fix typo

* update the recycling bin option

Powershell has a module in PS 5.1+ called Clear-Recyclebin that works better than the CMD method - rd /s %systemdrive%\$Recycle.bin

* update recycling bin delete command

one liner of ComObject in powershell instead of cmd asking for confirmation. adds better backwards compatibility.

.dockerignore

@@ -0,0 +1,9 @@
+node_modules
+dist
+dist_electron
+.vs
+.vscode
+.github
+.git
+docs
+docker

.github/workflows/build-and-deploy.yaml

@@ -1,91 +0,0 @@
-name: Build & deploy
-
-on:
-  push:
-    branches:
-    - master
-
-jobs:
-  build-and-deploy:
-    runs-on: ubuntu-18.04
-    steps:
-      -
-        name: "Prepare: Checkout"
-        uses: actions/checkout@v1
-      -
-        name: "Prepare: Create AWS user profile"
-        run: >-
-          bash "aws/scripts/configure/create-user-profile.sh" \
-            --profile user \
-            --access-key-id ${{secrets.AWS_DEPLOYMENT_USER_ACCESS_KEY_ID}} \
-            --secret-access-key ${{secrets.AWS_DEPLOYMENT_USER_SECRET_ACCESS_KEY}} \
-            --region us-east-1
-      -
-        name: "Infrastructure: Deploy IAM stack"
-        run: >-
-          bash "aws/scripts/deploy/deploy-stack.sh" \
-            --template-file aws/iam-stack.yaml \
-            --stack-name privacysexy-iam-stack \
-            --capabilities CAPABILITY_IAM  \
-            --region us-east-1 --role-arn ${{secrets.AWS_IAM_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}
-      -
-        name: "Infrastructure: Deploy certificate stack"
-        run: >-
-          bash "aws/scripts/deploy/deploy-stack.sh" \
-            --template-file aws/certificate-stack.yaml \
-            --stack-name privacysexy-certificate-stack \
-            --region us-east-1 \
-            --role-arn ${{secrets.AWS_CERTIFICATE_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}
-      -
-        name: "Infrastructure: Deploy DNS stack"
-        run: >-
-          bash "aws/scripts/deploy/deploy-stack.sh" \
-            --template-file aws/dns-stack.yaml \
-            --stack-name privacysexy-dns-stack \
-            --region us-east-1 \
-            --role-arn ${{secrets.AWS_DNS_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}
-      -
-        name: "Infrastructure: Deploy web stack"
-        run: >-
-          bash "aws/scripts/deploy/deploy-stack.sh" \
-            --template-file aws/web-stack.yaml \
-            --stack-name privacysexy-web-stack \
-            --region us-east-1 \
-            --role-arn ${{secrets.AWS_WEB_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}
-      -
-        name: "App: Setup node"
-        uses: actions/setup-node@v1
-        with:
-          node-version: '11.x'
-      -
-        name: "App: Install dependencies"
-        run: npm install
-      -
-        name: "App: Run tests"
-        run: npm run test:unit
-      - 
-        name: "App: Build"
-        run: npm run build
-      -
-        name: "App: Deploy to S3"
-        run: >-
-          bash "aws/scripts/deploy/deploy-to-s3.sh" \
-            --folder dist \
-            --web-stack-name privacysexy-web-stack --web-stack-s3-name-output-name S3BucketName \
-            --storage-class ONEZONE_IA \
-            --role-arn ${{secrets.AWS_S3_SITE_DEPLOYMENT_ROLE_ARN}} \
-            --region us-east-1 \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}
-      -
-        name: "App: Invalidate CloudFront cache"
-        run: >-
-          bash "aws/scripts/deploy/invalidate-cloudfront-cache.sh" \
-            --paths "/*" \
-            --web-stack-name privacysexy-web-stack --web-stack-cloudfront-arn-output-name CloudFrontDistributionArn \
-            --role-arn ${{secrets.AWS_CLOUDFRONT_SITE_DEPLOYMENT_ROLE_ARN}} \
-            --region us-east-1 \
-            --profile user --session ${{github.actor}}-${{github.event_name}}-${{github.sha}}

.github/workflows/bump-and-release.yaml

@@ -0,0 +1,17 @@
+name: Bump & release
+
+on:
+  push: # Ensure a new release is created for each new tag
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  bump-version-and-release:
+    if: github.event.base_ref == 'refs/heads/master'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: undergroundwires/bump-everywhere@master
+        with:
+          user: undergroundwires-bot
+          release-token: ${{ secrets.BUMP_GITHUB_PAT }} # Does not trigger release pipeline if we use default token: https://github.community/t5/GitHub-Actions/Github-Action-trigger-on-release-not-working-if-releases-was/td-p/34559
+                                                        # GitHub does not inject secrets if pipeline runs from fork or a fork is merged to main repo. 

.github/workflows/deploy-desktop.yaml

@@ -0,0 +1,32 @@
+name: Deploy desktop
+
+on:
+ release:
+   types: [created] # will be triggered when a NON-draft release is created and published.
+
+jobs:
+  publish-desktop-app:
+    name: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [macos, ubuntu, windows]
+    runs-on: ${{ matrix.os }}-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: master # otherwise it defaults to the version tag missing bump commit
+          fetch-depth: 0 # fetch all history
+      - name: Checkout to bump commit
+        run: git checkout "$(git rev-list "${{ github.event.release.tag_name }}"..master | tail -1)"
+      - name: Setup node
+        uses: actions/setup-node@v1
+        with:
+          node-version: '14.x'
+      - name: Install dependencies
+        run: npm ci
+      - name: Run tests
+        run: npm run test:unit
+      - name: Publish desktop app
+        run: npm run electron:build -- -p always # https://nklayman.github.io/vue-cli-plugin-electron-builder/guide/recipes.html#upload-release-to-github
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/deploy-site.yaml

@@ -0,0 +1,117 @@
+name: Deploy site
+
+on:
+ release:
+   types: [created] # will be triggered when a NON-draft release is created and published.
+
+jobs:
+  aws-deploy: # see: https://github.com/undergroundwires/aws-static-site-with-cd
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: "Infrastructure: Checkout"
+        uses: actions/checkout@v2
+        with:
+          path: aws
+          repository: undergroundwires/aws-static-site-with-cd
+      -
+        name: "Infrastructure: Create AWS user profile & session name"
+        run: >-
+          bash "scripts/configure/create-user-profile.sh" \
+            --profile user \
+            --access-key-id ${{secrets.AWS_DEPLOYMENT_USER_ACCESS_KEY_ID}} \
+            --secret-access-key ${{secrets.AWS_DEPLOYMENT_USER_SECRET_ACCESS_KEY}} \
+            --region us-east-1 \
+          && \
+            echo "::set-env name=SESSION_NAME::${{github.actor}}-${{github.event_name}}-$(echo ${{github.sha}} | cut -c1-8)"
+        working-directory: aws
+      -
+        name: "Infrastructure: Deploy IAM stack"
+        run: >-
+          bash "scripts/deploy/deploy-stack.sh" \
+            --template-file stacks/iam-stack.yaml \
+            --stack-name privacysexy-iam-stack \
+            --capabilities CAPABILITY_IAM \
+            --parameter-overrides "WebStackName=privacysexy-web-stack DnsStackName=privacysexy-dns-stack \
+                                   CertificateStackName=privacysexy-cert-stack RootDomainName=privacy.sexy" \
+            --region us-east-1 --role-arn ${{secrets.AWS_IAM_STACK_DEPLOYMENT_ROLE_ARN}} \
+            --profile user --session ${{ env.SESSION_NAME }}
+        working-directory: aws
+      -
+        name: "Infrastructure: Deploy DNS stack"
+        run: >-
+          bash "scripts/deploy/deploy-stack.sh" \
+            --template-file stacks/dns-stack.yaml \
+            --stack-name privacysexy-dns-stack \
+            --parameter-overrides "RootDomainName=privacy.sexy" \
+            --region us-east-1 \
+            --role-arn ${{secrets.AWS_DNS_STACK_DEPLOYMENT_ROLE_ARN}} \
+            --profile user --session ${{ env.SESSION_NAME }}
+        working-directory: aws
+      -
+        name: "Infrastructure: Deploy certificate stack"
+        run: >-
+          bash "scripts/deploy/deploy-stack.sh" \
+            --template-file stacks/certificate-stack.yaml \
+            --stack-name privacysexy-cert-stack \
+            --capabilities CAPABILITY_IAM \
+            --parameter-overrides "IamStackName=privacysexy-iam-stack RootDomainName=privacy.sexy DnsStackName=privacysexy-dns-stack" \
+            --region us-east-1 \
+            --role-arn ${{secrets.AWS_CERTIFICATE_STACK_DEPLOYMENT_ROLE_ARN}} \
+            --profile user --session ${{ env.SESSION_NAME }}
+        working-directory: aws
+      -
+        name: "Infrastructure: Deploy web stack"
+        run: >-
+          bash "scripts/deploy/deploy-stack.sh" \
+            --template-file stacks/web-stack.yaml \
+            --stack-name privacysexy-web-stack \
+            --parameter-overrides "CertificateStackName=privacysexy-cert-stack DnsStackName=privacysexy-dns-stack \
+                                   RootDomainName=privacy.sexy UseDeepLinks=true" \
+            --capabilities CAPABILITY_IAM \
+            --region us-east-1 \
+            --role-arn ${{secrets.AWS_WEB_STACK_DEPLOYMENT_ROLE_ARN}} \
+            --profile user --session ${{ env.SESSION_NAME }}
+        working-directory: aws
+      -
+        name: "App: Checkout"
+        uses: actions/checkout@v2
+        with:
+          path: site
+          ref: master # otherwise we don't get version bump commit
+      -
+        name: "App: Setup node"
+        uses: actions/setup-node@v1
+        with:
+          node-version: '14.x'
+      -
+        name: "App: Install dependencies"
+        run: npm ci
+        working-directory: site
+      -
+        name: "App: Run tests"
+        run: npm run test:unit
+        working-directory: site
+      - 
+        name: "App: Build"
+        run: npm run build
+        working-directory: site
+      -
+        name: "App: Deploy to S3"
+        run: >-
+          bash "aws/scripts/deploy/deploy-to-s3.sh" \
+            --folder site/dist \
+            --web-stack-name privacysexy-web-stack --web-stack-s3-name-output-name S3BucketName \
+            --storage-class ONEZONE_IA \
+            --role-arn ${{secrets.AWS_S3_SITE_DEPLOYMENT_ROLE_ARN}} \
+            --region us-east-1 \
+            --profile user --session ${{ env.SESSION_NAME }}
+      -
+        name: "App: Invalidate CloudFront cache"
+        run: >-
+          bash "aws/scripts/deploy/invalidate-cloudfront-cache.sh" \
+            --paths "/*" \
+            --web-stack-name privacysexy-web-stack --web-stack-cloudfront-arn-output-name CloudFrontDistributionArn \
+            --role-arn ${{secrets.AWS_CLOUDFRONT_SITE_DEPLOYMENT_ROLE_ARN}} \
+            --region us-east-1 \
+            --profile user --session ${{ env.SESSION_NAME }}

.github/workflows/quality-checks.yaml

@@ -0,0 +1,26 @@
+name: Quality checks
+
+on: [ push, pull_request ]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        lint-command:
+          - npm run lint:vue
+          - npm run lint:yaml
+          - npm run lint:md
+          - npm run lint:md:relative-urls
+          - npm run lint:md:consistency
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup node
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      - name: Install dependencies
+        run: npm ci
+      - name: Lint
+        run: ${{ matrix.lint-command }}

.github/workflows/security-checks.yaml

@@ -0,0 +1,23 @@
+name: Security checks
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 0 * * 0'
+
+jobs:
+  npm-audit:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Setup node
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      -
+        name: NPM audit
+        run: npm audit

.github/workflows/test.yaml

@@ -1,26 +1,22 @@
-name: Run tests
+name: Test
 
-on:
-  push:
-    branches:
-      - '*'
-      - '!master'
+on: [ push, pull_request ]
 
 jobs:
-  build-and-deploy:
+  run-tests:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
       -
         name: Setup node
         uses: actions/setup-node@v1
         with:
-          node-version: '11.x'
+          node-version: '14.x'
       -
         name: Install dependencies
-        run: npm install
+        run: npm ci
       -
         name: Run tests
         run: npm run test:unit

.gitignore

@@ -1,4 +1,6 @@
 node_modules
 /dist
 .vs
-.vscode
+.vscode
+#Electron-builder output
+/dist_electron

.markdownlint.json

@@ -0,0 +1,4 @@
+{
+    "default": true,
+    "MD013": false
+}

CHANGELOG.md

@@ -1,40 +1,257 @@
 # Changelog
 
-- All notable changes to this project will be documented in this file.
+## 0.7.4 (2020-09-12)
 
-## [Unreleased]
+* fix checked checkbox has blue border | [commit](https://github.com/undergroundwires/privacy.sexy/commit/4ae385b7fcea9014a68442714b7d99e2ee7df7d0)
+* fix spectre protection getting single lined #31 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/22b23a9ece446c7f9abd4ede293051eb616ad50a)
+* fix missing reg value in denying app access to account | [commit](https://github.com/undergroundwires/privacy.sexy/commit/3c13a9e837e06e097450b31d7eb0c0e6bf20cefb)
+* fix wrong path in clear all firefox user profile settings | [commit](https://github.com/undergroundwires/privacy.sexy/commit/ee66196d9a60f27d17ae7f62d02b4f119a47e6e0)
 
-## [0.4.0] - 2020-01-11
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.7.3...0.7.4)
 
-- Added search
-- Some styling improvements
-- Better organization of scripts + more scripts
+## 0.7.3 (2020-09-12)
 
-## [0.3.0] - 2020-01-09
+* fix vscode settings file override and add more configs | [commit](https://github.com/undergroundwires/privacy.sexy/commit/a0d61728ead04b4455437f85820121a848db9e00)
+* fix nvidia tweak error message, categorize and add reversibility | [commit](https://github.com/undergroundwires/privacy.sexy/commit/99a2035fdb0766a4dfc2753133eab0d7666516cd)
+* improve CPU specific tweaks by conditional platform checks and reversibility | [commit](https://github.com/undergroundwires/privacy.sexy/commit/8df5faf4ef05a49da63973bd0fbb5c5d07d5bd93)
+* fix wrong path to the main telemetry file | [commit](https://github.com/undergroundwires/privacy.sexy/commit/de4ac978bdda79573b36d355697b8a028d2c0beb)
+* fix naming of firefox cleanup to mention profiles | [commit](https://github.com/undergroundwires/privacy.sexy/commit/3ab48b1cf5f7f934f07e468ef2318ccee07f530c)
+* add reversibility and more scripts to denying app access with better structure | [commit](https://github.com/undergroundwires/privacy.sexy/commit/1d465ee3189d0e5a827453b3f0eb4361efe23770)
+* fix comment lines are being detected as duplicate in validation | [commit](https://github.com/undergroundwires/privacy.sexy/commit/b6ccb5927a20412976a54fd2215eb645092f98a8)
+* add more detailed error message | [commit](https://github.com/undergroundwires/privacy.sexy/commit/1f11c39773c12eccfb3efb898b58c2f6f37ab9ca)
+* fix typo in a test | [commit](https://github.com/undergroundwires/privacy.sexy/commit/1f19b2528a69383e63e579d2885f01cd804abf6c)
 
-- Added support for grouping
-- Added some meta tags
-- Added "Disable NVIDIA telemetry" script
-- Added legacy browser compatibility for fonts & changed main font
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.7.2...0.7.3)
 
-## [0.2.0] - 2020-01-06
+## 0.7.2 (2020-09-06)
 
-- Fixed typo in generated code.
-- Better URL validation for documentation links in `application.yaml`.
-- Slightly faster parsing of `application.yaml`
-- Styled no JS error that's shown when JavaScript is disabled.
-- The default selection is now *None* & instruction text is shown in code box when nothing is selected.
-- Added hyphen lines when rendering of long function names
-- Changed subtitle: added version as footer instead.
+* update onesync documentation and do not recommend it as it breaks other apps | [commit](https://github.com/undergroundwires/privacy.sexy/commit/f36d8bfc7848bb65ac0c641e318a689bf3816ccf)
+* add reversibility for biometric disabling and do not recommend it | [commit](https://github.com/undergroundwires/privacy.sexy/commit/db74531cd4139615c6d595959217d3651f099019)
+* fix bad highlighting of selected nodes when using keyboard navigation | [commit](https://github.com/undergroundwires/privacy.sexy/commit/255133af4dfae40171406648a3e2920f16d71cb3)
+* add reversibility to removing bloatware | [commit](https://github.com/undergroundwires/privacy.sexy/commit/c7b2a703128470a05f12c9c6e8002444def37ef8)
+* fix indeterminate state being lost | [commit](https://github.com/undergroundwires/privacy.sexy/commit/1f266c33535f72b69c65985bf2eff27cd2c5a104)
+* fix wording in default text in text area | [commit](https://github.com/undergroundwires/privacy.sexy/commit/ca63a0979ef55d07d09d9443e5cea9aa888870a5)
+* add best practice suggestion to come back | [commit](https://github.com/undergroundwires/privacy.sexy/commit/f4885b6f1c82752f2143934e336d6d1b1af03015)
 
-## [0.1.0] - 2019-12-31
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.7.1...0.7.2)
 
-- Initial release
+## 0.7.1 (2020-09-04)
 
-## All releases
+* fix some browsers (including firefox) downloading the script as a text file | [commit](https://github.com/undergroundwires/privacy.sexy/commit/8c17929151f9c4fa5f48564492bbf400ced95eea)
+* rename screenshot image file | [commit](https://github.com/undergroundwires/privacy.sexy/commit/b8682a852a14ed6cf49986695d9510b840ac9d3d)
+* fix new/changed script higlighting not working on production builds | [commit](https://github.com/undergroundwires/privacy.sexy/commit/8c38dd73d8c7b77d8d341c0389f4d7229f9b97fd)
+* refactor unused imports | [commit](https://github.com/undergroundwires/privacy.sexy/commit/6badfef9daace0c5de3fd33652a82bfe22261b11)
 
