Skip to content

COMPLETED.md

Latest commit

 

History

History
251 lines (239 loc) · 105 KB

COMPLETED.md

File metadata and controls

251 lines (239 loc) · 105 KB

Completed Work

Status: consolidated docs index refreshed on 2026-06-04.

Items consolidated from legacy planning documents on 2026-06-03.

CHANGELOG.md remains the canonical shipped-release ledger. This file is a root-level navigator for completed planning work.

Current Shipped Baseline

  • v3.11.0 is the shipped baseline recorded in manifest.json and package.json.
  • main contains additional unreleased 2026-05-24 hardening/release commits, including release artifact reconciliation, CWS runbook and audit-gate alignment, Chrome userScripts diagnostics, Firefox AMO validation packaging, and permission/store-copy drift checks.
  • main also contains unreleased 2026-06-04 Firefox Phase 1 sideload-smoke validation, the web-ext@^10.3.0 audit fix, and regenerated browser support matrix evidence.
  • Active open work is tracked in ROADMAP.md (single source of truth) and the Firefox port ledger in FIREFOX-PORT.md.

Completed Research / Planning Closures

  • Shipped items are pruned from the open queue; completion history stays in CHANGELOG.md, ROADMAP.md, and the archived research-feature plans under docs/archive/.
  • RESEARCH_REPORT.md maps the research and planning files so future sessions can find the active queue without flattening historical evidence.

Shipped Features

Folded from the consolidated open-work queue (formerly TODO.md, now docs/archive/TODO.md). Each item was closed and verified per its source phase.

