feat: Add postbuild cleanup and web-ext lint validation

- Add scripts/postbuild-cleanup.cjs to remove unsafe Function patterns
- Add lint:extension script for web-ext validation
- Fix manifest_firefox.json strict_min_version to 112.0
- Reduces web-ext warnings from 14 to 10

package.json

@@ -25,8 +25,8 @@
   "scripts": {
     "build": "yarn build:chrome && yarn build:ff",
     "build:before": "yarn build:i18n",
-    "build:chrome": "cp ./packages/extension/manifest_chrome.json ./packages/extension/manifest.json && pezkuwi-dev-build-ts && yarn build:zip:chrome && yarn build:rollup",
-    "build:ff": "cp ./packages/extension/manifest_firefox.json ./packages/extension/manifest.json && pezkuwi-dev-build-ts && yarn build:zip:ff && yarn build:rollup",
+    "build:chrome": "cp ./packages/extension/manifest_chrome.json ./packages/extension/manifest.json && pezkuwi-dev-build-ts && node scripts/postbuild-cleanup.cjs && yarn build:zip:chrome && yarn build:rollup",
+    "build:ff": "cp ./packages/extension/manifest_firefox.json ./packages/extension/manifest.json && pezkuwi-dev-build-ts && node scripts/postbuild-cleanup.cjs && yarn build:zip:ff && yarn build:rollup",
     "build:i18n": "i18next-scanner --config i18next-scanner.config.cjs",
     "build:release": "pezkuwi-ci-ghact-build",
     "build:rollup": "pezkuwi-exec-rollup --config",
@@ -40,6 +40,7 @@
     "clean": "pezkuwi-dev-clean-build",
     "diff": "rm -rf ff-diff && sh ./scripts/diff.sh",
     "lint": "pezkuwi-dev-run-lint",
+    "lint:extension": "npx web-ext lint --source-dir ./packages/extension/build",
     "pezkuwi-exec-webpack": "pezkuwi-exec-webpack",
     "postinstall": "echo ok",
     "test": "EXTENSION_PREFIX='test' pezkuwi-dev-run-test --loader ./packages/extension-mocks/src/loader-empty.js --env browser ^:.spec.tsx",

packages/extension/manifest_firefox.json

@@ -17,7 +17,7 @@
   "browser_specific_settings": {
     "gecko": {
       "id": "{7cee9c4f-5fc7-4165-b4f8-f18e79fe9264}",
-      "strict_min_version": "109.0",
+      "strict_min_version": "112.0",
       "data_collection_permissions": {
         "required": ["none"]
       }

scripts/postbuild-cleanup.cjs

@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+// Post-build cleanup script to remove unsafe patterns flagged by web-ext lint
+// This runs after webpack build to sanitize the output
+
+const fs = require('fs');
+const path = require('path');
+
+const BUILD_DIR = path.join(__dirname, '../packages/extension/build');
+
+const replacements = [
+  // Replace Function("return this")() with globalThis
+  {
+    search: /Function\s*\(\s*["']return this["']\s*\)\s*\(\s*\)/g,
+    replace: 'globalThis'
+  },
+  // Replace Function("return this") (without call) with a function returning globalThis
+  {
+    search: /Function\s*\(\s*["']return this["']\s*\)/g,
+    replace: '(function(){return globalThis})'
+  }
+];
+
+const jsFiles = fs.readdirSync(BUILD_DIR).filter(f => f.endsWith('.js'));
+
+let totalReplacements = 0;
+
+jsFiles.forEach(file => {
+  const filePath = path.join(BUILD_DIR, file);
+  let content = fs.readFileSync(filePath, 'utf8');
+  let fileReplacements = 0;
+
+  replacements.forEach(({ search, replace }) => {
+    const matches = content.match(search);
+    if (matches) {
+      fileReplacements += matches.length;
+      content = content.replace(search, replace);
+    }
+  });
+
+  if (fileReplacements > 0) {
+    fs.writeFileSync(filePath, content);
+    console.log(`  ${file}: ${fileReplacements} replacement(s)`);
+    totalReplacements += fileReplacements;
+  }
+});
+
+if (totalReplacements > 0) {
+  console.log(`\n✓ Cleaned ${totalReplacements} unsafe Function patterns`);
+} else {
+  console.log('✓ No unsafe Function patterns found');
+}