-- [Unreleased] : https://github.com/undergroundwires/privacy.sexy/compare/v0.4.0...HEAD
-- [v0.4.0] : https://github.com/undergroundwires/privacy.sexy/compare/v0.3.0...v0.4.0
-- [v0.3.0] : https://github.com/undergroundwires/privacy.sexy/compare/v0.2.0...v0.3.0
-- [v0.2.0] : https://github.com/undergroundwires/privacy.sexy/compare/v0.1.0...v0.2.0
-- [v0.1.0] : https://github.com/undergroundwires/privacy.sexy/releases/tag/v0.1.0
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.7.0...0.7.1)
+
+## 0.7.0 (2020-09-02)
+
+* [search] better (multilined) message when there are no results | [commit](https://github.com/undergroundwires/privacy.sexy/commit/ec15af01dd020b364c2174fe562fd66227c2320c)
+* [search] added clear/close button | [commit](https://github.com/undergroundwires/privacy.sexy/commit/d6fa9a2a03c0ebe68b94f0b80cc52b4e200c9213)
+* move script generation to /generation | [commit](https://github.com/undergroundwires/privacy.sexy/commit/5df458739d076719e350ba194c4f3f772884fcdb)
+* add auto-highlighting of selected/updated code | [commit](https://github.com/undergroundwires/privacy.sexy/commit/b789250cb89e2130b08e1a927df8181cf945dfeb)
+* prompt admin priviliges automatically | [commit](https://github.com/undergroundwires/privacy.sexy/commit/f8ba5c46e4923d9c35f200f8a08aa6437f7c0ecc)
+* add removal of ghost (default0) telemetry user | [commit](https://github.com/undergroundwires/privacy.sexy/commit/c262681011f39b4412669b6cf233476f676ca550)
+* add more windows defender tweaks, categorization and reversibility | [commit](https://github.com/undergroundwires/privacy.sexy/commit/1a34c7374ba56bafa0209bbb55c81b233bb419ed)
+* fix NTP script documentation is on wrong place | [commit](https://github.com/undergroundwires/privacy.sexy/commit/3060ebf79cf242370433495cc3e1878b7581b202)
+* updated dependencies to latest and audit fixes (#25) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/c628aa9aef8ab7c815661d3c1711e7fbc65c69a2)
+* categorize, fix and extend windows log files cleanup | [commit](https://github.com/undergroundwires/privacy.sexy/commit/594a14d6ca76cbd27a21877b8c373c1930589ca6)
+* add more OneDrive cleanup scripts and categorize them | [commit](https://github.com/undergroundwires/privacy.sexy/commit/978d7d08638dd161082f239ed088b12302f29458)
+* add disabling firefox telemetry | [commit](https://github.com/undergroundwires/privacy.sexy/commit/f8b8b4c97ab734d5ba7370894b694993924388da)
+* add disabling ccleaner telemetry | [commit](https://github.com/undergroundwires/privacy.sexy/commit/018b7e270f207aac926cb12f8069ebfcdce193ce)
+* Add disabling of PowerShell 7+ telemetry (#29) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/456e40bedf9afcc846f9b13f1ea144cef6115cf6)
+* categorize, fix, make scripts reversible in "UI for privacy", "security improvements" and "configure browsers" | [commit](https://github.com/undergroundwires/privacy.sexy/commit/532915b95da9fecd6b981d91bf489359e4e53caa)
+* fix "Configure Defender" being in wrong category #28 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/f709d6a566ed7846b677b383863deda9680a2a9c)
+* do not hardcode capability versions and make them reversible | [commit](https://github.com/undergroundwires/privacy.sexy/commit/2afef4ea3d0d3d09aa1fa1eedba8493680bd8f10)
+* exclude paint, wordpad and notepad from bloatware removal | [commit](https://github.com/undergroundwires/privacy.sexy/commit/d235dee95514a01745aef9479d07f88ffb4b40b8)
+* add reversibility on category level | [commit](https://github.com/undergroundwires/privacy.sexy/commit/f51e8859eeb32c944126d692cfe03a0320c8b568)
+* refactor unused imports & variables | [commit](https://github.com/undergroundwires/privacy.sexy/commit/a23d28f2cfa2d64d45460697cf5ee9d6b5920752)
+* fix search (got broken in b789250) with tests and refactorings | [commit](https://github.com/undergroundwires/privacy.sexy/commit/8bbe6ebf750f1a1cbab493fb99b5ea91f4e21609)
+* update the screenshot to show off highlighting | [commit](https://github.com/undergroundwires/privacy.sexy/commit/b4aacea2a3e0bbcf2d8a79ff67f51c0f19e888a6)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.6.2...0.7.0)
+
+## 0.6.2 (2020-08-16)
+
+* 🐛 fixed disabling error reporting for november 2019 update | [commit](https://github.com/undergroundwires/privacy.sexy/commit/5967347b80976a519f6f4eb1972a62f3e600df2b)
+* 🐛 fixed blank screen and icons on mac | [commit](https://github.com/undergroundwires/privacy.sexy/commit/7fac0fe79f252e8f9dda4f6f83cd6fa4ba2b539f)
+* 🐛 fixed removing onedrive does not delete scheduled tasks | [commit](https://github.com/undergroundwires/privacy.sexy/commit/b6bfc2572740c0cd46d3bc0058fa767dd5fa862e)
+* ⚙️ enhanced tweak to disable for office telemetry | [commit](https://github.com/undergroundwires/privacy.sexy/commit/afc3bfb3b8896f332c9a196973ded3dce8fd21e4)
+* ✨ added script to clear dotnet telemery | [commit](https://github.com/undergroundwires/privacy.sexy/commit/1663bfeac7b6580b1335ca5fcf3587b69c080c72)
+* 🐛 fixed changing time server not working | [commit](https://github.com/undergroundwires/privacy.sexy/commit/c69998c7cb29ffcf40f0af03b73150736581da69)
+* 🔥 removed disabling ClickToRun as it breaks office | [commit](https://github.com/undergroundwires/privacy.sexy/commit/3d3380f27ebeea53f17f49974aaa89300ffaf2dd)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.6.1...0.6.2)
+
+## 0.6.1 (2020-08-09)
+
+* updated documentation | [commit](https://github.com/undergroundwires/privacy.sexy/commit/5963d2bac551083f9d16cce6b851abf0e8b88ce7)
+* fixed typo in footer | [commit](https://github.com/undergroundwires/privacy.sexy/commit/5c15a7a64aaf24578a32713dec491bf494216303)
+* more scripts can be reverted | [commit](https://github.com/undergroundwires/privacy.sexy/commit/831c014f977515454ee6dc664d77a8c434495501)
+* moved windows connect now to security & recommended | [commit](https://github.com/undergroundwires/privacy.sexy/commit/6049a2b834d8d17af741f8d8f8b07cd15153b001)
+* fixed mac / linux download links | [commit](https://github.com/undergroundwires/privacy.sexy/commit/4c8be45e287b5ea009d6f828f7f327f37850569e)
+* tweaks to disable webcam, speech and compatibility telemetry | [commit](https://github.com/undergroundwires/privacy.sexy/commit/a5dbe66fc175e39397f296ab2ff703e9b0ab4d7c)
+* refactorings | [commit](https://github.com/undergroundwires/privacy.sexy/commit/66d4d39d5bf3db305450514c6b6224654dafbfb2)
+* fixed removing onedrive does not clean start menu / quick access | [commit](https://github.com/undergroundwires/privacy.sexy/commit/1cc12195a3e9a11c590d3ed64d80299b50f74838)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.6.0...0.6.1)
+
+## 0.6.0 (2020-07-26)
+
+* fixed dead links in documentation | [commit](https://github.com/undergroundwires/privacy.sexy/commit/25ce236a7737decaf2eb9b8c29a4c4f34d43f770)
+* runs tests on each push on the repository | [commit](https://github.com/undergroundwires/privacy.sexy/commit/73c426844a0330718a9ab7de12b61ca05e853323)
+* code area now shows "how" before "why" | [commit](https://github.com/undergroundwires/privacy.sexy/commit/4ff4b52202b1c5dbfe2b80580bbe7d93132ab05c)
+* support for desktop versions #20 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/04b9b59e14766ccd251474ad3710baf1f682fd49)
+* reworked on footer & removed github icon | [commit](https://github.com/undergroundwires/privacy.sexy/commit/60a5a2aa4026d384bef9e6a203f1b7514a269c33)
+* updated dependencies to latest | [commit](https://github.com/undergroundwires/privacy.sexy/commit/45816a2bccb3d11a50e3f2bc19c0a6cc2587deaa)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.5.0...0.6.0)
+
+## 0.5.0 (2020-07-19)
+
+* added ability to revert (#21) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/9c063d59defa6297c64f50b49403e8bd10620de9)
+* search placeholder shows total scripts | [commit](https://github.com/undergroundwires/privacy.sexy/commit/1d5225de07186f853f4cf7aedd4998f5d00c107a)
+* do not collapse card when on "Search" and "Select" | [commit](https://github.com/undergroundwires/privacy.sexy/commit/dd7e1416b4df54bf71b719d4654db88769dc0994)
+* opening a card scrolls to its content div | [commit](https://github.com/undergroundwires/privacy.sexy/commit/31d2067f076c3159483baec49975617dddbd158d)
+* all cards in same line now have same height | [commit](https://github.com/undergroundwires/privacy.sexy/commit/a9f9e9044385d9aed3b5551fc6c6823e813fd1e5)
+* patched loadash vulnerability (#18) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/92a7118d1c5013312772e075b9ee5a79c93710b8)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.10...0.5.0)
+
+## 0.4.10 (2020-07-15)
+
+* fixed script errors & added tests | [commit](https://github.com/undergroundwires/privacy.sexy/commit/9e722ddfb3825fb29d6298025baaaa033120d017)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.9...0.4.10)
+
+## 0.4.9 (2020-07-14)
+
+* disable office telemetry Disassembler0/Win10-Initial-Setup-Script#288 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/53cf595e1726ee3de79137fd566978fd512d218f)
+* updated to may 2020 update | [commit](https://github.com/undergroundwires/privacy.sexy/commit/909c44d72a4a602ee8f27d06b6ec706c1e432ce1)
+* simplified docker builds | [commit](https://github.com/undergroundwires/privacy.sexy/commit/f27a2871d74e5117fc029be82caef12246e10879)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.8...0.4.9)
+
+## 0.4.8 (2020-07-11)
+
+* added more scripts #16 (#17) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/d8552c62ffea13ce62abce836c7dd4980eef6bb9)
+* stopping services before disabling #16 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/628c16eb952495f5b3f6d794161b355f4b08b819)
+* can disable features, capabilities & remove onedrive #16 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/30efbcc621eb83dd5a9c1e66b8f1f5350eb95006)
+* updated one more typo (#19) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/d7a1325c0b7665ce712dc411965d00fc1d6fa384)
+* more tweaks #16 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/2c4eb78c3f156cb0d033977cffbe7464697680f5)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.7...0.4.8)
+
+## 0.4.7 (2020-06-30)
+
+* removed HKU tweak as all HKU's are changed #10 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/c937af8ee7da9aa95131e56abf7bf24800390fe6)
+* Fixed types + script in "Clear Windows log files" (#15) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/461a4f122b342369db5cc08c5e30961c64e68cdd)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.6...0.4.7)
+
+## 0.4.6 (2020-06-16)
+
+* Fixed Some More Issues (#12) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/52d5713a99422cdf900aba819e49e998abac33cc)
+* removed failing continuous deployment #14 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/583c5660d6ac934b845a044e013357aa91f61c15)
+* Updated Some Tweaks (#11) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/0fc18459cde57684f00764815062f838f932aed5)
+* Updated Some More Tweaks (#13) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/019b838925e963b7ec052ac76c6faf5650b9eb67)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.5...0.4.6)
+
+## 0.4.5 (2020-06-13)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.4...0.4.5)
+
+## 0.4.4 (2020-05-24)
+
+* fixed close card button not being visible & cleanup | [commit](https://github.com/undergroundwires/privacy.sexy/commit/0d2efe5b05aa965458b78b8fa43754ce2f4fe11b)
+* new footer with privacy policy | [commit](https://github.com/undergroundwires/privacy.sexy/commit/e2ab124fb799f56ada3570fdc911361cb803e889)
+* one command to lint everything "npm run lint" | [commit](https://github.com/undergroundwires/privacy.sexy/commit/bb98d20637cbf1d524ebb2973e308773006e3153)
+* fix "group by" overflows on smaller screens | [commit](https://github.com/undergroundwires/privacy.sexy/commit/c668a97950a1cb7c8bf2a7fd8a72d1101e65e8ce)
+* clicking outside of a card closes it | [commit](https://github.com/undergroundwires/privacy.sexy/commit/aab8f21a8d8dbed54798af581e6e1ad9e86a4be1)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.3...0.4.4)
+
+## 0.4.3 (2020-05-23)
+
+* removed redundant documentation | [commit](https://github.com/undergroundwires/privacy.sexy/commit/749a140eb8dba09cb67fec2f8dec937e66e3cff5)
+* fixed broke link | [commit](https://github.com/undergroundwires/privacy.sexy/commit/97b7e03233d9718a8df30cb01ce06ca9489a0295)
+* simplified heading | [commit](https://github.com/undergroundwires/privacy.sexy/commit/226074c5342f7463c06fcff1457d352ca30295a3)
+* reading version from package.json instead of version file #5 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/691f989682179016ddcbf55a05cded29155288c9)
+* automatically increases patch number #5 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/3e3bc07576f7c7e74e3e11fc7d197cbb9a9fb8c0)
+* using deployment operations from aws-static-site-with-cd | [commit](https://github.com/undergroundwires/privacy.sexy/commit/997be7113f676888892ffa35566d9ebb58a3e9ea)
+* automated using bump-everywhere + more quality checks (#8) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/4a91e8ccd8a707bc6bea34ee28cff7fa4f66ee2f)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.2...0.4.3)
+
+## 0.4.2 (2020-02-29)
+
+* added missing semicolon for masking | [commit](https://github.com/undergroundwires/privacy.sexy/commit/e63ac4ae67da68243a525af149ff30e5d485b641)
+* set font on input | [commit](https://github.com/undergroundwires/privacy.sexy/commit/0c39a06be5e4b0a2031ad5e9f5220dd669afee53)
+* shortened all HKEY paths | [commit](https://github.com/undergroundwires/privacy.sexy/commit/802b36bdd8dcc1f0a2853fe7da2ea2fccd69a88c)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.1...0.4.2)
+
+## 0.4.1 (2020-01-11)
+
+* fixed search bug | [commit](https://github.com/undergroundwires/privacy.sexy/commit/31364bdfec503af09ffbb58044a17dfb833fc8d9)
+* hide grouping while searching | [commit](https://github.com/undergroundwires/privacy.sexy/commit/92f1a36bcb1e1fe7c90efe8ccd3ede55991e9d9c)
+* 👀🔍  showing search queries | [commit](https://github.com/undergroundwires/privacy.sexy/commit/97a7747933d2b515cc03ab8243e6a8ae702ef16a)
+* more efficient queries with single lowercase | [commit](https://github.com/undergroundwires/privacy.sexy/commit/19813b691746d98670823025c460480400e34b6e)
+* using right 🔍 input type | [commit](https://github.com/undergroundwires/privacy.sexy/commit/0ce354ea0956391ad3f37b252daac1127bfc601a)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.4.0...0.4.1)
+
+## 0.4.0 (2020-01-11)
+
+* 🔍 support for search | [commit](https://github.com/undergroundwires/privacy.sexy/commit/89862b2775703257b9dc2e19fbebde2c0d0fbda0)
+* more scripts & better organized | [commit](https://github.com/undergroundwires/privacy.sexy/commit/95baf3175b0d2c7df516f7893a96346b94ac8eca)
+* refactorings | [commit](https://github.com/undergroundwires/privacy.sexy/commit/e3f82e069e305f6d94eab335470c8e7b44295dd6)
+* more margin for the scripts | [commit](https://github.com/undergroundwires/privacy.sexy/commit/5ea46ecbf52236953d19f09a8eade08b83e6cd34)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.3.0...0.4.0)
+
+## 0.3.0 (2020-01-09)
+
+* added description & more descriptive title | [commit](https://github.com/undergroundwires/privacy.sexy/commit/99576340b648550149871e2c0fe0b0d8c2dd0d7c)
+* allow robots | [commit](https://github.com/undergroundwires/privacy.sexy/commit/eee0e785ec2c5e6bed53d21b4126a57773e35dba)
+* removed unused references | [commit](https://github.com/undergroundwires/privacy.sexy/commit/cfd888f3afc5c260a0a4a73f2843b86b9f1df2cd)
+* 🚫 disable NVIDIA telemetry | [commit](https://github.com/undergroundwires/privacy.sexy/commit/ab28f4ed8538d51e1777c86302a63a0cd9c3cb2a)
+* backwards compatibility for fonts | [commit](https://github.com/undergroundwires/privacy.sexy/commit/4bc13e11926a6df77079646499e799742153b4ab)
+* added back meta needed for responsiveness | [commit](https://github.com/undergroundwires/privacy.sexy/commit/ed872ef3d9f6c92afc0ce0d06998c60463a8b4e8)
+* fancy-font is renamed to main and now used | [commit](https://github.com/undergroundwires/privacy.sexy/commit/6825001c61426194dc363b96b57a321241f3ba57)
+* added support for grouping | [commit](https://github.com/undergroundwires/privacy.sexy/commit/ec6b3c54072a77bb4305da1c234db6c649218b88)
+* less hyphens as it looks better on mobile | [commit](https://github.com/undergroundwires/privacy.sexy/commit/e0b080af69157f46ba12e2c25e794f5384671b51)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.2.0...0.3.0)
+
+## 0.2.0 (2020-01-06)
+
+* added GitHub Actions badge for build & deploy | [commit](https://github.com/undergroundwires/privacy.sexy/commit/a229aca68a92bbcd8e8176ac1dd25ce03509e074)
+* more badges 📛🏆📜 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/090e8319091044e53484ba8338510f6fb7c3cb80)
+* typo fixes + whitespace refactorings | [commit](https://github.com/undergroundwires/privacy.sexy/commit/e99f210c9dcf61a21e445e2a331384b6066f2c98)
+* switched content information to "why" section | [commit](https://github.com/undergroundwires/privacy.sexy/commit/beb3c8339f83a224ca66ad8a911a9265ffe7c9c0)
+* fixed contribution URL | [commit](https://github.com/undergroundwires/privacy.sexy/commit/7b4277d7706ccf6ba7e4b7b01aa46f8e3852cfc6)
+* fixed wrong relation + lighter style | [commit](https://github.com/undergroundwires/privacy.sexy/commit/8d05b03c9f3c9fc015be6615da8c283809712065)
+* better URL validation | [commit](https://github.com/undergroundwires/privacy.sexy/commit/aff463dd64fecff92a786fcba88621dff6b1cf73)
+* refactoring to new function | [commit](https://github.com/undergroundwires/privacy.sexy/commit/c646c102730481c3f4648eb714dc0a84ce35b13c)
+* optimized find queries & refactorings | [commit](https://github.com/undergroundwires/privacy.sexy/commit/d38f6cd6a8b33e11df854c7abea05974dc04d4ce)
+* 🎨  styled no JS error | [commit](https://github.com/undergroundwires/privacy.sexy/commit/c359f1d89c6874b3cc94154b993e33f58bd32268)
+* simplified finding duplicates | [commit](https://github.com/undergroundwires/privacy.sexy/commit/57037aaefcc0e80f0f4719cea89568490a731028)
+* fixed maintainability badge URL | [commit](https://github.com/undergroundwires/privacy.sexy/commit/aaea47e7d15fe41dea26968db0107a0c53d108f3)
+* fixed wrong line dumps | [commit](https://github.com/undergroundwires/privacy.sexy/commit/5ccc7c59528885ae7729197df3dfa00f924a2b3f)
+* refactorings in parsing | [commit](https://github.com/undergroundwires/privacy.sexy/commit/2aa3742e30646bf1d1f3779419d161c3fb6c4808)
+* using free function | [commit](https://github.com/undergroundwires/privacy.sexy/commit/20020af7c1d8de13948d8761fd4e7f0affb2badb)
+* default selection is now none | [commit](https://github.com/undergroundwires/privacy.sexy/commit/3140cc663b86394d543de90228aa53e6a304d8d9)
+* added hyphen lines for longer names | [commit](https://github.com/undergroundwires/privacy.sexy/commit/cced601d686d550f4225018e5311b7433efbb5ae)
+* more descriptive subtitle | [commit](https://github.com/undergroundwires/privacy.sexy/commit/2cf9214b14d9720f747a71b3864ba7a28acf0ff4)
+* added footer with version | [commit](https://github.com/undergroundwires/privacy.sexy/commit/10a34fae2f1a219ec52db0c74edb39b46ebd8abc)
+* using font variables | [commit](https://github.com/undergroundwires/privacy.sexy/commit/60e6348dc8d53f1e81ebdb2ec0e1962aac1e9842)
+* code-gen refactorings | [commit](https://github.com/undergroundwires/privacy.sexy/commit/246e753ddc9dc8bf630e538663584bf3423cc749)
+* added text when nothing is chosen | [commit](https://github.com/undergroundwires/privacy.sexy/commit/a7da75d4428090423b692ce45423f5bd300d8442)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.1.0...0.2.0)
+
+## 0.1.0 (2019-12-31)
+
+Initial release | [commits](https://github.com/undergroundwires/privacy.sexy/commit/4e7f244190c6ffbf7b20443e3e69cf2402c4268a)

CONTRIBUTING.md

@@ -0,0 +1,45 @@
+# Contributing
+
+- Love your input! Contributing to this project should be as easy and transparent as possible, whether it's:
+  - Reporting a bug
+  - Discussing the current state of the code
+  - Submitting a fix
+  - Proposing new features
+  - Becoming a maintainer
+
+## Pull Request Process
+
+- [GitHub flow](https://guides.github.com/introduction/flow/index.html) is used
+- Your pull requests are actively welcomed.
+- The steps:
+  1. Fork the repo and create your branch from master.
+  2. If you've added code that should be tested, add tests.
+  3. If you've changed APIs, update the documentation.
+  4. Ensure the test suite passes.
+  5. Make sure your code lints.
+  6. Issue that pull request!
+- 🙏 DO
+  - Document your changes in the pull request
+- ❗ DON'T
+  - Do not update the versions, current version is only [set by the maintainer](./img/architecture/gitops.png) and updated automatically by [bump-everywhere](https://github.com/undergroundwires/bump-everywhere)
+
+## Guidelines
+
+### Extend scripts
+
+- Create a [pull request](#Pull-Request-Process) for [application.yaml](./src/application/application.yaml)
+- 🙏 For any new script, try to add `revertCode` that'll revert the changes caused by the script.
+- See [typings](./src/application/application.yaml.d.ts) for documentation as code.
+
+### Handle the state in presentation layer
+
+- There are two types of components:
+  - **Stateless**, extends `Vue`
+  - **Stateful**, extends [`StatefulVue`](./src/presentation/StatefulVue.ts)
+    - The source of truth for the state lies in application layer (`./src/application/`) and must be updated from the views if they're mutating the state
+    - They mutate or/and reacts to changes in [application state](src/application/State/ApplicationState.ts).
+    - You can react by getting the state and listening to it and update the view accordingly in [`mounted()`](https://vuejs.org/v2/api/#mounted) method.
+
+## License
+
+By contributing, you agree that your contributions will be licensed under its GNU General Public License v3.0.

Dockerfile

@@ -1,20 +1,12 @@
-# +-+-+-+-+-+ +-+-+-+-+-+
-# |B|u|i|l|d| |S|t|a|g|e|
-# +-+-+-+-+-+ +-+-+-+-+-+
+# Build
 FROM node:lts-alpine as build-stage
 WORKDIR /app
 COPY package*.json ./
 RUN npm install
 COPY . .
 RUN npm run build
-# For testing purposes, it's easy to run http-server on lts-alpine such as continuing from here:
-#       RUN npm install -g http-server
-#       EXPOSE 8080
-#       CMD [ "http-server", "dist" ]
 
-# +-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+
-# |P|r|o|d|u|c|t|i|o|n| |S|t|a|g|e|
-# +-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+
+# Production stage
 FROM nginx:stable-alpine as production-stage
 COPY --from=build-stage /app/dist /usr/share/nginx/html
 EXPOSE 80

README.md

@@ -1,126 +1,88 @@
 # privacy.sexy
 
-![Build & deploy status](https://github.com/undergroundwires/privacy.sexy/workflows/Build%20&%20deploy/badge.svg)
-![Vulnerabilities](https://snyk.io/test/github/undergroundwires/privacy.sexy/badge.svg)
-[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/undergroundwires/privacy.sexy/issues)
+> Enforce privacy & security best-practices on Windows, because privacy is sexy 🍑🍆
+
+[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](./CONTRIBUTING.md)
 [![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/undergroundwires/privacy.sexy.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/undergroundwires/privacy.sexy/context:javascript)
 [![Maintainability](https://api.codeclimate.com/v1/badges/3a70b7ef602e2264342c/maintainability)](https://codeclimate.com/github/undergroundwires/privacy.sexy/maintainability)
+[![Tests status](https://github.com/undergroundwires/privacy.sexy/workflows/Test/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Quality checks status](https://github.com/undergroundwires/privacy.sexy/workflows/Quality%20checks/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Security checks status](https://github.com/undergroundwires/privacy.sexy/workflows/Security%20checks/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Bump & release status](https://github.com/undergroundwires/privacy.sexy/workflows/Bump%20&%20release/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Deploy status](https://github.com/undergroundwires/privacy.sexy/workflows/Build%20&%20deploy/badge.svg)](https://github.com/undergroundwires/privacy.sexy/actions)
+[![Auto-versioned by bump-everywhere](https://github.com/undergroundwires/bump-everywhere/blob/master/badge.svg?raw=true)](https://github.com/undergroundwires/bump-everywhere)
 
-Web tool to generate scripts for enforcing privacy & security best-practices such as stopping data collection of Windows and different softwares on it.
-> because privacy is sexy 🍑🍆
+## Get started
 
-[https://privacy.sexy](https://privacy.sexy)
+- Online version: [https://privacy.sexy](https://privacy.sexy)
+  - or download latest desktop version for [Windows](https://github.com/undergroundwires/privacy.sexy/releases/download/0.7.4/privacy.sexy-Setup-0.7.4.exe), [Linux](https://github.com/undergroundwires/privacy.sexy/releases/download/0.7.4/privacy.sexy-0.7.4.AppImage), [macOS](https://github.com/undergroundwires/privacy.sexy/releases/download/0.7.4/privacy.sexy-0.7.4.dmg)
+- 💡 Come back regularly to apply latest version for stronger privacy and security.
 