  • A-1 Delete or correct README "v2.0" deleted-module claims (AI Assistant, Performance Dashboard, Script Analytics, Onboarding Wizard, "AI-powered" Smart Recommendations, "Browser Sync", "10 Theme Presets") — Source: docs/archive/TODO.md Phase A; commit 090afa4
  • A-2 Add scripts/check-readme-claims.mjs CI gate (fails when README mentions a missing pages/dashboard-*.js or an absent sync provider) — Source: docs/archive/TODO.md Phase A; commit 090afa4
  • B-1 Install-page optional permission request for @grant GM_cookie / clipboard; receipt records optionalPermissions.cookiesSource: docs/archive/TODO.md Phase B; commit cc59980
  • B-2 Diagnostics support snapshot redaction preview (per-category default-off checkboxes) — Source: docs/archive/TODO.md Phase B; commit 38a6b8f
  • C-1 Global pending-update inbox queue UI (auto-update default "notify only"; bulk update safe categories only; diff/permissions/source/rollback per row) — Source: docs/archive/TODO.md Phase C; commit 672c28e
  • D-1 Resolve GM_head drift — added to TS wrapper-builder mirror — Source: docs/archive/TODO.md Phase D; commit 6a95dde
  • D-2 Validate @webRequest JSON shape in parser (malformed rejected → null, one regression test per shape) — Source: docs/archive/TODO.md Phase D; commit 6a95dde
  • D-3 Bake --pool=vmThreads into vitest.config.mjs as default — Source: docs/archive/TODO.md Phase D; commit 6a95dde
  • D-4 Pass through requireInteraction in GM_notification wrapper — Source: docs/archive/TODO.md Phase D; commit 6a95dde
  • D-5 Trash retention banner showing auto-purge date per row — Source: docs/archive/TODO.md Phase D; commit 22e91c2
  • D-6 Document pageFilterMode (whitelist / blacklist / deniedHosts) in README — Source: docs/archive/TODO.md Phase D; commit 6a95dde
  • E-1 Adopt chrome.userScripts.update() (Chrome 138+) with fallback for Chrome 130-137 (saveScript + toggle migrated) — Source: docs/archive/TODO.md Phase E; commit 4560ff9
  • E-2 Sync tombstone resurrection drill test (deleted script not resurrected on re-sync) — Source: docs/archive/TODO.md Phase E; commit f5bc152
  • E-3 Implement or remove README "Browser Sync" provider claim (folded into A-1; verified) — Source: docs/archive/TODO.md Phase E; commit b917de8
  • E-4 Generate gm-api.d.ts ambient declarations built into the CWS ZIP — Source: docs/archive/TODO.md Phase E; commit 4bf700e
  • E-5 Playwright E2E for install + update + restore + sync flows (4 specs) — Source: docs/archive/TODO.md Phase E; commit 793c585
  • E-6 ESM badge in dashboard script rows for @module 1, @inject-into module, and stored ESM bundle metadata — Source: docs/archive/TODO.md Phase E + PASS3 EI-5; commit feat: show ESM dashboard badges
  • E-7 Script subscriptions (URL -> JSON list) authored from TypeScript, fetched through InternalHostGuard/_fetchTextBounded, and queued as review-only pending installs — Source: docs/archive/TODO.md Phase E + PASS3 NF-6; commit feat: queue script subscriptions for review
  • E-8 navigator.storage.persist() requested once before meaningful script-data writes, with status recorded and writes left non-blocking — Source: docs/archive/TODO.md Phase E; commit feat: request persistent storage before script writes
  • F-1 TypeScript authoritative-source promotion complete for runtime artifacts: background.core.js is generated from src/background/core.ts; after the later Sigstore parser/verifier and sync-crypto promotions, the current promotion gate reports 26 promoted entries, 0 mirrored entries, and 0 intentionally divergent runtime files — Source: docs/archive/TODO.md Phase F; commit feat: promote background core runtime
  • F-2 Release trust pipeline status gate: rollback/trust/status command wiring, Firefox AMO lint/package evidence, and optional credentialed CWS API v2 fetchStatus checks now run through npm run release:store-statusSource: docs/archive/TODO.md Phase F; commit feat: add release store status gate
  • F-3 Local health diagnostics summarize runtime setup, storage pressure, pending update queues, callback-map pressure, and script health warnings for support snapshots without script source, script names, URLs, or external beacons — Source: docs/archive/TODO.md Phase F; commit feat: add local health diagnostics
  • F-4 Sigstore @require-provenance implementation: parser/storage, Sigstore bundle parser, message-signature verifier, Fulcio root/validity checks, install-dialog verified-author preview, dashboard/update review surfacing, fail-closed save/update enforcement for declared failures, and author guide — Source: docs/archive/TODO.md Phase F; commit feat: preview require provenance on install
  • F-5 Chrome MV3 module-mode service worker: manifest.json declares background.type: "module" for the single-file worker, Firefox keeps the event-page background shape, and Chromium-derived Edge packages preserve module mode — Source: docs/archive/TODO.md Phase F; commit feat: enable module service worker
  • G-1 Firefox offscreen feature flag: ScriptAnalyzer guards chrome.offscreen, keeps Chrome on the offscreen document path, and loads local Acorn/Diff inline on Firefox for AST analysis, ESM import parsing, and 3-way sync merge — Source: docs/archive/TODO.md Phase G; commit feat: gate offscreen analysis on firefox
  • G-2 Firefox side-panel feature flag: dashboard-firefox-compat.js no longer stubs unsupported chrome.sidePanel, keeping Firefox feature detects honest while preserving native Chromium side-panel support — Source: docs/archive/TODO.md Phase G; commit feat: gate side panel on firefox
  • G-3 Firefox Monaco fallback path: Firefox AMO builds remain Monaco-free, editor-sandbox.html reports missing bundles, and monaco-adapter.js immediately activates an editable textarea fallback with value/change/focus parity — Source: docs/archive/TODO.md Phase G; commit feat: add firefox monaco fallback
  • G-4 Firefox build + temporary sideload smoke: npm run smoke:firefox packages the Firefox build, installs it through geckodriver, opens dashboard/popup, verifies optional userScripts permission onboarding, saves/toggles a smoke script, and confirms it runs on a local target page — Source: docs/archive/TODO.md Phase G; commit feat: add firefox sideload smoke
  • 2026-06-04 web-ext audit fix: web-ext@^10.3.0 resolves to fixed tmp@0.2.6, restoring npm audit --audit-level=high --omit=optionalSource: ROADMAP.md 2026-06-03 deep research pass; commit feat: add firefox sideload smoke
  • 2026-06-04 generated support matrix refresh: README and cross-browser pipeline matrix blocks now show 2026-06-04 Firefox evidence with npm run firefox:package, npm run smoke:firefox, and 139 web-ext warnings — Source: ROADMAP.md documentation hygiene; commit feat: add firefox sideload smoke
  • G-5 Firefox Chrome-backup import round-trip: Firefox smoke imports Chrome-shaped ScriptVault JSON and ZIP fixtures, preserving safe script IDs, metadata, disabled state, GM storage values, createdAt, and updatedAt; ZIP exports now carry ScriptVault timestamp metadata — Source: docs/archive/TODO.md Phase G; commit feat: preserve firefox backup imports
  • G-5 Firefox storage quota, migration, and restart data-safety validation: Firefox smoke imports a 26-script quota fixture, checks storage usage, restarts Firefox with a persistent temporary profile, verifies trash persistence, and restores the deleted script; migration tests now prove v1.x -> v2.0 re-runs are idempotent — Source: FIREFOX-PORT.md Phase 2; commit test: cover firefox storage persistence
  • NF-1 GM_xmlhttpRequest internal-host / SSRF guard: GM_xhr now applies InternalHostGuard preflight and redirect-final-URL checks, blocks internal hosts by default, preserves explicit localhost development opt-in, and adds allowInternalXhr as an advanced global escape hatch — Source: docs/archive/RESEARCH_FEATURE_PLAN_PASS3.md NF-1; commit fix: guard gm xhr internal hosts
  • G-6 Firefox WebDAV-only sync baseline: Firefox smoke configures WebDAV sync against a local fixture, checks provider health and dry-run preview, uploads via syncNow, and keeps OAuth providers deferred because the Firefox package omits identitySource: docs/archive/TODO.md Phase G; commit test: cover firefox webdav sync
  • Firefox Phase 3 DNR, @require SRI, and Ed25519 parity validation: Firefox smoke adds/removes a dynamic DNR rule, verifies @require SRI at packaged-runtime registration with a pinned HTTPS dependency, exercises Ed25519 signing/verification/tamper rejection, and records failed dependency details through _failedRequireErrorsSource: FIREFOX-PORT.md Phase 3; commit test: cover firefox runtime parity
  • Firefox Phase 4 polish and compatibility UI validation: dashboard runtime metadata now labels Firefox/Chrome builds with browser version, Firefox provider selects hide unsupported OAuth/S3 entries behind the WebDAV-only v1 gate, and Firefox smoke/static tests cover provider hiding, popup width, dark/light theme tokens, command shortcuts, and action icon dimensions — Source: FIREFOX-PORT.md Phase 4; commit test: cover firefox polish parity
