Merge pull request #666 from lanedirt/665-prepare-0130-release

Bump version to 0.13.0

.dockerignore

@@ -22,4 +22,17 @@
 **/secrets.dev.yaml
 **/values.dev.yaml
 LICENSE
-README.md
+README.md
+
+# Exclude AliasVault data directories
+database/
+logs/
+certificates/
+
+# Exclude git directory
+.git/
+
+# Exclude development files
+*.log
+*.env
+*.env.*

.env.example

@@ -1,4 +1,10 @@
-API_URL=
+HOSTNAME=
 JWT_KEY=
+DATA_PROTECTION_CERT_PASS=
+ADMIN_PASSWORD_HASH=
+ADMIN_PASSWORD_GENERATED=2024-01-01T00:00:00Z
 PRIVATE_EMAIL_DOMAINS=
 SMTP_TLS_ENABLED=false
+LETSENCRYPT_ENABLED=false
+POSTGRES_PASSWORD=
+SUPPORT_EMAIL=

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug report
+about: Report a bug or unexpected behavior.
+title: "[BUG] "
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for AliasVault
+title: '[Feature Request] '
+labels: '⚡️ enhancement'
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,15 @@
+## Description
+- [ ] Bug fix
+- [ ] Feature enhancement
+- [ ] Documentation update
+- [ ] Other (please describe):
+
+## Related Issues
+Fixes #[issue-number]
+
+## Checklist
+- [ ] Code adheres to project standards and guidelines.
+- [ ] Documentation has been updated where applicable.
+
+## Additional Information
+Add any additional context, screenshots, or explanations here.

.github/dependabot.yml

@@ -0,0 +1,53 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+    # Enable version updates for NuGet
+    - package-ecosystem: "nuget"
+      directory: "/"
+      target-branch: "main"
+      open-pull-requests-limit: 10
+      labels:
+          - "dependencies"
+      # Check for updates once a week
+      schedule:
+          day: "monday"
+          time: "09:00"
+          interval: "weekly"
+        # Ignore certain dependencies (optional)
+        # ignore:
+        #   - dependency-name: "SomePackage"
+        #     versions: ["4.x", "5.x"]
+
+    # Enable version updates for npm
+    - package-ecosystem: "npm"
+      # Look for `package.json` and `lock` files in the `root` directory
+      directory: "/"
+      # Check for updates once a week
+      schedule:
+          day: "monday"
+          time: "09:00"
+          interval: "weekly"
+
+    # Enable version updates for Docker
+    - package-ecosystem: "docker"
+      # Look for a `Dockerfile` in the `root` directory
+      directory: "/"
+      # Check for updates once a week
+      schedule:
+          day: "monday"
+          time: "09:00"
+          interval: "weekly"
+
+    # Enable version updates for Composer
+    - package-ecosystem: "composer"
+      # Look for a `Dockerfile` in the `root` directory
+      directory: "/"
+      # Check for updates once a week
+      schedule:
+          day: "monday"
+          time: "09:00"
+          interval: "weekly"

.github/release.yml

@@ -9,9 +9,9 @@ changelog:
         labels:
           - dependencies
           - bug
-    - title: 🧩 Dependencies Updates
-      labels:
-        - dependencies
     - title: 🐞 Bug Fixes
       labels:
         - bug
+    - title: 🧩 Dependencies Updates
+      labels:
+        - dependencies

.github/workflows/browser-extension-build.yml

@@ -0,0 +1,223 @@
+name: Browser Extension Build
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  release:
+    types: [published]
+  workflow_dispatch:
+
+jobs:
+  build-chrome-extension:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: browser-extension
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get short SHA
+        id: vars
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: browser-extension/package-lock.json
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build extension
+        run: npm run build:chrome
+
+      - name: Run tests
+        run: npm run test
+
+      - name: Run linting
+        run: npm run lint
+
+      - name: Zip Chrome Extension
+        run: npm run zip:chrome
+
+      - name: Unzip for artifact
+        run: |
+          mkdir -p dist/chrome-unpacked
+          unzip dist/aliasvault-browser-extension-*-chrome.zip -d dist/chrome-unpacked
+
+      - name: Upload dist artifact Chrome
+        uses: actions/upload-artifact@v4
+        with:
+          name: aliasvault-browser-extension-${{ github.event_name == 'release' && github.ref_name || (github.ref_name == 'main' && format('main-{0}', steps.vars.outputs.sha_short) || steps.vars.outputs.sha_short) }}-chrome
+          path: browser-extension/dist/chrome-unpacked
+
+    outputs:
+      sha_short: ${{ steps.vars.outputs.sha_short }}
+
+  build-firefox-extension:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: browser-extension
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get short SHA
+        id: vars
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: browser-extension/package-lock.json
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build extension
+        run: npm run build:firefox
+
+      - name: Run tests
+        run: npm run test
+
+      - name: Run linting
+        run: npm run lint
+
+      - name: Zip Firefox Extension
+        run: npm run zip:firefox
+
+      - name: Unzip for artifact
+        run: |
+          mkdir -p dist/firefox-unpacked
+          unzip dist/aliasvault-browser-extension-*-firefox.zip -d dist/firefox-unpacked
+          mkdir -p dist/sources-unpacked
+          unzip dist/aliasvault-browser-extension-*-sources.zip -d dist/sources-unpacked
+
+      - name: Upload dist artifact Firefox
+        uses: actions/upload-artifact@v4
+        with:
+          name: aliasvault-browser-extension-${{ github.event_name == 'release' && github.ref_name || (github.ref_name == 'main' && format('main-{0}', steps.vars.outputs.sha_short) || steps.vars.outputs.sha_short) }}-firefox
+          path: browser-extension/dist/firefox-unpacked
+
+      - name: Upload dist artifact Firefox sources
+        uses: actions/upload-artifact@v4
+        with:
+          name: aliasvault-browser-extension-${{ github.event_name == 'release' && github.ref_name || (github.ref_name == 'main' && format('main-{0}', steps.vars.outputs.sha_short) || steps.vars.outputs.sha_short) }}-sources
+          path: browser-extension/dist/sources-unpacked
+
+    outputs:
+      sha_short: ${{ steps.vars.outputs.sha_short }}
+
+  build-edge-extension:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: browser-extension
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get short SHA
+        id: vars
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: browser-extension/package-lock.json
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build extension
+        run: npm run build:edge
+
+      - name: Run tests
+        run: npm run test
+
+      - name: Run linting
+        run: npm run lint
+
+      - name: Zip Edge Extension
+        run: npm run zip:edge
+
+      - name: Unzip for artifact
+        run: |
+          mkdir -p dist/edge-unpacked
+          unzip dist/aliasvault-browser-extension-*-edge.zip -d dist/edge-unpacked
+
+      - name: Upload dist artifact Edge
+        uses: actions/upload-artifact@v4
+        with:
+          name: aliasvault-browser-extension-${{ github.event_name == 'release' && github.ref_name || (github.ref_name == 'main' && format('main-{0}', steps.vars.outputs.sha_short) || steps.vars.outputs.sha_short) }}-edge
+          path: browser-extension/dist/edge-unpacked
+
+    outputs:
+      sha_short: ${{ steps.vars.outputs.sha_short }}
+
+  upload-chrome-release-assets:
+    runs-on: ubuntu-latest
+    needs: [build-chrome-extension]
+    if: github.event_name == 'release' && github.event.action == 'published'
+    steps:
+      - name: Download built artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: aliasvault-browser-extension-${{ github.event_name == 'release' && github.ref_name || (github.ref_name == 'main' && format('main-{0}', needs.build-chrome-extension.outputs.sha_short) || needs.build-chrome-extension.outputs.sha_short) }}-chrome
+          path: browser-extension/dist
+
+      - name: Upload Chrome Extension ZIP to Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: browser-extension/dist/aliasvault-browser-extension-*-chrome.zip
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  upload-firefox-release-assets:
+    runs-on: ubuntu-latest
+    needs: [build-firefox-extension]
+    if: github.event_name == 'release' && github.event.action == 'published'
+    steps:
+      - name: Download built artifact Firefox
+        uses: actions/download-artifact@v4
+        with:
+          name: aliasvault-browser-extension-${{ github.event_name == 'release' && github.ref_name || (github.ref_name == 'main' && format('main-{0}', needs.build-firefox-extension.outputs.sha_short) || needs.build-firefox-extension.outputs.sha_short) }}-firefox
+          path: browser-extension/dist
+
+      - name: Download built artifact Firefox sources
+        uses: actions/download-artifact@v4
+        with:
+          name: aliasvault-browser-extension-${{ github.event_name == 'release' && github.ref_name || (github.ref_name == 'main' && format('main-{0}', needs.build-firefox-extension.outputs.sha_short) || needs.build-firefox-extension.outputs.sha_short) }}-sources
+          path: browser-extension/dist/aliasvault-browser-extension-*-sources.zip
+
+      - name: Upload Firefox Extension ZIP to Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: browser-extension/dist/aliasvault-browser-extension-*{-firefox,-sources}.zip
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  upload-edge-release-assets:
+    runs-on: ubuntu-latest
+    needs: [build-edge-extension]
+    if: github.event_name == 'release' && github.event.action == 'published'
+    steps:
+      - name: Download built artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: aliasvault-browser-extension-${{ github.event_name == 'release' && github.ref_name || (github.ref_name == 'main' && format('main-{0}', needs.build-edge-extension.outputs.sha_short) || needs.build-edge-extension.outputs.sha_short) }}-edge
+          path: browser-extension/dist
+
+      - name: Upload Edge Extension ZIP to Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: browser-extension/dist/aliasvault-browser-extension-*-edge.zip
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/docker-compose-build.yml

@@ -9,61 +9,95 @@ on:
 jobs:
   test-docker:
     runs-on: ubuntu-latest
+
     services:
       docker:
         image: docker:26.0.0
         options: --privileged
+
     steps:
       - uses: actions/checkout@v2
+
+      - name: Create .env file with custom SMTP port as port 25 is not allowed in GitHub Actions
+        run: |
+          echo "SMTP_PORT=2525" > .env
+
       - name: Set permissions and run install.sh
         run: |
           chmod +x install.sh
-          ./install.sh
-      - name: Set up Docker Compose
-        run: |
-            # Change the exposed host port of the SmtpService from 25 to 2525 because port 25 is not allowed in GitHub Actions
-            sed -i 's/25\:25/2525\:25/g' docker-compose.yml
-            docker compose -f docker-compose.yml up -d
-      - name: Wait for services to be up
-        run: |
-            # Wait for a few seconds
-            sleep 5
-      - name: Test if localhost:80 (WASM app) responds
-        run: |
-            # Test if the service on localhost:80 responds
-            http_code=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:80)
-            if [ "$http_code" -ne 200 ]; then
-              echo "Service did not respond with 200 OK. Check if client app is configured correctly."
-              exit 1
-            else
-              echo "Service responded with 200 OK"
-            fi
-      - name: Test if localhost:81 (WebApi) responds
-        run: |
-            # Test if the service on localhost:81 responds
-            http_code=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:81)
-            if [ "$http_code" -ne 200 ]; then
-                echo "Service did not respond with expected 200 OK. Check if WebApi is configured correctly."
-                exit 1
-            else
-                echo "Service responded with $http_code"
-            fi
-      - name: Test if localhost:2525 (SmtpService) responds
-        run: |
-            # Test if the service on localhost:2525 responds
+          ./install.sh build --verbose
+
+      - name: Test if services are responding
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 5
+          max_attempts: 5
+          command: |
+            sleep 15
+
+            # Array of endpoints to test
+            declare -A endpoints=(
+              ["WASM"]="https://localhost:443"
+              ["WebApi"]="https://localhost:443/api"
+              ["Admin"]="https://localhost:443/admin/user/login"
+            )
+
+            failed=false
+
+            # Test HTTP endpoints
+            for name in "${!endpoints[@]}"; do
+              url="${endpoints[$name]}"
+              echo "Testing $name at $url"
+
+              # Store both response body and HTTP code
+              response=$(curl -k -s -w "\nHTTP_CODE=%{http_code}" "$url")
+              http_code=$(echo "$response" | grep "HTTP_CODE=" | cut -d= -f2)
+              body=$(echo "$response" | sed '$d')  # Remove the last line (HTTP_CODE)
+
+              if [ "$http_code" -ne 200 ]; then
+                echo "❌ $name failed with HTTP $http_code at $url"
+                echo "Response body:"
+                echo "$body"
+                failed=true
+              else
+                echo "✅ $name responded with HTTP 200"
+              fi
+            done
+
+            # Test SMTP
+            echo "Testing SmtpService at localhost:2525"
             if ! nc -zv localhost 2525 2>&1 | grep -q 'succeeded'; then
-                echo "SmtpService did not respond on port 2525. Check if the SmtpService service is running."
-                exit 1
+              echo "❌ SmtpService failed to respond on port 2525"
+              failed=true
             else
-                echo "SmtpService responded on port 2525"
+              echo "✅ SmtpService responded successfully"
             fi
-      - name: Test if localhost:8080 (Admin) responds
+
+            # Exit with error if any service failed
+            if [ "$failed" = true ]; then
+              # Get container logs
+              echo "Container Logs admin:"
+              docker compose logs admin
+              echo "Container Logs api:"
+              docker compose logs api
+              echo "Container Logs client:"
+              docker compose logs client
+              echo "Container Logs smtp:"
+              docker compose logs smtp
+              echo "Container Logs reverse-proxy:"
+              docker compose logs reverse-proxy
+
+              # Restart containers for next test in case of failure
+              docker compose restart
+              exit 1
+            fi
+
+      - name: Test install.sh reset-password output
         run: |
-            # Test if the service on localhost:8080 responds
-            http_code=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:8080/user/login)
-            if [ "$http_code" -ne 200 ]; then
-                echo "Service did not respond with expected 200 OK. Check if admin app is configured correctly."
-                exit 1
-            else
-                echo "Service responded with $http_code"
-            fi
+          output=$(./install.sh reset-password)
+          if ! echo "$output" | grep -E '.*New admin password: [A-Za-z0-9+/=]{8,}.*'; then
+            echo "Password reset output format is incorrect"
+            echo "Expected: 'New admin password: <at least 8 base64 chars>'"
+            echo "Actual: $output"
+            exit 1
+          fi

.github/workflows/docker-compose-pull.yml

@@ -0,0 +1,133 @@
+# This workflow will test if pulling the latest Docker Compose containers from the registry works.
+name: Docker Compose Pull
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  test-docker:
+    runs-on: ubuntu-latest
+
+    services:
+      docker:
+        image: docker:26.0.0
+        options: --privileged
+
+    steps:
+      - name: Get repository and branch information
+        id: repo-info
+        run: |
+          # Check if this is a PR from a fork
+          if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.pull_request.head.repo.fork }}" = "true" ]; then
+            # If PR is from a fork, use main branch from lanedirt/AliasVault
+            echo "REPO_FULL_NAME=lanedirt/AliasVault" >> $GITHUB_ENV
+            echo "BRANCH_NAME=main" >> $GITHUB_ENV
+          else
+            # Otherwise use the current repository and branch
+            echo "REPO_FULL_NAME=${GITHUB_REPOSITORY}" >> $GITHUB_ENV
+            echo "BRANCH_NAME=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_ENV
+          fi
+
+      - name: Download install script from current branch
+        run: |
+          INSTALL_SCRIPT_URL="https://raw.githubusercontent.com/$REPO_FULL_NAME/$BRANCH_NAME/install.sh"
+          echo "Downloading install script from: $INSTALL_SCRIPT_URL"
+          curl -f -o install.sh "$INSTALL_SCRIPT_URL"
+
+      - name: Create .env file with custom SMTP port as port 25 is not allowed in GitHub Actions
+        run: |
+          echo "SMTP_PORT=2525" > .env
+
+      - name: Set permissions and run install.sh
+        id: install_script
+        continue-on-error: true
+        run: |
+          chmod +x install.sh
+          ./install.sh install --verbose
+
+      - name: Check if failure was due to version mismatch
+        if: steps.install_script.outcome == 'failure'
+        run: |
+          if grep -q "Install script needs updating to match version" <<< "$(./install.sh install --verbose 2>&1)"; then
+            echo "Test skipped: Install script version is newer than latest release version. This is expected behavior if the install script is run on a branch that is ahead of the latest release."
+            exit 0
+          else
+            echo "Test failed due to an unexpected error"
+            exit 1
+          fi
+
+      - name: Set up Docker Compose
+        run: docker compose -f docker-compose.yml up -d
+
+      - name: Wait for services to be up
+        run: |
+            # Wait for a few seconds
+            sleep 10
+      -   name: Test if localhost:443 (WASM app) responds
+          uses: nick-fields/retry@v3
+          with:
+              timeout_minutes: 2
+              max_attempts: 3
+              command: |
+                  http_code=$(curl -k -s -o /dev/null -w "%{http_code}" https://localhost:443)
+                  if [ "$http_code" -ne 200 ]; then
+                    echo "Service did not respond with 200 OK. Check if client app and/or nginx is configured correctly."
+                    exit 1
+                  else
+                    echo "Service responded with 200 OK"
+                  fi
+
+      -   name: Test if localhost:443/api (WebApi) responds
+          uses: nick-fields/retry@v3
+          with:
+              timeout_minutes: 2
+              max_attempts: 3
+              command: |
+                  http_code=$(curl -k -s -o /dev/null -w "%{http_code}" https://localhost:443/api)
+                  if [ "$http_code" -ne 200 ]; then
+                    echo "Service did not respond with expected 200 OK. Check if WebApi and/or nginx is configured correctly."
+                    exit 1
+                  else
+                    echo "Service responded with $http_code"
+                  fi
+
+      -   name: Test if localhost:443/admin (Admin) responds
+          uses: nick-fields/retry@v3
+          with:
+              timeout_minutes: 2
+              max_attempts: 3
+              command: |
+                  http_code=$(curl -k -s -o /dev/null -w "%{http_code}" https://localhost:443/admin/user/login)
+                  if [ "$http_code" -ne 200 ]; then
+                    echo "Service did not respond with expected 200 OK. Check if admin app and/or nginx is configured correctly."
+                    exit 1
+                  else
+                    echo "Service responded with $http_code"
+                  fi
+
+      -   name: Test if localhost:2525 (SmtpService) responds
+          uses: nick-fields/retry@v3
+          with:
+              timeout_minutes: 2
+              max_attempts: 3
+              command: |
+                  if ! nc -zv localhost 2525 2>&1 | grep -q 'succeeded'; then
+                    echo "SmtpService did not respond on port 2525. Check if the SmtpService service is running."
+                    exit 1
+                  else
+                    echo "SmtpService responded on port 2525"
+                  fi
+
+      - name: Test install.sh reset-password output
+        run: |
+          output=$(./install.sh reset-password)
+          if ! echo "$output" | grep -E '.*New admin password: [A-Za-z0-9+/=]{8,}.*'; then
+            echo "Password reset output format is incorrect. Expected format: 'New admin password: <at least 8 base64 chars>'"
+            echo "Actual output: $output"
+            exit 1
+          else
+            echo "Password reset output format is correct"
+          fi

.github/workflows/dotnet-e2e-admin-tests.yml

@@ -0,0 +1,46 @@
+# This workflow will test if running the E2E Admin tests via Playwright CLI works.
+name: .NET E2E Admin Tests (Playwright)
+
+on:
+    push:
+        branches: [ "main" ]
+    pull_request:
+        branches: [ "main" ]
+
+jobs:
+    admin-tests:
+        timeout-minutes: 60
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Setup .NET
+              uses: actions/setup-dotnet@v4
+              with:
+                  dotnet-version: 9.0.x
+
+            - name: Install dependencies
+              run: dotnet workload install wasm-tools
+
+            - name: Build
+              run: dotnet build
+
+            - name: Start dev database
+              run: ./install.sh configure-dev-db start
+
+            - name: Ensure browsers are installed
+              run: pwsh src/Tests/AliasVault.E2ETests/bin/Debug/net9.0/playwright.ps1 install --with-deps
+
+            - name: Run AdminTests with retry
+              uses: nick-fields/retry@v3
+              with:
+                  timeout_minutes: 60
+                  max_attempts: 3
+                  command: dotnet test src/Tests/AliasVault.E2ETests --no-build --verbosity normal --filter "Category=AdminTests"
+
+            - name: Upload Test Results
+              if: always()
+              uses: actions/upload-artifact@v4
+              with:
+                  name: admin-test-results
+                  path: TestResults-Admin.xml

.github/workflows/dotnet-e2e-client-tests.yml

@@ -0,0 +1,43 @@
+# This workflow will test if running the E2E Client tests via Playwright CLI works.
+name: .NET E2E Client Tests (Playwright with Sharding)
+
+on:
+    push:
+        branches: [ "main" ]
+    pull_request:
+        branches: [ "main" ]
+
+jobs:
+    client-tests:
+        timeout-minutes: 60
+        runs-on: ubuntu-latest
+        strategy:
+            fail-fast: false
+            matrix:
+                shard: [1, 2, 3, 4, 5]
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Setup .NET
+              uses: actions/setup-dotnet@v4
+              with:
+                  dotnet-version: 9.0.x
+
+            - name: Install dependencies
+              run: dotnet workload install wasm-tools
+
+            - name: Build
+              run: dotnet build
+
+            - name: Start dev database
+              run: ./install.sh configure-dev-db start
+
+            - name: Ensure browsers are installed
+              run: pwsh src/Tests/AliasVault.E2ETests/bin/Debug/net9.0/playwright.ps1 install --with-deps
+
+            - name: Run ClientTests with retry (Shard ${{ matrix.shard }})
+              uses: nick-fields/retry@v3
+              with:
+                  timeout_minutes: 60
+                  max_attempts: 3
+                  command: dotnet test src/Tests/AliasVault.E2ETests --no-build --verbosity normal --filter "FullyQualifiedName~.E2ETests.Tests.Client.Shard${{ matrix.shard }}."

.github/workflows/dotnet-e2e-tests.yml

@@ -1,48 +0,0 @@
-# This workflow will build a .NET project
-# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net
-
-name: .NET E2E Tests (Playwright)
-
-on:
-  push:
-    branches: [ "main" ]
-  pull_request:
-    branches: [ "main" ]
-
-jobs:
-  test:
-    timeout-minutes: 60
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Setup .NET
-      uses: actions/setup-dotnet@v4
-      with:
-        dotnet-version: 8.0.x
-    - name: Install dependencies
-      run: dotnet workload install wasm-tools
-    - name: Build
-      run: dotnet build
-    - name: Ensure browsers are installed
-      run: pwsh src/Tests/AliasVault.E2ETests/bin/Debug/net8.0/playwright.ps1 install --with-deps
-
-    - name: Run AdminTests with retry
-      uses: nick-invision/retry@v2
-      with:
-        timeout_minutes: 10
-        max_attempts: 3
-        command: dotnet test src/Tests/AliasVault.E2ETests --no-build --verbosity normal --filter "Category=AdminTests"
-
-    - name: Run ClientTests with retry
-      uses: nick-invision/retry@v2
-      with:
-        timeout_minutes: 10
-        max_attempts: 3
-        command: dotnet test src/Tests/AliasVault.E2ETests --no-build --verbosity normal --filter "Category=ClientTests"
-
-    - name: Run remaining tests with retry
-      uses: nick-invision/retry@v2
-      with:
-        timeout_minutes: 10
-        max_attempts: 3
-        command: dotnet test src/Tests/AliasVault.E2ETests --no-build --verbosity normal --filter "Category!=AdminTests&Category!=ClientTests"

.github/workflows/dotnet-integration-tests.yml

@@ -1,6 +1,4 @@
-# This workflow will build a .NET project
-# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net
-
+# This workflow will test if running the integration tests works.
 name: .NET Integration Tests
 
 on:
@@ -15,13 +13,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
+
     - name: Setup .NET
       uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: 8.0.x
+          dotnet-version: 9.0.x
+
     - name: Install dependencies
       run: dotnet workload install wasm-tools
+
     - name: Build
       run: dotnet build
+
+    - name: Start dev database
+      run: ./install.sh configure-dev-db start
+
     - name: Run integration tests
       run: dotnet test src/Tests/AliasVault.IntegrationTests --no-build --verbosity normal

.github/workflows/dotnet-unit-tests.yml

@@ -1,6 +1,4 @@
-# This workflow will build a .NET project
-# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net
-
+# This workflow will test if running the unit tests works.
 name: .NET Unit Tests
 
 on:
@@ -14,15 +12,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
+
     - name: Setup .NET
       uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: 8.0.x
+          dotnet-version: 9.0.x
+
     - name: Install dependencies
       run: dotnet workload install wasm-tools
+
     - name: Restore dependencies
       run: dotnet restore
+
     - name: Build
       run: dotnet build --no-restore
+
     - name: Run unittests
       run: dotnet test src/Tests/AliasVault.UnitTests --no-build --verbosity normal

.github/workflows/publish-docker-images.yml

@@ -0,0 +1,117 @@
+# This workflow will publish new Docker images to the GitHub Container Registry when a new release is published.
+name: Publish Docker Images
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Convert repository name to lowercase
+        run: |
+          echo "REPO_LOWER=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}
+
+      - name: Build and push Postgres image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: src/Databases/AliasServerDb/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-postgres:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-postgres:${{ github.ref_name }}
+
+      - name: Build and push API image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: src/AliasVault.Api/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-api:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-api:${{ github.ref_name }}
+
+      - name: Build and push Client image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: src/AliasVault.Client/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-client:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-client:${{ github.ref_name }}
+
+      - name: Build and push Admin image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: src/AliasVault.Admin/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-admin:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-admin:${{ github.ref_name }}
+
+      - name: Build and push Reverse Proxy image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-reverse-proxy:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-reverse-proxy:${{ github.ref_name }}
+
+      - name: Build and push SMTP image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: src/Services/AliasVault.SmtpService/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-smtp:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-smtp:${{ github.ref_name }}
+
+      - name: Build and push TaskRunner image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: src/Services/AliasVault.TaskRunner/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-task-runner:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-task-runner:${{ github.ref_name }}
+
+      - name: Build and push InstallCli image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: src/Utilities/AliasVault.InstallCli/Dockerfile
+          platforms: linux/amd64,linux/arm64/v8
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-installcli:latest,${{ env.REGISTRY }}/${{ env.REPO_LOWER }}-installcli:${{ github.ref_name }}

.github/workflows/sonarcloud-code-analysis.yml

@@ -1,29 +1,46 @@
+# This workflow will perform a SonarCloud code analysis on every push to the main branch or
+# when a pull request is opened, synchronized, or reopened. The "pull_request_target" event is
+# used to ensure that the analysis is done on the source branch of the pull request which has
+# access to the SonarCloud token secret.
 name: SonarCloud code analysis
 on:
     push:
         branches:
             - main
-    pull_request:
+    pull_request_target:
         types: [opened, synchronize, reopened]
 jobs:
     build:
         name: Build and analyze
         runs-on: windows-latest
         steps:
+            - name: Setup .NET
+              uses: actions/setup-dotnet@v3
+              with:
+                  dotnet-version: '9.0.x'
+
+            - name: Install WASM workload
+              run: dotnet workload install wasm-tools
+
             - name: Set up JDK 17
               uses: actions/setup-java@v3
               with:
                   java-version: 17
-                  distribution: 'zulu' # Alternative distribution options are available.
-            - uses: actions/checkout@v3
+                  distribution: 'zulu'
+
+            - name: Checkout code of PR branch
+              uses: actions/checkout@v3
               with:
-                  fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+                ref: ${{ github.event.pull_request.head.sha }}
+                fetch-depth: 0
+
             - name: Cache SonarCloud packages
               uses: actions/cache@v3
               with:
                   path: ~\sonar\cache
                   key: ${{ runner.os }}-sonar
                   restore-keys: ${{ runner.os }}-sonar
+
             - name: Cache SonarCloud scanner
               id: cache-sonar-scanner
               uses: actions/cache@v3
@@ -31,19 +48,25 @@ jobs:
                   path: .\.sonar\scanner
                   key: ${{ runner.os }}-sonar-scanner
                   restore-keys: ${{ runner.os }}-sonar-scanner
+
             - name: Install SonarCloud scanner
               if: steps.cache-sonar-scanner.outputs.cache-hit != 'true'
               shell: powershell
               run: |
                   New-Item -Path .\.sonar\scanner -ItemType Directory
                   dotnet tool update dotnet-sonarscanner --tool-path .\.sonar\scanner
+
             - name: Build and analyze
               env:
-                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                   SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
               shell: powershell
               run: |
-                  .\.sonar\scanner\dotnet-sonarscanner begin /k:"lanedirt_AliasVault" /o:"lanedirt" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml" /d:sonar.coverage.exclusions="**Tests*.cs"
+                  if ('${{ github.event_name }}' -eq 'pull_request_target') {
+                      .\.sonar\scanner\dotnet-sonarscanner begin /k:"lanedirt_AliasVault" /o:"lanedirt" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.pullrequest.key=${{ github.event.pull_request.number }} /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml" /d:sonar.coverage.exclusions="**Tests*.cs" /d:sonar.exclusions="**/__tests__/test-forms/*.html"
+                  } else {
+                      .\.sonar\scanner\dotnet-sonarscanner begin /k:"lanedirt_AliasVault" /o:"lanedirt" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml" /d:sonar.coverage.exclusions="**Tests*.cs" /d:sonar.exclusions="**/__tests__/test-forms/*.html"
+                  }
                   dotnet build
                   dotnet test -c Release /p:CollectCoverage=true /p:CoverletOutput=coverage /p:CoverletOutputFormat=opencover --filter 'FullyQualifiedName!~AliasVault.E2ETests'
                   .\.sonar\scanner\dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"

.gitignore

@@ -9,6 +9,7 @@
 *.user
 *.userosscache
 *.sln.docstates
+*.code-workspace
 
 # User-specific files (MonoDevelop/Xamarin Studio)
 *.userprefs
@@ -268,9 +269,14 @@ ServiceFabricBackup/
 
 # SQLite files
 *.sqlite
+*.sqlite.*
 *.sqlite-shm
 *.sqlite-wal
 
+# SQL files
+*.sql
+*.sql.gz
+
 # Business Intelligence projects
 *.rdl.data
 *.bim.layout
@@ -371,13 +377,49 @@ FodyWeavers.xsd
 .idea
 *.licenseheader
 
-# AliasVault specific
+# Junie JetBrains plugin
+.junie
+.output.txt
+
+# Codebuddy Rider plugin
+.codebuddy
+
+# -------------------
+# AliasVault specifics
+# -------------------
 # index.html is generated by the build process from index.template.html and therefore should be ignored
 src/AliasVault.Client/wwwroot/index.html
+
 # appsettings.Development.json is generated by the build process from appsettings.Development.template.json and therefore should be ignored
 src/AliasVault.Client/wwwroot/appsettings.Development.json
+
 # appsettings.Development.json is added manually if needed, it should not be committed.
 src/Tests/AliasVault.E2ETests/appsettings.Development.json
 
 # .env is generated by install.sh and therefore should be ignored
 .env
+
+# install.sh backup files are generated by install.sh self-update and therefore should be ignored
+install.sh.backup
+
+# Draw.io diagram temp files
+*.drawio.*
+
+# Certificates
+certificates/**/*.crt
+certificates/**/*.key
+certificates/**/*.pfx
+certificates/**/*.pem
+certificates/letsencrypt/**
+
+# Docs
+docs/_site
+docs/vendor
+docs/.bundle
+
+# Database files
+database/postgres
+database/postgres-dev
+
+# Temp files
+temp

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+contact@support.aliasvault.net.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

CONTRIBUTING.md

@@ -1,89 +1,14 @@
-# Contributing
-This document is a work-in-progress and will be expanded as time goes on. If you have any questions feel free to open a issue on GitHub.
+# Contributing to the source code
+We welcome contributions to AliasVault. Please read the guidelines on the official AliasVault docs website on how to get your local development environment setup and the general contribution guidelines:
 
-Note: all instructions below are based on MacOS. If you are using a different operating system, you may need to adjust the commands accordingly.
+https://docs.aliasvault.net/misc/dev/contributing.html
 
-## Getting Started
-In order to contribute to this project follow these instructions to setup your local environment:
+> Tip: if the URL above is not available, the raw doc pages can also be found in the `docs` folder in this repository.
 
-### 1. Clone the repository
+## Contributing to the documentation
+The docs are built using Jekyll and automatically deploy to GitHub Pages via GitHub Actions. You can build the docs locally by running `docker compose up` in in the `./docs` folder.
 
-```bash
-git clone https://github.com/lanedirt/AliasVault.git
-cd AliasVault
-```
-
-### 2. Copy pre-commit hook script to .git/hooks directory
-**Important**: All commits in this repo are required to contain a reference to a GitHub issue in the format of "your commit message (#123)" where "123" references the GitHub issue number.
-
-The pre-commit hook script below will check the commit message before allowing the commit to proceed. If the commit message is invalid, the commit will be aborted.
-
-```bash
-# Copy the commit-msg hook script to the .git/hooks directory
-cp .github/hooks/commit-msg .git/hooks/commit-msg
-
-# Make the script executable
-chmod +x .git/hooks/commit-msg
-```
-
-### 3. Install the latest version of .NET SDK 8
-
-```bash
-# Install .NET SDK 8
-
-# On MacOS via brew:
-brew install --cask dotnet-sdk
-
-# On Windows via winget
-winget install Microsoft.DotNet.SDK.8
-```
-
-### 4. Install dotnet CLI EF Tools
-
-```bash
-# Install dotnet EF tools globally
-dotnet tool install --global dotnet-ef
-# Include dotnet tools in your PATH
-nano ~/.zshrc
-# Add the following line to your .zshrc file
-export PATH="$PATH:$HOME/.dotnet/tools"
-# Start a new terminal and test that this command works:
-dotnet ef
-```
-
-### 5. Run Tailwind CSS compiler while changing HTML files to update compiled CSS
-
-```bash
-npm run build:css
-```
-
-### 6. Install Playwright in order to locally run NUnit E2E (end-to-end) tests
-
-```bash
-# First install PowerShell for Mac (if you don't have it already)
-brew install powershell/tap/powershell
-# Install Playwright
-dotnet tool install --global Microsoft.Playwright.CLI
-# Run Playwright install script to download local browsers
-# Note: make sure the E2E test project has been built at least once so the bin dir exists.
-pwsh src/Tests/AliasVault.E2ETests/bin/Debug/net8.0/playwright.ps1 install
-```
-
-### 7. Create AliasVault.Client appsettings.Development.json
-The WASM client app supports a development specific appsettings.json file. This appsettings file is optional but can override various options to make debugging easier.
+The docs site is based on the open-source template called Just The Docs. Find more information about how this template works in the [official docs](https://just-the-docs.github.io/just-the-docs/).
 
 
-1. Copy `wwwroot/appsettings.json` to `wwwroot/appsettings.Development.json`
-
-Here is an example file with the various options explained:
-
-```
-{
-    "ApiUrl": "http://localhost:5092",
-    "PrivateEmailDomains": ["example.tld"],
-    "UseDebugEncryptionKey": "true"
-}
-```
-
-- UseDebugEncryptionKey
-    - This setting will use a static encryption key so that if you login as a user you can refresh the page without needing to unlock the database again. This speeds up development when changing things in the WebApp WASM project. Note: the project needs to be run in "Development" mode for this setting to be used.
+To make changes to the AliasVault documentation please make a PR that directly edits the `docs` markdown files in this repository.

Dockerfile

@@ -0,0 +1,15 @@
+FROM nginx:alpine
+
+# Install OpenSSL
+RUN apk add --no-cache openssl
+
+# Copy configuration and entrypoint script
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY entrypoint.sh /docker-entrypoint.sh
+
+# Create SSL directory
+RUN mkdir -p /etc/nginx/ssl && chmod 755 /etc/nginx/ssl \
+    && chmod +x /docker-entrypoint.sh
+
+EXPOSE 80 443
+ENTRYPOINT ["/docker-entrypoint.sh"]

ENCRYPTION.md

@@ -1,13 +0,0 @@
-# Encryption
-This document describes the encryption used in AliasVault.
-
-## SRP
-The application uses the Secure Remote Password (SRP) protocol for authentication. The SRP protocol is a password-authenticated key agreement protocol. This means that the client and server can authenticate each other using a password, without sending the password over the network.
-
-With the use of SRP the master password never leaves the client. The client sends a verifier to the server, which is a value derived from the master password. The server uses this verifier to authenticate the client. With this the server can authenticate the client without having ever seen the actual master password.
-
-## Argon2id
-The application uses the Argon2id key derivation function to derive a key from the master password. Argon2id is a memory-hard function, which makes it difficult to perform large-scale custom hardware attacks. This makes it a good choice for password hashing.
-
-## AES
-AES-256 IV is used to encrypt the data. The data is encrypted with a key derived from the master password using Argon2id. The Initialization Vector (IV) is generated randomly for each encryption.

README.md

@@ -1,89 +1,141 @@
-<div align="center">
+# AliasVault: password & (email) alias manager [<img src="https://github.com/user-attachments/assets/933c8b45-a190-4df6-913e-b7c64ad9938b" width="100" align="right" alt="AliasVault">](https://github.com/lanedirt/AliasVault)
 
-<h1>AliasVault</h1>
-
-[<img src="https://img.shields.io/github/v/release/lanedirt/AliasVault?include_prereleases&logo=github">](https://github.com/lanedirt/OGameX/releases)
-[<img src="https://img.shields.io/github/actions/workflow/status/lanedirt/AliasVault/docker-compose-build.yml?label=docker-compose%20build">](https://github.com/lanedirt/AliasVault/actions/workflows/docker-compose-build.yml)
+[<img src="https://img.shields.io/github/v/release/lanedirt/AliasVault?include_prereleases&logo=github">](https://github.com/lanedirt/AliasVault/releases)
 [<img src="https://img.shields.io/github/actions/workflow/status/lanedirt/AliasVault/dotnet-unit-tests.yml?label=unit tests">](https://github.com/lanedirt/AliasVault/actions/workflows/dotnet-build-run-tests.yml)
 [<img src="https://img.shields.io/github/actions/workflow/status/lanedirt/AliasVault/dotnet-integration-tests.yml?label=integration tests">](https://github.com/lanedirt/AliasVault/actions/workflows/dotnet-build-run-tests.yml)
-[<img src="https://img.shields.io/github/actions/workflow/status/lanedirt/AliasVault/dotnet-e2e-tests.yml?label=e2e tests">](https://github.com/lanedirt/AliasVault/actions/workflows/dotnet-integration-tests.yml)
-[<img src="https://img.shields.io/sonar/coverage/lanedirt_AliasVault?server=https%3A%2F%2Fsonarcloud.io&label=test code coverage">](https://sonarcloud.io/summary/new_code?id=lanedirt_AliasVault)
+[<img src="https://img.shields.io/github/actions/workflow/status/lanedirt/AliasVault/dotnet-e2e-client-tests.yml?label=e2e tests">](https://github.com/lanedirt/AliasVault/actions/workflows/dotnet-e2e-client-tests.yml)
 [<img src="https://img.shields.io/sonar/quality_gate/lanedirt_AliasVault?server=https%3A%2F%2Fsonarcloud.io&label=sonarcloud&logo=sonarcloud">](https://sonarcloud.io/summary/new_code?id=lanedirt_AliasVault)
-</div>
+[<img alt="Discord" src="https://img.shields.io/discord/1309300619026235422?logo=discord&logoColor=%237289da&label=discord&color=%237289da">](https://discord.gg/DsaXMTEtpF)
 
-AliasVault is an open-source password and identity manager built with C# ASP.NET technology. AliasVault can be self-hosted on your own server with Docker, providing a secure and private solution for managing your online identities and passwords.
+> AliasVault is an end-to-end encrypted password and (email) alias manager that protects your privacy by creating alternative identities, passwords and email addresses for every website you use. Use the official supported cloud version or self-host AliasVault on your own server with Docker.
+
+## Quick links
+- <a href="https://app.aliasvault.net">Try the cloud version 🔥</a> - <a href="https://aliasvault.net?utm_source=gh-readme">Website 🌐</a> - <a href="https://docs.aliasvault.net?utm_source=gh-readme">Documentation 📚</a> - <a href="#self-hosting">Self-host instructions ⚙️</a>
 
 ### What makes AliasVault unique:
 - **Zero-knowledge architecture**: All data is end-to-end encrypted on the client and stored in encrypted state on the server. Your master password never leaves your device and the server never has access to your data.
-- **Built-in email server**: AliasVault includes its own email server that allows you to generate virtual email addresses for each identity. Emails sent to these addresses are instantly visible in the AliasVault app.
-- **Virtual identities**: Generate virtual identities and assign them to a website, allowing you to use different email addresses and usernames for each website. Keeping your online identities separate and secure, making it harder for attackers to link your accounts.
-- **Open-source**: The source code is available on GitHub and can be self-hosted on your own server.
+- **Built-in email server**: AliasVault includes its own email server that allows you to generate real working email addresses for each alias. Emails sent to these addresses are instantly visible in the AliasVault app and browser extension.
+- **Alias generation**: Generate aliases and assign them to a website, allowing you to use different email addresses and usernames for each website. Keeping your online identities separate and secure, making it harder for bad actors to link your accounts.
+- **Open-source**: The source code is available on GitHub and AliasVault can be self-hosted on your own server via an easy install script.
 
-> Note: AliasVault is currently in active development and some features may not yet have been (fully) implemented. If you run into any issues, please create an issue on GitHub.
+## Screenshots
 
-## Live demo
-A live demo of the app is available at [main.aliasvault.net](https://main.aliasvault.net) (nightly builds). You can create a free account to try it out yourself.
+<table>
+    <tr>
+        <th align="center">Browser Extension</th>
+        <th align="center">Generate email and aliases</th>
+    </tr>
+    <tr>
+        <td align="center">
+            <img src="https://github.com/user-attachments/assets/d9ffd3dc-08a0-462d-8148-e8da5ec5a520" alt="Browser Autofill" />
+        </td>
+        <td align="center">
+            <img src="https://github.com/user-attachments/assets/86752994-d469-4b0e-b633-c089e0aed12b" alt="Generate Aliases" />
+		</td>
+    </tr>
+    <tr>
+        <th align="center">Strong security</th>
+        <th align="center">Easy self-host</th>
+    </tr>
+    <tr>
+		<td align="center">
+            <img src="https://github.com/user-attachments/assets/26b66379-10a5-4b8b-9c69-e64b553a10be" alt="Strong security" />
+		</td>
+		<td align="center">
+           <img src="https://github.com/user-attachments/assets/47c7002a-e326-4507-8801-194e134e00dd" alt="Easy self-host installation" />
+        </td>
+	</tr>
+</table>
 
-<img width="700" alt="Screenshot 2024-07-12 at 14 58 29" src="https://github.com/user-attachments/assets/57103f67-dff0-4124-9b33-62137aab5578">
+## Official Cloud Version
+The official cloud version of AliasVault is freely available at [app.aliasvault.net](https://app.aliasvault.net). This fully supported platform is always up to date with our latest release. Create an account to protect your privacy today.
 
