Fixes for pending scripts and docs

.github/workflows/validate-pr.yml

@@ -0,0 +1,113 @@
+name: Validate PR
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches:
+      - dev
+      - main
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Lint JavaScript
+        run: |
+          if [ -f "eslint.config.js" ] || [ -f ".eslintrc.json" ] || [ -f ".eslintrc.js" ]; then
+            npx eslint scripts options popup --max-warnings 0
+          else
+            echo "ℹ️  No ESLint configuration found. Skipping linting."
+            echo "To enable: Create eslint.config.js or .eslintrc.json at repo root"
+          fi
+
+  codeql:
+    name: CodeQL Security Analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: 'javascript'
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+
+  validate-json:
+    name: Validate JSON Files
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Validate manifest.json
+        run: |
+          node -e "require('fs').readFileSync('manifest.json'); console.log('✓ manifest.json is valid JSON')"
+
+      - name: Validate Firefox manifest
+        run: |
+          node -e "require('fs').readFileSync('manifest.firefox.json'); console.log('✓ manifest.firefox.json is valid JSON')"
+
+      - name: Validate config files
+        run: |
+          for file in config/*.json rules/*.json; do
+            if [ -f "$file" ]; then
+              node -e "require('fs').readFileSync('$file'); console.log('✓ $file is valid JSON')" || exit 1
+            fi
+          done
+
+  conventional-commits:
+    name: Validate Conventional Commits
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Validate PR title
+        run: |
+          PR_TITLE="${{ github.event.pull_request.title }}"
+          if ! echo "$PR_TITLE" | grep -E "^(feat|fix|docs|style|refactor|perf|test|chore|ci)(\(.+\))?!?: .+" > /dev/null; then
+            echo "❌ PR title does not follow Conventional Commits format"
+            echo "Expected format: feat|fix|docs|style|refactor|perf|test|chore|ci(scope)?: description"
+            echo "Received: $PR_TITLE"
+            exit 1
+          fi
+          echo "✓ PR title follows Conventional Commits format"
+
+  verify-changes:
+    name: Verify File Changes
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check for deployment configuration updates
+        run: |
+          # If config/branding.json or config/managed_schema.json changed
+          if git diff origin/main HEAD --name-only | grep -q "^config/"; then
+            echo "⚠️  Configuration files were modified"
+            echo "Reminder: Review enterprise/Deploy-Windows-Chrome-and-Edge.ps1 and enterprise/admx/Check-Extension.admx"
+          fi
+
+          # If manifest changed
+          if git diff origin/main HEAD --name-only | grep -qE "manifest.*\.json"; then
+            echo "ℹ️  Manifest was modified"
+            echo "Reminder: Test in both Chrome and Firefox"
+          fi

config/managed_schema.json

@@ -185,7 +185,7 @@
           "title": "Enabled",
           "description": "Enable or disable domain squatting detection",
           "type": "boolean",
-          "default": true
+          "default": false
         },
         "deviationThreshold": {
           "title": "Deviation Threshold",

docs/SUMMARY.md

@@ -17,6 +17,13 @@
   - [MacOS](deployment/chrome-edge-deployment-instructions/macos.md)
 - [Firefox Deployment](deployment/firefox-deployment.md)
 
+## Removal
+
+- [Removal Overview](removal/README.md)
+  - [Windows](removal/windows/README.md)
+    - [Chrome and Edge](removal/windows/chrome-edge.md)
+    - [Firefox](removal/windows/firefox.md)
+
 ## Settings
 
 - [General](settings/general.md)

