binect-chrome/.claude/rules/architecture.md

Architecture

Chrome MV3 extension; all state in chrome.storage.local, nothing relies on in-memory background state surviving service-worker suspension. Full operational boundary is in SCOPE.md; inviolable principles in INTENT.md.

Key modules

• src/background/service-worker.ts — MV3 service worker; message router for all popup ↔ background calls; chrome.alarms for credential-expiry and queue-cleanup ticks.
• src/utils/pdf-detector.ts — detect completed PDF downloads (Chrome Downloads API), scan recent downloads, best-effort current-tab detection, re-fetch PDF bytes from the original URL with credentials: 'include'.
• src/utils/pdf-queue.ts — DocumentProxy lifecycle queue (pending → uploading → in_basket → ordering → in_production → sent, + failed/canceled); metadata-only (never PDF content); dedup by filename + content hash; live vs. archived views; server sync/reconciliation.
• src/utils/binect-api.ts — thin wrapper over @binect/js (upload, ship, status, list, delete, testConnection) with extension-friendly types and error mapping. All Binect access delegated 1:1 to the SDK — no API logic reimplemented here.
• src/utils/crypto.ts / storage.ts — AES-GCM (256-bit) credential encryption at rest via Web Crypto; key in chrome.storage.local; decrypted only in memory; 60-day inactivity expiry; manual wipe; self-deleting corrupted ciphertext.
• src/popup/ — login + lifecycle-grouped document list with send/order/refresh/archive/restore/delete actions, badge.
• src/tracking/ — local-only append-only transfer log (~500 cap), summary counts, CSV export, email-draft feedback; tracking/help page.

Design invariants (see INTENT.md): zero document retention, explicit user intent for every dispatch (upload ≠ send — ordering is a separate confirmed step), no server-side component, minimal-but-<all_urls> host permission (a known Chrome Web Store review cost).

Quick Reference

~/state-hub/mcp_server/TOOLS.md — MCP tool reference