-## Installation on your own machine
-To install AliasVault on your own machine, follow the steps below. Note: the install process is tested on MacOS and Linux. It should work on Windows too, but you might need to adjust some commands.
+[<img width="700" alt="Screenshot of AliasVault" src="docs/assets/img/screenshot.png">](https://app.aliasvault.net)
 
-### Requirements:
-- Access to a terminal
-- Docker
-- Git
+## Self-hosting
+For full control over your own data you can self-host and install AliasVault on your own servers. The easiest method is to use the provided install script. This will download the pre-built Docker images and start the containers.
 
-### 1. Clone this repository.
+### Install using install script
+
+This method uses pre-built Docker images and works on minimal hardware specifications:
+
+- Linux VM with root access (Ubuntu/AlmaLinux recommended) or Raspberry Pi
+- 1 vCPU
+- 1GB RAM
+- 16GB disk space
+- Docker installed
 
 ```bash
-# Clone this Git repository to "AliasVault" directory
-$ git clone https://github.com/lanedirt/AliasVault.git
+# Download install script from latest stable release
+curl -o install.sh https://raw.githubusercontent.com/lanedirt/AliasVault/0.13.0/install.sh
+
+# Make install script executable and run it. This will create the .env file, pull the Docker images, and start the AliasVault containers.
+chmod +x install.sh
+./install.sh install
 ```
 
-### 2. Run the install script.
-The script prepares the .env file, builds the Docker image, and starts the AliasVault containers.
+The install script will output the URL where the app is available. By default this is:
+- Client: https://localhost
+- Admin portal: https://localhost/admin
 
-```bash
-# Go to the project directory
-$ cd AliasVault
+> Note: If you want to change the default AliasVault ports you can do so in the `.env` file.
 
-# Make install script executable
-$ chmod +x install.sh
+## Documentation
+For more detailed information about the installation process and other topics, please see the official documentation website:
+- [Documentation website (docs.aliasvault.net) 📚](https://docs.aliasvault.net)
 
-# Run the install script
-$ ./install.sh
-```
+## Security Architecture
+<a href="https://docs.aliasvault.net/architecture"><img alt="AliasVault Security Architecture Diagram" src="docs/assets/diagrams/security-architecture/aliasvault-security-architecture-thumb.jpg" width="343"></a>
 
-Note: if you do not wish to run the script, you can set up the environment variables and build the Docker image and containers manually instead. See the [manual setup instructions](docs/setup/1-manually-setup-docker.md) for more information.
+AliasVault takes security seriously and implements various measures to protect your data:
 
-### 3. AliasVault is ready to use.
-The script will output the URL where the app is available. You can now open the app in your browser and create an account.
+- All sensitive user data is encrypted end-to-end using industry-standard encryption algorithms. This includes the complete vault contents and all received emails.
+- Your master password never leaves your device.
+- Zero-knowledge architecture ensures the server never has access to your unencrypted data
 
-> Note: the container binds to port 80 for client and port 8080 for admin by default. If you have another service running on these ports, you can change the AliasVault ports in the `docker-compose.yml` file.
+For detailed information about our encryption implementation and security architecture, see the following documents:
+- [SECURITY.md](SECURITY.md)
+- [Security Architecture Diagram](https://docs.aliasvault.net/architecture)
 
-#### Note for first time build:
-- When running the init script for the first time, it may take a few minutes for Docker to download all dependencies. Subsequent builds will be faster.
-- A SQLite database file will be created in `./database/AliasServerDb.sqlite`. This file will store all (encrypted) password vaults. It should be kept secure and not shared.
+## Roadmap
+AliasVault is under active development with new features being added regularly. We believe in transparency and want to share our vision for the future of the platform. Here's what we've accomplished and what we're working on next:
 
-#### Other useful commands:
-- To reset the admin password, run the install.sh script with the `--reset-admin-password` flag.
-- To uninstall AliasVault, make the uninstall script executable with `chmod +x uninstall.sh` first, then run the script: `./uninstall.sh`.
-This will remove all containers, images, and volumes related to AliasVault. It will keep all files and configuration intact however, so you can easily reinstall AliasVault later.
+- [x] Core password & alias management
+- [x] End-to-end encryption
+- [x] Built-in email server for aliases
+- [x] Single-command Docker-based installation
+- [x] Chrome browser extension
+- [ ] Firefox browser extension (https://github.com/lanedirt/AliasVault/issues/581)
+- [ ] Add and associate TOTP MFA tokens to credentials (https://github.com/lanedirt/AliasVault/issues/181)
+- [ ] Add support for connecting custom user domains to cloud hosted version (https://github.com/lanedirt/AliasVault/issues/485)
+- [ ] Import passwords from existing password managers (https://github.com/lanedirt/AliasVault/issues/542)
 
-## Tech stack / credits
-The following technologies, frameworks and libraries are used in this project:
+### Future Plans
+- [ ] Mobile apps (iOS, Android)
+- [ ] Team / organization features (sharing passwords/aliases)
+- [ ] Disposable phone number service
 
-- [C#](https://docs.microsoft.com/en-us/dotnet/csharp/) - A simple, modern, object-oriented, and type-safe programming language.
-- [ASP.NET Core](https://dotnet.microsoft.com/apps/aspnet) - An open-source framework for building modern, cloud-based, internet-connected applications.
-- [Entity Framework Core](https://docs.microsoft.com/en-us/ef/core/) - A lightweight, extensible, open-source and cross-platform version of the popular Entity Framework data access technology.
-- [Blazor WASM](https://dotnet.microsoft.com/apps/aspnet/web-apps/blazor) - A framework for building interactive web UIs using C# instead of JavaScript. It's a single-page app framework that runs in the browser via WebAssembly.
-- [Playwright](https://playwright.dev/) - A Node.js library to automate Chromium, Firefox and WebKit with a single API. Used for end-to-end testing.
-- [Docker](https://www.docker.com/) - A platform for building, sharing, and running containerized applications.
-- [SQLite](https://www.sqlite.org/index.html) - A C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine.
-- [Tailwind CSS](https://tailwindcss.com/) - A utility-first CSS framework for rapidly building custom designs.
-- [Flowbite](https://flowbite.com/) - A free and open-source UI component library based on Tailwind CSS.
-- [Konscious.Security.Cryptography](https://github.com/kmaragon/Konscious.Security.Cryptography) - A .NET library that implements Argon2id, a memory-hard password hashing algorithm.
-- [SRP.net](https://github.com/secure-remote-password/srp.net) - SRP6a Secure Remote Password protocol for secure password authentication.
-- [SmtpServer](https://github.com/cosullivan/SmtpServer) - A SMTP server library for .NET that is used for the virtual email address feature.
-- [MimeKit](https://github.com/jstedfast/MimeKit) - A .NET MIME creation and parser library used for the virtual email address feature.
+Want to suggest a feature? Join our [Discord](https://discord.gg/DsaXMTEtpF) or create an issue on GitHub.
+
+## Tech Stack & Security
+
+AliasVault is built with a modern, secure, and scalable technology stack, ensuring robust encryption and privacy protection.
+
+### Core Technologies
+- **C# & ASP.NET Core** – Reliable, high-performance backend for Web API.
+- **Blazor WASM** – Secure, interactive web UI.
+- **PostgreSQL & SQLite** – Database solutions, with SQLite powering encrypted user vaults.
+- **Docker** – Containerized deployment for scalability.
+- **Next.JS & React & Typescript** - Powering the AliasVault website and browser extensions
+
+### Security & Cryptography
+- **Argon2id (Konscious.Security.Cryptography)** – Industry-leading password hashing.
+- **SRP** – Secure Remote Password (SRP-6a) protocol for authentication.
+- **MimeKit & SmtpServer** – Secure email processing and virtual addresses.
+
+### Additional Tools
+- **Tailwind CSS & Flowbite** – Modern UI design.
+- **Playwright** – Automated end-to-end testing.
+- **SonarCloud** – Continuous code quality monitoring.
+
+AliasVault prioritizes security, performance, and user privacy with a technology stack trusted by the industry.

SECURITY.md

@@ -0,0 +1,95 @@
+# SECURITY.md
+This document describes the encryption algorithms used by AliasVault in order to keep its user data secure.
+
+## Overview
+AliasVault features a [zero-knowledge architecture](https://en.wikipedia.org/wiki/Zero-knowledge_service) and uses a combination of encryption algorithms to protect the data of its users.
+
+The basic premise is that the master password chosen by the user upon registration forms the basis for all encryption
+and decryption operations. This master password is never transmitted over the network and only resides on the client.
+All data is encrypted at rest and in transit. This ensures that even if the AliasVault servers are compromised,
+the user's data remains secure.
+
+## Encryption algorithms
+The following encryption algorithms are used by AliasVault:
+
+- [Argon2id](#argon2id)
+- [SRP](#srp)
+- [AES-GCM](#aes-gcm)
+- [RSA-OAEP](#rsa-oaep)
+
+Below is a detailed explanation of each encryption algorithm.
+
+For more information about how these algorithms are specifically used in AliasVault, see the [Architecture Documentation](https://docs.aliasvault.net/architecture) section on the documentation site.
+
+### Argon2id
+To derive a key from the master password, AliasVault uses the Argon2id key derivation function. Argon2id is a memory-hard
+key derivation function which allows for controlling the execution time, memory required and degree of parallelism.
+This makes it resilient against brute-force attacks and makes it one of the best choices for deriving keys from passwords.
+
+AliasVault uses Argon2id with the following default parameters:
+- Degree of parallelism: 1
+- Memory size: 19456 KB
+- Iterations: 2
+
+More information about Argon2id can be found on the [Argon2](https://en.wikipedia.org/wiki/Argon2) Wikipedia page.
+
+### SRP
+The Secure Remote Password (SRP) protocol is used for authenticating a user with the AliasVault server during login.
+The SRP protocol is a password-authenticated key exchange protocol (PAKE). This means that the client and server can
+authenticate each other using a password, without sending the password itself over the network.
+
+With the use of SRP the master password never leaves the client. The client sends a verifier to the server,
+which is a value derived from the master password. The server uses this verifier to authenticate the client without
+having ever seen the actual master password.
+
+For more information see the [SRP protocol](https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol) information on Wikipedia.
+
+### AES-256-GCM
+All user's vault data is fully encrypted on the client using the AES-256-GCM encryption algorithm, which stands for
+*Advanced Encryption Standard with 256-bit key in Galois/Counter Mode*. The key for encryption is derived from the
+master password by using the Argon2Id algorithm. AliasVault implements AES-GCM with the following specifications:
+
+- Key Size: 256 bits
+- Uses the Web Crypto API's SubtleCrypto interface for secure cryptographic operations
+- Generates a random 12-byte (96-bit) IV (initialization vector) for each encryption operation
+- Performs all encryption/decryption operations entirely in the browser
+
+#### The encryption process works as follows:
+- A unique IV is generated for each encryption operation
+- The users vault data is encrypted using AES-GCM with the derived key and IV
+- The IV is prepended to the ciphertext
+
+More information about AES-GCM can be found on the [AES-GCM](https://en.wikipedia.org/wiki/Galois/Counter_Mode) Wikipedia page.
+
+### RSA-OAEP
+To secure email communications, AliasVault uses RSA-OAEP (RSA with Optimal Asymmetric Encryption Padding). This asymmetric
+encryption system allows AliasVault to store emails on the server in encrypted state which can only be read by the
+intended recipient. AliasVault implements RSA-OAEP with the following specifications:
+- Algorithm: RSA-OAEP with SHA-256 hash
+- Key Size: 2048-bit modulus
+- Key Format: JWK (JSON Web Key)
+- Padding: OAEP (Optimal Asymmetric Encryption Padding)
+
+#### Email Security Flow
+1. Key Generation: When a user creates a vault, a RSA key pair is generated:
+   - A private key that remains in the encrypted user's vault and is never transmitted
+   - A public key that is sent to the server
+
+2. Email Reception Process: When an email arrives at the AliasVault email server:
+   - The server generates a random 256-bit symmetric encryption key to encrypt the email contents
+   - The symmetric encryption key is encrypted using the recipient's asymmetric public key
+   - The encrypted email contents together with the encrypted symmetric encryption key are stored in the server's database
+   - The original email content is never stored or logged
+
+3. Email Retrieval Process:
+   - When a user accesses their emails, the encrypted content is retrieved from the server
+   - The client-side application decrypts the symmetric encryption key using the user's private key that is stored in their vault
+   - The decrypted symmetric encryption key is used to decrypt the email contents
+   - Decryption occurs entirely in the browser, maintaining end-to-end encryption
+
+This implementation ensures that:
+- Emails are encrypted and secure at rest in the server database
+- Only the intended recipient that holds the private key can decrypt and read their emails
+- Even if the server is compromised, email contents remain encrypted and unreadable
+
+More information about RSA-OAEP can be found on the [RSA-OAEP](https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding) Wikipedia page.

aliasvault.sln

@@ -3,21 +3,17 @@ Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 17
 VisualStudioVersion = 17.10.34928.147
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AliasGenerators", "src\AliasGenerators\AliasGenerators.csproj", "{78E84B4E-57D1-491A-8F4E-9879AE49DE0F}"
-EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Utilities", "Utilities", "{01AB9389-2F89-4F8E-A688-BF4BF1FC42C8}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FaviconExtractor", "src\Utilities\FaviconExtractor\FaviconExtractor.csproj", "{ED328644-A152-403D-86EB-81201AA07744}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AliasVault.FaviconExtractor", "src\Utilities\AliasVault.FaviconExtractor\AliasVault.FaviconExtractor.csproj", "{ED328644-A152-403D-86EB-81201AA07744}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AliasVault.UnitTests", "src\Tests\AliasVault.UnitTests\AliasVault.UnitTests.csproj", "{8E6A418A-B305-465D-857D-49953605C18E}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Cryptography", "src\Utilities\Cryptography\Cryptography.csproj", "{427EA8E2-EA76-467E-A6BC-201EFE40C0D0}"
-EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AliasVault.Api", "src\AliasVault.Api\AliasVault.Api.csproj", "{B797C533-260E-4DA2-83B1-0EE4BCFE08DB}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AliasVault.Client", "src\AliasVault.Client\AliasVault.Client.csproj", "{25248E01-5A4B-4F95-A63C-BEA01499A1C2}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AliasVault.Shared", "src\AliasVault.Shared\AliasVault.Shared.csproj", "{15EFE0D0-F41B-47D7-86B7-8F840335CB82}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AliasVault.Shared", "src\Shared\AliasVault.Shared\AliasVault.Shared.csproj", "{15EFE0D0-F41B-47D7-86B7-8F840335CB82}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Tests", "Tests", "{29DE523D-EEF2-41E9-AC12-F20D8D02BEBB}"
 EndProject
@@ -33,7 +29,7 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AliasVault.E2ETests.Client.
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Server", "Server", "{607945F3-9896-4544-99EC-F3496CF4D36B}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "CsvImportExport", "src\Utilities\CsvImportExport\CsvImportExport.csproj", "{A9C9A606-C87E-4298-AB32-09B1884D7487}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AliasVault.CsvImportExport", "src\Utilities\AliasVault.CsvImportExport\AliasVault.CsvImportExport.csproj", "{A9C9A606-C87E-4298-AB32-09B1884D7487}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Services", "Services", "{8A477241-B96C-4174-968D-D40CB77F1ECD}"
 EndProject
@@ -43,24 +39,44 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.IntegrationTests
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.Admin", "src\AliasVault.Admin\AliasVault.Admin.csproj", "{F2CAE93E-94A7-4365-8E84-8D48CE8DD53F}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "InitializationCLI", "src\Utilities\InitializationCLI\InitializationCLI.csproj", "{857BCD0E-753F-437A-AF75-B995B4D9A5FE}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.InstallCli", "src\Utilities\AliasVault.InstallCli\AliasVault.InstallCli.csproj", "{857BCD0E-753F-437A-AF75-B995B4D9A5FE}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.Logging", "src\Utilities\AliasVault.Logging\AliasVault.Logging.csproj", "{FF0B0E64-1AE2-415C-A404-0EB78010821A}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.RazorComponents", "src\Utilities\AliasVault.RazorComponents\AliasVault.RazorComponents.csproj", "{59642CEF-D90A-4A6B-AD3F-9C6300D1E3FC}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.RazorComponents", "src\Shared\AliasVault.RazorComponents\AliasVault.RazorComponents.csproj", "{59642CEF-D90A-4A6B-AD3F-9C6300D1E3FC}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.WorkerStatus", "src\Utilities\AliasVault.WorkerStatus\AliasVault.WorkerStatus.csproj", "{951C3DF8-DF22-4B2B-839F-FBA26DDD8ABD}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.TotpGenerator", "src\Utilities\AliasVault.TotpGenerator\AliasVault.TotpGenerator.csproj", "{E8D9C551-67D2-4651-8EDF-4262DF7375CE}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.Auth", "src\Utilities\AliasVault.Auth\AliasVault.Auth.csproj", "{DA175274-0FF7-4436-9266-742F96C2D1ED}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Cryptography", "Cryptography", "{BB7E701E-B1C6-453E-800A-E12CE256318D}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.Cryptography.Server", "src\Utilities\Cryptography\AliasVault.Cryptography.Server\AliasVault.Cryptography.Server.csproj", "{341EC443-0B6B-4E8C-AF46-D6156573CEA5}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.Cryptography.Client", "src\Utilities\Cryptography\AliasVault.Cryptography.Client\AliasVault.Cryptography.Client.csproj", "{542C7B7D-C2B4-4AE3-9B2C-C62FCF4DFF8E}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Generators", "Generators", "{03D55CA4-20B3-4FEA-9ADD-3C7B5B10E0FE}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.Generators.Password", "src\Generators\AliasVault.Generators.Password\AliasVault.Generators.Password.csproj", "{47F47A1B-49E0-406A-81C8-31FF2E4C339B}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.Generators.Identity", "src\Generators\AliasVault.Generators.Identity\AliasVault.Generators.Identity.csproj", "{80E74FBC-4EC8-45FB-B210-473337C484B5}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Shared", "Shared", "{DD359F0A-0180-4F8F-9E48-46213386BA4D}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.Shared.Core", "src\Shared\AliasVault.Shared.Core\AliasVault.Shared.Core.csproj", "{40CA41BF-9E67-4D0A-A3F8-38B94992E4CA}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.TaskRunner", "src\Services\AliasVault.TaskRunner\AliasVault.TaskRunner.csproj", "{D631A936-DD1C-40CC-B735-BD0A5D4F46A1}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AliasVault.Shared.Server", "src\Shared\AliasVault.Shared.Server\AliasVault.Shared.Server.csproj", "{34FADEB6-4B56-463B-B359-F844B43D76D9}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
 		Release|Any CPU = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{78E84B4E-57D1-491A-8F4E-9879AE49DE0F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{78E84B4E-57D1-491A-8F4E-9879AE49DE0F}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{78E84B4E-57D1-491A-8F4E-9879AE49DE0F}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{78E84B4E-57D1-491A-8F4E-9879AE49DE0F}.Release|Any CPU.Build.0 = Release|Any CPU
 		{ED328644-A152-403D-86EB-81201AA07744}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{ED328644-A152-403D-86EB-81201AA07744}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{ED328644-A152-403D-86EB-81201AA07744}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -69,10 +85,6 @@ Global
 		{8E6A418A-B305-465D-857D-49953605C18E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8E6A418A-B305-465D-857D-49953605C18E}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{8E6A418A-B305-465D-857D-49953605C18E}.Release|Any CPU.Build.0 = Release|Any CPU
-		{427EA8E2-EA76-467E-A6BC-201EFE40C0D0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{427EA8E2-EA76-467E-A6BC-201EFE40C0D0}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{427EA8E2-EA76-467E-A6BC-201EFE40C0D0}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{427EA8E2-EA76-467E-A6BC-201EFE40C0D0}.Release|Any CPU.Build.0 = Release|Any CPU
 		{B797C533-260E-4DA2-83B1-0EE4BCFE08DB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{B797C533-260E-4DA2-83B1-0EE4BCFE08DB}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{B797C533-260E-4DA2-83B1-0EE4BCFE08DB}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -133,6 +145,42 @@ Global
 		{951C3DF8-DF22-4B2B-839F-FBA26DDD8ABD}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{951C3DF8-DF22-4B2B-839F-FBA26DDD8ABD}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{951C3DF8-DF22-4B2B-839F-FBA26DDD8ABD}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E8D9C551-67D2-4651-8EDF-4262DF7375CE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E8D9C551-67D2-4651-8EDF-4262DF7375CE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E8D9C551-67D2-4651-8EDF-4262DF7375CE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E8D9C551-67D2-4651-8EDF-4262DF7375CE}.Release|Any CPU.Build.0 = Release|Any CPU
+		{DA175274-0FF7-4436-9266-742F96C2D1ED}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{DA175274-0FF7-4436-9266-742F96C2D1ED}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{DA175274-0FF7-4436-9266-742F96C2D1ED}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{DA175274-0FF7-4436-9266-742F96C2D1ED}.Release|Any CPU.Build.0 = Release|Any CPU
+		{341EC443-0B6B-4E8C-AF46-D6156573CEA5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{341EC443-0B6B-4E8C-AF46-D6156573CEA5}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{341EC443-0B6B-4E8C-AF46-D6156573CEA5}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{341EC443-0B6B-4E8C-AF46-D6156573CEA5}.Release|Any CPU.Build.0 = Release|Any CPU
+		{542C7B7D-C2B4-4AE3-9B2C-C62FCF4DFF8E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{542C7B7D-C2B4-4AE3-9B2C-C62FCF4DFF8E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{542C7B7D-C2B4-4AE3-9B2C-C62FCF4DFF8E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{542C7B7D-C2B4-4AE3-9B2C-C62FCF4DFF8E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{47F47A1B-49E0-406A-81C8-31FF2E4C339B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{47F47A1B-49E0-406A-81C8-31FF2E4C339B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{47F47A1B-49E0-406A-81C8-31FF2E4C339B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{47F47A1B-49E0-406A-81C8-31FF2E4C339B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{80E74FBC-4EC8-45FB-B210-473337C484B5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{80E74FBC-4EC8-45FB-B210-473337C484B5}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{80E74FBC-4EC8-45FB-B210-473337C484B5}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{80E74FBC-4EC8-45FB-B210-473337C484B5}.Release|Any CPU.Build.0 = Release|Any CPU
+		{40CA41BF-9E67-4D0A-A3F8-38B94992E4CA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{40CA41BF-9E67-4D0A-A3F8-38B94992E4CA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{40CA41BF-9E67-4D0A-A3F8-38B94992E4CA}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{40CA41BF-9E67-4D0A-A3F8-38B94992E4CA}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D631A936-DD1C-40CC-B735-BD0A5D4F46A1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D631A936-DD1C-40CC-B735-BD0A5D4F46A1}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D631A936-DD1C-40CC-B735-BD0A5D4F46A1}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D631A936-DD1C-40CC-B735-BD0A5D4F46A1}.Release|Any CPU.Build.0 = Release|Any CPU
+		{34FADEB6-4B56-463B-B359-F844B43D76D9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{34FADEB6-4B56-463B-B359-F844B43D76D9}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{34FADEB6-4B56-463B-B359-F844B43D76D9}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{34FADEB6-4B56-463B-B359-F844B43D76D9}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -140,7 +188,6 @@ Global
 	GlobalSection(NestedProjects) = preSolution
 		{ED328644-A152-403D-86EB-81201AA07744} = {01AB9389-2F89-4F8E-A688-BF4BF1FC42C8}
 		{8E6A418A-B305-465D-857D-49953605C18E} = {29DE523D-EEF2-41E9-AC12-F20D8D02BEBB}
-		{427EA8E2-EA76-467E-A6BC-201EFE40C0D0} = {01AB9389-2F89-4F8E-A688-BF4BF1FC42C8}
 		{AF013D08-1BF6-4E23-87D2-37F614BE7952} = {29DE523D-EEF2-41E9-AC12-F20D8D02BEBB}
 		{1277105D-50CD-4CE0-9C2C-549F46867E54} = {5F7417F6-4388-49CC-9511-ED63C4A6488A}
 		{FE10F294-817F-477E-A24F-8597A15AF0B5} = {5F7417F6-4388-49CC-9511-ED63C4A6488A}
@@ -151,8 +198,19 @@ Global
 		{1C7C8DE9-5F2A-43DB-A25E-33319E80A509} = {29DE523D-EEF2-41E9-AC12-F20D8D02BEBB}
 		{857BCD0E-753F-437A-AF75-B995B4D9A5FE} = {01AB9389-2F89-4F8E-A688-BF4BF1FC42C8}
 		{FF0B0E64-1AE2-415C-A404-0EB78010821A} = {01AB9389-2F89-4F8E-A688-BF4BF1FC42C8}
-		{59642CEF-D90A-4A6B-AD3F-9C6300D1E3FC} = {01AB9389-2F89-4F8E-A688-BF4BF1FC42C8}
 		{951C3DF8-DF22-4B2B-839F-FBA26DDD8ABD} = {01AB9389-2F89-4F8E-A688-BF4BF1FC42C8}
+		{E8D9C551-67D2-4651-8EDF-4262DF7375CE} = {01AB9389-2F89-4F8E-A688-BF4BF1FC42C8}
+		{DA175274-0FF7-4436-9266-742F96C2D1ED} = {01AB9389-2F89-4F8E-A688-BF4BF1FC42C8}
+		{BB7E701E-B1C6-453E-800A-E12CE256318D} = {01AB9389-2F89-4F8E-A688-BF4BF1FC42C8}
+		{341EC443-0B6B-4E8C-AF46-D6156573CEA5} = {BB7E701E-B1C6-453E-800A-E12CE256318D}
+		{542C7B7D-C2B4-4AE3-9B2C-C62FCF4DFF8E} = {BB7E701E-B1C6-453E-800A-E12CE256318D}
+		{47F47A1B-49E0-406A-81C8-31FF2E4C339B} = {03D55CA4-20B3-4FEA-9ADD-3C7B5B10E0FE}
+		{80E74FBC-4EC8-45FB-B210-473337C484B5} = {03D55CA4-20B3-4FEA-9ADD-3C7B5B10E0FE}
+		{59642CEF-D90A-4A6B-AD3F-9C6300D1E3FC} = {DD359F0A-0180-4F8F-9E48-46213386BA4D}
+		{15EFE0D0-F41B-47D7-86B7-8F840335CB82} = {DD359F0A-0180-4F8F-9E48-46213386BA4D}
+		{40CA41BF-9E67-4D0A-A3F8-38B94992E4CA} = {DD359F0A-0180-4F8F-9E48-46213386BA4D}
+		{D631A936-DD1C-40CC-B735-BD0A5D4F46A1} = {8A477241-B96C-4174-968D-D40CB77F1ECD}
+		{34FADEB6-4B56-463B-B359-F844B43D76D9} = {DD359F0A-0180-4F8F-9E48-46213386BA4D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {FEE82475-C009-4762-8113-A6563D9DC49E}

browser-extension/.editorconfig

@@ -0,0 +1,28 @@
+# Child EditorConfig file that enforces 2 space indent for Typescript projects
+root = false
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+trim_trailing_whitespace = true
+
+# TypeScript and JavaScript files
+[*.{ts,tsx,js,jsx}]
+indent_style = space
+indent_size = 2
+
+# JSON files
+[*.json]
+indent_style = space
+indent_size = 2
+
+# YAML files
+[*.{yml,yaml}]
+indent_style = space
+indent_size = 2
+
+# Markdown files
+[*.md]
+trim_trailing_whitespace = false

browser-extension/.gitignore

@@ -0,0 +1,33 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+.output
+dist
+stats.html
+stats-*.json
+.wxt
+web-ext.config.ts
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+# Dictionaries
+# During build these are copied from the ../dictionaries folder because firefox zip requires all files to be in the root of the zip.
+# Therefore this copied folder is not committed to the repo the original folder is already available outside this directory.
+# See vite-plugins/identity-gen-dict-loader.ts for more details.
+dictionaries

browser-extension/README.md

@@ -0,0 +1,21 @@
+This folder contains the source code for the browser extensions for AliasVault.
+
+The browser extension is built using WXT and React:
+- [WXT](https://wxt.dev/) is a build tool for browser extensions.
+- [React](https://reactjs.org/) is a JavaScript library for building user interfaces.
+
+To build the browser extension, run the following command in this directory:
+
+### Build the browser extension
+```bash
+npm install
+
+# Build the Chrome extension (saves in dist/chrome-mv3)
+npm run zip:chrome
+
+# Build the Firefox extension (creates two zip files in dist)
+npm run zip:firefox
+
+# Build the Edge extension (saves in dist/edge-mv3)
+npm run zip:edge
+```

browser-extension/eslint.config.js

@@ -0,0 +1,129 @@
+import js from "@eslint/js";
+import tsParser from "@typescript-eslint/parser";
+import tsPlugin from "@typescript-eslint/eslint-plugin";
+import reactPlugin from "eslint-plugin-react";
+import reactHooksPlugin from "eslint-plugin-react-hooks";
+import importPlugin from "eslint-plugin-import";
+import jsdocPlugin from "eslint-plugin-jsdoc";
+import globals from 'globals';
+
+export default [
+    {
+        ignores: [
+            "dist/**",
+            "node_modules/**",
+        ]
+    },
+    js.configs.recommended,
+    {
+        files: ["src/**/*.{ts,tsx}"],
+        languageOptions: {
+            parser: tsParser,
+            parserOptions: {
+                ecmaFeatures: { jsx: true },
+                ecmaVersion: "latest",
+                sourceType: "module",
+                project: "./tsconfig.json",
+                tsconfigRootDir: ".",
+            },
+        },
+        plugins: {
+            "@typescript-eslint": tsPlugin,
+            "react": reactPlugin,
+            "react-hooks": reactHooksPlugin,
+            "import": importPlugin,
+            "jsdoc": jsdocPlugin,
+        },
+        rules: {
+            ...tsPlugin.configs.recommended.rules,
+            ...reactPlugin.configs.recommended.rules,
+            ...reactHooksPlugin.configs.recommended.rules,
+            "curly": ["error", "all"],
+            "brace-style": ["error", "1tbs", { "allowSingleLine": false }],
+            "@typescript-eslint/await-thenable": "error",
+            "@typescript-eslint/prefer-nullish-coalescing": ["error", {
+                "ignoreTernaryTests": false,
+                "ignoreConditionalTests": false,
+                "ignoreMixedLogicalExpressions": false
+            }],
+            "react/react-in-jsx-scope": "off",
+            "react/no-unused-prop-types": "error",
+            "@typescript-eslint/explicit-module-boundary-types": "off",
+            "@typescript-eslint/no-unused-vars": ["error", {
+                "vars": "all",
+                "args": "after-used",
+                "ignoreRestSiblings": true,
+                "varsIgnorePattern": "^_",
+                "argsIgnorePattern": "^_"
+            }],
+            "indent": ["error", 2, {
+                "SwitchCase": 1,
+                "VariableDeclarator": 1,
+                "outerIIFEBody": 1,
+                "MemberExpression": 1,
+                "FunctionDeclaration": { "parameters": 1, "body": 1 },
+                "FunctionExpression": { "parameters": 1, "body": 1 },
+                "CallExpression": { "arguments": 1 },
+                "ArrayExpression": 1,
+                "ObjectExpression": 1,
+                "ImportDeclaration": 1,
+                "flatTernaryExpressions": false,
+                "ignoreComments": false
+            }],
+            "no-multiple-empty-lines": ["error", { "max": 1, "maxEOF": 1, "maxBOF": 0 }],
+            "no-console": ["error", { allow: ["warn", "error", "info", "debug"] }],
+            "jsdoc/require-jsdoc": ["error", {
+                "require": {
+                    "FunctionDeclaration": true,
+                    "MethodDefinition": true,
+                    "ClassDeclaration": true,
+                    "ArrowFunctionExpression": true,
+                    "FunctionExpression": true
+                }
+            }],
+            "jsdoc/require-description": ["error", {
+                "contexts": [
+                    "FunctionDeclaration",
+                    "MethodDefinition",
+                    "ClassDeclaration",
+                    "ArrowFunctionExpression",
+                    "FunctionExpression"
+                ]
+            }],
+            "spaced-comment": ["error", "always"],
+            "multiline-comment-style": ["error", "starred-block"],
+            "@typescript-eslint/explicit-member-accessibility": ["error"],
+            "@typescript-eslint/explicit-function-return-type": ["error"],
+            "@typescript-eslint/typedef": ["error"],
+            "@typescript-eslint/naming-convention": [
+                "error",
+                {
+                    "selector": "interface",
+                    "format": ["PascalCase"],
+                    "prefix": ["I"]
+                },
+                {
+                    "selector": "class",
+                    "format": ["PascalCase"]
+                }
+            ],
+            "react-hooks/exhaustive-deps": "warn",
+            "react/jsx-no-constructed-context-values": "error",
+        },
+        settings: {
+            react: {
+                version: "detect",
+            },
+        },
+    },
+    {
+        languageOptions: {
+            globals: {
+                ...globals.browser,
+                ...globals.node,
+                NodeJS: true,
+                chrome: 'readonly',
+            }
+        }
+    }
+];

browser-extension/package.json

@@ -0,0 +1,61 @@
+{
+  "name": "aliasvault-browser-extension",
+  "description": "AliasVault Browser Extension",
+  "private": true,
+  "version": "0.0.0",
+  "type": "module",
+  "scripts": {
+    "dev:chrome": "wxt -b chrome",
+    "dev:firefox": "wxt -b firefox",
+    "dev:edge": "wxt -b edge",
+    "build:chrome": "wxt build -b chrome",
+    "build:firefox": "wxt build -b firefox",
+    "build:edge": "wxt build -b edge",
+    "test": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "lint": "eslint src",
+    "lint:custom": "eslint",
+    "lint:fix": "eslint src --fix",
+    "zip": "wxt zip",
+    "zip:chrome": "wxt zip -b chrome",
+    "zip:firefox": "wxt zip -b firefox",
+    "zip:edge": "wxt zip -b edge",
+    "compile": "tsc --noEmit",
+    "postinstall": "wxt prepare"
+  },
+  "dependencies": {
+    "argon2-browser": "^1.18.0",
+    "buffer": "^6.0.3",
+    "globals": "^16.0.0",
+    "react": "^19.0.0",
+    "react-dom": "^19.0.0",
+    "react-router-dom": "^7.1.4",
+    "secure-remote-password": "github:LinusU/secure-remote-password#73e5f732b6ca0cdbdc19da1a0c5f48cdbad2cbf0",
+    "sql.js": "^1.12.0",
+    "vitest": "^3.0.8",
+    "webext-bridge": "^6.0.1"
+  },
+  "devDependencies": {
+    "@types/chrome": "^0.0.280",
+    "@types/jsdom": "^21.1.7",
+    "@types/react": "^19.0.7",
+    "@types/react-dom": "^19.0.3",
+    "@types/sql.js": "^1.4.9",
+    "@typescript-eslint/eslint-plugin": "^8.21.0",
+    "@typescript-eslint/parser": "^8.21.0",
+    "@vitest/coverage-v8": "^3.0.8",
+    "@wxt-dev/module-react": "^1.1.2",
+    "autoprefixer": "^10.4.20",
+    "eslint": "^9.19.0",
+    "eslint-plugin-import": "^2.31.0",
+    "eslint-plugin-jsdoc": "^50.6.3",
+    "eslint-plugin-react": "^7.37.4",
+    "eslint-plugin-react-hooks": "^5.1.0",
+    "jsdom": "^26.0.0",
+    "postcss": "^8.5.1",
+    "tailwindcss": "^3.4.17",
+    "typescript": "^5.6.3",
+    "vite-plugin-static-copy": "^2.2.0",
+    "wxt": "^0.19.13"
+  }
+}

browser-extension/postcss.config.js

@@ -0,0 +1,6 @@
+export default {
+    plugins: {
+      tailwindcss: {},
+      autoprefixer: {},
+    },
+  };

browser-extension/src/assets/react.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="35.93" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 228"><path fill="#00D8FF" d="M210.483 73.824a171.49 171.49 0 0 0-8.24-2.597c.465-1.9.893-3.777 1.273-5.621c6.238-30.281 2.16-54.676-11.769-62.708c-13.355-7.7-35.196.329-57.254 19.526a171.23 171.23 0 0 0-6.375 5.848a155.866 155.866 0 0 0-4.241-3.917C100.759 3.829 77.587-4.822 63.673 3.233C50.33 10.957 46.379 33.89 51.995 62.588a170.974 170.974 0 0 0 1.892 8.48c-3.28.932-6.445 1.924-9.474 2.98C17.309 83.498 0 98.307 0 113.668c0 15.865 18.582 31.778 46.812 41.427a145.52 145.52 0 0 0 6.921 2.165a167.467 167.467 0 0 0-2.01 9.138c-5.354 28.2-1.173 50.591 12.134 58.266c13.744 7.926 36.812-.22 59.273-19.855a145.567 145.567 0 0 0 5.342-4.923a168.064 168.064 0 0 0 6.92 6.314c21.758 18.722 43.246 26.282 56.54 18.586c13.731-7.949 18.194-32.003 12.4-61.268a145.016 145.016 0 0 0-1.535-6.842c1.62-.48 3.21-.974 4.76-1.488c29.348-9.723 48.443-25.443 48.443-41.52c0-15.417-17.868-30.326-45.517-39.844Zm-6.365 70.984c-1.4.463-2.836.91-4.3 1.345c-3.24-10.257-7.612-21.163-12.963-32.432c5.106-11 9.31-21.767 12.459-31.957c2.619.758 5.16 1.557 7.61 2.4c23.69 8.156 38.14 20.213 38.14 29.504c0 9.896-15.606 22.743-40.946 31.14Zm-10.514 20.834c2.562 12.94 2.927 24.64 1.23 33.787c-1.524 8.219-4.59 13.698-8.382 15.893c-8.067 4.67-25.32-1.4-43.927-17.412a156.726 156.726 0 0 1-6.437-5.87c7.214-7.889 14.423-17.06 21.459-27.246c12.376-1.098 24.068-2.894 34.671-5.345a134.17 134.17 0 0 1 1.386 6.193ZM87.276 214.515c-7.882 2.783-14.16 2.863-17.955.675c-8.075-4.657-11.432-22.636-6.853-46.752a156.923 156.923 0 0 1 1.869-8.499c10.486 2.32 22.093 3.988 34.498 4.994c7.084 9.967 14.501 19.128 21.976 27.15a134.668 134.668 0 0 1-4.877 4.492c-9.933 8.682-19.886 14.842-28.658 17.94ZM50.35 144.747c-12.483-4.267-22.792-9.812-29.858-15.863c-6.35-5.437-9.555-10.836-9.555-15.216c0-9.322 13.897-21.212 37.076-29.293c2.813-.98 5.757-1.905 8.812-2.773c3.204 10.42 7.406 21.315 12.477 32.332c-5.137 11.18-9.399 22.249-12.634 32.792a134.718 134.718 0 0 1-6.318-1.979Zm12.378-84.26c-4.811-24.587-1.616-43.134 6.425-47.789c8.564-4.958 27.502 2.111 47.463 19.835a144.318 144.318 0 0 1 3.841 3.545c-7.438 7.987-14.787 17.08-21.808 26.988c-12.04 1.116-23.565 2.908-34.161 5.309a160.342 160.342 0 0 1-1.76-7.887Zm110.427 27.268a347.8 347.8 0 0 0-7.785-12.803c8.168 1.033 15.994 2.404 23.343 4.08c-2.206 7.072-4.956 14.465-8.193 22.045a381.151 381.151 0 0 0-7.365-13.322Zm-45.032-43.861c5.044 5.465 10.096 11.566 15.065 18.186a322.04 322.04 0 0 0-30.257-.006c4.974-6.559 10.069-12.652 15.192-18.18ZM82.802 87.83a323.167 323.167 0 0 0-7.227 13.238c-3.184-7.553-5.909-14.98-8.134-22.152c7.304-1.634 15.093-2.97 23.209-3.984a321.524 321.524 0 0 0-7.848 12.897Zm8.081 65.352c-8.385-.936-16.291-2.203-23.593-3.793c2.26-7.3 5.045-14.885 8.298-22.6a321.187 321.187 0 0 0 7.257 13.246c2.594 4.48 5.28 8.868 8.038 13.147Zm37.542 31.03c-5.184-5.592-10.354-11.779-15.403-18.433c4.902.192 9.899.29 14.978.29c5.218 0 10.376-.117 15.453-.343c-4.985 6.774-10.018 12.97-15.028 18.486Zm52.198-57.817c3.422 7.8 6.306 15.345 8.596 22.52c-7.422 1.694-15.436 3.058-23.88 4.071a382.417 382.417 0 0 0 7.859-13.026a347.403 347.403 0 0 0 7.425-13.565Zm-16.898 8.101a358.557 358.557 0 0 1-12.281 19.815a329.4 329.4 0 0 1-23.444.823c-7.967 0-15.716-.248-23.178-.732a310.202 310.202 0 0 1-12.513-19.846h.001a307.41 307.41 0 0 1-10.923-20.627a310.278 310.278 0 0 1 10.89-20.637l-.001.001a307.318 307.318 0 0 1 12.413-19.761c7.613-.576 15.42-.876 23.31-.876H128c7.926 0 15.743.303 23.354.883a329.357 329.357 0 0 1 12.335 19.695a358.489 358.489 0 0 1 11.036 20.54a329.472 329.472 0 0 1-11 20.722Zm22.56-122.124c8.572 4.944 11.906 24.881 6.52 51.026c-.344 1.668-.73 3.367-1.15 5.09c-10.622-2.452-22.155-4.275-34.23-5.408c-7.034-10.017-14.323-19.124-21.64-27.008a160.789 160.789 0 0 1 5.888-5.4c18.9-16.447 36.564-22.941 44.612-18.3ZM128 90.808c12.625 0 22.86 10.235 22.86 22.86s-10.235 22.86-22.86 22.86s-22.86-10.235-22.86-22.86s10.235-22.86 22.86-22.86Z"></path></svg>

browser-extension/src/assets/tailwind.css

@@ -0,0 +1,3 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;