-## Why privacy.sexy
+[![privacy.sexy application](img/screenshot.png)](https://privacy.sexy)
 
-- You don't need to run any compiled software on your system, just run the generated scripts.
-- It's open source, both application & infrastructure is 100% transparent
-  - Fully automated C/CD pipeline to AWS for provisioning serverless infrastructure using GitHub actions.
+## Why
+
+- You don't need to run any compiled software that has access to your system, just run the generated scripts.
 - Have full visibility into what the tweaks do as you enable them.
+- Ability to revert applied scripts
 - Easily extendable
+- Everything is open-sourced including both application and infrastructure
+  - Fully automated CI/CD pipeline using GitHub actions
+    - to AWS for provisioning serverless infrastructure
+    - for building and sharing the desktop applications
 
 ## Extend scripts
 
-Fork it & add more scripts in `src/application/application.yml` and send a pull request 👌
+- Fork it & add more scripts in [application.yaml](src/application/application.yaml) and send a pull request 👌
+- 📖 More: [extend scripts | CONTRIBUTING.md](./CONTRIBUTING.md#extend-scripts)
 
 ## Commands
 
-- Setup and run
-  - For development:
-    - `npm install` to project setup.
-    - `npm run serve` to compile & hot-reload for development.
-  - Production (using Docker):
-    - Build `docker build -t undergroundwires/privacy.sexy .`
-    - Run `docker run -it -p 8080:8080 --rm --name privacy.sexy-1 undergroundwires/privacy.sexy`
-- Prepare for production: `npm run build`
-- Run tests: `npm run test:unit`
-- Lint and fix files: `npm run lint`
+- Project setup: `npm install`
+- Testing
+  - Run unit tests: `npm run test:unit`
+  - Lint: `npm run lint`
+- **Desktop app**
+  - Development: `npm run electron:serve`
+  - Production: `npm run electron:build` to build an executable
+- **Webpage**
+  - Development: `npm run serve` to compile & hot-reload for development.
+  - Production: `npm run build` to prepare files for distribution.
+  - Or run using Docker:
+    1. Build: `docker build -t undergroundwires/privacy.sexy:0.7.4 .`
+    2. Run: `docker run -it -p 8080:80 --rm --name privacy.sexy-0.7.4 undergroundwires/privacy.sexy:0.7.4`
 
 ## Architecture
 
 ### Application
 
-- Powered by **TypeScript** + **Vue.js** 💪
+- Powered by **TypeScript**, **Vue.js** and **Electron** 💪
   - and driven by **Domain-driven design**, **Event-driven architecture**, **Data-driven programming** concepts.
 - Application uses highly decoupled models & services in different DDD layers.
   - **Domain layer** is where the application is modelled with validation logic.
   - **Presentation Layer**
-    - Consists of Vue.js components & UI stuff.
+    - Consists of Vue.js components and other UI-related code.
+    - Desktop application is created using [Electron](https://www.electronjs.org/).
     - Event driven as in components simply listens to events from the state and act accordingly.
   - **Application Layer**
     - Keeps the application state
       - The [state](src/application/State/ApplicationState.ts) is a mutable singleton & event producer.
-    - The application is defined & controlled in a [single YAML file](`\application\application.yaml`) (see [Data-driven programming](https://en.wikipedia.org/wiki/Data-driven_programming))
+    - The application is defined & controlled in a [single YAML file](src/application/application.yaml) (see [Data-driven programming](https://en.wikipedia.org/wiki/Data-driven_programming))
 
-![DDD + vue.js](docs/app-ddd.png)
+![DDD + vue.js](img/architecture/app-ddd.png)
 
 ### AWS Infrastructure
 
-- The application runs in AWS 100% serverless and automatically provisioned using [CloudFormation files](/aws) and GitHub Actions.
-- Maximum security & automation and minimum AWS costs were the highest priorities of the design.
+[![AWS solution](img/architecture/aws-solution.png)](https://github.com/undergroundwires/aws-static-site-with-cd)
 
-![AWS solution](docs/aws-solution.png)
+- It uses infrastructure from the following repository: [aws-static-site-with-cd](https://github.com/undergroundwires/aws-static-site-with-cd)
+  - Runs on AWS 100% serverless and automatically provisioned using [GitHub Actions](.github/workflows/).
+  - Maximum security & automation and minimum AWS costs are the highest priorities of the design.
 
 #### GitOps: CI/CD to AWS
 
+- CI/CD is fully automated for this repo using different GIT events & GitHub actions.
+  - Versioning, tagging, creation of `CHANGELOG.md` and releasing is automated using [bump-everywhere](https://github.com/undergroundwires/bump-everywhere) action
 - Everything that's merged in the master goes directly to production.
-  - Deploy infrastructure ► Deploy web application ► Invalidate CloudFront Cache
-- See more at [build-and-deploy.yaml](.GitHub/workflows/build-and-deploy.yaml)
 
-![CI/CD to AWS with GitHub Actions](docs/ci-cd.png)
-
-##### CloudFormation
-
-![CloudFormation design](docs/aws-cloudformation.png)
-
-- AWS infrastructure is defined as code with following files:
-  - `iam-stack`: Creates & updates the deployment user.
-    - Everything in IAM layer is fine-grained using least privileges principle.
-    - Each deployment step has its own temporary credentials with own permissions.
-  - `certificate-stack.yaml`
-    - It'll generate SSL certification for the root domain and www subdomain.
-    - ❗ It [must](https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-invalid-viewer-certificate/) be deployed in `us-east-1` to be able to be used by CloudFront by `web-stack`.
-    - It uses CustomResource and a lambda instead of native `AWS::CertificateManager::Certificate` because:
-      - Problem:
-        - AWS variant waits until a certificate is validated.
-        - There's no way to automate validation without workaround.
-      - Solution:
-        - Deploy a lambda that deploys the certificate (so we don't wait until certificate is validated)
-        - Get DNS records to be used in validation & export it to be used later.
-  - `web-stack.yaml`: It'll deploy S3 bucket and CloudFront in front of it.
-  - `dns-stack.yaml`: It'll deploy Route53 hosted zone
-    - Each time Route53 hosted zone is re-created it's required to update the DNS records in the domain registrar. See *Configure your domain registrar*.
-- I use cross stacks instead of single stack or nested stacks because:
-  - Easier to test & maintain & smaller files and different lifecycles for different areas.
-  - It allows to deploy web bucket in different region than others as other stacks are global (`us-east-1`) resources.
-
-##### Initial deployment
-
-- ❗ Prerequisite: A registered domain name for website.
-
-1. **Configure build agent (GitHub actions)**
-   - Deploy manually `iam-stack.yaml` with stack name `privacysexy-iam-stack` (to follow the convention)
-     - It'll give you deploy user. Go to console &  generate secret id + key (Security credentials => Create access key) for the user [IAM users](https://console.aws.amazon.com/iam/home#/users).
-       - 🚶 Deploy secrets:
-         - Add secret id & key in GitHub Secrets.
-           - `AWS_DEPLOYMENT_USER_ACCESS_KEY_ID`, `AWS_DEPLOYMENT_USER_SECRET_ACCESS_KEY`
-         - Add more secrets given from Outputs section of the CloudFormation stack.
-     - Run GitHub actions to deploy rest of the application.
-       - It'll run `certificate-stack.yaml` and then `iam-stack.yaml`.
-
-2. **Configure your domain registrar**
-   - ❗ **Web stack will fail** after DNS stack because you need to validate your domain.
-   - 🚶 Go to your domain registrar and change name servers to NS values
-     - `dns-stack.yaml` outputs those in CloudFormation stack.
-     - You can alternatively find those in [Route53](https://console.aws.amazon.com/route53/home#hosted-zones)
-   - When nameservers of your domain updated, the certification will get validated automatically, you can then delete the failed stack in CloudFormation & re-run the GitHub actions.
-
-## Thank you for the awesome projects 🍺
-
-- [Vue.js](https://vuejs.org/) the only big JavaScript framework that's not backed by companies that make money off your data.
-- [liquor-tree](https://GitHub.com/amsik/liquor-tree) for the awesome & super extensible tree component.
-- [Ace](https://ace.c9.io/) for code box.
-- [FileSaver.js](https://GitHub.com/eligrey/FileSaver.js) for save file dialog.
-- [chai](https://GitHub.com/chaijs/chai) & [mocha](https://GitHub.com/mochajs/mocha) for making testing fun.
-- [js-yaml-loader](https://GitHub.com/wwilsman/js-yaml-loader) for ahead of time loading `application.yml`
-- [v-tooltip](https://GitHub.com/Akryum/v-tooltip) takes seconds to have a tooltip, exactly what I needed.
+[![CI/CD to AWS with GitHub Actions](img/architecture/gitops.png)](.github/workflows/)

aws.drawio

@@ -1 +0,0 @@
-<mxfile host="www.draw.io" modified="2019-12-27T14:40:11.720Z" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36" etag="6t_Q0ZRAKXZ_lLm1WdcF" version="12.4.3" type="device" pages="1"><diagram id="pFg2tUHn5hOZkmQyf_J4" name="Page-1">7Vvtd6I4F/9r+lEOEMLLR23rzJzdme3qPLMvXzwUomaLxA2x1f3rnwSIEoIWFdqd3bXnKLmEJNz7u69Jb8DtavuBhuvlZxKj5MY24+0NuLux7SAA/FsQdgXBD8yCsKA4LkjWgTDFf6GSKLttcIwypSMjJGF4rRIjkqYoYgotpJS8qN3mJFFnXYcLpBGmUZjo1F9wzJblW0DzQP+I8GIpZ7bM8s4qlJ1LQrYMY/JSIYH7G3BLCWHF1Wp7ixLBO8mX4rnxkbv7hVGUsjYPfB19Hf0+Wf6+DcbR9Mtksvm2hANYjPIcJpvyhe/IKsQpp03QAmeMhrRcPttJnqwJThmi9898ZsFe6waM9m9n8kYcZksUl40lWyWyE6PkCd2ShFBOSUnKBxzNcZJI0o0NoCn+OD0JH1HyQDLMMEn5vQiJSfmNZ0QZ5hL6sdbhkTBGVpUOwwQvxA1G1pxKNizBKZ9dAkVMEpZd9oPz91iL11xtFwLPBpnPcYSMDNFn/psZVHJlVpL4M7okSuGIhaBthVRK5gMiK8Tojncp79qeXzxSqgmQ+H85gA66BWlZwRu0S6iXMF/sRz4ggV+UYDgDGJatIUPDASWbNN7L+WWJGZquQ8GSuxfOPFX2e0xYNZmXMFCxwYEQe8GjaXbDXslNyd1A564r9bTKXuCYffEXvM5fiUW8yo1UlZvNEH9VM3KdGoXR0yKXXYXb8/zDu+STDbN1RUdkY463QoKjcj13S8aEFR4KTtjjKE5tA3M7PMccFdSI+Iz2OA5ZyH8EPeO/4Sr8i6SD8CUbZAylEU4ENTea4y/8xrRQqtmUT4m55s0ist7NZsNfprPbhGxijkvfWKeLDjAxMA1gBpWP76kgcW0dJIGOEUm7BiJ/bp/idPL8FMApjNFk+8N6+/NA18CcBWNK+DvXsdJo3ea8Z0XG/G8s5h9x0xZjpNwLHHg3tiv37jDlAxX4SQkVHNBM9RCYI9iku3s0KZ7gQsOt2eiKHog3LIMGy5btkiuN2K3bd45Ehxv1jGxohD5FYj0j3iyu1F6R4P485343RslXrZJrAg1w0i1UASdpnQNON0lTTjJHm+gJdY841xwC4J2HONvzLMv91yAuA90gDToq0mDgGa7zvmDTI0+JM/OBJDjadQu45mDzCJ7Kzn87KB0JvHV4rQsOdgIexwlU8EDdTEHfkAMr0WkH0VMjeFwNPBOODsRJcnH/uca3NFRUcH8GOzJXAKjmyrGC97VVnh6JCXHw+DTMQfc5THlErCfKjcjrW+4NYgRGdFjvbFWsdmbrsPVgcHvKfHZhTmquCDiNrggYsCHUBj0J2NcEfJ/OCYc9z07cRMR7j1y67kJcffz69WGqiRrFCyS1S5gEsiBpmNwfqCM1Wz70+ZEIkeai+wMxtit1NtwwogqW85zufq02fhODGVA277bl4EVrV209IIo5rwRY7k4m1YW6n+BVmZawkC4Qe11pBGNO4oKiJGT4Wa23NUm4fPRBOMFKFO2qlRPoBgb0LMf2i29PHbB4vXKMarWsNqzt2IbFAed5rmfbZmB558xSMEebJcfm/tUvh6ulB08TFOdeKXsPZBZOTtZH7avg5baEl/028OKiNZQigQoDD14GL+Aq8PIDeHrcngEli0//smpUil4GOxTSgYhyko1YnyALfzSukAZm0GHdybUMT5U2MC3dATZUI72+wmlbz/xVbq4pfg6jnZGhrZ6XfWcGRkK7amFO7Y30bWGAr+ZXPN9SXIt7oQfbF7nLce2gBp++bYqjgSqf63vyUKdw8aqHclvip5SXaXCnUD5zLaQsqxdI2Y5v+JWBaoUB4LYC2JDScFfptt6j4piC1HZvHLuG12LE2tNyeDKfZ6gfhOtpA0/1GE43ZMPfx4zROiG6vbw+Edhi9qsM7vl1JQ3grUMWIBoyCejUgrbVAHCuBlhWYCuyHgTXKcQbgECPxT9gttw8fv8BlPlqAEUiJi8tUxj88SqkT4NFzoAuYya3VhFym6sGPQVNz2vPu/92v8tcb/fTty+TzAzmA0uT+08UL/KjE8MoQpmwAJ9i/s6YvUkt+9azgDX+59WyKUkOpScNMg3AOn7IwndUhwVB220Qx+kJRXri9TG8JEK6JCaqHtnh6o0jxVdUoGXmH9FrQ5/3hzgajXtnNaXjOnfCf0DLUVMrv5N4qn46B/r2ZQEUcLiP24dh/FsZ1gXtykjnBlB8veryPbdNACXPSfhNHO3UsTbKWk8fhkkizvMJcYbxu6QRHUK+IYa6APID0zDBlTGS3CSGgeF7PAfJt0UDUxW7C4Im5J6rAC6oQd6EhgUq9bVeFMDR9NdvowD9Y1zfx3wz69+XKQc6ro/j/xSubUv11t2kxrC2twi9GuTaIhlaavbrgnbllXOxq53daGe8Zf4kz3H2j2V9k3TyXmb6WLLbV6xyXBF62I/oagcCng5FeisWNns53RL+L0M6eN6ldtIleNq6/cLcdQ4fLZEOLoQPdKChhtqOC7jN5jmV5zqO67mB86YIatjDeAU95xxYF42HkPGENc0pttn2GPujz1l1QNFVCSw0a9Jr2DgKGmogltnBGeVmruvVr32U/kI5f/tU4b3a/la506UKnwTapQ7gEOFAt7YRuPfWV2q5452y7bB+jKa1zgNvf8xvd5jJdDzXCuR3K6V/yxjb1l3Lp+FnTuAOhmro/K8w17owF8Zxfiaw2TZ2Yu4CDW+O/p87jfW6vqq+tqdBphrQlkKtVtM6s3DmSQunVPOOV/C6Co1bm8YTHa+Ibq6SoYxtNYvwgfumtSZfDmDWlF80Ofma6s/9CEVRk4bWFXmF4zhPfpqiEtVltghM3jHWsM/XPHHaZv9vsIXZP/wvMbj/Pw==</diagram></mxfile>

aws/certificate-stack.yaml

@@ -1,211 +0,0 @@
-AWSTemplateFormatVersion: '2010-09-09'
-Description: Creates certificate for the root + www subdomain. !! It must be deployed in us-east-1 to be able to be used by CloudFront.
-
-Parameters:
-  
-  RootDomainName:
-    Type: String
-    Default: privacy.sexy
-    Description: The root DNS name of the website e.g. privacy.sexy
-    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
-    ConstraintDescription: Must be a valid root domain name
-  
-  IamStackName:
-    Type: String
-    Default: privacysexy-iam-stack
-    Description: Name of the IAM stack.
-  
-Resources:
-
-  # The lambda workaround exists to be able to automate certificate deployment.
-  # Problem:
-  #   Normally AWS AWS::CertificateManager::Certificate waits until a certificate is validated
-  #   And there's no way to get validation DNS records from it to validate it.
-  # Solution:
-  #   Deploy a lambda that deploys the certificate (so we don't wait until certificate is validated)
-  #   Get DNS records to be used in validation & export it to be used later.
-  
-  AcmCertificateForHostedZone:
-    Type: Custom::VerifiableCertificate #A Can use AWS::CloudFormation::CustomResource or Custom::String
-    Properties:
-      ServiceToken: !GetAtt ResolveCertificateLambda.Arn
-      # Lambda gets the following data:
-      RootDomainName: !Ref RootDomainName # Lambda will create both for root and www.root
-      Tags:
-        -
-          Key: Name
-          Value: !Ref RootDomainName
-        -
-          Key: Application
-          Value: privacy.sexy
-
-  ResolveCertificateLambda:
-    Type: AWS::Lambda::Function
-    Properties:
-      Description: Deploys certificate for root domain name + www and returns immediately arn + verification records.
-      Role:
-        Fn::ImportValue: !Join [':', [!Ref IamStackName, ResolveCertificateLambdaRoleArn]]
-      FunctionName: !Sub ${AWS::StackName}-cert-resolver-lambda # StackName- required for role to function
-      Handler: index.handler
-      Runtime: nodejs12.x
-      Timeout: 30
-      Tags: 
-        -
-          Key: Application
-          Value: privacy.sexy
-      Code:
-        # Inline script is not the best way. Some variables are named shortly to not exceed the limit 4096 but it's the cheapest way (no s3 file)
-        ZipFile: >
-          'use strict';
-          const aws = require('aws-sdk');
-          const acm = new aws.ACM();
-          const log = (t) => console.log(t);
-
-          exports.handler = async (event, context) => {
-            log(`Request recieved:\n${JSON.stringify(event)}`);
-            const userData = event.ResourceProperties;
-            const rootDomain = userData.RootDomainName;
-            let data = null;
-            try {
-              switch(event.RequestType) {
-                case 'Create':
-                  data = await handleCreateAsync(rootDomain, userData.Tags);
-                  break;
-                case 'Update':
-                  data = await handleUpdateAsync();
-                  break;
-                case 'Delete':
-                  data = await handleDeleteAsync(rootDomain);
-                  break;
-              }
-              await sendResponseAsync(event, context, 'SUCCESS', data);
-            } catch(error) {
-              await sendResponseAsync(event, context, 'ERROR', {
-                title: `Failed to ${event.RequestType}, see error`,
-                error: error
-              });
-            }
-          }
-
-          async function handleCreateAsync(rootDomain, tags) {
-            const { CertificateArn } = await acm.requestCertificate({
-              DomainName: rootDomain,
-              SubjectAlternativeNames: [`www.${rootDomain}`],
-              Tags: tags,
-              ValidationMethod: 'DNS',
-            }).promise();
-            log(`Cert requested:${CertificateArn}`);
-            const waitAsync = (ms) => new Promise(resolve => setTimeout(resolve, ms));
-            const maxAttempts = 10;
-            let options = undefined;
-            for (let attempt = 0; attempt < maxAttempts && !options; attempt++) {
-              await waitAsync(2000);
-              const { Certificate } = await acm.describeCertificate({ CertificateArn }).promise();
-              if(Certificate.DomainValidationOptions.filter((o) => o.ResourceRecord).length === 2) {
-                options = Certificate.DomainValidationOptions;
-              }
-            }
-            if(!options) {
-              throw new Error(`No records after ${maxAttempts} attempts.`);
-            }
-            return getResponseData(options, CertificateArn, rootDomain);
-          }
-
-          async function handleDeleteAsync(rootDomain) {
-            const certs = await acm.listCertificates({}).promise();
-            const cert = certs.CertificateSummaryList.find((cert) => cert.DomainName === rootDomain);
-            if (cert) {
-              await acm.deleteCertificate({ CertificateArn: cert.CertificateArn }).promise();
-              log(`Deleted ${cert.CertificateArn}`);
-            } else {
-              log('Cannot find'); // Do not fail, delete can be called when e.g. CF fails before creating cert
-            }
-            return null;
-          }
-
-          async function handleUpdateAsync() {
-            throw new Error(`Not yet implemented update`);
-          }
-
-          function getResponseData(options, arn, rootDomain) {
-            const findRecord = (url) => options.find(option => option.DomainName === url).ResourceRecord;
-            const root = findRecord(rootDomain);
-            const www = findRecord(`www.${rootDomain}`);
-            const data = {
-                CertificateArn: arn,
-                RootVerificationRecordName: root.Name,
-                RootVerificationRecordValue: root.Value,
-                WwwVerificationRecordName: www.Name,
-                WwwVerificationRecordValue: www.Value,
-            };
-            return data;
-          }
-
-          /* cfn-response can't async / await :( */
-          async function sendResponseAsync(event, context, responseStatus, responseData, physicalResourceId) {
-            return new Promise((s, f) => {
-              var b = JSON.stringify({
-                        Status: responseStatus,
-                        Reason: `See the details in CloudWatch Log Stream: ${context.logStreamName}`,
-                        PhysicalResourceId: physicalResourceId || context.logStreamName,
-                        StackId: event.StackId,
-                        RequestId: event.RequestId,
-                        LogicalResourceId: event.LogicalResourceId,
-                        Data: responseData
-              });
-              log(`Response body:\n${b}`);
-              var u = require("url").parse(event.ResponseURL);
-              var r = require("https").request(
-                {
-                  hostname: u.hostname,
-                  port: 443,
-                  path: u.path,
-                  method: "PUT",
-                  headers: {
-                    "content-type": "",
-                    "content-length": b.length
-                  }
-                }, (p) => {
-                  log(`Status code: ${p.statusCode}`);
-                  log(`Status message: ${p.statusMessage}`);
-                  s(context.done());
-                });
-              r.on("error", (e) => {
-                log(`request failed: ${e}`);
-                f(context.done(e));
-              });
-              r.write(b);
-              r.end();
-            });
-          }
-
-Outputs:
-  CertificateArn:
-    Description: The Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate.
-    Value: !GetAtt AcmCertificateForHostedZone.CertificateArn
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', CertificateArn ]]
-
-  RootVerificationRecordName:
-    Description: Name for root domain CNAME verification record
-    Value: !GetAtt AcmCertificateForHostedZone.RootVerificationRecordName
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', RootVerificationRecordName ]]
-
-  RootVerificationRecordValue:
-    Description: Value for root domain name CNAME verification record
-    Value: !GetAtt AcmCertificateForHostedZone.RootVerificationRecordValue
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', RootVerificationRecordValue ]]
-
-  WwwVerificationRecordName:
-    Description: Name for www domain name CNAME verification record
-    Value: !GetAtt AcmCertificateForHostedZone.WwwVerificationRecordName
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', WwwVerificationRecordName ]]
-
-  WwwVerificationRecordValue:
-    Description: Value for www domain name CNAME verification record
-    Value: !GetAtt AcmCertificateForHostedZone.WwwVerificationRecordValue
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', WwwVerificationRecordValue ]]