docs/deployment/chrome-edge-deployment-instructions/macos.md

@@ -3,5 +3,127 @@ icon: apple
 ---
 
 # MacOS
+I'd recommend that this be deployed via your MDM if the goal is to auto-deploy it without user interaction. 
 
-Coming soon. If you have experience deploying managed MacOS browser extensions, please contribute to the [docs via GitHub](https://github.com/CyberDrain/Check/tree/dev/docs). All Mac resources in the GitHub repo should be considered inaccurate until tested. 
+A custom .mobileconfig file can be uploaded to most MDMs for deployment if they don't have their own Google Chrome, or Microsoft Edge profile building functionality baked-in.
+
+Here's an example profile of the XML to create a mobileconfig that will install this in Microsoft Edge and Google Chrome. 
+
+```
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>ExtensionInstallForcelist</key>
+			<array>
+				<string>benimdeioplgkhanklclahllklceahbe</string>
+			</array>
+			<key>PayloadDisplayName</key>
+			<string>Google Chrome</string>
+			<key>PayloadIdentifier</key>
+			<string>com.google.Chrome.23E5DDCF-1EB2-4869-9510-5E47D6640A85</string>
+			<key>PayloadType</key>
+			<string>com.google.Chrome</string>
+			<key>PayloadUUID</key>
+			<string>23E5DDCF-1EB2-4869-9510-5E47D6640A85</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+		</dict>
+		<dict>
+			<key>ExtensionInstallForcelist</key>
+			<array>
+				<string>knepjpocdagponkonnbggpcnhnaikajg</string>
+			</array>
+			<key>PayloadDisplayName</key>
+			<string>Microsoft Edge</string>
+			<key>PayloadIdentifier</key>
+			<string>com.microsoft.Edge.DD4A940A-B216-4D5E-8B2C-1EF2CAFF7F38</string>
+			<key>PayloadType</key>
+			<string>com.microsoft.Edge</string>
+			<key>PayloadUUID</key>
+			<string>DD4A940A-B216-4D5E-8B2C-1EF2CAFF7F38</string>
+			<key>PayloadVersion</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>This profile installs and enforces the 'Check' browser extension from CyberDrain on Google Chrome and Microsoft Edge web browsers. </string>
+	<key>PayloadDisplayName</key>
+	<string>Check CyberDrain</string>
+	<key>PayloadIdentifier</key>
+	<string>020D4Z7P-7F1A-4723-89CB-1826F8BAF4B5</string>
+	<key>PayloadOrganization</key>
+	<string>YOUR ORG NAME</string>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>020D4Z7P-7F1A-4723-89CB-1826F8BAF4B5</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+	<key>RemovalDate</key>
+	<date>2044-05-19T21:46:44Z</date>
+	<key>TargetDeviceType</key>
+	<integer>5</integer>
+</dict>
+</plist>
+```
+You could also deploy it in Chrome via command-line by creating the proper JSON object in the correct directory in the core /Library directory in macOS. Credit to @cezaraugusto for the script (slightly modified to simply install 'Check' if no parameter is passed...though technically you could pass any other Chrome extension ID after the script path and it would install that extension). 
+
+```
+#!/bin/bash
+
+# https://developer.chrome.com/docs/extensions/mv3/external_extensions/#preferences
+# Credit to #cezaraugusto# from GithubGist for this script...slightly modified for the purposes of installing Check by Cyberdrain if no parameter is passed
+# https://gist.github.com/cezaraugusto
+# https://gist.github.com/cezaraugusto/0101d2cb251c088f398ca0f8d4495ca0
+
+extension=$1
+
+if [[ -z "$extension" ]]; then
+  extension="benimdeioplgkhanklclahllklceahbe"
+fi
+install_chrome_extension() {
+  chrome_extensions_folder="/Library/Application Support/Google/Chrome/External Extensions"
+  chrome_extensions_preferences_file="$chrome_extensions_folder/$extension.json"
+  # This URL is used by Chrome to check for updates to external extensions
+  update_services_url="https://clients2.google.com/service/update2/crx"
+
+if [[ -d "$chrome_extensions_folder" ]]; then
+  mkdir -p "$chrome_extensions_folder"
+fi
+
+  echo "{" > "$chrome_extensions_preferences_file"
+  echo "  \"external_update_url\": \"$update_services_url\"" >> "$chrome_extensions_preferences_file"
+  echo "}" >> "$chrome_extensions_preferences_file"
+
+  echo "Added \"$chrome_extensions_preferences_file\""
+}
+
+if [ $# -ne 1 ]; then
+  echo "Usage: $0 <extension_id>"
+  exit 1
+fi
+
+install_chrome_extension "$extension"
+
+# Usage: 
+# ./install_extension.sh <extension_id>
+# Sample: adding React Dev Tools from command-line to Chrome 
+# ./install_extension.sh fmkadmapgofadopljbjfkapdkoienihi
+```
+
+This would not install the extension until the next time Chrome is launched, and then it will require the user to approve it. 
+
+<img width="448" height="330" alt="SCR-20260520-krbi" src="https://github.com/user-attachments/assets/f53a13fe-c16b-4941-aa39-0799b2b32b6e" />
+
+
+
+Due to limitations like this it really would be better to push it via an MDM. 
+
+
+If you have experience deploying managed MacOS browser extensions, please contribute to the [docs via GitHub](https://github.com/CyberDrain/Check/tree/dev/docs). All Mac resources in the GitHub repo should be considered inaccurate until tested.&#x20;