Name of the DNS stack.
-    CertificateStackName:
-      Type: String
-      Default: privacysexy-certificate-stack
-      Description: Name of the IAM stack.
-
-Resources:
-
-  # -----------------------------
-  # ------ User & Group ---------
-  # -----------------------------
-  DeploymentGroup:
-    Type: AWS::IAM::Group
-    Properties: 
-      # GroupName: No hardcoded naming because of easier CloudFormation management
-      ManagedPolicyArns:
-        - !Ref AllowValidateTemplatePolicy
-  
-  DeploymentUser:
-    Type: AWS::IAM::User
-    Properties:
-    #   # UserName: No hardcoded naming because of easier CloudFormation management
-    #   # Policies: Assing policies on group level
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-
-  AddDeploymentUserToDeploymentGroup:
-    Type: AWS::IAM::UserToGroupAddition
-    Properties:
-      GroupName: !Ref DeploymentGroup
-      Users:
-        - !Ref DeploymentUser
-
-  # -----------------------------
-  # ----------- Roles -----------
-  # -----------------------------
-  IamStackDeployRole:
-    Type: AWS::IAM::Role
-    Properties:
-      Description: Allows to deploy IAM stack
-      AssumeRolePolicyDocument:
-        Statement:
-          -
-            Effect: Allow
-            Principal:
-              AWS: !GetAtt DeploymentUser.Arn
-            Action: sts:AssumeRole
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-      ManagedPolicyArns: 
-        - !Ref CloudFormationDeployPolicy
-        - !Ref PolicyDeployPolicy
-        - !Ref IamStackDeployPolicy
-
-  CertificateStackDeployRole:
-    Type: AWS::IAM::Role
-    Properties:
-      Description: Allows to deploy certificate stack
-      AssumeRolePolicyDocument:
-        Statement:
-          -
-            Effect: Allow
-            Principal:
-              AWS: !GetAtt DeploymentUser.Arn
-            Action: sts:AssumeRole
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-      ManagedPolicyArns: 
-        - !Ref CloudFormationDeployPolicy
-        - !Ref LambdaBackedCustomResourceDeployPolicy
-
-  DnsStackDeployRole:
-    Type: AWS::IAM::Role
-    Properties:
-      Description: Allows to deploy DNS stack
-      AssumeRolePolicyDocument:
-        Statement:
-          -
-            Effect: Allow
-            Principal:
-              AWS: !GetAtt DeploymentUser.Arn
-            Action: sts:AssumeRole
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-      ManagedPolicyArns: 
-        - !Ref CloudFormationDeployPolicy
-        - !Ref DnsStackDeployPolicy
-
-  WebStackDeployRole:
-    Type: AWS::IAM::Role
-    Properties:
-      Description: Allows to deploy web stack
-      AssumeRolePolicyDocument:
-        Statement:
-          -
-            Effect: Allow
-            Principal:
-              AWS: !GetAtt DeploymentUser.Arn
-            Action: sts:AssumeRole
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-      ManagedPolicyArns: 
-        - !Ref CloudFormationDeployPolicy
-        - !Ref WebStackDeployPolicy
-
-  S3SiteDeployRole:
-      Type: 'AWS::IAM::Role'
-      Properties:
-        Description: "Allows to deploy website to S3"
-        AssumeRolePolicyDocument:
-          Statement:
-            -
-              Effect: Allow
-              Principal:
-                AWS: !GetAtt DeploymentUser.Arn
-              Action: sts:AssumeRole
-        Tags:
-          -
-            Key: Application
-            Value: privacy.sexy
-        ManagedPolicyArns:
-          - !Ref S3SiteDeployPolicy
-          - !Ref StackExportReaderPolicy
-
-  CloudFrontSiteDeployRole:
-      Type: 'AWS::IAM::Role'
-      Properties:
-        Description: "Allows to informs to CloudFront to renew its cache from S3"
-        AssumeRolePolicyDocument:
-          Statement:
-            -
-              Effect: Allow
-              Principal:
-                AWS: !GetAtt DeploymentUser.Arn
-              Action: sts:AssumeRole
-        Tags:
-          -
-            Key: Application
-            Value: privacy.sexy
-        ManagedPolicyArns:
-          - !Ref CloudFrontInvalidationPolicy
-          - !Ref StackExportReaderPolicy
-
-  ResolveCertificateLambdaRole: # See certificate stack
-    Type: AWS::IAM::Role
-    Properties:
-      Description: Allow deployment of certificates
-      AssumeRolePolicyDocument:
-        Statement:
-          -
-            Effect: Allow
-            Principal:
-              Service: lambda.amazonaws.com
-            Action: sts:AssumeRole
-      ManagedPolicyArns:
-        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-        - !Ref CertificateDeployPolicy
-
-  # --------------------------------
-  # ----------- Policies -----------
-  # --------------------------------
-
-  AllowValidateTemplatePolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: "No read & writes to resources, reveals just basic CloudFormation API to be used for validating templates"
-      # ManagedPolicyName: No hardcoded naming because of easier CloudFormation management
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowCloudFormationTemplateValidation
-            Effect: Allow
-            Action:
-              - cloudformation:ValidateTemplate
-            Resource: '*'
-
-  CloudFormationDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: "Allows deploying CloudFormation using CLI command 'aws cloudformation deploy' (with change sets)"
-      # ManagedPolicyName: No hardcoded naming because of easier CloudFormation management
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowCloudFormationStackOperations
-            Effect: Allow
-            Action:
-              - cloudformation:GetTemplateSummary
-              - cloudformation:DescribeStacks
-              - cloudformation:CreateChangeSet
-              - cloudformation:ExecuteChangeSet
-              - cloudformation:DescribeChangeSet
-            Resource:
-              - !Sub arn:aws:cloudformation:*:${AWS::AccountId}:stack/${WebStackName}/*
-              - !Sub arn:aws:cloudformation:*:${AWS::AccountId}:stack/${DnsStackName}/*
-              - !Sub arn:aws:cloudformation:*:${AWS::AccountId}:stack/${AWS::StackName}/*
-              - !Sub arn:aws:cloudformation:*:${AWS::AccountId}:stack/${CertificateStackName}/*
-
-  IamStackDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deploying IAM CloudFormation stack.
-      # ManagedPolicyName: No hardcoded naming because of easier CloudFormation management
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowUserArnExport
-            Effect: Allow
-            Action:
-              - iam:GetUser
-            Resource:
-              - !GetAtt DeploymentUser.Arn
-          -
-            Sid: AllowTagging
-            Effect: Allow
-            Action:
-              - iam:TagResource
-            Resource:
-              - !Sub arn:aws:cloudformation::${AWS::AccountId}:stack/${AWS::StackName}/*
-              - !GetAtt DeploymentUser.Arn
-          -
-            Sid: AllowRoleDeployment
-            Effect: Allow
-            Action:
-              - iam:CreateRole
-            Resource:
-              - !Sub arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-*
-
-  LambdaBackedCustomResourceDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deploying a lambda-backed custom resource.
-      # ManagedPolicyName: # ManagedPolicyName: No hardcoded naming because of easier CloudFormation management
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowLambdaDeployment
-            Effect: Allow
-            Action:
-              - lambda:GetFunction
-              - lambda:DeleteFunction
-              - lambda:CreateFunction
-              - lambda:GetFunctionConfiguration
-              - lambda:InvokeFunction
-            Resource:
-              - !Sub arn:aws:lambda:*:${AWS::AccountId}:function:${CertificateStackName}*
-          -
-            Sid: AllowPassingLambdaRole
-            Effect: Allow
-            Action:
-              - iam:PassRole
-            Resource:
-              - !GetAtt ResolveCertificateLambdaRole.Arn
-
-  CertificateDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deploying certifications stack.
-      # ManagedPolicyName: # ManagedPolicyName: No hardcoded naming because of easier CloudFormation management
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowCertificateDeployment
-            Effect: Allow
-            Action:
-              - acm:RequestCertificate
-              - acm:DescribeCertificate
-              - acm:DeleteCertificate
-              - acm:AddTagsToCertificate
-              - acm:ListCertificates
-            Resource: '*' # Certificate Manager does not support resource level IAM
-
-  PolicyDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deployment of policies
-      # ManagedPolicyName: Commented out because CloudFormation requires to rename when replacing custom-named resource
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowPolicyUpdates
-            Effect: Allow
-            Action:
-              - iam:ListPolicyVersions
-              - iam:CreatePolicyVersion
-              - iam:DeletePolicyVersion
-              - iam:CreatePolicy 
-              - iam:DeletePolicy 
-              - iam:GetPolicy
-            Resource:
-              - !Sub arn:aws:iam::${AWS::AccountId}:policy/${AWS::StackName}-* # when ManagedPolicyName is not given policies get name like StackName-*
-          -
-            Sid: AllowPoliciesOnRoles
-            Effect: Allow
-            Action:
-              - iam:AttachRolePolicy
-              - iam:DetachRolePolicy
-              - iam:GetRole
-            Resource:
-              - !Sub arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-*
-          - 
-            Sid: AllowPolicyAssigmentToGroup
-            Effect: Allow
-            Action:
-              - iam:AttachGroupPolicy
-              - iam:DetachGroupPolicy
-            Resource:
-              - !GetAtt DeploymentGroup.Arn
-          - 
-            Sid: AllowGettingGroupInformation
-            Effect: Allow
-            Action:
-              - iam:GetGroup
-            Resource: !Sub arn:aws:iam::${AWS::AccountId}:group/${DeploymentGroup}
-
-  DnsStackDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deployment of DNS stack
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowHostedZoneDeployment
-            Effect: Allow
-            Action:
-              - route53:CreateHostedZone
-              - route53:ListQueryLoggingConfigs
-              - route53:DeleteHostedZone
-              - route53:GetChange
-              - route53:ChangeTagsForResource
-              - route53:GetHostedZone
-              - route53:ChangeResourceRecordSets
-            Resource: '*' # Does not support resource-level permissions https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/access-control-overview.html#access-control-manage-access-intro-resource-policies
-          
-  WebStackDeployPolicy:
-    # We need a role to run s3:PutBucketPolicy, IAM users cannot run it. See https://stackoverflow.com/a/48551383 
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deployment of web stack
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowCloudFrontOAIDeployment
-            Effect: Allow
-            Action:
-              - cloudfront:GetCloudFrontOriginAccessIdentity
-              - cloudfront:CreateCloudFrontOriginAccessIdentity
-              - cloudfront:GetCloudFrontOriginAccessIdentityConfig
-              - cloudfront:DeleteCloudFrontOriginAccessIdentity
-            Resource: '*' # Does not support resource-level permissions https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cf-api-permissions-ref.html
-          -
-            Sid: AllowCloudFrontDistributionDeployment
-            Effect: Allow
-            Action:
-              - cloudfront:CreateDistribution
-              - cloudfront:DeleteDistribution
-              - cloudfront:UpdateDistribution
-              - cloudfront:GetDistribution
-              - cloudfront:TagResource
-              - cloudfront:UpdateCloudFrontOriginAccessIdentity
-            Resource: !Sub arn:aws:cloudfront::${AWS::AccountId}:*
-          -
-            Sid: AllowS3BucketPolicyAccess
-            Effect: Allow
-            Action:
-              - s3:CreateBucket
-              - s3:DeleteBucket
-              - s3:PutBucketWebsite
-              - s3:DeleteBucketPolicy
-              - s3:PutBucketPolicy
-              - s3:GetBucketPolicy
-            Resource: !Sub arn:aws:s3:::${WebStackName}*
-          -
-            Sid: AllowRecordDeploymentToRoute53
-            Effect: Allow
-            Action:
-              - route53:GetHostedZone
-              - route53:ChangeResourceRecordSets
-              - route53:GetChange
-              - route53:ListResourceRecordSets
-            Resource: '*' # Does not support resource-level permissions https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/access-control-overview.html#access-control-manage-access-intro-resource-policies
-
-  S3SiteDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows listing buckets to be able to list objects in a bucket
-      # ManagedPolicyName: Commented out because CloudFormation requires to rename when replacing custom-named resources
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowListingObjects
-            Effect: Allow
-            Action:
-              - s3:ListBucket # To allow ListObjectsV2
-            Resource: !Sub arn:aws:s3:::${WebStackName}*
-          -
-            Sid: AllowUpdatingObjects
-            Effect: Allow
-            Action:
-              - s3:PutObject
-              - s3:DeleteObject
-            Resource: !Sub arn:aws:s3:::${WebStackName}*/*
-
-  CloudFrontInvalidationPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows creating invalidations on CloudFront
-      # ManagedPolicyName: Commented out because CloudFormation requires to rename when replacing custom-named resource
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowCloudFrontInvalidations
-            Effect: Allow
-            Action:
-              - cloudfront:CreateInvalidation
-            Resource: "*" # Does not support resource-level permissions https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cf-api-permissions-ref.html
-
-  StackExportReaderPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows creating invalidations on CloudFront
-      # ManagedPolicyName: Commented out because CloudFormation requires to rename when replacing custom-named resource
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowGettingBucketName
-            Effect: Allow
-            Action:
-              - cloudformation:DescribeStacks
-            Resource: !Sub arn:aws:cloudformation:*:${AWS::AccountId}:stack/${WebStackName}/*
-    
-Outputs:
-  ResolveCertificateLambdaRoleArn: 
-    Description: The Amazon Resource Name (ARN) of the lambda for deploying certificates.
-    Value: !GetAtt ResolveCertificateLambdaRole.Arn
-    Export:
-      Name: !Join [ ':', [ !Ref 'AWS::StackName', ResolveCertificateLambdaRoleArn ] ]
-
-  CertificateStackDeployRoleArn: 
-    Description: "GitHub secret: AWS_CERTIFICATE_STACK_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt CertificateStackDeployRole.Arn
-
-  DnsStackDeployRoleArn: 
-    Description: "GitHub secret: AWS_DNS_STACK_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt DnsStackDeployRole.Arn
-
-  IamStackDeployRoleArn: 
-    Description: "GitHub secret: AWS_IAM_STACK_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt IamStackDeployRole.Arn
-
-  WebStackDeployRoleArn: 
-    Description: "GitHub secret: AWS_WEB_STACK_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt WebStackDeployRole.Arn
-
-  S3SiteDeployRoleArn: 
-    Description: "GitHub secret: AWS_S3_SITE_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt S3SiteDeployRole.Arn
-
-  CloudFrontSiteDeployRoleArn: 
-    Description: "GitHub secret: AWS_CLOUDFRONT_SITE_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt CloudFrontSiteDeployRole.Arn