browser-extension/src/entrypoints/background.ts

@@ -0,0 +1,31 @@
+import { browser } from "wxt/browser";
+import { defineBackground } from 'wxt/sandbox';
+import { onMessage } from "webext-bridge/background";
+import { setupContextMenus, handleContextMenuClick } from './background/ContextMenu';
+import { handleClearVault, handleCreateIdentity, handleGetCredentials, handleGetDefaultEmailDomain, handleGetDerivedKey, handleGetVault, handleStoreVault, handleSyncVault } from './background/VaultMessageHandler';
+import { handleOpenPopup, handlePopupWithCredential } from './background/PopupMessageHandler';
+
+export default defineBackground({
+  /**
+   * This is the main entry point for the background script.
+   */
+  main() {
+    // Set up context menus
+    setupContextMenus();
+    browser.contextMenus.onClicked.addListener((info: browser.menus.OnClickData, tab?: browser.tabs.Tab) =>
+      handleContextMenuClick(info, tab)
+    );
+
+    // Listen for messages using webext-bridge
+    onMessage('STORE_VAULT', ({ data }) => handleStoreVault(data));
+    onMessage('SYNC_VAULT', () => handleSyncVault());
+    onMessage('GET_VAULT', () => handleGetVault());
+    onMessage('CLEAR_VAULT', () => handleClearVault());
+    onMessage('GET_CREDENTIALS', () => handleGetCredentials());
+    onMessage('CREATE_IDENTITY', ({ data }) => handleCreateIdentity(data));
+    onMessage('GET_DEFAULT_EMAIL_DOMAIN', () => handleGetDefaultEmailDomain());
+    onMessage('GET_DERIVED_KEY', () => handleGetDerivedKey());
+    onMessage('OPEN_POPUP', () => handleOpenPopup());
+    onMessage('OPEN_POPUP_WITH_CREDENTIAL', ({ data }) => handlePopupWithCredential(data));
+  }
+});

browser-extension/src/entrypoints/background/ContextMenu.ts

@@ -0,0 +1,114 @@
+import { sendMessage } from 'webext-bridge/background';
+import { PasswordGenerator } from '../../utils/generators/Password/PasswordGenerator';
+import { browser } from 'wxt/browser';
+
+/**
+ * Setup the context menus.
+ */
+export function setupContextMenus() : void {
+  // Create root menu
+  browser.contextMenus.create({
+    id: "aliasvault-root",
+    title: "AliasVault",
+    contexts: ["all"]
+  });
+
+  // Add fill option first (only for editable fields)
+  browser.contextMenus.create({
+    id: "aliasvault-activate-form",
+    parentId: "aliasvault-root",
+    title: "Autofill with AliasVault",
+    contexts: ["editable"],
+  });
+
+  // Add separator (only for editable fields)
+  browser.contextMenus.create({
+    id: "aliasvault-separator",
+    parentId: "aliasvault-root",
+    type: "separator",
+    contexts: ["editable"],
+  });
+
+  // Add password generator option
+  browser.contextMenus.create({
+    id: "aliasvault-generate-password",
+    parentId: "aliasvault-root",
+    title: "Generate random password (copy to clipboard)",
+    contexts: ["all"]
+  });
+}
+
+/**
+ * Handle context menu clicks.
+ */
+export function handleContextMenuClick(info: browser.contextMenus.OnClickData, tab?: browser.tabs.Tab) : void {
+  if (info.menuItemId === "aliasvault-generate-password") {
+    // Initialize password generator
+    const passwordGenerator = new PasswordGenerator();
+    const password = passwordGenerator.generateRandomPassword();
+
+    // Use browser.scripting to write password to clipboard from active tab
+    if (tab?.id) {
+      browser.scripting.executeScript({
+        target: { tabId: tab.id },
+        func: copyPasswordToClipboard,
+        args: [password]
+      });
+    }
+  }
+
+  if (info.menuItemId === "aliasvault-activate-form" && tab?.id) {
+    // First get the active element's identifier
+    browser.scripting.executeScript({
+      target: { tabId: tab.id },
+      func: getActiveElementIdentifier,
+    }, (results) => {
+      const elementIdentifier = results[0]?.result;
+      if (elementIdentifier) {
+        // Send message to content script with proper tab targeting
+        sendMessage('OPEN_AUTOFILL_POPUP', { elementIdentifier }, `content-script@${tab.id}`);
+      }
+    });
+  }
+}
+
+/**
+ * Copy provided password to clipboard.
+ */
+function copyPasswordToClipboard(generatedPassword: string) : void {
+  navigator.clipboard.writeText(generatedPassword).then(() => {
+    showToast('Password copied to clipboard');
+  });
+
+  /**
+   * Show a toast notification.
+   */
+  function showToast(message: string) : void {
+    const notification = document.createElement('div');
+    notification.textContent = message;
+    notification.style.cssText = `
+        position: fixed;
+        top: 20px;
+        right: 20px;
+        padding: 16px;
+        background: #4CAF50;
+        color: white;
+        border-radius: 4px;
+        z-index: 9999;
+        box-shadow: 0 2px 5px rgba(0,0,0,0.2);
+    `;
+    document.body.appendChild(notification);
+    setTimeout(() => notification.remove(), 3000);
+  }
+}
+
+/**
+ * Activate AliasVault for the active input element.
+ */
+function getActiveElementIdentifier() : string {
+  const target = document.activeElement;
+  if (target instanceof HTMLInputElement) {
+    return target.id || target.name || '';
+  }
+  return '';
+}

browser-extension/src/entrypoints/background/PopupMessageHandler.ts

@@ -0,0 +1,34 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import { browser } from "wxt/browser";
+import { BoolResponse } from '../../utils/types/messaging/BoolResponse';
+/**
+ * Handle opening the popup.
+ */
+export function handleOpenPopup() : Promise<BoolResponse> {
+  return (async () : Promise<BoolResponse> => {
+    browser.windows.create({
+      url: browser.runtime.getURL('/popup.html?mode=inline_unlock&expanded=true'),
+      type: 'popup',
+      width: 400,
+      height: 600,
+      focused: true
+    });
+    return { success: true };
+  })();
+}
+
+/**
+ * Handle opening the popup with a credential.
+ */
+export function handlePopupWithCredential(message: any) : Promise<BoolResponse> {
+  return (async () : Promise<BoolResponse> => {
+    browser.windows.create({
+      url: browser.runtime.getURL(`/popup.html?expanded=true#/credentials/${message.credentialId}`),
+      type: 'popup',
+      width: 400,
+      height: 600,
+      focused: true
+    });
+    return { success: true };
+  })();
+}

browser-extension/src/entrypoints/background/VaultMessageHandler.ts

@@ -0,0 +1,324 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import EncryptionUtility from '../../utils/EncryptionUtility';
+import SqliteClient from '../../utils/SqliteClient';
+import { WebApiService } from '../../utils/WebApiService';
+import { Vault } from '../../utils/types/webapi/Vault';
+import { VaultResponse } from '../../utils/types/webapi/VaultResponse';
+import { VaultPostResponse } from '../../utils/types/webapi/VaultPostResponse';
+import { storage } from 'wxt/storage';
+import { BoolResponse as messageBoolResponse } from '../../utils/types/messaging/BoolResponse';
+import { VaultResponse as messageVaultResponse } from '../../utils/types/messaging/VaultResponse';
+import { CredentialsResponse as messageCredentialsResponse } from '../../utils/types/messaging/CredentialsResponse';
+import { DefaultEmailDomainResponse as messageDefaultEmailDomainResponse } from '../../utils/types/messaging/DefaultEmailDomainResponse';
+
+/**
+ * Store the vault in browser storage.
+ */
+export async function handleStoreVault(
+  message: any,
+) : Promise<messageBoolResponse> {
+  try {
+    const vaultResponse = message.vaultResponse as VaultResponse;
+    const encryptedVaultBlob = vaultResponse.vault.blob;
+
+    // Store encrypted vault and derived key in session storage.
+    await storage.setItems([
+      { key: 'session:encryptedVault', value: encryptedVaultBlob },
+      { key: 'session:derivedKey', value: message.derivedKey },
+      { key: 'session:publicEmailDomains', value: vaultResponse.vault.publicEmailDomainList },
+      { key: 'session:privateEmailDomains', value: vaultResponse.vault.privateEmailDomainList },
+      { key: 'session:vaultRevisionNumber', value: vaultResponse.vault.currentRevisionNumber }
+    ]);
+
+    return { success: true };
+  } catch (error) {
+    console.error('Failed to store vault:', error);
+    return { success: false, error: 'Failed to store vault' };
+  }
+}
+
+/**
+ * Sync the vault with the server to check if a newer vault is available. If so, the vault will be updated.
+ */
+export async function handleSyncVault(
+) : Promise<messageBoolResponse> {
+  const webApi = new WebApiService(() => {});
+  const statusResponse = await webApi.getStatus();
+  const statusError = webApi.validateStatusResponse(statusResponse);
+  if (statusError !== null) {
+    return { success: false, error: statusError };
+  }
+
+  const vaultRevisionNumber = await storage.getItem('session:vaultRevisionNumber') as number;
+
+  if (statusResponse.vaultRevision > vaultRevisionNumber) {
+    // Retrieve the latest vault from the server.
+    const vaultResponse = await webApi.get<VaultResponse>('Vault');
+
+    await storage.setItems([
+      { key: 'session:encryptedVault', value: vaultResponse.vault.blob },
+      { key: 'session:publicEmailDomains', value: vaultResponse.vault.publicEmailDomainList },
+      { key: 'session:privateEmailDomains', value: vaultResponse.vault.privateEmailDomainList },
+      { key: 'session:vaultRevisionNumber', value: vaultResponse.vault.currentRevisionNumber }
+    ]);
+  }
+
+  return { success: true };
+}
+
+/**
+ * Get the vault from browser storage.
+ */
+export async function handleGetVault(
+) : Promise<messageVaultResponse> {
+  try {
+    const encryptedVault = await storage.getItem('session:encryptedVault') as string;
+    const derivedKey = await storage.getItem('session:derivedKey') as string;
+    const publicEmailDomains = await storage.getItem('session:publicEmailDomains') as string[];
+    const privateEmailDomains = await storage.getItem('session:privateEmailDomains') as string[];
+    const vaultRevisionNumber = await storage.getItem('session:vaultRevisionNumber') as number;
+
+    if (!encryptedVault) {
+      console.error('Vault not available');
+      return { success: false, error: 'Vault not available' };
+    }
+
+    const decryptedVault = await EncryptionUtility.symmetricDecrypt(
+      encryptedVault,
+      derivedKey
+    );
+
+    return {
+      success: true,
+      vault: decryptedVault,
+      publicEmailDomains: publicEmailDomains ?? [],
+      privateEmailDomains: privateEmailDomains ?? [],
+      vaultRevisionNumber: vaultRevisionNumber ?? 0
+    };
+  } catch (error) {
+    console.error('Failed to get vault:', error);
+    return { success: false, error: 'Failed to get vault' };
+  }
+}
+
+/**
+ * Clear the vault from browser storage.
+ */
+export function handleClearVault(
+) : messageBoolResponse {
+  storage.removeItems([
+    'session:encryptedVault',
+    'session:derivedKey',
+    'session:publicEmailDomains',
+    'session:privateEmailDomains',
+    'session:vaultRevisionNumber'
+  ]);
+
+  return { success: true };
+}
+
+/**
+ * Get all credentials.
+ */
+export async function handleGetCredentials(
+) : Promise<messageCredentialsResponse> {
+  const derivedKey = await storage.getItem('session:derivedKey') as string;
+
+  if (!derivedKey) {
+    return { success: false, error: 'Vault is locked' };
+  }
+
+  try {
+    const sqliteClient = await createVaultSqliteClient();
+    const credentials = sqliteClient.getAllCredentials();
+    return { success: true, credentials: credentials };
+  } catch (error) {
+    console.error('Error getting credentials:', error);
+    return { success: false, error: 'Failed to get credentials' };
+  }
+}
+
+/**
+ * Create an identity.
+ */
+export async function handleCreateIdentity(
+  message: any,
+) : Promise<messageBoolResponse> {
+  const derivedKey = await storage.getItem('session:derivedKey') as string;
+
+  if (!derivedKey) {
+    return { success: false, error: 'Vault is locked' };
+  }
+
+  try {
+    const sqliteClient = await createVaultSqliteClient();
+
+    // Add the new credential to the vault/database.
+    sqliteClient.createCredential(message.credential);
+
+    // Upload the new vault to the server.
+    await uploadNewVaultToServer(sqliteClient);
+
+    return { success: true };
+  } catch (error) {
+    console.error('Failed to create identity:', error);
+    return { success: false, error: 'Failed to create identity' };
+  }
+}
+
+/**
+ * Get the email addresses for a vault.
+ */
+export async function getEmailAddressesForVault(
+  sqliteClient: SqliteClient
+): Promise<string[]> {
+  // TODO: create separate query to only get email addresses to avoid loading all credentials.
+  const credentials = sqliteClient.getAllCredentials();
+
+  // Get metadata from storage
+  const privateEmailDomains = await storage.getItem('session:privateEmailDomains') as string[];
+
+  const emailAddresses = credentials
+    .filter(cred => cred.Email != null)
+    .map(cred => cred.Email)
+    .filter((email, index, self) => self.indexOf(email) === index);
+
+  return emailAddresses.filter(email => {
+    const domain = email.split('@')[1];
+    return privateEmailDomains.includes(domain);
+  });
+}
+
+/**
+ * Get default email domain for a vault.
+ */
+export function handleGetDefaultEmailDomain(
+) : Promise<messageDefaultEmailDomainResponse> {
+  return (async () : Promise<messageDefaultEmailDomainResponse> => {
+    try {
+      const privateEmailDomains = await storage.getItem('session:privateEmailDomains') as string[];
+      const publicEmailDomains = await storage.getItem('session:publicEmailDomains') as string[];
+
+      const sqliteClient = await createVaultSqliteClient();
+      const defaultEmailDomain = sqliteClient.getDefaultEmailDomain();
+
+      /**
+       * Check if a domain is valid.
+       */
+      const isValidDomain = (domain: string) : boolean => {
+        const isValid = (domain &&
+                    domain !== 'DISABLED.TLD' &&
+                    (privateEmailDomains.includes(domain) || publicEmailDomains.includes(domain))) as boolean;
+
+        return isValid;
+      };
+
+      // First check if the default domain that is configured in the vault is still valid.
+      if (defaultEmailDomain && isValidDomain(defaultEmailDomain)) {
+        return { success: true, domain: defaultEmailDomain };
+      }
+
+      // If default domain is not valid, fall back to first available private domain.
+      const firstPrivate = privateEmailDomains.find(isValidDomain);
+
+      if (firstPrivate) {
+        return { success: true, domain: firstPrivate };
+      }
+
+      // Return first valid public domain if no private domains are available.
+      const firstPublic = publicEmailDomains.find(isValidDomain);
+
+      if (firstPublic) {
+        return { success: true, domain: firstPublic };
+      }
+
+      // Return null if no valid domains are found
+      return { success: true };
+    } catch (error) {
+      console.error('Error getting default email domain:', error);
+      return { success: false, error: 'Failed to get default email domain' };
+    }
+  })();
+}
+
+/**
+ * Get the derived key for the encrypted vault.
+ */
+export async function handleGetDerivedKey(
+) : Promise<string> {
+  const derivedKey = await storage.getItem('session:derivedKey') as string;
+  return derivedKey;
+}
+
+/**
+ * Upload a new version of the vault to the server using the provided sqlite client.
+ */
+async function uploadNewVaultToServer(sqliteClient: SqliteClient) : Promise<void> {
+  const updatedVaultData = sqliteClient.exportToBase64();
+  const derivedKey = await storage.getItem('session:derivedKey') as string;
+
+  const encryptedVault = await EncryptionUtility.symmetricEncrypt(
+    updatedVaultData,
+    derivedKey
+  );
+
+  await storage.setItems([
+    { key: 'session:encryptedVault', value: encryptedVault }
+  ]);
+
+  // Get metadata from storage
+  const vaultRevisionNumber = await storage.getItem('session:vaultRevisionNumber') as number;
+
+  // Upload new encrypted vault to server.
+  const username = await storage.getItem('local:username') as string;
+  const emailAddresses = await getEmailAddressesForVault(sqliteClient);
+
+  const newVault: Vault = {
+    blob: encryptedVault,
+    createdAt: new Date().toISOString(),
+    credentialsCount: sqliteClient.getAllCredentials().length,
+    currentRevisionNumber: vaultRevisionNumber,
+    emailAddressList: emailAddresses,
+    privateEmailDomainList: [], // Empty on purpose, API will not use this for vault updates.
+    publicEmailDomainList: [], // Empty on purpose, API will not use this for vault updates.
+    encryptionPublicKey: '', // Empty on purpose, only required if new public/private key pair is generated.
+    client: '', // Empty on purpose, API will not use this for vault updates.
+    updatedAt: new Date().toISOString(),
+    username: username,
+    version: sqliteClient.getDatabaseVersion() ?? '0.0.0'
+  };
+
+  const webApi = new WebApiService(() => {});
+  const response = await webApi.post<Vault, VaultPostResponse>('Vault', newVault);
+
+  // Check if response is successful (.status === 0)
+  if (response.status === 0) {
+    await storage.setItem('session:vaultRevisionNumber', response.newRevisionNumber);
+  } else {
+    throw new Error('Failed to upload new vault to server');
+  }
+}
+
+/**
+ * Create a new sqlite client for the stored vault.
+ */
+async function createVaultSqliteClient() : Promise<SqliteClient> {
+  const encryptedVault = await storage.getItem('session:encryptedVault') as string;
+  const derivedKey = await storage.getItem('session:derivedKey') as string;
+
+  if (!encryptedVault || !derivedKey) {
+    throw new Error('No vault or derived key found');
+  }
+
+  // Decrypt the vault.
+  const decryptedVault = await EncryptionUtility.symmetricDecrypt(
+    encryptedVault,
+    derivedKey
+  );
+
+  // Initialize the SQLite client with the decrypted vault.
+  const sqliteClient = new SqliteClient();
+  await sqliteClient.initializeFromBase64(decryptedVault);
+
+  return sqliteClient;
+}

browser-extension/src/entrypoints/content.ts

@@ -0,0 +1,83 @@
+import { FormDetector } from '../utils/formDetector/FormDetector';
+import { isAutoShowPopupDisabled, openAutofillPopup, removeExistingPopup } from './contentScript/Popup';
+import { canShowPopup, injectIcon } from './contentScript/Form';
+import { onMessage } from "webext-bridge/content-script";
+import { BoolResponse as messageBoolResponse } from '../utils/types/messaging/BoolResponse';
+import { defineContentScript } from 'wxt/sandbox';
+
+export default defineContentScript({
+  matches: ['<all_urls>'],
+  /**
+   * Main entry point for the content script.
+   */
+  main(ctx) {
+    if (ctx.isInvalid) {
+      return;
+    }
+
+    // Listen for input field focus
+    document.addEventListener('focusin', async (e) => {
+      if (ctx.isInvalid) {
+        return;
+      }
+
+      const target = e.target as HTMLInputElement;
+      const textInputTypes = ['text', 'email', 'tel', 'password', 'search', 'url'];
+
+      if (target.tagName === 'INPUT' &&
+          textInputTypes.includes(target.type) &&
+          !target.dataset.aliasvaultIgnore) {
+        const formDetector = new FormDetector(document, target);
+
+        if (!formDetector.containsLoginForm()) {
+          return;
+        }
+
+        injectIcon(target);
+
+        const isDisabled = await isAutoShowPopupDisabled();
+        const canShow = canShowPopup();
+
+        // Only show popup if it's not disabled and the popup can be shown
+        if (!isDisabled && canShow) {
+          openAutofillPopup(target);
+        }
+      }
+    });
+
+    // Listen for popstate events (back/forward navigation)
+    window.addEventListener('popstate', () => {
+      if (ctx.isInvalid) {
+        return;
+      }
+
+      removeExistingPopup();
+    });
+
+    // Listen for messages from the background script
+    onMessage('OPEN_AUTOFILL_POPUP', async (message: { data: { elementIdentifier: string } }) : Promise<messageBoolResponse> => {
+      const { data } = message;
+      const { elementIdentifier } = data;
+
+      if (!elementIdentifier) {
+        return { success: false, error: 'No element identifier provided' };
+      }
+
+      const target = document.getElementById(elementIdentifier) ?? document.getElementsByName(elementIdentifier)[0];
+
+      if (!(target instanceof HTMLInputElement)) {
+        return { success: false, error: 'Target element is not an input field' };
+      }
+
+      const formDetector = new FormDetector(document, target);
+
+      if (!formDetector.containsLoginForm(true)) {
+        return { success: false, error: 'No form found' };
+      }
+
+      injectIcon(target);
+      openAutofillPopup(target);
+      return { success: true };
+    });
+  },
+});

browser-extension/src/entrypoints/contentScript/Filter.ts

@@ -0,0 +1,63 @@
+import { CombinedStopWords } from "@/utils/formDetector/FieldPatterns";
+import { Credential } from "../../utils/types/Credential";
+
+/**
+ * Filter credentials based on current URL and page context to determine which credentials to show
+ * in the autofill popup.
+ */
+export function filterCredentials(credentials: Credential[], currentUrl: string, pageTitle: string): Credential[] {
+  const urlObject = new URL(currentUrl);
+  const baseUrl = `${urlObject.protocol}//${urlObject.hostname}`;
+
+  // 1. Exact URL match
+  let filtered = credentials.filter(cred =>
+    cred.ServiceUrl?.toLowerCase() === currentUrl.toLowerCase()
+  );
+
+  // 2. Base URL match with fuzzy domain comparison if no exact matches
+  filtered = filtered.concat(credentials.filter(cred => {
+    if (!cred.ServiceUrl) {
+      return false;
+    }
+    try {
+      const credUrlObject = new URL(cred.ServiceUrl);
+      const currentUrlObject = new URL(baseUrl);
+
+      // Extract root domains by splitting on dots and taking last two parts
+      const credDomainParts = credUrlObject.hostname.toLowerCase().split('.');
+      const currentDomainParts = currentUrlObject.hostname.toLowerCase().split('.');
+
+      // Get root domain (last two parts, e.g., 'aliasvaul.net')
+      const credRootDomain = credDomainParts.slice(-2).join('.');
+      const currentRootDomain = currentDomainParts.slice(-2).join('.');
+
+      // Compare protocols and root domains
+      return credUrlObject.protocol === currentUrlObject.protocol &&
+                credRootDomain === currentRootDomain;
+    } catch {
+      return false;
+    }
+  }));
+
+  // 3. Page title word match if still no matches
+  if (filtered.length === 0 && pageTitle.length > 0) {
+    const titleWords = pageTitle.toLowerCase()
+      .split(/\s+/)
+      .filter(word =>
+        word.length > 3 && // Filter out words shorter than 4 characters
+        !CombinedStopWords.has(word.toLowerCase()) // Filter out generic words
+      );
+
+    filtered = credentials.filter(cred =>
+      titleWords.some(word =>
+        cred.ServiceName.toLowerCase().includes(word)
+      )
+    );
+  }
+
+  // Ensure we have unique credentials
+  const uniqueCredentials = Array.from(new Map(filtered.map(cred => [cred.Id, cred])).values());
+
+  // Show max 3 results
+  return uniqueCredentials.slice(0, 3);
+}

browser-extension/src/entrypoints/contentScript/Form.ts

@@ -0,0 +1,237 @@
+import { FormDetector } from "../../utils/formDetector/FormDetector";
+import { FormFiller } from "../../utils/formDetector/FormFiller";
+import { Credential } from "../../utils/types/Credential";
+import { openAutofillPopup } from "./Popup";
+/**
+ * Global timestamp to track popup debounce time.
+ * This is used to not show the popup again for a specific amount of time.
+ * Used after autofill events to prevent spamming the popup from automatic
+ * triggered browser events which can cause "focus" events to trigger.
+ */
+let popupDebounceTime = 0;
+
+/**
+ * Check if popup can be shown based on debounce time.
+ */
+export function canShowPopup() : boolean {
+  if (Date.now() < popupDebounceTime) {
+    return false;
+  }
+
+  return true;
+}
+
+/**
+ * Hide popup for a specific amount of time.
+ */
+export function hidePopupFor(ms: number) : void {
+  popupDebounceTime = Date.now() + ms;
+}
+
+/**
+ * Fill credential into current form.
+ *
+ * @param credential - The credential to fill.
+ * @param input - The input element that triggered the popup. Required when filling credentials to know which form to fill.
+ */
+export function fillCredential(credential: Credential, input: HTMLInputElement) : void {
+  // Set debounce time to 800ms to prevent the popup from being shown again within 800ms because of autofill events.
+  hidePopupFor(800);
+
+  const formDetector = new FormDetector(document, input);
+  const form = formDetector.getForm();
+
+  if (!form) {
+    // No form found, so we can't fill anything.
+    return;
+  }
+
+  const formFiller = new FormFiller(form, triggerInputEvents);
+  formFiller.fillFields(credential);
+}
+
+/**
+ * Inject icon for a focused input element
+ */
+export function injectIcon(input: HTMLInputElement): void {
+  const aliasvaultIconSvg = `<?xml version="1.0" encoding="UTF-8"?>
+<svg enable-background="new 0 0 500 500" version="1.1" viewBox="0 0 500 500" xml:space="preserve" xmlns="http://www.w3.org/2000/svg">
+<path d="m459.87 294.95c0.016205 5.4005 0.03241 10.801-0.35022 16.873-1.111 6.3392-1.1941 12.173-2.6351 17.649-10.922 41.508-36.731 69.481-77.351 83.408-7.2157 2.4739-14.972 3.3702-22.479 4.995-23.629 0.042205-47.257 0.11453-70.886 0.12027-46.762 0.011322-93.523-0.01416-140.95-0.43411-8.59-2.0024-16.766-2.8352-24.398-5.3326-21.595-7.0666-39.523-19.656-53.708-37.552-10.227-12.903-17.579-27.17-21.28-43.221-1.475-6.3967-2.4711-12.904-3.6852-19.361-0.051849-5.747-0.1037-11.494 0.26915-17.886 4.159-42.973 27.68-71.638 63.562-92.153 0-0.70761-0.001961-1.6988 3.12e-4 -2.69 0.022484-9.8293-1.3071-19.894 0.35664-29.438 3.2391-18.579 11.08-35.272 23.763-49.773 12.098-13.832 26.457-23.989 43.609-30.029 7.813-2.7512 16.14-4.0417 24.234-5.9948 7.392-0.025734 14.784-0.05146 22.835 0.32253 4.1959 0.95392 7.7946 1.2538 11.258 2.1053 17.16 4.2192 32.287 12.176 45.469 24.104 2.2558 2.0411 4.372 6.6241 9.621 3.868 16.839-8.8419 34.718-11.597 53.603-8.594 16.791 2.6699 31.602 9.4308 44.236 20.636 11.531 10.227 19.84 22.841 25.393 37.236 6.3436 16.445 10.389 33.163 6.0798 49.389 7.9587 8.9321 15.807 16.704 22.421 25.414 9.162 12.065 15.33 25.746 18.144 40.776 0.97046 5.1848 1.9111 10.375 2.8654 15.563m-71.597 71.012c5.5615-5.2284 12.002-9.7986 16.508-15.817 10.474-13.992 14.333-29.916 11.288-47.446-2.2496-12.95-8.1973-24.076-17.243-33.063-12.746-12.663-28.865-18.614-46.786-18.569-69.912 0.17712-139.82 0.56831-209.74 0.96176-15.922 0.089599-29.168 7.4209-39.685 18.296-14.45 14.944-20.408 33.343-16.655 54.368 2.2763 12.754 8.2167 23.748 17.158 32.66 13.299 13.255 30.097 18.653 48.728 18.651 59.321-0.005188 118.64 0.042358 177.96-0.046601 9.5912-0.014374 19.181-0.86588 28.773-0.88855 10.649-0.025146 19.978-3.825 29.687-9.1074z" fill="#EEC170"/>
+<path d="m162.77 293c15.654 4.3883 20.627 22.967 10.304 34.98-5.3104 6.1795-14.817 8.3208-24.278 5.0472-7.0723-2.4471-12.332-10.362-12.876-17.933-1.0451-14.542 11.089-23.176 21.705-23.046 1.5794 0.019287 3.1517 0.61566 5.1461 0.95184z" fill="#EEC170"/>
+<path d="m227.18 293.64c7.8499 2.3973 11.938 8.2143 13.524 15.077 1.8591 8.0439-0.44817 15.706-7.1588 21.121-6.7633 5.4572-14.417 6.8794-22.578 3.1483-8.2972-3.7933-12.836-10.849-12.736-19.438 0.1687-14.497 14.13-25.368 28.948-19.908z" fill="#EEC170"/>
+<path d="m261.57 319.07c-2.495-14.418 4.6853-22.603 14.596-26.108 9.8945-3.4995 23.181 3.4303 26.267 13.779 4.6504 15.591-7.1651 29.064-21.665 28.161-8.5254-0.53088-17.202-6.5094-19.198-15.831z" fill="#EEC170"/>
+<path d="m336.91 333.41c-9.0175-4.2491-15.337-14.349-13.829-21.682 3.0825-14.989 13.341-20.304 23.018-19.585 10.653 0.79141 17.93 7.407 19.765 17.547 1.9588 10.824-4.1171 19.939-13.494 23.703-5.272 2.1162-10.091 1.5086-15.46 0.017883z" fill="#EEC170"/>
+</svg>`;
+
+  const ICON_HTML = `
+<div class="aliasvault-input-icon" style="
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  position: absolute;
+  cursor: pointer;
+  width: 24px;
+  height: 24px;
+  pointer-events: auto;
+  opacity: 0;
+  transition: opacity 0.2s ease-in-out;
+">
+  <img src="data:image/svg+xml;base64,${btoa(aliasvaultIconSvg)}" style="width: 100%; height: 100%;" />
+</div>
+`;
+
+  // Generate unique ID if input doesn't have one
+  if (!input.id) {
+    input.id = `aliasvault-input-${Math.random().toString(36).substring(2, 11)}`;
+  }
+
+  // Create an overlay container at document level if it doesn't exist
+  let overlayContainer = document.getElementById('aliasvault-overlay-container');
+  if (!overlayContainer) {
+    overlayContainer = document.createElement('div');
+    overlayContainer.id = 'aliasvault-overlay-container';
+    overlayContainer.style.cssText = `
+      position: fixed;
+      top: 0;
+      left: 0;
+      width: 100%;
+      height: 100%;
+      pointer-events: none;
+      z-index: 2147483640;
+    `;
+    document.body.appendChild(overlayContainer);
+  }
+
+  // Create the icon element from the HTML template
+  const iconContainer = document.createElement('div');
+  iconContainer.innerHTML = ICON_HTML;
+  const icon = iconContainer.firstElementChild as HTMLElement;
+  icon.setAttribute('data-icon-for', input.id);
+
+  // Enable pointer events just for the icon
+  icon.style.pointerEvents = 'auto';
+
+  /**
+   * Update position of the icon.
+   */
+  const updateIconPosition = () : void => {
+    const rect = input.getBoundingClientRect();
+    icon.style.position = 'fixed';
+    icon.style.top = `${rect.top + (rect.height - 24) / 2}px`;
+    icon.style.left = `${rect.right - 32}px`;
+  };
+
+  // Update position initially and on relevant events
+  updateIconPosition();
+  window.addEventListener('scroll', updateIconPosition, true);
+  window.addEventListener('resize', updateIconPosition);
+
+  // Add click event to trigger the autofill popup and refocus the input
+  icon.addEventListener('click', (e: MouseEvent) => {
+    e.preventDefault();
+    e.stopPropagation();
+    setTimeout(() => input.focus(), 0);
+    openAutofillPopup(input);
+  });
+
+  // Append the icon to the overlay container
+  overlayContainer.appendChild(icon);
+
+  // Fade in the icon
+  requestAnimationFrame(() => {
+    icon.style.opacity = '1';
+  });
+
+  /**
+   * Remove the icon when the input loses focus.
+   */
+  const handleBlur = (): void => {
+    icon.style.opacity = '0';
+    setTimeout(() => {
+      icon.remove();
+      input.removeEventListener('blur', handleBlur);
+      input.removeEventListener('keydown', handleKeyPress);
+      window.removeEventListener('scroll', updateIconPosition, true);
+      window.removeEventListener('resize', updateIconPosition);
+
+      // Remove overlay container if it's empty
+      if (!overlayContainer.children.length) {
+        overlayContainer.remove();
+      }
+    }, 200);
+  };
+
+  /**
+   * Handle key press to dismiss icon.
+   */
+  const handleKeyPress = (e: KeyboardEvent): void => {
+    // Dismiss on Enter, Escape, or Tab.
+    if (e.key === 'Enter' || e.key === 'Escape' || e.key === 'Tab') {
+      handleBlur();
+    }
+  };
+
+  input.addEventListener('blur', handleBlur);
+  input.addEventListener('keydown', handleKeyPress);
+}
+
+/**
+ * Trigger input events for an element to trigger form validation
+ * which some websites require before the "continue" button is enabled.
+ */
+function triggerInputEvents(element: HTMLInputElement | HTMLSelectElement) : void {
+  // Create an overlay div that will show the highlight effect
+  const overlay = document.createElement('div');
+
+  /**
+   * Update position of the overlay.
+   */
+  const updatePosition = () : void => {
+    const rect = element.getBoundingClientRect();
+    overlay.style.cssText = `
+      position: fixed;
+      z-index: 999999991;
+      pointer-events: none;
+      top: ${rect.top}px;
+      left: ${rect.left}px;
+      width: ${rect.width}px;
+      height: ${rect.height}px;
+      background-color: rgba(244, 149, 65, 0.3);
+      border-radius: ${getComputedStyle(element).borderRadius};
+      animation: fadeOut 1.4s ease-out forwards;
+    `;
+  };
+
+  updatePosition();
+
+  // Add scroll event listener
+  window.addEventListener('scroll', updatePosition);
+
+  // Add keyframe animation
+  const style = document.createElement('style');
+  style.textContent = `
+    @keyframes fadeOut {
+      0% { opacity: 1; transform: scale(1.02); }
+      100% { opacity: 0; transform: scale(1); }
+    }
+  `;
+  document.head.appendChild(style);
+  document.body.appendChild(overlay);
+
+  // Remove overlay and cleanup after animation
+  setTimeout(() => {
+    window.removeEventListener('scroll', updatePosition);
+    overlay.remove();
+    style.remove();
+  }, 1400);
+
+  // Trigger events
+  element.dispatchEvent(new Event('input', { bubbles: true }));
+  element.dispatchEvent(new Event('change', { bubbles: true }));
+
+  if (element.type === 'radio') {
+    element.dispatchEvent(new MouseEvent('mousedown', { bubbles: true }));
+    element.dispatchEvent(new MouseEvent('mouseup', { bubbles: true }));
+    element.dispatchEvent(new MouseEvent('click', { bubbles: true }));
+  }
+}

browser-extension/src/entrypoints/contentScript/Shared.ts

@@ -0,0 +1,6 @@
+/**
+ * Check if the current theme is dark.
+ */
+export function isDarkMode(): boolean {
+  return window.matchMedia('(prefers-color-scheme: dark)').matches;
+}

browser-extension/src/entrypoints/popup/App.tsx

@@ -0,0 +1,111 @@
+import React, { useState, useEffect } from 'react';
+import { HashRouter as Router, Routes, Route } from 'react-router-dom';
+import { useAuth } from './context/AuthContext';
+import { useMinDurationLoading } from '../../hooks/useMinDurationLoading';
+import Header from './components/Layout/Header';
+import BottomNav from './components/Layout/BottomNav';
+import AuthSettings from './pages/AuthSettings';
+import CredentialsList from './pages/CredentialsList';
+import EmailsList from './pages/EmailsList';
+import LoadingSpinner from './components/LoadingSpinner';
+import Home from './pages/Home';
+import CredentialDetails from './pages/CredentialDetails';
+import EmailDetails from './pages/EmailDetails';
+import Settings from './pages/Settings';
+import GlobalStateChangeHandler from './components/GlobalStateChangeHandler';
+import { useLoading } from './context/LoadingContext';
+import Logout from './pages/Logout';
+import './style.css';
+
+/**
+ * Route configuration.
+ */
+type RouteConfig = {
+  path: string;
+  element: React.ReactNode;
+  showBackButton?: boolean;
+  title?: string;
+};
+
+/**
+ * App component.
+ */
+const App: React.FC = () => {
+  const authContext = useAuth();
+  const { isInitialLoading } = useLoading();
+  const [isLoading, setIsLoading] = useMinDurationLoading(true, 150);
+  const [message, setMessage] = useState<string | null>(null);
+
+  // Add these route configurations
+  const routes: RouteConfig[] = [
+    { path: '/', element: <Home />, showBackButton: false },
+    { path: '/auth-settings', element: <AuthSettings />, showBackButton: true, title: 'Settings' },
+    { path: '/credentials', element: <CredentialsList />, showBackButton: false },
+    { path: '/credentials/:id', element: <CredentialDetails />, showBackButton: true, title: 'Credential details' },
+    { path: '/emails', element: <EmailsList />, showBackButton: false },
+    { path: '/emails/:id', element: <EmailDetails />, showBackButton: true, title: 'Email details' },
+    { path: '/settings', element: <Settings />, showBackButton: false },
+    { path: '/logout', element: <Logout />, showBackButton: false },
+  ];
+
+  useEffect(() => {
+    if (!isInitialLoading) {
+      setIsLoading(false);
+    }
+  }, [isInitialLoading, setIsLoading]);
+
+  /**
+   * Print global message if it exists.
+   */
+  useEffect(() => {
+    if (authContext.globalMessage) {
+      setMessage(authContext.globalMessage);
+    } else {
+      setMessage(null);
+    }
+  }, [authContext, authContext.globalMessage]);
+
+  return (
+    <Router>
+      <div className="min-h-screen min-w-[350px] bg-white dark:bg-gray-900 flex flex-col">
+        {isLoading && (
+          <div className="fixed inset-0 bg-white dark:bg-gray-900 z-50 flex items-center justify-center">
+            <LoadingSpinner />
+          </div>
+        )}
+
+        <GlobalStateChangeHandler />
+        <Header
+          routes={routes}
+        />
+
+        <main
+          className="flex-1 overflow-y-auto bg-gray-100 dark:bg-gray-900"
+          style={{
+            paddingTop: '64px',
+            height: 'calc(100vh - 120px)',
+          }}
+        >
+          <div className="p-4 mb-16">
+            {message && (
+              <p className="text-red-500 mb-4">{message}</p>
+            )}
+            <Routes>
+              {routes.map((route) => (
+                <Route
+                  key={route.path}
+                  path={route.path}
+                  element={route.element}
+                />
+              ))}
+            </Routes>
+          </div>
+        </main>
+
+        <BottomNav />
+      </div>
+    </Router>
+  );
+};
+
+export default App;

browser-extension/src/entrypoints/popup/components/Button.tsx

@@ -0,0 +1,35 @@
+import React from 'react';
+
+type ButtonProps = {
+  onClick: () => void;
+  children: React.ReactNode;
+  type?: 'button' | 'submit' | 'reset';
+  variant?: 'primary' | 'secondary';
+};
+
+/**
+ * Button component
+ */
+const Button: React.FC<ButtonProps> = ({
+  onClick,
+  children,
+  type = 'button',
+  variant = 'primary'
+}) => {
+  const colorClasses = {
+    primary: 'bg-primary-500 hover:bg-primary-600',
+    secondary: 'bg-gray-500 hover:bg-gray-600'
+  };
+
+  return (
+    <button
+      className={`${colorClasses[variant]} text-white font-medium rounded-lg px-4 py-2 text-sm w-full`}
+      onClick={onClick}
+      type={type}
+    >
+      {children}
+    </button>
+  );
+};
+
+export default Button;