aws/dns-stack.yaml

@@ -1,61 +0,0 @@
-AWSTemplateFormatVersion: '2010-09-09'
-Description: Creates hosted zone & sets up records for the CloudFront URL.
-
-Parameters:
-
-  RootDomainName:
-    Type: String
-    Default: privacy.sexy
-    Description: The root DNS name of the website e.g. privacy.sexy
-    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
-    ConstraintDescription: Must be a valid root domain name
-  
-  CertificateStackName:
-    Type: String
-    Default: privacysexy-certificate-stack
-    Description: Name of the certificate stack.
-
-Resources:
-
-  DNSHostedZone:
-    Type: AWS::Route53::HostedZone
-    Properties:
-      Name: !Ref RootDomainName
-      HostedZoneConfig:
-        Comment: !Join ['', ['Hosted zone for ', !Ref RootDomainName]]
-      HostedZoneTags:
-        -
-          Key: Application
-          Value: privacy.sexy
-
-  CertificateValidationDNSRecords:
-    Type: AWS::Route53::RecordSetGroup
-    Properties: 
-      HostedZoneId: !Ref DNSHostedZone
-      RecordSets:
-        -
-          Name: 
-            Fn::ImportValue: !Join [':', [!Ref CertificateStackName, RootVerificationRecordName]]
-          Type: 'CNAME'
-          TTL: '60'
-          ResourceRecords:
-            - Fn::ImportValue: !Join [':', [!Ref CertificateStackName, RootVerificationRecordValue]]
-        -
-          Name: 
-            Fn::ImportValue: !Join [':', [!Ref CertificateStackName, WwwVerificationRecordName]]
-          Type: 'CNAME'
-          TTL: '60'
-          ResourceRecords:
-            - Fn::ImportValue: !Join [':', [!Ref CertificateStackName, WwwVerificationRecordValue]]
-
-Outputs:
-  
-  DNSHostedZoneNameServers:
-    Description: Name servers to update in domain registrar.
-    Value: !Join ['           ', !GetAtt DNSHostedZone.NameServers]
- 
-  DNSHostedZoneId:
-    Description: The ID of the hosted zone that you want to create the record in.
-    Value: !Ref DNSHostedZone
-    Export:
-      Name: !Join [':', [ !Ref 'AWS::StackName', DNSHostedZoneId ]]

aws/iam-stack.yaml

@@ -1,496 +0,0 @@
-AWSTemplateFormatVersion: '2010-09-09'
-Description: |-
-  > Deploys the identity management for the deployment
-
-# Granulatiy cheatsheet: https://iam.cloudonaut.io/
-
-Parameters:
-    WebStackName:
-      Type: String
-      Default: privacysexy-web-stack
-      Description: Name of the web stack.
-    DnsStackName:
-      Type: String
-      Default: privacysexy-dns-stack
-      Description: Name of the DNS stack.
-    CertificateStackName:
-      Type: String
-      Default: privacysexy-certificate-stack
-      Description: Name of the IAM stack.
-
-Resources:
-
-  # -----------------------------
-  # ------ User & Group ---------
-  # -----------------------------
-  DeploymentGroup:
-    Type: AWS::IAM::Group
-    Properties: 
-      # GroupName: No hardcoded naming because of easier CloudFormation management
-      ManagedPolicyArns:
-        - !Ref AllowValidateTemplatePolicy
-  
-  DeploymentUser:
-    Type: AWS::IAM::User
-    Properties:
-    #   # UserName: No hardcoded naming because of easier CloudFormation management
-    #   # Policies: Assing policies on group level
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-
-  AddDeploymentUserToDeploymentGroup:
-    Type: AWS::IAM::UserToGroupAddition
-    Properties:
-      GroupName: !Ref DeploymentGroup
-      Users:
-        - !Ref DeploymentUser
-
-  # -----------------------------
-  # ----------- Roles -----------
-  # -----------------------------
-  IamStackDeployRole:
-    Type: AWS::IAM::Role
-    Properties:
-      Description: Allows to deploy IAM stack
-      AssumeRolePolicyDocument:
-        Statement:
-          -
-            Effect: Allow
-            Principal:
-              AWS: !GetAtt DeploymentUser.Arn
-            Action: sts:AssumeRole
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-      ManagedPolicyArns: 
-        - !Ref CloudFormationDeployPolicy
-        - !Ref PolicyDeployPolicy
-        - !Ref IamStackDeployPolicy
-
-  CertificateStackDeployRole:
-    Type: AWS::IAM::Role
-    Properties:
-      Description: Allows to deploy certificate stack
-      AssumeRolePolicyDocument:
-        Statement:
-          -
-            Effect: Allow
-            Principal:
-              AWS: !GetAtt DeploymentUser.Arn
-            Action: sts:AssumeRole
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-      ManagedPolicyArns: 
-        - !Ref CloudFormationDeployPolicy
-        - !Ref LambdaBackedCustomResourceDeployPolicy
-
-  DnsStackDeployRole:
-    Type: AWS::IAM::Role
-    Properties:
-      Description: Allows to deploy DNS stack
-      AssumeRolePolicyDocument:
-        Statement:
-          -
-            Effect: Allow
-            Principal:
-              AWS: !GetAtt DeploymentUser.Arn
-            Action: sts:AssumeRole
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-      ManagedPolicyArns: 
-        - !Ref CloudFormationDeployPolicy
-        - !Ref DnsStackDeployPolicy
-
-  WebStackDeployRole:
-    Type: AWS::IAM::Role
-    Properties:
-      Description: Allows to deploy web stack
-      AssumeRolePolicyDocument:
-        Statement:
-          -
-            Effect: Allow
-            Principal:
-              AWS: !GetAtt DeploymentUser.Arn
-            Action: sts:AssumeRole
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-      ManagedPolicyArns: 
-        - !Ref CloudFormationDeployPolicy
-        - !Ref WebStackDeployPolicy
-
-  S3SiteDeployRole:
-      Type: 'AWS::IAM::Role'
-      Properties:
-        Description: "Allows to deploy website to S3"
-        AssumeRolePolicyDocument:
-          Statement:
-            -
-              Effect: Allow
-              Principal:
-                AWS: !GetAtt DeploymentUser.Arn
-              Action: sts:AssumeRole
-        Tags:
-          -
-            Key: Application
-            Value: privacy.sexy
-        ManagedPolicyArns:
-          - !Ref S3SiteDeployPolicy
-          - !Ref StackExportReaderPolicy
-
-  CloudFrontSiteDeployRole:
-      Type: 'AWS::IAM::Role'
-      Properties:
-        Description: "Allows to informs to CloudFront to renew its cache from S3"
-        AssumeRolePolicyDocument:
-          Statement:
-            -
-              Effect: Allow
-              Principal:
-                AWS: !GetAtt DeploymentUser.Arn
-              Action: sts:AssumeRole
-        Tags:
-          -
-            Key: Application
-            Value: privacy.sexy
-        ManagedPolicyArns:
-          - !Ref CloudFrontInvalidationPolicy
-          - !Ref StackExportReaderPolicy
-
-  ResolveCertificateLambdaRole: # See certificate stack
-    Type: AWS::IAM::Role
-    Properties:
-      Description: Allow deployment of certificates
-      AssumeRolePolicyDocument:
-        Statement:
-          -
-            Effect: Allow
-            Principal:
-              Service: lambda.amazonaws.com
-            Action: sts:AssumeRole
-      ManagedPolicyArns:
-        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-        - !Ref CertificateDeployPolicy
-
-  # --------------------------------
-  # ----------- Policies -----------
-  # --------------------------------
-
-  AllowValidateTemplatePolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: "No read & writes to resources, reveals just basic CloudFormation API to be used for validating templates"
-      # ManagedPolicyName: No hardcoded naming because of easier CloudFormation management
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowCloudFormationTemplateValidation
-            Effect: Allow
-            Action:
-              - cloudformation:ValidateTemplate
-            Resource: '*'
-
-  CloudFormationDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: "Allows deploying CloudFormation using CLI command 'aws cloudformation deploy' (with change sets)"
-      # ManagedPolicyName: No hardcoded naming because of easier CloudFormation management
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowCloudFormationStackOperations
-            Effect: Allow
-            Action:
-              - cloudformation:GetTemplateSummary
-              - cloudformation:DescribeStacks
-              - cloudformation:CreateChangeSet
-              - cloudformation:ExecuteChangeSet
-              - cloudformation:DescribeChangeSet
-            Resource:
-              - !Sub arn:aws:cloudformation:*:${AWS::AccountId}:stack/${WebStackName}/*
-              - !Sub arn:aws:cloudformation:*:${AWS::AccountId}:stack/${DnsStackName}/*
-              - !Sub arn:aws:cloudformation:*:${AWS::AccountId}:stack/${AWS::StackName}/*
-              - !Sub arn:aws:cloudformation:*:${AWS::AccountId}:stack/${CertificateStackName}/*
-
-  IamStackDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deploying IAM CloudFormation stack.
-      # ManagedPolicyName: No hardcoded naming because of easier CloudFormation management
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowUserArnExport
-            Effect: Allow
-            Action:
-              - iam:GetUser
-            Resource:
-              - !GetAtt DeploymentUser.Arn
-          -
-            Sid: AllowTagging
-            Effect: Allow
-            Action:
-              - iam:TagResource
-            Resource:
-              - !Sub arn:aws:cloudformation::${AWS::AccountId}:stack/${AWS::StackName}/*
-              - !GetAtt DeploymentUser.Arn
-          -
-            Sid: AllowRoleDeployment
-            Effect: Allow
-            Action:
-              - iam:CreateRole
-            Resource:
-              - !Sub arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-*
-
-  LambdaBackedCustomResourceDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deploying a lambda-backed custom resource.
-      # ManagedPolicyName: # ManagedPolicyName: No hardcoded naming because of easier CloudFormation management
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowLambdaDeployment
-            Effect: Allow
-            Action:
-              - lambda:GetFunction
-              - lambda:DeleteFunction
-              - lambda:CreateFunction
-              - lambda:GetFunctionConfiguration
-              - lambda:InvokeFunction
-            Resource:
-              - !Sub arn:aws:lambda:*:${AWS::AccountId}:function:${CertificateStackName}*
-          -
-            Sid: AllowPassingLambdaRole
-            Effect: Allow
-            Action:
-              - iam:PassRole
-            Resource:
-              - !GetAtt ResolveCertificateLambdaRole.Arn
-
-  CertificateDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deploying certifications stack.
-      # ManagedPolicyName: # ManagedPolicyName: No hardcoded naming because of easier CloudFormation management
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowCertificateDeployment
-            Effect: Allow
-            Action:
-              - acm:RequestCertificate
-              - acm:DescribeCertificate
-              - acm:DeleteCertificate
-              - acm:AddTagsToCertificate
-              - acm:ListCertificates
-            Resource: '*' # Certificate Manager does not support resource level IAM
-
-  PolicyDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deployment of policies
-      # ManagedPolicyName: Commented out because CloudFormation requires to rename when replacing custom-named resource
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowPolicyUpdates
-            Effect: Allow
-            Action:
-              - iam:ListPolicyVersions
-              - iam:CreatePolicyVersion
-              - iam:DeletePolicyVersion
-              - iam:CreatePolicy 
-              - iam:DeletePolicy 
-              - iam:GetPolicy
-            Resource:
-              - !Sub arn:aws:iam::${AWS::AccountId}:policy/${AWS::StackName}-* # when ManagedPolicyName is not given policies get name like StackName-*
-          -
-            Sid: AllowPoliciesOnRoles
-            Effect: Allow
-            Action:
-              - iam:AttachRolePolicy
-              - iam:DetachRolePolicy
-              - iam:GetRole
-            Resource:
-              - !Sub arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-*
-          - 
-            Sid: AllowPolicyAssigmentToGroup
-            Effect: Allow
-            Action:
-              - iam:AttachGroupPolicy
-              - iam:DetachGroupPolicy
-            Resource:
-              - !GetAtt DeploymentGroup.Arn
-          - 
-            Sid: AllowGettingGroupInformation
-            Effect: Allow
-            Action:
-              - iam:GetGroup
-            Resource: !Sub arn:aws:iam::${AWS::AccountId}:group/${DeploymentGroup}
-
-  DnsStackDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deployment of DNS stack
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowHostedZoneDeployment
-            Effect: Allow
-            Action:
-              - route53:CreateHostedZone
-              - route53:ListQueryLoggingConfigs
-              - route53:DeleteHostedZone
-              - route53:GetChange
-              - route53:ChangeTagsForResource
-              - route53:GetHostedZone
-              - route53:ChangeResourceRecordSets
-            Resource: '*' # Does not support resource-level permissions https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/access-control-overview.html#access-control-manage-access-intro-resource-policies
-          
-  WebStackDeployPolicy:
-    # We need a role to run s3:PutBucketPolicy, IAM users cannot run it. See https://stackoverflow.com/a/48551383 
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows deployment of web stack
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowCloudFrontOAIDeployment
-            Effect: Allow
-            Action:
-              - cloudfront:GetCloudFrontOriginAccessIdentity
-              - cloudfront:CreateCloudFrontOriginAccessIdentity
-              - cloudfront:GetCloudFrontOriginAccessIdentityConfig
-              - cloudfront:DeleteCloudFrontOriginAccessIdentity
-            Resource: '*' # Does not support resource-level permissions https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cf-api-permissions-ref.html
-          -
-            Sid: AllowCloudFrontDistributionDeployment
-            Effect: Allow
-            Action:
-              - cloudfront:CreateDistribution
-              - cloudfront:DeleteDistribution
-              - cloudfront:UpdateDistribution
-              - cloudfront:GetDistribution
-              - cloudfront:TagResource
-              - cloudfront:UpdateCloudFrontOriginAccessIdentity
-            Resource: !Sub arn:aws:cloudfront::${AWS::AccountId}:*
-          -
-            Sid: AllowS3BucketPolicyAccess
-            Effect: Allow
-            Action:
-              - s3:CreateBucket
-              - s3:DeleteBucket
-              - s3:PutBucketWebsite
-              - s3:DeleteBucketPolicy
-              - s3:PutBucketPolicy
-              - s3:GetBucketPolicy
-            Resource: !Sub arn:aws:s3:::${WebStackName}*
-          -
-            Sid: AllowRecordDeploymentToRoute53
-            Effect: Allow
-            Action:
-              - route53:GetHostedZone
-              - route53:ChangeResourceRecordSets
-              - route53:GetChange
-              - route53:ListResourceRecordSets
-            Resource: '*' # Does not support resource-level permissions https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/access-control-overview.html#access-control-manage-access-intro-resource-policies
-
-  S3SiteDeployPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows listing buckets to be able to list objects in a bucket
-      # ManagedPolicyName: Commented out because CloudFormation requires to rename when replacing custom-named resources
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowListingObjects
-            Effect: Allow
-            Action:
-              - s3:ListBucket # To allow ListObjectsV2
-            Resource: !Sub arn:aws:s3:::${WebStackName}*
-          -
-            Sid: AllowUpdatingObjects
-            Effect: Allow
-            Action:
-              - s3:PutObject
-              - s3:DeleteObject
-            Resource: !Sub arn:aws:s3:::${WebStackName}*/*
-
-  CloudFrontInvalidationPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows creating invalidations on CloudFront
-      # ManagedPolicyName: Commented out because CloudFormation requires to rename when replacing custom-named resource
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowCloudFrontInvalidations
-            Effect: Allow
-            Action:
-              - cloudfront:CreateInvalidation
-            Resource: "*" # Does not support resource-level permissions https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cf-api-permissions-ref.html
-
-  StackExportReaderPolicy:
-    Type: AWS::IAM::ManagedPolicy
-    Properties:
-      Description: Allows creating invalidations on CloudFront
-      # ManagedPolicyName: Commented out because CloudFormation requires to rename when replacing custom-named resource
-      PolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          -
-            Sid: AllowGettingBucketName
-            Effect: Allow
-            Action:
-              - cloudformation:DescribeStacks
-            Resource: !Sub arn:aws:cloudformation:*:${AWS::AccountId}:stack/${WebStackName}/*
-    
-Outputs:
-  ResolveCertificateLambdaRoleArn: 
-    Description: The Amazon Resource Name (ARN) of the lambda for deploying certificates.
-    Value: !GetAtt ResolveCertificateLambdaRole.Arn
-    Export:
-      Name: !Join [ ':', [ !Ref 'AWS::StackName', ResolveCertificateLambdaRoleArn ] ]
-
-  CertificateStackDeployRoleArn: 
-    Description: "GitHub secret: AWS_CERTIFICATE_STACK_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt CertificateStackDeployRole.Arn
-
-  DnsStackDeployRoleArn: 
-    Description: "GitHub secret: AWS_DNS_STACK_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt DnsStackDeployRole.Arn
-
-  IamStackDeployRoleArn: 
-    Description: "GitHub secret: AWS_IAM_STACK_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt IamStackDeployRole.Arn
-
-  WebStackDeployRoleArn: 
-    Description: "GitHub secret: AWS_WEB_STACK_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt WebStackDeployRole.Arn
-
-  S3SiteDeployRoleArn: 
-    Description: "GitHub secret: AWS_S3_SITE_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt S3SiteDeployRole.Arn
-
-  CloudFrontSiteDeployRoleArn: 
-    Description: "GitHub secret: AWS_CLOUDFRONT_SITE_DEPLOYMENT_ROLE_ARN"
-    Value: !GetAtt CloudFrontSiteDeployRole.Arn

aws/scripts/configure/create-role-profile.sh

@@ -1,36 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --user-profile) USER_PROFILE="$2"; shift;;
-  --role-profile) ROLE_PROFILE="$2"; shift;;
-  --role-arn) ROLE_ARN="$2"; shift;;
-  --session) SESSION="$2";shift;;
-  --region) REGION="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$USER_PROFILE" ]; then echo "User profile name is not set."; exit 1; fi;
-if [ -z "$ROLE_PROFILE" ]; then echo "Role profile name is not set."; exit 1; fi;
-if [ -z "$ROLE_ARN" ]; then echo "Role ARN is not set"; exit 1; fi;
-if [ -z "$SESSION" ]; then echo "Session name is not set."; exit 1; fi;
-if [ -z "$REGION" ]; then echo "Region is not set."; exit 1; fi;
-
-creds=$(aws sts assume-role --role-arn $ROLE_ARN --role-session-name $SESSION --profile $USER_PROFILE)
-
-aws_access_key_id=$(echo $creds | jq -r '.Credentials.AccessKeyId')
-echo ::add-mask::$aws_access_key_id
-aws_secret_access_key=$(echo $creds | jq -r '.Credentials.SecretAccessKey')
-echo ::add-mask::$aws_secret_access_key
-aws_session_token=$(echo $creds | jq -r '.Credentials.SessionToken')
-echo ::add-mask::$aws_session_token
-
-aws configure --profile $ROLE_PROFILE set aws_access_key_id $aws_access_key_id
-aws configure --profile $ROLE_PROFILE set aws_secret_access_key $aws_secret_access_key
-aws configure --profile $ROLE_PROFILE set aws_session_token $aws_session_token
-aws configure --profile $ROLE_PROFILE set region $REGION
-
-echo Profile $ROLE_PROFILE is created
-
-bash "${BASH_SOURCE%/*}/mask-identity.sh" --profile $ROLE_PROFILE

aws/scripts/configure/create-user-profile.sh

@@ -1,25 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --profile) PROFILE="$2"; shift;;
-  --access-key-id) ACCESS_KEY_ID="$2"; shift;;
-  --secret-access-key) SECRET_ACCESS_KEY="$2"; shift;;
-  --region) REGION="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$PROFILE" ]; then echo "Profile name is not set."; exit 1; fi;
-echo $PROFILE
-if [ -z "$ACCESS_KEY_ID" ]; then echo "Access key ID is not set"; exit 1; fi;
-if [ -z "$SECRET_ACCESS_KEY" ]; then echo "Secret access key is not set."; exit 1; fi;
-if [ -z "$REGION" ]; then echo "Region is not set."; exit 1; fi;
-
-aws configure --profile $PROFILE set aws_access_key_id $ACCESS_KEY_ID
-aws configure --profile $PROFILE set aws_secret_access_key $SECRET_ACCESS_KEY
-aws configure --profile $PROFILE set region $REGION
-
-echo Profile $PROFILE is created
-
-bash "${BASH_SOURCE%/*}/mask-identity.sh" --profile $PROFILE

aws/scripts/configure/mask-identity.sh

@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --profile) PROFILE="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$PROFILE" ]; then echo "Profile name is not set."; exit 1; fi;
-
-aws_identity=$(aws sts get-caller-identity --profile $PROFILE)
-echo ::add-mask::$(echo $aws_identity | jq -r '.Account')
-echo ::add-mask::$(echo $aws_identity | jq -r '.UserId')
-echo ::add-mask::$(echo $aws_identity | jq -r '.Arn')
-
-echo Credentials are masked

aws/scripts/deploy/deploy-stack.sh

@@ -1,43 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --template-file) TEMPLATE_FILE="$2"; shift;;
-  --stack-name) STACK_NAME="$2"; shift;;
-  --profile) PROFILE="$2"; shift;;
-  --capabilities) CAPABILITY_IAM="$2"; shift;;
-  --role-arn) ROLE_ARN="$2";shift;;
-  --session) SESSION="$2";shift;;
-  --region) REGION="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$TEMPLATE_FILE" ]; then echo "Template file is not set."; exit 1; fi;
-if [ -z "$STACK_NAME" ]; then echo "Template file is not set."; exit 1; fi;
-if [ -z "$PROFILE" ]; then echo "Profile is not set."; exit 1; fi;
-if [ -z "$ROLE_ARN" ]; then echo "Role ARN is not set."; exit 1; fi;
-if [ -z "$SESSION" ]; then echo "Role session is not set."; exit 1; fi;
-
-
-echo Validating stack "$STACK_NAME"
-aws cloudformation validate-template \
-    --template-body file://$TEMPLATE_FILE \
-    --profile $PROFILE
-
-ROLE_PROFILE=$STACK_NAME
-
-echo Assuming role
-bash "${BASH_SOURCE%/*}/../configure/create-role-profile.sh" \
-    --role-profile $ROLE_PROFILE --user-profile $PROFILE \
-    --role-arn $ROLE_ARN \
-    --session $SESSION \
-    --region $REGION
-
-echo Deploying stack "$TEMPLATE_FILE"
-aws cloudformation deploy \
-    --template-file $TEMPLATE_FILE \
-    --stack-name $STACK_NAME \
-    ${CAPABILITY_IAM:+ --capabilities $CAPABILITY_IAM} \
-    --no-fail-on-empty-changeset \
-    --profile $ROLE_PROFILE