aws/scripts/configure/create-role-profile.sh

@@ -1,36 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --user-profile) USER_PROFILE="$2"; shift;;
-  --role-profile) ROLE_PROFILE="$2"; shift;;
-  --role-arn) ROLE_ARN="$2"; shift;;
-  --session) SESSION="$2";shift;;
-  --region) REGION="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$USER_PROFILE" ]; then echo "User profile name is not set."; exit 1; fi;
-if [ -z "$ROLE_PROFILE" ]; then echo "Role profile name is not set."; exit 1; fi;
-if [ -z "$ROLE_ARN" ]; then echo "Role ARN is not set"; exit 1; fi;
-if [ -z "$SESSION" ]; then echo "Session name is not set."; exit 1; fi;
-if [ -z "$REGION" ]; then echo "Region is not set."; exit 1; fi;
-
-creds=$(aws sts assume-role --role-arn $ROLE_ARN --role-session-name $SESSION --profile $USER_PROFILE)
-
-aws_access_key_id=$(echo $creds | jq -r '.Credentials.AccessKeyId')
-echo ::add-mask::$aws_access_key_id
-aws_secret_access_key=$(echo $creds | jq -r '.Credentials.SecretAccessKey')
-echo ::add-mask::$aws_secret_access_key
-aws_session_token=$(echo $creds | jq -r '.Credentials.SessionToken')
-echo ::add-mask::$aws_session_token
-
-aws configure --profile $ROLE_PROFILE set aws_access_key_id $aws_access_key_id
-aws configure --profile $ROLE_PROFILE set aws_secret_access_key $aws_secret_access_key
-aws configure --profile $ROLE_PROFILE set aws_session_token $aws_session_token
-aws configure --profile $ROLE_PROFILE set region $REGION
-
-echo Profile $ROLE_PROFILE is created
-
-bash "${BASH_SOURCE%/*}/mask-identity.sh" --profile $ROLE_PROFILE

aws/scripts/configure/create-user-profile.sh

@@ -1,25 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --profile) PROFILE="$2"; shift;;
-  --access-key-id) ACCESS_KEY_ID="$2"; shift;;
-  --secret-access-key) SECRET_ACCESS_KEY="$2"; shift;;
-  --region) REGION="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$PROFILE" ]; then echo "Profile name is not set."; exit 1; fi;
-echo $PROFILE
-if [ -z "$ACCESS_KEY_ID" ]; then echo "Access key ID is not set"; exit 1; fi;
-if [ -z "$SECRET_ACCESS_KEY" ]; then echo "Secret access key is not set."; exit 1; fi;
-if [ -z "$REGION" ]; then echo "Region is not set."; exit 1; fi;
-
-aws configure --profile $PROFILE set aws_access_key_id $ACCESS_KEY_ID
-aws configure --profile $PROFILE set aws_secret_access_key $SECRET_ACCESS_KEY
-aws configure --profile $PROFILE set region $REGION
-
-echo Profile $PROFILE is created
-
-bash "${BASH_SOURCE%/*}/mask-identity.sh" --profile $PROFILE

aws/scripts/configure/mask-identity.sh

@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --profile) PROFILE="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$PROFILE" ]; then echo "Profile name is not set."; exit 1; fi;
-
-aws_identity=$(aws sts get-caller-identity --profile $PROFILE)
-echo ::add-mask::$(echo $aws_identity | jq -r '.Account')
-echo ::add-mask::$(echo $aws_identity | jq -r '.UserId')
-echo ::add-mask::$(echo $aws_identity | jq -r '.Arn')
-
-echo Credentials are masked

aws/scripts/deploy/deploy-stack.sh

@@ -1,43 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --template-file) TEMPLATE_FILE="$2"; shift;;
-  --stack-name) STACK_NAME="$2"; shift;;
-  --profile) PROFILE="$2"; shift;;
-  --capabilities) CAPABILITY_IAM="$2"; shift;;
-  --role-arn) ROLE_ARN="$2";shift;;
-  --session) SESSION="$2";shift;;
-  --region) REGION="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$TEMPLATE_FILE" ]; then echo "Template file is not set."; exit 1; fi;
-if [ -z "$STACK_NAME" ]; then echo "Template file is not set."; exit 1; fi;
-if [ -z "$PROFILE" ]; then echo "Profile is not set."; exit 1; fi;
-if [ -z "$ROLE_ARN" ]; then echo "Role ARN is not set."; exit 1; fi;
-if [ -z "$SESSION" ]; then echo "Role session is not set."; exit 1; fi;
-
-
-echo Validating stack "$STACK_NAME"
-aws cloudformation validate-template \
-    --template-body file://$TEMPLATE_FILE \
-    --profile $PROFILE
-
-ROLE_PROFILE=$STACK_NAME
-
-echo Assuming role
-bash "${BASH_SOURCE%/*}/../configure/create-role-profile.sh" \
-    --role-profile $ROLE_PROFILE --user-profile $PROFILE \
-    --role-arn $ROLE_ARN \
-    --session $SESSION \
-    --region $REGION
-
-echo Deploying stack "$TEMPLATE_FILE"
-aws cloudformation deploy \
-    --template-file $TEMPLATE_FILE \
-    --stack-name $STACK_NAME \
-    ${CAPABILITY_IAM:+ --capabilities $CAPABILITY_IAM} \
-    --no-fail-on-empty-changeset \
-    --profile $ROLE_PROFILE

aws/scripts/deploy/deploy-to-s3.sh

@@ -1,47 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --folder) FOLDER="$2"; shift;;
-  --web-stack-name) WEB_STACK_NAME="$2"; shift;;
-  --web-stack-s3-name-output-name) WEB_STACK_S3_NAME_OUTPUT_NAME="$2"; shift;;
-  --storage-class) STORAGE_CLASS="$2"; shift;;
-  --profile) PROFILE="$2"; shift;;
-  --role-arn) ROLE_ARN="$2";shift;;
-  --session) SESSION="$2";shift;;
-  --region) REGION="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$FOLDER" ]; then echo "Folder is not set."; exit 1; fi;
-if [ -z "$PROFILE" ]; then echo "Profile is not set."; exit 1; fi;
-if [ -z "$ROLE_ARN" ]; then echo "Role ARN is not set."; exit 1; fi;
-if [ -z "$SESSION" ]; then echo "Role session is not set."; exit 1; fi;
-if [ -z "$WEB_STACK_NAME" ]; then echo "Web stack name is not set."; exit 1; fi;
-if [ -z "$WEB_STACK_S3_NAME_OUTPUT_NAME" ]; then echo "S3 name output name is not set."; exit 1; fi;
-if [ -z "$STORAGE_CLASS" ]; then echo "S3 object storage class is not set."; exit 1; fi;
-
-echo Assuming role
-ROLE_PROFILE=deploy-s3
-bash "${BASH_SOURCE%/*}/../configure/create-role-profile.sh" \
-    --role-profile $ROLE_PROFILE --user-profile $PROFILE \
-    --role-arn $ROLE_ARN \
-    --session $SESSION \
-    --region $REGION
-
-echo Getting S3 bucket name from stack "$WEB_STACK_NAME" with output "$WEB_STACK_S3_NAME_OUTPUT_NAME"
-S3_BUCKET_NAME=$(aws cloudformation describe-stacks \
-            --stack-name $WEB_STACK_NAME \
-            --query "Stacks[0].Outputs[?OutputKey=='$WEB_STACK_S3_NAME_OUTPUT_NAME'].OutputValue" \
-            --output text \
-            --profile $ROLE_PROFILE)
-if [ -z "$S3_BUCKET_NAME" ]; then echo "Could not read S3 bucket name"; exit 1; fi;
-echo ::add-mask::$S3_BUCKET_NAME # Just being extra cautious
-
-echo Syncing folder to S3
-
-aws s3 sync $FOLDER s3://$S3_BUCKET_NAME \
-    --storage-class $STORAGE_CLASS  \
-    --no-progress --follow-symlinks --delete \
-    --profile $ROLE_PROFILE

aws/scripts/deploy/invalidate-cloudfront-cache.sh

@@ -1,45 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --paths) PATHS="$2"; shift;;
-  --web-stack-name) WEB_STACK_NAME="$2"; shift;;
-  --web-stack-cloudfront-arn-output-name) WEB_STACK_CLOUDFRONT_ARN_OUTPUT_NAME="$2"; shift;;
-  --profile) PROFILE="$2"; shift;;
-  --role-arn) ROLE_ARN="$2";shift;;
-  --session) SESSION="$2";shift;;
-  --region) REGION="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$PATHS" ]; then echo "Paths is not set."; exit 1; fi;
-if [ -z "$PROFILE" ]; then echo "Profile is not set."; exit 1; fi;
-if [ -z "$ROLE_ARN" ]; then echo "Role ARN is not set."; exit 1; fi;
-if [ -z "$SESSION" ]; then echo "Role session is not set."; exit 1; fi;
-if [ -z "$WEB_STACK_NAME" ]; then echo "Web stack name is not set."; exit 1; fi;
-if [ -z "$WEB_STACK_CLOUDFRONT_ARN_OUTPUT_NAME" ]; then echo "CloudFront ARN output name is not set."; exit 1; fi;
-
-
-echo Assuming role
-ROLE_PROFILE=invalidate-cloudfront
-bash "${BASH_SOURCE%/*}/../configure/create-role-profile.sh" \
-    --role-profile $ROLE_PROFILE --user-profile $PROFILE \
-    --role-arn $ROLE_ARN \
-    --session $SESSION \
-    --region $REGION
-
-echo Getting CloudFront ARN from stack "$WEB_STACK_NAME" with output "$WEB_STACK_CLOUDFRONT_ARN_OUTPUT_NAME"
-CLOUDFRONT_ARN=$(aws cloudformation describe-stacks \
-            --stack-name $WEB_STACK_NAME \
-            --query "Stacks[0].Outputs[?OutputKey=='$WEB_STACK_CLOUDFRONT_ARN_OUTPUT_NAME'].OutputValue" \
-            --output text \
-            --profile $ROLE_PROFILE)
-if [ -z "$CLOUDFRONT_ARN" ]; then echo "Could not read CloudFront ARN"; exit 1; fi;
-echo :add-mask::$CLOUDFRONT_ARN
-
-echo Syncing folder to S3
-aws cloudfront create-invalidation \
-    --paths $PATHS \
-    --distribution-id $CLOUDFRONT_ARN \
-    --profile $ROLE_PROFILE

aws/web-stack.yaml

@@ -1,138 +0,0 @@
-AWSTemplateFormatVersion: '2010-09-09'
-
-Description: |-
-  > Creates an S3 bucket configured for hosting a static webpage.
-  > Creates CloudFront distribution that has access to read the S3 bucket.
-
-Parameters:
-
-  RootDomainName:
-    Type: String
-    Default: privacy.sexy
-    Description: The root DNS name of the website e.g. privacy.sexy
-    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
-    ConstraintDescription: Must be a valid root domain name
-
-  CertificateStackName:
-    Type: String
-    Default: privacysexy-certificate-stack
-    Description: Name of the certificate stack.
-
-  DnsStackName:
-    Type: String
-    Default: privacysexy-dns-stack
-    Description: Name of the certificate stack.
-
-  PriceClass:
-    Type: String
-    Description: The CloudFront distribution price class
-    Default: 'PriceClass_100'
-    AllowedValues:
-      - 'PriceClass_100'
-      - 'PriceClass_200'
-      - 'PriceClass_All'
-
-Resources:
-
-  S3Bucket:
-    Type: AWS::S3::Bucket
-    Properties:
-      BucketName: !Sub ${AWS::StackName}-${RootDomainName} # Must have stack name for IAM to allow
-      WebsiteConfiguration:
-        IndexDocument: index.html
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy    
- 
-  S3BucketPolicy:
-    Type: AWS::S3::BucketPolicy
-    Properties:
-      Bucket: !Ref S3Bucket
-      PolicyDocument: # Only used for CloudFront as it's the only way, otherwise use IAM roles in IAM stack.
-        Statement:
-          -
-            Sid: AllowCloudFrontRead
-            Action: s3:GetObject
-            Effect: Allow
-            Principal:
-                CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId
-            Resource: !Join ['', ['arn:aws:s3:::', !Ref S3Bucket, /*]]
-    
-  CloudFrontOriginAccessIdentity:
-    Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
-    Properties:
-      CloudFrontOriginAccessIdentityConfig:
-        Comment: !Sub 'CloudFront OAI for ${S3Bucket}'
-    
-  CloudFrontDistribution:
-    Type: AWS::CloudFront::Distribution
-    Properties:
-      DistributionConfig:
-        Comment: Cloudfront Distribution pointing to S3 bucket
-        Origins:
-          -
-            DomainName: !GetAtt S3Bucket.DomainName
-            Id: S3Origin
-            S3OriginConfig:
-                OriginAccessIdentity: !Sub "origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}"
-        Enabled: true
-        HttpVersion: 'http2'
-        DefaultRootObject: index.html
-        Aliases:
-          - !Ref RootDomainName
-          - !Sub 'www.${RootDomainName}'
-        DefaultCacheBehavior:
-          AllowedMethods:
-            - GET
-            - HEAD
-          Compress: true
-          TargetOriginId: S3Origin
-          ForwardedValues:
-            QueryString: true
-            Cookies:
-              Forward: none
-          ViewerProtocolPolicy: redirect-to-https
-        PriceClass: !Ref PriceClass
-        ViewerCertificate:
-          AcmCertificateArn:
-            # Certificate must be validated before it can be used here
-            Fn::ImportValue: !Join [':', [!Ref CertificateStackName, CertificateArn]]
-          SslSupportMethod: sni-only
-          MinimumProtocolVersion: TLSv1.1_2016
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-
-  CloudFrontDNSRecords:
-    Type: AWS::Route53::RecordSetGroup
-    Properties: 
-      HostedZoneId:
-        Fn::ImportValue: !Join [':', [!Ref DnsStackName, DNSHostedZoneId]]
-      RecordSets:
-        -
-          Name: !Ref RootDomainName
-          Type: A         
-          AliasTarget: 
-            DNSName: !GetAtt CloudFrontDistribution.DomainName
-            EvaluateTargetHealth: false
-            HostedZoneId: Z2FDTNDATAQYW2 # Static CloudFront distribution zone https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget.html#cfn-route53-aliastarget-hostedzoneid
-        -
-          Name: !Join ['', ['www.', !Ref RootDomainName]]
-          Type: A
-          AliasTarget: 
-            DNSName: !GetAtt CloudFrontDistribution.DomainName
-            EvaluateTargetHealth: false
-            HostedZoneId: Z2FDTNDATAQYW2 # Static CloudFront distribution zone https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget.html#cfn-route53-aliastarget-hostedzoneid
-Outputs:
-
-  CloudFrontDistributionArn:  # Used by deployment script to be able to deploy to right S3 bucket
-    Description: Tthe Amazon Resource Name (ARN) of the CloudFront distribution.
-    Value: !Ref CloudFrontDistribution
-
-  S3BucketName: # Used by deployment script to be able to deploy to right S3 bucket
-    Description: Name of the S3 bucket.
-    Value: !Ref S3Bucket
-
-

