SYMBIONT Chrome Extension Development Assistant

Expert AI assistant for working with the SYMBIONT codebase - a Chrome browser extension that creates evolving digital organisms using AI and WebGL.

What This Skill Does

This skill provides comprehensive guidance for developing, testing, and maintaining the SYMBIONT project, including:

TypeScript/React extension development with WebGL rendering

Express.js backend with PostgreSQL/Prisma

Security-first development patterns

Testing and quality assurance

Chrome Extension Manifest V3 architecture

Project Architecture

SYMBIONT consists of multiple interconnected layers:

Core Components

**OrganismCore** (`src/core/OrganismCore.ts`): Main organism logic with traits, energy, mutations

**NeuralMesh** (`src/core/NeuralMesh.ts`): Neural network for behavior learning

**MessageBus** (`src/shared/messaging/MessageBus.ts`): Inter-component communication system

**SymbiontStorage** (`src/core/storage/SymbiontStorage.ts`): Encrypted local storage

Security Components

**SecureRandom** (`src/shared/utils/secureRandom.ts`): Cryptographically secure random number generation using `crypto.getRandomValues()`

**SecureLogger** (`src/shared/utils/secureLogger.ts`): GDPR-compliant logging with automatic data sanitization

**SecurityManager** (`src/background/SecurityManager.ts`): Core security and encryption services

Extension Architecture

```

Content Script ←→ Background Script ←→ Popup UI

↓ ↓ ↓

Behavior Collection Neural Core User Interface

DOM Observation AI Processing React Components

User Tracking WebGL Render Dashboard/Settings

```

Key Directories

`src/core/`: Core organism and neural network logic

`src/background/`: Service worker with AI processing

`src/content/`: DOM observers and behavior collectors

`src/popup/`: React UI components and dashboard

`src/shared/`: Common types, utilities, and messaging

`src/behavioral/`: Pattern detection and prediction algorithms

`src/social/`: P2P networking and collective intelligence

`backend/`: Express API with PostgreSQL database

Instructions for AI Agent

1. Understanding the Codebase

When working with SYMBIONT:

**TypeScript Path Aliases**: Use these webpack aliases consistently:

- `@/` → `src/`

- `@core/` → `src/core/`

- `@background/` → `src/background/`

- `@content/` → `src/content/`

- `@popup/` → `src/popup/`

- `@shared/` → `src/shared/`

- `@types/` → `src/types/`

**Strict TypeScript**: All strict checks enabled. No unused locals/parameters. Exact optional property types enforced.

**Message-Driven Architecture**: All component communication uses typed messages through MessageBus. Never directly couple components.

2. Development Commands

**Build & Development:**

```bash

npm run build:all # Full build (extension + backend)

npm run build # Extension only

npm run dev # Development mode with watch

cd backend && npm run dev # Backend development

cd backend && npm run build # Backend build

```

**Testing:**

```bash

npm test # Run all tests

npm run test:ci # Tests with coverage

npm run test:watch # Watch mode

npm run test:e2e # E2E tests (Playwright)

cd backend && npm test # Backend tests

```

**Quality & Security:**

```bash

npm run lint # Lint TypeScript

npm run lint:fix # Fix linting issues

npm run check-manifest # Check manifest validity

node scripts/validate-security.js # Security validation

npm test -- __tests__/security/ # Test security modules

```

**Database (Backend):**

```bash

cd backend

npm run migrate # Run Prisma migrations

npm run generate # Generate Prisma client

npm run studio # Open Prisma Studio

npm run seed # Seed database

```

3. Security Best Practices (CRITICAL)

**ALWAYS follow these security patterns:**

#### Random Number Generation

```typescript

// ❌ NEVER use Math.random() for anything security-related

const bad = Math.random();

// ✅ ALWAYS use SecureRandom for cryptographic operations

import { SecureRandom } from '@/shared/utils/secureRandom';

const good = SecureRandom.random();

```

#### Secure Logging

```typescript

// ❌ NEVER use console.log() (can leak sensitive data)

console.log('User:', { email, token });

// ✅ ALWAYS use SecureLogger (auto-sanitizes)

import { logger } from '@/shared/utils/secureLogger';

logger.info('User logged in', { email, token }, 'AuthService');

```

#### UUID Generation

```typescript

// ✅ Use cryptographically secure UUID generation

import { generateSecureUUID } from '@/shared/utils/secureRandom';

const id = generateSecureUUID();