aws/scripts/deploy/deploy-to-s3.sh

@@ -1,47 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --folder) FOLDER="$2"; shift;;
-  --web-stack-name) WEB_STACK_NAME="$2"; shift;;
-  --web-stack-s3-name-output-name) WEB_STACK_S3_NAME_OUTPUT_NAME="$2"; shift;;
-  --storage-class) STORAGE_CLASS="$2"; shift;;
-  --profile) PROFILE="$2"; shift;;
-  --role-arn) ROLE_ARN="$2";shift;;
-  --session) SESSION="$2";shift;;
-  --region) REGION="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$FOLDER" ]; then echo "Folder is not set."; exit 1; fi;
-if [ -z "$PROFILE" ]; then echo "Profile is not set."; exit 1; fi;
-if [ -z "$ROLE_ARN" ]; then echo "Role ARN is not set."; exit 1; fi;
-if [ -z "$SESSION" ]; then echo "Role session is not set."; exit 1; fi;
-if [ -z "$WEB_STACK_NAME" ]; then echo "Web stack name is not set."; exit 1; fi;
-if [ -z "$WEB_STACK_S3_NAME_OUTPUT_NAME" ]; then echo "S3 name output name is not set."; exit 1; fi;
-if [ -z "$STORAGE_CLASS" ]; then echo "S3 object storage class is not set."; exit 1; fi;
-
-echo Assuming role
-ROLE_PROFILE=deploy-s3
-bash "${BASH_SOURCE%/*}/../configure/create-role-profile.sh" \
-    --role-profile $ROLE_PROFILE --user-profile $PROFILE \
-    --role-arn $ROLE_ARN \
-    --session $SESSION \
-    --region $REGION
-
-echo Getting S3 bucket name from stack "$WEB_STACK_NAME" with output "$WEB_STACK_S3_NAME_OUTPUT_NAME"
-S3_BUCKET_NAME=$(aws cloudformation describe-stacks \
-            --stack-name $WEB_STACK_NAME \
-            --query "Stacks[0].Outputs[?OutputKey=='$WEB_STACK_S3_NAME_OUTPUT_NAME'].OutputValue" \
-            --output text \
-            --profile $ROLE_PROFILE)
-if [ -z "$S3_BUCKET_NAME" ]; then echo "Could not read S3 bucket name"; exit 1; fi;
-echo ::add-mask::$S3_BUCKET_NAME # Just being extra cautious
-
-echo Syncing folder to S3
-
-aws s3 sync $FOLDER s3://$S3_BUCKET_NAME \
-    --storage-class $STORAGE_CLASS  \
-    --no-progress --follow-symlinks --delete \
-    --profile $ROLE_PROFILE

aws/scripts/deploy/invalidate-cloudfront-cache.sh

@@ -1,45 +0,0 @@
-#!/bin/bash
-
-# Parse parameters
-while [[ "$#" -gt 0 ]]; do case $1 in
-  --paths) PATHS="$2"; shift;;
-  --web-stack-name) WEB_STACK_NAME="$2"; shift;;
-  --web-stack-cloudfront-arn-output-name) WEB_STACK_CLOUDFRONT_ARN_OUTPUT_NAME="$2"; shift;;
-  --profile) PROFILE="$2"; shift;;
-  --role-arn) ROLE_ARN="$2";shift;;
-  --session) SESSION="$2";shift;;
-  --region) REGION="$2";shift;;
-  *) echo "Unknown parameter passed: $1"; exit 1;;
-esac; shift; done
-
-# Verify parameters
-if [ -z "$PATHS" ]; then echo "Paths is not set."; exit 1; fi;
-if [ -z "$PROFILE" ]; then echo "Profile is not set."; exit 1; fi;
-if [ -z "$ROLE_ARN" ]; then echo "Role ARN is not set."; exit 1; fi;
-if [ -z "$SESSION" ]; then echo "Role session is not set."; exit 1; fi;
-if [ -z "$WEB_STACK_NAME" ]; then echo "Web stack name is not set."; exit 1; fi;
-if [ -z "$WEB_STACK_CLOUDFRONT_ARN_OUTPUT_NAME" ]; then echo "CloudFront ARN output name is not set."; exit 1; fi;
-
-
-echo Assuming role
-ROLE_PROFILE=invalidate-cloudfront
-bash "${BASH_SOURCE%/*}/../configure/create-role-profile.sh" \
-    --role-profile $ROLE_PROFILE --user-profile $PROFILE \
-    --role-arn $ROLE_ARN \
-    --session $SESSION \
-    --region $REGION
-
-echo Getting CloudFront ARN from stack "$WEB_STACK_NAME" with output "$WEB_STACK_CLOUDFRONT_ARN_OUTPUT_NAME"
-CLOUDFRONT_ARN=$(aws cloudformation describe-stacks \
-            --stack-name $WEB_STACK_NAME \
-            --query "Stacks[0].Outputs[?OutputKey=='$WEB_STACK_CLOUDFRONT_ARN_OUTPUT_NAME'].OutputValue" \
-            --output text \
-            --profile $ROLE_PROFILE)
-if [ -z "$CLOUDFRONT_ARN" ]; then echo "Could not read CloudFront ARN"; exit 1; fi;
-echo :add-mask::$CLOUDFRONT_ARN
-
-echo Syncing folder to S3
-aws cloudfront create-invalidation \
-    --paths $PATHS \
-    --distribution-id $CLOUDFRONT_ARN \
-    --profile $ROLE_PROFILE

aws/web-stack.yaml

@@ -1,138 +0,0 @@
-AWSTemplateFormatVersion: '2010-09-09'
-
-Description: |-
-  > Creates an S3 bucket configured for hosting a static webpage.
-  > Creates CloudFront distribution that has access to read the S3 bucket.
-
-Parameters:
-
-  RootDomainName:
-    Type: String
-    Default: privacy.sexy
-    Description: The root DNS name of the website e.g. privacy.sexy
-    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
-    ConstraintDescription: Must be a valid root domain name
-
-  CertificateStackName:
-    Type: String
-    Default: privacysexy-certificate-stack
-    Description: Name of the certificate stack.
-
-  DnsStackName:
-    Type: String
-    Default: privacysexy-dns-stack
-    Description: Name of the certificate stack.
-
-  PriceClass:
-    Type: String
-    Description: The CloudFront distribution price class
-    Default: 'PriceClass_100'
-    AllowedValues:
-      - 'PriceClass_100'
-      - 'PriceClass_200'
-      - 'PriceClass_All'
-
-Resources:
-
-  S3Bucket:
-    Type: AWS::S3::Bucket
-    Properties:
-      BucketName: !Sub ${AWS::StackName}-${RootDomainName} # Must have stack name for IAM to allow
-      WebsiteConfiguration:
-        IndexDocument: index.html
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy    
- 
-  S3BucketPolicy:
-    Type: AWS::S3::BucketPolicy
-    Properties:
-      Bucket: !Ref S3Bucket
-      PolicyDocument: # Only used for CloudFront as it's the only way, otherwise use IAM roles in IAM stack.
-        Statement:
-          -
-            Sid: AllowCloudFrontRead
-            Action: s3:GetObject
-            Effect: Allow
-            Principal:
-                CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId
-            Resource: !Join ['', ['arn:aws:s3:::', !Ref S3Bucket, /*]]
-    
-  CloudFrontOriginAccessIdentity:
-    Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
-    Properties:
-      CloudFrontOriginAccessIdentityConfig:
-        Comment: !Sub 'CloudFront OAI for ${S3Bucket}'
-    
-  CloudFrontDistribution:
-    Type: AWS::CloudFront::Distribution
-    Properties:
-      DistributionConfig:
-        Comment: Cloudfront Distribution pointing to S3 bucket
-        Origins:
-          -
-            DomainName: !GetAtt S3Bucket.DomainName
-            Id: S3Origin
-            S3OriginConfig:
-                OriginAccessIdentity: !Sub "origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}"
-        Enabled: true
-        HttpVersion: 'http2'
-        DefaultRootObject: index.html
-        Aliases:
-          - !Ref RootDomainName
-          - !Sub 'www.${RootDomainName}'
-        DefaultCacheBehavior:
-          AllowedMethods:
-            - GET
-            - HEAD
-          Compress: true
-          TargetOriginId: S3Origin
-          ForwardedValues:
-            QueryString: true
-            Cookies:
-              Forward: none
-          ViewerProtocolPolicy: redirect-to-https
-        PriceClass: !Ref PriceClass
-        ViewerCertificate:
-          AcmCertificateArn:
-            # Certificate must be validated before it can be used here
-            Fn::ImportValue: !Join [':', [!Ref CertificateStackName, CertificateArn]]
-          SslSupportMethod: sni-only
-          MinimumProtocolVersion: TLSv1.1_2016
-      Tags:
-        -
-          Key: Application
-          Value: privacy.sexy
-
-  CloudFrontDNSRecords:
-    Type: AWS::Route53::RecordSetGroup
-    Properties: 
-      HostedZoneId:
-        Fn::ImportValue: !Join [':', [!Ref DnsStackName, DNSHostedZoneId]]
-      RecordSets:
-        -
-          Name: !Ref RootDomainName
-          Type: A         
-          AliasTarget: 
-            DNSName: !GetAtt CloudFrontDistribution.DomainName
-            EvaluateTargetHealth: false
-            HostedZoneId: Z2FDTNDATAQYW2 # Static CloudFront distribution zone https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget.html#cfn-route53-aliastarget-hostedzoneid
-        -
-          Name: !Join ['', ['www.', !Ref RootDomainName]]
-          Type: A
-          AliasTarget: 
-            DNSName: !GetAtt CloudFrontDistribution.DomainName
-            EvaluateTargetHealth: false
-            HostedZoneId: Z2FDTNDATAQYW2 # Static CloudFront distribution zone https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget.html#cfn-route53-aliastarget-hostedzoneid
-Outputs:
-
-  CloudFrontDistributionArn:  # Used by deployment script to be able to deploy to right S3 bucket
-    Description: Tthe Amazon Resource Name (ARN) of the CloudFront distribution.
-    Value: !Ref CloudFrontDistribution
-
-  S3BucketName: # Used by deployment script to be able to deploy to right S3 bucket
-    Description: Name of the S3 bucket.
-    Value: !Ref S3Bucket
-
-

build/README.md

@@ -0,0 +1,5 @@
+# build
+
+- These are the file that are used by electron.
+- Logos are created by from the [PNG icon](./../public/icon.png)
+  - by running `npx electron-icon-builder --input=./public/icon.png --output=build --flatten`

docs/ci-cd.drawio

@@ -1 +0,0 @@
-<mxfile host="www.draw.io" modified="2019-12-30T13:07:22.931Z" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36" etag="vfXOAJJrIONaUEloGBPR" version="12.4.7" type="device"><diagram id="ymF_tBZ9P2_Wfw9L8arg" name="Page-1">5Vpbb9s2FP41AbYHC7zp9hjHdVqsGwpkQNu9FIxEy2xlUaWo2N6v36FEOZLlXNw6S7IpQUwd3j9+/M4hnTN6sdpcal4uf1epyM8ISjdndHZGSOQT+GsN29YwIRFqLZmWaWvDt4Yr+bdwxq5YLVNRDQoapXIjy6ExUUUhEjOwca3VelhsofJhryXPxMhwlfB8bP0oU7Ps5oVu7W+FzJZdzxi5nBXvCjtDteSpWvdM9M0ZvdBKmTa12lyI3ILX4dLWm9+RuxuYFoV5TAWx2swv/wy+49kff33Kok8f39/8NnHLc8Pz2k14JspcbStbsVhoXhldJ6bWwk3CbDtktKqLVNjG0RmdKm2WKlMFz98rVYIRg/GrMGbr1pTXRoFpaVa5y015tWzqdy8fuDFCF42FIGsdz9FNu1K1TsQ9E2OOK1xnwtxTDvttQZEOeOAgvBRqJYzeQgHH6AnyCGVBW8mRmro2tMi5kTdD5nBHwGzX1K71D0rCtHZN05B6FB4/ZiGNCQoHneAgxF7Mho22MLh2+mu/17QfIA8F8e0zbBrHyMOxH0IyojgkZNhLC+LDvezNWC0WlRjUgEQP01tTw9QjWEtHrJ3WMk+rRgdSoGqQw5pPrzWkMptqSQ3Za3FtR1iWuUxgrVTxH6V1eDSrEQuGhCPsNKxm2KMIIYZY5Ef0dJwOgsALaLij9HBPYqC71yN87B/J6adnMRux+FKat7Ul6HliuVmNyAk+pLRJuWrcVp92N0Ib4HR+nsvMcs1Yuu6s7/m1yD+oSjacp7NrZYxaQYHcZkx58i1riH+hcqWbvuiieaBI09l5Vbbu1e4K3r0s5MZSferGM1saY/3yucWKzJO0YJ4Ez7yQsKW0l0CPZJ5yw+HD2iv7qYou6WPiMiaVSiTPJ5k0y/p6gknklUUGHS1knndjLFRhMViowlw5iA44RWeyQIjNY/YCCXwvYOj2YUNikcA59PVtPAADbG3LfizQGQ9tlgGZjmWOP2LOuwJeJEArGhHkyfKFOezHKhE4IhoPEacnEqKYgl7c6QMp6IUfhjTwGWUhi+kPelofeywaNs380KMEiERiGuGXKEXBiFAXuarTuVZuTH0eqdrkshAXu4gbuV3YEw/4mdv+p5nmqRSDvJj5sznp5c2kFokTpsLycm+jQx3/nKKpD3aIR9U3cUimduxEj9G9w3LJ3VsCoxJ6yP5GZ9qtgclIdw6IYifWq01mz0YeX1fM06Jl0rvEjmcKr21qWCqx6C8a9J1E9+awG1zaww1abXA7gQAepDAdi154QPPCp5K8cMTQK3pyZgbonNLwOGaSMMQ4+N8ws6I2b+dJcNtae7C108tyXlUuDf5eJi59El5SL9p3xpH/vLyMRryciZvXH7eRB+O2QqwnW8H1xPImr128Og9ggeY90wTFvfDtTikb0fvUUZ0PJ5z+Q/d5FI95hA7wCD0Rj+IRj8q6qaXF91pUNgyQ1fhguxIQO6TNpVhz51RZ9J4j8IOV0dtProvm5bN98fzudbbpZ862D+nCg0dht/MePAqz4wJQOApTTIcyc6KjMEN0cLLA+xEo82gckBgHPmE4+tEINACZJHfGuYwhj4Uh8eMwBK8eBi8uGO2ufnt74fULKn1QUMVKfZUTbPnaqugXmGO5/VKtZC6295+BD8Qyu1GfQDztsexY9SQH1JM8lXpiPKLMmDPQjiwrC9d6KY24KnmjL2sIbvbiqWGEt1iIIEkORXhpGF8j9ATeiu0Dvne5hSPidRrVw5ziMeb0yTAff3cwjshfE+bB/ZhD/PnMgI+vvdmrBjxi9wJOGX1mwMc3tPg1A473g+ARw8eH/H8X8PHFZhfyViUvBsAH32v7zSkcMhvgzm14ll3/AkODX+ge9VK/2qT1hMhCOlm7udg6oS3XtdVF1e3ll9Ir9xVROwSYUjuKttCICT97+zCnjEVH3otNLzD1X+7tw8EY6afvxXYL82TXCqA9h/zriW4W7Al597V/GzXf/vMEffMP</diagram></mxfile>

package.json

@@ -1,42 +1,66 @@
 {
   "name": "privacy.sexy",
-  "version": "0.1.0",
+  "version": "0.7.4",
+  "author": "undergroundwires",
+  "description": "Enforce privacy & security best-practices on Windows, because privacy is sexy 🍑🍆",
   "private": true,
   "scripts": {
     "serve": "vue-cli-service serve",
     "build": "vue-cli-service build",
-    "lint": "vue-cli-service lint",
-    "test:unit": "vue-cli-service test:unit"
+    "test:unit": "vue-cli-service test:unit",
+    "lint": "npm run lint:vue && npm run lint:yaml && npm run lint:md && npm run lint:md:relative-urls && npm run lint:md:consistency",
+    "electron:build": "vue-cli-service electron:build",
+    "electron:serve": "vue-cli-service electron:serve",
+    "lint:md": "markdownlint **/*.md --ignore node_modules",
+    "lint:md:consistency": "remark . --frail --use remark-preset-lint-consistent",
+    "lint:md:relative-urls": "remark . --frail --use remark-validate-links",
+    "lint:vue": "vue-cli-service lint --no-fix",
+    "lint:yaml": "yamllint **/*.yaml --ignore=node_modules/**/*.yaml",
+    "postinstall": "electron-builder install-app-deps",
+    "postuninstall": "electron-builder install-app-deps"
   },
+  "main": "background.js",
   "dependencies": {
-    "@fortawesome/fontawesome-svg-core": "^1.2.26",
-    "@fortawesome/free-brands-svg-icons": "^5.12.0",
-    "@fortawesome/free-regular-svg-icons": "^5.12.0",
-    "@fortawesome/free-solid-svg-icons": "^5.12.0",
-    "@fortawesome/vue-fontawesome": "^0.1.9",
-    "ace-builds": "^1.4.7",
+    "@fortawesome/fontawesome-svg-core": "^1.2.30",
+    "@fortawesome/free-brands-svg-icons": "^5.14.0",
+    "@fortawesome/free-regular-svg-icons": "^5.14.0",
+    "@fortawesome/free-solid-svg-icons": "^5.14.0",
+    "@fortawesome/vue-fontawesome": "^0.1.10",
+    "ace-builds": "^1.4.12",
     "file-saver": "^2.0.2",
     "inversify": "^5.0.1",
     "liquor-tree": "^0.2.70",
-    "v-tooltip": "^2.0.2",
-    "vue": "^2.6.11",
-    "vue-class-component": "^7.1.0",
-    "vue-property-decorator": "^8.3.0"
+    "v-tooltip": "2.0.2",
+    "vue": "^2.6.12",
+    "vue-class-component": "^7.2.5",
+    "vue-js-modal": "^2.0.0-rc.6",
+    "vue-property-decorator": "^9.0.0"
   },
   "devDependencies": {
-    "@types/chai": "^4.2.7",
-    "@types/mocha": "^5.2.7",
-    "@types/ace": "0.0.42",
+    "@types/ace": "0.0.43",
+    "@types/chai": "^4.2.12",
     "@types/file-saver": "^2.0.1",
-    "@vue/cli-plugin-typescript": "^4.1.1",
-    "@vue/cli-plugin-unit-mocha": "^4.1.1",
-    "@vue/cli-service": "^4.1.1",
-    "@vue/test-utils": "1.0.0-beta.30",
+    "@types/mocha": "^8.0.3",
+    "@vue/cli-plugin-typescript": "^4.5.4",
+    "@vue/cli-plugin-unit-mocha": "^4.5.4",
+    "@vue/cli-service": "^4.5.4",
+    "@vue/test-utils": "1.0.4",
     "chai": "^4.2.0",
-    "sass": "^1.24.0",
-    "sass-loader": "^8.0.0",
+    "electron": "^10.1.0",
+    "electron-devtools-installer": "^3.1.1",
+    "electron-log": "^4.2.4",
+    "electron-updater": "^4.3.4",
     "js-yaml-loader": "^1.2.2",
-    "typescript": "^3.7.4",
-    "vue-template-compiler": "^2.6.11"
+    "markdownlint-cli": "^0.23.2",
+    "remark-cli": "^8.0.1",
+    "remark-lint-no-dead-urls": "^1.1.0",
+    "remark-preset-lint-consistent": "^3.0.1",
+    "remark-validate-links": "^10.0.2",
+    "sass": "^1.26.10",
+    "sass-loader": "^10.0.1",
+    "typescript": "^4.0.2",
+    "vue-cli-plugin-electron-builder": "^2.0.0-rc.4",
+    "vue-template-compiler": "^2.6.12",
+    "yaml-lint": "^1.2.4"
   }
 }

public/index.html

@@ -32,4 +32,4 @@
     <div id="app"></div>
     <!-- built files will be auto injected -->
   </body>
-</html>
+</html>

src/App.vue

@@ -5,17 +5,16 @@
           <TheSearchBar class="row" />
           <TheScripts class="row"/>
           <TheCodeArea class="row" theme="xcode" />
-          <TheCodeButtons class="row" />
+          <TheCodeButtons class="row code-buttons" />
           <TheFooter />
       </div>
    </div>
 </template>
 
 <script lang="ts">
-import { Component, Vue, Prop  } from 'vue-property-decorator';
-import { ApplicationState, IApplicationState } from '@/application/State/ApplicationState';
+import { Component, Vue } from 'vue-property-decorator';
 import TheHeader from '@/presentation/TheHeader.vue';
-import TheFooter from '@/presentation/TheFooter.vue';
+import TheFooter from '@/presentation/TheFooter/TheFooter.vue';
 import TheCodeArea from '@/presentation/TheCodeArea.vue';
 import TheCodeButtons from '@/presentation/TheCodeButtons.vue';
 import TheSearchBar from '@/presentation/TheSearchBar.vue';
@@ -67,6 +66,10 @@ body {
     .row {
       margin-bottom: 10px;
     }
+
+    .code-buttons {
+      padding-bottom: 10px;
+    }
   }
 }
 

src/application/Environment/BrowserOs/BrowserOsDetector.ts

@@ -0,0 +1,54 @@
+import { OperatingSystem } from '../OperatingSystem';
+import { DetectorBuilder } from './DetectorBuilder';
+import { IBrowserOsDetector } from './IBrowserOsDetector';
+
+export class BrowserOsDetector implements IBrowserOsDetector {
+    private readonly detectors = BrowserDetectors;
+    public detect(userAgent: string): OperatingSystem {
+        if (!userAgent) {
+            return OperatingSystem.Unknown;
+        }
+        for (const detector of this.detectors) {
+            const os = detector.detect(userAgent);
+            if (os !== OperatingSystem.Unknown) {
+                return os;
+            }
+        }
+        return OperatingSystem.Unknown;
+    }
+}
+
+// Reference: https://github.com/keithws/browser-report/blob/master/index.js#L304
+const BrowserDetectors =
+[
+    define(OperatingSystem.KaiOS, (b) =>
+        b.mustInclude('KAIOS')),
+    define(OperatingSystem.ChromeOS, (b) =>
+        b.mustInclude('CrOS')),
+    define(OperatingSystem.BlackBerryOS, (b) =>
+        b.mustInclude('BlackBerry')),
+    define(OperatingSystem.BlackBerryTabletOS, (b) =>
+        b.mustInclude('RIM Tablet OS')),
+    define(OperatingSystem.BlackBerry, (b) =>
+        b.mustInclude('BB10')),
+    define(OperatingSystem.Android, (b) =>
+        b.mustInclude('Android').mustNotInclude('Windows Phone')),
+    define(OperatingSystem.Android, (b) =>
+        b.mustInclude('Adr').mustNotInclude('Windows Phone')),
+    define(OperatingSystem.iOS, (b) =>
+        b.mustInclude('like Mac OS X')),
+    define(OperatingSystem.Linux, (b) =>
+        b.mustInclude('Linux').mustNotInclude('Android').mustNotInclude('Adr')),
+    define(OperatingSystem.Windows, (b) =>
+        b.mustInclude('Windows').mustNotInclude('Windows Phone')),
+    define(OperatingSystem.WindowsPhone, (b) =>
+        b.mustInclude('Windows Phone')),
+    define(OperatingSystem.macOS, (b) =>
+        b.mustInclude('OS X').mustNotInclude('Android').mustNotInclude('like Mac OS X')),
+];
+
+function define(os: OperatingSystem, applyRules: (builder: DetectorBuilder) => DetectorBuilder): IBrowserOsDetector {
+    const builder = new DetectorBuilder(os);
+    applyRules(builder);
+    return builder.build();
+}

