Features at a glance

Everything shipped in the popup, background service worker, and content protections.

Network & policy

  • Master protection toggle with badge status.
  • DeclarativeNetRequest blocklist (packaged + user) with allowlist overrides.
  • Per-site allow toggle from the popup.
  • SafeSearch enforcement on Google/Bing queries.
  • Custom blocklist import/export (CSV/txt/JSON).

Focus Mode (Kid Homework Mode)

  • One-click session toggle with 30/45/60 min (and 2 min test) durations.
  • Blocks social, gaming, and streaming domains; allows edu defaults and allowlist.
  • Countdown badge, persistent timer across tabs/windows, optional PIN to end early.

Visual safeguards

  • Aggressive mode: blur and pause risky images/videos on-page.
  • Heuristic image scan (skin-tone density, red/dark/edge patterns) — on-device only.
  • Optional local TF.js NSFW model hook (disabled by default unless bundled).

Override security

  • PIN protection for overrides/allowlist edits with local-only hashing.
  • Override log with reasons, timestamps, optional approver name prompt.
  • Webhook alerts for overrides and tamper/heartbeat gaps (Slack/Teams friendly).

Profiles & metrics

  • Age/role-based profiles that set sensitivity, allow/block lists, and aggressive mode.
  • Metrics for allowlist size and policy blocks shown in the popup.
  • Weekly safeguarding digest export (CSV) for audits/reviews.

Parents & admins

  • Parent/admin mode panel to manage profiles, allow/block lists, alerts, digests.
  • PIN reminders and protected toggles to prevent accidental disablement.
  • Guided tour to introduce key controls on first run.

How it works

From network rules to on-page masking, everything stays on-device.

  1. Rules applied via DNR: The background service worker rebuilds declarativeNetRequest rules from packaged blocklists, user blocklists, allowlists, and Focus Mode categories.
  2. SafeSearch enforcement: Search params are rewritten to enforce SafeSearch on supported engines.
  3. Heuristic page scan: The content script evaluates URL, metadata, body text, and sampled images; high-risk scores trigger an interstitial or blur.
  4. Focus Mode overlay: While active, social/gaming/streaming hosts are blocked; edu allowlist and .edu/.org pass through; the badge shows remaining minutes.
  5. Overrides & PIN: Attempts to bypass blocks prompt for a local-only PIN; reasons are logged and can be exported. Approver prompt and webhook alerts are optional.
  6. Parents/Admins: The popup’s parent mode gates sensitive settings and summarizes status (alerts, logs, profiles, tamper alerts).

Privacy: no browsing data, images, or telemetry are sent to servers. All policy data lives in chrome.storage (sync/local) on the device.

Technology stack

Chrome Extension (MV3)

  • Manifest V3 with declarativeNetRequest, storage, tabs, alarms.
  • Service worker: rule rebuilds, badge updates, Focus Mode timers, heartbeats, webhook calls.
  • Popup: vanilla HTML/CSS/JS (no frameworks) with parent/admin panels and guided tour.
  • Content script: heuristic scanning, interstitial UI, media masking, SafeSearch enforcement.

AI & heuristics

  • On-device heuristics for text/URL + lightweight image sampling (skin/red/dark/edge patterns).
  • Optional TF.js NSFW model (local bundle only, disabled by default to avoid CSP/network).
  • No remote inference; all scoring happens in the browser.

Build & tooling

  • Linting: ESLint (ES modules) for src/ and root content.js.
  • Packaging: npm run zip:webstore builds the Web Store-ready zip.
  • Data: packaged blocklist + presets under /data; optional phishing feed support.

Privacy & storage

  • Settings in chrome.storage.sync (allowlist, toggles, profiles).
  • Sensitive items (PIN hash/salt, override logs) in chrome.storage.local.
  • No third-party analytics by default; remote calls only for user/admin-configured webhooks or usage events.