babel.config.js

@@ -0,0 +1,5 @@
+module.exports = {
+  presets: [
+    '@vue/cli-plugin-babel/preset'
+  ]
+}

build/README.md

@@ -0,0 +1,5 @@
+# build
+
+- These are the file that are used by electron.
+- Logos are created by from the [PNG icon](./../public/icon.png)
+  - by running `npx electron-icon-builder --input=./public/icon.png --output=build --flatten`

docs/app-ddd.drawio

@@ -1 +0,0 @@
-<mxfile host="www.draw.io" modified="2019-12-27T03:04:27.829Z" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36" etag="O-1eaon4mqUmgvki0auB" version="12.4.3" pages="1"><diagram id="rhL8jzEM8kVVyiS98U7u" name="Page-1">3Zpdk6I4FIZ/jZdakPDlpa3tzlTNbnVVV83OzE1XhACZAUKF2Or8+k0wCBhau1f8GrpayUkC5HlzTg7IAE7T9V8M5fHfNMDJABjBegBnAwA8YIpPadhsDS50t4aIkWBrMmvDM/mNldFQ1iUJcNFqyClNOMnbRp9mGfZ5y4YYo6t2s5Am7bPmKMKa4dlHiW79lwQ8VsOyjdr+CZMors5sGqomRVVjZShiFNBVwwQfB3DKKOXbvXQ9xYlkV3HZ9pu/Ubu7MIYz/p4OD0/efJxMXmZfs6kd/vj2Txp+HlrVxfFNNWIcCACqSBmPaUQzlDzW1gdGl1mA5WENUarbfKE0F0ZTGH9izjdKTbTkVJhiniaqFq8J/ya7j2xV+t6oma3VkcvCpipknG0anWTxe7Ou7laWqn4FZ/QXntKEsnJ8cFxuomY7cjncN4kqU0GXzMcHMFYzE7EI8wPtwE534S+YplhcqejHcII4eW1fB1IzN9q1q8UVO0rfj2gNrqL1TreWarWI96AbPFG3suuEMbRpNMgpyXjROPKTNIgGKnZC5Zsqctp77n24NTDtvQmzPX09fXbjOGFGwatGj0bsMEbAfmf4uONpaF0zfKjjvqJkqc70xHAhxirOTTNtIrRlXsWE4+cclRhWIlNoSxqSJGkwDmzsBVYXfQ8soOPIHjTj1TyrrgwzjteHxdDhqQ6O23Yf5U2res2H1coeN9Z7xzgTbehc07XMlmu907PMtmeBm3AtcCHX+n8RftwO2iZsBe2j7YHrnj/IQ+9eUsSbmlCnpgwnRQ+gxepJnifE7yNUtwKvFrpDW/51ieGUmzpCw77ddiKdFMXtdhTf3Yw1wzjoCOPu2cK4fS/Oc9P3V/AeEiSoOd2Mpoj0mxotzCAIO7mbhgvH+Ayp0XjPqca6UwGrw6nsczmVpYH+nIUMCSJLny8Z7hV46PnY97uALzzbso0zAHf3clGnA7h3ySjmaMDxK1aZzRugzY+DDrHTDTpwxwvD6GeF8PbYujpbtwMtOBdaV0PLcE4Lwqk6+F3jhR0L8EXxenqoeMw44ffIdj8uXB3uWIPLY4ZRQLLoD8B79dBg6ll8Kn9e6TfsLpDvBbALLoCWZQf9wBXJSRuuYelw7ZHZgRecC6+er4ldEhy7R7pVxMA2R+Obg2xrkAuO+KEU7R18e6C15+xm9ZTjiqjOk2X1MbOc47DMrqej52Olp02o+YDDSGhE/NsDZ+pLymXBVWPoBjfaiNFfG9rtMdMXCg1SEaNc7pK0fJ+giUTCEHyTSUKiTNi4fIizs35BC5w8yYRfTlw4W1DOaSoaJLLiAfm/olKAVjokN9GkPNmkyLfvPcg0CFWFkKylZA/qemYx5/KFiYkkAeZ+kFkj4tMsJEJaNvLFGcFcrHxIfEm7iDlz4UK0GKIsGC6Y+JQmW6Ykc+i4L1+X+GfxIpuINMUb5VXG1+t9r60Jb1/yMQPQ16771x1+WPchCugC79QHnvfyjIqiR91NcGPC6yvx/QtvHhV+ka3Ep5B1Lf7FnlgYpFk+3Sp6Uhq4+zkqBCNdbQh1tStb/2rrucT9q20cVTukLMLZsMBU/rI/d8Stwjwn5fPTYkhzTlLyu0wKenR0WN0O7MTXpbc6pLc+LL0o1m/WbX8JrV9PhI//AQ==</diagram></mxfile>

docs/application.md

@@ -0,0 +1,36 @@
+# Application
+
+- It's mainly responsible for
+  - creating and event based [application state](#application-state)
+  - [parsing](#parsing) and [compiling](#compiling) [application data](#application-data)
+
+## Application state
+
+- [ApplicationContext.ts](./../src/application/Context/ApplicationContext.ts) holds the [CategoryCollectionState](./../src/application/Context/State/CategoryCollectionState.ts) for each OS
+- Uses [state pattern](https://en.wikipedia.org/wiki/State_pattern)
+- Same instance is shared throughout the application to ensure consistent state
+- 📖 See [Application State | Presentation layer](./presentation.md#application-state) to read more about how the state should be managed by the presentation layer.
+- 📖 See [ApplicationContext.ts](./../src/application/Context/ApplicationContext.ts) to start diving into the state code.
+
+## Application data
+
+- Compiled to [`Application`](./../src/domain/Application.ts) domain object.
+- The scripts are defined and controlled in different data files per OS
+- Enables [data-driven programming](https://en.wikipedia.org/wiki/Data-driven_programming) and easier contributions
+- Application data is defined in collection files and
+- 📖 See [Application data | Presentation layer](./presentation.md#application-data) to read how the application data is read by the presentation layer.
+- 📖 See [collection files documentation](./collection-files.md) to read more about how the data files are structured/defined and see [collection yaml files](./../src/application/collections/) to directly check the code.
+
+## Parsing
+
+- Application data is parsed to domain object [`Application.ts`](./../src/domain/Application.ts)
+- Steps
+  1. (Compile time) Load application data from [collection yaml files](./../src/application/collections/) using webpack loader
+  2. (Runtime) Parse and compile application and make it available to presentation layer by [`ApplicationFactory.ts`](./../src/application/ApplicationFactory.ts)
+
+### Compiling
+
+- Parsing the application files includes compiling scripts using [collection file defined functions](./collection-files.md#function)
+- To extend the syntax:
+  1. Add a new parser under [SyntaxParsers](./../src/application/Parser/Script/Compiler/Expressions/SyntaxParsers) where you can look at other parsers to understand more.
+  2. Register your in [CompositeExpressionParser](./../src/application/Parser/Script/Compiler/Expressions/Parser/CompositeExpressionParser.ts)

docs/ci-cd.drawio

@@ -1 +0,0 @@
-<mxfile host="www.draw.io" modified="2019-12-30T13:07:22.931Z" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36" etag="vfXOAJJrIONaUEloGBPR" version="12.4.7" type="device"><diagram id="ymF_tBZ9P2_Wfw9L8arg" name="Page-1">5Vpbb9s2FP41AbYHC7zp9hjHdVqsGwpkQNu9FIxEy2xlUaWo2N6v36FEOZLlXNw6S7IpQUwd3j9+/M4hnTN6sdpcal4uf1epyM8ISjdndHZGSOQT+GsN29YwIRFqLZmWaWvDt4Yr+bdwxq5YLVNRDQoapXIjy6ExUUUhEjOwca3VelhsofJhryXPxMhwlfB8bP0oU7Ps5oVu7W+FzJZdzxi5nBXvCjtDteSpWvdM9M0ZvdBKmTa12lyI3ILX4dLWm9+RuxuYFoV5TAWx2swv/wy+49kff33Kok8f39/8NnHLc8Pz2k14JspcbStbsVhoXhldJ6bWwk3CbDtktKqLVNjG0RmdKm2WKlMFz98rVYIRg/GrMGbr1pTXRoFpaVa5y015tWzqdy8fuDFCF42FIGsdz9FNu1K1TsQ9E2OOK1xnwtxTDvttQZEOeOAgvBRqJYzeQgHH6AnyCGVBW8mRmro2tMi5kTdD5nBHwGzX1K71D0rCtHZN05B6FB4/ZiGNCQoHneAgxF7Mho22MLh2+mu/17QfIA8F8e0zbBrHyMOxH0IyojgkZNhLC+LDvezNWC0WlRjUgEQP01tTw9QjWEtHrJ3WMk+rRgdSoGqQw5pPrzWkMptqSQ3Za3FtR1iWuUxgrVTxH6V1eDSrEQuGhCPsNKxm2KMIIYZY5Ef0dJwOgsALaLij9HBPYqC71yN87B/J6adnMRux+FKat7Ul6HliuVmNyAk+pLRJuWrcVp92N0Ib4HR+nsvMcs1Yuu6s7/m1yD+oSjacp7NrZYxaQYHcZkx58i1riH+hcqWbvuiieaBI09l5Vbbu1e4K3r0s5MZSferGM1saY/3yucWKzJO0YJ4Ez7yQsKW0l0CPZJ5yw+HD2iv7qYou6WPiMiaVSiTPJ5k0y/p6gknklUUGHS1knndjLFRhMViowlw5iA44RWeyQIjNY/YCCXwvYOj2YUNikcA59PVtPAADbG3LfizQGQ9tlgGZjmWOP2LOuwJeJEArGhHkyfKFOezHKhE4IhoPEacnEqKYgl7c6QMp6IUfhjTwGWUhi+kPelofeywaNs380KMEiERiGuGXKEXBiFAXuarTuVZuTH0eqdrkshAXu4gbuV3YEw/4mdv+p5nmqRSDvJj5sznp5c2kFokTpsLycm+jQx3/nKKpD3aIR9U3cUimduxEj9G9w3LJ3VsCoxJ6yP5GZ9qtgclIdw6IYifWq01mz0YeX1fM06Jl0rvEjmcKr21qWCqx6C8a9J1E9+awG1zaww1abXA7gQAepDAdi154QPPCp5K8cMTQK3pyZgbonNLwOGaSMMQ4+N8ws6I2b+dJcNtae7C108tyXlUuDf5eJi59El5SL9p3xpH/vLyMRryciZvXH7eRB+O2QqwnW8H1xPImr128Og9ggeY90wTFvfDtTikb0fvUUZ0PJ5z+Q/d5FI95hA7wCD0Rj+IRj8q6qaXF91pUNgyQ1fhguxIQO6TNpVhz51RZ9J4j8IOV0dtProvm5bN98fzudbbpZ862D+nCg0dht/MePAqz4wJQOApTTIcyc6KjMEN0cLLA+xEo82gckBgHPmE4+tEINACZJHfGuYwhj4Uh8eMwBK8eBi8uGO2ufnt74fULKn1QUMVKfZUTbPnaqugXmGO5/VKtZC6295+BD8Qyu1GfQDztsexY9SQH1JM8lXpiPKLMmDPQjiwrC9d6KY24KnmjL2sIbvbiqWGEt1iIIEkORXhpGF8j9ATeiu0Dvne5hSPidRrVw5ziMeb0yTAff3cwjshfE+bB/ZhD/PnMgI+vvdmrBjxi9wJOGX1mwMc3tPg1A473g+ARw8eH/H8X8PHFZhfyViUvBsAH32v7zSkcMhvgzm14ll3/AkODX+ge9VK/2qT1hMhCOlm7udg6oS3XtdVF1e3ll9Ir9xVROwSYUjuKttCICT97+zCnjEVH3otNLzD1X+7tw8EY6afvxXYL82TXCqA9h/zriW4W7Al597V/GzXf/vMEffMP</diagram></mxfile>