browser-extension/src/entrypoints/popup/components/EmailPreview.tsx

@@ -0,0 +1,172 @@
+import React, { useState, useEffect } from 'react';
+import { useWebApi } from '../context/WebApiContext';
+import { useDb } from '../context/DbContext';
+import EncryptionUtility from '../../../utils/EncryptionUtility';
+import { MailboxEmail } from '../../../utils/types/webapi/MailboxEmail';
+import { Link } from 'react-router-dom';
+import { AppInfo } from '../../../utils/AppInfo';
+import { storage } from 'wxt/storage';
+
+type EmailPreviewProps = {
+  email: string;
+}
+
+/**
+ * This component shows a preview of the latest emails in the inbox.
+ */
+export const EmailPreview: React.FC<EmailPreviewProps> = ({ email }) => {
+  const [emails, setEmails] = useState<MailboxEmail[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [lastEmailId, setLastEmailId] = useState<number>(0);
+  const [isSpamOk, setIsSpamOk] = useState(false);
+  const webApi = useWebApi();
+  const dbContext = useDb();
+
+  /**
+   * Checks if the email is a public domain.
+   */
+  const isPublicDomain = async (emailAddress: string): Promise<boolean> => {
+    // Get metadata from storage
+    const publicEmailDomains = await storage.getItem('session:publicEmailDomains') as string[] ?? [];
+    return publicEmailDomains.some(domain => emailAddress.toLowerCase().endsWith(domain));
+  };
+
+  useEffect(() => {
+    /**
+     * Loads the latest emails from the server and decrypts them locally if needed.
+     */
+    const loadEmails = async (): Promise<void> => {
+      try {
+        const isPublic = await isPublicDomain(email);
+        setIsSpamOk(isPublic);
+
+        if (isPublic) {
+          // For public domains (SpamOK), use the SpamOK API directly
+          const emailPrefix = email.split('@')[0];
+          const response = await fetch(`https://api.spamok.com/v2/EmailBox/${emailPrefix}`, {
+            headers: {
+              'X-Asdasd-Platform-Id': 'av-chrome',
+              'X-Asdasd-Platform-Version': AppInfo.VERSION,
+            }
+          });
+          const data = await response.json();
+
+          // Only show the latest 2 emails to save space in UI
+          const latestMails = data?.mails
+            ?.toSorted((a: MailboxEmail, b: MailboxEmail) =>
+              new Date(b.dateSystem).getTime() - new Date(a.dateSystem).getTime())
+            ?.slice(0, 2) ?? [];
+
+          if (loading && latestMails.length > 0) {
+            setLastEmailId(latestMails[0].id);
+          }
+
+          setEmails(latestMails);
+        } else {
+          // For private domains, use existing encrypted email logic
+          const response = await webApi.get(`EmailBox/${email}`);
+          const data = response as { mails: MailboxEmail[] };
+
+          // Only show the latest 2 emails to save space in UI
+          const latestMails = data.mails
+            .toSorted((a, b) => new Date(b.dateSystem).getTime() - new Date(a.dateSystem).getTime())
+            .slice(0, 2);
+
+          if (latestMails) {
+            // Loop through all emails and decrypt them locally
+            const decryptedEmails: MailboxEmail[] = await EncryptionUtility.decryptEmailList(
+              latestMails,
+              dbContext.sqliteClient!.getAllEncryptionKeys()
+            );
+
+            if (loading && decryptedEmails.length > 0) {
+              setLastEmailId(decryptedEmails[0].id);
+            }
+
+            setEmails(decryptedEmails);
+          }
+        }
+      } catch (err) {
+        console.error('Error loading emails:', err);
+      }
+      setLoading(false);
+    };
+
+    loadEmails();
+    // Set up auto-refresh interval
+    const interval = setInterval(loadEmails, 2000);
+    return () : void => clearInterval(interval);
+  }, [email, loading, webApi, dbContext]);
+
+  if (loading) {
+    return (
+      <div className="text-gray-500 dark:text-gray-400 mb-4">
+        <div className="flex items-center gap-2 mb-2">
+          <h2 className="text-xl font-semibold text-gray-900 dark:text-white">Recent emails</h2>
+          <div className="w-2 h-2 bg-green-500 rounded-full animate-pulse" />
+        </div>
+        Loading emails...
+      </div>
+    );
+  }
+  if (emails.length === 0) {
+    return (
+      <div className="text-gray-500 dark:text-gray-400 mb-4">
+        <div className="flex items-center gap-2 mb-2">
+          <h2 className="text-xl font-semibold text-gray-900 dark:text-white">Recent emails</h2>
+          <div className="w-2 h-2 bg-green-500 rounded-full animate-pulse" />
+        </div>
+        No emails received yet.
+      </div>
+    );
+  }
+
+  return (
+    <div className="space-y-2 mb-4">
+      <div className="flex items-center gap-2 mb-2">
+        <h2 className="text-xl font-semibold text-gray-900 dark:text-white">Recent emails</h2>
+        <div className="w-2 h-2 bg-green-500 rounded-full animate-pulse" />
+      </div>
+
+      {emails.map((mail) => (
+        isSpamOk ? (
+          <a
+            key={mail.id}
+            href={`https://spamok.com/${email.split('@')[0]}/${mail.id}`}
+            target="_blank"
+            rel="noopener noreferrer"
+            className={`flex justify-between items-center p-2 rounded cursor-pointer bg-white dark:bg-gray-800 shadow hover:shadow-md transition-all border border-gray-200 dark:border-gray-700 hover:bg-gray-50 dark:hover:bg-gray-700 ${
+              mail.id > lastEmailId ? 'bg-yellow-50 dark:bg-yellow-900/30' : ''
+            }`}
+          >
+            <div className="truncate flex-1">
+              <span className="text-sm text-gray-900 dark:text-white">
+                {mail.subject.substring(0, 30)}{mail.subject.length > 30 ? '...' : ''}
+              </span>
+            </div>
+            <div className="text-xs text-gray-500 dark:text-gray-400 ml-2">
+              {new Date(mail.dateSystem).toLocaleDateString()}
+            </div>
+          </a>
+        ) : (
+          <Link
+            key={mail.id}
+            to={`/emails/${mail.id}`}
+            className={`flex justify-between items-center p-2 rounded cursor-pointer bg-white dark:bg-gray-800 shadow hover:shadow-md transition-all border border-gray-200 dark:border-gray-700 hover:bg-gray-50 dark:hover:bg-gray-700 ${
+              mail.id > lastEmailId ? 'bg-yellow-50 dark:bg-yellow-900/30' : ''
+            }`}
+          >
+            <span className="truncate flex-1">
+              <span className="text-sm text-gray-900 dark:text-white">
+                {mail.subject.substring(0, 30)}{mail.subject.length > 30 ? '...' : ''}
+              </span>
+            </span>
+            <span className="text-xs text-gray-500 dark:text-gray-400 ml-2">
+              {new Date(mail.dateSystem).toLocaleDateString()}
+            </span>
+          </Link>
+        )
+      ))}
+    </div>
+  );
+};

browser-extension/src/entrypoints/popup/components/FormInputCopyToClipboard.tsx

@@ -0,0 +1,90 @@
+import React, { useState, useEffect } from 'react';
+import { ClipboardCopyService } from '../utils/ClipboardCopyService';
+
+/**
+ * Form input copy to clipboard props.
+ */
+type FormInputCopyToClipboardProps = {
+  id: string;
+  label: string;
+  value: string;
+  type?: 'text' | 'password';
+}
+
+const clipboardService = new ClipboardCopyService();
+
+/**
+ * Form input copy to clipboard component.
+ */
+export const FormInputCopyToClipboard: React.FC<FormInputCopyToClipboardProps> = ({
+  id,
+  label,
+  value,
+  type = 'text'
+}) => {
+  const [showPassword, setShowPassword] = useState(false);
+  const [copied, setCopied] = useState(false);
+
+  useEffect(() => {
+    const unsubscribe = clipboardService.subscribe((copiedId) : void => {
+      setCopied(copiedId === id);
+    });
+    return () : void => {
+      unsubscribe();
+    };
+  }, [id]);
+
+  /**
+   * Copy to clipboard.
+   */
+  const copyToClipboard = async () : Promise<void> => {
+    try {
+      await navigator.clipboard.writeText(value);
+      clipboardService.setCopied(id);
+
+      // Reset copied state after 2 seconds
+      setTimeout(() => {
+        if (clipboardService.getCopiedId() === id) {
+          clipboardService.setCopied('');
+        }
+      }, 2000);
+    } catch (err) {
+      console.error('Failed to copy text:', err);
+    }
+  };
+
+  return (
+    <div>
+      <label htmlFor={id} className="block mb-2 text-sm font-medium text-gray-700 dark:text-gray-300">
+        {label}
+      </label>
+      <div className="relative">
+        <input
+          type={type === 'password' && !showPassword ? 'password' : 'text'}
+          id={id}
+          readOnly
+          value={value}
+          onClick={copyToClipboard}
+          className={`w-full px-3 py-2.5 bg-white border ${
+            copied ? 'border-green-500 border-2' : 'border-gray-300'
+          } text-gray-900 sm:text-sm rounded-lg shadow-sm focus:ring-primary-500 focus:border-primary-500 dark:bg-gray-700 dark:border-gray-600 dark:text-white dark:placeholder-gray-400`}
+        />
+        <div className="absolute right-2 top-1/2 -translate-y-1/2 flex items-center gap-2">
+          {copied && (
+            <span className="text-green-500 dark:text-green-400">
+              Copied!
+            </span>
+          )}
+          {type === 'password' && (
+            <button
+              onClick={() => setShowPassword(!showPassword)}
+              className="px-3 py-1 text-sm text-gray-600 hover:text-gray-900 dark:text-gray-400 dark:hover:text-white transition-colors duration-200"
+            >
+              {showPassword ? 'Hide' : 'Show'}
+            </button>
+          )}
+        </div>
+      </div>
+    </div>
+  );
+};

browser-extension/src/entrypoints/popup/components/GlobalStateChangeHandler.tsx

@@ -0,0 +1,40 @@
+import React, { useEffect, useRef } from 'react';
+import { useNavigate } from 'react-router-dom';
+import { useAuth } from '../context/AuthContext';
+
+/**
+ * Global state change handler component which listens for global state changes and e.g. redirects user to login
+ * page if login state changes.
+ */
+const GlobalStateChangeHandler: React.FC = () => {
+  const authContext = useAuth();
+  const navigate = useNavigate();
+  const lastLoginState = useRef(authContext.isLoggedIn);
+  const initialRender = useRef(true);
+
+  /**
+   * Listen for auth logged in changes and redirect to home page if logged in state changes to handle logins and logouts.
+   */
+  useEffect(() => {
+    // Only navigate when auth state is different from the last state we acted on.
+    if (lastLoginState.current !== authContext.isLoggedIn) {
+      lastLoginState.current = authContext.isLoggedIn;
+
+      /**
+       * Skip the first auth state change to avoid redirecting when popup opens for the first time
+       * which already causes the auth state to change from false to true.
+       */
+      if (initialRender.current) {
+        initialRender.current = false;
+        return;
+      }
+
+      // Redirect to home page if logged in state changes.
+      navigate('/');
+    }
+  }, [authContext.isLoggedIn]); // eslint-disable-line react-hooks/exhaustive-deps
+
+  return null;
+};
+
+export default GlobalStateChangeHandler;

browser-extension/src/entrypoints/popup/components/Layout/BottomNav.tsx

@@ -0,0 +1,89 @@
+import React, { useState, useEffect } from 'react';
+import { useNavigate, useLocation } from 'react-router-dom';
+import { useAuth } from '../../context/AuthContext';
+import { useDb } from '../../context/DbContext';
+
+type TabName = 'credentials' | 'emails' | 'settings';
+
+/**
+ * Bottom nav component.
+ */
+const BottomNav: React.FC = () => {
+  const authContext = useAuth();
+  const dbContext = useDb();
+  const navigate = useNavigate();
+  const location = useLocation();
+  const [currentTab, setCurrentTab] = useState<TabName>('credentials');
+
+  // Add effect to update currentTab based on route
+  useEffect(() => {
+    const path = location.pathname.substring(1) as TabName;
+    if (['credentials', 'emails', 'settings'].includes(path)) {
+      setCurrentTab(path);
+    }
+  }, [location]);
+
+  /**
+   * Handle tab change.
+   */
+  const handleTabChange = (tab: TabName) : void => {
+    setCurrentTab(tab);
+    navigate(`/${tab}`);
+  };
+
+  if (!authContext.isLoggedIn || !dbContext.dbAvailable) {
+    return null;
+  }
+
+  // Detect if the user is coming from the unlock page with mode=inline_unlock.
+  const urlParams = new URLSearchParams(window.location.search);
+  const isInlineUnlockMode = urlParams.get('mode') === 'inline_unlock';
+
+  if (isInlineUnlockMode) {
+    // Do not show the bottom nav for inline unlock mode.
+    return null;
+  }
+
+  return (
+    <div className="fixed bottom-0 left-0 right-0 bg-white dark:bg-gray-800 border-t border-gray-200 dark:border-gray-700">
+      <div className="flex justify-around items-center h-14">
+        <button
+          onClick={() => handleTabChange('credentials')}
+          className={`flex flex-col items-center justify-center w-1/3 h-full ${
+            currentTab === 'credentials' ? 'text-primary-600 dark:text-primary-500' : 'text-gray-500 dark:text-gray-400'
+          }`}
+        >
+          <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 7a2 2 0 012 2m4 0a6 6 0 01-7.743 5.743L11 17H9v2H7v2H4a1 1 0 01-1-1v-2.586a1 1 0 01.293-.707l5.964-5.964A6 6 0 1121 9z" />
+          </svg>
+          <span className="text-xs mt-1">Credentials</span>
+        </button>
+        <button
+          onClick={() => handleTabChange('emails')}
+          className={`flex flex-col items-center justify-center w-1/3 h-full ${
+            currentTab === 'emails' ? 'text-primary-600 dark:text-primary-500' : 'text-gray-500 dark:text-gray-400'
+          }`}
+        >
+          <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M3 8l7.89 5.26a2 2 0 002.22 0L21 8M5 19h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z" />
+          </svg>
+          <span className="text-xs mt-1">Emails</span>
+        </button>
+        <button
+          onClick={() => handleTabChange('settings')}
+          className={`flex flex-col items-center justify-center w-1/3 h-full ${
+            currentTab === 'settings' ? 'text-primary-600 dark:text-primary-500' : 'text-gray-500 dark:text-gray-400'
+          }`}
+        >
+          <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10.325 4.317c.426-1.756 2.924-1.756 3.35 0a1.724 1.724 0 002.573 1.066c1.543-.94 3.31.826 2.37 2.37a1.724 1.724 0 001.065 2.572c1.756.426 1.756 2.924 0 3.35a1.724 1.724 0 00-1.066 2.573c.94 1.543-.826 3.31-2.37 2.37a1.724 1.724 0 00-2.572 1.065c-.426 1.756-2.924 1.756-3.35 0a1.724 1.724 0 00-2.573-1.066c-1.543.94-3.31-.826-2.37-2.37a1.724 1.724 0 00-1.065-2.572c-1.756-.426-1.756-2.924 0-3.35a1.724 1.724 0 001.066-2.573c-.94-1.543.826-3.31 2.37-2.37.996.608 2.296.07 2.572-1.065z" />
+            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 12a3 3 0 11-6 0 3 3 0 016 0z" />
+          </svg>
+          <span className="text-xs mt-1">Settings</span>
+        </button>
+      </div>
+    </div>
+  );
+};
+
+export default BottomNav;

browser-extension/src/entrypoints/popup/components/Layout/Header.tsx

@@ -0,0 +1,137 @@
+import React from 'react';
+import { UserMenu } from './UserMenu';
+import { useNavigate, useLocation } from 'react-router-dom';
+import { useAuth } from '../../context/AuthContext';
+import { AppInfo } from '../../../../utils/AppInfo';
+import { storage } from 'wxt/storage';
+
+/**
+ * Header props.
+ */
+type HeaderProps = {
+  routes?: {
+    path: string;
+    showBackButton?: boolean;
+    title?: string;
+  }[];
+}
+
+/**
+ * Header component.
+ */
+const Header: React.FC<HeaderProps> = ({
+  routes = []
+}) => {
+  const authContext = useAuth();
+  const navigate = useNavigate();
+  const location = useLocation();
+
+  /**
+   * Open the client tab.
+   */
+  const openClientTab = async () : Promise<void> => {
+    const settingClientUrl = await storage.getItem('local:clientUrl') as string;
+    let clientUrl = AppInfo.DEFAULT_CLIENT_URL;
+    if (settingClientUrl && settingClientUrl.length > 0) {
+      clientUrl = settingClientUrl;
+    }
+
+    window.open(clientUrl, '_blank');
+  };
+
+  // Updated route matching logic to handle URL parameters
+  const currentRoute = routes?.find(route => {
+    // Convert route pattern to regex
+    const pattern = route.path.replace(/:\w+/g, '[^/]+');
+    const regex = new RegExp(`^${pattern}$`);
+    return regex.test(location.pathname);
+  });
+
+  /**
+   * Handle settings.
+   */
+  const handleSettings = () : void => {
+    navigate('/auth-settings');
+  };
+
+  /**
+   * Handle logo click.
+   */
+  const logoClick = () : void => {
+    // If logged in, navigate to credentials.
+    if (authContext.isLoggedIn) {
+      navigate('/credentials');
+    } else {
+      // If not logged in, navigate to index.
+      navigate('/');
+    }
+  };
+
+  return (
+    <header className="fixed z-30 w-full bg-white border-b border-gray-200 dark:bg-gray-800 dark:border-gray-700">
+      <div className="flex items-center h-16 px-4">
+        {currentRoute?.showBackButton ? (
+          <button
+            id="back"
+            onClick={() => navigate(-1)}
+            className="flex items-center gap-2 hover:bg-gray-100 dark:hover:bg-gray-700 pr-2 pt-1.5 pb-1.5 rounded-lg group"
+          >
+            <div className="flex items-center">
+              <svg className="w-5 h-5 text-gray-500 group-hover:text-gray-900 dark:text-gray-400 dark:group-hover:text-white" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 19l-7-7 7-7" />
+              </svg>
+              {currentRoute.title && (
+                <h1 className="text-lg font-medium text-gray-900 dark:text-white ml-2">
+                  {currentRoute.title}
+                </h1>
+              )}
+            </div>
+          </button>
+        ) : (
+          <div className="flex items-center">
+            <button
+              onClick={() => logoClick()}
+              className="flex items-center hover:opacity-80 transition-opacity"
+            >
+              <img src="/assets/images/logo.svg" alt="AliasVault" className="h-8 w-8 mr-2" />
+              <h1 className="text-gray-900 dark:text-white text-xl font-bold">AliasVault</h1>
+              <span className="text-primary-500 text-[10px] ml-1 font-normal">BETA</span>
+            </button>
+          </div>
+        )}
+
+        <div className="flex-grow" />
+
+        <div className="flex items-center">
+          {!currentRoute?.showBackButton ? (
+            <button
+              onClick={openClientTab}
+              className="p-2"
+            >
+              <svg xmlns="http://www.w3.org/2000/svg" className="h-4 w-4 text-gray-400" viewBox="0 0 20 20" fill="currentColor">
+                <path d="M11 3a1 1 0 100 2h2.586l-6.293 6.293a1 1 0 101.414 1.414L15 6.414V9a1 1 0 102 0V4a1 1 0 00-1-1h-5z" />
+                <path d="M5 5a2 2 0 00-2 2v8a2 2 0 002 2h8a2 2 0 002-2v-3a1 1 0 10-2 0v3H5V7h3a1 1 0 000-2H5z" />
+              </svg>
+            </button>
+          ) : (<></>)}
+        </div>
+        {!authContext.isLoggedIn ? (
+          <button
+            id="settings"
+            onClick={(handleSettings)}
+            className="p-1 text-gray-500 hover:text-gray-700 dark:text-gray-400 dark:hover:text-gray-200 rounded-lg hover:bg-gray-100 dark:hover:bg-gray-700"
+          >
+            <span className="sr-only">Settings</span>
+            <svg className="w-5 h-5" aria-hidden="true" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg">
+              <path fillRule="evenodd" d="M11.49 3.17c-.38-1.56-2.6-1.56-2.98 0a1.532 1.532 0 01-2.286.948c-1.372-.836-2.942.734-2.106 2.106.54.886.061 2.042-.947 2.287-1.561.379-1.561 2.6 0 2.978a1.532 1.532 0 01.947 2.287c-.836 1.372.734 2.942 2.106 2.106a1.532 1.532 0 012.287.947c.379 1.561 2.6 1.561 2.978 0a1.533 1.533 0 012.287-.947c1.372.836 2.942-.734 2.106-2.106a1.533 1.533 0 01.947-2.287c1.561-.379 1.561-2.6 0-2.978a1.532 1.532 0 01-.947-2.287c.836-1.372-.734-2.942-2.106-2.106a1.532 1.532 0 01-2.287-.947zM10 13a3 3 0 100-6 3 3 0 000 6z" clipRule="evenodd" />
+            </svg>
+          </button>
+        ) : (
+          <UserMenu />
+        )}
+      </div>
+    </header>
+  );
+};
+
+export default Header;

browser-extension/src/entrypoints/popup/components/Layout/UserMenu.tsx

@@ -0,0 +1,91 @@
+import React, { useState, useRef, useEffect } from 'react';
+import { useAuth } from '../../context/AuthContext';
+import { useNavigate } from 'react-router-dom';
+import { useLoading } from '../../context/LoadingContext';
+
+/**
+ * User menu component.
+ */
+export const UserMenu: React.FC = () => {
+  const authContext = useAuth();
+  const [isUserMenuOpen, setIsUserMenuOpen] = useState(false);
+  const menuRef = useRef<HTMLDivElement>(null);
+  const buttonRef = useRef<HTMLButtonElement>(null);
+  const navigate = useNavigate();
+  const { showLoading, hideLoading } = useLoading();
+
+  useEffect(() => {
+    /**
+     * Handle clicking outside the user menu.
+     */
+    const handleClickOutside = (event: MouseEvent) : void => {
+      if (
+        menuRef.current &&
+        buttonRef.current &&
+        !menuRef.current.contains(event.target as Node) &&
+        !buttonRef.current.contains(event.target as Node)
+      ) {
+        setIsUserMenuOpen(false);
+      }
+    };
+
+    document.addEventListener('mousedown', handleClickOutside);
+    return () : void => {
+      document.removeEventListener('mousedown', handleClickOutside);
+    };
+  }, []);
+
+  /**
+   * Toggle the user menu.
+   */
+  const toggleUserMenu = () : void => {
+    setIsUserMenuOpen(!isUserMenuOpen);
+  };
+
+  /**
+   * Handle logging out.
+   */
+  const onLogout = async () : Promise<void> => {
+    showLoading();
+    navigate('/logout', { replace: true });
+    hideLoading();
+  };
+
+  return (
+    <div className="relative flex items-center">
+      <div className="relative">
+        <button
+          ref={buttonRef}
+          onClick={toggleUserMenu}
+          className="flex items-center text-sm text-gray-500 hover:text-gray-700 dark:text-gray-400 dark:hover:text-gray-200"
+        >
+          <span className="sr-only">Open menu</span>
+          <svg className="w-6 h-6" aria-hidden="true" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg">
+            <path fillRule="evenodd" d="M3 5a1 1 0 011-1h12a1 1 0 110 2H4a1 1 0 01-1-1zM3 10a1 1 0 011-1h12a1 1 0 110 2H4a1 1 0 01-1-1zM3 15a1 1 0 011-1h12a1 1 0 110 2H4a1 1 0 01-1-1z" clipRule="evenodd" />
+          </svg>
+        </button>
+
+        {isUserMenuOpen && (
+          <div
+            ref={menuRef}
+            className="absolute right-0 z-50 mt-2 w-48 py-1 bg-white rounded-lg shadow-lg dark:bg-gray-700 border border-gray-200 dark:border-gray-600"
+          >
+            <div className="px-4 py-3 border-b border-gray-200 dark:border-gray-600">
+              <span className="block text-sm font-semibold text-gray-900 dark:text-white">
+                {authContext.username}
+              </span>
+            </div>
+            <button
+              onClick={onLogout}
+              className="w-full text-left px-4 py-2 text-sm text-red-600 hover:bg-gray-100 dark:text-red-400 dark:hover:bg-gray-600"
+            >
+              Logout
+            </button>
+          </div>
+        )}
+      </div>
+    </div>
+  );
+};
+
+export default UserMenu;

browser-extension/src/entrypoints/popup/components/LoadingSpinner.tsx

@@ -0,0 +1,39 @@
+import React from 'react';
+
+/**
+ * Loading spinner component used throughout the app for showing a loading spinner
+ * inline in the page.
+ */
+const LoadingSpinner: React.FC = () => {
+  const spinnerStyle: React.CSSProperties = {
+    width: '40px',
+    height: '40px',
+    borderRadius: '50%',
+    animation: 'spin 1s linear infinite',
+  };
+
+  const spinner = (
+    <>
+      <style>
+        {`
+        @keyframes spin {
+          0% { transform: rotate(0deg); }
+          100% { transform: rotate(360deg); }
+        }
+      `}
+      </style>
+      <div
+        className="border-[4px] border-solid border-current/10 dark:border-white/10 border-t-current dark:border-t-white"
+        style={spinnerStyle}
+      />
+    </>
+  );
+
+  return (
+    <div className="inline-flex items-center">
+      {spinner}
+    </div>
+  );
+};
+
+export default LoadingSpinner;

browser-extension/src/entrypoints/popup/components/LoadingSpinnerFullScreen.tsx

@@ -0,0 +1,48 @@
+import React from 'react';
+import { useLoading } from '../context/LoadingContext';
+
+/**
+ * Loading spinner full screen component used throughout the app for showing a loading spinner
+ * that covers the entire screen.
+ */
+const LoadingSpinnerFullScreen: React.FC = () => {
+  const { isLoading } = useLoading();
+
+  if (!isLoading) {
+    return null;
+  }
+
+  const spinnerStyle: React.CSSProperties = {
+    width: '40px',
+    height: '40px',
+    borderRadius: '50%',
+    animation: 'spin 1s linear infinite',
+  };
+
+  const spinner = (
+    <>
+      <style>
+        {`
+        @keyframes spin {
+          0% { transform: rotate(0deg); }
+          100% { transform: rotate(360deg); }
+        }
+      `}
+      </style>
+      <div
+        className="border-[4px] border-solid border-current/10 dark:border-white/10 border-t-current dark:border-t-white"
+        style={spinnerStyle}
+      />
+    </>
+  );
+
+  return (
+    <div className="fixed inset-0 w-full h-full z-50 bg-gray-200 dark:bg-gray-500 bg-opacity-90 flex items-center justify-center">
+      <div className="relative">
+        {spinner}
+      </div>
+    </div>
+  );
+};
+
+export default LoadingSpinnerFullScreen;

browser-extension/src/entrypoints/popup/components/LoginServerInfo.tsx

@@ -0,0 +1,48 @@
+import React, { useState, useEffect } from 'react';
+import { useNavigate } from 'react-router-dom';
+import { AppInfo } from '../../../utils/AppInfo';
+import { storage } from 'wxt/storage';
+
+/**
+ * Component for displaying the login server information.
+ */
+const LoginServerInfo: React.FC = () => {
+  const [baseUrl, setBaseUrl] = useState<string>('');
+  const navigate = useNavigate();
+
+  useEffect(() => {
+    /**
+     * Loads the base URL for the login server.
+     */
+    const loadApiUrl = async () : Promise<void> => {
+      const apiUrl = await storage.getItem('local:apiUrl') as string;
+      setBaseUrl(apiUrl ?? AppInfo.DEFAULT_API_URL);
+    };
+    loadApiUrl();
+  }, []);
+
+  const isDefaultServer = !baseUrl || baseUrl === AppInfo.DEFAULT_API_URL;
+  const displayUrl = isDefaultServer ? 'aliasvault.net' : new URL(baseUrl).hostname;
+
+  /**
+   * Handles the click event for the login server information.
+   */
+  const handleClick = () : void => {
+    navigate('/auth-settings');
+  };
+
+  return (
+    <div className="text-xs text-gray-600 dark:text-gray-400 mb-4">
+      (Connecting to{' '}
+      <button
+        onClick={handleClick}
+        type="button"
+        className="text-orange-500 hover:text-orange-600 dark:text-orange-400 dark:hover:text-orange-500 underline"
+      >
+        {displayUrl}
+      </button>)
+    </div>
+  );
+};
+
+export default LoginServerInfo;

browser-extension/src/entrypoints/popup/components/ReloadButton.tsx

@@ -0,0 +1,34 @@
+import React from 'react';
+
+/**
+ * Reload button props.
+ */
+type ReloadButtonProps = {
+  onClick: () => void;
+};
+
+/**
+ * Reload button component.
+ */
+const ReloadButton: React.FC<ReloadButtonProps> = ({ onClick }) => {
+  return (
+    <div
+      className="px-2 items-center"
+    >
+      <div className="relative inline-flex items-center">
+        <button onClick={onClick} className="absolute p-2 hover:bg-gray-200 rounded-2xl">
+          <svg xmlns="http://www.w3.org/2000/svg" className="h-4 w-4 text-gray-400" viewBox="0 0 20 20" fill="currentColor">
+            <path fillRule="evenodd" d="M4 2a1 1 0 011 1v2.101a7.002 7.002 0 0111.601 2.566 1 1 0 11-1.885.666A5.002 5.002 0 005.999 7H9a1 1 0 010 2H4a1 1 0 01-1-1V3a1 1 0 011-1zm.008 9.057a1 1 0 011.276.61A5.002 5.002 0 0014.001 13H11a1 1 0 110-2h5a1 1 0 011 1v5a1 1 0 11-2 0v-2.101a7.002 7.002 0 01-11.601-2.566 1 1 0 01.61-1.276z" clipRule="evenodd" />
+          </svg>
+        </button>
+        <svg aria-hidden="true" className="inline w-8 h-8 text-gray-200 dark:text-gray-600" viewBox="0 0 100 101" fill="none" xmlns="http://www.w3.org/2000/svg">
+          <path d="M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z" fill="currentColor" />
+          <path d="M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z" fill="currentFill" />
+        </svg>
+      </div>
+      <span className="sr-only">Loading...</span>
+    </div>
+  );
+};
+
+export default ReloadButton;

browser-extension/src/entrypoints/popup/context/AuthContext.tsx

@@ -0,0 +1,122 @@
+import React, { createContext, useContext, useState, useEffect, useMemo, useCallback } from 'react';
+import { useDb } from './DbContext';
+import { storage } from 'wxt/storage';
+import { sendMessage } from 'webext-bridge/popup';
+
+type AuthContextType = {
+  isLoggedIn: boolean;
+  isInitialized: boolean;
+  username: string | null;
+  setAuthTokens: (username: string, accessToken: string, refreshToken: string) => Promise<void>;
+  login: () => Promise<void>;
+  logout: (errorMessage?: string) => Promise<void>;
+  globalMessage: string | null;
+  clearGlobalMessage: () => void;
+}
+
+/**
+ * Auth context.
+ */
+const AuthContext = createContext<AuthContextType | undefined>(undefined);
+
+/**
+ * AuthProvider to provide the authentication state to the app that components can use.
+ */
+export const AuthProvider: React.FC<{ children: React.ReactNode }> = ({ children }) => {
+  const [isLoggedIn, setIsLoggedIn] = useState(false);
+  const [isInitialized, setIsInitialized] = useState(false);
+  const [username, setUsername] = useState<string | null>(null);
+  const [globalMessage, setGlobalMessage] = useState<string | null>(null);
+  const dbContext = useDb();
+
+  /**
+   * Check for tokens in chrome storage on initial load.
+   */
+  useEffect(() => {
+    /**
+     * Initialize the authentication state.
+     */
+    const initializeAuth = async () : Promise<void> => {
+      const accessToken = await storage.getItem('local:accessToken') as string;
+      const refreshToken = await storage.getItem('local:refreshToken') as string;
+      const username = await storage.getItem('local:username') as string;
+      if (accessToken && refreshToken && username) {
+        setUsername(username);
+        setIsLoggedIn(true);
+      }
+      setIsInitialized(true);
+    };
+
+    initializeAuth();
+  }, []);
+
+  /**
+   * Set auth tokens in chrome storage as part of the login process. After db is initialized, the login method should be called as well.
+   */
+  const setAuthTokens = useCallback(async (username: string, accessToken: string, refreshToken: string) : Promise<void> => {
+    await storage.setItem('local:username', username);
+    await storage.setItem('local:accessToken', accessToken);
+    await storage.setItem('local:refreshToken', refreshToken);
+
+    setUsername(username);
+  }, []);
+
+  /**
+   * Set logged in status to true which refreshes the app.
+   */
+  const login = useCallback(async () : Promise<void> => {
+    setIsLoggedIn(true);
+  }, []);
+
+  /**
+   * Logout the user and clear the auth tokens from chrome storage.
+   */
+  const logout = useCallback(async (errorMessage?: string) : Promise<void> => {
+    await sendMessage('CLEAR_VAULT', {}, 'background');
+    await storage.removeItems(['local:username', 'local:accessToken', 'local:refreshToken']);
+    dbContext?.clearDatabase();
+
+    // Set local storage global message that will be shown on the login page.
+    if (errorMessage) {
+      setGlobalMessage(errorMessage);
+    }
+
+    setUsername(null);
+    setIsLoggedIn(false);
+  }, [dbContext]);
+
+  /**
+   * Clear global message (called after displaying the message).
+   */
+  const clearGlobalMessage = useCallback(() : void => {
+    setGlobalMessage(null);
+  }, []);
+
+  const contextValue = useMemo(() => ({
+    isLoggedIn,
+    isInitialized,
+    username,
+    setAuthTokens,
+    login,
+    logout,
+    globalMessage,
+    clearGlobalMessage,
+  }), [isLoggedIn, isInitialized, username, globalMessage, setAuthTokens, login, logout, clearGlobalMessage]);
+
+  return (
+    <AuthContext.Provider value={contextValue}>
+      {children}
+    </AuthContext.Provider>
+  );
+};
+
+/**
+ * Hook to use the AuthContext
+ */
+export const useAuth = () : AuthContextType => {
+  const context = useContext(AuthContext);
+  if (context === undefined) {
+    throw new Error('useAuth must be used within an AuthProvider');
+  }
+  return context;
+};

browser-extension/src/entrypoints/popup/context/DbContext.tsx

@@ -0,0 +1,151 @@
+import React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';
+import SqliteClient from '../../../utils/SqliteClient';
+import { VaultResponse } from '../../../utils/types/webapi/VaultResponse';
+import EncryptionUtility from '../../../utils/EncryptionUtility';
+import { VaultResponse as messageVaultResponse } from '../../../utils/types/messaging/VaultResponse';
+import { sendMessage } from 'webext-bridge/popup';
+
+type DbContextType = {
+  sqliteClient: SqliteClient | null;
+  dbInitialized: boolean;
+  dbAvailable: boolean;
+  initializeDatabase: (vaultResponse: VaultResponse, derivedKey: string) => Promise<void>;
+  clearDatabase: () => void;
+  vaultRevision: number;
+  publicEmailDomains: string[];
+  privateEmailDomains: string[];
+}
+
+const DbContext = createContext<DbContextType | undefined>(undefined);
+
+/**
+ * DbProvider to provide the SQLite client to the app that components can use to make database queries.
+ */
+export const DbProvider: React.FC<{ children: React.ReactNode }> = ({ children }) => {
+  /**
+   * SQLite client.
+   */
+  const [sqliteClient, setSqliteClient] = useState<SqliteClient | null>(null);
+
+  /**
+   * Database initialization state. If true, the database has been initialized and the dbAvailable state is correct.
+   */
+  const [dbInitialized, setDbInitialized] = useState(false);
+
+  /**
+   * Database availability state. If true, the database is available. If false, the database is not available and needs to be unlocked or retrieved again from the API.
+   */
+  const [dbAvailable, setDbAvailable] = useState(false);
+
+  /**
+   * Public email domains.
+   */
+  const [publicEmailDomains, setPublicEmailDomains] = useState<string[]>([]);
+
+  /**
+   * Vault revision.
+   */
+  const [vaultRevision, setVaultRevision] = useState(0);
+
+  /**
+   * Private email domains.
+   */
+  const [privateEmailDomains, setPrivateEmailDomains] = useState<string[]>([]);
+
+  const initializeDatabase = useCallback(async (vaultResponse: VaultResponse, derivedKey: string) => {
+    // Attempt to decrypt the blob.
+    const decryptedBlob = await EncryptionUtility.symmetricDecrypt(
+      vaultResponse.vault.blob,
+      derivedKey
+    );
+
+    // Initialize the SQLite client.
+    const client = new SqliteClient();
+    await client.initializeFromBase64(decryptedBlob);
+
+    setSqliteClient(client);
+    setDbInitialized(true);
+    setDbAvailable(true);
+    setPublicEmailDomains(vaultResponse.vault.publicEmailDomainList);
+    setPrivateEmailDomains(vaultResponse.vault.privateEmailDomainList);
+    setVaultRevision(vaultResponse.vault.currentRevisionNumber);
+
+    /*
+     * Store encrypted vault in background worker.
+     */
+    sendMessage('STORE_VAULT', {
+      derivedKey: derivedKey,
+      vaultResponse: vaultResponse,
+    }, 'background');
+  }, []);
+
+  const checkStoredVault = useCallback(async () => {
+    try {
+      const response = await sendMessage('GET_VAULT', {}, 'background') as messageVaultResponse;
+      if (response?.vault) {
+        const client = new SqliteClient();
+        await client.initializeFromBase64(response.vault);
+
+        setSqliteClient(client);
+        setDbInitialized(true);
+        setDbAvailable(true);
+        setPublicEmailDomains(response.publicEmailDomains ?? []);
+        setPrivateEmailDomains(response.privateEmailDomains ?? []);
+        setVaultRevision(response.vaultRevisionNumber ?? 0);
+      } else {
+        setDbInitialized(true);
+        setDbAvailable(false);
+      }
+    } catch (error) {
+      console.error('Error retrieving vault from background:', error);
+      setDbInitialized(true);
+      setDbAvailable(false);
+    }
+  }, []);
+
+  /**
+   * Check if database is initialized and try to retrieve vault from background
+   */
+  useEffect(() : void => {
+    if (!dbInitialized) {
+      checkStoredVault();
+    }
+  }, [dbInitialized, checkStoredVault]);
+
+  /**
+   * Clear database and remove from background worker, called when logging out.
+   */
+  const clearDatabase = useCallback(() : void => {
+    setSqliteClient(null);
+    setDbInitialized(false);
+    sendMessage('CLEAR_VAULT', {}, 'background');
+  }, []);
+
+  const contextValue = useMemo(() => ({
+    sqliteClient,
+    dbInitialized,
+    dbAvailable,
+    initializeDatabase,
+    clearDatabase,
+    vaultRevision,
+    publicEmailDomains,
+    privateEmailDomains
+  }), [sqliteClient, dbInitialized, dbAvailable, initializeDatabase, clearDatabase, vaultRevision, publicEmailDomains, privateEmailDomains]);
+
+  return (
+    <DbContext.Provider value={contextValue}>
+      {children}
+    </DbContext.Provider>
+  );
+};
+
+/**
+ * Hook to use the DbContext
+ */
+export const useDb = () : DbContextType => {
+  const context = useContext(DbContext);
+  if (context === undefined) {
+    throw new Error('useDb must be used within a DbProvider');
+  }
+  return context;
+};

browser-extension/src/entrypoints/popup/context/LoadingContext.tsx

@@ -0,0 +1,71 @@
+import React, { createContext, useContext, useState, useMemo } from 'react';
+import LoadingSpinnerFullScreen from '../components/LoadingSpinnerFullScreen';
+
+type LoadingContextType = {
+  isLoading: boolean;
+  showLoading: () => void;
+  hideLoading: () => void;
+  isInitialLoading: boolean;
+  setIsInitialLoading: (isInitialLoading: boolean) => void;
+}
+
+/**
+ * Loading context.
+ */
+const LoadingContext = createContext<LoadingContextType | undefined>(undefined);
+
+/**
+ * Loading provider
+ */
+export const LoadingProvider: React.FC<{ children: React.ReactNode }> = ({ children }) => {
+  /**
+   * Initial loading state for when extension is first loaded. This initial loading state is
+   * hidden by the component that is rendered when the extension is first loaded to prevent
+   * multiple loading spinners from being shown.
+   */
+  const [isInitialLoading, setIsInitialLoading] = useState(true);
+
+  /**
+   * Loading state that can be used by other components during normal operation.
+   */
+  const [isLoading, setIsLoading] = useState(false);
+
+  /**
+   * Show loading spinner
+   */
+  const showLoading = (): void => setIsLoading(true);
+
+  /**
+   * Hide loading spinner
+   */
+  const hideLoading = (): void => setIsLoading(false);
+
+  const value = useMemo(
+    () => ({
+      isLoading,
+      showLoading,
+      hideLoading,
+      isInitialLoading,
+      setIsInitialLoading,
+    }),
+    [isLoading, isInitialLoading]
+  );
+
+  return (
+    <LoadingContext.Provider value={value}>
+      <LoadingSpinnerFullScreen />
+      {children}
+    </LoadingContext.Provider>
+  );
+};
+
+/**
+ * Hook to use loading state
+ */
+export const useLoading = (): LoadingContextType => {
+  const context = useContext(LoadingContext);
+  if (context === undefined) {
+    throw new Error('useLoading must be used within a LoadingProvider');
+  }
+  return context;
+};

browser-extension/src/entrypoints/popup/context/WebApiContext.tsx

@@ -0,0 +1,50 @@
+import React, { createContext, useContext, useEffect, useState } from 'react';
+import { WebApiService } from '../../../utils/WebApiService';
+import { useAuth } from './AuthContext';
+
+const WebApiContext = createContext<WebApiService | null>(null);
+
+/**
+ * WebApiProvider to provide the WebApiService to the app that components can use.
+ */
+export const WebApiProvider: React.FC<{ children: React.ReactNode }> = ({ children }) => {
+  const { logout } = useAuth();
+  const [webApiService, setWebApiService] = useState<WebApiService | null>(null);
+
+  /**
+   * Initialize WebApiService
+   */
+  useEffect(() : void => {
+    const service = new WebApiService(
+      (statusError: string | null) => {
+        if (statusError) {
+          logout(statusError);
+        } else {
+          logout();
+        }
+      }
+    );
+    setWebApiService(service);
+  }, [logout]);
+
+  if (!webApiService) {
+    return null;
+  }
+
+  return (
+    <WebApiContext.Provider value={webApiService}>
+      {children}
+    </WebApiContext.Provider>
+  );
+};
+
+/**
+ * Hook to use the WebApiService
+ */
+export const useWebApi = () : WebApiService => {
+  const context = useContext(WebApiContext);
+  if (!context) {
+    throw new Error('useWebApi must be used within a WebApiProvider');
+  }
+  return context;
+};

browser-extension/src/entrypoints/popup/index.html

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>AliasVault</title>
+  <link href="~/assets/tailwind.css" rel="stylesheet" />
+  <meta name="manifest.type" content="browser_action" />
+  <script>
+    // Check if expanded=true is in the URL, which means the popup was opened in expanded mode with unlimited width.
+    // If not, set the width to 350px to force the default popup to a fixed width.
+    const urlParams = new URLSearchParams(window.location.search);
+    if (!urlParams.get('expanded')) {
+      document.documentElement.classList.add('max-w-[350px]');
+    }
+  </script>
+</head>
+<body class="bg-white dark:bg-gray-900">
+  <div id="root"></div>
+  <script type="module" src="./main.tsx"></script>
+</body>
+</html>

browser-extension/src/entrypoints/popup/main.tsx

@@ -0,0 +1,19 @@
+import ReactDOM from 'react-dom/client';
+import App from './App';
+import { AuthProvider } from './context/AuthContext';
+import { WebApiProvider } from './context/WebApiContext';
+import { DbProvider } from './context/DbContext';
+import { LoadingProvider } from './context/LoadingContext';
+
+const root = ReactDOM.createRoot(document.getElementById('root') as HTMLElement);
+root.render(
+  <DbProvider>
+    <AuthProvider>
+      <WebApiProvider>
+        <LoadingProvider>
+          <App />
+        </LoadingProvider>
+      </WebApiProvider>
+    </AuthProvider>
+  </DbProvider>
+);