  • Firefox Phase 5 AMO source review and reviewer rationale prep: AMO-SOURCE-README.md now provides source-build instructions, source/dependency notes, AMO data-collection copy, permission rationale, Firefox v1 scope, and unlisted-first manual steps; store-copy:check gates that AMO review copy — Source: FIREFOX-PORT.md Phase 5; commit docs: add amo source review notes
  • Cycle 9 CWS remote-code compliance packet and package scan: docs/cws-remote-code-compliance.md maps user-installed scripts, @require, sandboxed editor, OAuth, script-search, and sync flows to CWS review buckets; npm run cws:remote-code:check scans source/package inputs and CI scans the built Chrome ZIP after packaging — Source: ROADMAP.md Cycle 9; commit feat: add cws remote-code compliance gate
  • CONTRIBUTING local-state guidance: CONTRIBUTING.md now covers setup, verification, release evidence, and generic local-only state hygiene; .factory/ is excluded from source archives through .gitattributes while staying ignored locally — Source: docs/archive/TODO.md I-1; commit docs: add contributor local-state guidance
  • README feature-claim checklist shipped-feature rows: the checklist contains ESM bundler, trust receipts, install-source badges, internal-host guard, sync cockpit, and dashboard virtualization rows, and tests/check-readme-claims.test.js now pins them — Source: docs/archive/TODO.md I-2; commit test: pin readme checklist shipped rows
  • Optional client-side cloud sync encryption: CloudSync and EasyCloud now read plaintext v1 or encrypted v2 envelopes, upload sanitized v2 AES-256-GCM envelopes when the user enables sync encryption, and redact syncEncryptionPassphrase from normal settings exports/backups — Source: docs/archive/RESEARCH_FEATURE_PLAN_PASS3.md NF-2; commit feat: add cloud sync encryption
  • Edge package evidence gate: npm run build:edge:check now writes release-readiness evidence consumed by the browser support matrix; CI uploads edge-artifacts/*, and release docs distinguish automated Edge packaging from manual Partner Center publication and deferred REST update automation — Source: ROADMAP.md Microsoft Edge release quality; commit ci: add edge artifact evidence
  • Per-script host scope for privileged GM network/cookie/DNR APIs: GM network/download/cookie/DNR calls now enforce effective run-host scope before using ambient extension permissions; @connect explicitly widens network/download/DNR targets, DNR rules get initiator-domain constraints, CSP stripping is gated by Modify CSP/high-privilege override, and install/settings UI explains the boundary — Source: docs/archive/RESEARCH_FEATURE_PLAN_PASS3.md NF-4; commit feat: scope privileged gm host access
  • TOFU SRI for unpinned @require: trust receipts now probe dependency bodies without reading or writing caches, block same-URL unpinned dependency hash changes or unverifiable rechecks before save/update/install persistence, and mark pending updates with a specific TOFU review reason while leaving verifiable SHA-pinned SRI URLs on the normal SRI path — Source: docs/archive/RESEARCH_FEATURE_PLAN_PASS3.md NF-5; commit feat: enforce require tofu sri
  • Dashboard module reachability triage: formerly unmounted dashboard modules are now wired to scripts/settings/utilities/editor surfaces, profile switching no longer registers hidden Alt+number shortcuts, and npm run dashboard:modules:check gates module triage plus reachable UI wiring — Source: docs/archive/RESEARCH_FEATURE_PLAN_PASS3.md O-1 / EI-4; commit feat: wire dashboard modules
  • @crontab next-fire engine: complex crontab metadata now schedules the exact next local fire time with one-shot alarms, supports common five-field cron syntax, and surfaces invalid expressions through the Advanced Linter instead of falling back to hourly execution — Source: docs/archive/RESEARCH_FEATURE_PLAN_PASS3.md NF-9; commit feat: correct crontab scheduling
  • What's New v3.x freshness: the dashboard What's New module now includes an exact v3.11.0 entry, refuses to show without an exact manifest-version changelog entry, and npm run whatsnew:check gates manifest/modal freshness through npm run checkSource: docs/archive/RESEARCH_FEATURE_PLAN_PASS3.md EI-1; commit feat: restore whats new modal
  • Dashboard i18n-v2 cleanup: the unused dashboard translation table and language selector were removed, locale docs/checks now cover only live manifest/runtime surfaces, and README no longer claims translated dashboard UI — Source: docs/archive/RESEARCH_FEATURE_PLAN_PASS3.md EI-2; commit chore: remove dead dashboard i18n
  • NPM/ESM @require resolver wiring: npm: @require specs now resolve through the promoted NpmResolver, execute the exact bytes used for computed SRI, cache under the npm spec/final CDN URL, and reject non-HTTPS or internal-host redirected package fetches — Source: docs/archive/RESEARCH_FEATURE_PLAN_PASS3.md NF-7; commit feat: wire npm require resolver
  • Host-permission recovery prompts and optional-host prototype: background diagnostics now detect browser-withheld current-site access, popup/side panel/dashboard show blocked matching scripts with Chrome addHostAccessRequest or permissions.request({ origins }) recovery, permission grant/revoke events refresh diagnostics, and npm run host-permissions:prototype gates future optional HTTP(S) host manifest work — Source: ROADMAP.md P2 host-permission recovery; commit feat: add host permission recovery
  • Import/restore executable quarantine: JSON imports, ZIP imports, raw-JS ZIP fallback imports, selected backup restores, cloud restores, and full-vault restores now default archive-enabled scripts to disabled-for-review with local _importQuarantine markers, explicit trusted restore counts, receipt counters, and dashboard review badges — Source: ROADMAP.md P1 import/restore quarantine; commit feat: quarantine restored scripts
  • Cycle 21 source-aligned coverage gate: npm run test:cov now runs Vitest V8 coverage plus scripts/check-coverage-sources.mjs, CI invokes the gate, coverage includes src/background/**, src/bg/**, src/modules/**, src/shared/**, and src/storage/**, and the source guard fails when authoritative or promoted TypeScript files disappear from coverage-summary.jsonSource: ROADMAP.md P1 coverage gate; verified 2026-06-05 in C:\tmp\ScriptVault-verify with 118 files / 1354 tests passing
  • Cycle 22 dependency freshness automation: .github/dependabot.yml now checks npm and GitHub Actions weekly, groups minor/patch dev-tooling updates by purpose, leaves major updates as separate PRs, and tests/dependabot-config.test.js pins the expected schedule/grouping policy — Source: ROADMAP.md P1 dependency freshness; verified 2026-06-05 with focused config tests and high-severity audit gate
  • Cycle 23 Node/npm toolchain contract: Node 24.16.0+ / npm 11.13.0+ is now the single enforced contract across package.json, package-lock.json, .node-version, .nvmrc, .npmrc, CI setup-node, CWS tooling checks, contributor docs, and the release runbook — Source: ROADMAP.md P2 toolchain alignment; verified 2026-06-05 with toolchain, CWS, audit, and full check gates
  • Cycle 24 GitHub Actions SHA pinning: all eight CI action references are pinned to full 40-character SHAs with same-line version comments, Dependabot watches GitHub Actions updates, and npm run actions:pins:check plus focused regression tests prevent mutable action refs from returning — Source: ROADMAP.md P1 action pinning; verified 2026-06-05 with tag SHA resolution, action-pin gate, and full check suite
  • Cycle 25 optional dependency reach gate: npm run optional-deps:check parses package-lock.json optional packages, optional dependencies, and peer-optional edges, then scans shipped extension/package source inputs for static import, dynamic import(), require(), and require.resolve() reachability so npm audit --omit=optional cannot hide a package that enters shipped behavior — Source: ROADMAP.md P2 optional dependency reach gate; verified 2026-06-06 with the checker, focused failure fixtures, high-severity audit, and full check suite
  • Cycle 26 settings schema classification gate: src/config/settings-schema.json now classifies all 123 known default, typed, and dashboard-saved settings as visible, credential, timestamp, internal, derived, or deprecated, and npm run settings:schema:check fails unclassified or stale settings drift before it reaches CI — Source: ROADMAP.md P2 settings discoverability/validation audit; verified 2026-06-06 with the checker and focused schema drift fixtures
  • Cycle 27 targeted settings field validation: badge color, lint max size, WebDAV/S3 endpoint URLs, denied hosts, and linter JSON now expose text error nodes, aria-invalid, native constraints where applicable, setCustomValidity(), and save-blocking validation shared by blur autosaves and Settings Save buttons — Source: ROADMAP.md P2 settings discoverability/validation audit; verified 2026-06-06 with focused dashboard a11y coverage, settings schema gate, full check suite, and build