src/application/Environment/BrowserOs/DetectorBuilder.ts

@@ -0,0 +1,53 @@
+import { IBrowserOsDetector } from './IBrowserOsDetector';
+import { OperatingSystem } from '../OperatingSystem';
+
+export class DetectorBuilder {
+    private readonly existingPartsInUserAgent = new Array<string>();
+    private readonly notExistingPartsInUserAgent = new Array<string>();
+
+    constructor(private readonly os: OperatingSystem) { }
+
+    public mustInclude(str: string): DetectorBuilder {
+        return this.add(str, this.existingPartsInUserAgent);
+    }
+
+    public mustNotInclude(str: string): DetectorBuilder {
+        return this.add(str, this.notExistingPartsInUserAgent);
+    }
+
+    public build(): IBrowserOsDetector {
+        if (!this.existingPartsInUserAgent.length) {
+            throw new Error('Must include at least a part');
+        }
+        return {
+            detect: (agent) => this.detect(agent),
+        };
+    }
+
+    private detect(userAgent: string): OperatingSystem {
+        if (!userAgent) {
+            throw new Error('User agent is null or undefined');
+        }
+        if (this.existingPartsInUserAgent.some((part) => !userAgent.includes(part))) {
+            return OperatingSystem.Unknown;
+        }
+        if (this.notExistingPartsInUserAgent.some((part) => userAgent.includes(part))) {
+            return OperatingSystem.Unknown;
+        }
+        return this.os;
+    }
+
+    private add(part: string, array: string[]): DetectorBuilder {
+        if (!part) {
+            throw new Error('part is empty or undefined');
+        }
+        if (this.existingPartsInUserAgent.includes(part)) {
+            throw new Error(`part ${part} is already included as existing part`);
+        }
+        if (this.notExistingPartsInUserAgent.includes(part)) {
+            throw new Error(`part ${part} is already included as not existing part`);
+        }
+        array.push(part);
+        return this;
+    }
+}

src/application/Environment/BrowserOs/IBrowserOsDetector.ts

@@ -0,0 +1,5 @@
+import { OperatingSystem } from '../OperatingSystem';
+
+export interface IBrowserOsDetector {
+    detect(userAgent: string): OperatingSystem;
+}

src/application/Environment/Environment.ts

@@ -0,0 +1,80 @@
+import { BrowserOsDetector } from './BrowserOs/BrowserOsDetector';
+import { IBrowserOsDetector } from './BrowserOs/IBrowserOsDetector';
+import { IEnvironment } from './IEnvironment';
+import { OperatingSystem } from './OperatingSystem';
+
+interface IEnvironmentVariables {
+    readonly window: Window & typeof globalThis;
+    readonly process: NodeJS.Process;
+    readonly navigator: Navigator;
+}
+
+export class Environment implements IEnvironment {
+    public static readonly CurrentEnvironment: IEnvironment = new Environment({
+        window,
+        process,
+        navigator,
+    });
+    public readonly isDesktop: boolean;
+    public readonly os: OperatingSystem;
+    protected constructor(
+      variables: IEnvironmentVariables,
+      browserOsDetector: IBrowserOsDetector = new BrowserOsDetector()) {
+        if (!variables) {
+            throw new Error('variables is null or empty');
+        }
+        this.isDesktop = isDesktop(variables);
+        this.os = this.isDesktop ?
+            getDesktopOsType(getProcessPlatform(variables))
+          : browserOsDetector.detect(getUserAgent(variables));
+    }
+}
+
+function getUserAgent(variables: IEnvironmentVariables): string {
+    if (!variables.window || !variables.window.navigator) {
+        return undefined;
+    }
+    return variables.window.navigator.userAgent;
+}
+
+function getProcessPlatform(variables: IEnvironmentVariables): string {
+    if (!variables.process || !variables.process.platform) {
+        return undefined;
+    }
+    return variables.process.platform;
+}
+
+function getDesktopOsType(processPlatform: string): OperatingSystem {
+    // https://nodejs.org/api/process.html#process_process_platform
+    if (processPlatform === 'darwin') {
+        return OperatingSystem.macOS;
+    } else if (processPlatform === 'win32') {
+        return OperatingSystem.Windows;
+    } else if (processPlatform === 'linux') {
+        return OperatingSystem.Linux;
+    }
+    return OperatingSystem.Unknown;
+}
+
+function isDesktop(variables: IEnvironmentVariables): boolean {
+    // More: https://github.com/electron/electron/issues/2288
+    // Renderer process
+    if (variables.window
+        && variables.window.process
+        && variables.window.process.type === 'renderer') {
+        return true;
+    }
+    // Main process
+    if (variables.process
+        && variables.process.versions
+        && Boolean(variables.process.versions.electron)) {
+        return true;
+    }
+    // Detect the user agent when the `nodeIntegration` option is set to true
+    if (variables.navigator
+        && variables.navigator.userAgent
+        && variables.navigator.userAgent.includes('Electron')) {
+        return true;
+    }
+    return false;
+}

src/application/Environment/IEnvironment.ts

@@ -0,0 +1,6 @@
+import { OperatingSystem } from './OperatingSystem';
+
+export interface IEnvironment {
+    isDesktop: boolean;
+    os: OperatingSystem;
+}

src/application/Environment/OperatingSystem.ts

@@ -0,0 +1,14 @@
+export enum OperatingSystem {
+    macOS,
+    Windows,
+    Linux,
+    KaiOS,
+    ChromeOS,
+    BlackBerryOS,
+    BlackBerry,
+    BlackBerryTabletOS,
+    Android,
+    iOS,
+    WindowsPhone,
+    Unknown,
+}

src/application/Parser/ApplicationParser.ts

@@ -1,21 +1,29 @@
-import { Category } from '../../domain/Category';
-import { Application } from '../../domain/Application';
-import applicationFile from 'js-yaml-loader!./../application.yaml';
+import { Category } from '@/domain/Category';
+import { Application } from '@/domain/Application';
+import { IApplication } from '@/domain/IApplication';
+import { ApplicationYaml } from 'js-yaml-loader!./../application.yaml';
 import { parseCategory } from './CategoryParser';
 
-export function parseApplication(): Application {
+export function parseApplication(content: ApplicationYaml): IApplication {
+    validate(content);
     const categories = new Array<Category>();
-    if (!applicationFile.actions || applicationFile.actions.length <= 0) {
-        throw new Error('Application does not define any action');
-    }
-    for (const action of applicationFile.actions) {
+    for (const action of content.actions) {
         const category = parseCategory(action);
         categories.push(category);
     }
     const app = new Application(
-        applicationFile.name,
-        applicationFile.repositoryUrl,
-        applicationFile.version,
+        content.name,
+        content.repositoryUrl,
+        process.env.VUE_APP_VERSION,
         categories);
     return app;
 }
+
+function validate(content: ApplicationYaml): void {
+    if (!content) {
+        throw new Error('application is null or undefined');
+    }
+    if (!content.actions || content.actions.length <= 0) {
+        throw new Error('application does not define any action');
+    }
+}

src/application/Parser/CategoryParser.ts

@@ -1,20 +1,18 @@
 import { YamlCategory, YamlScript } from 'js-yaml-loader!./application.yaml';
 import { Script } from '@/domain/Script';
-import { Category } from '../../domain/Category';
+import { Category } from '@/domain/Category';
 import { parseDocUrls } from './DocumentationParser';
+import { parseScript } from './ScriptParser';
 
 let categoryIdCounter: number = 0;
 
-
 interface ICategoryChildren {
     subCategories: Category[];
     subScripts: Script[];
 }
 
 export function parseCategory(category: YamlCategory): Category {
-    if (!category.children || category.children.length <= 0) {
-        throw Error('Category has no children');
-    }
+    ensureValid(category);
     const children: ICategoryChildren = {
         subCategories: new Array<Category>(),
         subScripts: new Array<Script>(),
@@ -31,6 +29,18 @@ export function parseCategory(category: YamlCategory): Category {
     );
 }
 
+function ensureValid(category: YamlCategory) {
+    if (!category) {
+        throw Error('category is null or undefined');
+    }
+    if (!category.children || category.children.length === 0) {
+        throw Error('category has no children');
+    }
+    if (!category.category || category.category.length === 0) {
+        throw Error('category has no name');
+    }
+}
+
 function parseCategoryChild(
     categoryOrScript: any, children: ICategoryChildren, parent: YamlCategory) {
     if (isCategory(categoryOrScript)) {
@@ -38,19 +48,14 @@ function parseCategoryChild(
         children.subCategories.push(subCategory);
     } else if (isScript(categoryOrScript)) {
         const yamlScript = categoryOrScript as YamlScript;
-        const script = new Script(
-            /* name */  yamlScript.name,
-            /* code */ yamlScript.code,
-            /* docs */ parseDocUrls(yamlScript),
-            /* is recommended? */ yamlScript.recommend);
+        const script = parseScript(yamlScript);
         children.subScripts.push(script);
     } else {
         throw new Error(`Child element is neither a category or a script.
-                Parent: ${parent.category}, element: ${categoryOrScript}`);
+                Parent: ${parent.category}, element: ${JSON.stringify(categoryOrScript)}`);
     }
 }
 
-
 function isScript(categoryOrScript: any): boolean {
     return categoryOrScript.code && categoryOrScript.code.length > 0;
 }

src/application/Parser/DocumentationParser.ts

@@ -1,34 +1,46 @@
-import { YamlDocumentable } from 'js-yaml-loader!./application.yaml';
+import { YamlDocumentable, DocumentationUrls } from 'js-yaml-loader!./application.yaml';
 
 export function parseDocUrls(documentable: YamlDocumentable): ReadonlyArray<string> {
+    if (!documentable) {
+        throw new Error('documentable is null or undefined');
+    }
     const docs = documentable.docs;
-    if (!docs) {
+    if (!docs || !docs.length) {
         return [];
     }
-    const result = new DocumentationUrls();
-    if (docs instanceof Array) {
-        for (const doc of docs) {
-            if (typeof doc !== 'string') {
-                throw new Error('Docs field (documentation url) must be an array of strings');
-            }
-            result.add(doc);
-        }
-    } else if (typeof docs === 'string') {
-        result.add(docs);
-    } else {
-        throw new Error('Docs field (documentation url) must a string or array of strings');
-    }
+    let result = new DocumentationUrlContainer();
+    result = addDocs(docs, result);
     return result.getAll();
 }
 
-class DocumentationUrls {
+function addDocs(docs: DocumentationUrls, urls: DocumentationUrlContainer): DocumentationUrlContainer {
+    if (docs instanceof Array) {
+        urls.addUrls(docs);
+    } else if (typeof docs === 'string') {
+        urls.addUrl(docs);
+    } else {
+        throw new Error('Docs field (documentation url) must a string or array of strings');
+    }
+    return urls;
+}
+
+class DocumentationUrlContainer {
     private readonly urls = new Array<string>();
 
-    public add(url: string) {
+    public addUrl(url: string) {
         validateUrl(url);
         this.urls.push(url);
     }
 
+    public addUrls(urls: any[]) {
+        for (const url of urls) {
+            if (typeof url !== 'string') {
+                throw new Error('Docs field (documentation url) must be an array of strings');
+            }
+            this.addUrl(url);
+        }
+    }
+
     public getAll(): ReadonlyArray<string> {
         return this.urls;
     }

src/application/Parser/ScriptParser.ts

@@ -0,0 +1,16 @@
+import { Script } from '@/domain/Script';
+import { YamlScript } from 'js-yaml-loader!./application.yaml';
+import { parseDocUrls } from './DocumentationParser';
+
+export function parseScript(yamlScript: YamlScript): Script {
+    if (!yamlScript) {
+        throw new Error('script is null or undefined');
+    }
+    const script = new Script(
+        /* name */              yamlScript.name,
+        /* code */              yamlScript.code,
+        /* revertCode */        yamlScript.revertCode,
+        /* docs */              parseDocUrls(yamlScript),
+        /* isRecommended */     yamlScript.recommend);
+    return script;
+}

src/application/State/ApplicationState.ts

@@ -3,13 +3,15 @@ import { IUserFilter } from './Filter/IUserFilter';
 import { ApplicationCode } from './Code/ApplicationCode';
 import { UserSelection } from './Selection/UserSelection';
 import { IUserSelection } from './Selection/IUserSelection';
-import { AsyncLazy } from '../../infrastructure/Threading/AsyncLazy';
-import { Signal } from '../../infrastructure/Events/Signal';
+import { AsyncLazy } from '@/infrastructure/Threading/AsyncLazy';
+import { Signal } from '@/infrastructure/Events/Signal';
 import { parseApplication } from '../Parser/ApplicationParser';
 import { IApplicationState } from './IApplicationState';
-import { Script } from '../../domain/Script';
-import { Application } from '../../domain/Application';
+import { Script } from '@/domain/Script';
+import { IApplication } from '@/domain/IApplication';
 import { IApplicationCode } from './Code/IApplicationCode';
+import applicationFile from 'js-yaml-loader!@/application/application.yaml';
+import { SelectedScript } from '@/application/State/Selection/SelectedScript';
 
 /** Mutatable singleton application state that's the single source of truth throughout the application */
 export class ApplicationState implements IApplicationState {
@@ -20,7 +22,7 @@ export class ApplicationState implements IApplicationState {
 
     /** Application instance with all scripts. */
     private static instance = new AsyncLazy<IApplicationState>(() => {
-        const application = parseApplication();
+        const application = parseApplication(applicationFile);
         const selectedScripts = new Array<Script>();
         const state = new ApplicationState(application, selectedScripts);
         return Promise.resolve(state);
@@ -33,13 +35,11 @@ export class ApplicationState implements IApplicationState {
 
     private constructor(
         /** Inner instance of the all scripts */
-        public readonly app: Application,
+        public readonly app: IApplication,
         /** Initially selected scripts */
         public readonly defaultScripts: Script[]) {
-        this.selection = new UserSelection(app, defaultScripts);
-        this.code = new ApplicationCode(this.selection, app.version.toString());
+        this.selection = new UserSelection(app, defaultScripts.map((script) => new SelectedScript(script, false)));
+        this.code = new ApplicationCode(this.selection, app.version);
         this.filter = new UserFilter(app);
     }
 }
-
-export { IApplicationState, IUserFilter };

src/application/State/Code/ApplicationCode.ts

@@ -1,27 +1,38 @@
-import { UserScriptGenerator } from './UserScriptGenerator';
-import { IUserSelection } from './../Selection/IUserSelection';
+import { CodeChangedEvent } from './Event/CodeChangedEvent';
+import { CodePosition } from './Position/CodePosition';
+import { ICodeChangedEvent } from './Event/ICodeChangedEvent';
+import { SelectedScript } from '@/application/State/Selection/SelectedScript';
+import { IUserSelection } from '@/application/State/Selection/IUserSelection';
+import { UserScriptGenerator } from './Generation/UserScriptGenerator';
 import { Signal } from '@/infrastructure/Events/Signal';
 import { IApplicationCode } from './IApplicationCode';
-import { IScript } from '@/domain/IScript';
+import { IUserScriptGenerator } from './Generation/IUserScriptGenerator';
 
 export class ApplicationCode implements IApplicationCode {
-    public readonly changed = new Signal<string>();
+    public readonly changed = new Signal<ICodeChangedEvent>();
     public current: string;
 
-    private readonly generator: UserScriptGenerator;
+    private scriptPositions = new Map<SelectedScript, CodePosition>();
 
-    constructor(userSelection: IUserSelection, private readonly version: string) {
+    constructor(
+        userSelection: IUserSelection,
+        private readonly version: string,
+        private readonly generator: IUserScriptGenerator = new UserScriptGenerator()) {
         if (!userSelection) { throw new Error('userSelection is null or undefined'); }
         if (!version) { throw new Error('version is null or undefined'); }
-        this.generator = new UserScriptGenerator();
+        if (!generator) { throw new Error('generator is null or undefined'); }
         this.setCode(userSelection.selectedScripts);
         userSelection.changed.on((scripts) => {
             this.setCode(scripts);
         });
     }
 
-    private setCode(scripts: ReadonlyArray<IScript>) {
-        this.current = scripts.length === 0 ? '' : this.generator.buildCode(scripts, this.version);
-        this.changed.notify(this.current);
+    private setCode(scripts: ReadonlyArray<SelectedScript>): void {
+        const oldScripts = Array.from(this.scriptPositions.keys());
+        const code = this.generator.buildCode(scripts, this.version);
+        this.current = code.code;
+        this.scriptPositions = code.scriptPositions;
+        const event = new CodeChangedEvent(code.code, oldScripts, code.scriptPositions);
+        this.changed.notify(event);
     }
 }

src/application/State/Code/Event/CodeChangedEvent.ts

@@ -0,0 +1,64 @@
+import { ICodeChangedEvent } from './ICodeChangedEvent';
+import { SelectedScript } from '../../Selection/SelectedScript';
+import { IScript } from '@/domain/IScript';
+import { ICodePosition } from '@/application/State/Code/Position/ICodePosition';
+
+export class CodeChangedEvent implements ICodeChangedEvent {
+    public readonly code: string;
+    public readonly addedScripts: ReadonlyArray<IScript>;
+    public readonly removedScripts: ReadonlyArray<IScript>;
+    public readonly changedScripts: ReadonlyArray<IScript>;
+
+    private readonly scripts: Map<IScript, ICodePosition>;
+
+    constructor(
+        code: string,
+        oldScripts: ReadonlyArray<SelectedScript>,
+        scripts: Map<SelectedScript, ICodePosition>) {
+        ensureAllPositionsExist(code, Array.from(scripts.values()));
+        this.code = code;
+        const newScripts = Array.from(scripts.keys());
+        this.addedScripts = selectIfNotExists(newScripts, oldScripts);
+        this.removedScripts = selectIfNotExists(oldScripts, newScripts);
+        this.changedScripts = getChangedScripts(oldScripts, newScripts);
+        this.scripts = new Map<IScript, ICodePosition>();
+        scripts.forEach((position, selection) => {
+            this.scripts.set(selection.script, position);
+        });
+    }
+
+    public isEmpty(): boolean {
+        return this.scripts.size === 0;
+    }
+
+    public getScriptPositionInCode(script: IScript): ICodePosition {
+       return this.scripts.get(script);
+    }
+}
+
+function ensureAllPositionsExist(script: string, positions: ReadonlyArray<ICodePosition>) {
+    const totalLines = script.split(/\r\n|\r|\n/).length;
+    for (const position of positions) {
+        if (position.endLine > totalLines) {
+            throw new Error(`script end line (${position.endLine}) is out of range.` +
+                            `(total code lines: ${totalLines}`);
+        }
+    }
+}
+
+function getChangedScripts(
+    oldScripts: ReadonlyArray<SelectedScript>,
+    newScripts: ReadonlyArray<SelectedScript>): ReadonlyArray<IScript> {
+    return newScripts
+        .filter((newScript) => oldScripts.find((oldScript) => oldScript.id === newScript.id
+                               && oldScript.revert !== newScript.revert ))
+        .map((selection) => selection.script);
+}
+
+function selectIfNotExists(
+    selectableContainer: ReadonlyArray<SelectedScript>,
+    test: ReadonlyArray<SelectedScript>) {
+    return selectableContainer
+        .filter((script) => !test.find((oldScript) => oldScript.id === script.id))
+        .map((selection) => selection.script);
+}

src/application/State/Code/Event/ICodeChangedEvent.ts

@@ -0,0 +1,11 @@
+import { IScript } from '@/domain/IScript';
+import { ICodePosition } from '@/application/State/Code/Position/ICodePosition';
+
+export interface ICodeChangedEvent {
+    readonly code: string;
+    addedScripts: ReadonlyArray<IScript>;
+    removedScripts: ReadonlyArray<IScript>;
+    changedScripts: ReadonlyArray<IScript>;
+    isEmpty(): boolean;
+    getScriptPositionInCode(script: IScript): ICodePosition;
+}

src/application/State/Code/Generation/CodeBuilder.ts

@@ -4,8 +4,20 @@ const TotalFunctionSeparatorChars = 58;
 export class CodeBuilder {
     private readonly lines = new Array<string>();
 