docs/collection-files.md

@@ -0,0 +1,186 @@
+# Collection files
+
+- privacy.sexy is a data-driven application where it reads the necessary OS-specific logic from yaml files in [`application/collections`](./../src/application/collections/)
+- 💡 Best practices
+  - If you repeat yourself, try to utilize [YAML-defined functions](#Function)
+  - Always try to add documentation and a way to revert a tweak in [scripts](#Script)
+- 📖 Types in code: [`collection.yaml.d.ts`](./../src/application/collections/collection.yaml.d.ts)
+
+## Objects
+
+### `Collection`
+
+- A collection simply defines:
+  - different categories and their scripts in a tree structure
+  - OS specific details
+- Also allows defining common [function](#Function)s to be used throughout the collection if you'd like different scripts to share same code.
+
+#### `Collection` syntax
+
+- `os:` *`string`*  (**required**)
+  - Operating system that the [Collection](#collection) is written for.
+  - 📖 See [OperatingSystem.ts](./../src/domain/OperatingSystem.ts) enumeration for allowed values.
+- `actions: [` ***[`Category`](#Category)*** `, ... ]` **(required)**
+  - Each [category](#category) is rendered as different cards in card presentation.
+  - ❗ A [Collection](#collection) must consist of at least one category.
+- `functions: [` ***[`Function`](#Function)*** `, ... ]`
+  - Functions are optionally defined to re-use the same code throughout different scripts.
+- `scripting:` ***[`ScriptingDefinition`](#ScriptingDefinition)*** **(required)**
+  - Defines the scripting language that the code of other action uses.
+
+### `Category`
+
+- Category has a parent that has tree-like structure where it can have subcategories or subscripts.
+- It's a logical grouping of different scripts and other categories.
+
+#### `Category` syntax
+
+- `category:` *`string`*  (**required**)
+  - Name of the category
+  - ❗ Must be unique throughout the [Collection](#collection)
+- `children: [` ***[`Category`](#Category)*** `|` [***`Script`***](#Script) `, ... ]`  (**required**)
+  - ❗ Category must consist of at least one subcategory or script.
+  - Children can be combination of scripts and subcategories.
+
+### `Script`
+
+- Script represents a single tweak.
+- A script must include either:
+  - A `code` and `revertCode`
+  - Or `call` to call YAML-defined functions
+- 🙏 For any new script, please add `revertCode` and `docs` values if possible.
+
+#### `Script` syntax
+
+- `name`: *`string`* (**required**)
+  - Name of the script
+  - ❗ Must be unique throughout the [Collection](#collection)
+  - E.g. `Disable targeted ads`
+- `code`: *`string`* (may be **required**)
+  - Batch file commands that will be executed
+  - 💡 If defined, best practice to also define `revertCode`
+  - ❗ If not defined `call` must be defined, do not define if `call` is defined.
+- `revertCode`: `string`
+  - Code that'll undo the change done by `code` property.
+  - E.g. let's say `code` sets an environment variable as `setx POWERSHELL_TELEMETRY_OPTOUT 1`
+    - then `revertCode` should be doing `setx POWERSHELL_TELEMETRY_OPTOUT 0`
+  - ❗ Do not define if `call` is defined.
+- `call`: ***[`FunctionCall`](#FunctionCall)*** | `[` ***[`FunctionCall`](#FunctionCall)*** `, ... ]` (may be **required**)
+  - A shared function or sequence of functions to call (called in order)
+  - ❗ If not defined `code` must be defined
+- `docs`: *`string`* | `[`*`string`*`, ... ]`
+  - Single documentation URL or list of URLs for those who wants to learn more about the script
+  - E.g. `https://docs.microsoft.com/en-us/windows-server/`
+- `recommend`: `"standard"` | `"strict"` | `undefined` (default)
+  - If not defined then the script will not be recommended
+  - If defined it can be either
+    - `standard`: Only non-breaking scripts without limiting OS functionality
+    - `strict`: Scripts that can break certain functionality in favor of privacy and security
+
+### `FunctionCall`
+
+- Describes a single call to a function by optionally providing values to its parameters.
+- 👀 See [parameter substitution](#parameter-substitution) for an example usage
+
+#### `FunctionCall` syntax
+
+- `function`: *`string`* (**required**)
+  - Name of the function to call.
+  - ❗ Function with same name must defined in `functions` property of [Collection](#collection)
+- `parameters`: `[ parameterName:` *`parameterValue`*`, ... ]`
+  - Defines key value dictionary for each parameter and its value
+  - E.g.
+
+    ```yaml
+      parameters:
+        userDefinedParameterName: parameterValue
+        # ...
+        appName: Microsoft.WindowsFeedbackHub
+    ```
+
+### `Function`
+
+- Functions allow re-usable code throughout the defined scripts.
+- Functions are templates compiled by privacy.sexy and uses special [expressions](#expressions).
+- Functions can call other functions by defining `call` property instead of `code`
+- 👀 See [parameter substitution](#parameter-substitution) for an example usage
+
+#### Expressions
+
+- Expressions are defined inside mustaches (double brackets, `{{` and `}}`)
+
+##### Parameter substitution
+
+A simple function example
+
+```yaml
+  function: EchoArgument
+  parameters: [ 'argument' ]
+  code: Hello {{ $argument }} !
+```
+
+It would print "Hello world" if it's called in a [script](#script) as following:
+
+```yaml
+  script: Echo script
+  call:
+    function: EchoArgument
+    parameters:
+      argument: World
+```
+
+A function can call other functions such as:
+
+```yaml
+  - 
+    function: CallerFunction
+    parameters: [ 'value' ]
+    call:
+      function: EchoArgument
+      parameters:
+        argument: {{ $value }}
+  -
+    function: EchoArgument
+    parameters: [ 'argument' ]
+    code: Hello {{ $argument }} !
+```
+
+#### `Function` syntax
+
+- `name`: *`string`* (**required**)
+  - Name of the function that scripts will use.
+  - Convention is to use camelCase, and be verbs.
+  - E.g. `uninstallStoreApp`
+  - ❗ Function names must be unique
+- `parameters`: `[` *`string`* `, ... ]`
+  - Name of the parameters that the function has.
+  - Parameter values are provided by a [Script](#script) through a [FunctionCall](#FunctionCall)
+  - Parameter names must be defined to be used in [expressions](#expressions)
+  - ❗ Parameter names must be unique
+ `code`: *`string`* (**required** if `call` is undefined)
+  - Batch file commands that will be executed
+  - 💡 If defined, best practice to also define `revertCode`
+  - ❗ If not defined `call` must be defined
+- `revertCode`: *`string`*
+  - Code that'll undo the change done by `code` property.
+  - E.g. let's say `code` sets an environment variable as `setx POWERSHELL_TELEMETRY_OPTOUT 1`
+    - then `revertCode` should be doing `setx POWERSHELL_TELEMETRY_OPTOUT 0`
+- `call`: ***[`FunctionCall`](#FunctionCall)*** | `[` ***[`FunctionCall`](#FunctionCall)*** `, ... ]` (may be **required**)
+  - A shared function or sequence of functions to call (called in order)
+  - The parameter values that are sent can use [expressions](#expressions)
+  - ❗ If not defined `code` must be defined
+
+### `ScriptingDefinition`
+
+- Defines global properties for scripting that's used throughout its parent [Collection](#collection).
+
+#### `ScriptingDefinition` syntax
+
+- `language:` *`string`* (**required**)
+  - 📖 See [ScriptingLanguage.ts](./../src/domain/ScriptingLanguage.ts) enumeration for allowed values.
+- `startCode:` *`string`* (**required**)
+  - Code that'll be inserted on top of user created script.
+  - Global variables such as `$homepage`, `$version`, `$date` can be used using [parameter substitution](#parameter-substitution) code syntax such as `Welcome to {{ $homepage }}!`
+- `endCode:` *`string`* (**required**)
+  - Code that'll be inserted at the end of user created script.
+  - Global variables such as `$homepage`, `$version`, `$date` can be used using [parameter substitution](#parameter-substitution) code syntax such as `Welcome to {{ $homepage }}!`

docs/presentation.md

@@ -0,0 +1,51 @@
+# Presentation layer
+
+- Consists of Vue.js components and other UI-related code.
+- Desktop application is created using [Electron](https://www.electronjs.org/).
+- Event driven as in components simply listens to events from the state and act accordingly.
+
+## Structure
+
+- [`/src/` **`presentation/`**](./../src/presentation/): Contains all presentation related code including Vue and Electron configurations
+  - [**`bootstrapping/`**](./../src/presentation/bootstrapping/): Registers Vue global objects including components and plugins.
+  - [**`components/`**](./../src/presentation/components/): Contains all Vue components and their helper classes.
+    - [**`Shared/`**](./../src/presentation/components/Shared): Contains Vue components and component helpers that are shared across other components.
+  - [**`styles/`**](./../src/presentation/styles/): Contains shared styles used throughout different components.
+  - [**`main.ts`**](./../src/presentation/main.ts): Application entry point that mounts and starts Vue application.
+  - [**`background.ts`**](./../src/presentation/background.ts): Main process of Electron, started as first thing when app starts.
+- [**`/public/`**](./../public/): Contains static assets that will simply be copied and not go through webpack.
+- [**`/vue.config.js`**](./../vue.config.js): Global Vue CLI configurations loaded by `@vue/cli-service`
+- [**`/postcss.config.js`**](./../postcss.config.js): PostCSS configurations that are used by Vue CLI internally
+- [**`/babel.config.js`**](./../babel.config.js): Babel configurations for polyfills used by `@vue/cli-plugin-babel`
+
+## Application data
+
+- Components and should use [ApplicationFactory](./../src/application/ApplicationFactory.ts) singleton to reach the application domain.
+- [Application.ts](../src/domain/Application.ts) domain model is the stateless application representation including
+  - available scripts, collections as defined in [collection files](./collection-files.md)
+  - package information as defined in [`package.json`](./../package.json)
+- 📖 See [Application data | Application layer](./presentation.md#application-data) where application data is parsed and compiled.
+
+## Application state
+
+- Stateful components mutate or/and react to state changes in [ApplicationContext](./../src/application/Context/ApplicationContext.ts).
+- Stateless components that does not handle state extends `Vue`
+- Stateful components that depends on the collection state such as user selection, search queries and more extends [`StatefulVue`](./../src/presentation/components/Shared/StatefulVue.ts)
+- The single source of truth is a singleton of the state created and made available to presentation layer by [`StatefulVue`](./../src/presentation/components/Shared/StatefulVue.ts)
+- `StatefulVue` includes abstract `handleCollectionState` that is fired once the component is loaded and also each time [collection](./collection-files.md) is changed.
+- Do not forget to subscribe from events when component is destroyed or if needed [collection](./collection-files.md) is changed.
+  - 💡 `events` in base class [`StatefulVue`](./../src/presentation/components/Shared/StatefulVue.ts) makes lifecycling easier
+- 📖 See [Application state | Application layer](./presentation.md#application-state) where the state is implemented using using state pattern.
+
+## Modals
+
+- [Dialog.vue](./../src/presentation/components/Shared/Dialog.vue) is a shared component that can be used to show modal windows
+- Simply wrap the content inside of its slot and call `.show()` method on its reference.
+- Example:
+
+  ```html
+    <Dialog ref="testDialog">
+      <div>Hello world</div>
+    </Dialog>
+    <div @click="$refs.testDialog.show()">Show dialog</div>
+  ```

docs/tests.md

@@ -0,0 +1,29 @@
+# Unit tests
+
+- Unit tests are defined in [`./tests`](./../tests)
+- They follow same folder structure as [`./src`](./../src)
+
+## Naming
+
+- Each test suite first describe the system under test
+  - E.g. tests for class `Application` is categorized under `Application`
+- Tests for specific methods are categorized under method name (if applicable)
+  - E.g. test for `run()` is categorized under `run`
+
+## Act, arrange, assert
+
+- Tests use act, arrange and assert (AAA) pattern when applicable
+- **Arrange**
+  - Should set up the test case
+  - Starts with comment line `// arrange`
+- **Act**
+  - Should cover the main thing to be tested
+  - Starts with comment line `// act`
+- **Assert**
+  - Should elicit some sort of response
+  - Starts with comment line `// assert`
+
+## Stubs
+
+- Stubs are defined in [`./tests/stubs`](./../tests/unit/stubs)
+- They implement dummy behavior to be functional