  • Cycle 28 settings metadata gate: src/config/settings-schema.json now carries 106 metadata entries for all classified visible settings plus dashboard-saved credential controls, and npm run settings:schema:check enforces type/control/label/help/default or runtime source/select options/high-risk validation descriptors — Source: ROADMAP.md P2 settings discoverability/validation audit; verified 2026-06-06 with the checker and focused metadata drift fixtures
  • Cycle 29 settings pattern-list validation: whitelisted pages, blacklisted pages, manual blacklist, and download whitelist text areas now have accessible text error nodes and save-blocking validation for malformed regex literals plus unsafe whitespace/control-character entries — Source: ROADMAP.md P2 settings discoverability/validation audit; verified 2026-06-06 with focused dashboard a11y and settings schema gates
  • Cycle 30 settings schema dashboard contract: npm run settings:schema:check now cross-checks metadata elementId entries against pages/dashboard.html, including control type, select option values, and validation setting-error wiring — Source: ROADMAP.md P2 settings discoverability/validation audit; verified 2026-06-06 with focused schema DOM-drift fixtures
  • Cycle 32 GM namespace parity: missing direct GM.* aliases for addElement, audio, singular cookie, focusTab, getMenuCommands, head, log, and webRequest are now wired in the authoritative core source and wrapper mirror, GM ambient declarations cover them, and GM.fetch is explicitly deferred until it can reuse the guarded GM_xmlhttpRequest network contract — Source: ROADMAP.md P3 GM namespace completeness; verified 2026-06-06 with focused GM parity/type checks
  • Cycle 33 GM value-change remote coverage: storage fan-out now has deterministic source/runtime coverage for remote: !isOriginTab, wrapper callbacks preserve remote=false through msg.remote !== false, and a Playwright two-tab spec records the current unattended Chromium allow-user-scripts-disabled gate for live chrome.userScripts validation — Source: ROADMAP.md N-3; verified 2026-06-06 with focused GM value remote tests, full check suite, build, and Playwright skip evidence
  • Cycle 34 CWS API v2 migration closure: publish.sh keeps the CLI v4/PUBLISHER_ID path, adds optional CWS_DEPLOY_PERCENTAGE rollout control, and npm run cws:check now pins the active v2 upload, publish, rollout, and fetchStatus endpoint contract while failing on v1.1 endpoint regressions; docs/release-runbook.md records service-account/OIDC as the target custody model with local OAuth as the fallback — Source: ROADMAP.md N-5; verified 2026-06-06 with CWS tooling gate, store-status tests, release store-status JSON, full check suite, and build
  • Cycle 35 Monaco ESM migration planning: docs/monaco-esm-migration-plan.md records the current AMD sandbox state, Monaco 0.53/0.55 migration drivers, a bundled local ESM target architecture, CSP and worker constraints, Firefox AMO fallback rules, and validation gates for the later X-4 implementation pass — Source: ROADMAP.md N-6; verified 2026-06-06 with focused Monaco plan tests, full check suite, and build
  • Cycle 36 Edge browser smoke evidence: npm run smoke:edge passed on Microsoft Edge 146.0.3856.97, enabling the temporary profile's Allow User Scripts toggle, loading the staged Edge package, verifying dashboard/popup rendering, saving/toggling a smoke userscript, and confirming local target-page execution; the support matrix now reads committed sanitized evidence from docs/audit/edge-smoke-3.11.0.jsonSource: ROADMAP.md X-1; verified 2026-06-06 with live Edge smoke, focused Edge smoke tests, support matrix regeneration/check, full check suite, and build
  • Cycle 37 @background groundwork: parser/type metadata now preserves @background, settings defaults/types/schema include internal default-off experimentalBackgroundScripts, page-load registration keeps @background scripts dormant until the DOM-less runner ships, and docs/background-scripts-design.md records the runner, API, scheduling, review, and verification contract — Source: ROADMAP.md X-2; verified 2026-06-06 with focused background contract/storage tests, settings schema gate, TS runtime check, full check suite, and build
  • Cycle 38 background runner planning scaffold: src/background/background-runner.ts now classifies @background candidates behind the default-off gate, normalizes allowed GM grant aliases, rejects DOM/page/tab grants, requires a supported trigger, and clamps timeout/concurrency/queue budgets before any execution runner can be wired — Source: ROADMAP.md X-2; verified 2026-06-06 with focused background runner tests, TypeScript, full check suite, and build
  • Cycle 39 dormant background diagnostics: registration now logs the background planner status/reason when skipping @background scripts, and the local health report aggregates dormant, eligible, gated, missing-trigger, unsupported-grant, and disabled background-script counts without script identifiers, source, names, or URLs — Source: ROADMAP.md X-2; verified 2026-06-06 with focused local-health/background contract tests, TypeScript, TS runtime generation/check, full check suite, and build
  • Cycle 40 restricted background wrapper scaffold: src/background/background-wrapper.ts builds a non-wired DOM-less wrapper that rejects unsupported DOM/page/tab grants and @require, blocks page globals with fail-closed proxies, and exposes only the reviewed GM value, XHR, notification, log, and info surface for the future runner — Source: ROADMAP.md X-2; verified 2026-06-06 with focused background wrapper tests, TypeScript, full check suite, and build
  • Cycle 41 non-executing background runner bridge: src/background/background-runner-bridge.ts now assembles planner output plus wrapper payloads for eligible scripts, carries reviewed budget clamps into the payload, reports wrapper-construction failures such as unsupported @require, and still returns executionEnabled: false because offscreen/service-worker execution is not wired — Source: ROADMAP.md X-2; verified 2026-06-06 with focused bridge/wrapper/runner tests, TypeScript, full check suite, and build
  • Cycle 42 background runner dry-run action: the promoted runtime now handles prepareBackgroundRunnerDryRun, returning planner status, wrapper support, reviewed budget, and executionEnabled: false while omitting wrapper code and performing no script execution — Source: ROADMAP.md X-2; verified 2026-06-06 with focused dry-run/local-health tests, TypeScript, TS runtime generation/check, full check suite, and build
  • Cycle 43 support snapshot background dry-runs: support snapshots now call prepareBackgroundRunnerDryRun for @background scripts only when the user opts into script inventory, and include sanitized planner/wrapper/budget status with includesCode: false and no execution — Source: ROADMAP.md X-2; verified 2026-06-06 with focused support snapshot/dry-run tests, TypeScript, full check suite, and build
  • Cycle 44 CWS guard for background execution: npm run cws:remote-code:check now fails future offscreen_background_run eval/new Function wiring in extension contexts, and the CWS compliance memo documents that the DOM-less @background runner remains dry-run only until a compliant execution architecture is approved — Source: ROADMAP.md X-2; verified 2026-06-06 with focused CWS scanner tests and the remote-code gate
  • Cycle 45 setup doctor and rehydration audit planning: N-7 now tracks Chrome 138+ Allow User Scripts, pre-138 developer-mode fallback, Firefox optional userScripts, host grants, and update-time registration clearing as one product-surface reliability row — Source: ROADMAP.md N-7; verified 2026-06-06 by repo/code inspection plus Chrome and MDN source refresh
  • Cycle 46 developer workspace planning: X-8 now scopes local workspace support to a Chromium File System Access flow that preserves review/diff/rollback before any local file apply and leaves Firefox on manual import until a safe equivalent exists — Source: ROADMAP.md X-8; verified 2026-06-06 by repo/code inspection plus File System Access source refresh
  • Cycle 47 Greasy Fork publish correction: X-9 now uses a browser-mediated prefilled-form handoff with no stored Greasy Fork credentials, cookies, CSRF values, or background publish endpoint assumptions — Source: ROADMAP.md X-9; verified 2026-06-06 by repo/code inspection plus Greasy Fork API source refresh
  • Cycle 48 implementation decomposition: N-8 local-save trust receipts became the prerequisite for X-8/X-9, with explicit implementation slices for editor save provenance, autosave coalescing, and export/sync redaction — Source: ROADMAP.md N-8/X-8/X-9; verified 2026-06-06 by repo/code inspection plus current extension policy/source refresh
  • Cycle 49 compliant background execution architecture: X-2 rejects service-worker/offscreen eval, chrome.userScripts.execute, chrome.debugger, native messaging, and cloud execution as the first no-open-tab path; the only local prototype candidate is a sandboxed no-extension-API runner page with a strict capability protocol — Source: ROADMAP.md X-2; verified 2026-06-06 by repo/code inspection plus Chrome offscreen/remote-code and ScriptCat source refresh