+    // Returns current line starting from 0 (no lines), or 1 (have single line)
+    public get currentLine(): number {
+        return this.lines.length;
+    }
+
     public appendLine(code?: string): CodeBuilder {
-        this.lines.push(code);
+        if (!code) {
+            this.lines.push('');
+            return this;
+        }
+        const lines = code.match(/[^\r\n]+/g);
+        for (const line of lines) {
+            this.lines.push(line);
+        }
         return this;
     }
 

src/application/State/Code/Generation/IUserScript.ts

@@ -0,0 +1,7 @@
+import { SelectedScript } from '@/application/State/Selection/SelectedScript';
+import { ICodePosition } from '@/application/State/Code/Position/ICodePosition';
+
+export interface IUserScript {
+    code: string;
+    scriptPositions: Map<SelectedScript, ICodePosition>;
+}

src/application/State/Code/Generation/IUserScriptGenerator.ts

@@ -0,0 +1,7 @@
+import { SelectedScript } from '@/application/State/Selection/SelectedScript';
+import { IUserScript } from './IUserScript';
+export interface IUserScriptGenerator {
+    buildCode(
+        selectedScripts: ReadonlyArray<SelectedScript>,
+        version: string): IUserScript;
+}

src/application/State/Code/Generation/UserScriptGenerator.ts

@@ -0,0 +1,68 @@
+import { SelectedScript } from '@/application/State/Selection/SelectedScript';
+import { IUserScriptGenerator } from './IUserScriptGenerator';
+import { CodeBuilder } from './CodeBuilder';
+import { ICodePosition } from '@/application/State/Code/Position/ICodePosition';
+import { CodePosition } from '../Position/CodePosition';
+import { IUserScript } from './IUserScript';
+
+export const adminRightsScript = {
+    name: 'Ensure admin privileges',
+    code: 'fltmc >nul 2>&1 || (\n' +
+    '   echo Administrator privileges are required.\n' +
+    '   PowerShell Start -Verb RunAs \'%0\' 2> nul || (\n' +
+    '       echo Right-click on the script and select "Run as administrator".\n' +
+    '       pause & exit 1\n' +
+    '   )\n' +
+    '   exit 0\n' +
+    ')',
+};
+
+export class UserScriptGenerator implements IUserScriptGenerator {
+    public buildCode(selectedScripts: ReadonlyArray<SelectedScript>, version: string): IUserScript {
+        if (!selectedScripts) { throw new Error('scripts is undefined'); }
+        if (!version) { throw new Error('version is undefined'); }
+        let scriptPositions = new Map<SelectedScript, ICodePosition>();
+        if (!selectedScripts.length) {
+            return { code: '', scriptPositions };
+        }
+        const builder = initializeCode(version);
+        for (const selection of selectedScripts) {
+            scriptPositions = appendSelection(selection, scriptPositions, builder);
+        }
+        const code = finalizeCode(builder);
+        return { code, scriptPositions };
+    }
+}
+
+function initializeCode(version: string): CodeBuilder {
+    return new CodeBuilder()
+        .appendLine('@echo off')
+        .appendCommentLine(`https://privacy.sexy — v${version} — ${new Date().toUTCString()}`)
+        .appendFunction(adminRightsScript.name, adminRightsScript.code)
+        .appendLine();
+}
+
+function finalizeCode(builder: CodeBuilder): string {
+    return builder.appendLine()
+        .appendLine('pause')
+        .appendLine('exit /b 0')
+        .toString();
+}
+
+function appendSelection(
+    selection: SelectedScript,
+    scriptPositions: Map<SelectedScript, ICodePosition>,
+    builder: CodeBuilder): Map<SelectedScript, ICodePosition> {
+    const startPosition = builder.currentLine + 1;
+    appendCode(selection, builder);
+    const endPosition = builder.currentLine - 1;
+    builder.appendLine();
+    scriptPositions.set(selection, new CodePosition(startPosition, endPosition));
+    return scriptPositions;
+}
+
+function appendCode(selection: SelectedScript, builder: CodeBuilder) {
+    const name = selection.revert ? `${selection.script.name} (revert)` : selection.script.name;
+    const scriptCode = selection.revert ? selection.script.revertCode : selection.script.code;
+    builder.appendFunction(name, scriptCode);
+}

src/application/State/Code/IApplicationCode.ts

@@ -1,6 +1,7 @@
+import { ICodeChangedEvent } from './Event/ICodeChangedEvent';
 import { ISignal } from '@/infrastructure/Events/ISignal';
 
 export interface IApplicationCode {
-    readonly changed: ISignal<string>;
+    readonly changed: ISignal<ICodeChangedEvent>;
     readonly current: string;
 }

src/application/State/Code/Position/CodePosition.ts

@@ -0,0 +1,24 @@
+import { ICodePosition } from './ICodePosition';
+export class CodePosition implements ICodePosition {
+
+    public get totalLines(): number {
+        return this.endLine - this.startLine;
+    }
+
+    constructor(
+        public readonly startLine: number,
+        public readonly endLine: number) {
+        if (startLine < 0) {
+            throw new Error('Code cannot start in a negative line');
+        }
+        if (endLine < 0) {
+            throw new Error('Code cannot end in a negative line');
+        }
+        if (endLine === startLine) {
+            throw new Error('Empty code');
+        }
+        if (endLine < startLine) {
+            throw new Error('End line cannot be less than start line');
+        }
+    }
+}

src/application/State/Code/Position/ICodePosition.ts

@@ -0,0 +1,5 @@
+export interface ICodePosition {
+    readonly startLine: number;
+    readonly endLine: number;
+    readonly totalLines: number;
+}

src/application/State/Code/UserScriptGenerator.ts

@@ -1,31 +0,0 @@
-import { CodeBuilder } from './CodeBuilder';
-import { Script } from '@/domain/Script';
-
-const adminRightsScript = {
-    name: 'Ensure admin privileges',
-    code: 'fltmc >nul 2>&1 || (\n' +
-    '   echo This batch script requires administrator privileges. Right-click on\n' +
-    '   echo the script and select "Run as administrator".\n' +
-    '   pause\n' +
-    '   exit 1\n' +
-    ')',
-};
-
-export class UserScriptGenerator {
-    public buildCode(scripts: ReadonlyArray<Script>, version: string): string {
-        if (!scripts) { throw new Error('scripts is undefined'); }
-        if (!scripts.length) { throw new Error('scripts are empty'); }
-        if (!version) { throw new Error('version is undefined'); }
-        const builder = new CodeBuilder()
-            .appendLine('@echo off')
-            .appendCommentLine(`https://privacy.sexy — v${version} — ${new Date().toUTCString()}`)
-            .appendFunction(adminRightsScript.name, adminRightsScript.code).appendLine();
-        for (const script of scripts) {
-            builder.appendFunction(script.name, script.code).appendLine();
-        }
-        return builder.appendLine()
-            .appendLine('pause')
-            .appendLine('exit /b 0')
-            .toString();
-    }
-}

src/application/State/Filter/FilterResult.ts

@@ -1,5 +1,5 @@
 import { IFilterResult } from './IFilterResult';
-import { IScript } from '@/domain/Script';
+import { IScript } from '@/domain/IScript';
 import { ICategory } from '@/domain/ICategory';
 
 export class FilterResult implements IFilterResult {

src/application/State/Filter/IUserFilter.ts

@@ -2,6 +2,7 @@ import { IFilterResult } from './IFilterResult';
 import { ISignal } from '@/infrastructure/Events/Signal';
 
 export interface IUserFilter {
+    readonly currentFilter: IFilterResult | undefined;
     readonly filtered: ISignal<IFilterResult>;
     readonly filterRemoved: ISignal<void>;
     setFilter(filter: string): void;

src/application/State/Filter/UserFilter.ts

@@ -1,14 +1,16 @@
+import { IScript } from '@/domain/IScript';
 import { FilterResult } from './FilterResult';
 import { IFilterResult } from './IFilterResult';
-import { Application } from '../../../domain/Application';
+import { IApplication } from '@/domain/IApplication';
 import { IUserFilter } from './IUserFilter';
 import { Signal } from '@/infrastructure/Events/Signal';
 
 export class UserFilter implements IUserFilter {
     public readonly filtered = new Signal<IFilterResult>();
     public readonly filterRemoved = new Signal<void>();
+    public currentFilter: IFilterResult | undefined;
 
-    constructor(private application: Application) {
+    constructor(private application: IApplication) {
 
     }
 
@@ -16,23 +18,36 @@ export class UserFilter implements IUserFilter {
         if (!filter) {
             throw new Error('Filter must be defined and not empty. Use removeFilter() to remove the filter');
         }
+        const filterLowercase = filter.toLocaleLowerCase();
         const filteredScripts = this.application.getAllScripts().filter(
-            (script) =>
-            script.name.toLowerCase().includes(filter.toLowerCase()) ||
-            script.code.toLowerCase().includes(filter.toLowerCase()));
+            (script) => isScriptAMatch(script, filterLowercase));
         const filteredCategories = this.application.getAllCategories().filter(
-            (script) => script.name.toLowerCase().includes(filter.toLowerCase()));
+            (category) => category.name.toLowerCase().includes(filterLowercase));
 
         const matches = new FilterResult(
             filteredScripts,
             filteredCategories,
             filter,
         );
-
+        this.currentFilter = matches;
         this.filtered.notify(matches);
     }
 
     public removeFilter(): void {
+        this.currentFilter = undefined;
         this.filterRemoved.notify();
     }
 }
+
+function isScriptAMatch(script: IScript, filterLowercase: string) {
+    if (script.name.toLowerCase().includes(filterLowercase)) {
+        return true;
+    }
+    if (script.code.toLowerCase().includes(filterLowercase)) {
+        return true;
+    }
+    if (script.revertCode) {
+        return script.revertCode.toLowerCase().includes(filterLowercase);
+    }
+    return false;
+}

src/application/State/Selection/IUserSelection.ts

@@ -1,14 +1,18 @@
+import { SelectedScript } from './SelectedScript';
 import { ISignal } from '@/infrastructure/Events/Signal';
 import { IScript } from '@/domain/IScript';
 
 export interface IUserSelection {
-    readonly changed: ISignal<ReadonlyArray<IScript>>;
-    readonly selectedScripts: ReadonlyArray<IScript>;
+    readonly changed: ISignal<ReadonlyArray<SelectedScript>>;
+    readonly selectedScripts: ReadonlyArray<SelectedScript>;
     readonly totalSelected: number;
-    addSelectedScript(scriptId: string): void;
+    removeAllInCategory(categoryId: number): void;
+    addOrUpdateAllInCategory(categoryId: number, revert: boolean): void;
+    addSelectedScript(scriptId: string, revert: boolean): void;
+    addOrUpdateSelectedScript(scriptId: string, revert: boolean): void;
     removeSelectedScript(scriptId: string): void;
     selectOnly(scripts: ReadonlyArray<IScript>): void;
-    isSelected(script: IScript): boolean;
+    isSelected(scriptId: string): boolean;
     selectAll(): void;
     deselectAll(): void;
 }

src/application/State/Selection/SelectedScript.ts

@@ -0,0 +1,14 @@
+import { BaseEntity } from '@/infrastructure/Entity/BaseEntity';
+import { IScript } from '@/domain/IScript';
+
+export class SelectedScript extends BaseEntity<string> {
+    constructor(
+        public readonly script: IScript,
+        public readonly revert: boolean,
+        ) {
+        super(script.id);
+        if (revert && !script.canRevert()) {
+            throw new Error('cannot revert an irreversible script');
+        }
+    }
+}

src/application/State/Selection/UserSelection.ts

@@ -1,18 +1,19 @@
+import { SelectedScript } from './SelectedScript';
 import { IApplication } from '@/domain/IApplication';
 import { IUserSelection } from './IUserSelection';
 import { InMemoryRepository } from '@/infrastructure/Repository/InMemoryRepository';
-import { IScript } from '@/domain/Script';
+import { IScript } from '@/domain/IScript';
 import { Signal } from '@/infrastructure/Events/Signal';
+import { IRepository } from '@/infrastructure/Repository/IRepository';
 
 export class UserSelection implements IUserSelection {
-    public readonly changed = new Signal<ReadonlyArray<IScript>>();
-
-    private readonly scripts = new InMemoryRepository<string, IScript>();
+    public readonly changed = new Signal<ReadonlyArray<SelectedScript>>();
+    private readonly scripts: IRepository<string, SelectedScript>;
 
     constructor(
         private readonly app: IApplication,
-        /** Initially selected scripts */
-        selectedScripts: ReadonlyArray<IScript>) {
+        selectedScripts: ReadonlyArray<SelectedScript>) {
+        this.scripts =  new InMemoryRepository<string, SelectedScript>();
         if (selectedScripts && selectedScripts.length > 0) {
             for (const script of selectedScripts) {
                 this.scripts.addItem(script);
@@ -20,28 +21,64 @@ export class UserSelection implements IUserSelection {
         }
     }
 
-    /** Add a script to users application */
-    public addSelectedScript(scriptId: string): void {
+    public removeAllInCategory(categoryId: number): void {
+        const category = this.app.findCategory(categoryId);
+        const scriptsToRemove = category.getAllScriptsRecursively()
+            .filter((script) => this.scripts.exists(script.id));
+        if (!scriptsToRemove.length) {
+            return;
+        }
+        for (const script of scriptsToRemove) {
+            this.scripts.removeItem(script.id);
+        }
+        this.changed.notify(this.scripts.getItems());
+    }
+
+    public addOrUpdateAllInCategory(categoryId: number, revert: boolean = false): void {
+        const category = this.app.findCategory(categoryId);
+        const scriptsToAddOrUpdate = category.getAllScriptsRecursively()
+            .filter((script) =>
+                !this.scripts.exists(script.id)
+                    || this.scripts.getById(script.id).revert !== revert,
+            );
+        if (!scriptsToAddOrUpdate.length) {
+            return;
+        }
+        for (const script of scriptsToAddOrUpdate) {
+            const selectedScript = new SelectedScript(script, revert);
+            this.scripts.addOrUpdateItem(selectedScript);
+        }
+        this.changed.notify(this.scripts.getItems());
+    }
+
+    public addSelectedScript(scriptId: string, revert: boolean): void {
         const script = this.app.findScript(scriptId);
         if (!script) {
             throw new Error(`Cannot add (id: ${scriptId}) as it is unknown`);
         }
-        this.scripts.addItem(script);
+        const selectedScript = new SelectedScript(script, revert);
+        this.scripts.addItem(selectedScript);
+        this.changed.notify(this.scripts.getItems());
+    }
+
+    public addOrUpdateSelectedScript(scriptId: string, revert: boolean): void {
+        const script = this.app.findScript(scriptId);
+        const selectedScript = new SelectedScript(script, revert);
+        this.scripts.addOrUpdateItem(selectedScript);
         this.changed.notify(this.scripts.getItems());
     }
 
-    /** Remove a script from users application */
     public removeSelectedScript(scriptId: string): void {
         this.scripts.removeItem(scriptId);
         this.changed.notify(this.scripts.getItems());
     }
 
-    public isSelected(script: IScript): boolean {
-        return this.scripts.exists(script);
+    public isSelected(scriptId: string): boolean {
+        return this.scripts.exists(scriptId);
     }
 
     /** Get users scripts based on his/her selections */
-    public get selectedScripts(): ReadonlyArray<IScript> {
+    public get selectedScripts(): ReadonlyArray<SelectedScript> {
         return this.scripts.getItems();
     }
 
@@ -51,8 +88,9 @@ export class UserSelection implements IUserSelection {
 
     public selectAll(): void {
         for (const script of this.app.getAllScripts()) {
-            if (!this.scripts.exists(script)) {
-                this.scripts.addItem(script);
+            if (!this.scripts.exists(script.id)) {
+                const selection = new SelectedScript(script, false);
+                this.scripts.addItem(selection);
             }
         }
         this.changed.notify(this.scripts.getItems());
@@ -78,9 +116,11 @@ export class UserSelection implements IUserSelection {
                 .forEach((scriptId) => this.scripts.removeItem(scriptId));
         }
         // Select from unselected scripts
-        scripts
-            .filter((script) => !this.scripts.exists(script))
-            .forEach((script) => this.scripts.addItem(script));
+        const unselectedScripts = scripts.filter((script) => !this.scripts.exists(script.id));
+        for (const toSelect of unselectedScripts) {
+            const selection = new SelectedScript(toSelect, false);
+            this.scripts.addItem(selection);
+        }
         this.changed.notify(this.scripts.getItems());
     }
 }

src/application/application.yaml.d.ts

@@ -1,6 +1,6 @@
 declare module 'js-yaml-loader!*' {
-    type CategoryOrScript = YamlCategory | YamlScript;
-    type DocumentationUrls = ReadonlyArray<string> | string;
+    export type CategoryOrScript = YamlCategory | YamlScript;
+    export type DocumentationUrls = ReadonlyArray<string> | string;
 
     export interface YamlDocumentable {
         docs?: DocumentationUrls;
@@ -9,6 +9,7 @@ declare module 'js-yaml-loader!*' {
     export interface YamlScript extends YamlDocumentable {
         name: string;
         code: string;
+        revertCode: string;
         recommend: boolean;
     }
 
@@ -17,9 +18,8 @@ declare module 'js-yaml-loader!*' {
         category: string;
     }
 
-    interface ApplicationYaml {
+    export interface ApplicationYaml {
         name: string;
-        version: number;
         repositoryUrl: string;
         actions: ReadonlyArray<YamlCategory>;
     }

src/background.ts

@@ -0,0 +1,133 @@
+'use strict';
+
+import { app, protocol, BrowserWindow, shell } from 'electron';
+import { createProtocol } from 'vue-cli-plugin-electron-builder/lib';
+import installExtension, { VUEJS_DEVTOOLS } from 'electron-devtools-installer';
+import path from 'path';
+import { autoUpdater } from 'electron-updater';
+import log from 'electron-log';
+
+
+const isDevelopment = process.env.NODE_ENV !== 'production';
+declare const __static: string; // https://github.com/electron-userland/electron-webpack/issues/172
+
+// Keep a global reference of the window object, if you don't, the window will
+// be closed automatically when the JavaScript object is garbage collected.
+let win: BrowserWindow | null;
+
+// Scheme must be registered before the app is ready
+protocol.registerSchemesAsPrivileged([
+  { scheme: 'app', privileges: { secure: true, standard: true } },
+]);
+
+// Setup logging
+autoUpdater.logger = log; // https://www.electron.build/auto-update#debugging
+log.transports.file.level = 'silly';
+if (!process.env.IS_TEST) {
+  Object.assign(console, log.functions);  // override console.log, console.warn etc.
+}
+
+
+function createWindow() {
+  // Create the browser window.
+  win = new BrowserWindow({
+    width: 1350,
+    height: 955,
+    webPreferences: {
+      // Use pluginOptions.nodeIntegration, leave this alone
+      // See https://nklayman.github.io/vue-cli-plugin-electron-builder/guide/security.html#node-integration
+      nodeIntegration: (process.env
+          .ELECTRON_NODE_INTEGRATION as unknown) as boolean,
+    },
+    // https://nklayman.github.io/vue-cli-plugin-electron-builder/guide/recipes.html#set-tray-icon
+    icon: path.join(__static, 'icon.png'),
+  });
+
+  win.setMenuBarVisibility(false);
+  configureExternalsUrlsOpenBrowser(win);
+  loadApplication(win);
+
+  win.on('closed', () => {
+    win = null;
+  });
+}
+
+// Quit when all windows are closed.
+app.on('window-all-closed', () => {
+  // On macOS it is common for applications and their menu bar
+  // to stay active until the user quits explicitly with Cmd + Q
+  if (process.platform !== 'darwin') {
+    app.quit();
+  }
+});
+
+app.on('activate', () => {
+  // On macOS it's common to re-create a window in the app when the
+  // dock icon is clicked and there are no other windows open.
+  if (win === null) {
+    createWindow();
+  }
+});
+
+// This method will be called when Electron has finished
+// initialization and is ready to create browser windows.
+// Some APIs can only be used after this event occurs.
+app.on('ready', async () => {
+  if (isDevelopment && !process.env.IS_TEST) {
+    // Install Vue Devtools
+    try {
+      await installExtension(VUEJS_DEVTOOLS);
+    } catch (e) {
+      console.error('Vue Devtools failed to install:', e.toString()); // tslint:disable-line:no-console
+    }
+  }
+  createWindow();
+});
+
+// See electron-builder issue "checkForUpdatesAndNotify updates but does not notify on Windows 10"
+// https://github.com/electron-userland/electron-builder/issues/2700
+// https://github.com/electron/electron/issues/10864
+if (process.platform === 'win32') {
+  // https://docs.microsoft.com/en-us/windows/win32/shell/appid#how-to-form-an-application-defined-appusermodelid
+  app.setAppUserModelId('Undergroundwires.PrivacySexy');
+}
+
+// Exit cleanly on request from parent process in development mode.
+if (isDevelopment) {
+  if (process.platform === 'win32') {
+    process.on('message', (data) => {
+      if (data === 'graceful-exit') {
+        app.quit();
+      }
+    });
+  } else {
+    process.on('SIGTERM', () => {
+      app.quit();
+    });
+  }
+}
+
+function loadApplication(window: BrowserWindow) {
+  if (process.env.WEBPACK_DEV_SERVER_URL) {
+    // Load the url of the dev server if in development mode
+    win.loadURL(process.env.WEBPACK_DEV_SERVER_URL as string);
+    if (!process.env.IS_TEST) {
+      win.webContents.openDevTools();
+    }
+  } else {
+    createProtocol('app');
+    // Load the index.html when not in development
+    win.loadURL('app://./index.html');
+    // tslint:disable-next-line:max-line-length
+    autoUpdater.checkForUpdatesAndNotify(); // https://nklayman.github.io/vue-cli-plugin-electron-builder/guide/recipes.html#check-for-updates-in-background-js-ts
+  }
+}
+
+function configureExternalsUrlsOpenBrowser(window: BrowserWindow) {
+  window.webContents.on('new-window', (event, url) => { // handle redirect
+    if (url !== win.webContents.getURL()) {
+      event.preventDefault();
+      shell.openExternal(url);
+    }
+  });
+}

src/domain/Application.ts

@@ -12,21 +12,13 @@ export class Application implements IApplication {
     constructor(
         public readonly name: string,
         public readonly repositoryUrl: string,
-        public readonly version: number,
-        public readonly categories: ReadonlyArray<ICategory>) {
+        public readonly version: string,
+        public readonly actions: ReadonlyArray<ICategory>) {
         if (!name) { throw Error('Application has no name'); }
         if (!repositoryUrl) { throw Error('Application has no repository url'); }
-        if (!version) { throw Error('Version cannot be zero'); }
-        this.flattened = flatten(categories);
-        if (this.flattened.allCategories.length === 0) {
-            throw new Error('Application must consist of at least one category');
-        }
-        if (this.flattened.allScripts.length === 0) {
-            throw new Error('Application must consist of at least one script');
-        }
-        if (this.flattened.allScripts.filter((script) => script.isRecommended).length === 0) {
-            throw new Error('Application must consist of at least one recommended script');
-        }
+        if (!version) { throw Error('Version cannot be empty'); }
+        this.flattened = flatten(actions);
+        ensureValid(this.flattened);
         ensureNoDuplicates(this.flattened.allCategories);
         ensureNoDuplicates(this.flattened.allScripts);
     }
@@ -75,30 +67,50 @@ interface IFlattenedApplication {
     allScripts: IScript[];
 }
 
