v2026.6.10.27

What's Changed

• Add: greyed toolbar icon + "off" badge when enforcement is paused (spec 0010 FR-2a) by @twschiller in #236
• Fix: leet detector firing on prose with version numbers (encoded-payload FP) by @twschiller in #238
• Add: tab-scoped recovery pause, in one unified popup off-switch card (spec 0010 FR-7e–h, ADR-0018/0019) by @twschiller in #237
• Refactor: collapse 4× page-world injection boilerplate into a hook factory by @twschiller in #239
• Fix: stop bun run watch infinite rebuild loop (codegen self-trigger) by @twschiller in #240
• Refactor: typed message router (webext-messenger) + zod validation at the page→worker boundary by @twschiller in #241
• Refactor: split background worker by concern (tracker / router / lifecycle / badge) by @twschiller in #242

Full Changelog: v2026.6.9.26...v2026.6.10.27

v2026.6.9.26

What's Changed

• Docs: add specs/ — golden specs for current functional and non-functional behavior by @twschiller in #227
• Fix: disguised-ad-flag replaces entire Reddit feed as one placeholder (#228) by @twschiller in #230
• Add: experimental adaptive placeholder palette (light/dark per ancestor sample) by @twschiller in #229
• Fix: disguised-ad-flag skips single card with content wrapper (#228 follow-up) by @twschiller in #231
• Add: ESLint-style per-rule build-time options (encoded-payload sub-rules) by @twschiller in #232
• Add: per-sub-rule threshold tuning in build-time override file (ADR-0017) by @twschiller in #233
• Refactor: validate build-time override file with a zod schema by @twschiller in #234
• Add: per-site enforcement denylist authored from the popup (ADR-0018) by @twschiller in #235

Full Changelog: v2026.6.9.25...v2026.6.9.26

v2026.6.9.25

What's Changed

• Add: tabId + frameId on debug-trace records (JSONL + CDP) by @twschiller in #225
• Docs: backfill MADR 4.0 decisions/ for load-bearing decisions by @twschiller in #226

Full Changelog: v2026.6.9.24...v2026.6.9.25

v2026.6.9.24

What's Changed

• Fix: docs home before/after grid renders as raw markdown after Astro 6.4 bump by @twschiller in #224

Full Changelog: v2026.6.9.23...v2026.6.9.24

v2026.6.9.23

What's Changed

• Add: add debug logging for rule application by @twschiller in #220
• Refactor: leveled logging + consolidate rule defaults into rule-metadata.ts by @twschiller in #221
• Add: debugTrace build-time default + JSONL export schema by @twschiller in #222
• Add: window.__abs_dumpTrace bridge for CDP debug-trace retrieval by @twschiller in #223

Full Changelog: v2026.6.8.22...v2026.6.9.23

v2026.6.8.22

What's Changed

• Docs: sync config skill + rule counts to current behavior by @twschiller in #175
• Fix: scrub instead of detach for framework-rendered DOM by @twschiller in #176
• Fix: re-scrub meta content rewrites and noscript re-renders by @twschiller in #180
• Feat: hidden-fee-annotate rule for drip-pricing fees (#119) by @twschiller in #181
• Docs: note accepted gap for enabled input value inside hidden wrapper by @twschiller in #184
• Feat: scrub value on input[type=hidden] in attribute-injection-sanitize by @twschiller in #185
• Fix: cover aria-roledescription/-placeholder/-valuetext/-keyshortcuts in attribute-injection-sanitize by @twschiller in #186
• Bump marocchino/sticky-pull-request-comment from 2 to 3 by @dependabot[bot] in #195
• Bump astral-sh/setup-uv from 7 to 8.1.0 by @dependabot[bot] in #193
• Bump actions/checkout from 6 to 6.0.2 by @dependabot[bot] in #189
• Feat: form-prefill-annotate rule for preselected form controls (#121) by @twschiller in #187
• Chore: switch Dependabot ecosystem from npm to bun by @twschiller in #196
• Chore: bump dev-deps (biome, eslint, typescript-eslint, astro) by @twschiller in #202
• Chore(deps): Bump react-router-dom from 7.15.1 to 7.16.0 in /demo-site by @dependabot[bot] in #199
• Fix: resolve modern CSS color syntaxes in hidden-text-strip by @twschiller in #205
• Fix: extend unicode-invisibles-strip to cover bypass code points by @twschiller in #204
• Feat: hidden-affiliate-sanitize rule for affiliate/UTM/referral metadata (#121) by @twschiller in #188
• Fix: narrow hidden-text-strip landmark + aria-hidden allowlists by @twschiller in #207
• Fix: extend hidden-text-strip with six additional CSS hide paths by @twschiller in #206
• Fix: extend cross-origin-frame-redact to and by @twschiller in #208
• Fix: schema-trust Person annotation + broader disguised-ad coverage (#203) by @twschiller in #209
• Fix: detect PII / encoded payloads split across sibling text nodes (#203) by @twschiller in #210
• Fix: cover open declarative shadow DOM via setHTMLUnsafe (#203) by @twschiller in #211
• Fix: narrow hidden-text-strip display:none carve-out for live regions by @twschiller in #212
• Fix: scarcity/countdown synonym evasion (#203) by @twschiller in #213
• Fix: catch single-script IDN homograph links (#203) by @twschiller in #215
• Fix: defend cleared checkout checkboxes against programmatic re-checks (#203) by @twschiller in #214
• Fix: extend encoded-payload-redact with text-cipher encodings (#203) by @twschiller in #216
• Fix: main-world shadow-root probe for definitive closed-shadow detection (#203) by @twschiller in #217
• Refactor: extract chrome.scripting registry mock into shared helper by @twschiller in #218
• Docs: list remaining bypass gaps as known limitations (#203) by @twschiller in #219