  • Cycle 50 SPA navigation contract planning: X-3 now defines tested window.onurlchange behavior for Navigation API, history, popstate, hashchange, same-turn dedupe, preserved { url, oldUrl }, and documentation examples — Source: ROADMAP.md X-3; verified 2026-06-06 by repo/code inspection plus Navigation API source refresh
  • Cycle 51 local-save trust receipt slices: N-8 now requires a local-source override, dashboard editor-save helper, autosave coalescing, export/sync redaction, and path-specific receipt tests before X-8 local file refresh applies code — Source: ROADMAP.md N-8; verified 2026-06-06 by repo/code inspection plus CWS user-data and File System Access source refresh
  • Cycle 52 local workspace binding data model: X-8 now keeps file handles, absolute paths, and binding metadata in a separate local-only store, exposes only display-name/status summaries, and starts with "Refresh from local file" rather than automatic watch mode — Source: ROADMAP.md X-8; verified 2026-06-06 by repo/code inspection plus File System Access stored-handle/permission source refresh
  • Cycle 53 setup rehydration evidence: registerAllScripts() now records aggregate last-registration-sweep status for unavailable setup, global-disabled skips, already-current diffs, stale cleanup, diff registration, forced/full registration, and errors; local health reports and support snapshots include that evidence without script names, script IDs, code, or URLs — Source: ROADMAP.md N-7; verified 2026-06-06 with focused local-health/userScripts tests, TypeScript, TS runtime generation/check, full check suite, and build
  • Cycle 54 local-save trust receipt implementation: dashboard manual saves and autosaves now send explicit local-save trust payloads, the receipt schema records local source kind/label, local receipts suppress remote metadata source fallback while preserving update/download URLs, and focused tests pin the dashboard/background contract — Source: ROADMAP.md N-8; verified 2026-06-06 with focused receipt tests, TypeScript runtime check, audit, full check suite, build, and CWS remote-code scan
  • Cycle 55 autosave receipt coalescing: dashboard autosaves now carry an ephemeral open-tab coalesce key/window, the background save path keeps coalescing state in memory only, repeated autosaves reuse the first rollback history entry instead of adding noisy entries, manual saves clear coalescing, and tests pin that coalesce tokens stay out of script records while save still uses reregisterScript()Source: ROADMAP.md N-8; verified 2026-06-06 with focused local-save/reregister tests, TypeScript runtime check, audit, full check suite, build, and CWS remote-code scan
  • Cycle 56 local workspace binding store and redaction fixtures: LocalWorkspaceBindings now stores future File System Access handles in a local-only IndexedDB store separate from script records, returns summaries that omit handles and absolute paths, deletes bindings with scripts/storage clear, and JSON export, CloudSync, EasyCloud, and support snapshot tests strip future local workspace metadata from outbound payloads — Source: ROADMAP.md N-8/X-8; verified 2026-06-06 with focused storage/export/sync/support tests, TypeScript runtime check, audit, full check suite, build, and CWS remote-code scan
  • Cycle 57 dashboard local file binding: the editor toolbar now exposes a feature-detected Bind File action, calls showOpenFilePicker() directly from the click handler, stores selected handles only in the local localWorkspaceBindings IndexedDB store, renders display-name/permission summaries, and tests prove binding does not call saveScript, read code text, or churn local-save history — Source: ROADMAP.md X-8/N-8; verified 2026-06-06 with focused local-workspace/local-save/storage tests, TypeScript runtime check, audit, full check suite, build, and CWS remote-code scan
  • Cycle 58 local file refresh review: bound scripts now expose Refresh File and Unbind; refresh loads the stored handle, requests read permission only from the user action, updates stale/error/no-change summaries, shows a review diff before applying changed local code, and saves accepted changes through saveScript with a local-save/local-file receipt — Source: ROADMAP.md X-8/N-8; verified 2026-06-06 with focused local-workspace/local-save/storage tests, TypeScript runtime check, audit, full check suite, build, and CWS remote-code scan
  • Cycle 59 deep-audit GM_addElement srcdoc hardening: srcdoc is now rejected for direct GM_addElement attributes and sanitized innerHTML nodes in the focused wrapper source and core runtime source, generated artifacts were refreshed, and the DOM security regression proves iframe srcdoc cannot pass through — Source: docs/research-deep-audit-2026-06-06.md EI-1 / ROADMAP.md N-9; verified 2026-06-06 with focused DOM security tests, TypeScript runtime check, audit, full check suite, build, and CWS remote-code scan
  • Cycle 60 deep-audit @crontab execution-world hardening: scheduled scripts now prefer chrome.userScripts.execute in USER_SCRIPT world and fall back only to chrome.scripting.executeScript in MAIN world, removing the prior scheduled ISOLATED/new Function extension-world path and pinning the behavior in the crontab regression suite — Source: docs/research-deep-audit-2026-06-06.md EI-2 / ROADMAP.md N-9; verified 2026-06-06 with focused crontab tests, TypeScript runtime check, audit, full check suite, build, and CWS remote-code scan
  • Cycle 61 deep-audit PublicAPI internal-host guard parity: PublicAPI now imports the canonical isInternalHost guard instead of maintaining a private copy, so trusted origins, web install URLs, and webhook URLs reject .localhost, TEST-NET, benchmarking, Class E, and IPv4-mapped IPv6 hex hosts with the same policy as the main fetch guard — Source: docs/research-deep-audit-2026-06-06.md EI-3 / ROADMAP.md N-9; verified 2026-06-06 with focused PublicAPI/internal-host/source-parity tests, TypeScript runtime check, audit, full check suite, build, and CWS remote-code scan
  • Cycle 62 S3 settings field validation: S3 sync endpoint, region, bucket, and object key now have schema validation metadata, native dashboard hints, accessible error nodes, setCustomValidity() coverage, and save-blocking blur validation; the endpoint is required only for S3 and must not include a path — Source: ROADMAP.md N-1; verified 2026-06-06 with focused dashboard a11y/schema tests, settings schema gate, TypeScript runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 63 sync credential validation: WebDAV URL, WebDAV username/password, sync encryption passphrase, and S3 access/secret keys now have schema validation metadata, native length limits, accessible error nodes, and save-blocking dashboard validation; sync encryption cannot be enabled without a passphrase — Source: ROADMAP.md N-1; verified 2026-06-06 with focused dashboard a11y/schema tests, settings schema gate, TypeScript runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 64 editor select validation: editor font size, indentation width, and tab size now have schema validation metadata, accessible error nodes, and save-blocking allowed-option checks that read the live dashboard select options before persisting numeric values — Source: ROADMAP.md N-1; verified 2026-06-06 with focused dashboard a11y/schema tests, settings schema gate, TypeScript runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 65 interval select validation: update check, notification hide delay, and externals update interval selects now have schema validation metadata, accessible error nodes, and save-blocking allowed-option checks; 0/"Never" values are preserved through settings load and save instead of collapsing to fallback intervals — Source: ROADMAP.md N-1; verified 2026-06-06 with focused dashboard a11y/schema tests, settings schema gate, TypeScript runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 66 security select validation: content script API, sandbox mode, CSP modification mode, and HTTP header modification mode now have schema validation metadata, accessible error nodes, and save-blocking allowed-option checks that reject tampered or stale select values before persisting security-sensitive modes — Source: ROADMAP.md N-1; verified 2026-06-06 with focused dashboard a11y/schema tests, settings schema gate, TypeScript runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 67 action behavior select validation: default tab type, local file access, cookie access, page communication, SRI, include mode, @connect checks, incognito storage, page filtering, block severity, strict mode, and top-level await selects now have schema validation metadata, accessible error nodes, and save-blocking allowed-option checks; block severity no longer coerces invalid values to the fallback before validation — Source: ROADMAP.md N-1; verified 2026-06-06 with focused dashboard a11y/schema tests, settings schema