img/architecture/app-ddd.drawio

@@ -0,0 +1 @@
+<mxfile host="Electron" modified="2021-01-31T12:32:01.751Z" agent="5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/14.1.8 Chrome/87.0.4280.88 Electron/11.1.1 Safari/537.36" etag="OTbSPW1ZOLwiPL6mt-j9" version="14.1.8" type="device"><diagram id="rhL8jzEM8kVVyiS98U7u" name="Page-1">3VtZd6JKF/01/dhZjA6PREjCXRbGFpM2L70QCYIoLsUI/PpvnwKcMD3cazrJl6wEqfHU3vvsKoz5Infm6e3KWU5ZPPGiL5IwSb/I+hdJUsUmflNBVhQoDaEo8FfBpCgS9wWDIPfKwqrZJph466OGSRxHSbA8LnTjxcJzk6MyZ7WKt8fNnuPoeNal43u1goHrRPXSx2CSTIvSlirsy++8wJ9WM4tCWTN3qsZlwXrqTOLtQZFsfJE7qzhOilfztONFhF2FS9Hv5pXaXWArb5H8Tofr+9ZNO9J+6A+Ljvr89N2aP5tflSq4JKtW7E0AQHkbr5Jp7McLJzL2pdereLOYeDSsgLt9m24cL1EoojD0kiQr2XQ2SYyiaTKPylovDZLv1P1KLe9GBzV6Wo7Mb7LqZpGssoNOdDs6rNt343dVv3WyimdeJ47iFV+f3OZfqKkDWGK6jjcr1/sJapUQnZXvJT9pJxXtCNGDCUp6br147iFSNFh5kZMEL8eSc0rl+rt2e3LxouT3T7iW3oXrHW9HrO1J/IC8yZfmjXfVVisnO2iwjINFsj4Y+Z4K0KD0TrnMzdI51ZP0/nlrSVRPBFNMv5fPbh3/QVHyu7rHgXcIV5L6m/bxeWSofCj7KMd9caJNOdP9yltj8Zg7XtSEcEzzdhok3mDpcFy2OCkcU/ocRNEBxhPVa02Uc+i3pLHcaFCPeJFUOjuzFVbBeqvES38KXlnbaB6nT5lN2/2eL1c7+/Rgv69OMxdHW268Z2qJR6n1m5klHmeW9B6pJb1Xav07h28fm7YoH5n2L9tLzebbm7zc+ixHxPcU1MWPDP/JPaSaV2vLZRS4l7DqI+OtWfezSt/nyGjwr3KEg/Li62ck/b6Lq8cuvnsYO7Rx6YyNN9/MxtXPkjwf6flK/pQHJLmWdHo8d4LLHo3G4mTyfBZ3UWjKbe8Njkbtk6Rq15NKUs4klfpWSaXUgDYXzysHiGzcZLPyLgr4c8v1XPcc4OOWqqjCGwDePDmLNs4A3vqbLtaoAe69eOXJ5hWgxT8H+tlrnAd60myPBeEyO0TrBNtmHdvmGWilt4K2WYN25S3jdZDE5eCfGl75zAb8V+Ft1a3CWCRB8hmxPfWFdwe3XQM3ma48ZxIs/P8DeN/dGsT6KX5Of165rO2OBU/2GufAFbyW0GpdBlwcTo7BFZQ6uOqVeAZe6a3grZ/X8DKY/OoZ6aNCLKniVfvDgazWQF4nTvKzI9qf42vo9H0ZFE9MQKze/XhHCP/K6euSGJ6+mXoORPHcu6lvh2H9mOUcviEiRLEfuJ8HULG+Nf1dQHdr2AOazamXG0eR5xKqH1efHw/N+lZUA289dZb0MpjzTywcQkUrh5QjLQr8BcoSeptoV9p1xl50T48UJHVZH8dJEs/RIKKKa8ed+ZyYowMXfaEJn0xbL4tPVtBBy6lunoOUqLwu49GnSUIfydAICenGnSyUq8CNF88BKF9duZhRusHe6uBC5VDHDZIuXn91FpOv4xV+U5FKh54budH88bDxwvUPaoKDUOtqWZ0pL/pk3aa/UpxyryhXap38fenl6a9vkp+ffvmP6f/qTOKxtxOB1Gr9GDjr9QXpl9TWVVP9PQlI5zUgvZkI6tv85xeB+EsRjBdb/AbFKX7wCtsyFdNbausLsS7LyhHlcuOqVT+QSO0zht9+K7Lr55HPT7bwS7Kf45XvLb6uvZg+TXDTAC83y4C/Z7v+Gi+TYB7k/ER2wZzfvUtSsS/XqK/0cUh9VfZfqH/Y3Hrj5vegr7fv2awhLwLh8cyf5n7J/CWIPS+Z8+Qe8V/RzamUteJWulm/gJzrlM58nfs7S3rKrpXxY7pxcyFw7r4Jrh6/dOWJPMlUmWXqizt3X1iobVmnnU/mbmDeTZZPd9/i+4GZWfYoMG+nkfM4iSe6ELBwKJnBteQ8Psj9eVtBm62paz4v103RCkzMfX/r+k/zaD1Gj/G8vXkamMV9R8wmj2l0P/gnmswfNmPp28wMldZIirKRlEbm7dNyfLttmwHL+uE/N0wwMLtFs6Qs9Om1unt9Z7bN0Mh6HfPlPkwXB33Vb7OH62/hLCjLEnfxsH6yi1i8+UM2zniUd9fTya3vPyFK2zawfkVkuulbubGxwijs2qbUBS7WQBC6oZtbgSBYgSJaobthoZl27SGVSyzQUqujCMweJqhPcfWZrW0se5Z17f6G5SMZ2KDtKLcGGq6mYOpMxb1gzY0MV8nKtOoKPA2fdajdKMOcVC4yiSVWpsiWbSbMZhjbxNgzxDFCHKZIYzEepylYmZAjnhx1PuJRmO6jD9aUz1LiqBsaQq8jpKjLMJZv6RjH9uWubaTd0M+tx3MxaRTTpmcPJawb8/Zlby4kWBvKZqqpu2jLtpbEUo4jxwBz2kOxWLshW4GWsUDJe3bfZ/kM8ZBmGOZkSq+j5bQ+FjJoiWL1wYO76el+jv4y4tiygaaijYR+GBu42po0sk1wxfEtr4hzoG27wIjpmkj4WzraZVgvjU9zow/TXQXrABY+8Qeeh4SJivi2TGcJHz830MYgvMCvoIBrzkcP2Fq8DeFPPDDU9WX0zxnVvcqpkHfDmQAN4DpUvYArdzv6/i02b/ttcyakPYo3NGl9W8xHvFPcWyg+QY5izQblGcadIXcFgc+n+xwP8CsWmhymLBBIu+grEB8CcEW8Ptqwck0zWgv0CDz1IepGGLt/Hs8O8BwoWyuc+Wifs9wKGdeARtio4C4j3Vvh0IfuVHALfg1gPEOsBtbaV0x9RPFluE8pZ4ABrn3oxkQe+FuKE30zWgt+gP1MfY1bU+8Tf9Ay8kDvS6RDi17nlAsjhWvtkdY7pHFIY4h1poInmluxOhrmdIUe8gXYiozj7UNrTCy4nAms0KqAssQKSQt96Jj0MiIfkICpwmwXGoWOwdPrsRJOrgz8ZCt/CLkubZYjZ0n3AmLJMJZq6W5i0Rj5CJgMEYNJmMiESY+0w/EeIUcpTkMs8sYAf8CNuAk06Arj5CbnGXy/ih/4Jx3JRR4b4hkdKtxrMi3t6S7laT7KMa+tCUUu+6RB4lXqwc8QP7h3eU739D7mIe0apPuUUUz6kDREeKo9e5T0qL3OuEYseFGXvIzy5/bVvCFNy/C3jPN2W3ohjYs1kkd0aT2hKUKLaW+gKD3ySfJpvQ//MEhjyG3kAvyD8XgE0qxI8XA/DYeUx7S2DJiCY7STXo0HOsB6uIZd1ZKXCTiBRkzu9z19BLwoj42kyEsT+qdYfLHUYIo4Ea+m0N6CeAXue1inRdjkM65dC+OAb8xtSow8PSM9ukmP+1c/ezVXqd4eCZQnaC+McoPvNSzTuIfhWuwPpF/eZkQ5grWT12jEPfj0aayUv87dpPBt4piwYrTPUR5R/iiv40T+oEHPtA/McuSpCK1k2DtoPInZ/4RYM+FAuSgSLvBZeBe45X7F84G4zfg+m1VtuYbLMu20n1/1IzzIO7G/kW/tvL+o2/Xf9ava0rqrGE777eYF5zx/4Iamfj0lbjAW4uvnZZ7Bi4wyV3gcx/WYAzGU9dcN2+7THqLynON7Vz8d5aSZ4UE8/dN4hAMcgAnXu0px4QwjHuC2679fB28LXWrJHhPe73DMPaaFXgn7Au+BdgbvPTZFjgAdySjXDB/RWbVu0jr5vQLfOq2vtFPUL+Kgmyst9/ZGcDrXM5wcLcxH5wHSqkjnLkv/Fv4Rd3WshDpW7BQr9V9j1flbWGEs7rczn2so9zOce6CxmVLstxo8XeBeWJwrNRWemvL9Jx8mHMP8aQo/ynCu86trNU9RT35J50BXIo/r2eRptNe78B/yf9pvyZ/orGls6ZxSxK3RtYxBK2OqYtCKmIr85vtOEdNTwwxadFLvtBf34fblCUroyniiyRV6hrrMnz8l+Uo9fuNJlurPoY0zz6GNP34Oxe3+v8qKTwHv/zVPNv4H</diagram></mxfile>

package.json

@@ -1,42 +1,75 @@
 {
   "name": "privacy.sexy",
-  "version": "0.1.0",
+  "version": "0.10.0",
   "private": true,
+  "description": "Enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆",
+  "author": "undergroundwires",
   "scripts": {
     "serve": "vue-cli-service serve",
     "build": "vue-cli-service build",
-    "lint": "vue-cli-service lint",
-    "test:unit": "vue-cli-service test:unit"
+    "test:unit": "vue-cli-service test:unit",
+    "lint": "npm run lint:vue && npm run lint:yaml && npm run lint:md && npm run lint:md:relative-urls && npm run lint:md:consistency",
+    "electron:build": "vue-cli-service electron:build",
+    "electron:serve": "vue-cli-service electron:serve",
+    "lint:md": "markdownlint **/*.md --ignore node_modules",
+    "lint:md:consistency": "remark . --frail --use remark-preset-lint-consistent",
+    "lint:md:relative-urls": "remark . --frail --use remark-validate-links",
+    "lint:vue": "vue-cli-service lint --no-fix",
+    "lint:yaml": "yamllint **/*.yaml --ignore=node_modules/**/*.yaml",
+    "postinstall": "electron-builder install-app-deps",
+    "postuninstall": "electron-builder install-app-deps"
   },
+  "main": "background.js",
   "dependencies": {
-    "@fortawesome/fontawesome-svg-core": "^1.2.26",
-    "@fortawesome/free-brands-svg-icons": "^5.12.0",
-    "@fortawesome/free-regular-svg-icons": "^5.12.0",
-    "@fortawesome/free-solid-svg-icons": "^5.12.0",
-    "@fortawesome/vue-fontawesome": "^0.1.9",
-    "ace-builds": "^1.4.7",
-    "file-saver": "^2.0.2",
-    "inversify": "^5.0.1",
+    "@fortawesome/fontawesome-svg-core": "^1.2.34",
+    "@fortawesome/free-brands-svg-icons": "^5.15.2",
+    "@fortawesome/free-regular-svg-icons": "^5.15.2",
+    "@fortawesome/free-solid-svg-icons": "^5.15.2",
+    "@fortawesome/vue-fontawesome": "^2.0.2",
+    "@juggle/resize-observer": "^3.3.0",
+    "ace-builds": "^1.4.12",
+    "core-js": "^3.9.1",
+    "file-saver": "^2.0.5",
+    "inversify": "^5.0.5",
     "liquor-tree": "^0.2.70",
-    "v-tooltip": "^2.0.2",
-    "vue": "^2.6.11",
-    "vue-class-component": "^7.1.0",
-    "vue-property-decorator": "^8.3.0"
+    "v-tooltip": "2.1.2",
+    "vue": "^2.6.12",
+    "vue-class-component": "^7.2.6",
+    "vue-js-modal": "^2.0.0-rc.6",
+    "vue-property-decorator": "^9.1.2"
   },
   "devDependencies": {
-    "@types/chai": "^4.2.7",
-    "@types/mocha": "^5.2.7",
-    "@types/ace": "0.0.42",
+    "@types/ace": "0.0.45",
+    "@types/chai": "^4.2.15",
     "@types/file-saver": "^2.0.1",
-    "@vue/cli-plugin-typescript": "^4.1.1",
-    "@vue/cli-plugin-unit-mocha": "^4.1.1",
-    "@vue/cli-service": "^4.1.1",
-    "@vue/test-utils": "1.0.0-beta.30",
-    "chai": "^4.2.0",
-    "sass": "^1.24.0",
-    "sass-loader": "^8.0.0",
+    "@types/mocha": "^8.2.1",
+    "@vue/cli-plugin-babel": "^4.5.11",
+    "@vue/cli-plugin-typescript": "^4.5.11",
+    "@vue/cli-plugin-unit-mocha": "^4.5.11",
+    "@vue/cli-service": "^4.5.11",
+    "@vue/test-utils": "1.1.3",
+    "chai": "^4.3.3",
+    "electron": "^12.0.1",
+    "electron-devtools-installer": "^3.1.1",
+    "electron-log": "^4.3.2",
+    "electron-updater": "^4.3.8",
     "js-yaml-loader": "^1.2.2",
-    "typescript": "^3.7.4",
-    "vue-template-compiler": "^2.6.11"
+    "markdownlint-cli": "^0.27.1",
+    "remark-cli": "^9.0.0",
+    "remark-lint-no-dead-urls": "^1.1.0",
+    "remark-preset-lint-consistent": "^4.0.0",
+    "remark-validate-links": "^10.0.3",
+    "sass": "^1.32.8",
+    "sass-loader": "^10.1.1",
+    "tslib": "^2.1.0",
+    "typescript": "^4.2.3",
+    "vue-cli-plugin-electron-builder": "^2.0.0-rc.6",
+    "vue-template-compiler": "^2.6.12",
+    "yaml-lint": "^1.2.4"
+  },
+  "homepage": "https://privacy.sexy",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/undergroundwires/privacy.sexy.git"
   }
 }

public/index.html

@@ -4,8 +4,10 @@
     <meta charset="utf-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width,initial-scale=1.0">
+    <title>Privacy is sexy 🍑🍆 - Enforce privacy & security on Windows and macOS</title>
+    <meta name="robots" content="index,follow" />
+    <meta name="description" content="Web tool to generate scripts for enforcing privacy & security best-practices such as stopping data collection of Windows and different softwares on it."/>
     <link rel="icon" href="<%= BASE_URL %>favicon.ico">
-    <title>Privacy is sexy 🍑🍆</title>
   </head>
   <body>
     <noscript>
@@ -30,4 +32,4 @@
     <div id="app"></div>
     <!-- built files will be auto injected -->
   </body>
-</html>
+</html>

public/robots.txt

@@ -0,0 +1,2 @@
+User-agent: *
+Disallow:

src/App.vue

@@ -1,85 +0,0 @@
-<template>
-  <div id="app">
-      <div class="wrapper">
-          <TheHeader class="row"
-                     github-url="https://github.com/undergroundwires/privacy.sexy" />
-          <!-- <TheSearchBar> </TheSearchBar> -->
-          <!-- <div style="display: flex; justify-content: space-between;"> -->
-          <!-- <TheGrouper></TheGrouper> -->
-          <TheSelector class="row" />
-          <!-- </div> -->
-          <CardList />
-          <TheCodeArea class="row" theme="xcode" />
-          <TheCodeButtons class="row" />
-          <TheFooter />
-      </div>
-   </div>
-</template>
-
-<script lang="ts">
-import { Component, Vue, Prop  } from 'vue-property-decorator';
-import { ApplicationState, IApplicationState } from '@/application/State/ApplicationState';
-import TheHeader from './presentation/TheHeader.vue';
-import TheFooter from './presentation/TheFooter.vue';
-import TheCodeArea from './presentation/TheCodeArea.vue';
-import TheCodeButtons from './presentation/TheCodeButtons.vue';
-import TheSearchBar from './presentation/TheSearchBar.vue';
-import TheSelector from './presentation/Scripts/Selector/TheSelector.vue';
-import TheGrouper from './presentation/Scripts/TheGrouper.vue';
-import CardList from './presentation/Scripts/Cards/CardList.vue';
-
-@Component({
-  components: {
-    TheHeader,
-    TheCodeArea,
-    TheCodeButtons,
-    TheSearchBar,
-    TheGrouper,
-    CardList,
-    TheSelector,
-    TheFooter,
-  },
-})
-export default class App extends Vue {
-
-}
-</script>
-
-<style lang="scss">
-@import "@/presentation/styles/colors.scss";
-@import "@/presentation/styles/fonts.scss";
-
-* {
-  box-sizing: border-box;
-}
-
-body {
-  background: $light-gray;
-  font-family: $fancy-font;
-  color: $slate;
-}
-
-
-#app {
-  margin-right: auto;
-  margin-left: auto;
-  max-width: 1500px;
-  
-  .wrapper {
-    margin: 0% 2% 0% 2%;
-    background-color: white;
-    box-shadow: 0 0 5px 0 rgba(0, 0, 0, 0.06);
-    padding: 2%;
-    display:flex;
-    flex-direction: column;
-
-    .row {
-      margin-bottom: 10px;
-    }
-  }
-}
-
-
-@import "@/presentation/styles/tooltip.scss";
-@import "@/presentation/styles/tree.scss";
-</style>

src/application/ApplicationFactory.ts

@@ -0,0 +1,21 @@
+import { IApplication } from '@/domain/IApplication';
+import { AsyncLazy } from '@/infrastructure/Threading/AsyncLazy';
+import { IApplicationFactory } from './IApplicationFactory';
+import { parseApplication } from './Parser/ApplicationParser';
+
+export type ApplicationGetter = () => IApplication;
+const ApplicationGetter: ApplicationGetter = parseApplication;
+
+export class ApplicationFactory implements IApplicationFactory {
+    public static readonly Current: IApplicationFactory = new ApplicationFactory(ApplicationGetter);
+    private readonly getter: AsyncLazy<IApplication>;
+    protected constructor(costlyGetter: ApplicationGetter) {
+        if (!costlyGetter) {
+            throw new Error('undefined getter');
+        }
+        this.getter = new AsyncLazy<IApplication>(() => Promise.resolve(costlyGetter()));
+    }
+    public getAppAsync(): Promise<IApplication> {
+        return this.getter.getValueAsync();
+    }
+}