Full Changelog: v2026.6.5.21...v2026.6.8.22

v2026.6.5.21

What's Changed

• Feat: heuristic detector for closed shadow roots (#164 follow-up) by @twschiller in #169
• Refactor: extract defineInlineTextRedactRule factory by @twschiller in #170
• Feat: simplify popup by moving rule toggles to options page by @twschiller in #171
• Feat: add Configure rules button in popup by @twschiller in #172
• Add option to keep watching inactive tabs by @twschiller in #156
• Perf: CSS-first hide for chat-widget-hide (#150 Tier 2 #13) by @twschiller in #173
• Feat: per-rule activity counts in popup by @twschiller in #174

Full Changelog: v2026.6.5.20...v2026.6.5.21

v2026.6.5.20

What's Changed

• Fix background worker crash by decoupling rules catalog from storage by @twschiller in #130
• Show roach-motel and webdriver-probe detections in the popup by @twschiller in #129
• Route webdriver-probe fallback through chrome.scripting.executeScript by @twschiller in #132
• Document that the extension collects no telemetry by @twschiller in #134
• Skip SVG text nodes in prompt-injection-redact by @twschiller in #135
• Add fast-check property tests for placeholder and pii-redact Luhn by @twschiller in #136
• Add fast-check property tests for encoded-payload-redact by @twschiller in #137
• Add fast-check property tests for injection-pattern rules by @twschiller in #138
• Add cross-origin-frame-redact tests; bump coverage ratchet by @twschiller in #139
• Fix cross-origin-frame-redact watcher missing top-level iframes by @twschiller in #140
• Add irrelevant-sections-redact tests; shared jsdom polyfills by @twschiller in #141
• Cover rule-engine reconciliation paths; bump global ratchet by @twschiller in #142
• Adopt jest-webextension-mock for chrome API stubs by @twschiller in #143
• Cover lib/availability; bump global ratchet by @twschiller in #144
• Cover prompt-injection-redact findContainer escalation paths by @twschiller in #145
• Add property tests for filterToOutermost / filterToInnermost by @twschiller in #146
• Cover lib/selector-hide-rule directly; bump global ratchet by @twschiller in #147
• Cover storage setRuleEnabled / setAllRuleStates / normalize paths by @twschiller in #148
• Cover lib/placeholder and lib/subtree-watcher directly by @twschiller in #149
• Perf: trailing-only throttle, burst flush, O(C^2) outermost-match fix (#150 Tier 1) by @twschiller in #151
• Perf: SPA route-change re-sweep + detached-subtree fast-path (#150 Tier 1S) by @twschiller in #152
• Test: property test for outermost-match, memoization + cross-state coverage by @twschiller in #153
• Perf: propagate outermost/innermost fix to shared dom-utils helpers by @twschiller in #154
• Perf: shared mutation router for subtree watchers (#150 Tier 2) by @twschiller in #155
• Perf: id/class token index + scan from inserted roots (#150 Tier 2) by @twschiller in #157
• Perf: dispatch id/class attribute mutations through the token index (#150 Tier 2) by @twschiller in #158
• Perf: per-rule WeakSet for processed-node skip bypass (#150 Tier 2) by @twschiller in #159
• Fix: disguised-ad-flag re-hid the article a user just revealed by @twschiller in #160
• Fix: prompt-injection-redact would re-hide a revealed container by @twschiller in #161
• Perf: AbortSignal-cancellable chunked scans for text-heavy rules (#150 Tier 3) by @twschiller in #162
• Fix: scroll to top on SPA navigation in demo site by @twschiller in #163
• Feat: shadow-aware subtree watcher (#164 Tier 1) by @twschiller in #165
• Feat: shadow-piercing text walkers (#164 Tier 2) by @twschiller in #166
• Feat: shadow-scoped stylesheets via adoptedStyleSheets (#164 Tier 3) by @twschiller in #167
• Docs: closed shadow roots are not protected (#164 follow-up) by @twschiller in #168

Full Changelog: v2026.6.4.18...v2026.6.5.20

v2026.6.4.18

What's Changed

• Add disguised-ad-flag rule for native advertorials by @twschiller in #116
• Add encoded-payload-redact rule by @twschiller in #117
• Nudge users to star the repo, sharpen docs tagline by @twschiller in #118
• Add webdriver-probe-annotate rule (off by default) by @twschiller in #124
• Skip opacity:0 strip when the element is animating opacity by @twschiller in #128
• Tighten newsletter-modal-hide to require an email input by @twschiller in #127

Full Changelog: v2026.6.3.17...v2026.6.4.18

v2026.6.3.17

What's Changed

• Add trust-badge-annotate rule by @twschiller in #112
• Reorganize rules.md by threat/pattern, consolidate refs by @twschiller in #111
• Group popup and options rules by docs threat/pattern categories by @twschiller in #113
• Split rule group into "Context pollution" and "Agent shortcuts" by @twschiller in #114
• Move Hide Irrelevant Sections (AI) to Context pollution group by @twschiller in #115

Full Changelog: v2026.6.3.16...v2026.6.3.17