gate, TypeScript runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 68 remaining select validation: badge info, blacklist source, config mode, download mode, editor theme, highlight matches, indent style, key mapping, logging level, popup columns, script order, search integration, tab mode, and trash mode now have schema validation metadata, accessible error nodes, and save-blocking allowed-option checks; every schema-backed select now carries validation metadata, and popup columns no longer coerces invalid values to the fallback before validation — Source: ROADMAP.md N-1; verified 2026-06-06 with focused dashboard a11y/schema tests, settings schema gate, TypeScript runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 69 custom CSS validation: dashboard custom CSS now has schema validation metadata, a native maxlength, an accessible error node, and save-blocking validation that rejects unsafe control characters and CSS over 100,000 characters while preserving intentional whitespace — Source: ROADMAP.md N-1; verified 2026-06-06 with focused dashboard a11y/schema tests, settings schema gate, TypeScript runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 70 N-1 acceptance closure: npm run settings:schema:check now requires validation metadata for every dashboard-backed input control that can accept malformed values (select, text, textarea, number, password, URL), keeps checkboxes/readonly controls exempt, and fails drift before CI can persist invalid setting values without inline errors — Source: ROADMAP.md N-1; verified 2026-06-06 with focused settings schema/dashboard tests, settings schema gate, TypeScript runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 71 guarded GM.fetch closure: GM.fetch and direct GM_fetch now build Fetch Response objects through the existing GM_xmlhttpRequest bridge, preserving host-scope, @connect, abort, redirect, no-cache, and internal-host policy without adding a new background fetch action; GM ambient declarations and parity tests pin the contract — Source: ROADMAP.md N-2; verified 2026-06-06 with focused GM parity/type/wrapper tests, generator checks, settings schema gate, audit, full check suite, build, CWS remote-code scan, TypeScript runtime check, and git diff --check
  • Cycle 72 SPA URL-change proof: window.onurlchange now uses a shared scheduler across Navigation API, history, popstate, and hashchange with microtask/frame rechecks and duplicate suppression; focused jsdom wrapper tests pin Navigation API notifications, listener dedupe/removal, fallback events, and { url, oldUrl } details, and README documents the author pattern — Source: ROADMAP.md X-3; verified 2026-06-06 with focused URL-change wrapper tests, TypeScript runtime check, settings schema gate, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 73 Monaco package guard: npm run monaco:package:check now pins the current pre-ESM packaging contract: Chromium uses the local AMD Monaco bundle, the sandbox rejects remote/CDN editor assets, Firefox packaging remains Monaco-free until AMO lint proof exists, and npm run check includes the guard — Source: ROADMAP.md X-4; verified 2026-06-06 with focused Monaco package/plan/fallback tests, the package-contract gate, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 74 Monaco ESM prototype: src/editor/monaco-esm-entry.ts and npm run build:monaco:esm now produce ignored local ESM editor, CSS/font, and worker assets under lib/monaco-esm/; npm run monaco:esm:check validates the post-build layout and docs/audit/monaco-esm-prototype-2026-06-06.json records the emitted sizes, including the 12,156,466-byte TypeScript worker — Source: ROADMAP.md X-4; verified 2026-06-06 with focused Monaco build/package tests, TypeScript, package and ESM prototype gates, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 75 Monaco ESM size budget: the ESM prototype keeps the full JavaScript/TypeScript worker set for Chromium, and npm run monaco:esm:check now enforces total, gzip, editor.js, and ts.worker.js budgets while evidence records 25,186,387 bytes uncompressed and 4,279,263 gzip bytes — Source: ROADMAP.md X-4; verified 2026-06-06 with focused Monaco prototype-check/package tests, package and ESM gates, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 76 Monaco ESM sandbox switch: pages/editor-sandbox.html now loads packaged lib/monaco-esm/editor.css and dynamically imports lib/monaco-esm/editor.js, esbuild.config.mjs no longer copies the deprecated AMD min/ tree, and npm run monaco:package:check rejects AMD loader/copy regressions while the existing monaco-load-error fallback remains wired — Source: ROADMAP.md X-4; verified 2026-06-06 with focused Monaco package/plan/fallback/search tests, sandbox script parsing, package and ESM gates, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 77 Monaco ESM fallback harness: tests/monaco-esm-sandbox-loader.test.js now executes the real sandbox script in a VM-backed DOM harness, proves the ESM CSS and module paths are requested, verifies a mock Monaco import posts ready, and verifies a missing ESM module posts the existing monaco-load-error fallback message — Source: ROADMAP.md X-4; verified 2026-06-06 with focused Monaco sandbox-loader/package tests, package and ESM gates, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 78 Monaco ESM Chromium sandbox smoke: tests/e2e/monaco-esm-sandbox.spec.js now opens the packaged sandbox as a real Chromium extension page, verifies the local ESM stylesheet/API and .monaco-editor ready state, and routes lib/monaco-esm/editor.js to prove the existing missing-bundle fallback posts monaco-load-errorSource: ROADMAP.md X-4; verified 2026-06-06 with the focused Playwright Monaco sandbox spec, package and ESM gates, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 79 Monaco adapter dashboard smoke: tests/e2e/monaco-adapter-dashboard.spec.js now seeds a script, opens it through the dashboard edit icon, proves the Monaco adapter path is active, saves changed code through the editor toolbar, reloads the dashboard, and confirms the saved code returns through the adapter — Source: ROADMAP.md X-4; verified 2026-06-06 with focused Monaco Playwright e2e specs, package and ESM gates, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 80 browser namespace alias: generated shared/utils.js now installs a non-enumerable browser alias only in extension-owned globals that already have chrome.runtime, preserves native browser, leaves inert page globals unchanged, and keeps userscript wrappers from assigning window.browser; pages/dashboard-firefox-compat.js now treats Chromium browser.runtime as Chrome unless Firefox UA or Gecko manifest metadata is present — Source: ROADMAP.md X-5; verified 2026-06-06 with focused shared-utils/dashboard-compat/wrapper/generator tests, TypeScript runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 81 Trusted Types author docs: README.md and the dashboard Help tab now explain default USER_SCRIPT isolation, MAIN/page-context Trusted Types limits, safer DOM write patterns, GM_addElement usage, and the danger of broad passthrough TrustedHTML policies; tests/trusted-types-docs.test.js pins the docs and confirms no runtime policy shim was added — Source: ROADMAP.md X-6; verified 2026-06-06 with focused Trusted Types docs/dashboard/readability checks, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 82 subscription feed refresh scheduling: subscription feeds now have a managed subscriptionRefresh alarm gated by enabled feeds, subscriptionAutoRefresh, and a configurable dashboard interval; add/remove/settings changes reschedule the alarm, alarm dispatch runs through the existing background mutex, and subscription rows show Healthy, Needs attention, Not checked, or Disabled state — Source: ROADMAP.md X-7; verified 2026-06-06 with focused subscription/dashboard/schema tests, settings schema gate, TS runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 83 local workspace refresh status: binding summaries now carry lastStatusKind, and the editor local-file status chip reports bound, unchanged, applied, review-cancelled, missing/rebind-needed, permission-denied, read-failed, or apply-failed states while continuing to omit stored handles and absolute paths from display-safe summaries — Source: ROADMAP.md X-8; verified 2026-06-06 with focused local-workspace/storage/support-redaction tests, TS runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 84 local workspace health evidence: local health reports now summarize local workspace bindings by aggregate count, permission state, refresh status, error state, and refresh age; support snapshots sanitize that block unless script inventory is selected and the privacy envelope explicitly excludes file handles and local paths — Source: ROADMAP.md X-8; verified 2026-06-06 with focused local-health/support-redaction/local-workspace/storage tests, TS runtime check, audit, full check suite, build, CWS remote-code scan, and git diff --check