```

#### Environment Variables

```typescript

// ✅ Always validate and provide fallbacks

const apiKey = process.env.API_KEY || '';

if (!apiKey) {

logger.error('Missing API_KEY environment variable');

}

```

4. Testing Requirements

**Coverage Requirements:**

Global: 80% (lines, functions, statements), 75% (branches)

Core modules: 85% minimum

Utils: 90% minimum

**Test Structure:**

Unit tests: `src/**/*.test.ts`

Integration tests: `tests/integration/`

E2E tests: `tests/e2e/` (Playwright)

Mocks: `tests/__mocks__/`

When writing or modifying code:

1. Always write corresponding tests

2. Ensure coverage thresholds are met

3. Use appropriate test type (unit/integration/e2e)

4. Mock external dependencies properly

5. Chrome Extension Development

**Manifest V3 Structure:**

Service worker: `src/background/service-worker.ts`

Content script: `src/content/index.ts`

Popup: `src/popup/index.tsx`

**WebGL Integration:**

Shaders in `src/shaders/` (`.vert`, `.frag` files)

Use WebGL orchestrator for GPU rendering

Monitor performance for frame rates

**Permission Handling:**

Content script injection for behavior observation

Storage access for organism persistence

WebGL access for 3D rendering

6. Backend API Development

**Technology Stack:**

Express.js with TypeScript

Prisma ORM with PostgreSQL

WebSocket support via Socket.io

Redis for caching and sessions

JWT authentication

**Key Services:**

`AuthService`: User authentication and JWT handling

`DatabaseService`: Prisma client wrapper

`WebSocketService`: Real-time communication

`AIService`: ML model integration

`CacheService`: Redis caching layer

7. Common Development Patterns

**Error Handling:**

```typescript

import { errorHandler } from '@/shared/utils/errorHandler';

try {

// operation

} catch (error) {

errorHandler(error, 'ComponentName');

}

```

**Performance Optimization:**

Use `MutationBatcher` for performance-critical operations

Batch WebGL operations via `WebGLBatcher`

Neural network processing optimized for real-time use

Storage operations use hybrid caching strategy

Message bus includes circuit breaker patterns

**Dependency Injection:**

```typescript

// Use constructor injection in OrganismCore

constructor(

private readonly neuralMesh: NeuralMesh,

private readonly storage: SymbiontStorage,

private readonly messageBus: MessageBus

) {}

```

8. Social Features

P2P organism sharing via invitation codes

Collective intelligence through distributed voting

Mystical events system for community rituals

Resilient networking with automatic failover

Example Usage

**When asked to add a new feature:**

1. Identify which layer(s) it affects (content/background/popup/backend)

2. Use appropriate path aliases for imports

3. Follow message-driven architecture for communication

4. Implement security patterns (SecureRandom, SecureLogger)

5. Write tests achieving required coverage

6. Run linting and security validation

**When asked to fix a bug:**

1. Review related tests first

2. Check for security implications

3. Use SecureLogger for debugging (never console.log)

4. Ensure fix doesn't break message flow

5. Add regression tests

6. Verify coverage remains above thresholds

**When asked to optimize performance:**

1. Profile using WebGL performance monitoring

2. Consider batching operations

3. Review neural network processing bottlenecks

4. Check storage caching strategy

5. Validate message bus circuit breaker behavior

Important Constraints

**NEVER use `Math.random()`** - always use `SecureRandom.random()`

**NEVER use `console.log()`** - always use `logger.info()` or similar

**ALWAYS maintain test coverage** above required thresholds

**ALWAYS follow TypeScript strict mode** - no type shortcuts

**ALWAYS use message-driven architecture** - no direct component coupling

**ALWAYS encrypt sensitive data** before storage

**ALWAYS validate environment variables** with fallbacks

Security & Privacy Principles

All random generation uses `crypto.getRandomValues()` (FIPS 140-2 compliant)

All user data encrypted client-side before storage

No personal data transmitted without explicit consent

GDPR compliant with automatic data redaction

Anonymized social interactions

Principle of least privilege for permissions

SYMBIONT Chrome Extension Development Assistant

SYMBIONT Chrome Extension Development Assistant

What This Skill Does

Project Architecture

Core Components

Security Components

Extension Architecture

Key Directories

Instructions for AI Agent

1. Understanding the Codebase

2. Development Commands

3. Security Best Practices (CRITICAL)

4. Testing Requirements

5. Chrome Extension Development

6. Backend API Development

7. Common Development Patterns

8. Social Features

Example Usage

Important Constraints

Security & Privacy Principles

Reviews (0)