src/application/Common/Enum.ts

@@ -0,0 +1,43 @@
+// Because we cannot do "T extends enum" 😞 https://github.com/microsoft/TypeScript/issues/30611
+type EnumType = number | string;
+type EnumVariable<T extends EnumType, TEnumValue extends EnumType> = { [key in T]: TEnumValue };
+
+export interface IEnumParser<TEnum> {
+    parseEnum(value: string, propertyName: string): TEnum;
+}
+export function createEnumParser<T extends EnumType, TEnumValue extends EnumType>(
+    enumVariable: EnumVariable<T, TEnumValue>): IEnumParser<TEnumValue> {
+    return {
+        parseEnum: (value, propertyName) => parseEnumValue(value, propertyName, enumVariable),
+    };
+}
+function parseEnumValue<T extends EnumType, TEnumValue extends EnumType>(
+    value: string,
+    enumName: string,
+    enumVariable: EnumVariable<T, TEnumValue>): TEnumValue {
+    if (!value) {
+        throw new Error(`undefined ${enumName}`);
+    }
+    if (typeof value !== 'string') {
+        throw new Error(`unexpected type of ${enumName}: "${typeof value}"`);
+    }
+    const casedValue = getEnumNames(enumVariable)
+        .find((enumValue) => enumValue.toLowerCase() === value.toLowerCase());
+    if (!casedValue) {
+        throw new Error(`unknown ${enumName}: "${value}"`);
+    }
+    return enumVariable[casedValue as keyof typeof enumVariable];
+}
+
+export function getEnumNames<T extends EnumType, TEnumValue extends EnumType>(
+    enumVariable: EnumVariable<T, TEnumValue>): string[] {
+    return Object
+        .values(enumVariable)
+        .filter((enumMember) => typeof enumMember === 'string') as string[];
+}
+
+export function getEnumValues<T extends EnumType, TEnumValue extends EnumType>(
+    enumVariable: EnumVariable<T, TEnumValue>): TEnumValue[] {
+    return getEnumNames(enumVariable)
+        .map((level) => enumVariable[level]) as TEnumValue[];
+}

src/application/Context/ApplicationContext.ts

@@ -0,0 +1,71 @@
+import { IApplicationContext, IApplicationContextChangedEvent } from './IApplicationContext';
+import { ICategoryCollectionState } from './State/ICategoryCollectionState';
+import { CategoryCollectionState } from './State/CategoryCollectionState';
+import { IApplication } from '@/domain/IApplication';
+import { OperatingSystem } from '@/domain/OperatingSystem';
+import { ICategoryCollection } from '@/domain/ICategoryCollection';
+import { EventSource } from '@/infrastructure/Events/EventSource';
+
+type StateMachine = Map<OperatingSystem, ICategoryCollectionState>;
+
+export class ApplicationContext implements IApplicationContext {
+    public readonly contextChanged = new EventSource<IApplicationContextChangedEvent>();
+    public collection: ICategoryCollection;
+    public currentOs: OperatingSystem;
+
+    public get state(): ICategoryCollectionState {
+        return this.states[this.collection.os];
+    }
+
+    private readonly states: StateMachine;
+    public constructor(
+        public readonly app: IApplication,
+        initialContext: OperatingSystem) {
+        validateApp(app);
+        validateOs(initialContext);
+        this.states = initializeStates(app);
+        this.changeContext(initialContext);
+    }
+
+    public changeContext(os: OperatingSystem): void {
+        if (this.currentOs === os) {
+            return;
+        }
+        this.collection = this.app.getCollection(os);
+        if (!this.collection) {
+            throw new Error(`os "${OperatingSystem[os]}" is not defined in application`);
+        }
+        const event: IApplicationContextChangedEvent = {
+            newState: this.states[os],
+            oldState: this.states[this.currentOs],
+        };
+        this.contextChanged.notify(event);
+        this.currentOs = os;
+    }
+}
+
+function validateApp(app: IApplication) {
+    if (!app) {
+        throw new Error('undefined app');
+    }
+}
+
+function validateOs(os: OperatingSystem) {
+    if (os === undefined) {
+        throw new Error('undefined os');
+    }
+    if (os === OperatingSystem.Unknown) {
+        throw new Error('unknown os');
+    }
+    if (!(os in OperatingSystem)) {
+        throw new Error(`os "${os}" is out of range`);
+    }
+}
+
+function initializeStates(app: IApplication): StateMachine {
+    const machine = new Map<OperatingSystem, ICategoryCollectionState>();
+    for (const collection of app.collections) {
+        machine[collection.os] = new CategoryCollectionState(collection);
+    }
+    return machine;
+}

src/application/Context/ApplicationContextFactory.ts

@@ -0,0 +1,31 @@
+import { ApplicationContext } from './ApplicationContext';
+import { IApplicationContext } from '@/application/Context/IApplicationContext';
+import { OperatingSystem } from '@/domain/OperatingSystem';
+import { Environment } from '../Environment/Environment';
+import { IApplication } from '@/domain/IApplication';
+import { IEnvironment } from '../Environment/IEnvironment';
+import { IApplicationFactory } from '../IApplicationFactory';
+import { ApplicationFactory } from '../ApplicationFactory';
+
+export async function buildContextAsync(
+    factory: IApplicationFactory = ApplicationFactory.Current,
+    environment = Environment.CurrentEnvironment): Promise<IApplicationContext> {
+    if (!factory) { throw new Error('undefined factory'); }
+    if (!environment) { throw new Error('undefined environment'); }
+    const app = await factory.getAppAsync();
+    const os = getInitialOs(app, environment);
+    return new ApplicationContext(app, os);
+}
+
+function getInitialOs(app: IApplication, environment: IEnvironment): OperatingSystem {
+    const currentOs = environment.os;
+    const supportedOsList = app.getSupportedOsList();
+    if (supportedOsList.includes(currentOs)) {
+        return currentOs;
+    }
+    supportedOsList.sort((os1, os2) => {
+        const getPriority = (os: OperatingSystem) => app.getCollection(os).totalScripts;
+        return getPriority(os2) - getPriority(os1);
+    });
+    return supportedOsList[0];
+}

src/application/Context/IApplicationContext.ts

@@ -0,0 +1,16 @@
+import { ICategoryCollectionState } from './State/ICategoryCollectionState';
+import { OperatingSystem } from '@/domain/OperatingSystem';
+import { IEventSource } from '@/infrastructure/Events/IEventSource';
+import { IApplication } from '@/domain/IApplication';
+
+export interface IApplicationContext {
+    readonly app: IApplication;
+    readonly state: ICategoryCollectionState;
+    readonly contextChanged: IEventSource<IApplicationContextChangedEvent>;
+    changeContext(os: OperatingSystem): void;
+}
+
+export interface IApplicationContextChangedEvent {
+    readonly newState: ICategoryCollectionState;
+    readonly oldState: ICategoryCollectionState;
+}

src/application/Context/State/CategoryCollectionState.ts

@@ -0,0 +1,23 @@
+import { UserFilter } from './Filter/UserFilter';
+import { IUserFilter } from './Filter/IUserFilter';
+import { ApplicationCode } from './Code/ApplicationCode';
+import { UserSelection } from './Selection/UserSelection';
+import { IUserSelection } from './Selection/IUserSelection';
+import { ICategoryCollectionState } from './ICategoryCollectionState';
+import { IApplicationCode } from './Code/IApplicationCode';
+import { ICategoryCollection } from '../../../domain/ICategoryCollection';
+import { OperatingSystem } from '@/domain/OperatingSystem';
+
+export class CategoryCollectionState implements ICategoryCollectionState {
+    public readonly os: OperatingSystem;
+    public readonly code: IApplicationCode;
+    public readonly selection: IUserSelection;
+    public readonly filter: IUserFilter;
+
+    public constructor(readonly collection: ICategoryCollection) {
+        this.selection = new UserSelection(collection, []);
+        this.code = new ApplicationCode(this.selection, collection.scripting);
+        this.filter = new UserFilter(collection);
+        this.os = collection.os;
+    }
+}

src/application/Context/State/Code/ApplicationCode.ts

@@ -0,0 +1,39 @@
+import { CodeChangedEvent } from './Event/CodeChangedEvent';
+import { CodePosition } from './Position/CodePosition';
+import { ICodeChangedEvent } from './Event/ICodeChangedEvent';
+import { SelectedScript } from '@/application/Context/State/Selection/SelectedScript';
+import { IUserSelection } from '@/application/Context/State/Selection/IUserSelection';
+import { UserScriptGenerator } from './Generation/UserScriptGenerator';
+import { EventSource } from '@/infrastructure/Events/EventSource';
+import { IApplicationCode } from './IApplicationCode';
+import { IUserScriptGenerator } from './Generation/IUserScriptGenerator';
+import { IScriptingDefinition } from '@/domain/IScriptingDefinition';
+
+export class ApplicationCode implements IApplicationCode {
+    public readonly changed = new EventSource<ICodeChangedEvent>();
+    public current: string;
+
+    private scriptPositions = new Map<SelectedScript, CodePosition>();
+
+    constructor(
+        userSelection: IUserSelection,
+        private readonly scriptingDefinition: IScriptingDefinition,
+        private readonly generator: IUserScriptGenerator = new UserScriptGenerator()) {
+        if (!userSelection) { throw new Error('userSelection is null or undefined'); }
+        if (!scriptingDefinition) { throw new Error('scriptingDefinition is null or undefined'); }
+        if (!generator) { throw new Error('generator is null or undefined'); }
+        this.setCode(userSelection.selectedScripts);
+        userSelection.changed.on((scripts) => {
+            this.setCode(scripts);
+        });
+    }
+
+    private setCode(scripts: ReadonlyArray<SelectedScript>): void {
+        const oldScripts = Array.from(this.scriptPositions.keys());
+        const code = this.generator.buildCode(scripts, this.scriptingDefinition);
+        this.current = code.code;
+        this.scriptPositions = code.scriptPositions;
+        const event = new CodeChangedEvent(code.code, oldScripts, code.scriptPositions);
+        this.changed.notify(event);
+    }
+}

src/application/Context/State/Code/Event/CodeChangedEvent.ts

@@ -0,0 +1,64 @@
+import { ICodeChangedEvent } from './ICodeChangedEvent';
+import { SelectedScript } from '../../Selection/SelectedScript';
+import { IScript } from '@/domain/IScript';
+import { ICodePosition } from '@/application/Context/State/Code/Position/ICodePosition';
+
+export class CodeChangedEvent implements ICodeChangedEvent {
+    public readonly code: string;
+    public readonly addedScripts: ReadonlyArray<IScript>;
+    public readonly removedScripts: ReadonlyArray<IScript>;
+    public readonly changedScripts: ReadonlyArray<IScript>;
+
+    private readonly scripts: Map<IScript, ICodePosition>;
+
+    constructor(
+        code: string,
+        oldScripts: ReadonlyArray<SelectedScript>,
+        scripts: Map<SelectedScript, ICodePosition>) {
+        ensureAllPositionsExist(code, Array.from(scripts.values()));
+        this.code = code;
+        const newScripts = Array.from(scripts.keys());
+        this.addedScripts = selectIfNotExists(newScripts, oldScripts);
+        this.removedScripts = selectIfNotExists(oldScripts, newScripts);
+        this.changedScripts = getChangedScripts(oldScripts, newScripts);
+        this.scripts = new Map<IScript, ICodePosition>();
+        scripts.forEach((position, selection) => {
+            this.scripts.set(selection.script, position);
+        });
+    }
+
+    public isEmpty(): boolean {
+        return this.scripts.size === 0;
+    }
+
+    public getScriptPositionInCode(script: IScript): ICodePosition {
+       return this.scripts.get(script);
+    }
+}
+
+function ensureAllPositionsExist(script: string, positions: ReadonlyArray<ICodePosition>) {
+    const totalLines = script.split(/\r\n|\r|\n/).length;
+    for (const position of positions) {
+        if (position.endLine > totalLines) {
+            throw new Error(`script end line (${position.endLine}) is out of range.` +
+                            `(total code lines: ${totalLines}`);
+        }
+    }
+}
+
+function getChangedScripts(
+    oldScripts: ReadonlyArray<SelectedScript>,
+    newScripts: ReadonlyArray<SelectedScript>): ReadonlyArray<IScript> {
+    return newScripts
+        .filter((newScript) => oldScripts.find((oldScript) => oldScript.id === newScript.id
+                               && oldScript.revert !== newScript.revert ))
+        .map((selection) => selection.script);
+}
+
+function selectIfNotExists(
+    selectableContainer: ReadonlyArray<SelectedScript>,
+    test: ReadonlyArray<SelectedScript>) {
+    return selectableContainer
+        .filter((script) => !test.find((oldScript) => oldScript.id === script.id))
+        .map((selection) => selection.script);
+}

src/application/Context/State/Code/Event/ICodeChangedEvent.ts

@@ -0,0 +1,11 @@
+import { IScript } from '@/domain/IScript';
+import { ICodePosition } from '@/application/Context/State/Code/Position/ICodePosition';
+
+export interface ICodeChangedEvent {
+    readonly code: string;
+    addedScripts: ReadonlyArray<IScript>;
+    removedScripts: ReadonlyArray<IScript>;
+    changedScripts: ReadonlyArray<IScript>;
+    isEmpty(): boolean;
+    getScriptPositionInCode(script: IScript): ICodePosition;
+}

src/application/Context/State/Code/Generation/CodeBuilder.ts

@@ -1,11 +1,25 @@
+import { ICodeBuilder } from './ICodeBuilder';
+
 const NewLine = '\n';
 const TotalFunctionSeparatorChars = 58;
 
-export class CodeBuilder {
+export abstract class CodeBuilder implements ICodeBuilder {
     private readonly lines = new Array<string>();
 
+    // Returns current line starting from 0 (no lines), or 1 (have single line)
+    public get currentLine(): number {
+        return this.lines.length;
+    }
+
     public appendLine(code?: string): CodeBuilder {
-        this.lines.push(code);
+        if (!code) {
+            this.lines.push('');
+            return this;
+        }
+        const lines = code.match(/[^\r\n]+/g);
+        for (const line of lines) {
+            this.lines.push(line);
+        }
         return this;
     }
 
@@ -15,7 +29,7 @@ export class CodeBuilder {
     }
 
     public appendCommentLine(commentLine?: string): CodeBuilder {
-        this.lines.push(`:: ${commentLine}`);
+        this.lines.push(`${this.getCommentDelimiter()} ${commentLine}`);
         return this;
     }
 