  • Cycle 85 local refresh acceptance hardening: bound local-file refresh now rejects files over the 5 MB script cap before reading text, records too-large and parse-failed states distinctly, surfaces readable toasts/status chips for both failures, and keeps accepted local applies on the existing saveScript/reregisterScript() path — Source: ROADMAP.md X-8; verified 2026-06-06 with focused local-workspace/local-health/local-save/reregister tests, TS runtime check, audit, full check suite, build, CWS remote-code scan, dashboard modal smoke, and git diff --check
  • Cycle 86 Greasy Fork publish preflight: the editor toolbar now exposes a Greasy Fork publish handoff that validates the current editor metadata, distinguishes new-script vs existing-script prefill targets from Greasy Fork URLs, previews the exact posted code and target URL, opens only a user-initiated multipart form handoff, and keeps copy/download fallbacks while tests pin no background publish endpoint, XHR/fetch write path, or stored account/session material — Source: ROADMAP.md X-9; verified 2026-06-06 with focused Greasy Fork handoff/local-workspace dashboard tests, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, and git diff --check
  • Cycle 87 Greasy Fork publication receipts: after opening the Greasy Fork prefill form, the dashboard now asks whether the user submitted it and records a local-only publication receipt with target URL, mode, Greasy Fork script ID, metadata, code length, and optional SHA-256 hash; the receipt omits submitted source and account/session material, trims per-script receipt history, and reloads in the Info panel — Source: ROADMAP.md X-9; verified 2026-06-06 with focused Greasy Fork/local-workspace tests, Chromium publication receipt smoke, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, and git diff --check
  • Cycle 88 Greasy Fork receipt history management: the Info panel now renders recent local publication receipts for the current script, keeps the no-source/no-account-data boundary visible, and provides a confirm-gated clear-history action that deletes only local receipt rows — Source: ROADMAP.md X-9; verified 2026-06-06 with focused Greasy Fork/local-workspace tests, Chromium receipt-history smoke, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, and git diff --check
  • Cycle 89 Greasy Fork receipt summary fallback: publication receipt history now has a copy-summary action that copies target, version, size, timestamp, and SHA-256 evidence while continuing to omit submitted source and account/session data — Source: ROADMAP.md X-9; verified 2026-06-06 with focused Greasy Fork/local-workspace tests, Chromium receipt-summary smoke, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, and git diff --check
  • Cycle 90 Greasy Fork receipt export fallback: publication receipt history now has a download-summary action that exports the same sanitized local receipt evidence to a text file with a safe filename and Blob URL cleanup, without adding submitted source or account/session data — Source: ROADMAP.md X-9; verified 2026-06-06 with focused Greasy Fork/local-workspace tests, Chromium receipt-export smoke, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, and git diff --check
  • Cycle 91 Greasy Fork session-check polish: the publish preflight modal now includes an Open Greasy Fork action that opens only the Greasy Fork base URL with noopener/noreferrer so users can check their session before posting the prefilled form, without sending script data — Source: ROADMAP.md X-9; verified 2026-06-06 with focused Greasy Fork/local-workspace tests, Chromium preflight session-check smoke, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, and git diff --check
  • Cycle 92 enterprise policy provisioning: Chrome/Edge manifests now declare a managed-storage schema for managedScripts and managedScriptsCleanup, the service worker narrows managed storage to trusted extension contexts when supported, managed installs are tagged by returned script ID plus URL/hash origin key, and the dashboard shows a Managed badge — Source: ROADMAP.md L-1; verified 2026-06-06 with focused enterprise provisioning/manifest tests, Chromium managed-badge smoke, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, and git diff --check
  • Cycle 93 enterprise policy diagnostics: local health reports now expose aggregate managed-policy support/read/configuration/install counts and warning signals without policy URLs, inline source, origin keys, script names, or script IDs — Source: ROADMAP.md L-1; verified 2026-06-06 with focused local-health/support-snapshot tests, Chromium local-health smoke, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, and git diff --check
  • Cycle 94 enterprise policy apply feedback: managed-policy apply runs now record local-only aggregate attempt/install/failure/skip/prune counts, local health exposes that last-run evidence as support-safe warnings, and managed apply logs avoid policy URLs, raw errors, script names, and script IDs — Source: ROADMAP.md L-1; verified 2026-06-06 with focused enterprise/local-health/support-snapshot tests, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 95 DNR response-header matching: @webRequest and GM_webRequest selectors now accept Chrome 128+ responseHeaders and excludedResponseHeaders HeaderInfo arrays, parser validation admits only reviewed header condition and mutation shapes, the DNR builder emits the response-header conditions, and docs explain that runtime callbacks remain unsupported — Source: ROADMAP.md L-4; verified 2026-06-06 with focused parser/DNR/parity tests, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 96 GM value sync data model: syncValues is now a sync-safe per-script opt-in marker, the scriptvault-gm-value-sync/v1 bundle builder enforces JSON-only values plus per-script/key-count/key-size caps, CloudSync and EasyCloud tests keep actual GM values out of provider envelopes, and the data-model doc records the remaining provider-wiring rules — Source: ROADMAP.md L-8; verified 2026-06-06 with focused GM value sync/cloud-sync/EasyCloud/parity tests, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 97 GM value sync diagnostics: local health reports now include aggregate GM value-sync readiness counts for opt-in scripts, ready/empty bundles, cap/JSON warning IDs, value-read failures, syncable key totals, estimated bytes, and active caps while reporting providerWritesEnabled: false and excluding GM values, value key names, script IDs, script names, URLs, handles, paths, credentials, and provider account data — Source: ROADMAP.md L-8; verified 2026-06-06 with focused local-health/support-snapshot/GM value-sync tests, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 98 GM value sync CloudSync upload: CloudSync preview/upload now builds top-level valueBundles only for scripts with syncValues === true, rebuilds bundles through the capped schema before provider writes, keeps GM values out of script records/settings/storage and non-opted scripts, and reports local/remote value-bundle counts in dry-run previews while leaving downloaded bundle application pending — Source: ROADMAP.md L-8; verified 2026-06-06 with focused CloudSync/hardening/GM value-sync/local-health tests, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 99 GM value sync remote apply gate: CloudSync now validates downloaded valueBundles against the post-merge script set, schema/scriptId/value shape, and syncValues === true, reports eligible/ignored/warning counts in dry-run previews and the dashboard, and keeps local GM value writes disabled until conflict handling is ready — Source: ROADMAP.md L-8; verified 2026-06-06 with focused CloudSync/hardening tests, typecheck, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 100 GM value sync empty-local apply: CloudSync now applies valid downloaded value bundles with ScriptValues.setAll() only when the target script remains opted in and local GM storage is empty; non-empty local bags, user-modified scripts, unavailable storage, or write failures preserve the remote bundle in the next upload instead of overwriting it — Source: ROADMAP.md L-8; verified 2026-06-06 with focused CloudSync/hardening tests, typecheck, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 101 GM value sync result evidence: real CloudSync syncNow responses and the dashboard sync log now report aggregate value-bundle applied, preserved, conflict-blocked, unavailable, and failed counts after empty-local applies or blocked non-empty merges, without exposing script IDs, script names, value keys, values, URLs, handles, paths, credentials, or provider account data — Source: ROADMAP.md L-8; verified 2026-06-06 with focused CloudSync/hardening/sync-cockpit tests, typecheck, full check suite, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 102 GM value sync blocked-merge preview: CloudSync dry-runs now expose preview-only valueBundleConflicts entries for valid remote value bundles blocked by non-empty local values or unavailable local snapshots, with only reason plus local/remote key and byte counts; the dashboard