browser-extension/src/entrypoints/popup/pages/AuthSettings.tsx

@@ -0,0 +1,134 @@
+import React, { useState, useEffect } from 'react';
+import { AppInfo } from '../../../utils/AppInfo';
+import { storage } from 'wxt/storage';
+
+type ApiOption = {
+  label: string;
+  value: string;
+};
+
+const DEFAULT_OPTIONS: ApiOption[] = [
+  { label: 'Aliasvault.net', value: AppInfo.DEFAULT_API_URL },
+  { label: 'Self-hosted', value: 'custom' }
+];
+
+/**
+ * Auth settings page only shown when user is not logged in.
+ */
+const AuthSettings: React.FC = () => {
+  const [selectedOption, setSelectedOption] = useState<string>('');
+  const [customUrl, setCustomUrl] = useState<string>('');
+  const [customClientUrl, setCustomClientUrl] = useState<string>('');
+
+  useEffect(() => {
+    /**
+     * Load the stored settings from the storage.
+     */
+    const loadStoredSettings = async () : Promise<void> => {
+      const apiUrl = await storage.getItem('local:apiUrl') as string;
+      const clientUrl = await storage.getItem('local:clientUrl') as string;
+      const matchingOption = DEFAULT_OPTIONS.find(opt => opt.value === apiUrl);
+
+      if (matchingOption) {
+        setSelectedOption(matchingOption.value);
+      } else if (apiUrl) {
+        setSelectedOption('custom');
+        setCustomUrl(apiUrl);
+        setCustomClientUrl(clientUrl ?? '');
+      } else {
+        setSelectedOption(DEFAULT_OPTIONS[0].value);
+      }
+    };
+
+    loadStoredSettings();
+  }, []);
+
+  /**
+   * Handle option change
+   */
+  const handleOptionChange = async (e: React.ChangeEvent<HTMLSelectElement>) : Promise<void> => {
+    const value = e.target.value;
+    setSelectedOption(value);
+    if (value !== 'custom') {
+      await storage.setItem('local:apiUrl', '');
+      await storage.setItem('local:clientUrl', '');
+    }
+  };
+
+  /**
+   * Handle custom API URL change
+   */
+  const handleCustomUrlChange = async (e: React.ChangeEvent<HTMLInputElement>) : Promise<void> => {
+    const value = e.target.value;
+    setCustomUrl(value);
+    await storage.setItem('local:apiUrl', value);
+  };
+
+  /**
+   * Handle custom client URL change
+   * @param e
+   */
+  const handleCustomClientUrlChange = async (e: React.ChangeEvent<HTMLInputElement>) : Promise<void> => {
+    const value = e.target.value;
+    setCustomClientUrl(value);
+    await storage.setItem('local:clientUrl', value);
+  };
+
+  return (
+    <div className="p-4">
+      <div className="mb-6">
+        <label htmlFor="api-connection" className="block text-sm font-medium text-gray-700 dark:text-gray-200 mb-2">
+          API Connection
+        </label>
+        <select
+          value={selectedOption}
+          onChange={handleOptionChange}
+          className="w-full bg-gray-50 border border-gray-300 text-gray-900 text-sm rounded-lg focus:ring-primary-500 focus:border-primary-500 p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white"
+        >
+          {DEFAULT_OPTIONS.map(option => (
+            <option key={option.value} value={option.value}>
+              {option.label}
+            </option>
+          ))}
+        </select>
+      </div>
+
+      {selectedOption === 'custom' && (
+        <>
+          <div className="mb-6">
+            <label htmlFor="custom-client-url" className="block text-sm font-medium text-gray-700 dark:text-gray-200 mb-2">
+              Custom client URL
+            </label>
+            <input
+              id="custom-client-url"
+              type="text"
+              value={customClientUrl}
+              onChange={handleCustomClientUrlChange}
+              placeholder="https://my-aliasvault-instance.com"
+              className="w-full bg-gray-50 border border-gray-300 text-gray-900 text-sm rounded-lg focus:ring-primary-500 focus:border-primary-500 p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white"
+            />
+          </div>
+          <div className="mb-6">
+            <label htmlFor="custom-api-url" className="block text-sm font-medium text-gray-700 dark:text-gray-200 mb-2">
+              Custom API URL
+            </label>
+            <input
+              id="custom-api-url"
+              type="text"
+              value={customUrl}
+              onChange={handleCustomUrlChange}
+              placeholder="https://my-aliasvault-instance.com/api"
+              className="w-full bg-gray-50 border border-gray-300 text-gray-900 text-sm rounded-lg focus:ring-primary-500 focus:border-primary-500 p-2.5 dark:bg-gray-700 dark:border-gray-600 dark:placeholder-gray-400 dark:text-white"
+            />
+          </div>
+        </>
+      )}
+
+      <div className="text-center text-gray-400 dark:text-gray-600">
+        Version: {AppInfo.VERSION}
+      </div>
+    </div>
+  );
+};
+
+export default AuthSettings;

browser-extension/src/entrypoints/popup/pages/CredentialDetails.tsx

@@ -0,0 +1,227 @@
+import React, { useState, useEffect } from 'react';
+import { useNavigate, useParams } from 'react-router-dom';
+import { useDb } from '../context/DbContext';
+import { Credential } from '../../../utils/types/Credential';
+import { Buffer } from 'buffer';
+import { FormInputCopyToClipboard } from '../components/FormInputCopyToClipboard';
+import { EmailPreview } from '../components/EmailPreview';
+import { useLoading } from '../context/LoadingContext';
+
+/**
+ * Credential details page.
+ */
+const CredentialDetails: React.FC = () => {
+  const { id } = useParams();
+  const navigate = useNavigate();
+  const dbContext = useDb();
+  const [credential, setCredential] = useState<Credential | null>(null);
+  const { setIsInitialLoading } = useLoading();
+
+  /**
+   * Check if the current page is an expanded popup.
+   */
+  const isPopup = () : boolean => {
+    const urlParams = new URLSearchParams(window.location.search);
+    return urlParams.get('expanded') === 'true';
+  };
+
+  /**
+   * Open the credential details in a new expanded popup.
+   */
+  const openInNewPopup = () : void => {
+    const width = 380;
+    const height = 600;
+    const left = window.screen.width / 2 - width / 2;
+    const top = window.screen.height / 2 - height / 2;
+
+    window.open(
+      `popup.html?expanded=true#/credentials/${id}`,
+      'CredentialDetails',
+      `width=${width},height=${height},left=${left},top=${top},popup=true`
+    );
+
+    // Close the current tab
+    window.close();
+  };
+
+  /**
+   * Checks if the email domain is supported for email preview.
+   *
+   * @param email The email address to check
+   * @returns True if the domain is supported, false otherwise
+   */
+  const isEmailDomainSupported = (email: string): boolean => {
+    // Extract domain from email
+    const domain = email.split('@')[1]?.toLowerCase();
+
+    if (!domain) {
+      return false;
+    }
+
+    // Check if domain is in public or private domains
+    const publicDomains = dbContext.publicEmailDomains ?? [];
+    const privateDomains = dbContext.privateEmailDomains ?? [];
+
+    // Check if the domain ends with any of the supported domains
+    return [...publicDomains, ...privateDomains].some(supportedDomain =>
+      domain === supportedDomain || domain.endsWith(`.${supportedDomain}`)
+    );
+  };
+
+  useEffect(() => {
+    // For popup windows, ensure we have proper history state for navigation
+    if (isPopup()) {
+      // Clear existing history and create fresh entries
+      window.history.replaceState({}, '', `popup.html#/credentials`);
+      window.history.pushState({}, '', `popup.html#/credentials/${id}`);
+    }
+
+    if (!dbContext?.sqliteClient || !id) {
+      return;
+    }
+
+    try {
+      const result = dbContext.sqliteClient.getCredentialById(id);
+      if (result) {
+        setCredential(result);
+        setIsInitialLoading(false);
+      } else {
+        console.error('Credential not found');
+        navigate('/credentials');
+      }
+    } catch (err) {
+      console.error('Error loading credential:', err);
+    }
+  }, [dbContext.sqliteClient, id, navigate, setIsInitialLoading]);
+
+  if (!credential) {
+    return <div>Loading...</div>;
+  }
+
+  return (
+    <div className="">
+      <div className="space-y-6">
+        <div className="flex items-center justify-between mb-6">
+          <div className="flex items-center">
+            <img
+              src={credential.Logo ? `data:image/x-icon;base64,${Buffer.from(credential.Logo).toString('base64')}` : '/assets/images/service-placeholder.webp'}
+              alt={credential.ServiceName}
+              className="w-12 h-12 rounded-lg mr-4"
+            />
+            <div>
+              <h1 className="text-2xl font-bold text-gray-900 dark:text-white">{credential.ServiceName}</h1>
+              {credential.ServiceUrl && (
+                <a
+                  href={credential.ServiceUrl}
+                  target="_blank"
+                  rel="noopener noreferrer"
+                  className="text-primary-600 hover:text-primary-700 dark:text-primary-400 dark:hover:text-primary-300"
+                >
+                  {credential.ServiceUrl}
+                </a>
+              )}
+            </div>
+          </div>
+          <button
+            onClick={openInNewPopup}
+            className="text-gray-600 hover:text-gray-900 dark:text-gray-400 dark:hover:text-white"
+            title="Open in new window"
+          >
+            <svg
+              className="w-5 h-5"
+              fill="none"
+              stroke="currentColor"
+              viewBox="0 0 24 24"
+              xmlns="http://www.w3.org/2000/svg"
+            >
+              <path
+                strokeLinecap="round"
+                strokeLinejoin="round"
+                strokeWidth={2}
+                d="M4 8V4m0 0h4M4 4l5 5m11-1V4m0 0h-4m4 0l-5 5M4 16v4m0 0h4m-4 0l5-5m11 5l-5-5m5 5v-4m0 4h-4"
+              />
+            </svg>
+          </button>
+        </div>
+
+        {credential.Email && (
+          <>
+            {isEmailDomainSupported(credential.Email) && (
+              <div className="mt-6">
+                <EmailPreview
+                  email={credential.Email}
+                />
+              </div>
+            )}
+          </>
+        )}
+      </div>
+
+      <div className="grid gap-6">
+        <div className="space-y-4 lg:col-span-2 xl:col-span-1">
+          <h2 className="text-xl font-semibold text-gray-900 dark:text-white">Login credentials</h2>
+          <FormInputCopyToClipboard
+            id="email"
+            label="Email"
+            value={credential.Email ?? ''}
+          />
+          <FormInputCopyToClipboard
+            id="username"
+            label="Username"
+            value={credential.Username}
+          />
+          <FormInputCopyToClipboard
+            id="password"
+            label="Password"
+            value={credential.Password}
+            type="password"
+          />
+
+          <div className="space-y-4">
+            <h2 className="text-xl font-semibold text-gray-900 dark:text-white">Alias</h2>
+            <FormInputCopyToClipboard
+              id="fullName"
+              label="Full Name"
+              value={`${credential.Alias.FirstName} ${credential.Alias.LastName}`}
+            />
+            <FormInputCopyToClipboard
+              id="firstName"
+              label="First Name"
+              value={credential.Alias.FirstName}
+            />
+            <FormInputCopyToClipboard
+              id="lastName"
+              label="Last Name"
+              value={credential.Alias.LastName}
+            />
+            <FormInputCopyToClipboard
+              id="birthDate"
+              label="Birth Date"
+              value={credential.Alias.BirthDate ? new Date(credential.Alias.BirthDate).toISOString().split('T')[0] : ''}
+            />
+            {credential.Alias.NickName && (
+              <FormInputCopyToClipboard
+                id="nickName"
+                label="Nickname"
+                value={credential.Alias.NickName}
+              />
+            )}
+          </div>
+        </div>
+
+        {credential.Notes && (
+          <div className="space-y-4 lg:col-span-2 xl:col-span-1">
+            <h2 className="text-xl font-semibold text-gray-900 dark:text-white">Notes</h2>
+            <div className="p-4 bg-gray-50 rounded-lg dark:bg-gray-700">
+              <p className="text-gray-900 dark:text-gray-100 whitespace-pre-wrap">
+                {credential.Notes}
+              </p>
+            </div>
+          </div>
+        )}
+      </div>
+    </div>
+  );
+};
+
+export default CredentialDetails;

browser-extension/src/entrypoints/popup/pages/CredentialsList.tsx

@@ -0,0 +1,187 @@
+import React, { useState, useEffect, useCallback } from 'react';
+import { useDb } from '../context/DbContext';
+import { Credential } from '../../../utils/types/Credential';
+import { Buffer } from 'buffer';
+import { useNavigate } from 'react-router-dom';
+import { useLoading } from '../context/LoadingContext';
+import { useWebApi } from '../context/WebApiContext';
+import { VaultResponse } from '../../../utils/types/webapi/VaultResponse';
+import ReloadButton from '../components/ReloadButton';
+import LoadingSpinner from '../components/LoadingSpinner';
+import { useMinDurationLoading } from '../../../hooks/useMinDurationLoading';
+import { sendMessage } from 'webext-bridge/popup';
+
+/**
+ * Credentials list page.
+ */
+const CredentialsList: React.FC = () => {
+  const dbContext = useDb();
+  const webApi = useWebApi();
+  const [credentials, setCredentials] = useState<Credential[]>([]);
+  const [searchTerm, setSearchTerm] = useState('');
+  const navigate = useNavigate();
+  const { showLoading, hideLoading, setIsInitialLoading } = useLoading();
+
+  /**
+   * Loading state with minimum duration for more fluid UX.
+   */
+  const [isLoading, setIsLoading] = useMinDurationLoading(true, 100);
+
+  /**
+   * Retrieve latest vault and refresh the credentials list.
+   */
+  const onRefresh = useCallback(async () : Promise<void> => {
+    if (!dbContext?.sqliteClient) {
+      return;
+    }
+
+    // Do status check first to ensure the extension is (still) supported.
+    const statusResponse = await webApi.getStatus();
+    const statusError = webApi.validateStatusResponse(statusResponse);
+    if (statusError !== null) {
+      await webApi.logout(statusError);
+      return;
+    }
+
+    try {
+      // If the vault revision is the same or lower, (re)load existing credentials.
+      if (statusResponse.vaultRevision <= dbContext.vaultRevision) {
+        const results = dbContext.sqliteClient.getAllCredentials();
+        setCredentials(results);
+        return;
+      }
+
+      /**
+       * If the vault revision is higher, fetch the latest vault and initialize the SQLite context again.
+       * This will trigger a new credentials list refresh.
+       */
+      const vaultResponseJson = await webApi.get<VaultResponse>('Vault');
+
+      const vaultError = webApi.validateVaultResponse(vaultResponseJson);
+      if (vaultError) {
+        await webApi.logout(vaultError);
+        hideLoading();
+        return;
+      }
+
+      // Get derived key from background worker
+      const passwordHashBase64 = await sendMessage('GET_DERIVED_KEY', {}, 'background') as string;
+
+      // Initialize the SQLite context again with the newly retrieved decrypted blob
+      await dbContext.initializeDatabase(vaultResponseJson, passwordHashBase64);
+    } catch (err) {
+      console.error('Refresh error:', err);
+    }
+  }, [dbContext, webApi, hideLoading]);
+
+  /**
+   * Manually refresh the credentials list.
+   */
+  const onManualRefresh = async (): Promise<void> => {
+    showLoading();
+    await onRefresh();
+    hideLoading();
+  };
+
+  /**
+   * Load credentials list on mount and on sqlite client change.
+   */
+  useEffect(() => {
+    /**
+     * Refresh credentials list when sqlite client is available.
+     */
+    const refreshCredentials = async () : Promise<void> => {
+      if (dbContext?.sqliteClient) {
+        setIsLoading(true);
+        await onRefresh();
+        setIsLoading(false);
+
+        // Hide the global app initial loading state after the credentials list is loaded.
+        setIsInitialLoading(false);
+      }
+    };
+
+    refreshCredentials();
+  }, [dbContext?.sqliteClient, onRefresh, setIsLoading, setIsInitialLoading]);
+
+  // Add this function to filter credentials
+  const filteredCredentials = credentials.filter(cred => {
+    const searchLower = searchTerm.toLowerCase();
+    return (
+      cred.ServiceName.toLowerCase().includes(searchLower) ||
+      cred.Username.toLowerCase().includes(searchLower) ||
+      (cred.Email?.toLowerCase().includes(searchLower))
+    );
+  });
+
+  if (isLoading) {
+    return (
+      <div className="flex justify-center items-center p-8">
+        <LoadingSpinner />
+      </div>
+    );
+  }
+
+  return (
+    <div>
+      <div className="flex justify-between items-center mb-4">
+        <h2 className="text-gray-900 dark:text-white text-xl">Credentials</h2>
+        <ReloadButton onClick={onManualRefresh} />
+      </div>
+
+      {credentials.length > 0 ? (
+        <input
+          type="text"
+          placeholder="Search credentials..."
+          value={searchTerm}
+          onChange={(e) => setSearchTerm(e.target.value)}
+          autoFocus
+          className="w-full p-2 mb-4 border dark:border-gray-600 rounded bg-white dark:bg-gray-800 text-gray-900 dark:text-white focus:ring-blue-500 focus:border-blue-500"
+        />
+      ) : (
+        <></>
+      )}
+
+      {credentials.length === 0 ? (
+        <div className="text-gray-500 dark:text-gray-400 space-y-2 mb-10">
+          <p className="text-sm">
+            Welcome to AliasVault!
+          </p>
+          <p className="text-sm">
+            To use the AliasVault browser extension: navigate to a website and use the AliasVault autofill popup to create a new credential.
+          </p>
+          <p className="text-sm">
+            If you want to create manual identities, open the full AliasVault app via the popout icon in the top right corner.
+          </p>
+        </div>
+      ) : (
+        <ul className="space-y-2">
+          {filteredCredentials.map(cred => (
+            <li key={cred.Id}>
+              <button
+                onClick={() => navigate(`/credentials/${cred.Id}`)}
+                className="w-full p-2 border dark:border-gray-600 rounded flex items-center bg-white dark:bg-gray-800 cursor-pointer hover:bg-gray-50 dark:hover:bg-gray-700 focus:outline-none focus:ring-2 focus:ring-blue-500"
+              >
+                <img
+                  src={cred.Logo ? `data:image/x-icon;base64,${Buffer.from(cred.Logo).toString('base64')}` : '/assets/images/service-placeholder.webp'}
+                  alt={cred.ServiceName}
+                  className="w-8 h-8 mr-2 flex-shrink-0"
+                  onError={(e) => {
+                    const target = e.target as HTMLImageElement;
+                    target.src = '/assets/images/service-placeholder.webp';
+                  }}
+                />
+                <div className="text-left">
+                  <p className="font-medium text-gray-900 dark:text-white">{cred.ServiceName}</p>
+                  <p className="text-sm text-gray-600 dark:text-gray-400">{cred.Username}</p>
+                </div>
+              </button>
+            </li>
+          ))}
+        </ul>
+      )}
+    </div>
+  );
+};
+
+export default CredentialsList;

browser-extension/src/entrypoints/popup/pages/EmailDetails.tsx

@@ -0,0 +1,281 @@
+import React, { useEffect, useState } from 'react';
+import { useParams, useNavigate } from 'react-router-dom';
+import { Email } from '../../../utils/types/webapi/Email';
+import { useDb } from '../context/DbContext';
+import { useWebApi } from '../context/WebApiContext';
+import LoadingSpinner from '../components/LoadingSpinner';
+import { useMinDurationLoading } from '../../../hooks/useMinDurationLoading';
+import EncryptionUtility from '../../../utils/EncryptionUtility';
+import { Attachment } from '../../../utils/types/webapi/Attachment';
+import { useLoading } from '../context/LoadingContext';
+import ConversionUtility from '../utils/ConversionUtility';
+
+/**
+ * Email details page.
+ */
+const EmailDetails: React.FC = () => {
+  const { id } = useParams<{ id: string }>();
+  const navigate = useNavigate();
+  const dbContext = useDb();
+  const webApi = useWebApi();
+  const [error, setError] = useState<string | null>(null);
+  const [email, setEmail] = useState<Email | null>(null);
+  const [isLoading, setIsLoading] = useMinDurationLoading(true, 150);
+  const { setIsInitialLoading } = useLoading();
+
+  /**
+   * Make sure the initial loading state is set to false when this component is loaded itself.
+   */
+  useEffect(() => {
+    if (!isLoading) {
+      setIsInitialLoading(false);
+    }
+  }, [setIsInitialLoading, isLoading]);
+
+  useEffect(() => {
+    // For popup windows, ensure we have proper history state for navigation
+    if (isPopup()) {
+      // Clear existing history and create fresh entries
+      window.history.replaceState({}, '', `popup.html#/emails`);
+      window.history.pushState({}, '', `popup.html#/emails/${id}`);
+    }
+
+    /**
+     * Load the email.
+     */
+    const loadEmail = async () : Promise<void> => {
+      try {
+        setIsLoading(true);
+        setError(null);
+
+        if (!dbContext?.sqliteClient || !id) {
+          return;
+        }
+
+        const response = await webApi.get<Email>(`Email/${id}`);
+
+        // Decrypt email locally using public/private key pairs
+        const encryptionKeys = dbContext.sqliteClient.getAllEncryptionKeys();
+        const decryptedEmail = await EncryptionUtility.decryptEmail(response, encryptionKeys);
+        setEmail(decryptedEmail);
+      } catch (err) {
+        setError(err instanceof Error ? err.message : 'An error occurred');
+      } finally {
+        setIsLoading(false);
+      }
+    };
+
+    loadEmail();
+  }, [id, dbContext?.sqliteClient, webApi, setIsLoading]);
+
+  /**
+   * Handle deleting an email.
+   */
+  const handleDelete = async () : Promise<void> => {
+    try {
+      await webApi.delete(`Email/${id}`);
+      navigate('/emails');
+    } catch (err) {
+      setError(err instanceof Error ? err.message : 'Failed to delete email');
+    }
+  };
+
+  /**
+   * Check if the current page is an expanded popup.
+   */
+  const isPopup = () : boolean => {
+    const urlParams = new URLSearchParams(window.location.search);
+    return urlParams.get('expanded') === 'true';
+  };
+
+  /**
+   * Open the credential details in a new expanded popup.
+   */
+  const openInNewPopup = () : void => {
+    const width = 800;
+    const height = 1000;
+    const left = window.screen.width / 2 - width / 2;
+    const top = window.screen.height / 2 - height / 2;
+
+    window.open(
+      `popup.html?expanded=true#/emails/${id}`,
+      'EmailDetails',
+      `width=${width},height=${height},left=${left},top=${top},popup=true`
+    );
+
+    // Close the current tab
+    window.close();
+  };
+
+  /**
+   * Handle downloading an attachment.
+   */
+  const handleDownloadAttachment = async (attachment: Attachment): Promise<void> => {
+    try {
+      // Get the encrypted attachment bytes from the API
+      const base64EncryptedAttachment = await webApi.downloadBlobAndConvertToBase64(`Email/${id}/attachments/${attachment.id}`);
+
+      if (!dbContext?.sqliteClient || !email) {
+        setError('Database context or email not available');
+        return;
+      }
+
+      // Get encryption keys for decryption
+      const encryptionKeys = dbContext.sqliteClient.getAllEncryptionKeys();
+
+      // Decrypt the attachment using ArrayBuffer
+      const decryptedBytes = await EncryptionUtility.decryptAttachment(base64EncryptedAttachment, email, encryptionKeys);
+
+      if (!decryptedBytes) {
+        setError('Failed to decrypt attachment');
+        return;
+      }
+
+      // Create blob from decrypted bytes with proper MIME type
+      const blob = new Blob([decryptedBytes], { type: attachment.mimeType ?? 'application/octet-stream' });
+
+      // Create download link and trigger download
+      const url = window.URL.createObjectURL(blob);
+      const a = document.createElement('a');
+      a.href = url;
+      a.download = attachment.filename;
+      document.body.appendChild(a);
+      a.click();
+
+      // Cleanup
+      window.URL.revokeObjectURL(url);
+      document.body.removeChild(a);
+    } catch (err) {
+      console.error('handleDownloadAttachment error', err);
+      setError(err instanceof Error ? err.message : 'Failed to download attachment');
+    }
+  };
+
+  if (isLoading) {
+    return (
+      <div className="flex justify-center items-center p-8">
+        <LoadingSpinner />
+      </div>
+    );
+  }
+
+  if (error) {
+    return <div className="text-red-500">Error: {error}</div>;
+  }
+
+  if (!email) {
+    return <div className="text-gray-500">Email not found</div>;
+  }
+
+  return (
+    <div className="max-w-4xl mx-auto">
+      <div className="bg-white dark:bg-gray-800 rounded-lg shadow-md">
+        {/* Header */}
+        <div className="p-6 border-b border-gray-200 dark:border-gray-700">
+          <div className="flex justify-between items-start mb-4">
+            <h1 className="text-2xl font-bold text-gray-900 dark:text-white">{email.subject}</h1>
+            <div className="flex space-x-2">
+              <button
+                onClick={openInNewPopup}
+                className="text-gray-600 hover:text-gray-900 dark:text-gray-400 dark:hover:text-white"
+                title="Open in new window"
+              >
+                <svg
+                  className="w-5 h-5"
+                  fill="none"
+                  stroke="currentColor"
+                  viewBox="0 0 24 24"
+                  xmlns="http://www.w3.org/2000/svg"
+                >
+                  <path
+                    strokeLinecap="round"
+                    strokeLinejoin="round"
+                    strokeWidth={2}
+                    d="M4 8V4m0 0h4M4 4l5 5m11-1V4m0 0h-4m4 0l-5 5M4 16v4m0 0h4m-4 0l5-5m11 5l-5-5m5 5v-4m0 4h-4"
+                  />
+                </svg>
+              </button>
+              <button
+                onClick={handleDelete}
+                className="p-2 text-red-500 hover:text-red-600 rounded-md hover:bg-red-100 dark:hover:bg-red-900/20"
+                title="Delete email"
+              >
+                <svg
+                  className="w-5 h-5"
+                  fill="none"
+                  stroke="currentColor"
+                  viewBox="0 0 24 24"
+                  xmlns="http://www.w3.org/2000/svg"
+                >
+                  <path
+                    strokeLinecap="round"
+                    strokeLinejoin="round"
+                    strokeWidth={2}
+                    d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16"
+                  />
+                </svg>
+              </button>
+            </div>
+          </div>
+          <div className="space-y-1 text-sm text-gray-600 dark:text-gray-400">
+            <p>From: {email.fromDisplay} ({email.fromLocal}@{email.fromDomain})</p>
+            <p>To: {email.toLocal}@{email.toDomain}</p>
+            <p>Date: {new Date(email.dateSystem).toLocaleString()}</p>
+          </div>
+        </div>
+
+        {/* Email Body */}
+        <div className="bg-white">
+          {email.messageHtml ? (
+            <iframe
+              srcDoc={ConversionUtility.convertAnchorTagsToOpenInNewTab(email.messageHtml)}
+              className="w-full min-h-[500px] border-0"
+              title="Email content"
+            />
+          ) : (
+            <pre className="whitespace-pre-wrap text-gray-700 dark:text-gray-300">
+              {email.messagePlain}
+            </pre>
+          )}
+        </div>
+
+        {/* Attachments */}
+        {email.attachments && email.attachments.length > 0 && (
+          <div className="p-6 border-t border-gray-200 dark:border-gray-700">
+            <h2 className="text-lg font-semibold mb-4 text-gray-900 dark:text-white">
+              Attachments
+            </h2>
+            <div className="grid grid-cols-1 sm:grid-cols-2 md:grid-cols-3 gap-4">
+              {email.attachments.map((attachment) => (
+                <button
+                  key={attachment.id}
+                  onClick={() => handleDownloadAttachment(attachment)}
+                  className="flex items-center space-x-2 text-sm text-gray-600 dark:text-gray-400 hover:text-primary-600 dark:hover:text-primary-400 text-left"
+                >
+                  <svg
+                    className="w-4 h-4"
+                    fill="none"
+                    stroke="currentColor"
+                    viewBox="0 0 24 24"
+                  >
+                    <path
+                      strokeLinecap="round"
+                      strokeLinejoin="round"
+                      strokeWidth={2}
+                      d="M15.172 7l-6.586 6.586a2 2 0 102.828 2.828l6.414-6.586a4 4 0 00-5.656-5.656l-6.415 6.585a6 6 0 108.486 8.486L20.5 13"
+                    />
+                  </svg>
+                  <span>
+                    {attachment.filename} ({Math.ceil(attachment.filesize / 1024)} KB)
+                  </span>
+                </button>
+              ))}
+            </div>
+          </div>
+        )}
+      </div>
+    </div>
+  );
+};
+
+export default EmailDetails;

browser-extension/src/entrypoints/popup/pages/EmailsList.tsx

@@ -0,0 +1,159 @@
+import React, { useEffect, useState, useCallback } from 'react';
+import { MailboxBulkRequest, MailboxBulkResponse } from '../../../utils/types/webapi/MailboxBulk';
+import { MailboxEmail } from '../../../utils/types/webapi/MailboxEmail';
+import { useDb } from '../context/DbContext';
+import { useWebApi } from '../context/WebApiContext';
+import LoadingSpinner from '../components/LoadingSpinner';
+import { useMinDurationLoading } from '../../../hooks/useMinDurationLoading';
+import EncryptionUtility from '../../../utils/EncryptionUtility';
+import ReloadButton from '../components/ReloadButton';
+import { Link } from 'react-router-dom';
+/**
+ * Emails list page.
+ */
+const EmailsList: React.FC = () => {
+  const dbContext = useDb();
+  const webApi = useWebApi();
+  const [error, setError] = useState<string | null>(null);
+  const [emails, setEmails] = useState<MailboxEmail[]>([]);
+
+  /**
+   * Loading state with minimum duration for more fluid UX.
+   */
+  const [isLoading, setIsLoading] = useMinDurationLoading(true, 100);
+
+  /**
+   * Loads emails from the web API.
+   */
+  const loadEmails = useCallback(async () : Promise<void> => {
+    try {
+      setIsLoading(true);
+      setError(null);
+
+      if (!dbContext?.sqliteClient) {
+        return;
+      }
+
+      // Get unique email addresses from all credentials.
+      const emailAddresses = dbContext.sqliteClient.getAllEmailAddresses();
+
+      try {
+        // For now we only show the latest 50 emails. No pagination.
+        const data = await webApi.post<MailboxBulkRequest, MailboxBulkResponse>('EmailBox/bulk', {
+          addresses: emailAddresses,
+          page: 1,
+          pageSize: 50,
+        });
+
+        // Decrypt emails locally using private key associated with the email address.
+        const encryptionKeys = dbContext.sqliteClient.getAllEncryptionKeys();
+
+        // Decrypt emails locally using public/private key pairs.
+        const decryptedEmails = await EncryptionUtility.decryptEmailList(data.mails, encryptionKeys);
+
+        setEmails(decryptedEmails);
+      } catch (error) {
+        console.error(error);
+        throw new Error('Failed to load emails');
+      }
+    } catch (err) {
+      setError(err instanceof Error ? err.message : 'An error occurred');
+    } finally {
+      setIsLoading(false);
+    }
+  }, [dbContext?.sqliteClient, webApi, setIsLoading]);
+
+  useEffect(() => {
+    loadEmails();
+  }, [loadEmails]);
+
+  /**
+   * Formats the date display for emails
+   */
+  const formatEmailDate = (dateSystem: string): string => {
+    const now = new Date();
+    const emailDate = new Date(dateSystem);
+    const secondsAgo = Math.floor((now.getTime() - emailDate.getTime()) / 1000);
+
+    if (secondsAgo < 60) {
+      return 'just now';
+    } else if (secondsAgo < 3600) {
+      // Less than 1 hour ago
+      const minutes = Math.floor(secondsAgo / 60);
+      return `${minutes} ${minutes === 1 ? 'min' : 'mins'} ago`;
+    } else if (secondsAgo < 86400) {
+      // Less than 24 hours ago
+      const hours = Math.floor(secondsAgo / 3600);
+      return `${hours} ${hours === 1 ? 'hr' : 'hrs'} ago`;
+    } else if (secondsAgo < 172800) {
+      // Less than 48 hours ago
+      return 'yesterday';
+    } else {
+      // Older than 48 hours
+      return emailDate.toLocaleDateString('en-GB', {
+        day: '2-digit',
+        month: '2-digit'
+      });
+    }
+  };
+
+  if (isLoading) {
+    return (
+      <div className="flex justify-center items-center p-8">
+        <LoadingSpinner />
+      </div>
+    );
+  }
+
+  if (error) {
+    return <div className="text-red-500">Error: {error}</div>;
+  }
+
+  if (emails.length === 0) {
+    return (
+      <div>
+        <div className="flex justify-between items-center mb-4">
+          <h2 className="text-gray-900 dark:text-white text-xl">Emails</h2>
+          <ReloadButton onClick={loadEmails} />
+        </div>
+        <div className="text-gray-500 dark:text-gray-400 space-y-2">
+          <p className="text-sm">
+            You have not received any emails at your private email addresses yet. When you receive a new email, it will appear here.
+          </p>
+        </div>
+      </div>
+    );
+  }
+
+  return (
+    <div>
+      <div className="flex justify-between items-center mb-4">
+        <h2 className="text-gray-900 dark:text-white text-xl">Emails</h2>
+        <ReloadButton onClick={loadEmails} />
+      </div>
+      <div className="space-y-2">
+        {emails.map((email) => (
+          <Link
+            key={email.id}
+            to={`/emails/${email.id}`}
+            className="block p-4 bg-white dark:bg-gray-800 rounded-lg shadow hover:shadow-md transition-shadow border border-gray-200 dark:border-gray-700 hover:bg-gray-50 dark:hover:bg-gray-700"
+          >
+            <div className="flex justify-between items-start mb-2">
+              <div className="text-sm text-gray-900 dark:text-white mb-1 font-bold">
+                {email.subject}
+              </div>
+              <div className="text-sm text-gray-500 dark:text-gray-400">
+                {formatEmailDate(email.dateSystem)}
+              </div>
+            </div>
+            <div className="text-sm text-gray-600 dark:text-gray-300 line-clamp-2">
+              {email.messagePreview}
+            </div>
+          </Link>
+        ))}
+      </div>
+    </div>
+  );
+};
+
+export default EmailsList;

browser-extension/src/entrypoints/popup/pages/Home.tsx

@@ -0,0 +1,61 @@
+import React, { useState, useEffect } from 'react';
+import { useAuth } from '../context/AuthContext';
+import Unlock from './Unlock';
+import Login from './Login';
+import UnlockSuccess from './UnlockSuccess';
+import { useNavigate } from 'react-router-dom';
+import { useDb } from '../context/DbContext';
+import { useLoading } from '../context/LoadingContext';
+
+/**
+ * Home page that shows the correct page based on the user's authentication state.
+ */
+const Home: React.FC = () => {
+  const authContext = useAuth();
+  const dbContext = useDb();
+  const navigate = useNavigate();
+  const { setIsInitialLoading } = useLoading();
+  const [isInlineUnlockMode, setIsInlineUnlockMode] = useState(false);
+
+  // Initialization state.
+  const isFullyInitialized = authContext.isInitialized && dbContext.dbInitialized;
+  const isAuthenticated = authContext.isLoggedIn;
+  const isDatabaseAvailable = dbContext.dbAvailable;
+  const requireLoginOrUnlock = isFullyInitialized && (!isAuthenticated || !isDatabaseAvailable || isInlineUnlockMode);
+
+  useEffect(() => {
+    // Detect if the user is coming from the unlock page with mode=inline_unlock.
+    const urlParams = new URLSearchParams(window.location.search);
+    const isInlineUnlockMode = urlParams.get('mode') === 'inline_unlock';
+    setIsInlineUnlockMode(isInlineUnlockMode);
+
+    // Redirect to credentials if fully initialized and doesn't need unlock.
+    if (isFullyInitialized && !requireLoginOrUnlock) {
+      navigate('/credentials', { replace: true });
+    }
+  }, [isFullyInitialized, requireLoginOrUnlock, isInlineUnlockMode, navigate]);
+
+  // Show loading state if not fully initialized or when about to redirect to credentials.
+  if (!isFullyInitialized || (isFullyInitialized && !requireLoginOrUnlock)) {
+    // Global loading spinner will be shown by the parent component.
+    return null;
+  }
+
+  setIsInitialLoading(false);
+
+  if (!isAuthenticated) {
+    return <Login />;
+  }
+
+  if (!isDatabaseAvailable) {
+    return <Unlock />;
+  }
+
+  if (isInlineUnlockMode) {
+    return <UnlockSuccess onClose={() => setIsInlineUnlockMode(false)} />;
+  }
+
+  return null;
+};
+
+export default Home;

browser-extension/src/entrypoints/popup/pages/Login.tsx

@@ -0,0 +1,342 @@
+import React, { useEffect, useState } from 'react';
+import { useAuth } from '../context/AuthContext';
+import { useDb } from '../context/DbContext';
+import { useWebApi } from '../context/WebApiContext';
+import { Buffer } from 'buffer';
+import Button from '../components/Button';
+import EncryptionUtility from '../../../utils/EncryptionUtility';
+import SrpUtility from '../utils/SrpUtility';
+import { useLoading } from '../context/LoadingContext';
+import { VaultResponse } from '../../../utils/types/webapi/VaultResponse';
+import { LoginResponse } from '../../../utils/types/webapi/Login';
+import LoginServerInfo from '../components/LoginServerInfo';
+import { AppInfo } from '../../../utils/AppInfo';
+import { storage } from 'wxt/storage';
+/**
+ * Login page
+ */
+const Login: React.FC = () => {
+  const authContext = useAuth();
+  const dbContext = useDb();
+  const [credentials, setCredentials] = useState({
+    username: '',
+    password: '',
+  });
+  const { showLoading, hideLoading } = useLoading();
+  const [rememberMe, setRememberMe] = useState(true);
+  const [loginResponse, setLoginResponse] = useState<LoginResponse | null>(null);
+  const [passwordHashString, setPasswordHashString] = useState<string | null>(null);
+  const [passwordHashBase64, setPasswordHashBase64] = useState<string | null>(null);
+  const [twoFactorRequired, setTwoFactorRequired] = useState(false);
+  const [twoFactorCode, setTwoFactorCode] = useState('');
+  const [clientUrl, setClientUrl] = useState<string | null>(null);
+  const [error, setError] = useState<string | null>(null);
+  const webApi = useWebApi();
+  const srpUtil = new SrpUtility(webApi);
+
+  useEffect(() => {
+    /**
+     * Load the client URL from the storage.
+     */
+    const loadClientUrl = async () : Promise<void> => {
+      const settingClientUrl = await storage.getItem('local:clientUrl') as string;
+      let clientUrl = AppInfo.DEFAULT_CLIENT_URL;
+      if (settingClientUrl && settingClientUrl.length > 0) {
+        clientUrl = settingClientUrl;
+      }
+
+      setClientUrl(clientUrl);
+    };
+    loadClientUrl();
+  }, []);
+
+  /**
+   * Handle submit
+   */
+  const handleSubmit = async (e: React.FormEvent) : Promise<void> => {
+    e.preventDefault();
+    setError(null);
+
+    try {
+      showLoading();
+
+      // Clear global message if set with every login attempt.
+      authContext.clearGlobalMessage();
+
+      // Use the srpUtil instance instead of the imported singleton
+      const loginResponse = await srpUtil.initiateLogin(credentials.username);
+
+      // 1. Derive key from password using Argon2id
+      const passwordHash = await EncryptionUtility.deriveKeyFromPassword(
+        credentials.password,
+        loginResponse.salt,
+        loginResponse.encryptionType,
+        loginResponse.encryptionSettings
+      );
+
+      // Convert uint8 array to uppercase hex string which is expected by the server.
+      const passwordHashString = Buffer.from(passwordHash).toString('hex').toUpperCase();
+
+      // Get the derived key as base64 string required for decryption.
+      const passwordHashBase64 = Buffer.from(passwordHash).toString('base64');
+
+      // 2. Validate login with SRP protocol
+      const validationResponse = await srpUtil.validateLogin(
+        credentials.username,
+        passwordHashString,
+        rememberMe,
+        loginResponse
+      );
+
+      // 3. Handle 2FA if required
+      if (validationResponse.requiresTwoFactor) {
+        // Store login response as we need it for 2FA validation
+        setLoginResponse(loginResponse);
+        // Store password hash string as we need it for 2FA validation
+        setPasswordHashString(passwordHashString);
+        // Store password hash base64 as we need it for decryption
+        setPasswordHashBase64(passwordHashBase64);
+        setTwoFactorRequired(true);
+        // Show app.
+        hideLoading();
+        return;
+      }
+
+      // Check if token was returned.
+      if (!validationResponse.token) {
+        throw new Error('Login failed -- no token returned');
+      }
+
+      // Try to get latest vault manually providing auth token.
+      const vaultResponseJson = await webApi.fetch<VaultResponse>('Vault', { method: 'GET', headers: {
+        'Authorization': `Bearer ${validationResponse.token.token}`
+      } });
+
+      const vaultError = webApi.validateVaultResponse(vaultResponseJson);
+      if (vaultError) {
+        setError(vaultError);
+        hideLoading();
+        return;
+      }
+
+      // All is good. Store auth info which is required to make requests to the web API.
+      await authContext.setAuthTokens(credentials.username, validationResponse.token.token, validationResponse.token.refreshToken);
+
+      // Initialize the SQLite context with the new vault data.
+      await dbContext.initializeDatabase(vaultResponseJson, passwordHashBase64);
+
+      // Set logged in status to true which refreshes the app.
+      await authContext.login();
+
+      // Show app.
+      hideLoading();
+    } catch {
+      setError('Could not reach AliasVault server. Please try again later or contact support if the problem persists.');
+      hideLoading();
+    }
+  };
+
+  /**
+   * Handle two factor submit.
+   */
+  const handleTwoFactorSubmit = async (e: React.FormEvent) : Promise<void> => {
+    e.preventDefault();
+    setError(null);
+
+    if (!passwordHashString || !passwordHashBase64 || !loginResponse) {
+      throw new Error('Required login data not found');
+    }
+
+    try {
+      showLoading();
+
+      const validationResponse = await srpUtil.validateLogin2Fa(
+        credentials.username,
+        passwordHashString,
+        rememberMe,
+        loginResponse,
+        parseInt(twoFactorCode)
+      );
+
+      // Check if token was returned.
+      if (!validationResponse.token) {
+        throw new Error('Login failed -- no token returned');
+      }
+
+      // Try to get latest vault manually providing auth token.
+      const vaultResponseJson = await webApi.fetch<VaultResponse>('Vault', { method: 'GET', headers: {
+        'Authorization': `Bearer ${validationResponse.token.token}`
+      } });
+
+      const vaultError = webApi.validateVaultResponse(vaultResponseJson);
+      if (vaultError) {
+        setError(vaultError);
+        hideLoading();
+        return;
+      }
+
+      // All is good. Store auth info which is required to make requests to the web API.
+      await authContext.setAuthTokens(credentials.username, validationResponse.token.token, validationResponse.token.refreshToken);
+
+      // Initialize the SQLite context with the new vault data.
+      await dbContext.initializeDatabase(vaultResponseJson, passwordHashBase64);
+
+      // Set logged in status to true which refreshes the app.
+      await authContext.login();
+
+      // Reset 2FA state and login response as it's no longer needed
+      setTwoFactorRequired(false);
+      setTwoFactorCode('');
+      setPasswordHashString(null);
+      setPasswordHashBase64(null);
+      setLoginResponse(null);
+      hideLoading();
+    } catch (err) {
+      setError('Invalid authentication code. Please try again.');
+      console.error('2FA error:', err);
+      hideLoading();
+    }
+  };
+
+  /**
+   * Handle change
+   */
+  const handleChange = (e: React.ChangeEvent<HTMLInputElement>) : void => {
+    const { name, value } = e.target;
+    setCredentials(prev => ({
+      ...prev,
+      [name]: value
+    }));
+  };
+
+  if (twoFactorRequired) {
+    return (
+      <div className="max-w-md">
+        <form onSubmit={handleTwoFactorSubmit} className="bg-white dark:bg-gray-700 w-full shadow-md rounded px-8 pt-6 pb-8 mb-4">
+          {error && (
+            <div className="mb-4 text-red-500 dark:text-red-400 text-sm">
+              {error}
+            </div>
+          )}
+          <div className="mb-6">
+            <p className="text-gray-700 dark:text-gray-200 mb-4">
+              Please enter the authentication code from your authenticator app.
+            </p>
+            <label className="block text-gray-700 dark:text-gray-200 text-sm font-bold mb-2" htmlFor="twoFactorCode">
+              Authentication Code
+            </label>
+            <input
+              className="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 dark:text-gray-200 dark:bg-gray-800 dark:border-gray-600 leading-tight focus:outline-none focus:shadow-outline"
+              id="twoFactorCode"
+              type="text"
+              value={twoFactorCode}
+              onChange={(e) => setTwoFactorCode(e.target.value)}
+              placeholder="Enter 6-digit code"
+              required
+            />
+          </div>
+          <div className="flex flex-col w-full space-y-2">
+            <Button type="submit">
+              Verify
+            </Button>
+            <Button
+              type="button"
+              onClick={() => {
+                // Reset the form.
+                setCredentials({
+                  username: '',
+                  password: ''
+                });
+                setTwoFactorRequired(false);
+                setTwoFactorCode('');
+                setPasswordHashString(null);
+                setPasswordHashBase64(null);
+                setLoginResponse(null);
+                setError(null);
+              }}
+              variant="secondary"
+            >
+              Cancel
+            </Button>
+          </div>
+          <p className="text-xs text-gray-500 dark:text-gray-400 mt-4 text-center">
+            Note: if you don&apos;t have access to your authenticator device, you can reset your 2FA with a recovery code by logging in via the website.
+          </p>
+        </form>
+      </div>
+    );
+  }
+
+  return (
+    <div className="max-w-md">
+      <form onSubmit={handleSubmit} className="bg-white dark:bg-gray-700 w-full shadow-md rounded px-8 pt-6 pb-8 mb-4">
+        {error && (
+          <div className="mb-4 text-red-500 dark:text-red-400 text-sm">
+            {error}
+          </div>
+        )}
+        <h2 className="text-xl font-bold dark:text-gray-200">Log in to AliasVault</h2>
+        <LoginServerInfo />
+        <div className="mb-4">
+          <label className="block text-gray-700 dark:text-gray-200 text-sm font-bold mb-2" htmlFor="username">
+            Username or email
+          </label>
+          <input
+            className="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 dark:text-gray-200 dark:bg-gray-800 dark:border-gray-600 leading-tight focus:outline-none focus:shadow-outline"
+            id="username"
+            type="text"
+            name="username"
+            placeholder="name / name@company.com"
+            value={credentials.username}
+            onChange={handleChange}
+            required
+          />
+        </div>
+        <div className="mb-4">
+          <label className="block text-gray-700 dark:text-gray-200 text-sm font-bold mb-2" htmlFor="password">
+            Password
+          </label>
+          <input
+            className="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 dark:text-gray-200 dark:bg-gray-800 dark:border-gray-600 mb-3 leading-tight focus:outline-none focus:shadow-outline"
+            id="password"
+            type="password"
+            name="password"
+            placeholder="Enter your password"
+            value={credentials.password}
+            onChange={handleChange}
+            required
+          />
+        </div>
+        <div className="mb-6">
+          <label className="flex items-center">
+            <input
+              type="checkbox"
+              checked={rememberMe}
+              onChange={(e) => setRememberMe(e.target.checked)}
+              className="mr-2"
+            />
+            <span className="text-sm text-gray-700 dark:text-gray-200">Remember me</span>
+          </label>
+        </div>
+        <div className="flex w-full">
+          <Button type="submit">
+            Login
+          </Button>
+        </div>
+      </form>
+      <div className="text-center text-sm text-gray-600 dark:text-gray-400">
+        No account yet?{' '}
+        <a
+          href={clientUrl ?? ''}
+          target="_blank"
+          rel="noopener noreferrer"
+          className="text-orange-500 hover:text-orange-600 dark:text-orange-400 dark:hover:text-orange-500"
+        >
+          Create new vault
+        </a>
+      </div>
+    </div>
+  );
+};
+
+export default Login;