@@ -23,9 +37,8 @@ export class CodeBuilder {
         if (!name)  { throw new Error('name cannot be empty or null'); }
         if (!code)  { throw new Error('code cannot be empty or null'); }
         return this
-            .appendLine()
             .appendCommentLineWithHyphensAround(name)
-            .appendLine(`echo --- ${name}`)
+            .appendLine(this.writeStandardOut(`--- ${name}`))
             .appendLine(code)
             .appendTrailingHyphensCommentLine();
     }
@@ -42,10 +55,13 @@ export class CodeBuilder {
         return this
             .appendTrailingHyphensCommentLine()
             .appendCommentLine(firstHyphens + sectionName + secondHyphens)
-            .appendTrailingHyphensCommentLine();
+            .appendTrailingHyphensCommentLine(TotalFunctionSeparatorChars);
     }
 
     public toString(): string {
         return this.lines.join(NewLine);
     }
+
+    protected abstract getCommentDelimiter(): string;
+    protected abstract writeStandardOut(text: string): string;
 }

src/application/Context/State/Code/Generation/CodeBuilderFactory.ts

@@ -0,0 +1,15 @@
+import { ScriptingLanguage } from '@/domain/ScriptingLanguage';
+import { ICodeBuilder } from './ICodeBuilder';
+import { ICodeBuilderFactory } from './ICodeBuilderFactory';
+import { BatchBuilder } from './Languages/BatchBuilder';
+import { ShellBuilder } from './Languages/ShellBuilder';
+
+export class CodeBuilderFactory implements ICodeBuilderFactory {
+    public create(language: ScriptingLanguage): ICodeBuilder {
+        switch (language) {
+            case ScriptingLanguage.shellscript: return new ShellBuilder();
+            case ScriptingLanguage.batchfile:   return new BatchBuilder();
+            default: throw new RangeError(`unknown language: "${ScriptingLanguage[language]}"`);
+        }
+    }
+}

src/application/Context/State/Code/Generation/ICodeBuilder.ts

@@ -0,0 +1,9 @@
+export interface ICodeBuilder {
+    currentLine: number;
+    appendLine(code?: string): ICodeBuilder;
+    appendTrailingHyphensCommentLine(totalRepeatHyphens: number): ICodeBuilder;
+    appendCommentLine(commentLine?: string): ICodeBuilder;
+    appendCommentLineWithHyphensAround(sectionName: string, totalRepeatHyphens: number): ICodeBuilder;
+    appendFunction(name: string, code: string): ICodeBuilder;
+    toString(): string;
+}

src/application/Context/State/Code/Generation/ICodeBuilderFactory.ts

@@ -0,0 +1,6 @@
+import { ScriptingLanguage } from '@/domain/ScriptingLanguage';
+import { ICodeBuilder } from './ICodeBuilder';
+
+export interface ICodeBuilderFactory {
+    create(language: ScriptingLanguage): ICodeBuilder;
+}

src/application/Context/State/Code/Generation/IUserScript.ts

@@ -0,0 +1,7 @@
+import { SelectedScript } from '@/application/Context/State/Selection/SelectedScript';
+import { ICodePosition } from '@/application/Context/State/Code/Position/ICodePosition';
+
+export interface IUserScript {
+    code: string;
+    scriptPositions: Map<SelectedScript, ICodePosition>;
+}

src/application/Context/State/Code/Generation/IUserScriptGenerator.ts

@@ -0,0 +1,9 @@
+import { SelectedScript } from '@/application/Context/State/Selection/SelectedScript';
+import { IUserScript } from './IUserScript';
+import { IScriptingDefinition } from '@/domain/IScriptingDefinition';
+
+export interface IUserScriptGenerator {
+    buildCode(
+        selectedScripts: ReadonlyArray<SelectedScript>,
+        scriptingDefinition: IScriptingDefinition): IUserScript;
+}

src/application/Context/State/Code/Generation/Languages/BatchBuilder.ts

@@ -0,0 +1,16 @@
+import { CodeBuilder } from '@/application/Context/State/Code/Generation/CodeBuilder';
+
+export class BatchBuilder extends CodeBuilder {
+    protected getCommentDelimiter(): string {
+        return '::';
+    }
+    protected writeStandardOut(text: string): string {
+        return `echo ${escapeForEcho(text)}`;
+    }
+}
+
+function escapeForEcho(text: string) {
+    return text
+        .replace(/&/g, '^&')
+        .replace(/%/g, '%%');
+}

src/application/Context/State/Code/Generation/Languages/ShellBuilder.ts

@@ -0,0 +1,15 @@
+import { CodeBuilder } from '@/application/Context/State/Code/Generation/CodeBuilder';
+
+export class ShellBuilder extends CodeBuilder {
+    protected getCommentDelimiter(): string {
+        return '#';
+    }
+    protected writeStandardOut(text: string): string {
+        return `echo '${escapeForEcho(text)}'`;
+    }
+}
+
+function escapeForEcho(text: string) {
+    return text
+        .replace(/'/g, '\'\\\'\'');
+}

src/application/Context/State/Code/Generation/UserScriptGenerator.ts

@@ -0,0 +1,71 @@
+import { SelectedScript } from '@/application/Context/State/Selection/SelectedScript';
+import { IUserScriptGenerator } from './IUserScriptGenerator';
+import { ICodePosition } from '@/application/Context/State/Code/Position/ICodePosition';
+import { CodePosition } from '../Position/CodePosition';
+import { IUserScript } from './IUserScript';
+import { IScriptingDefinition } from '@/domain/IScriptingDefinition';
+import { ICodeBuilder } from './ICodeBuilder';
+import { ICodeBuilderFactory } from './ICodeBuilderFactory';
+import { CodeBuilderFactory } from './CodeBuilderFactory';
+
+export class UserScriptGenerator implements IUserScriptGenerator {
+    constructor(private readonly codeBuilderFactory: ICodeBuilderFactory = new CodeBuilderFactory()) {
+
+    }
+    public buildCode(
+        selectedScripts: ReadonlyArray<SelectedScript>,
+        scriptingDefinition: IScriptingDefinition): IUserScript {
+        if (!selectedScripts) { throw new Error('undefined scripts'); }
+        if (!scriptingDefinition) { throw new Error('undefined definition'); }
+        let scriptPositions = new Map<SelectedScript, ICodePosition>();
+        if (!selectedScripts.length) {
+            return { code: '', scriptPositions };
+        }
+        let builder = this.codeBuilderFactory.create(scriptingDefinition.language);
+        builder = initializeCode(scriptingDefinition.startCode, builder);
+        for (const selection of selectedScripts) {
+            scriptPositions = appendSelection(selection, scriptPositions, builder);
+        }
+        const code = finalizeCode(builder, scriptingDefinition.endCode);
+        return { code, scriptPositions };
+    }
+}
+
+function initializeCode(startCode: string, builder: ICodeBuilder): ICodeBuilder {
+    if (!startCode) {
+        return builder;
+    }
+    return builder
+        .appendLine(startCode)
+        .appendLine();
+}
+
+function finalizeCode(builder: ICodeBuilder, endCode: string): string {
+    if (!endCode) {
+        return builder.toString();
+    }
+    return builder.appendLine()
+        .appendLine(endCode)
+        .toString();
+}
+
+function appendSelection(
+    selection: SelectedScript,
+    scriptPositions: Map<SelectedScript, ICodePosition>,
+    builder: ICodeBuilder): Map<SelectedScript, ICodePosition> {
+    const startPosition = builder.currentLine + 1; // Because first line will be empty to separate scripts
+    builder = appendCode(selection, builder);
+    const endPosition = builder.currentLine - 1;
+    builder.appendLine();
+    const position = new CodePosition(startPosition, endPosition);
+    scriptPositions.set(selection, position);
+    return scriptPositions;
+}
+
+function appendCode(selection: SelectedScript, builder: ICodeBuilder): ICodeBuilder {
+    const name = selection.revert ? `${selection.script.name} (revert)` : selection.script.name;
+    const scriptCode = selection.revert ? selection.script.code.revert : selection.script.code.execute;
+    return builder
+        .appendLine()
+        .appendFunction(name, scriptCode);
+}

src/application/Context/State/Code/IApplicationCode.ts

@@ -0,0 +1,7 @@
+import { ICodeChangedEvent } from './Event/ICodeChangedEvent';
+import { IEventSource } from '@/infrastructure/Events/IEventSource';
+
+export interface IApplicationCode {
+    readonly changed: IEventSource<ICodeChangedEvent>;
+    readonly current: string;
+}

src/application/Context/State/Code/Position/CodePosition.ts

@@ -0,0 +1,24 @@
+import { ICodePosition } from './ICodePosition';
+
+export class CodePosition implements ICodePosition {
+    public get totalLines(): number {
+        return this.endLine - this.startLine;
+    }
+
+    constructor(
+        public readonly startLine: number,
+        public readonly endLine: number) {
+        if (startLine < 0) {
+            throw new Error('Code cannot start in a negative line');
+        }
+        if (endLine < 0) {
+            throw new Error('Code cannot end in a negative line');
+        }
+        if (endLine === startLine) {
+            throw new Error('Empty code');
+        }
+        if (endLine < startLine) {
+            throw new Error('End line cannot be less than start line');
+        }
+    }
+}

src/application/Context/State/Code/Position/ICodePosition.ts

@@ -0,0 +1,5 @@
+export interface ICodePosition {
+    readonly startLine: number;
+    readonly endLine: number;
+    readonly totalLines: number;
+}

src/application/Context/State/Filter/FilterResult.ts

@@ -0,0 +1,18 @@
+import { IFilterResult } from './IFilterResult';
+import { IScript } from '@/domain/IScript';
+import { ICategory } from '@/domain/ICategory';
+
+export class FilterResult implements IFilterResult {
+    constructor(
+        public readonly scriptMatches: ReadonlyArray<IScript>,
+        public readonly categoryMatches: ReadonlyArray<ICategory>,
+        public readonly query: string) {
+        if (!query) { throw new Error('Query is empty or undefined'); }
+        if (!scriptMatches) { throw new Error('Script matches is undefined'); }
+        if (!categoryMatches) { throw new Error('Category matches is undefined'); }
+    }
+    public hasAnyMatches(): boolean {
+        return this.scriptMatches.length > 0
+         || this.categoryMatches.length > 0;
+    }
+}

src/application/Context/State/Filter/IFilterResult.ts

@@ -1,7 +1,8 @@
 import { IScript, ICategory } from '@/domain/ICategory';
 
-export interface IFilterMatches {
-    readonly scriptMatches: ReadonlyArray<IScript>;
+export interface IFilterResult {
     readonly categoryMatches: ReadonlyArray<ICategory>;
+    readonly scriptMatches: ReadonlyArray<IScript>;
     readonly query: string;
+    hasAnyMatches(): boolean;
 }

src/application/Context/State/Filter/IUserFilter.ts

@@ -0,0 +1,10 @@
+import { IEventSource } from '@/infrastructure/Events/IEventSource';
+import { IFilterResult } from './IFilterResult';
+
+export interface IUserFilter {
+    readonly currentFilter: IFilterResult | undefined;
+    readonly filtered: IEventSource<IFilterResult>;
+    readonly filterRemoved: IEventSource<void>;
+    setFilter(filter: string): void;
+    removeFilter(): void;
+}

src/application/Context/State/Filter/UserFilter.ts

@@ -0,0 +1,52 @@
+import { IScript } from '@/domain/IScript';
+import { FilterResult } from './FilterResult';
+import { IFilterResult } from './IFilterResult';
+import { IUserFilter } from './IUserFilter';
+import { EventSource } from '@/infrastructure/Events/EventSource';
+import { ICategoryCollection } from '@/domain/ICategoryCollection';
+
+export class UserFilter implements IUserFilter {
+    public readonly filtered = new EventSource<IFilterResult>();
+    public readonly filterRemoved = new EventSource<void>();
+    public currentFilter: IFilterResult | undefined;
+
+    constructor(private collection: ICategoryCollection) {
+
+    }
+
+    public setFilter(filter: string): void {
+        if (!filter) {
+            throw new Error('Filter must be defined and not empty. Use removeFilter() to remove the filter');
+        }
+        const filterLowercase = filter.toLocaleLowerCase();
+        const filteredScripts = this.collection.getAllScripts().filter(
+            (script) => isScriptAMatch(script, filterLowercase));
+        const filteredCategories = this.collection.getAllCategories().filter(
+            (category) => category.name.toLowerCase().includes(filterLowercase));
+        const matches = new FilterResult(
+            filteredScripts,
+            filteredCategories,
+            filter,
+        );
+        this.currentFilter = matches;
+        this.filtered.notify(matches);
+    }
+
+    public removeFilter(): void {
+        this.currentFilter = undefined;
+        this.filterRemoved.notify();
+    }
+}
+
+function isScriptAMatch(script: IScript, filterLowercase: string) {
+    if (script.name.toLowerCase().includes(filterLowercase)) {
+        return true;
+    }
+    if (script.code.execute.toLowerCase().includes(filterLowercase)) {
+        return true;
+    }
+    if (script.code.revert) {
+        return script.code.revert.toLowerCase().includes(filterLowercase);
+    }
+    return false;
+}

src/application/Context/State/ICategoryCollectionState.ts

@@ -0,0 +1,13 @@
+import { IUserFilter } from './Filter/IUserFilter';
+import { IUserSelection } from './Selection/IUserSelection';
+import { IApplicationCode } from './Code/IApplicationCode';
+import { ICategoryCollection } from '@/domain/ICategoryCollection';
+import { OperatingSystem } from '@/domain/OperatingSystem';
+
+export interface ICategoryCollectionState {
+    readonly code: IApplicationCode;
+    readonly filter: IUserFilter;
+    readonly selection: IUserSelection;
+    readonly collection: ICategoryCollection;
+    readonly os: OperatingSystem;
+}

src/application/Context/State/Selection/IUserSelection.ts

@@ -0,0 +1,21 @@
+import { SelectedScript } from './SelectedScript';
+import { IScript } from '@/domain/IScript';
+import { ICategory } from '@/domain/ICategory';
+import { IEventSource } from '@/infrastructure/Events/IEventSource';
+
+export interface IUserSelection {
+    readonly changed: IEventSource<ReadonlyArray<SelectedScript>>;
+    readonly selectedScripts: ReadonlyArray<SelectedScript>;
+    readonly totalSelected: number;
+    areAllSelected(category: ICategory): boolean;
+    isAnySelected(category: ICategory): boolean;
+    removeAllInCategory(categoryId: number): void;
+    addOrUpdateAllInCategory(categoryId: number, revert: boolean): void;
+    addSelectedScript(scriptId: string, revert: boolean): void;
+    addOrUpdateSelectedScript(scriptId: string, revert: boolean): void;
+    removeSelectedScript(scriptId: string): void;
+    selectOnly(scripts: ReadonlyArray<IScript>): void;
+    isSelected(scriptId: string): boolean;
+    selectAll(): void;
+    deselectAll(): void;
+}