-function flattenRecursive(
+function ensureValid(application: IFlattenedApplication) {
+    if (!application.allCategories || application.allCategories.length === 0) {
+        throw new Error('Application must consist of at least one category');
+    }
+    if (!application.allScripts || application.allScripts.length === 0) {
+        throw new Error('Application must consist of at least one script');
+    }
+    if (application.allScripts.filter((script) => script.isRecommended).length === 0) {
+        throw new Error('Application must consist of at least one recommended script');
+    }
+}
+
+function flattenCategories(
     categories: ReadonlyArray<ICategory>,
-    flattened: IFlattenedApplication) {
+    flattened: IFlattenedApplication): IFlattenedApplication {
+    if (!categories || categories.length === 0) {
+        return flattened;
+    }
     for (const category of categories) {
         flattened.allCategories.push(category);
-        if (category.scripts) {
-            for (const script of category.scripts) {
-                flattened.allScripts.push(script);
-            }
-        }
-        if (category.subCategories && category.subCategories.length > 0) {
-            flattenRecursive(
-                category.subCategories as ReadonlyArray<ICategory>,
-                flattened);
-        }
+        flattened = flattenScripts(category.scripts, flattened);
+        flattened = flattenCategories(category.subCategories, flattened);
     }
+    return flattened;
+}
+
+function flattenScripts(
+    scripts: ReadonlyArray<IScript>,
+    flattened: IFlattenedApplication): IFlattenedApplication {
+    if (!scripts) {
+        return flattened;
+    }
+    for (const script of scripts) {
+        flattened.allScripts.push(script);
+    }
+    return flattened;
 }
 
 function flatten(
     categories: ReadonlyArray<ICategory>): IFlattenedApplication {
-    const flattened: IFlattenedApplication = {
+    let flattened: IFlattenedApplication = {
         allCategories: new Array<ICategory>(),
         allScripts: new Array<IScript>(),
     };
-    flattenRecursive(categories, flattened);
+    flattened = flattenCategories(categories, flattened);
     return flattened;
 }

src/domain/Category.ts

@@ -3,15 +3,7 @@ import { IScript } from './IScript';
 import { ICategory } from './ICategory';
 
 export class Category extends BaseEntity<number> implements ICategory {
-    private static validate(category: ICategory) {
-        if (!category.name) {
-            throw new Error('name is null or empty');
-        }
-        if ((!category.subCategories || category.subCategories.length === 0) &&
-            (!category.scripts || category.scripts.length === 0)) {
-            throw new Error('A category must have at least one sub-category or scripts');
-        }
-    }
+    private allSubScripts: ReadonlyArray<IScript> = undefined;
 
     constructor(
         id: number,
@@ -20,6 +12,27 @@ export class Category extends BaseEntity<number> implements ICategory {
         public readonly subCategories?: ReadonlyArray<ICategory>,
         public readonly scripts?: ReadonlyArray<IScript>) {
         super(id);
-        Category.validate(this);
+        validateCategory(this);
+    }
+
+    public getAllScriptsRecursively(): readonly IScript[] {
+        return this.allSubScripts || (this.allSubScripts = parseScriptsRecursively(this));
+    }
+}
+
+function parseScriptsRecursively(category: ICategory): ReadonlyArray<IScript> {
+    return [
+        ...category.scripts,
+        ...category.subCategories.flatMap((c) => c.getAllScriptsRecursively()),
+    ];
+}
+
+function validateCategory(category: ICategory) {
+    if (!category.name) {
+        throw new Error('undefined or empty name');
+    }
+    if ((!category.subCategories || category.subCategories.length === 0) &&
+        (!category.scripts || category.scripts.length === 0)) {
+        throw new Error('A category must have at least one sub-category or script');
     }
 }

src/domain/IApplication.ts

@@ -4,10 +4,10 @@ import { ICategory } from '@/domain/ICategory';
 export interface IApplication {
     readonly name: string;
     readonly repositoryUrl: string;
-    readonly version: number;
-    readonly categories: ReadonlyArray<ICategory>;
+    readonly version: string;
     readonly totalScripts: number;
     readonly totalCategories: number;
+    readonly actions: ReadonlyArray<ICategory>;
 
     getRecommendedScripts(): ReadonlyArray<IScript>;
     findCategory(categoryId: number): ICategory | undefined;

src/domain/ICategory.ts

@@ -7,6 +7,7 @@ export interface ICategory extends IEntity<number>, IDocumentable {
     readonly name: string;
     readonly subCategories?: ReadonlyArray<ICategory>;
     readonly scripts?: ReadonlyArray<IScript>;
+    getAllScriptsRecursively(): ReadonlyArray<IScript>;
 }
 
 export { IEntity } from '../infrastructure/Entity/IEntity';

src/domain/IScript.ts

@@ -1,9 +1,11 @@
-import { IEntity } from './../infrastructure/Entity/IEntity';
+import { IEntity } from '../infrastructure/Entity/IEntity';
 import { IDocumentable } from './IDocumentable';
 
 export interface IScript extends IEntity<string>, IDocumentable {
     readonly name: string;
-    readonly code: string;
     readonly isRecommended: boolean;
     readonly documentationUrls: ReadonlyArray<string>;
+    readonly code: string;
+    readonly revertCode: string;
+    canRevert(): boolean;
 }

src/domain/Script.ts

@@ -2,44 +2,59 @@ import { BaseEntity } from '@/infrastructure/Entity/BaseEntity';
 import { IScript } from './IScript';
 
 export class Script extends BaseEntity<string> implements IScript {
-    private static ensureNoEmptyLines(name: string, code: string): void {
-        if (code.split('\n').some((line) => line.trim().length === 0)) {
-            throw Error(`Script has empty lines "${name}"`);
-        }
-    }
-
-    private static ensureCodeHasUniqueLines(name: string, code: string): void {
-        const lines = code.split('\n')
-            .filter((line) => this.mayBeUniqueLine(line));
-        if (lines.length === 0) {
-            return;
-        }
-        const duplicateLines = lines.filter((e, i, a) => a.indexOf(e) !== i);
-        if (duplicateLines.length !== 0) {
-            throw Error(`Duplicates detected in script "${name}":\n ${duplicateLines.join('\n')}`);
-        }
-    }
-
-    private static mayBeUniqueLine(codeLine: string): boolean {
-        const trimmed = codeLine.trim();
-        if (trimmed === ')' || trimmed === '(') { // "(" and ")" are used often in batch code
-            return false;
-        }
-        return true;
-    }
-
     constructor(
-        public name: string,
-        public code: string,
-        public documentationUrls: ReadonlyArray<string>,
-        public isRecommended: boolean) {
+        public readonly name: string,
+        public readonly code: string,
+        public readonly revertCode: string,
+        public readonly documentationUrls: ReadonlyArray<string>,
+        public readonly isRecommended: boolean) {
         super(name);
-        if (code == null || code.length === 0) {
-            throw new Error('Code is empty or null');
+        validateCode(name, code);
+        if (revertCode) {
+            validateCode(name, revertCode);
+            if (code === revertCode) {
+                throw new Error(`${name}: Code itself and its reverting code cannot be the same`);
+            }
         }
-        Script.ensureCodeHasUniqueLines(name, code);
-        Script.ensureNoEmptyLines(name, code);
+    }
+    public canRevert(): boolean {
+        return Boolean(this.revertCode);
     }
 }
 
-export { IScript } from './IScript';
+function validateCode(name: string, code: string): void {
+    if (!code || code.length === 0) {
+        throw new Error(`Code of ${name} is empty or null`);
+    }
+    ensureCodeHasUniqueLines(name, code);
+    ensureNoEmptyLines(name, code);
+}
+
+function ensureNoEmptyLines(name: string, code: string): void {
+    if (code.split('\n').some((line) => line.trim().length === 0)) {
+        throw Error(`Script has empty lines "${name}"`);
+    }
+}
+
+function mayBeUniqueLine(codeLine: string): boolean {
+    const trimmed = codeLine.trim();
+    if (trimmed === ')' || trimmed === '(') { // "(" and ")" are used often in batch code
+        return false;
+    }
+    if (codeLine.startsWith(':: ') || codeLine.startsWith('REM ')) { // Is comment?
+        return false;
+    }
+    return true;
+}
+
+function ensureCodeHasUniqueLines(name: string, code: string): void {
+    const lines = code.split('\n')
+        .filter((line) => mayBeUniqueLine(line));
+    if (lines.length === 0) {
+        return;
+    }
+    const duplicateLines = lines.filter((e, i, a) => a.indexOf(e) !== i);
+    if (duplicateLines.length !== 0) {
+        throw Error(`Duplicates detected in script "${name}":\n ${duplicateLines.join('\n')}`);
+    }
+}

src/infrastructure/Repository/IRepository.ts

@@ -3,7 +3,9 @@ import { IEntity } from '../Entity/IEntity';
 export interface IRepository<TKey, TEntity extends IEntity<TKey>> {
     readonly length: number;
     getItems(predicate?: (entity: TEntity) => boolean): TEntity[];
+    getById(id: TKey): TEntity | undefined;
     addItem(item: TEntity): void;
+    addOrUpdateItem(item: TEntity): void;
     removeItem(id: TKey): void;
-    exists(item: TEntity): boolean;
+    exists(id: TKey): boolean;
 }

src/infrastructure/Repository/InMemoryRepository.ts

@@ -16,16 +16,34 @@ export class InMemoryRepository<TKey, TEntity extends IEntity<TKey>> implements
         return predicate ? this.items.filter(predicate) : this.items;
     }
 
+    public getById(id: TKey): TEntity | undefined {
+        const items = this.getItems((entity) => entity.id === id);
+        if (!items.length) {
+            return undefined;
+        }
+        return items[0];
+    }
+
     public addItem(item: TEntity): void {
         if (!item) {
-            throw new Error('Item is null');
+            throw new Error('item is null or undefined');
         }
-        if (this.exists(item)) {
+        if (this.exists(item.id)) {
             throw new Error(`Cannot add (id: ${item.id}) as it is already exists`);
         }
         this.items.push(item);
     }
 
+    public addOrUpdateItem(item: TEntity): void {
+        if (!item) {
+            throw new Error('item is null or undefined');
+        }
+        if (this.exists(item.id)) {
+            this.removeItem(item.id);
+        }
+        this.items.push(item);
+    }
+
     public removeItem(id: TKey): void {
         const index = this.items.findIndex((item) => item.id === id);
         if (index === -1) {
@@ -34,8 +52,8 @@ export class InMemoryRepository<TKey, TEntity extends IEntity<TKey>> implements
         this.items.splice(index, 1);
     }
 
-    public exists(entity: TEntity): boolean {
-        const index = this.items.findIndex((item) => item.id === entity.id);
+    public exists(id: TKey): boolean {
+        const index = this.items.findIndex((item) => item.id === id);
         return index !== -1;
     }
 }

src/infrastructure/SaveFileDialog.ts

@@ -1,9 +1,18 @@
 import fileSaver from 'file-saver';
 
+export enum FileType {
+    BatchFile,
+}
 export class SaveFileDialog {
-    public static saveText(text: string, fileName: string): void {
-        this.saveBlob(text, 'text/plain;charset=utf-8', fileName);
+    public static saveFile(text: string, fileName: string, type: FileType): void {
+        const mimeType = this.mimeTypes.get(type);
+        this.saveBlob(text, mimeType, fileName);
     }
+    private static readonly mimeTypes = new Map<FileType, string>([
+        // Some browsers (including firefox + IE) require right mime type
+        // otherwise they ignore extension and save the file as text.
+        [ FileType.BatchFile, 'application/bat' ], // https://en.wikipedia.org/wiki/Batch_file
+    ]);
 
     private static saveBlob(file: BlobPart, fileType: string, fileName: string): void {
         try {

src/main.ts

@@ -1,6 +1,7 @@
 import Vue from 'vue';
 import App from './App.vue';
 import { ApplicationBootstrapper } from './presentation/Bootstrapping/ApplicationBootstrapper';
+import 'core-js/fn/array/flat-map'; // Here until Vue 3 & CLI v4 https://github.com/vuejs/vue-cli/issues/3834
 
 new ApplicationBootstrapper()
     .bootstrap(Vue);

src/presentation/Bootstrapping/ApplicationBootstrapper.ts

@@ -1,3 +1,4 @@
+import { VModalBootstrapper } from './Modules/VModalBootstrapper';
 import { TreeBootstrapper } from './Modules/TreeBootstrapper';
 import { IconBootstrapper } from './Modules/IconBootstrapper';
 import { VueConstructor, IVueBootstrapper } from './IVueBootstrapper';
@@ -19,6 +20,7 @@ export class ApplicationBootstrapper implements IVueBootstrapper {
             new TreeBootstrapper(),
             new VueBootstrapper(),
             new TooltipBootstrapper(),
+            new VModalBootstrapper(),
         ];
     }
 }

src/presentation/Bootstrapping/Modules/IconBootstrapper.ts

@@ -4,15 +4,20 @@ import { faGithub } from '@fortawesome/free-brands-svg-icons';
 /** BRAND ICONS (PREFIX: fab) */
 import { FontAwesomeIcon } from '@fortawesome/vue-fontawesome';
 /** REGULAR ICONS (PREFIX: far) */
-import { faFolderOpen, faFolder } from '@fortawesome/free-regular-svg-icons';
+import { faFolderOpen, faFolder, faSmile } from '@fortawesome/free-regular-svg-icons';
 /** SOLID ICONS (PREFIX: fas (default)) */
-import { faTimes, faFileDownload, faCopy, faSearch, faInfoCircle } from '@fortawesome/free-solid-svg-icons';
+import { faTimes, faFileDownload, faCopy, faSearch, faInfoCircle, faUserSecret, faDesktop, faTag, faGlobe } from '@fortawesome/free-solid-svg-icons';
 
 
 export class IconBootstrapper implements IVueBootstrapper {
     public bootstrap(vue: VueConstructor): void {
         library.add(
             faGithub,
+            faUserSecret,
+            faSmile,
+            faDesktop,
+            faGlobe,
+            faTag,
             faFolderOpen,
             faFolder,
             faTimes,

src/presentation/Bootstrapping/Modules/VModalBootstrapper.ts

@@ -0,0 +1,8 @@
+import VModal from 'vue-js-modal';
+import { VueConstructor, IVueBootstrapper } from './../IVueBootstrapper';
+
+export class VModalBootstrapper implements IVueBootstrapper {
+    public bootstrap(vue: VueConstructor): void {
+        vue.use(VModal, { dynamic: true, injectModalsContainer: true });
+    }
+}

src/presentation/IconButton.vue

@@ -8,10 +8,8 @@
 </template>
 
 <script lang="ts">
-import { Component, Prop, Vue, Emit } from 'vue-property-decorator';
-import { StatefulVue, IApplicationState } from './StatefulVue';
-import { SaveFileDialog } from './../infrastructure/SaveFileDialog';
-import { Clipboard } from './../infrastructure/Clipboard';
+import { Component, Prop, Emit } from 'vue-property-decorator';
+import { StatefulVue } from './StatefulVue';
 
 @Component
 export default class IconButton extends StatefulVue {

src/presentation/Scripts/Cards/CardList.vue

@@ -4,6 +4,7 @@
       <CardListItem
         class="card"
         v-for="categoryId of categoryIds"
+        :data-category="categoryId"
         v-bind:key="categoryId"
         :categoryId="categoryId"
         :activeCategoryId="activeCategoryId"
@@ -15,10 +16,11 @@
 </template>
 
 <script lang="ts">
-import { Component, Prop, Vue } from 'vue-property-decorator';
+import { Component } from 'vue-property-decorator';
 import CardListItem from './CardListItem.vue';
-import { StatefulVue, IApplicationState } from '@/presentation/StatefulVue';
+import { StatefulVue } from '@/presentation/StatefulVue';
 import { ICategory } from '@/domain/ICategory';
+import { hasDirective } from './NonCollapsingDirective';
 
 @Component({
   components: {
@@ -31,7 +33,13 @@ export default class CardList extends StatefulVue {
 
   public async mounted() {
     const state = await this.getCurrentStateAsync();
-    this.setCategories(state.app.categories);
+    this.setCategories(state.app.actions);
+    this.onOutsideOfActiveCardClicked((element) => {
+      if (hasDirective(element)) {
+        return;
+      }
+      this.activeCategoryId = null;
+    });
   }
 
   public onSelected(categoryId: number, isExpanded: boolean) {
@@ -41,7 +49,21 @@ export default class CardList extends StatefulVue {
   private setCategories(categories: ReadonlyArray<ICategory>): void {
     this.categoryIds = categories.map((category) => category.id);
   }
+
+  private onOutsideOfActiveCardClicked(callback: (clickedElement: Element) => void) {
+    const outsideClickListener = (event) => {
+      if (!this.activeCategoryId) {
+        return;
+      }
+      const element = document.querySelector(`[data-category="${this.activeCategoryId}"]`);
+      if (element && !element.contains(event.target)) {
+          callback(event.target);
+      }
+    };
+    document.addEventListener('click', outsideClickListener);
+  }
 }
+
 </script>
 
 <style scoped lang="scss">

src/presentation/Scripts/Cards/CardListItem.vue

@@ -4,21 +4,27 @@
           v-bind:class="{ 
                     'is-collapsed': !isExpanded,
                     'is-inactive': activeCategoryId && activeCategoryId != categoryId,
-                    'is-expanded': isExpanded}">
-      <div class="card__inner">
-        <span v-if="cardTitle && cardTitle.length > 0">{{cardTitle}}</span>
-        <span v-else>Oh no 😢</span>
-        <font-awesome-icon :icon="['far', isExpanded ? 'folder-open' : 'folder']" class="expand-button"  />
+                    'is-expanded': isExpanded
+                    }"
+          ref="cardElement">
+        <div class="card__inner">
+          <span v-if="cardTitle && cardTitle.length > 0">{{cardTitle}}</span>
+          <span v-else>Oh no 😢</span>
+          <font-awesome-icon :icon="['far', isExpanded ? 'folder-open' : 'folder']" class="card__inner__expand-icon" />
+        </div>
+        <div class="card__expander" v-on:click.stop>
+          <div class="card__expander__content">
+            <ScriptsTree :categoryId="categoryId"></ScriptsTree>
+          </div>
+          <div class="card__expander__close-button">
+            <font-awesome-icon :icon="['fas', 'times']"  v-on:click="onSelected(false)"/>
+          </div>
       </div>
-      <div class="card__expander" v-on:click.stop>
-          <font-awesome-icon :icon="['fas', 'times']"  class="close-button" v-on:click="onSelected(false)"/>
-          <ScriptsTree :categoryId="categoryId"></ScriptsTree>
-    </div>
     </div>
 </template>
 
 <script lang="ts">
-import { Component, Prop, Vue, Watch, Emit } from 'vue-property-decorator';
+import { Component, Prop, Watch, Emit } from 'vue-property-decorator';
 import ScriptsTree from '@/presentation/Scripts/ScriptsTree/ScriptsTree.vue';
 import { StatefulVue } from '@/presentation/StatefulVue';
 
@@ -37,11 +43,18 @@ export default class CardListItem extends StatefulVue {
   public onSelected(isExpanded: boolean) {
     this.isExpanded = isExpanded;
   }
-
   @Watch('activeCategoryId')
   public async onActiveCategoryChanged(value: |number) {
     this.isExpanded = value === this.categoryId;
   }
+  @Watch('isExpanded')
+  public async onExpansionChangedAsync(newValue: number, oldValue: number) {
+    if (!oldValue && newValue) {
+      await new Promise((r) => setTimeout(r, 400));
+      const focusElement = this.$refs.cardElement as HTMLElement;
+      (focusElement as HTMLElement).scrollIntoView({behavior: 'smooth'});
+    }
+  }
 
   public async mounted() {
     this.cardTitle = this.categoryId ? await this.getCardTitleAsync(this.categoryId) : undefined;
@@ -62,74 +75,74 @@ export default class CardListItem extends StatefulVue {
 
 <style scoped lang="scss">
 @import "@/presentation/styles/colors.scss";
+@import "@/presentation/styles/media.scss";
+
+$card-padding: 30px;
+$card-margin: 15px;
+$card-line-break-width: 30px;
+$arrow-size: 15px;
+$expanded-margin-top: 30px;
 
 .card {
   margin: 15px; 
-  width: calc((100% / 3) - 30px);
+  width: calc((100% / 3) - #{$card-line-break-width});
   transition: all 0.2s ease-in-out;
+  // Media queries for stacking cards
+  @media screen and (max-width: $big-screen-width) {  width: calc((100% / 2) - #{$card-line-break-width}); }
+  @media screen and (max-width: $medium-screen-width) {  width: 100%; }
+  @media screen and (max-width: $small-screen-width) {  width: 90%; }
 
-  //media queries for stacking cards
-  @media screen and (max-width: 991px) {
-    width: calc((100% / 2) - 30px);
-  }
-
-  @media screen and (max-width: 767px) {
-    width: 100%;
-  }
-  
-  @media screen and (max-width: 380px) {
-    width: 90%;
-  }
-
-  &:hover {
-    .card__inner {
-      background-color: $accent;
-      transform: scale(1.05);
-    }
-  }
-
-  &__inner {
-    width: 100%;
-    padding: 30px;
+  &__inner {  
+    padding: $card-padding;
     position: relative;
     cursor: pointer;
-    
     background-color: $gray;
     color: $light-gray;
     font-size: 1.5em;
+    height: 100%;
     text-transform: uppercase;
     text-align: center;
-
     transition: all 0.2s ease-in-out;
-    
+
+    display:flex;
+    flex-direction: column;
+    justify-content: center;
+
+    &:hover {
+      background-color: $accent;
+      transform: scale(1.05);
+    }
     &:after {
       transition: all 0.3s ease-in-out;
     }
-    
-    .expand-button {
+  
+    &__expand-icon {
       width: 100%;
       margin-top: .25em;
     }
   }
 
-  //Expander
   &__expander {
     transition: all 0.2s ease-in-out;
-    background-color: $slate;
-    width: 100%;
     position: relative;
-    
+    background-color: $slate;
+    color: $light-gray;
     display: flex;
-    justify-content: center;
     align-items: center;
+
+    &__content {
+      width: 100%;
+      display: flex;
+      justify-content: center;
+      word-break: break-word;
+    }
     
-    .close-button {
-      font-size: 0.75em;
-      position: absolute;
-      top: 10px;
-      right: 10px;
+    &__close-button {
+      width: auto;
+      font-size: 1.5em;
+      align-self: flex-start;
+      margin-right:0.25em;
       cursor: pointer;
-      
       &:hover {
         opacity: 0.9;
       }
@@ -137,49 +150,42 @@ export default class CardListItem extends StatefulVue {
   }
 
   &.is-collapsed {
-    
     .card__inner {
       &:after {
         content: "";
         opacity: 0;
       }
     }
+
     .card__expander {
       max-height: 0;
       min-height: 0;
       overflow: hidden;
-      margin-top: 0;
       opacity: 0;
     }
   }
 
   &.is-expanded {
-
     .card__inner {
+      height: auto;
       background-color: $accent;
-      
-      &:after{
+      &:after { // arrow
         content: "";
-        opacity: 1;
         display: block;
-        height: 0;
-        width: 0;
         position: absolute;
-        bottom: -30px;
-        left: calc(50% - 15px);
-        border-left: 15px solid transparent;
-        border-right: 15px solid transparent;
-        border-bottom: 15px solid #333a45;
+        bottom: calc(-1 * #{$expanded-margin-top});
+        left: calc(50% - #{$arrow-size});
+        border-left: #{$arrow-size} solid transparent;
+        border-right: #{$arrow-size} solid transparent;
+        border-bottom: #{$arrow-size} solid #333a45;
       }
-      
     }
 
     .card__expander {
       min-height: 200px;
       // max-height: 1000px;
       // overflow-y: auto;
-
-      margin-top: 30px;
+      margin-top: $expanded-margin-top;
       opacity: 1;
     }
 
@@ -193,7 +199,9 @@ export default class CardListItem extends StatefulVue {
   &.is-inactive {
     .card__inner {
       pointer-events: none;
+      height: auto;
       opacity: 0.5;
+      transform: scale(0.95);
     }
     
     &:hover {
@@ -205,39 +213,30 @@ export default class CardListItem extends StatefulVue {
   }
 }
 
-
-//Expander Widths
-
-//when 3 cards in a row
-@media screen and (min-width: 992px) {
-
+@media screen and (min-width: $big-screen-width) { // when 3 cards in a row
   .card:nth-of-type(3n+2) .card__expander {
-    margin-left: calc(-100% - 30px);
+    margin-left: calc(-100% - #{$card-line-break-width});
   }
   .card:nth-of-type(3n+3) .card__expander {
-    margin-left: calc(-200% - 60px);
+    margin-left: calc(-200% - (#{$card-line-break-width} * 2));
   }
   .card:nth-of-type(3n+4) {
     clear: left;
   }
   .card__expander {
-    width: calc(300% + 60px);
+    width: calc(300% + (#{$card-line-break-width} * 2));
   }
-
 }
 
-//when 2 cards in a row
-@media screen and (min-width: 768px) and (max-width: 991px) {
-
+@media screen and (min-width: $medium-screen-width) and (max-width: $big-screen-width) { // when 2 cards in a row
   .card:nth-of-type(2n+2) .card__expander {
-    margin-left: calc(-100% - 30px);
+    margin-left: calc(-100% - #{$card-line-break-width});
   }
   .card:nth-of-type(2n+3) {
     clear: left;
   }
   .card__expander {
-    width: calc(200% + 30px);
+    width: calc(200% + #{$card-line-break-width});
   }
-
 }
 </style>