browser-extension/src/entrypoints/popup/pages/Logout.tsx

@@ -0,0 +1,32 @@
+import React, { useEffect } from 'react';
+import { useNavigate } from 'react-router-dom';
+import { useAuth } from '../context/AuthContext';
+import { useWebApi } from '../context/WebApiContext';
+
+/**
+ * Logout page.
+ */
+const Logout: React.FC = () => {
+  const authContext = useAuth();
+  const webApi = useWebApi();
+  const navigate = useNavigate();
+  /**
+   * Logout and navigate to home page.
+   */
+  useEffect(() => {
+    /**
+     * Perform logout via async method to ensure logout is completed before navigating to home page.
+     */
+    const performLogout = async () : Promise<void> => {
+      await webApi.logout();
+      navigate('/');
+    };
+
+    performLogout();
+  }, [authContext, navigate, webApi]);
+
+  // Return null since this is just a functional component that handles logout.
+  return null;
+};
+
+export default Logout;

browser-extension/src/entrypoints/popup/pages/Settings.tsx

@@ -0,0 +1,185 @@
+import React, { useEffect, useState, useCallback } from 'react';
+import { DISABLED_SITES_KEY, GLOBAL_POPUP_ENABLED_KEY } from '../../contentScript/Popup';
+import { AppInfo } from '../../../utils/AppInfo';
+import { storage } from "wxt/storage";
+import { browser } from 'wxt/browser';
+
+/**
+ * Popup settings type.
+ */
+type PopupSettings = {
+  disabledUrls: string[];
+  currentUrl: string;
+  isEnabled: boolean;
+  isGloballyEnabled: boolean;
+}
+
+/**
+ * Settings page component.
+ */
+const Settings: React.FC = () => {
+  const [settings, setSettings] = useState<PopupSettings>({
+    disabledUrls: [],
+    currentUrl: '',
+    isEnabled: true,
+    isGloballyEnabled: true
+  });
+
+  /**
+   * Get current tab in browser.
+   */
+  const getCurrentTab = async (): Promise<browser.tabs.Tab> => {
+    const queryOptions = { active: true, currentWindow: true };
+    const [tab] = await browser.tabs.query(queryOptions);
+    return tab;
+  };
+
+  /**
+   * Load settings.
+   */
+  const loadSettings = useCallback(async () : Promise<void> => {
+    const tab = await getCurrentTab();
+    const currentUrl = new URL(tab.url ?? '').hostname;
+
+    // Load settings local storage.
+    const disabledUrls = await storage.getItem(DISABLED_SITES_KEY) as string[] ?? [];
+    const isGloballyEnabled = await storage.getItem(GLOBAL_POPUP_ENABLED_KEY) !== false; // Default to true if not set
+
+    setSettings({
+      disabledUrls,
+      currentUrl,
+      isEnabled: !disabledUrls.includes(currentUrl),
+      isGloballyEnabled
+    });
+  }, []);
+
+  useEffect(() => {
+    loadSettings();
+  }, [loadSettings]);
+
+  /**
+   * Toggle current site.
+   */
+  const toggleCurrentSite = async () : Promise<void> => {
+    const { currentUrl, disabledUrls, isEnabled } = settings;
+    let newDisabledUrls = [...disabledUrls];
+
+    if (isEnabled) {
+      newDisabledUrls.push(currentUrl);
+    } else {
+      newDisabledUrls = newDisabledUrls.filter(url => url !== currentUrl);
+    }
+
+    await storage.setItem(DISABLED_SITES_KEY, newDisabledUrls);
+
+    setSettings(prev => ({
+      ...prev,
+      disabledUrls: newDisabledUrls,
+      isEnabled: !isEnabled
+    }));
+  };
+
+  /**
+   * Reset settings.
+   */
+  const resetSettings = async () : Promise<void> => {
+    await storage.setItem(DISABLED_SITES_KEY, []);
+
+    setSettings(prev => ({
+      ...prev,
+      disabledUrls: [],
+      isEnabled: true
+    }));
+  };
+
+  /**
+   * Toggle global popup.
+   */
+  const toggleGlobalPopup = async () : Promise<void> => {
+    const newGloballyEnabled = !settings.isGloballyEnabled;
+
+    await storage.setItem(GLOBAL_POPUP_ENABLED_KEY, newGloballyEnabled);
+
+    setSettings(prev => ({
+      ...prev,
+      isGloballyEnabled: newGloballyEnabled
+    }));
+  };
+
+  return (
+    <div className="space-y-6">
+      <div className="flex justify-between items-center mb-4">
+        <h2 className="text-gray-900 dark:text-white text-xl">Settings</h2>
+      </div>
+
+      {/* Global Settings Section */}
+      <section>
+        <h3 className="text-md font-semibold text-gray-900 dark:text-white mb-3">Global Settings</h3>
+        <div className="bg-white dark:bg-gray-800 rounded-lg shadow-sm border border-gray-200 dark:border-gray-700">
+          <div className="p-4">
+            <div className="flex items-center justify-between">
+              <div>
+                <p className="text-sm font-medium text-gray-900 dark:text-white">Automatically open popup</p>
+                <p className={`text-sm mt-1 ${settings.isGloballyEnabled ? 'text-gray-600 dark:text-gray-400' : 'text-red-600 dark:text-red-400'}`}>
+                  {settings.isGloballyEnabled ? 'Active on all sites (unless disabled below)' : 'Disabled on all sites'}
+                </p>
+              </div>
+              <button
+                onClick={toggleGlobalPopup}
+                className={`px-4 py-2 rounded-md transition-colors ${
+                  settings.isGloballyEnabled
+                    ? 'bg-red-500 hover:bg-red-600 text-white'
+                    : 'bg-green-500 hover:bg-green-600 text-white'
+                }`}
+              >
+                {settings.isGloballyEnabled ? 'Disable' : 'Enable'}
+              </button>
+            </div>
+          </div>
+        </div>
+      </section>
+
+      {/* Site-Specific Settings Section */}
+      <section>
+        <h3 className="text-md font-semibold text-gray-900 dark:text-white mb-3">Site-Specific Settings</h3>
+        <div className="bg-white dark:bg-gray-800 rounded-lg shadow-sm border border-gray-200 dark:border-gray-700">
+          <div className="p-4">
+            <div className="flex items-center justify-between">
+              <div>
+                <p className="text-sm font-medium text-gray-900 dark:text-white">Open popup on: {settings.currentUrl}</p>
+                <p className={`text-sm mt-1 ${settings.isEnabled ? 'text-gray-600 dark:text-gray-400' : 'text-red-600 dark:text-red-400'}`}>
+                  {settings.isEnabled ? 'Popup is active' : 'Popup is disabled'}
+                </p>
+              </div>
+              <button
+                onClick={toggleCurrentSite}
+                className={`px-4 py-2 rounded-md transition-colors ${
+                  settings.isEnabled
+                    ? 'bg-red-500 hover:bg-red-600 text-white'
+                    : 'bg-green-500 hover:bg-green-600 text-white'
+                }`}
+              >
+                {settings.isEnabled ? 'Disable' : 'Enable'}
+              </button>
+            </div>
+
+            <div className="mt-4">
+              <button
+                onClick={resetSettings}
+                className="w-full px-4 py-2 bg-gray-100 hover:bg-gray-200 dark:bg-gray-700 dark:hover:bg-gray-600 rounded-md text-gray-700 dark:text-gray-300 transition-colors text-sm"
+              >
+                Reset all site-specific settings
+              </button>
+            </div>
+          </div>
+        </div>
+      </section>
+
+      <div className="text-center text-gray-400 dark:text-gray-600">
+        Version: {AppInfo.VERSION}
+      </div>
+    </div>
+  );
+};
+
+export default Settings;

browser-extension/src/entrypoints/popup/pages/Unlock.tsx

@@ -0,0 +1,126 @@
+import React, { useEffect, useState } from 'react';
+import { useDb } from '../context/DbContext';
+import { useAuth } from '../context/AuthContext';
+import { useWebApi } from '../context/WebApiContext';
+import { Buffer } from 'buffer';
+import Button from '../components/Button';
+import EncryptionUtility from '../../../utils/EncryptionUtility';
+import SrpUtility from '../utils/SrpUtility';
+import { VaultResponse } from '../../../utils/types/webapi/VaultResponse';
+import { useLoading } from '../context/LoadingContext';
+
+/**
+ * Unlock page
+ */
+const Unlock: React.FC = () => {
+  const authContext = useAuth();
+  const dbContext = useDb();
+
+  const webApi = useWebApi();
+  const srpUtil = new SrpUtility(webApi);
+
+  const [password, setPassword] = useState('');
+  const [error, setError] = useState<string | null>(null);
+  const { showLoading, hideLoading } = useLoading();
+
+  useEffect(() => {
+    /**
+     * Make status call to API which acts as health check.
+     */
+    const checkStatus = async () : Promise<void> => {
+      const statusResponse = await webApi.getStatus();
+      const statusError = webApi.validateStatusResponse(statusResponse);
+      if (statusError !== null) {
+        await webApi.logout(statusError);
+      }
+    };
+
+    checkStatus();
+  }, [webApi, authContext]);
+
+  /**
+   * Handle submit
+   */
+  const handleSubmit = async (e: React.FormEvent) : Promise<void> => {
+    e.preventDefault();
+    setError(null);
+    showLoading();
+
+    try {
+      // 1. Initiate login to get salt and server ephemeral
+      const loginResponse = await srpUtil.initiateLogin(authContext.username!);
+
+      // Derive key from password using user's encryption settings
+      const passwordHash = await EncryptionUtility.deriveKeyFromPassword(
+        password,
+        loginResponse.salt,
+        loginResponse.encryptionType,
+        loginResponse.encryptionSettings
+      );
+
+      // Make API call to get latest vault
+      const vaultResponseJson = await webApi.get<VaultResponse>('Vault');
+
+      const vaultError = webApi.validateVaultResponse(vaultResponseJson);
+      if (vaultError) {
+        setError(vaultError);
+        hideLoading();
+        return;
+      }
+
+      // Get the derived key as base64 string required for decryption.
+      const passwordHashBase64 = Buffer.from(passwordHash).toString('base64');
+
+      // Initialize the SQLite context with the new vault data.
+      await dbContext.initializeDatabase(vaultResponseJson, passwordHashBase64);
+    } catch (err) {
+      setError('Failed to unlock vault. Please check your password and try again.');
+      console.error('Unlock error:', err);
+    } finally {
+      hideLoading();
+    }
+  };
+
+  return (
+    <div className="max-w-md">
+      <form onSubmit={handleSubmit} className="bg-white dark:bg-gray-700 w-full shadow-md rounded px-8 pt-6 pb-8 mb-4">
+        <h2 className="text-2xl font-bold text-gray-900 dark:text-white break-all overflow-hidden mb-4">{authContext.username}</h2>
+
+        <p className="text-base text-gray-500 dark:text-gray-200 mb-6">
+          Enter your master password to unlock your vault.
+        </p>
+
+        {error && (
+          <div className="mb-4 text-red-500 dark:text-red-400 text-sm">
+            {error}
+          </div>
+        )}
+
+        <div className="mb-6">
+          <label className="block text-gray-700 dark:text-gray-200 text-sm font-bold mb-2" htmlFor="password">
+            Password
+          </label>
+          <input
+            className="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 dark:text-gray-200 dark:bg-gray-800 dark:border-gray-600 mb-3 leading-tight focus:outline-none focus:shadow-outline"
+            id="password"
+            type="password"
+            value={password}
+            onChange={(e) => setPassword(e.target.value)}
+            placeholder="Enter your password"
+            required
+          />
+        </div>
+
+        <Button type="submit">
+          Unlock
+        </Button>
+
+        <div className="text-sm font-medium text-gray-500 dark:text-gray-200 mt-6">
+          Switch accounts? <a href="/logout" className="text-primary-700 hover:underline dark:text-primary-500">Log out</a>
+        </div>
+      </form>
+    </div>
+  );
+};
+
+export default Unlock;

browser-extension/src/entrypoints/popup/pages/UnlockSuccess.tsx

@@ -0,0 +1,45 @@
+import React from 'react';
+
+/**
+ * Unlock success component shown when the vault is successfully unlocked in a separate popup
+ * asking the user if they want to close the popup.
+ */
+const UnlockSuccess: React.FC<{
+    onClose: () => void;
+}> = ({ onClose }) => (
+  <div className="flex flex-col items-center justify-center p-6 text-center">
+    <div className="mb-4 text-green-600 dark:text-green-400">
+      <svg className="w-12 h-12 mx-auto" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
+      </svg>
+    </div>
+    <h2 className="text-xl font-semibold mb-4 text-gray-900 dark:text-white">
+    Your vault is successfully unlocked
+    </h2>
+    <p className="mb-6 text-gray-600 dark:text-gray-400">
+    You can now use autofill in login forms in your browser.
+    </p>
+    <div className="space-y-3 w-full">
+      <button
+        onClick={() => window.close()}
+        className="w-full px-4 py-2 text-white bg-primary-600 rounded hover:bg-primary-700 focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2"
+      >
+        Close this popup
+      </button>
+      <button
+        onClick={() => {
+          // Remove mode=inline from URL before closing
+          const url = new URL(window.location.href);
+          url.searchParams.delete('mode');
+          window.history.replaceState({}, '', url);
+          onClose();
+        }}
+        className="w-full px-4 py-2 text-gray-700 bg-gray-100 rounded hover:bg-gray-200 focus:outline-none focus:ring-2 focus:ring-gray-500 focus:ring-offset-2 dark:bg-gray-700 dark:text-gray-300 dark:hover:bg-gray-600"
+      >
+        Browse vault contents
+      </button>
+    </div>
+  </div>
+);
+
+export default UnlockSuccess;

browser-extension/src/entrypoints/popup/style.css

@@ -0,0 +1,3 @@
+body {
+  font-size: 75%;
+}

browser-extension/src/entrypoints/popup/utils/ClipboardCopyService.tsx

@@ -0,0 +1,39 @@
+/**
+ * Clipboard copy service that keeps track of the last copied ID so it can be shown in the UI.
+ */
+export class ClipboardCopyService {
+  private currentCopiedId: string = '';
+  private onCopyCallbacks: ((id: string) => void)[] = [];
+
+  /**
+   * Set the copied ID.
+   */
+  public setCopied(id: string) : void {
+    this.currentCopiedId = id;
+    this.notifySubscribers();
+  }
+
+  /**
+   * Get the copied ID.
+   */
+  public getCopiedId(): string {
+    return this.currentCopiedId;
+  }
+
+  /**
+   * Subscribe to clipboard copy events.
+   */
+  public subscribe(callback: (id: string) => void) {
+    this.onCopyCallbacks.push(callback);
+    return () : void => {
+      this.onCopyCallbacks = this.onCopyCallbacks.filter(cb => cb !== callback);
+    };
+  }
+
+  /**
+   * Notify subscribers.
+   */
+  private notifySubscribers() : void {
+    this.onCopyCallbacks.forEach(callback => callback(this.currentCopiedId));
+  }
+}

browser-extension/src/entrypoints/popup/utils/ConversionUtility.tsx

@@ -0,0 +1,54 @@
+/**
+ * Utility class for conversion operations.
+ */
+class ConversionUtility {
+  /**
+   * Convert all anchor tags to open in a new tab.
+   * @param html HTML input.
+   * @returns HTML with all anchor tags converted to open in a new tab when clicked on.
+   *
+   * Note: same implementation exists in c-sharp version in AliasVault.Shared.Utilities.ConversionUtility.cs
+   */
+  public convertAnchorTagsToOpenInNewTab(html: string): string {
+    try {
+      // Create a DOM parser
+      const parser = new DOMParser();
+      const doc = parser.parseFromString(html, 'text/html');
+
+      // Select all anchor tags with href attribute
+      const anchors = doc.querySelectorAll('a[href]');
+
+      if (anchors.length > 0) {
+        anchors.forEach((anchor: Element) => {
+          // Handle target attribute
+          if (!anchor.hasAttribute('target') || anchor.getAttribute('target') !== '_blank') {
+            anchor.setAttribute('target', '_blank');
+          }
+
+          // Handle rel attribute for security
+          if (!anchor.hasAttribute('rel')) {
+            anchor.setAttribute('rel', 'noopener noreferrer');
+          } else {
+            const relValue = anchor.getAttribute('rel') ?? '';
+            const relValues = new Set(relValue.split(' ').filter(val => val.trim() !== ''));
+
+            relValues.add('noopener');
+            relValues.add('noreferrer');
+
+            anchor.setAttribute('rel', Array.from(relValues).join(' '));
+          }
+        });
+      }
+
+      return doc.documentElement.outerHTML;
+    } catch (ex) {
+      // Log the exception
+      console.error(`Error in convertAnchorTagsToOpenInNewTab: ${ex instanceof Error ? ex.message : String(ex)}`);
+
+      // Return the original HTML if an error occurs
+      return html;
+    }
+  }
+}
+
+export default new ConversionUtility();

browser-extension/src/entrypoints/popup/utils/SrpUtility.tsx

@@ -0,0 +1,97 @@
+import srp from 'secure-remote-password/client'
+import { WebApiService } from '../../../utils/WebApiService';
+import { LoginRequest, LoginResponse } from '../../../utils/types/webapi/Login';
+import { ValidateLoginRequest, ValidateLoginRequest2Fa, ValidateLoginResponse } from '../../../utils/types/webapi/ValidateLogin';
+
+/**
+ * Utility class for SRP authentication operations.
+ */
+class SrpUtility {
+  private readonly webApiService: WebApiService;
+
+  /**
+   * Constructor for the SrpUtility class.
+   *
+   * @param {WebApiService} webApiService - The WebApiService instance.
+   */
+  public constructor(webApiService: WebApiService) {
+    this.webApiService = webApiService;
+  }
+
+  /**
+   * Initiate login with server.
+   */
+  public async initiateLogin(username: string): Promise<LoginResponse> {
+    return this.webApiService.post<LoginRequest, LoginResponse>('Auth/login', {
+      username: username.toLowerCase().trim()
+    });
+  }
+
+  /**
+   * Validate login with server using locally generated ephemeral and session proof.
+   */
+  public async validateLogin(
+    username: string,
+    passwordHashString: string,
+    rememberMe: boolean,
+    loginResponse: LoginResponse
+  ): Promise<ValidateLoginResponse> {
+    // Generate client ephemeral
+    const clientEphemeral = srp.generateEphemeral()
+
+    // Derive private key
+    const privateKey = srp.derivePrivateKey(loginResponse.salt, username, passwordHashString);
+
+    // Derive session
+    const sessionProof = srp.deriveSession(
+      clientEphemeral.secret,
+      loginResponse.serverEphemeral,
+      loginResponse.salt,
+      username,
+      privateKey
+    );
+
+    return this.webApiService.post<ValidateLoginRequest, ValidateLoginResponse>('Auth/validate', {
+      username: username.toLowerCase().trim(),
+      rememberMe: rememberMe,
+      clientPublicEphemeral: clientEphemeral.public,
+      clientSessionProof: sessionProof.proof,
+    });
+  }
+
+  /**
+   * Validate login with 2FA with server using locally generated ephemeral and session proof.
+   */
+  public async validateLogin2Fa(
+    username: string,
+    passwordHashString: string,
+    rememberMe: boolean,
+    loginResponse: LoginResponse,
+    code2Fa: number
+  ): Promise<ValidateLoginResponse> {
+    // Generate client ephemeral
+    const clientEphemeral = srp.generateEphemeral()
+
+    // Derive private key
+    const privateKey = srp.derivePrivateKey(loginResponse.salt, username, passwordHashString);
+
+    // Derive session
+    const sessionProof = srp.deriveSession(
+      clientEphemeral.secret,
+      loginResponse.serverEphemeral,
+      loginResponse.salt,
+      username,
+      privateKey
+    );
+
+    return this.webApiService.post<ValidateLoginRequest2Fa, ValidateLoginResponse>('Auth/validate-2fa', {
+      username: username.toLowerCase().trim(),
+      rememberMe: rememberMe,
+      clientPublicEphemeral: clientEphemeral.public,
+      clientSessionProof: sessionProof.proof,
+      code2Fa: code2Fa,
+    });
+  }
+}
+
+export default SrpUtility;

browser-extension/src/hooks/useMinDurationLoading.ts

@@ -0,0 +1,59 @@
+import { useState, useEffect, useCallback, useRef } from 'react';
+
+/**
+ * Hook that ensures a loading state persists for a minimum duration before being set to false.
+ * This improves the user experience by preventing the loading state from flickering.
+ *
+ * @param initialState - Initial loading state
+ * @param minDuration - Minimum duration in milliseconds
+ * @returns [isLoading, setIsLoading] - Loading state and setter
+ */
+export const useMinDurationLoading = (
+  initialState: boolean = false,
+  minDuration: number = 300
+): [boolean, (value: boolean) => void] => {
+  const [isLoading, setIsLoading] = useState(initialState);
+  const timeoutRef = useRef<NodeJS.Timeout | null>(null);
+  const startTimeRef = useRef<number | null>(null);
+
+  const setLoadingState = useCallback((value: boolean) => {
+    if (value) {
+      // Starting to load
+      setIsLoading(true);
+      startTimeRef.current = Date.now();
+    } else {
+      // Finishing loading - ensure minimum duration
+      const elapsedTime = startTimeRef.current ? Date.now() - startTimeRef.current : 0;
+      const remainingTime = Math.max(0, minDuration - elapsedTime);
+
+      if (remainingTime === 0) {
+        setIsLoading(false);
+      } else {
+        if (timeoutRef.current) {
+          clearTimeout(timeoutRef.current);
+        }
+        timeoutRef.current = setTimeout(() => {
+          setIsLoading(false);
+        }, remainingTime);
+      }
+    }
+  }, [minDuration]);
+
+  // Handle initial loading state only once
+  useEffect(() => {
+    if (initialState) {
+      setIsLoading(true);
+      startTimeRef.current = Date.now();
+    }
+  }, [initialState, setIsLoading]);
+
+  useEffect(() => {
+    return (): void => {
+      if (timeoutRef.current) {
+        clearTimeout(timeoutRef.current);
+      }
+    };
+  }, []);
+
+  return [isLoading, setLoadingState];
+};

browser-extension/src/public/assets/images/logo.svg

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg enable-background="new 0 0 500 500" version="1.1" viewBox="0 0 500 500" xml:space="preserve" xmlns="http://www.w3.org/2000/svg">
+<path d="m459.87 294.95c0.016205 5.4005 0.03241 10.801-0.35022 16.873-1.111 6.3392-1.1941 12.173-2.6351 17.649-10.922 41.508-36.731 69.481-77.351 83.408-7.2157 2.4739-14.972 3.3702-22.479 4.995-23.629 0.042205-47.257 0.11453-70.886 0.12027-46.762 0.011322-93.523-0.01416-140.95-0.43411-8.59-2.0024-16.766-2.8352-24.398-5.3326-21.595-7.0666-39.523-19.656-53.708-37.552-10.227-12.903-17.579-27.17-21.28-43.221-1.475-6.3967-2.4711-12.904-3.6852-19.361-0.051849-5.747-0.1037-11.494 0.26915-17.886 4.159-42.973 27.68-71.638 63.562-92.153 0-0.70761-0.001961-1.6988 3.12e-4 -2.69 0.022484-9.8293-1.3071-19.894 0.35664-29.438 3.2391-18.579 11.08-35.272 23.763-49.773 12.098-13.832 26.457-23.989 43.609-30.029 7.813-2.7512 16.14-4.0417 24.234-5.9948 7.392-0.025734 14.784-0.05146 22.835 0.32253 4.1959 0.95392 7.7946 1.2538 11.258 2.1053 17.16 4.2192 32.287 12.176 45.469 24.104 2.2558 2.0411 4.372 6.6241 9.621 3.868 16.839-8.8419 34.718-11.597 53.603-8.594 16.791 2.6699 31.602 9.4308 44.236 20.636 11.531 10.227 19.84 22.841 25.393 37.236 6.3436 16.445 10.389 33.163 6.0798 49.389 7.9587 8.9321 15.807 16.704 22.421 25.414 9.162 12.065 15.33 25.746 18.144 40.776 0.97046 5.1848 1.9111 10.375 2.8654 15.563m-71.597 71.012c5.5615-5.2284 12.002-9.7986 16.508-15.817 10.474-13.992 14.333-29.916 11.288-47.446-2.2496-12.95-8.1973-24.076-17.243-33.063-12.746-12.663-28.865-18.614-46.786-18.569-69.912 0.17712-139.82 0.56831-209.74 0.96176-15.922 0.089599-29.168 7.4209-39.685 18.296-14.45 14.944-20.408 33.343-16.655 54.368 2.2763 12.754 8.2167 23.748 17.158 32.66 13.299 13.255 30.097 18.653 48.728 18.651 59.321-0.005188 118.64 0.042358 177.96-0.046601 9.5912-0.014374 19.181-0.86588 28.773-0.88855 10.649-0.025146 19.978-3.825 29.687-9.1074z" fill="#EEC170"/>
+<path d="m162.77 293c15.654 4.3883 20.627 22.967 10.304 34.98-5.3104 6.1795-14.817 8.3208-24.278 5.0472-7.0723-2.4471-12.332-10.362-12.876-17.933-1.0451-14.542 11.089-23.176 21.705-23.046 1.5794 0.019287 3.1517 0.61566 5.1461 0.95184z" fill="#EEC170"/>
+<path d="m227.18 293.64c7.8499 2.3973 11.938 8.2143 13.524 15.077 1.8591 8.0439-0.44817 15.706-7.1588 21.121-6.7633 5.4572-14.417 6.8794-22.578 3.1483-8.2972-3.7933-12.836-10.849-12.736-19.438 0.1687-14.497 14.13-25.368 28.948-19.908z" fill="#EEC170"/>
+<path d="m261.57 319.07c-2.495-14.418 4.6853-22.603 14.596-26.108 9.8945-3.4995 23.181 3.4303 26.267 13.779 4.6504 15.591-7.1651 29.064-21.665 28.161-8.5254-0.53088-17.202-6.5094-19.198-15.831z" fill="#EEC170"/>
+<path d="m336.91 333.41c-9.0175-4.2491-15.337-14.349-13.829-21.682 3.0825-14.989 13.341-20.304 23.018-19.585 10.653 0.79141 17.93 7.407 19.765 17.547 1.9588 10.824-4.1171 19.939-13.494 23.703-5.272 2.1162-10.091 1.5086-15.46 0.017883z" fill="#EEC170"/>
+</svg>

browser-extension/src/utils/AppInfo.ts

@@ -0,0 +1,124 @@
+/**
+ * AppInfo class which contains information about the application version
+ * and default server URLs.
+ */
+export class AppInfo {
+  /**
+   * The current extension version. This should be updated with each release of the extension.
+   */
+  public static readonly VERSION = '0.13.0';
+
+  /**
+   * The minimum supported AliasVault server (API) version. If the server version is below this, the
+   * client will throw an error stating that the server should be updated.
+   */
+  public static readonly MIN_SERVER_VERSION = '0.12.0-dev';
+
+  /**
+   * The minimum supported AliasVault client vault version.
+   */
+  public static readonly MIN_VAULT_VERSION = '1.4.1';
+
+  /**
+   * The client name to use in the X-AliasVault-Client header.
+   * Detects the specific browser being used.
+   */
+  public static readonly CLIENT_NAME = (() : 'chrome' | 'firefox' | 'edge' | 'safari' | 'browser' => {
+    // This uses the WXT environment variables to detect the specific browser being used.
+    const env = import.meta.env;
+
+    if (env.FIREFOX) {
+      return 'firefox';
+    }
+
+    if (env.CHROME) {
+      return 'chrome';
+    }
+
+    if (env.EDGE) {
+      return 'edge';
+    }
+
+    if (env.SAFARI) {
+      return 'safari';
+    }
+
+    return 'browser';
+  })();
+
+  /**
+   * The default AliasVault client URL.
+   */
+  public static readonly DEFAULT_CLIENT_URL = 'https://app.aliasvault.net';
+
+  /**
+   * The default AliasVault web API URL.
+   */
+  public static readonly DEFAULT_API_URL = 'https://app.aliasvault.net/api';
+
+  /**
+   * Prevent instantiation of this utility class
+   */
+  private constructor() {}
+
+  /**
+   * Checks if a given vault version is supported
+   * @param vaultVersion The version to check
+   * @returns boolean indicating if the version is supported
+   */
+  public static isVaultVersionSupported(vaultVersion: string): boolean {
+    return this.versionGreaterThanOrEqualTo(vaultVersion, this.MIN_VAULT_VERSION);
+  }
+
+  /**
+   * Checks if a given server version is supported
+   * @param serverVersion The version to check
+   * @returns boolean indicating if the version is supported
+   */
+  public static isServerVersionSupported(serverVersion: string): boolean {
+    return this.versionGreaterThanOrEqualTo(serverVersion, this.MIN_SERVER_VERSION);
+  }
+
+  /**
+   * Checks if version1 is greater than or equal to version2, following SemVer rules.
+   * Pre-release versions (e.g., -alpha, -beta) are considered lower than release versions.
+   * @param version1 First version string (e.g., "1.2.3" or "1.2.3-beta")
+   * @param version2 Second version string (e.g., "1.2.0" or "1.2.0-alpha")
+   * @returns true if version1 >= version2, false otherwise
+   */
+  public static versionGreaterThanOrEqualTo(version1: string, version2: string): boolean {
+    // Split versions into core and pre-release parts
+    const [core1, preRelease1] = version1.split('-');
+    const [core2, preRelease2] = version2.split('-');
+
+    const parts1 = core1.split('.').map(Number);
+    const parts2 = core2.split('.').map(Number);
+
+    // Compare core versions first
+    for (let i = 0; i < Math.max(parts1.length, parts2.length); i++) {
+      const part1 = parts1[i] ?? 0;
+      const part2 = parts2[i] ?? 0;
+
+      if (part1 > part2) {
+        return true;
+      }
+      if (part1 < part2) {
+        return false;
+      }
+    }
+
+    // If core versions are equal, check pre-release versions.
+    if (!preRelease1 && preRelease2) {
+      return true;
+    }
+    if (preRelease1 && !preRelease2) {
+      return false;
+    }
+    if (!preRelease1 && !preRelease2) {
+      return true;
+    }
+
+    // Both have pre-release versions, compare them lexically
+    return preRelease1 >= preRelease2;
+  }
+}

browser-extension/src/utils/EncryptionUtility.tsx

@@ -0,0 +1,316 @@
+import argon2 from 'argon2-browser/dist/argon2-bundled.min.js';
+import { Email } from './types/webapi/Email';
+import { EncryptionKey } from './types/EncryptionKey';
+import { MailboxEmail } from './types/webapi/MailboxEmail';
+import { Buffer } from 'buffer';
+
+/**
+ * Utility class for encryption operations including:
+ * - Argon2id key derivation
+ * - AES-GCM symmetric encryption/decryption
+ * - RSA-OAEP asymmetric encryption/decryption
+ */
+class EncryptionUtility {
+  /**
+   * Derives a key from a password using Argon2id
+   */
+  public static async deriveKeyFromPassword(
+    password: string,
+    salt: string,
+    encryptionType: string = 'Argon2id',
+    encryptionSettings: string = '{"Iterations":1,"MemorySize":1024,"DegreeOfParallelism":4}'
+  ): Promise<Uint8Array> {
+    const settings = JSON.parse(encryptionSettings);
+
+    try {
+      if (encryptionType !== 'Argon2Id') {
+        throw new Error('Unsupported encryption type');
+      }
+
+      const hash = await argon2.hash({
+        pass: password,
+        salt: salt,
+        time: settings.Iterations,
+        mem: settings.MemorySize,
+        parallelism: settings.DegreeOfParallelism,
+        hashLen: 32,
+        type: 2, // 0 = Argon2d, 1 = Argon2i, 2 = Argon2id
+      });
+
+      // Return bytes
+      return hash.hash;
+    } catch (error) {
+      console.error('Argon2 hashing failed:', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Encrypts data using AES-GCM symmetric encryption
+   */
+  public static async symmetricEncrypt(plaintext: string, base64Key: string): Promise<string> {
+    if (!plaintext) {
+      return plaintext;
+    }
+
+    const key = await crypto.subtle.importKey(
+      "raw",
+      Uint8Array.from(atob(base64Key), c => c.charCodeAt(0)),
+      {
+        name: "AES-GCM",
+        length: 256,
+      },
+      false,
+      ["encrypt"]
+    );
+
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encoder = new TextEncoder();
+    const encoded = encoder.encode(plaintext);
+
+    const ciphertext = await crypto.subtle.encrypt(
+      { name: "AES-GCM", iv: iv },
+      key,
+      encoded
+    );
+
+    const combined = new Uint8Array(iv.length + ciphertext.byteLength);
+    combined.set(iv, 0);
+    combined.set(new Uint8Array(ciphertext), iv.length);
+
+    return btoa(
+      Array.from(combined)
+        .map(byte => String.fromCharCode(byte))
+        .join('')
+    );
+  }
+
+  /**
+   * Decrypts data using AES-GCM symmetric encryption
+   */
+  public static async symmetricDecrypt(base64Ciphertext: string, base64Key: string): Promise<string> {
+    if (!base64Ciphertext) {
+      return base64Ciphertext;
+    }
+
+    const key = await crypto.subtle.importKey(
+      "raw",
+      Uint8Array.from(atob(base64Key), c => c.charCodeAt(0)),
+      {
+        name: "AES-GCM",
+        length: 256,
+      },
+      false,
+      ["decrypt"]
+    );
+
+    const ivAndCiphertext = Uint8Array.from(atob(base64Ciphertext), c => c.charCodeAt(0));
+    const iv = ivAndCiphertext.slice(0, 12);
+    const ciphertext = ivAndCiphertext.slice(12);
+
+    const decrypted = await crypto.subtle.decrypt(
+      { name: "AES-GCM", iv: iv },
+      key,
+      ciphertext
+    );
+
+    const decoder = new TextDecoder();
+    return decoder.decode(decrypted);
+  }
+
+  /**
+   * Generates a new RSA key pair for asymmetric encryption
+   */
+  public static async generateRsaKeyPair(): Promise<{ publicKey: string, privateKey: string }> {
+    const keyPair = await crypto.subtle.generateKey(
+      {
+        name: "RSA-OAEP",
+        modulusLength: 2048,
+        publicExponent: new Uint8Array([1, 0, 1]),
+        hash: "SHA-256",
+      },
+      true,
+      ["encrypt", "decrypt"]
+    );
+
+    const publicKey = await crypto.subtle.exportKey("jwk", keyPair.publicKey);
+    const privateKey = await crypto.subtle.exportKey("jwk", keyPair.privateKey);
+
+    return {
+      publicKey: JSON.stringify(publicKey),
+      privateKey: JSON.stringify(privateKey)
+    };
+  }
+
+  /**
+   * Encrypts data using RSA-OAEP asymmetric encryption with a public key
+   */
+  public static async encryptWithPublicKey(plaintext: string, publicKey: string): Promise<string> {
+    const publicKeyObj = await crypto.subtle.importKey(
+      "jwk",
+      JSON.parse(publicKey),
+      {
+        name: "RSA-OAEP",
+        hash: "SHA-256",
+      },
+      false,
+      ["encrypt"]
+    );
+
+    const encodedPlaintext = new TextEncoder().encode(plaintext);
+    const cipherBuffer = await crypto.subtle.encrypt(
+      {
+        name: "RSA-OAEP"
+      },
+      publicKeyObj,
+      encodedPlaintext
+    );
+
+    return btoa(String.fromCharCode.apply(null, Array.from(new Uint8Array(cipherBuffer))));
+  }
+
+  /**
+   * Decrypts data using RSA-OAEP asymmetric encryption with a private key
+   */
+  public static async decryptWithPrivateKey(ciphertext: string, privateKey: string): Promise<Uint8Array> {
+    try {
+      const privateKeyObj = await crypto.subtle.importKey(
+        "jwk",
+        JSON.parse(privateKey),
+        {
+          name: "RSA-OAEP",
+          hash: "SHA-256",
+        },
+        true,
+        ["decrypt"]
+      );
+
+      const cipherBuffer = Uint8Array.from(atob(ciphertext), c => c.charCodeAt(0));
+      const plaintextBuffer = await crypto.subtle.decrypt(
+        {
+          name: "RSA-OAEP",
+          hash: "SHA-256",
+        },
+        privateKeyObj,
+        cipherBuffer
+      );
+
+      return new Uint8Array(plaintextBuffer);
+    } catch (error) {
+      console.error('RSA decryption failed:', error);
+      throw new Error(`Failed to decrypt: ${error.message}`);
+    }
+  }
+
+  /**
+   * Decrypts an individual email based on the provided public/private key pairs.
+   */
+  public static async decryptEmail(
+    email: Email,
+    encryptionKeys: EncryptionKey[]
+  ): Promise<Email> {
+    try {
+      const encryptionKey = encryptionKeys.find(key => key.PublicKey === email.encryptionKey);
+
+      if (!encryptionKey) {
+        throw new Error('Encryption key not found');
+      }
+
+      // Decrypt symmetric key with asymmetric private key
+      const symmetricKey = await EncryptionUtility.decryptWithPrivateKey(
+        email.encryptedSymmetricKey,
+        encryptionKey.PrivateKey
+      );
+      const symmetricKeyBase64 = Buffer.from(symmetricKey).toString('base64');
+
+      // Create a new object to avoid mutating the original
+      const decryptedEmail = { ...email };
+
+      // Decrypt all email fields
+      decryptedEmail.subject = await EncryptionUtility.symmetricDecrypt(email.subject, symmetricKeyBase64);
+      decryptedEmail.fromDisplay = await EncryptionUtility.symmetricDecrypt(email.fromDisplay, symmetricKeyBase64);
+      decryptedEmail.fromDomain = await EncryptionUtility.symmetricDecrypt(email.fromDomain, symmetricKeyBase64);
+      decryptedEmail.fromLocal = await EncryptionUtility.symmetricDecrypt(email.fromLocal, symmetricKeyBase64);
+
+      if (email.messageHtml) {
+        decryptedEmail.messageHtml = await EncryptionUtility.symmetricDecrypt(email.messageHtml, symmetricKeyBase64);
+      }
+      if (email.messagePlain) {
+        decryptedEmail.messagePlain = await EncryptionUtility.symmetricDecrypt(email.messagePlain, symmetricKeyBase64);
+      }
+
+      return decryptedEmail;
+    } catch (err) {
+      throw new Error(err instanceof Error ? err.message : 'Failed to decrypt email');
+    }
+  }
+
+  /**
+   * Decrypts a list of emails based on the provided public/private key pairs.
+   */
+  public static async decryptEmailList(
+    emails: MailboxEmail[],
+    encryptionKeys: EncryptionKey[]
+  ): Promise<MailboxEmail[]> {
+    return Promise.all(emails.map(async email => {
+      try {
+        const encryptionKey = encryptionKeys.find(key => key.PublicKey === email.encryptionKey);
+
+        if (!encryptionKey) {
+          throw new Error('Encryption key not found');
+        }
+
+        // Decrypt symmetric key with asymmetric private key
+        const symmetricKey = await EncryptionUtility.decryptWithPrivateKey(
+          email.encryptedSymmetricKey,
+          encryptionKey.PrivateKey
+        );
+        const symmetricKeyBase64 = Buffer.from(symmetricKey).toString('base64');
+
+        // Create a new object to avoid mutating the original
+        const decryptedEmail = { ...email };
+
+        // Decrypt all email fields
+        decryptedEmail.subject = await EncryptionUtility.symmetricDecrypt(email.subject, symmetricKeyBase64);
+        decryptedEmail.fromDisplay = await EncryptionUtility.symmetricDecrypt(email.fromDisplay, symmetricKeyBase64);
+        decryptedEmail.fromDomain = await EncryptionUtility.symmetricDecrypt(email.fromDomain, symmetricKeyBase64);
+        decryptedEmail.fromLocal = await EncryptionUtility.symmetricDecrypt(email.fromLocal, symmetricKeyBase64);
+
+        if (email.messagePreview) {
+          decryptedEmail.messagePreview = await EncryptionUtility.symmetricDecrypt(email.messagePreview, symmetricKeyBase64);
+        }
+
+        return decryptedEmail;
+      } catch (err) {
+        throw new Error(err instanceof Error ? err.message : 'Failed to decrypt email');
+      }
+    }));
+  }
+
+  /**
+   * Decrypts an attachment based on the provided public/private key pairs and returns the decrypted bytes as a base64 string.
+   */
+  public static async decryptAttachment(base64EncryptedAttachment: string, email: Email, encryptionKeys: EncryptionKey[]): Promise<string> {
+    try {
+      const encryptionKey = encryptionKeys.find(key => key.PublicKey === email.encryptionKey);
+
+      if (!encryptionKey) {
+        throw new Error('Encryption key not found');
+      }
+
+      // Decrypt symmetric key with asymmetric private key
+      const symmetricKey = await EncryptionUtility.decryptWithPrivateKey(
+        email.encryptedSymmetricKey,
+        encryptionKey.PrivateKey
+      );
+      const symmetricKeyBase64 = Buffer.from(symmetricKey).toString('base64');
+
+      const encryptedBytesString = await EncryptionUtility.symmetricDecrypt(base64EncryptedAttachment, symmetricKeyBase64);
+      return encryptedBytesString;
+    } catch (err) {
+      throw new Error(err instanceof Error ? err.message : 'Failed to decrypt attachment');
+    }
+  }
+}
+
+export default EncryptionUtility;