src/application/Context/State/Selection/SelectedScript.ts

@@ -0,0 +1,14 @@
+import { BaseEntity } from '@/infrastructure/Entity/BaseEntity';
+import { IScript } from '@/domain/IScript';
+
+export class SelectedScript extends BaseEntity<string> {
+    constructor(
+        public readonly script: IScript,
+        public readonly revert: boolean,
+        ) {
+        super(script.id);
+        if (revert && !script.canRevert()) {
+            throw new Error('cannot revert an irreversible script');
+        }
+    }
+}

src/application/Context/State/Selection/UserSelection.ts

@@ -0,0 +1,145 @@
+import { SelectedScript } from './SelectedScript';
+import { IUserSelection } from './IUserSelection';
+import { InMemoryRepository } from '@/infrastructure/Repository/InMemoryRepository';
+import { IScript } from '@/domain/IScript';
+import { EventSource } from '@/infrastructure/Events/EventSource';
+import { IRepository } from '@/infrastructure/Repository/IRepository';
+import { ICategory } from '@/domain/ICategory';
+import { ICategoryCollection } from '@/domain/ICategoryCollection';
+
+export class UserSelection implements IUserSelection {
+    public readonly changed = new EventSource<ReadonlyArray<SelectedScript>>();
+    private readonly scripts: IRepository<string, SelectedScript>;
+
+    constructor(
+        private readonly collection: ICategoryCollection,
+        selectedScripts: ReadonlyArray<SelectedScript>) {
+        this.scripts =  new InMemoryRepository<string, SelectedScript>();
+        if (selectedScripts && selectedScripts.length > 0) {
+            for (const script of selectedScripts) {
+                this.scripts.addItem(script);
+            }
+        }
+    }
+
+    public areAllSelected(category: ICategory): boolean {
+        if (this.selectedScripts.length === 0) {
+            return false;
+        }
+        const scripts = category.getAllScriptsRecursively();
+        if (this.selectedScripts.length < scripts.length) {
+            return false;
+        }
+        return scripts.every((script) => this.selectedScripts.some((selected) => selected.id === script.id));
+    }
+
+    public isAnySelected(category: ICategory): boolean {
+        if (this.selectedScripts.length === 0) {
+            return false;
+        }
+        return this.selectedScripts.some((s) => category.includes(s.script));
+    }
+
+    public removeAllInCategory(categoryId: number): void {
+        const category = this.collection.findCategory(categoryId);
+        const scriptsToRemove = category.getAllScriptsRecursively()
+            .filter((script) => this.scripts.exists(script.id));
+        if (!scriptsToRemove.length) {
+            return;
+        }
+        for (const script of scriptsToRemove) {
+            this.scripts.removeItem(script.id);
+        }
+        this.changed.notify(this.scripts.getItems());
+    }
+
+    public addOrUpdateAllInCategory(categoryId: number, revert: boolean = false): void {
+        const category = this.collection.findCategory(categoryId);
+        const scriptsToAddOrUpdate = category.getAllScriptsRecursively()
+            .filter((script) =>
+                !this.scripts.exists(script.id)
+                    || this.scripts.getById(script.id).revert !== revert,
+            );
+        if (!scriptsToAddOrUpdate.length) {
+            return;
+        }
+        for (const script of scriptsToAddOrUpdate) {
+            const selectedScript = new SelectedScript(script, revert);
+            this.scripts.addOrUpdateItem(selectedScript);
+        }
+        this.changed.notify(this.scripts.getItems());
+    }
+
+    public addSelectedScript(scriptId: string, revert: boolean): void {
+        const script = this.collection.findScript(scriptId);
+        if (!script) {
+            throw new Error(`Cannot add (id: ${scriptId}) as it is unknown`);
+        }
+        const selectedScript = new SelectedScript(script, revert);
+        this.scripts.addItem(selectedScript);
+        this.changed.notify(this.scripts.getItems());
+    }
+
+    public addOrUpdateSelectedScript(scriptId: string, revert: boolean): void {
+        const script = this.collection.findScript(scriptId);
+        const selectedScript = new SelectedScript(script, revert);
+        this.scripts.addOrUpdateItem(selectedScript);
+        this.changed.notify(this.scripts.getItems());
+    }
+
+    public removeSelectedScript(scriptId: string): void {
+        this.scripts.removeItem(scriptId);
+        this.changed.notify(this.scripts.getItems());
+    }
+
+    public isSelected(scriptId: string): boolean {
+        return this.scripts.exists(scriptId);
+    }
+
+    /** Get users scripts based on his/her selections */
+    public get selectedScripts(): ReadonlyArray<SelectedScript> {
+        return this.scripts.getItems();
+    }
+
+    public get totalSelected(): number {
+        return this.scripts.getItems().length;
+    }
+
+    public selectAll(): void {
+        for (const script of this.collection.getAllScripts()) {
+            if (!this.scripts.exists(script.id)) {
+                const selection = new SelectedScript(script, false);
+                this.scripts.addItem(selection);
+            }
+        }
+        this.changed.notify(this.scripts.getItems());
+    }
+
+    public deselectAll(): void {
+        const selectedScriptIds = this.scripts.getItems().map((script) => script.id);
+        for (const scriptId of selectedScriptIds) {
+            this.scripts.removeItem(scriptId);
+        }
+        this.changed.notify([]);
+    }
+
+    public selectOnly(scripts: readonly IScript[]): void {
+        if (!scripts || scripts.length === 0) {
+            throw new Error('Scripts are empty. Use deselectAll() if you want to deselect everything');
+        }
+        // Unselect from selected scripts
+        if (this.scripts.length !== 0) {
+            this.scripts.getItems()
+                .filter((existing) => !scripts.some((script) => existing.id === script.id))
+                .map((script) => script.id)
+                .forEach((scriptId) => this.scripts.removeItem(scriptId));
+        }
+        // Select from unselected scripts
+        const unselectedScripts = scripts.filter((script) => !this.scripts.exists(script.id));
+        for (const toSelect of unselectedScripts) {
+            const selection = new SelectedScript(toSelect, false);
+            this.scripts.addItem(selection);
+        }
+        this.changed.notify(this.scripts.getItems());
+    }
+}

src/application/Environment/BrowserOs/BrowserOsDetector.ts

@@ -0,0 +1,54 @@
+import { OperatingSystem } from '@/domain/OperatingSystem';
+import { DetectorBuilder } from './DetectorBuilder';
+import { IBrowserOsDetector } from './IBrowserOsDetector';
+
+export class BrowserOsDetector implements IBrowserOsDetector {
+    private readonly detectors = BrowserDetectors;
+    public detect(userAgent: string): OperatingSystem {
+        if (!userAgent) {
+            return OperatingSystem.Unknown;
+        }
+        for (const detector of this.detectors) {
+            const os = detector.detect(userAgent);
+            if (os !== OperatingSystem.Unknown) {
+                return os;
+            }
+        }
+        return OperatingSystem.Unknown;
+    }
+}
+
+// Reference: https://github.com/keithws/browser-report/blob/master/index.js#L304
+const BrowserDetectors =
+[
+    define(OperatingSystem.KaiOS, (b) =>
+        b.mustInclude('KAIOS')),
+    define(OperatingSystem.ChromeOS, (b) =>
+        b.mustInclude('CrOS')),
+    define(OperatingSystem.BlackBerryOS, (b) =>
+        b.mustInclude('BlackBerry')),
+    define(OperatingSystem.BlackBerryTabletOS, (b) =>
+        b.mustInclude('RIM Tablet OS')),
+    define(OperatingSystem.BlackBerry, (b) =>
+        b.mustInclude('BB10')),
+    define(OperatingSystem.Android, (b) =>
+        b.mustInclude('Android').mustNotInclude('Windows Phone')),
+    define(OperatingSystem.Android, (b) =>
+        b.mustInclude('Adr').mustNotInclude('Windows Phone')),
+    define(OperatingSystem.iOS, (b) =>
+        b.mustInclude('like Mac OS X')),
+    define(OperatingSystem.Linux, (b) =>
+        b.mustInclude('Linux').mustNotInclude('Android').mustNotInclude('Adr')),
+    define(OperatingSystem.Windows, (b) =>
+        b.mustInclude('Windows').mustNotInclude('Windows Phone')),
+    define(OperatingSystem.WindowsPhone, (b) =>
+        b.mustInclude('Windows Phone')),
+    define(OperatingSystem.macOS, (b) =>
+        b.mustInclude('OS X').mustNotInclude('Android').mustNotInclude('like Mac OS X')),
+];
+
+function define(os: OperatingSystem, applyRules: (builder: DetectorBuilder) => DetectorBuilder): IBrowserOsDetector {
+    const builder = new DetectorBuilder(os);
+    applyRules(builder);
+    return builder.build();
+}

src/application/Environment/BrowserOs/DetectorBuilder.ts

@@ -0,0 +1,53 @@
+import { IBrowserOsDetector } from './IBrowserOsDetector';
+import { OperatingSystem } from '@/domain/OperatingSystem';
+
+export class DetectorBuilder {
+    private readonly existingPartsInUserAgent = new Array<string>();
+    private readonly notExistingPartsInUserAgent = new Array<string>();
+
+    constructor(private readonly os: OperatingSystem) { }
+
+    public mustInclude(str: string): DetectorBuilder {
+        return this.add(str, this.existingPartsInUserAgent);
+    }
+
+    public mustNotInclude(str: string): DetectorBuilder {
+        return this.add(str, this.notExistingPartsInUserAgent);
+    }
+
+    public build(): IBrowserOsDetector {
+        if (!this.existingPartsInUserAgent.length) {
+            throw new Error('Must include at least a part');
+        }
+        return {
+            detect: (agent) => this.detect(agent),
+        };
+    }
+
+    private detect(userAgent: string): OperatingSystem {
+        if (!userAgent) {
+            throw new Error('User agent is null or undefined');
+        }
+        if (this.existingPartsInUserAgent.some((part) => !userAgent.includes(part))) {
+            return OperatingSystem.Unknown;
+        }
+        if (this.notExistingPartsInUserAgent.some((part) => userAgent.includes(part))) {
+            return OperatingSystem.Unknown;
+        }
+        return this.os;
+    }
+
+    private add(part: string, array: string[]): DetectorBuilder {
+        if (!part) {
+            throw new Error('part is empty or undefined');
+        }
+        if (this.existingPartsInUserAgent.includes(part)) {
+            throw new Error(`part ${part} is already included as existing part`);
+        }
+        if (this.notExistingPartsInUserAgent.includes(part)) {
+            throw new Error(`part ${part} is already included as not existing part`);
+        }
+        array.push(part);
+        return this;
+    }
+}

src/application/Environment/BrowserOs/IBrowserOsDetector.ts

@@ -0,0 +1,5 @@
+import { OperatingSystem } from '@/domain/OperatingSystem';
+
+export interface IBrowserOsDetector {
+    detect(userAgent: string): OperatingSystem;
+}

src/application/Environment/Environment.ts

@@ -0,0 +1,80 @@
+import { BrowserOsDetector } from './BrowserOs/BrowserOsDetector';
+import { IBrowserOsDetector } from './BrowserOs/IBrowserOsDetector';
+import { IEnvironment } from './IEnvironment';
+import { OperatingSystem } from '@/domain/OperatingSystem';
+
+interface IEnvironmentVariables {
+    readonly window: Window & typeof globalThis;
+    readonly process: NodeJS.Process;
+    readonly navigator: Navigator;
+}
+
+export class Environment implements IEnvironment {
+    public static readonly CurrentEnvironment: IEnvironment = new Environment({
+        window,
+        process,
+        navigator,
+    });
+    public readonly isDesktop: boolean;
+    public readonly os: OperatingSystem;
+    protected constructor(
+      variables: IEnvironmentVariables,
+      browserOsDetector: IBrowserOsDetector = new BrowserOsDetector()) {
+        if (!variables) {
+            throw new Error('variables is null or empty');
+        }
+        this.isDesktop = isDesktop(variables);
+        this.os = this.isDesktop ?
+            getDesktopOsType(getProcessPlatform(variables))
+          : browserOsDetector.detect(getUserAgent(variables));
+    }
+}
+
+function getUserAgent(variables: IEnvironmentVariables): string {
+    if (!variables.window || !variables.window.navigator) {
+        return undefined;
+    }
+    return variables.window.navigator.userAgent;
+}
+
+function getProcessPlatform(variables: IEnvironmentVariables): string {
+    if (!variables.process || !variables.process.platform) {
+        return undefined;
+    }
+    return variables.process.platform;
+}
+
+function getDesktopOsType(processPlatform: string): OperatingSystem {
+    // https://nodejs.org/api/process.html#process_process_platform
+    if (processPlatform === 'darwin') {
+        return OperatingSystem.macOS;
+    } else if (processPlatform === 'win32') {
+        return OperatingSystem.Windows;
+    } else if (processPlatform === 'linux') {
+        return OperatingSystem.Linux;
+    }
+    return OperatingSystem.Unknown;
+}
+
+function isDesktop(variables: IEnvironmentVariables): boolean {
+    // More: https://github.com/electron/electron/issues/2288
+    // Renderer process
+    if (variables.window
+        && variables.window.process
+        && variables.window.process.type === 'renderer') {
+        return true;
+    }
+    // Main process
+    if (variables.process
+        && variables.process.versions
+        && Boolean(variables.process.versions.electron)) {
+        return true;
+    }
+    // Detect the user agent when the `nodeIntegration` option is set to true
+    if (variables.navigator
+        && variables.navigator.userAgent
+        && variables.navigator.userAgent.includes('Electron')) {
+        return true;
+    }
+    return false;
+}

src/application/Environment/IEnvironment.ts

@@ -0,0 +1,6 @@
+import { OperatingSystem } from '@/domain/OperatingSystem';
+
+export interface IEnvironment {
+    readonly isDesktop: boolean;
+    readonly os: OperatingSystem;
+}

src/application/IApplicationFactory.ts

@@ -0,0 +1,5 @@
+import { IApplication } from '@/domain/IApplication';
+
+export interface IApplicationFactory {
+    getAppAsync(): Promise<IApplication>;
+}