browser-extension/src/utils/SqliteClient.tsx

@@ -0,0 +1,426 @@
+import initSqlJs, { Database } from 'sql.js';
+import { Credential } from './types/Credential';
+import { EncryptionKey } from './types/EncryptionKey';
+
+/**
+ * Client for interacting with the SQLite database.
+ */
+class SqliteClient {
+  private db: Database | null = null;
+
+  /**
+   * Initialize the SQLite database from a base64 string
+   */
+  public async initializeFromBase64(base64String: string): Promise<void> {
+    try {
+      // Convert base64 to Uint8Array
+      const binaryString = atob(base64String);
+      const bytes = new Uint8Array(binaryString.length);
+      for (let i = 0; i < binaryString.length; i++) {
+        bytes[i] = binaryString.charCodeAt(i);
+      }
+
+      // Initialize SQL.js with the WASM file from the local file system.
+      const SQL = await initSqlJs({
+        /**
+         * Locates SQL.js files from the local file system.
+         * @param file - The name of the file to locate
+         * @returns The complete URL path to the file
+         */
+        locateFile: (file: string) => `src/${file}`
+      });
+
+      // Create database from the binary data
+      this.db = new SQL.Database(bytes);
+    } catch (error) {
+      console.error('Error initializing SQLite database:', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Export the SQLite database to a base64 string
+   * @returns Base64 encoded string of the database
+   */
+  public exportToBase64(): string {
+    if (!this.db) {
+      throw new Error('Database not initialized');
+    }
+
+    try {
+      // Export database to Uint8Array
+      const binaryArray = this.db.export();
+
+      // Convert Uint8Array to base64 string
+      let binaryString = '';
+      for (let i = 0; i < binaryArray.length; i++) {
+        binaryString += String.fromCharCode(binaryArray[i]);
+      }
+      return btoa(binaryString);
+    } catch (error) {
+      console.error('Error exporting SQLite database:', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Execute a SELECT query
+   */
+  public executeQuery<T>(query: string, params: (string | number | null | Uint8Array)[] = []): T[] {
+    if (!this.db) {
+      throw new Error('Database not initialized');
+    }
+
+    try {
+      const stmt = this.db.prepare(query);
+      stmt.bind(params);
+
+      const results: T[] = [];
+      while (stmt.step()) {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        results.push(stmt.getAsObject() as any);
+      }
+      stmt.free();
+
+      return results;
+    } catch (error) {
+      console.error('Error executing query:', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Execute an INSERT, UPDATE, or DELETE query
+   */
+  public executeUpdate(query: string, params: (string | number | null | Uint8Array)[] = []): number {
+    if (!this.db) {
+      throw new Error('Database not initialized');
+    }
+
+    try {
+      const stmt = this.db.prepare(query);
+      stmt.bind(params);
+      stmt.step();
+      const changes = this.db.getRowsModified();
+      stmt.free();
+      return changes;
+    } catch (error) {
+      console.error('Error executing update:', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Close the database connection and free resources.
+   */
+  public close(): void {
+    if (this.db) {
+      this.db.close();
+      this.db = null;
+    }
+  }
+
+  /**
+   * Fetch a single credential with its associated service information.
+   * @param credentialId - The ID of the credential to fetch.
+   * @returns Credential object with service details or null if not found.
+   */
+  public getCredentialById(credentialId: string): Credential | null {
+    const query = `
+        SELECT DISTINCT
+            c.Id,
+            c.Username,
+            c.Notes,
+            c.ServiceId,
+            s.Name as ServiceName,
+            s.Url as ServiceUrl,
+            s.Logo as Logo,
+            a.FirstName,
+            a.LastName,
+            a.NickName,
+            a.BirthDate,
+            a.Gender,
+            a.Email,
+            p.Value as Password
+        FROM Credentials c
+        LEFT JOIN Services s ON c.ServiceId = s.Id
+        LEFT JOIN Aliases a ON c.AliasId = a.Id
+        LEFT JOIN Passwords p ON p.CredentialId = c.Id
+        WHERE c.IsDeleted = 0
+        AND c.Id = ?`;
+
+    const results = this.executeQuery(query, [credentialId]);
+
+    if (results.length === 0) {
+      return null;
+    }
+
+    // Convert the first row to a Credential object
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const row = results[0] as any;
+    return {
+      Id: row.Id,
+      Username: row.Username,
+      Password: row.Password,
+      Email: row.Email,
+      ServiceName: row.ServiceName,
+      ServiceUrl: row.ServiceUrl,
+      Logo: row.Logo,
+      Notes: row.Notes,
+      Alias: {
+        FirstName: row.FirstName,
+        LastName: row.LastName,
+        NickName: row.NickName,
+        BirthDate: row.BirthDate,
+        Gender: row.Gender,
+        Email: row.Email
+      }
+    };
+  }
+
+  /**
+   * Fetch all credentials with their associated service information.
+   * @returns Array of Credential objects with service details.
+   */
+  public getAllCredentials(): Credential[] {
+    const query = `
+            SELECT DISTINCT
+                c.Id,
+                c.Username,
+                c.Notes,
+                c.ServiceId,
+                s.Name as ServiceName,
+                s.Url as ServiceUrl,
+                s.Logo as Logo,
+                a.FirstName,
+                a.LastName,
+                a.NickName,
+                a.BirthDate,
+                a.Gender,
+                a.Email,
+                p.Value as Password
+            FROM Credentials c
+            LEFT JOIN Services s ON c.ServiceId = s.Id
+            LEFT JOIN Aliases a ON c.AliasId = a.Id
+            LEFT JOIN Passwords p ON p.CredentialId = c.Id
+            WHERE c.IsDeleted = 0
+            ORDER BY c.CreatedAt DESC`;
+
+    const results = this.executeQuery(query);
+
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    return results.map((row: any) => ({
+      Id: row.Id,
+      Username: row.Username,
+      Password: row.Password,
+      Email: row.Email,
+      ServiceName: row.ServiceName,
+      ServiceUrl: row.ServiceUrl,
+      Logo: row.Logo,
+      Notes: row.Notes,
+      Alias: {
+        FirstName: row.FirstName,
+        LastName: row.LastName,
+        NickName: row.NickName,
+        BirthDate: row.BirthDate,
+        Gender: row.Gender,
+        Email: row.Email
+      }
+    }));
+  }
+
+  /**
+   * Fetch all unique email addresses from all credentials.
+   * @returns Array of email addresses.
+   */
+  public getAllEmailAddresses(): string[] {
+    const query = `
+      SELECT DISTINCT
+        a.Email
+      FROM Credentials c
+      LEFT JOIN Aliases a ON c.AliasId = a.Id
+      WHERE a.Email IS NOT NULL AND a.Email != '' AND c.IsDeleted = 0
+    `;
+
+    const results = this.executeQuery(query);
+
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    return results.map((row: any) => row.Email);
+  }
+
+  /**
+   * Fetch all encryption keys.
+   */
+  public getAllEncryptionKeys(): EncryptionKey[] {
+    return this.executeQuery<EncryptionKey>(`SELECT
+                x.PublicKey,
+                x.PrivateKey,
+                x.IsPrimary
+            FROM EncryptionKeys x`);
+  }
+
+  /**
+   * Get setting from database for a given key.
+   * Returns empty string if setting is not found.
+   */
+  public getSetting(key: string): string {
+    const results = this.executeQuery<{ Value: string }>(`SELECT
+                s.Value
+            FROM Settings s
+            WHERE s.Key = ?`, [key]);
+
+    return results.length > 0 ? results[0].Value : '';
+  }
+
+  /**
+   * Get the default email domain from the database.
+   */
+  public getDefaultEmailDomain(): string {
+    return this.getSetting('DefaultEmailDomain');
+  }
+
+  /**
+   * Create a new credential with associated entities
+   * @param credential The credential object to insert
+   * @returns The number of rows modified
+   */
+  public createCredential(credential: Credential): number {
+    if (!this.db) {
+      throw new Error('Database not initialized');
+    }
+
+    try {
+      this.db.run('BEGIN TRANSACTION');
+
+      // 1. Insert Service
+      let logoData = null;
+      try {
+        if (credential.Logo) {
+          // Handle object-like array conversion
+          if (typeof credential.Logo === 'object' && !ArrayBuffer.isView(credential.Logo)) {
+            const values = Object.values(credential.Logo);
+            logoData = new Uint8Array(values);
+          // Handle existing array types
+          } else if (Array.isArray(credential.Logo) || credential.Logo instanceof ArrayBuffer || credential.Logo instanceof Uint8Array) {
+            logoData = new Uint8Array(credential.Logo);
+          }
+        }
+      } catch (error) {
+        console.warn('Failed to convert logo to Uint8Array:', error);
+        logoData = null;
+      }
+
+      const serviceQuery = `
+                INSERT INTO Services (Id, Name, Url, Logo, CreatedAt, UpdatedAt)
+                VALUES (?, ?, ?, ?, ?, ?)`;
+      const serviceId = crypto.randomUUID().toUpperCase();
+      const currentDateTime = new Date().toISOString()
+        .replace('T', ' ')
+        .replace('Z', '')
+        .substring(0, 23);
+      this.executeUpdate(serviceQuery, [
+        serviceId,
+        credential.ServiceName,
+        credential.ServiceUrl ?? null,
+        logoData,
+        currentDateTime,
+        currentDateTime
+      ]);
+
+      // 2. Insert Alias
+      const aliasQuery = `
+                INSERT INTO Aliases (Id, FirstName, LastName, NickName, BirthDate, Gender, Email, CreatedAt, UpdatedAt)
+                VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`;
+      const aliasId = crypto.randomUUID().toUpperCase();
+      this.executeUpdate(aliasQuery, [
+        aliasId,
+        credential.Alias.FirstName ?? null,
+        credential.Alias.LastName ?? null,
+        credential.Alias.NickName ?? null,
+        credential.Alias.BirthDate ?? null,
+        credential.Alias.Gender ?? null,
+        credential.Alias.Email ?? null,
+        currentDateTime,
+        currentDateTime
+      ]);
+
+      // 3. Insert Credential
+      const credentialQuery = `
+                INSERT INTO Credentials (Id, Username, Notes, ServiceId, AliasId, CreatedAt, UpdatedAt)
+                VALUES (?, ?, ?, ?, ?, ?, ?)`;
+      const credentialId = crypto.randomUUID().toUpperCase();
+      this.executeUpdate(credentialQuery, [
+        credentialId,
+        credential.Username,
+        credential.Notes ?? null,
+        serviceId,
+        aliasId,
+        currentDateTime,
+        currentDateTime
+      ]);
+
+      // 4. Insert Password
+      if (credential.Password) {
+        const passwordQuery = `
+                    INSERT INTO Passwords (Id, Value, CredentialId, CreatedAt, UpdatedAt)
+                    VALUES (?, ?, ?, ?, ?)`;
+        const passwordId = crypto.randomUUID().toUpperCase();
+        this.executeUpdate(passwordQuery, [
+          passwordId,
+          credential.Password,
+          credentialId,
+          currentDateTime,
+          currentDateTime
+        ]);
+      }
+
+      this.db.run('COMMIT');
+      return 1;
+
+    } catch (error) {
+      this.db.run('ROLLBACK');
+      console.error('Error creating credential:', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Get the current database version from the migrations history.
+   * Returns the semantic version (e.g., "1.4.1") from the latest migration.
+   * Returns null if no migrations are found.
+   */
+  public getDatabaseVersion(): string | null {
+    if (!this.db) {
+      throw new Error('Database not initialized');
+    }
+
+    try {
+      // Query the migrations history table for the latest migration
+      const results = this.executeQuery<{ MigrationId: string }>(`
+        SELECT MigrationId
+        FROM __EFMigrationsHistory
+        ORDER BY MigrationId DESC
+        LIMIT 1`);
+
+      if (results.length === 0) {
+        return null;
+      }
+
+      // Extract version using regex - matches patterns like "20240917191243_1.4.1-RenameAttachmentsPlural"
+      const migrationId = results[0].MigrationId;
+      const versionRegex = /_(\d+\.\d+\.\d+)-/;
+      const versionMatch = versionRegex.exec(migrationId);
+
+      if (versionMatch?.[1]) {
+        return versionMatch[1];
+      }
+
+      return null;
+    } catch (error) {
+      console.error('Error getting database version:', error);
+      throw error;
+    }
+  }
+}
+
+export default SqliteClient;

browser-extension/src/utils/WebApiService.ts

@@ -0,0 +1,338 @@
+import { AppInfo } from "./AppInfo";
+import { StatusResponse } from "./types/webapi/StatusResponse";
+import { VaultResponse } from "./types/webapi/VaultResponse";
+import { storage } from 'wxt/storage';
+
+type RequestInit = globalThis.RequestInit;
+
+/**
+ * Type for the token response from the API.
+ */
+type TokenResponse = {
+  token: string;
+  refreshToken: string;
+}
+
+/**
+ * Service class for interacting with the web API.
+ */
+export class WebApiService {
+  /**
+   * Constructor for the WebApiService class.
+   *
+   * @param {Function} authContextLogout - Function to handle logout.
+   */
+  public constructor(private readonly authContextLogout: (statusError: string | null) => void) { }
+
+  /**
+   * Get the base URL for the API from settings.
+   */
+  private async getBaseUrl(): Promise<string> {
+    const result = await storage.getItem('local:apiUrl') as string;
+    if (result && result.length > 0) {
+      return result.replace(/\/$/, '') + '/v1/';
+    }
+
+    return AppInfo.DEFAULT_API_URL.replace(/\/$/, '') + '/v1/';
+  }
+
+  /**
+   * Fetch data from the API.
+   */
+  public async fetch<T>(
+    endpoint: string,
+    options: RequestInit = {},
+    parseJson: boolean = true
+  ): Promise<T> {
+    const baseUrl = await this.getBaseUrl();
+    const url = baseUrl + endpoint;
+    const headers = new Headers(options.headers ?? {});
+
+    // Add authorization header if we have an access token
+    const accessToken = await this.getAccessToken();
+    if (accessToken) {
+      headers.set('Authorization', `Bearer ${accessToken}`);
+    }
+
+    // Add client version header
+    headers.set('X-AliasVault-Client', `${AppInfo.CLIENT_NAME}-${AppInfo.VERSION}`);
+
+    const requestOptions: RequestInit = {
+      ...options,
+      headers,
+    };
+
+    try {
+      const response = await fetch(url, requestOptions);
+
+      if (response.status === 401) {
+        const newToken = await this.refreshAccessToken();
+        if (newToken) {
+          headers.set('Authorization', `Bearer ${newToken}`);
+          const retryResponse = await fetch(url, {
+            ...requestOptions,
+            headers,
+          });
+
+          if (!retryResponse.ok) {
+            throw new Error('Request failed after token refresh');
+          }
+
+          return parseJson ? retryResponse.json() : retryResponse as unknown as T;
+        } else {
+          this.authContextLogout(null);
+          throw new Error('Session expired');
+        }
+      }
+
+      if (!response.ok) {
+        throw new Error(`HTTP error! status: ${response.status}`);
+      }
+
+      return parseJson ? response.json() : response as unknown as T;
+    } catch (error) {
+      console.error('API request failed:', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Refresh the access token.
+   */
+  private async refreshAccessToken(): Promise<string | null> {
+    const refreshToken = await this.getRefreshToken();
+    if (!refreshToken) {
+      return null;
+    }
+
+    try {
+      const baseUrl = await this.getBaseUrl();
+
+      const response = await fetch(`${baseUrl}Auth/refresh`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Ignore-Failure': 'true',
+          'X-AliasVault-Client': `${AppInfo.CLIENT_NAME}-${AppInfo.VERSION}`,
+        },
+        body: JSON.stringify({
+          token: await this.getAccessToken(),
+          refreshToken: refreshToken,
+        }),
+      });
+
+      if (!response.ok) {
+        throw new Error('Failed to refresh token');
+      }
+
+      const tokenResponse: TokenResponse = await response.json();
+      this.updateTokens(tokenResponse.token, tokenResponse.refreshToken);
+      return tokenResponse.token;
+    } catch {
+      this.authContextLogout('Your session has expired. Please login again.');
+      return null;
+    }
+  }
+
+  /**
+   * Issue GET request to the API.
+   */
+  public async get<T>(endpoint: string): Promise<T> {
+    return this.fetch<T>(endpoint, { method: 'GET' });
+  }
+
+  /**
+   * Issue GET request to the API expecting a file download and return it as a Base64 string.
+   */
+  public async downloadBlobAndConvertToBase64(endpoint: string): Promise<string> {
+    try {
+      const response = await this.fetch<Response>(endpoint, {
+        method: 'GET',
+        headers: {
+          'Accept': 'application/octet-stream',
+        }
+      }, false);
+
+      // Ensure we get the response as a blob
+      const blob = await response.blob();
+      return await this.blobToBase64(blob);
+    } catch (error) {
+      console.error('Error fetching and converting to Base64:', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Issue POST request to the API.
+   */
+  public async post<TRequest, TResponse>(
+    endpoint: string,
+    data: TRequest,
+    parseJson: boolean = true
+  ): Promise<TResponse> {
+    return this.fetch<TResponse>(endpoint, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(data),
+    }, parseJson);
+  }
+
+  /**
+   * Issue PUT request to the API.
+   */
+  public async put<TRequest, TResponse>(endpoint: string, data: TRequest): Promise<TResponse> {
+    return this.fetch<TResponse>(endpoint, {
+      method: 'PUT',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(data),
+    });
+  }
+
+  /**
+   * Issue DELETE request to the API.
+   */
+  public async delete<T>(endpoint: string): Promise<T> {
+    return this.fetch<T>(endpoint, { method: 'DELETE' }, false);
+  }
+
+  /**
+   * Logout and revoke tokens via WebApi and remove local storage tokens via AuthContext.
+   */
+  public async logout(statusError: string | null = null): Promise<void> {
+    // Logout and revoke tokens via WebApi.
+    try {
+      const refreshToken = await this.getRefreshToken();
+      if (!refreshToken) {
+        return;
+      }
+
+      await this.post('Auth/revoke', {
+        token: await this.getAccessToken(),
+        refreshToken: refreshToken,
+      }, false);
+    } catch (err) {
+      console.error('WebApi logout error:', err);
+    }
+
+    // Logout and remove tokens from local storage via AuthContext.
+    this.authContextLogout(statusError);
+  }
+
+  /**
+   * Calls the status endpoint to check if the auth tokens are still valid, app is supported and the vault is up to date.
+   */
+  public async getStatus(): Promise<StatusResponse> {
+    try {
+      return await this.get<StatusResponse>('Auth/status');
+    } catch {
+      /**
+       * If the status endpoint is not available, return a default status response which will trigger
+       * a logout and error message.
+       */
+      return {
+        clientVersionSupported: true,
+        serverVersion: '0.0.0',
+        vaultRevision: 0
+      };
+    }
+  }
+
+  /**
+   * Validates the status response and returns an error message if validation fails.
+   */
+  public validateStatusResponse(statusResponse: StatusResponse): string | null {
+    if (statusResponse.serverVersion === '0.0.0') {
+      return 'The AliasVault server is not available. Please try again later or contact support if the problem persists.';
+    }
+
+    if (!statusResponse.clientVersionSupported) {
+      return 'This version of the AliasVault browser extension is outdated. Please update your browser extension to the latest version.';
+    }
+
+    if (!AppInfo.isServerVersionSupported(statusResponse.serverVersion)) {
+      return 'The AliasVault server needs to be updated to a newer version in order to use this browser extension. Please contact support if you need help.';
+    }
+
+    return null;
+  }
+
+  /**
+   * Validates the vault response and returns an error message if validation fails
+   */
+  public validateVaultResponse(vaultResponseJson: VaultResponse): string | null {
+    /**
+     * Status 0 = OK, vault is ready.
+     * Status 1 = Merge required, which only the web client supports.
+     */
+    if (vaultResponseJson.status !== 0) {
+      return 'Your vault needs to be updated. Please login on the AliasVault website and follow the steps.';
+    }
+
+    if (!vaultResponseJson.vault?.blob) {
+      return 'Your account does not have a vault yet. Please complete the tutorial in the AliasVault web client before using the browser extension.';
+    }
+
+    if (!AppInfo.isVaultVersionSupported(vaultResponseJson.vault.version)) {
+      return 'Your vault is outdated. Please login via the web client to update your vault.';
+    }
+
+    return null;
+  }
+
+  /**
+   * Get the current access token from storage.
+   */
+  private async getAccessToken(): Promise<string | null> {
+    const token = await storage.getItem('local:accessToken') as string;
+    return token ?? null;
+  }
+
+  /**
+   * Get the current refresh token from storage.
+   */
+  private async getRefreshToken(): Promise<string | null> {
+    const token = await storage.getItem('local:refreshToken') as string;
+    return token ?? null;
+  }
+
+  /**
+   * Update both access and refresh tokens in storage.
+   */
+  private async updateTokens(accessToken: string, refreshToken: string): Promise<void> {
+    await storage.setItem('local:accessToken', accessToken);
+    await storage.setItem('local:refreshToken', refreshToken);
+  }
+
+  /**
+   * Convert a Blob to a Base64 string.
+   */
+  private async blobToBase64(blob: Blob): Promise<string> {
+    return new Promise((resolve, reject) => {
+      const reader = new FileReader();
+
+      /**
+       * When the reader has finished loading, convert the result to a Base64 string.
+       */
+      reader.onloadend = (): void => {
+        const result = reader.result;
+        if (typeof result === 'string') {
+          resolve(result.split(',')[1]); // Remove the data URL prefix
+        } else {
+          reject(new Error('Failed to convert Blob to Base64.'));
+        }
+      };
+
+      /**
+       * If the reader encounters an error, reject the promise with a proper Error object.
+       */
+      reader.onerror = (): void => {
+        reject(new Error('Failed to read blob as Data URL'));
+      };
+      reader.readAsDataURL(blob);
+    });
+  }
+}

browser-extension/src/utils/__tests__/AppInfo.test.ts

@@ -0,0 +1,38 @@
+import { AppInfo } from '../AppInfo';
+import { describe, it, expect } from 'vitest';
+
+describe('AppInfo', () => {
+  describe('isVersionSupported', () => {
+    it('should support exact version match', () => {
+      expect(AppInfo.versionGreaterThanOrEqualTo('1.0.0', '1.0.0')).toBe(true);
+    });
+
+    it('should support higher patch versions', () => {
+      expect(AppInfo.versionGreaterThanOrEqualTo('1.0.5', '1.0.0')).toBe(true);
+      expect(AppInfo.versionGreaterThanOrEqualTo('1.0.10', '1.0.2')).toBe(true);
+    });
+
+    it('should support higher minor versions', () => {
+      expect(AppInfo.versionGreaterThanOrEqualTo('1.2.0', '1.0.0')).toBe(true);
+      expect(AppInfo.versionGreaterThanOrEqualTo('1.5.0', '1.3.0')).toBe(true);
+    });
+
+    it('should support higher major versions', () => {
+      expect(AppInfo.versionGreaterThanOrEqualTo('2.0.0', '1.0.0')).toBe(true);
+      expect(AppInfo.versionGreaterThanOrEqualTo('3.0.0', '2.5.1')).toBe(true);
+    });
+
+    it('should handle development versions', () => {
+      expect(AppInfo.versionGreaterThanOrEqualTo('1.4.0', '1.4.0-dev')).toBe(true);
+      expect(AppInfo.versionGreaterThanOrEqualTo('2.0.0-dev', '1.9.9')).toBe(true);
+      expect(AppInfo.versionGreaterThanOrEqualTo('1.5.0-dev', '1.5.1')).toBe(false);
+    });
+
+    it('should reject lower versions', () => {
+      expect(AppInfo.versionGreaterThanOrEqualTo('1.0.0', '1.0.1')).toBe(false);
+      expect(AppInfo.versionGreaterThanOrEqualTo('1.0.0', '1.4.1')).toBe(false);
+      expect(AppInfo.versionGreaterThanOrEqualTo('1.4.0', '1.5.0')).toBe(false);
+      expect(AppInfo.versionGreaterThanOrEqualTo('1.9.9', '2.0.0')).toBe(false);
+    });
+  });
+});

browser-extension/src/utils/formDetector/FieldPatterns.ts

@@ -0,0 +1,232 @@
+/**
+ * Type for field patterns. These patterns are used to detect individual fields in the form.
+ */
+export type FieldPatterns = {
+    username: string[];
+    firstName: string[];
+    lastName: string[];
+    fullName: string[];
+    email: string[];
+    emailConfirm: string[];
+    password: string[];
+    birthdate: string[];
+    gender: string[];
+    birthDateDay: string[];
+    birthDateMonth: string[];
+    birthDateYear: string[];
+}
+
+/**
+ * Type for gender option patterns. These patterns are used to detect individual gender options (radio/select) in the form.
+ */
+export type GenderOptionPatterns = {
+    male: string[];
+    female: string[];
+    other: string[];
+}
+
+/**
+ * Type for date option patterns. These patterns are used to detect individual date options (select) in the form.
+ * Each array in months must contain exactly 12 elements representing the months in a specific language.
+ */
+export type DateOptionPatterns = {
+    months: string[][];
+}
+
+/**
+ * English field patterns to detect English form fields.
+ */
+export const EnglishFieldPatterns: FieldPatterns = {
+  username: ['username', 'login', 'identifier', 'user'],
+  fullName: ['fullname', 'full-name', 'full name'],
+  firstName: ['firstname', 'first-name', 'first_name', 'fname', 'name', 'given-name'],
+  lastName: ['lastname', 'last-name', 'last_name', 'lname', 'surname', 'family-name'],
+  email: ['email', 'mail', 'emailaddress'],
+  emailConfirm: ['confirm', 'verification', 'repeat', 'retype', 'verify'],
+  password: ['password', 'pwd', 'pass'],
+  birthdate: ['birthdate', 'birth-date', 'dob', 'date-of-birth'],
+  gender: ['gender', 'sex'],
+  birthDateDay: ['birth-day', 'birthday', 'day', 'birthdate_d'],
+  birthDateMonth: ['birth-month', 'birthmonth', 'month', 'birthdate_m'],
+  birthDateYear: ['birth-year', 'birthyear', 'year', 'birthdate_y']
+};
+
+/**
+ * English gender option patterns.
+ */
+export const EnglishGenderOptionPatterns: GenderOptionPatterns = {
+  male: ['male', 'man', 'm', 'gender1', 'mr', 'mr.'],
+  female: ['female', 'woman', 'f', 'gender2', 'mrs', 'mrs.', 'ms', 'ms.'],
+  other: ['other', 'diverse', 'custom', 'prefer not', 'unknown', 'gender3']
+};
+
+/**
+ * English date option patterns. These are used to detect the month name in the date field.
+ */
+export const EnglishDateOptionPatterns: DateOptionPatterns = {
+  months: [
+    ['january', 'february', 'march', 'april', 'may', 'june', 'july', 'august', 'september', 'october', 'november', 'december']
+  ],
+};
+
+/**
+ * English words to filter out from page titles during autofill matching to
+ * prevent generic words from causing false positives.
+ */
+export const EnglishStopWords = new Set([
+  // Authentication related
+  'login', 'signin', 'sign', 'register', 'signup', 'account',
+  'authentication', 'password', 'access', 'auth', 'session',
+  'authenticate', 'credentials', 'logout', 'signout',
+
+  // Navigation/Site sections
+  'portal', 'dashboard', 'home', 'welcome', 'page', 'site',
+  'secure', 'member', 'user', 'profile', 'settings', 'menu',
+  'overview', 'index', 'main', 'start', 'landing',
+
+  // Marketing/Promotional
+  'free', 'create', 'new', 'your', 'special', 'offer',
+  'deal', 'discount', 'promotion',
+
+  // Common website sections
+  'help', 'support', 'contact', 'about', 'faq', 'terms',
+  'privacy', 'cookie', 'service', 'services', 'products',
+  'shop', 'store', 'cart', 'checkout',
+
+  // Generic descriptors
+  'online', 'web', 'digital', 'mobile', 'my', 'personal',
+  'private', 'general', 'default', 'standard',
+
+  // System/Technical
+  'system', 'admin', 'administrator', 'platform', 'portal',
+  'gateway', 'api', 'interface', 'console',
+
+  // Time-related
+  'today', 'now', 'current', 'latest', 'newest', 'recent'
+]);
+
+/**
+ * Dutch field patterns used to detect Dutch form fields.
+ */
+export const DutchFieldPatterns: FieldPatterns = {
+  username: ['gebruikersnaam', 'gebruiker', 'login', 'identifier'],
+  fullName: ['volledige naam'],
+  firstName: ['voornaam', 'naam'],
+  lastName: ['achternaam'],
+  email: ['e-mailadres', 'e-mail'],
+  emailConfirm: ['bevestig', 'herhaal', 'verificatie'],
+  password: ['wachtwoord', 'pwd'],
+  birthdate: ['geboortedatum', 'geboorte-datum'],
+  gender: ['geslacht', 'aanhef'],
+  birthDateDay: ['dag'],
+  birthDateMonth: ['maand'],
+  birthDateYear: ['jaar']
+};
+
+/**
+ * Dutch gender option patterns
+ */
+export const DutchGenderOptionPatterns: GenderOptionPatterns = {
+  male: ['man', 'mannelijk', 'heer'],
+  female: ['vrouw', 'vrouwelijk', 'mevrouw'],
+  other: ['anders', 'iets', 'overig', 'onbekend']
+};
+
+/**
+ * Dutch date option patterns. These are used to detect the month name in the date field.
+ */
+export const DutchDateOptionPatterns: DateOptionPatterns = {
+  months: [
+    ['januari', 'februari', 'maart', 'april', 'mei', 'juni', 'juli', 'augustus', 'september', 'oktober', 'november', 'december']
+  ],
+};
+
+/**
+ * Dutch words to filter out from page titles during autofill matching to
+ * prevent generic words from causing false positives.
+ */
+export const DutchStopWords = new Set([
+  // Authentication related
+  'inloggen', 'registreren', 'registratie', 'aanmelden',
+  'inschrijven', 'uitloggen', 'wachtwoord', 'toegang',
+  'authenticatie', 'account',
+
+  // Navigation/Site sections
+  'portaal', 'overzicht', 'startpagina', 'welkom', 'pagina',
+  'beveiligd', 'lid', 'gebruiker', 'profiel', 'instellingen',
+  'menu', 'begin', 'hoofdpagina',
+
+  // Marketing/Promotional
+  'gratis', 'nieuw', 'jouw', 'schrijf', 'nieuwsbrief',
+  'aanbieding', 'korting', 'speciaal', 'actie',
+
+  // Common website sections
+  'hulp', 'ondersteuning', 'contact', 'over', 'voorwaarden',
+  'privacy', 'cookie', 'dienst', 'diensten', 'producten',
+  'winkel', 'bestellen', 'winkelwagen',
+
+  // Generic descriptors
+  'online', 'web', 'digitaal', 'mobiel', 'mijn', 'persoonlijk',
+  'privé', 'algemeen', 'standaard',
+
+  // System/Technical
+  'systeem', 'beheer', 'beheerder', 'platform', 'portaal',
+  'interface', 'console',
+
+  // Time-related
+  'vandaag', 'nu', 'huidig', 'recent', 'nieuwste'
+]);
+
+/**
+ * Combined field patterns which includes all supported languages.
+ */
+export const CombinedFieldPatterns: FieldPatterns = {
+  username: [...new Set([...EnglishFieldPatterns.username, ...DutchFieldPatterns.username])],
+  fullName: [...new Set([...EnglishFieldPatterns.fullName, ...DutchFieldPatterns.fullName])],
+  firstName: [...new Set([...EnglishFieldPatterns.firstName, ...DutchFieldPatterns.firstName])],
+  lastName: [...new Set([...EnglishFieldPatterns.lastName, ...DutchFieldPatterns.lastName])],
+  /**
+   * NOTE: Dutch email patterns should be prioritized over English email patterns due to how
+   * the nl-registration-form5.html honeypot field is named. The order of the patterns
+   * determine which field is detected. If a pattern entry with higher index is detected, that
+   * field will be selected instead of the lower index one.
+   */
+  email: [...new Set([...DutchFieldPatterns.email, ...EnglishFieldPatterns.email])],
+  emailConfirm: [...new Set([...EnglishFieldPatterns.emailConfirm, ...DutchFieldPatterns.emailConfirm])],
+  password: [...new Set([...EnglishFieldPatterns.password, ...DutchFieldPatterns.password])],
+  birthdate: [...new Set([...EnglishFieldPatterns.birthdate, ...DutchFieldPatterns.birthdate])],
+  gender: [...new Set([...EnglishFieldPatterns.gender, ...DutchFieldPatterns.gender])],
+  birthDateDay: [...new Set([...EnglishFieldPatterns.birthDateDay, ...DutchFieldPatterns.birthDateDay])],
+  birthDateMonth: [...new Set([...EnglishFieldPatterns.birthDateMonth, ...DutchFieldPatterns.birthDateMonth])],
+  birthDateYear: [...new Set([...EnglishFieldPatterns.birthDateYear, ...DutchFieldPatterns.birthDateYear])]
+};
+
+/**
+ * Combined gender option patterns which includes all supported languages.
+ */
+export const CombinedGenderOptionPatterns: GenderOptionPatterns = {
+  male: [...new Set([...EnglishGenderOptionPatterns.male, ...DutchGenderOptionPatterns.male])],
+  female: [...new Set([...EnglishGenderOptionPatterns.female, ...DutchGenderOptionPatterns.female])],
+  other: [...new Set([...EnglishGenderOptionPatterns.other, ...DutchGenderOptionPatterns.other])]
+};
+
+/**
+ * Combined date option patterns which includes all supported languages.
+ * Each array in months must contain exactly 12 elements representing the months in a specific language.
+ * These are used to detect the month name in the date field.
+ */
+export const CombinedDateOptionPatterns: DateOptionPatterns = {
+  months: [
+    ...EnglishDateOptionPatterns.months,
+    ...DutchDateOptionPatterns.months
+  ],
+};
+
+/**
+ * Combined stop words from all supported languages. These are used to filter out generic words from page titles
+ * during autofill matching to prevent generic words from causing false positives.
+ */
+export const CombinedStopWords = new Set([
+  ...EnglishStopWords,
+  ...DutchStopWords
+]);

browser-extension/src/utils/formDetector/FormDetector.ts

@@ -0,0 +1,479 @@
+import { FormFields } from "./types/FormFields";
+import { CombinedFieldPatterns, CombinedGenderOptionPatterns } from "./FieldPatterns";
+
+/**
+ * Form detector.
+ */
+export class FormDetector {
+  private readonly document: Document;
+  private readonly clickedElement: HTMLElement | null;
+
+  /**
+   * Constructor.
+   */
+  public constructor(document: Document, clickedElement?: HTMLElement) {
+    this.document = document;
+    this.clickedElement = clickedElement ?? null;
+  }
+
+  /**
+   * Detect login forms on the page based on the clicked element.
+   *
+   * @param force - Force the detection of forms, skipping checks such as if the element contains autocomplete="off".
+   */
+  public containsLoginForm(force: boolean = false): boolean {
+    if (this.clickedElement) {
+      const formWrapper = this.clickedElement.closest('form') ?? this.document.body;
+
+      /**
+       * Sanity check: if form contains more than 150 inputs, don't process as this is likely not a login form.
+       * This is a simple way to prevent processing large forms that are not login forms and making the browser page unresponsive.
+       */
+      const inputCount = formWrapper.querySelectorAll('input').length;
+      if (inputCount > 200) {
+        return false;
+      }
+
+      // Check if the wrapper contains a password or likely username field before processing.
+      if (this.containsPasswordField(formWrapper) || this.containsLikelyUsernameOrEmailField(formWrapper, force)) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Detect login forms on the page based on the clicked element.
+   *
+   * @param force - Force the detection of forms, skipping checks such as if the element contains autocomplete="off".
+   */
+  public getForm(): FormFields | null {
+    if (!this.clickedElement) {
+      return null;
+    }
+
+    const formWrapper = this.clickedElement.closest('form') ?? this.document.body;
+    return this.detectFormFields(formWrapper);
+  }
+
+  /**
+   * Find an input field based on common patterns in its attributes.
+   */
+  private findInputField(
+    form: HTMLFormElement | null,
+    patterns: string[],
+    types: string[],
+    excludeElements: HTMLInputElement[] = []
+  ): HTMLInputElement | null {
+    const candidates = form
+      ? form.querySelectorAll<HTMLInputElement>('input, select')
+      : this.document.querySelectorAll<HTMLInputElement>('input, select');
+
+    // Track best match and its pattern index
+    let bestMatch: HTMLInputElement | null = null;
+    let bestMatchIndex = patterns.length;
+
+    for (const input of Array.from(candidates)) {
+      // Skip if this element is already used
+      if (excludeElements.includes(input)) {
+        continue;
+      }
+
+      // Handle both input and select elements
+      const type = input.tagName.toLowerCase() === 'select' ? 'select' : input.type.toLowerCase();
+      if (!types.includes(type)) {
+        continue;
+      }
+
+      // Collect all text attributes to check
+      const attributes = [
+        input.id,
+        input.name,
+        input.placeholder
+      ].map(attr => attr?.toLowerCase() ?? '');
+
+      // Check for associated labels if input has an ID or name
+      if (input.id || input.name) {
+        const label = this.document.querySelector(`label[for="${input.id || input.name}"]`);
+        if (label) {
+          attributes.push(label.textContent?.toLowerCase() ?? '');
+        }
+      }
+
+      // Check for parent label and table cell structure
+      let currentElement = input;
+      for (let i = 0; i < 3; i++) {
+        // Check for parent label
+        const parentLabel = currentElement.closest('label');
+        if (parentLabel) {
+          attributes.push(parentLabel.textContent?.toLowerCase() ?? '');
+          break;
+        }
+
+        // Check for table cell structure
+        const parentTd = currentElement.closest('td');
+        if (parentTd) {
+          // Get the parent row
+          const parentTr = parentTd.closest('tr');
+          if (parentTr) {
+            // Check all sibling cells in the row
+            const siblingTds = parentTr.querySelectorAll('td');
+            for (const td of siblingTds) {
+              if (td !== parentTd) { // Skip the cell containing the input
+                attributes.push(td.textContent?.toLowerCase() ?? '');
+              }
+            }
+          }
+          break; // Found table structure, no need to continue up the tree
+        }
+
+        if (currentElement.parentElement) {
+          currentElement = currentElement.parentElement as HTMLInputElement;
+        } else {
+          break;
+        }
+      }
+
+      // Find the earliest matching pattern
+      for (let i = 0; i < patterns.length; i++) {
+        if (i >= bestMatchIndex) {
+          break;
+        } // Skip if we already have a better match
+        if (attributes.some(attr => attr.includes(patterns[i]))) {
+          bestMatch = input;
+          bestMatchIndex = i;
+          break; // Found the best possible match for this input
+        }
+      }
+    }
+
+    return bestMatch;
+  }
+
+  /**
+   * Find the email field in the form.
+   */
+  private findEmailField(form: HTMLFormElement | null): {
+    primary: HTMLInputElement | null,
+    confirm: HTMLInputElement | null
+  } {
+    // Find primary email field
+    const primaryEmail = this.findInputField(
+      form,
+      CombinedFieldPatterns.email,
+      ['text', 'email']
+    );
+
+    // Find confirmation email field if primary exists
+    const confirmEmail = primaryEmail
+      ? this.findInputField(
+        form,
+        CombinedFieldPatterns.emailConfirm,
+        ['text', 'email']
+      )
+      : null;
+
+    return {
+      primary: primaryEmail,
+      confirm: confirmEmail
+    };
+  }
+
+  /**
+   * Find the birthdate fields in the form.
+   */
+  private findBirthdateFields(form: HTMLFormElement | null, excludeElements: HTMLInputElement[] = []): FormFields['birthdateField'] {
+    // First try to find a single date input
+    const singleDateField = this.findInputField(form, CombinedFieldPatterns.birthdate, ['date', 'text'], excludeElements);
+
+    // Detect date format by searching all text content in the form
+    let format = 'yyyy-mm-dd'; // default format
+    if (form && singleDateField) {
+      // Get the parent container
+      const container = singleDateField.closest('div');
+      if (container) {
+        // Collect text from all relevant elements
+        const elements = [
+          ...Array.from(container.getElementsByTagName('label')),
+          ...Array.from(container.getElementsByTagName('span')),
+          container
+        ];
+
+        const allText = elements
+          .map(el => el.textContent?.toLowerCase() ?? '')
+          .join(' ')
+          // Normalize different types of spaces and separators
+          .replace(/[\s\u00A0]/g, '')
+          // Don't replace separators yet to detect the preferred one
+          .toLowerCase();
+
+        // Check for date format patterns with either slash or dash
+        if (/dd[-/]mm[-/]jj/i.test(allText) || /dd[-/]mm[-/]yyyy/i.test(allText)) {
+          // Determine separator style from the matched pattern
+          format = allText.includes('/') ? 'dd/mm/yyyy' : 'dd-mm-yyyy';
+        } else if (/mm[-/]dd[-/]yyyy/i.test(allText)) {
+          format = allText.includes('/') ? 'mm/dd/yyyy' : 'mm-dd-yyyy';
+        } else if (/yyyy[-/]mm[-/]dd/i.test(allText)) {
+          format = allText.includes('/') ? 'yyyy/mm/dd' : 'yyyy-mm-dd';
+        }
+
+        // Check placeholder as fallback
+        if (format === 'yyyy-mm-dd' && singleDateField.placeholder) {
+          const placeholder = singleDateField.placeholder.toLowerCase();
+          if (/dd[-/]mm/i.test(placeholder)) {
+            format = placeholder.includes('/') ? 'dd/mm/yyyy' : 'dd-mm-yyyy';
+          } else if (/mm[-/]dd/i.test(placeholder)) {
+            format = placeholder.includes('/') ? 'mm/dd/yyyy' : 'mm-dd-yyyy';
+          }
+        }
+      }
+    }
+
+    if (singleDateField) {
+      return {
+        single: singleDateField,
+        format,
+        day: null,
+        month: null,
+        year: null
+      };
+    }
+
+    // Look for separate day/month/year fields
+    const dayField = this.findInputField(form, CombinedFieldPatterns.birthDateDay, ['text', 'number', 'select'], excludeElements);
+    const monthField = this.findInputField(form, CombinedFieldPatterns.birthDateMonth, ['text', 'number', 'select'], excludeElements);
+    const yearField = this.findInputField(form, CombinedFieldPatterns.birthDateYear, ['text', 'number', 'select'], excludeElements);
+
+    return {
+      single: null,
+      format: 'yyyy-mm-dd', // Default format for separate fields
+      day: dayField,
+      month: monthField,
+      year: yearField
+    };
+  }
+
+  /**
+   * Find the gender field in the form.
+   */
+  private findGenderField(form: HTMLFormElement | null, excludeElements: HTMLInputElement[] = []): FormFields['genderField'] {
+    // Try to find select or input element using the shared method
+    const genderField = this.findInputField(
+      form,
+      CombinedFieldPatterns.gender,
+      ['select'],
+      excludeElements
+    );
+
+    if (genderField?.tagName.toLowerCase() === 'select') {
+      return {
+        type: 'select',
+        field: genderField
+      };
+    }
+
+    // Try to find radio buttons
+    const radioButtons = form
+      ? form.querySelectorAll<HTMLInputElement>('input[type="radio"][name*="gender"], input[type="radio"][name*="sex"]')
+      : null;
+
+    if (radioButtons && radioButtons.length > 0) {
+      /**
+       * Find a radio button by patterns.
+       */
+      const findRadioByPatterns = (patterns: string[], isOther: boolean = false) : HTMLInputElement | null => {
+        return Array.from(radioButtons).find(radio => {
+          const attributes = [
+            radio.value,
+            radio.id,
+            radio.name,
+            radio.labels?.[0]?.textContent ?? ''
+          ].map(attr => attr?.toLowerCase() ?? '');
+
+          // For "other" patterns, skip if it matches male or female patterns
+          if (isOther && (
+            CombinedGenderOptionPatterns.male.some(pattern => attributes.some(attr => attr.includes(pattern))) ||
+            CombinedGenderOptionPatterns.female.some(pattern => attributes.some(attr => attr.includes(pattern)))
+          )) {
+            return false;
+          }
+
+          return patterns.some(pattern =>
+            attributes.some(attr => attr.includes(pattern))
+          );
+        }) ?? null;
+      };
+
+      return {
+        type: 'radio',
+        field: null, // Set to null since we're providing specific mappings
+        radioButtons: {
+          male: findRadioByPatterns(CombinedGenderOptionPatterns.male),
+          female: findRadioByPatterns(CombinedGenderOptionPatterns.female),
+          other: findRadioByPatterns(CombinedGenderOptionPatterns.other)
+        }
+      };
+    }
+
+    // Fall back to regular text input
+    const textField = this.findInputField(form, CombinedFieldPatterns.gender, ['text'], excludeElements);
+
+    return {
+      type: 'text',
+      field: textField
+    };
+  }
+
+  /**
+   * Find the password field in a form.
+   */
+  private findPasswordField(form: HTMLFormElement | null): {
+    primary: HTMLInputElement | null,
+    confirm: HTMLInputElement | null
+  } {
+    const candidates = form
+      ? form.querySelectorAll<HTMLInputElement>('input[type="password"]')
+      : this.document.querySelectorAll<HTMLInputElement>('input[type="password"]');
+
+    const candidateArray = Array.from(candidates);
+
+    return {
+      primary: candidateArray[0] ?? null,
+      confirm: candidateArray[1] ?? null
+    };
+  }
+
+  /**
+   * Check if a form contains a password field.
+   */
+  private containsPasswordField(wrapper: HTMLElement): boolean {
+    const passwordFields = this.findPasswordField(wrapper as HTMLFormElement | null);
+    if (passwordFields.primary) {
+      return true;
+    }
+
+    return false;
+  }
+
+  /**
+   * Check if a form contains a likely username or email field.
+   */
+  private containsLikelyUsernameOrEmailField(wrapper: HTMLElement, force: boolean = false): boolean {
+    // Check if the form contains an email field.
+    const emailFields = this.findEmailField(wrapper as HTMLFormElement | null);
+    if (emailFields.primary) {
+      const isValid = force || emailFields.primary.getAttribute('autocomplete') !== 'off';
+      if (isValid) {
+        return true;
+      }
+    }
+
+    // Check if the form contains a username field.
+    const usernameField = this.findInputField(wrapper as HTMLFormElement | null, CombinedFieldPatterns.username, ['text'], []);
+    if (usernameField) {
+      const isValid = force || usernameField.getAttribute('autocomplete') !== 'off';
+      if (isValid) {
+        return true;
+      }
+    }
+
+    // Check if the form contains a first name field.
+    const firstNameField = this.findInputField(wrapper as HTMLFormElement | null, CombinedFieldPatterns.firstName, ['text'], []);
+    if (firstNameField) {
+      const isValid = force || firstNameField.getAttribute('autocomplete') !== 'off';
+      if (isValid) {
+        return true;
+      }
+    }
+
+    // Check if the form contains a last name field.
+    const lastNameField = this.findInputField(wrapper as HTMLFormElement | null, CombinedFieldPatterns.lastName, ['text'], []);
+    if (lastNameField) {
+      const isValid = force || lastNameField.getAttribute('autocomplete') !== 'off';
+      if (isValid) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Create a form entry.
+   */
+  private detectFormFields(wrapper: HTMLElement | null): FormFields {
+    // Keep track of detected fields to prevent overlap
+    const detectedFields: HTMLInputElement[] = [];
+
+    // Find fields in priority order (most specific to least specific).
+    const emailFields = this.findEmailField(wrapper as HTMLFormElement | null);
+    if (emailFields.primary) {
+      detectedFields.push(emailFields.primary);
+    }
+    if (emailFields.confirm) {
+      detectedFields.push(emailFields.confirm);
+    }
+
+    const passwordFields = this.findPasswordField(wrapper as HTMLFormElement | null);
+    if (passwordFields.primary) {
+      detectedFields.push(passwordFields.primary);
+    }
+    if (passwordFields.confirm) {
+      detectedFields.push(passwordFields.confirm);
+    }
+
+    const usernameField = this.findInputField(wrapper as HTMLFormElement | null, CombinedFieldPatterns.username, ['text'], detectedFields);
+    if (usernameField) {
+      detectedFields.push(usernameField);
+    }
+
+    const fullNameField = this.findInputField(wrapper as HTMLFormElement | null, CombinedFieldPatterns.fullName, ['text'], detectedFields);
+    if (fullNameField) {
+      detectedFields.push(fullNameField);
+    }
+
+    const firstNameField = this.findInputField(wrapper as HTMLFormElement | null, CombinedFieldPatterns.firstName, ['text'], detectedFields);
+    if (firstNameField) {
+      detectedFields.push(firstNameField);
+    }
+
+    const lastNameField = this.findInputField(wrapper as HTMLFormElement | null, CombinedFieldPatterns.lastName, ['text'], detectedFields);
+    if (lastNameField) {
+      detectedFields.push(lastNameField);
+    }
+
+    const birthdateField = this.findBirthdateFields(wrapper as HTMLFormElement | null, detectedFields);
+    if (birthdateField.single) {
+      detectedFields.push(birthdateField.single);
+    }
+    if (birthdateField.day) {
+      detectedFields.push(birthdateField.day);
+    }
+    if (birthdateField.month) {
+      detectedFields.push(birthdateField.month);
+    }
+    if (birthdateField.year) {
+      detectedFields.push(birthdateField.year);
+    }
+
+    const genderField = this.findGenderField(wrapper as HTMLFormElement | null, detectedFields);
+    if (genderField.field) {
+      detectedFields.push(genderField.field as HTMLInputElement);
+    }
+
+    return {
+      form: wrapper as HTMLFormElement,
+      emailField: emailFields.primary,
+      emailConfirmField: emailFields.confirm,
+      usernameField,
+      passwordField: passwordFields.primary,
+      passwordConfirmField: passwordFields.confirm,
+      fullNameField,
+      firstNameField,
+      lastNameField,
+      birthdateField,
+      genderField
+    };
+  }
+}

browser-extension/src/utils/formDetector/FormFiller.ts

@@ -0,0 +1,304 @@
+import { Credential } from "../types/Credential";
+import { FormFields } from "./types/FormFields";
+import { CombinedDateOptionPatterns, CombinedGenderOptionPatterns } from "./FieldPatterns";
+import { Gender } from "../generators/Identity/types/Gender";
+/**
+ * Class to fill the fields of a form with the given credential.
+ */
+export class FormFiller {
+  /**
+   * Constructor.
+   */
+  public constructor(
+    private readonly form: FormFields,
+    private readonly triggerInputEvents: (element: HTMLInputElement | HTMLSelectElement) => void
+  ) {}
+
+  /**
+   * Fill the fields of the form with the given credential.
+   * @param credential The credential to fill the form with.
+   */
+  public fillFields(credential: Credential): void {
+    this.fillBasicFields(credential);
+    this.fillBirthdateFields(credential);
+    this.fillGenderFields(credential);
+  }
+
+  /**
+   * Fill the basic fields of the form.
+   * @param credential The credential to fill the form with.
+   */
+  private fillBasicFields(credential: Credential): void {
+    if (this.form.usernameField) {
+      this.form.usernameField.value = credential.Username;
+      this.triggerInputEvents(this.form.usernameField);
+    }
+
+    if (this.form.passwordField) {
+      this.form.passwordField.value = credential.Password;
+      this.triggerInputEvents(this.form.passwordField);
+    }
+
+    if (this.form.passwordConfirmField) {
+      this.form.passwordConfirmField.value = credential.Password;
+      this.triggerInputEvents(this.form.passwordConfirmField);
+    }
+
+    if (this.form.emailField) {
+      this.form.emailField.value = credential.Email;
+      this.triggerInputEvents(this.form.emailField);
+    }
+
+    if (this.form.emailConfirmField) {
+      this.form.emailConfirmField.value = credential.Email;
+      this.triggerInputEvents(this.form.emailConfirmField);
+    }
+
+    if (this.form.fullNameField) {
+      this.form.fullNameField.value = `${credential.Alias.FirstName} ${credential.Alias.LastName}`;
+      this.triggerInputEvents(this.form.fullNameField);
+    }
+
+    if (this.form.firstNameField) {
+      this.form.firstNameField.value = credential.Alias.FirstName;
+      this.triggerInputEvents(this.form.firstNameField);
+    }
+
+    if (this.form.lastNameField) {
+      this.form.lastNameField.value = credential.Alias.LastName;
+      this.triggerInputEvents(this.form.lastNameField);
+    }
+  }
+
+  /**
+   * Fill the birthdate fields of the form.
+   * @param credential The credential to fill the form with.
+   */
+  private fillBirthdateFields(credential: Credential): void {
+    if (!credential.Alias.BirthDate) {
+      return;
+    }
+
+    const birthDate = new Date(credential.Alias.BirthDate);
+
+    if (this.form.birthdateField.single) {
+      this.fillSingleBirthdateField(birthDate);
+    } else {
+      this.fillSeparateBirthdateFields(birthDate);
+    }
+  }
+
+  /**
+   * Fill the single birthdate field.
+   * @param birthDate The birthdate to fill the form with.
+   */
+  private fillSingleBirthdateField(birthDate: Date): void {
+    const day = birthDate.getDate().toString().padStart(2, '0');
+    const month = (birthDate.getMonth() + 1).toString().padStart(2, '0');
+    const year = birthDate.getFullYear().toString();
+
+    const formattedDate = this.formatDateString(day, month, year);
+    this.form.birthdateField.single!.value = formattedDate;
+    this.triggerInputEvents(this.form.birthdateField.single!);
+  }
+
+  /**
+   * Format the date string based on the format of the birthdate field.
+   * @param day The day of the birthdate.
+   * @param month The month of the birthdate.
+   * @param year The year of the birthdate.
+   * @returns The formatted date string.
+   */
+  private formatDateString(day: string, month: string, year: string): string {
+    switch (this.form.birthdateField.format) {
+      case 'dd/mm/yyyy': return `${day}/${month}/${year}`;
+      case 'mm/dd/yyyy': return `${month}/${day}/${year}`;
+      case 'dd-mm-yyyy': return `${day}-${month}-${year}`;
+      case 'mm-dd-yyyy': return `${month}-${day}-${year}`;
+      case 'yyyy-mm-dd':
+      default: return `${year}-${month}-${day}`;
+    }
+  }
+
+  /**
+   * Fill the separate birthdate fields.
+   * @param birthDate The birthdate to fill the form with.
+   */
+  private fillSeparateBirthdateFields(birthDate: Date): void {
+    this.fillDayField(birthDate);
+    this.fillMonthField(birthDate);
+    this.fillYearField(birthDate);
+  }
+
+  /**
+   * Fill the day field.
+   * @param birthDate The birthdate to fill the form with.
+   */
+  private fillDayField(birthDate: Date): void {
+    if (!this.form.birthdateField.day) {
+      return;
+    }
+
+    const dayElement = this.form.birthdateField.day as HTMLSelectElement | HTMLInputElement;
+    const dayValue = birthDate.getDate().toString().padStart(2, '0');
+
+    if ('options' in dayElement && dayElement.options) {
+      const dayOption = Array.from(dayElement.options).find(opt =>
+        opt.value === dayValue ||
+        opt.value === birthDate.getDate().toString() ||
+        opt.text === dayValue ||
+        opt.text === birthDate.getDate().toString()
+      );
+      if (dayOption) {
+        dayElement.value = dayOption.value;
+      }
+    } else {
+      dayElement.value = dayValue;
+    }
+    this.triggerInputEvents(dayElement);
+  }
+
+  /**
+   * Fill the month field.
+   * @param birthDate The birthdate to fill the form with.
+   */
+  private fillMonthField(birthDate: Date): void {
+    if (!this.form.birthdateField.month) {
+      return;
+    }
+
+    const monthElement = this.form.birthdateField.month as HTMLSelectElement | HTMLInputElement;
+    const monthValue = (birthDate.getMonth() + 1).toString().padStart(2, '0');
+
+    if ('options' in monthElement && monthElement.options) {
+      CombinedDateOptionPatterns.months.forEach(monthNames => {
+        const monthOption = Array.from(monthElement.options).find(opt =>
+          opt.value === monthValue ||
+          opt.value === (birthDate.getMonth() + 1).toString() ||
+          opt.text === monthValue ||
+          opt.text === (birthDate.getMonth() + 1).toString() ||
+          opt.text.toLowerCase() === monthNames[birthDate.getMonth()].toLowerCase() ||
+          opt.text.toLowerCase() === monthNames[birthDate.getMonth()].substring(0, 3).toLowerCase()
+        );
+        if (monthOption) {
+          monthElement.value = monthOption.value;
+        }
+      });
+    } else {
+      monthElement.value = monthValue;
+    }
+    this.triggerInputEvents(monthElement);
+  }
+
+  /**
+   * Fill the year field.
+   * @param birthDate The birthdate to fill the form with.
+   */
+  private fillYearField(birthDate: Date): void {
+    if (!this.form.birthdateField.year) {
+      return;
+    }
+
+    const yearElement = this.form.birthdateField.year as HTMLSelectElement | HTMLInputElement;
+    const yearValue = birthDate.getFullYear().toString();
+
+    if ('options' in yearElement && yearElement.options) {
+      const yearOption = Array.from(yearElement.options).find(opt =>
+        opt.value === yearValue ||
+        opt.text === yearValue
+      );
+      if (yearOption) {
+        yearElement.value = yearOption.value;
+      }
+    } else {
+      yearElement.value = yearValue;
+    }
+    this.triggerInputEvents(yearElement);
+  }
+
+  /**
+   * Fill the gender fields of the form.
+   * @param credential The credential to fill the form with.
+   */
+  private fillGenderFields(credential: Credential): void {
+    switch (this.form.genderField.type) {
+      case 'select':
+        this.fillGenderSelect(credential.Alias.Gender);
+        break;
+      case 'radio':
+        this.fillGenderRadio(credential.Alias.Gender);
+        break;
+      case 'text':
+        this.fillGenderText(credential.Alias.Gender);
+        break;
+    }
+  }
+
+  /**
+   * Fill the gender select field.
+   * @param gender The gender to fill the form with.
+   */
+  private fillGenderSelect(gender: Gender | undefined): void {
+    if (!this.form.genderField.field || !gender) {
+      return;
+    }
+
+    const selectElement = this.form.genderField.field as HTMLSelectElement;
+    const options = Array.from(selectElement.options);
+    const genderValues = gender === Gender.Male
+      ? CombinedGenderOptionPatterns.male
+      : CombinedGenderOptionPatterns.female;
+
+    const genderOption = options.find(opt =>
+      genderValues.includes(opt.value.toLowerCase()) ||
+      genderValues.includes(opt.text.toLowerCase())
+    );
+
+    if (genderOption) {
+      selectElement.value = genderOption.value;
+      this.triggerInputEvents(selectElement);
+    }
+  }
+
+  /**
+   * Fill the gender radio fields.
+   * @param gender The gender to fill the form with.
+   */
+  private fillGenderRadio(gender: Gender | undefined): void {
+    const radioButtons = this.form.genderField.radioButtons;
+    if (!radioButtons || !gender) {
+      return;
+    }
+
+    let selectedRadio: HTMLInputElement | null = null;
+
+    if (gender === Gender.Male && radioButtons.male) {
+      radioButtons.male.checked = true;
+      selectedRadio = radioButtons.male;
+    } else if (gender === Gender.Female && radioButtons.female) {
+      radioButtons.female.checked = true;
+      selectedRadio = radioButtons.female;
+    } else if (gender === Gender.Other && radioButtons.other) {
+      radioButtons.other.checked = true;
+      selectedRadio = radioButtons.other;
+    }
+
+    if (selectedRadio) {
+      this.triggerInputEvents(selectedRadio);
+    }
+  }
+
+  /**
+   * Fill the gender text field.
+   * @param gender The gender to fill the form with.
+   */
+  private fillGenderText(gender: Gender | undefined): void {
+    if (!this.form.genderField.field || !gender) {
+      return;
+    }
+
+    const inputElement = this.form.genderField.field as HTMLInputElement;
+    inputElement.value = gender;
+    this.triggerInputEvents(inputElement);
+  }
+}

browser-extension/src/utils/formDetector/__tests__/FormDetector.en.test.ts

@@ -0,0 +1,74 @@
+import { describe, expect, it } from 'vitest';
+import { FormField, testField } from './TestUtils';
+
+describe('FormDetector English tests', () => {
+  it('contains tests for English form field detection', () => {
+    /**
+     * This test suite uses testField() and testBirthdateFormat() helper functions
+     * to test form field detection for multiple English registration forms.
+     * The actual test implementations are in the helper functions.
+     * This test is just to ensure the test suite is working and to satisfy the linter.
+     */
+    expect(true).toBe(true);
+  });
+
+  describe('English registration form 1 detection', () => {
+    const htmlFile = 'en-registration-form1.html';
+
+    testField(FormField.Email, 'login', htmlFile);
+    testField(FormField.Password, 'password', htmlFile);
+  });
+
+  describe('English registration form 2 detection', () => {
+    const htmlFile = 'en-registration-form2.html';
+
+    testField(FormField.Email, 'signup-email-input', htmlFile);
+    testField(FormField.FirstName, 'signup-name-input', htmlFile);
+  });
+
+  describe('English registration form 3 detection', () => {
+    const htmlFile = 'en-registration-form3.html';
+
+    testField(FormField.Email, 'email', htmlFile);
+    testField(FormField.EmailConfirm, 'reenter_email', htmlFile);
+  });
+
+  describe('English registration form 4 detection', () => {
+    const htmlFile = 'en-registration-form4.html';
+
+    testField(FormField.Email, 'fbclc_userName', htmlFile);
+    testField(FormField.EmailConfirm, 'fbclc_emailConf', htmlFile);
+    testField(FormField.Password, 'fbclc_pwd', htmlFile);
+    testField(FormField.PasswordConfirm, 'fbclc_pwdConf', htmlFile);
+    testField(FormField.FirstName, 'fbclc_fName', htmlFile);
+    testField(FormField.LastName, 'fbclc_lName', htmlFile);
+  });
+
+  describe('English registration form 5 detection', () => {
+    const htmlFile = 'en-registration-form5.html';
+
+    testField(FormField.Username, 'aliasvault-input-7owmnahd9', htmlFile);
+    testField(FormField.Password, 'aliasvault-input-ienw3qgxv', htmlFile);
+  });
+
+  describe('English registration form 6 detection', () => {
+    const htmlFile = 'en-registration-form6.html';
+
+    testField(FormField.FirstName, 'id_first_name', htmlFile);
+    testField(FormField.LastName, 'id_last_name', htmlFile);
+  });
+
+  describe('English registration form 7 detection', () => {
+    const htmlFile = 'en-registration-form7.html';
+
+    testField(FormField.FullName, 'form-group--2', htmlFile);
+    testField(FormField.Email, 'form-group--4', htmlFile);
+  });
+
+  describe('English email form 1 detection', () => {
+    const htmlFile = 'en-email-form1.html';
+
+    // Assert that this test fails, because the autocomplete=off for the specified element.
+    testField(FormField.Email, 'P0-0', htmlFile);
+  });
+});

browser-extension/src/utils/formDetector/__tests__/FormDetector.generic.test.ts

@@ -0,0 +1,44 @@
+import { describe, it, expect } from 'vitest';
+import { createTestDom } from './TestUtils';
+import { FormDetector } from '../FormDetector';
+
+describe('FormDetector generic tests', () => {
+  describe('Invalid form not detected as login form 1', () => {
+    const htmlFile = 'invalid-form1.html';
+
+    it('should not detect any forms', () => {
+      const dom = createTestDom(htmlFile);
+      const document = dom.window.document;
+      const formDetector = new FormDetector(document);
+      const form = formDetector.containsLoginForm();
+      expect(form).toBe(false);
+    });
+  });
+
+  describe('Invalid form not detected as login form 2', () => {
+    const htmlFile = 'invalid-form2.html';
+
+    it('should not detect any forms even when clicking search input', () => {
+      const dom = createTestDom(htmlFile);
+      const document = dom.window.document;
+
+      // Pass the search input as the clicked element to test if it's still not detected as a login form.
+      const searchInput = document.getElementById('js-issues-search');
+      const formDetector = new FormDetector(document, searchInput as HTMLElement);
+      const form = formDetector.containsLoginForm();
+      expect(form).toBe(false);
+    });
+  });
+
+  describe('Form with autocomplete="off" not detected', () => {
+    const htmlFile = 'autocomplete-off.html';
+
+    it('should not detect form with autocomplete="off" on email field', () => {
+      const dom = createTestDom(htmlFile);
+      const document = dom.window.document;
+      const formDetector = new FormDetector(document);
+      const form = formDetector.containsLoginForm();
+      expect(form).toBe(false);
+    });
+  });
+});

browser-extension/src/utils/formDetector/__tests__/FormDetector.nl.test.ts

@@ -0,0 +1,108 @@
+import { describe, it, expect } from 'vitest';
+import { FormField, testField, testBirthdateFormat } from './TestUtils';
+
+describe('FormDetector Dutch tests', () => {
+  it('contains tests for Dutch form field detection', () => {
+    /**
+     * This test suite uses testField() and testBirthdateFormat() helper functions
+     * to test form field detection for multiple Dutch registration forms.
+     * The actual test implementations are in the helper functions.
+     * This test is just to ensure the test suite is working and to satisfy the linter.
+     */
+    expect(true).toBe(true);
+  });
+
+  describe('Dutch registration form detection', () => {
+    const htmlFile = 'nl-registration-form1.html';
+
+    testField(FormField.LastName, 'cpContent_txtAchternaam', htmlFile);
+    testField(FormField.Email, 'cpContent_txtEmail', htmlFile);
+    testField(FormField.Password, 'cpContent_txtWachtwoord', htmlFile);
+    testField(FormField.PasswordConfirm, 'cpContent_txtWachtwoord2', htmlFile);
+  });
+
+  describe('Dutch registration form 2 detection', () => {
+    const htmlFile = 'nl-registration-form2.html';
+
+    testField(FormField.Username, 'register-username', htmlFile);
+    testField(FormField.Email, 'register-email', htmlFile);
+    testField(FormField.Password, 'register-password', htmlFile);
+
+    testField(FormField.BirthDay, 'register-day', htmlFile);
+    testField(FormField.BirthMonth, 'register-month', htmlFile);
+    testField(FormField.BirthYear, 'register-year', htmlFile);
+
+    testField(FormField.GenderMale, 'man', htmlFile);
+    testField(FormField.GenderFemale, 'vrouw', htmlFile);
+    testField(FormField.GenderOther, 'iets', htmlFile);
+  });
+
+  describe('Dutch registration form 3 detection', () => {
+    const htmlFile = 'nl-registration-form3.html';
+
+    testField(FormField.FirstName, 'firstName', htmlFile);
+    testField(FormField.LastName, 'lastName', htmlFile);
+    testField(FormField.Password, 'password', htmlFile);
+
+    testField(FormField.BirthDate, 'date', htmlFile);
+    testBirthdateFormat('dd-mm-yyyy', htmlFile, 'date');
+    testField(FormField.GenderMale, 'gender1', htmlFile);
+    testField(FormField.GenderFemale, 'gender2', htmlFile);
+    testField(FormField.GenderOther, 'gender3', htmlFile);
+  });
+
+  describe('Dutch registration form 4 detection', () => {
+    const htmlFile = 'nl-registration-form4.html';
+
+    testField(FormField.Email, 'EmailAddress', htmlFile);
+  });
+
+  describe('Dutch registration form 5 detection', () => {
+    const htmlFile = 'nl-registration-form5.html';
+
+    testField(FormField.Email, 'input_25_5', htmlFile);
+    testField(FormField.Gender, 'input_25_13', htmlFile);
+    testField(FormField.FirstName, 'input_25_14', htmlFile);
+    testField(FormField.LastName, 'input_25_15', htmlFile);
+    testField(FormField.BirthDate, 'input_25_10', htmlFile);
+    testBirthdateFormat('dd/mm/yyyy', htmlFile, 'input_25_10');
+  });
+
+  describe('Dutch registration form 6 detection', () => {
+    const htmlFile = 'nl-registration-form6.html';
+
+    testField(FormField.Email, 'field18478', htmlFile);
+    testField(FormField.FirstName, 'field18479', htmlFile);
+    testField(FormField.LastName, 'field18486', htmlFile);
+  });
+
+  describe('Dutch registration form 7 detection', () => {
+    const htmlFile = 'nl-registration-form7.html';
+
+    testField(FormField.Email, 'Form_EmailAddress', htmlFile);
+    testField(FormField.FirstName, 'Form_Firstname', htmlFile);
+    testField(FormField.LastName, 'Form_Lastname', htmlFile);
+    testField(FormField.Password, 'Form_Password', htmlFile);
+    testField(FormField.PasswordConfirm, 'Form_RepeatPassword', htmlFile);
+    testField(FormField.BirthDay, 'Form.Birthdate_d', htmlFile);
+    testField(FormField.BirthMonth, 'Form.Birthdate_m', htmlFile);
+    testField(FormField.BirthYear, 'Form.Birthdate_y', htmlFile);
+  });
+
+  describe('Dutch registration form 8 detection', () => {
+    const htmlFile = 'nl-registration-form8.html';
+
+    testField(FormField.FirstName, 'aliasvault-input-name', htmlFile);
+    testField(FormField.Email, 'aliasvault-input-email', htmlFile);
+    testField(FormField.LastName, 'aliasvault-input-lastname', htmlFile);
+  });
+
+  describe('Dutch registration form 9 detection', () => {
+    const htmlFile = 'nl-registration-form9.html';
+
+    testField(FormField.Username, 'user_username', htmlFile);
+    testField(FormField.Email, 'user_email_address', htmlFile);
+    testField(FormField.Password, 'user_password', htmlFile);
+    testField(FormField.PasswordConfirm, 'user_password_confirmation', htmlFile);
+  });
+});

browser-extension/src/utils/formDetector/__tests__/FormFiller.en.test.ts

@@ -0,0 +1,62 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { FormFiller } from '../FormFiller';
+import { JSDOM } from 'jsdom';
+import { setupTestDOM, createMockFormFields, createMockCredential, wasTriggerCalledFor, createDateSelects } from './TestUtils';
+import { FormFields } from '../types/FormFields';
+import { Credential } from '../../types/Credential';
+
+const { window } = new JSDOM('<!DOCTYPE html>');
+global.HTMLSelectElement = window.HTMLSelectElement;
+global.HTMLInputElement = window.HTMLInputElement;
+
+describe('FormFiller English', () => {
+  let mockTriggerInputEvents: ReturnType<typeof vi.fn>;
+  let formFields: FormFields;
+  let formFiller: FormFiller;
+  let mockCredential: Credential;
+  let document: Document;
+
+  beforeEach(() => {
+    const { document: doc } = setupTestDOM();
+    document = doc;
+    mockTriggerInputEvents = vi.fn();
+    formFields = createMockFormFields(document);
+    mockCredential = createMockCredential();
+    formFiller = new FormFiller(formFields, mockTriggerInputEvents);
+  });
+
+  describe('fillBirthdateFields with English month names', () => {
+    it('should fill separate fields with English month names', () => {
+      const { daySelect, monthSelect, yearSelect } = createDateSelects(document);
+
+      // Add month options with English month names
+      const months = [
+        'January', 'February', 'March', 'April', 'May', 'June',
+        'July', 'August', 'September', 'October', 'November', 'December'
+      ];
+      months.forEach((month, _) => {
+        const option = document.createElement('option');
+        option.value = month;
+        option.text = month;
+        monthSelect.appendChild(option);
+      });
+
+      formFields.birthdateField = {
+        single: null,
+        format: 'dd/mm/yyyy',
+        day: daySelect as unknown as HTMLInputElement,
+        month: monthSelect as unknown as HTMLInputElement,
+        year: yearSelect as unknown as HTMLInputElement
+      };
+
+      formFiller.fillFields(mockCredential);
+
+      expect(daySelect.value).toBe('03');
+      expect(monthSelect.value).toBe('February');
+      expect(yearSelect.value).toBe('1991');
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, daySelect)).toBe(true);
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, monthSelect)).toBe(true);
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, yearSelect)).toBe(true);
+    });
+  });
+});

browser-extension/src/utils/formDetector/__tests__/FormFiller.generic.test.ts

@@ -0,0 +1,182 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { FormFiller } from '../FormFiller';
+import { JSDOM } from 'jsdom';
+import { setupTestDOM, createMockFormFields, createMockCredential, wasTriggerCalledFor, createDateSelects } from './TestUtils';
+import { FormFields } from '../types/FormFields';
+import { Credential } from '../../types/Credential';
+
+const { window } = new JSDOM('<!DOCTYPE html>');
+global.HTMLSelectElement = window.HTMLSelectElement;
+global.HTMLInputElement = window.HTMLInputElement;
+
+describe('FormFiller', () => {
+  let mockTriggerInputEvents: ReturnType<typeof vi.fn>;
+  let formFields: FormFields;
+  let formFiller: FormFiller;
+  let mockCredential: Credential;
+  let document: Document;
+
+  beforeEach(() => {
+    const { document: doc } = setupTestDOM();
+    document = doc;
+    mockTriggerInputEvents = vi.fn();
+    formFields = createMockFormFields(document);
+    mockCredential = createMockCredential();
+    formFiller = new FormFiller(formFields, mockTriggerInputEvents);
+  });
+
+  describe('fillBasicFields', () => {
+    it('should fill username', () => {
+      formFiller.fillFields(mockCredential);
+
+      expect(formFields.usernameField?.value).toBe('testuser');
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, formFields.usernameField)).toBe(true);
+    });
+
+    it('should fill email and confirmation fields', () => {
+      formFields.emailConfirmField = document.createElement('input');
+
+      formFiller.fillFields(mockCredential);
+
+      expect(formFields.emailField?.value).toBe('test@example.com');
+      expect(formFields.emailConfirmField?.value).toBe('test@example.com');
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, formFields.emailField)).toBe(true);
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, formFields.emailConfirmField)).toBe(true);
+    });
+
+    it('should fill password and confirmation fields', () => {
+      formFields.passwordConfirmField = document.createElement('input');
+
+      formFiller.fillFields(mockCredential);
+
+      expect(formFields.passwordField?.value).toBe('testpass');
+      expect(formFields.passwordConfirmField?.value).toBe('testpass');
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, formFields.passwordField)).toBe(true);
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, formFields.passwordConfirmField)).toBe(true);
+    });
+
+    it('should fill name fields correctly', () => {
+      formFiller.fillFields(mockCredential);
+
+      expect(formFields.fullNameField?.value).toBe('John Doe');
+      expect(formFields.firstNameField?.value).toBe('John');
+      expect(formFields.lastNameField?.value).toBe('Doe');
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, formFields.fullNameField)).toBe(true);
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, formFields.firstNameField)).toBe(true);
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, formFields.lastNameField)).toBe(true);
+    });
+  });
+
+  describe('fillBirthdateFields', () => {
+    it('should fill single birthdate field with correct format', () => {
+      formFiller.fillFields(mockCredential);
+
+      expect(formFields.birthdateField.single?.value).toBe('1991-02-03');
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, formFields.birthdateField.single)).toBe(true);
+    });
+
+    it('should handle different date formats (mm/dd/yyyy)', () => {
+      formFields.birthdateField.format = 'mm/dd/yyyy';
+      formFiller.fillFields(mockCredential);
+      expect(formFields.birthdateField.single?.value).toBe('02/03/1991');
+    });
+
+    it('should handle different date formats (dd/mm/yyyy)', () => {
+      formFields.birthdateField.format = 'dd/mm/yyyy';
+      formFiller.fillFields(mockCredential);
+      expect(formFields.birthdateField.single?.value).toBe('03/02/1991');
+    });
+
+    it('should handle different date formats (dd-mm-yyyy)', () => {
+      formFields.birthdateField.format = 'dd-mm-yyyy';
+      formFiller.fillFields(mockCredential);
+      expect(formFields.birthdateField.single?.value).toBe('03-02-1991');
+    });
+
+    it('should handle different date formats (mm-dd-yyyy)', () => {
+      formFields.birthdateField.format = 'mm-dd-yyyy';
+      formFiller.fillFields(mockCredential);
+      expect(formFields.birthdateField.single?.value).toBe('02-03-1991');
+    });
+
+    it('should fill separate day/month/year select fields', () => {
+      const { daySelect, monthSelect, yearSelect } = createDateSelects(document);
+
+      // Add month options (1-12)
+      for (let i = 1; i <= 12; i++) {
+        const option = document.createElement('option');
+        const value = i.toString().padStart(2, '0');
+        option.value = value;
+        option.text = value;
+        monthSelect.appendChild(option);
+      }
+
+      formFields.birthdateField = {
+        single: null,
+        format: 'dd/mm/yyyy',
+        day: daySelect as unknown as HTMLInputElement,
+        month: monthSelect as unknown as HTMLInputElement,
+        year: yearSelect as unknown as HTMLInputElement
+      };
+
+      formFiller.fillFields(mockCredential);
+
+      expect(daySelect.value).toBe('03');
+      expect(monthSelect.value).toBe('02');
+      expect(yearSelect.value).toBe('1991');
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, daySelect)).toBe(true);
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, monthSelect)).toBe(true);
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, yearSelect)).toBe(true);
+    });
+  });
+
+  describe('fillGenderFields', () => {
+    it('should fill gender select field', () => {
+      const selectElement = document.createElement('select');
+
+      // Add options using createElement
+      const maleOption = document.createElement('option');
+      maleOption.value = 'm';
+      maleOption.text = 'Male';
+      selectElement.add(maleOption);
+
+      const femaleOption = document.createElement('option');
+      femaleOption.value = 'f';
+      femaleOption.text = 'Female';
+      selectElement.add(femaleOption);
+
+      formFields.genderField = {
+        type: 'select',
+        field: selectElement
+      };
+
+      formFiller.fillFields(mockCredential);
+
+      expect(selectElement.value).toBe('m');
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, selectElement)).toBe(true);
+    });
+
+    it('should handle radio button gender fields', () => {
+      const maleRadio = document.createElement('input');
+      maleRadio.type = 'radio';
+      const femaleRadio = document.createElement('input');
+      femaleRadio.type = 'radio';
+
+      formFields.genderField = {
+        type: 'radio',
+        field: null,
+        radioButtons: {
+          male: maleRadio,
+          female: femaleRadio,
+          other: null
+        }
+      };
+
+      formFiller.fillFields(mockCredential);
+
+      expect(maleRadio.checked).toBe(true);
+      expect(femaleRadio.checked).toBe(false);
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, maleRadio)).toBe(true);
+    });
+  });
+});

browser-extension/src/utils/formDetector/__tests__/FormFiller.nl.test.ts

@@ -0,0 +1,62 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { FormFiller } from '../FormFiller';
+import { JSDOM } from 'jsdom';
+import { setupTestDOM, createMockFormFields, createMockCredential, wasTriggerCalledFor, createDateSelects } from './TestUtils';
+import { FormFields } from '../types/FormFields';
+import { Credential } from '../../types/Credential';
+
+const { window } = new JSDOM('<!DOCTYPE html>');
+global.HTMLSelectElement = window.HTMLSelectElement;
+global.HTMLInputElement = window.HTMLInputElement;
+
+describe('FormFiller Dutch', () => {
+  let mockTriggerInputEvents: ReturnType<typeof vi.fn>;
+  let formFields: FormFields;
+  let formFiller: FormFiller;
+  let mockCredential: Credential;
+  let document: Document;
+
+  beforeEach(() => {
+    const { document: doc } = setupTestDOM();
+    document = doc;
+    mockTriggerInputEvents = vi.fn();
+    formFields = createMockFormFields(document);
+    mockCredential = createMockCredential();
+    formFiller = new FormFiller(formFields, mockTriggerInputEvents);
+  });
+
+  describe('fillBirthdateFields with Dutch month names', () => {
+    it('should fill separate fields with Dutch month names', () => {
+      const { daySelect, monthSelect, yearSelect } = createDateSelects(document);
+
+      // Add month options with Dutch month names
+      const months = [
+        'Januari', 'Februari', 'Maart', 'April', 'Mei', 'Juni',
+        'Juli', 'Augustus', 'September', 'Oktober', 'November', 'December'
+      ];
+      months.forEach((month, _) => {
+        const option = document.createElement('option');
+        option.value = month;
+        option.text = month;
+        monthSelect.appendChild(option);
+      });
+
+      formFields.birthdateField = {
+        single: null,
+        format: 'dd/mm/yyyy',
+        day: daySelect as unknown as HTMLInputElement,
+        month: monthSelect as unknown as HTMLInputElement,
+        year: yearSelect as unknown as HTMLInputElement
+      };
+
+      formFiller.fillFields(mockCredential);
+
+      expect(daySelect.value).toBe('03');
+      expect(monthSelect.value).toBe('Februari');
+      expect(yearSelect.value).toBe('1991');
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, daySelect)).toBe(true);
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, monthSelect)).toBe(true);
+      expect(wasTriggerCalledFor(mockTriggerInputEvents, yearSelect)).toBe(true);
+    });
+  });
+});