renders the preview while omitting script IDs, script names, value keys, values, URLs, handles, paths, credentials, and provider account data — Source: ROADMAP.md L-8; verified 2026-06-06 with focused CloudSync/hardening/sync-cockpit tests, typecheck, full check suite with 1504 Vitest cases, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 103 GM value sync preview export: the dashboard sync cockpit now enables Download Preview after a successful dry-run and exports schema scriptvault-sync-preview/v1 with safe summary counts plus sanitized value-bundle conflict counts, while omitting script conflict IDs/names, script IDs, script names, value keys, values, URLs, handles, paths, credentials, and provider account data — Source: ROADMAP.md L-8; verified 2026-06-06 with focused sync-cockpit tests, full check suite with 1505 Vitest cases, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 104 GM value sync key-overlap metadata: blocked value-bundle previews and sanitized preview exports now include overlapping, local-only, and remote-only key counts for non-empty local/remote value bags, while omitting script IDs, script names, value key names, values, URLs, handles, paths, credentials, and provider account data — Source: ROADMAP.md L-8; verified 2026-06-06 with focused CloudSync/hardening/sync-cockpit tests, typecheck, full check suite with 1505 Vitest cases, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 105 GM value sync blocked-reason results: real CloudSync syncNow responses and the dashboard sync log now separate non-empty local value preserves from user-modified script preserves through skippedNonEmpty and skippedUserModified counts while keeping the aggregate no IDs, names, keys, values, URLs, handles, paths, credentials, or provider account data boundary — Source: ROADMAP.md L-8; verified 2026-06-06 with focused CloudSync/hardening/sync-cockpit tests, typecheck, full check suite with 1506 Vitest cases, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 106 GM value sync timestamp metadata: GM value rows now record updatedAt on set/setAll, ScriptValues exposes aggregate value-count and last-updated metadata, and CloudSync value bundles preserve optional lastValueUpdatedAt through capped upload/download rebuilds while legacy bundles remain valid and the new signal adds no value key names or values — Source: ROADMAP.md L-8; verified 2026-06-06 with focused GM value sync/source CloudSync/storage/hardening/sync-cockpit tests, typecheck, full check suite with 1508 Vitest cases, build, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 107 GM value sync timestamp preview evidence: blocked value-bundle dry-run previews and sanitized preview exports now carry local/remote aggregate last-updated timestamps plus a coarse last-write hint, while still omitting script IDs, script names, value key names, values, URLs, handles, paths, credentials, and provider account data and leaving non-empty writes disabled — Source: ROADMAP.md L-8; verified 2026-06-06 with focused source CloudSync/sync-cockpit/hardening tests, typecheck, build, full check suite with 1508 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 108 GM value sync timestamp result summaries: real syncNow value-bundle summaries now count preserved remote bundles by aggregate timestamp hint (remote-newer, local-newer, same, one-sided, or unknown) and the dashboard sync log displays those counts without exposing script IDs, script names, value key names, values, URLs, handles, paths, credentials, or provider account data — Source: ROADMAP.md L-8; verified 2026-06-06 with focused source CloudSync/sync-cockpit/hardening tests, typecheck, build, full check suite with 1508 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 109 GM value sync per-key timestamp metadata: opted-in value bundles can now include normalized per-key keyMetadata.updatedAt entries sourced from IndexedDB value-row timestamps, with CloudSync upload/download sanitization preserving only metadata for included keys while sanitized previews/results continue to omit value key names and values — Source: ROADMAP.md L-8; verified 2026-06-06 with focused GM value sync/storage/source CloudSync/hardening/sync-cockpit tests, typecheck, build, full check suite with 1509 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 110 GM value sync per-key conflict preview: blocked value-bundle previews and sanitized preview exports now include overlap timestamp counts for remote-newer, local-newer, same, one-sided, and unknown overlapping keys, while continuing to omit script IDs, script names, value key names, values, URLs, handles, paths, credentials, and provider account data — Source: ROADMAP.md L-8; verified 2026-06-06 with focused source CloudSync/sync-cockpit/hardening tests, typecheck, build, full check suite with 1509 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 111 GM value sync stale-bundle diagnostics: dry-run summaries and the dashboard preview now count timestamped versus missing local/remote value bundles and older/newer-than-last-sync bundles, preserving aggregate-only evidence without script IDs, script names, value key names, values, URLs, handles, paths, credentials, or provider account data — Source: ROADMAP.md L-8; verified 2026-06-06 with focused source CloudSync/sync-cockpit/hardening tests, typecheck, build, full check suite with 1509 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 112 GM value sync candidate merge preview: blocked value-bundle previews and sanitized preview exports now include a non-writing candidate merge plan plus remote-candidate, local-candidate, same-timestamp, and manual-review key counts, preserving aggregate-only evidence without script IDs, script names, value key names, values, URLs, handles, paths, credentials, provider account data, or raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-06 with focused source CloudSync/sync-cockpit/hardening tests, typecheck, build, full check suite with 1509 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 113 GM value sync candidate merge acceptance gate: dry-run summaries now count ready, manual-review, and unavailable candidate merges, and blocked value-bundle previews/exports include only gate status, block reason, and one-sided timestamp key counts while non-empty writes remain disabled and no script IDs, script names, value key names, values, URLs, handles, paths, credentials, provider account data, or raw key metadata are exposed — Source: ROADMAP.md L-8; verified 2026-06-06 with focused source CloudSync/sync-cockpit/hardening tests, typecheck, build, full check suite with 1509 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 114 GM value sync manual-review diagnostics: dry-run summaries and sanitized preview exports now count candidate merge block reasons for same timestamps, unknown timestamps, one-sided timestamps, unavailable local snapshots, and no-candidate cases, while a focused manual-review fixture proves those diagnostics avoid script IDs, script names, value key names, values, URLs, handles, paths, credentials, provider account data, and raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-06 with focused source CloudSync/sync-cockpit/hardening tests, typecheck, build, full check suite with 1510 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 115 GM value sync candidate result preview: dry-run summaries, blocked value-bundle previews, and sanitized preview exports now count hypothetical result keys, auto-selected keys, and review keys for candidate merges, while keeping the evidence aggregate-only and leaving non-empty writes disabled — Source: ROADMAP.md L-8; verified 2026-06-06 with focused source CloudSync/sync-cockpit/hardening tests, typecheck, build, full check suite with 1510 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 116 GM value sync preserved candidate summaries: real sync valueBundleSync results and the dashboard sync log now report aggregate preserved-bundle candidate readiness plus result, auto-selected, and review key totals for blocked non-empty/user-modified preserves, without exposing IDs, names, key names, values, provider account data, or raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-06 with focused source CloudSync/sync-cockpit/hardening tests, typecheck, build, full check suite with 1510 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 117 GM value sync preserved review reasons: real sync valueBundleSync results and the dashboard sync log now include aggregate preserved candidate block reasons for same timestamps, unknown timestamps, one-sided timestamps, unavailable local snapshots, and no-candidate cases, without exposing IDs, names, key names, values, provider account data, or raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-06 with focused source CloudSync/sync-cockpit/hardening tests, typecheck, build, full check suite with 1510 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 118 GM value sync preview export count hardening: dashboard preview and Download Preview sanitization now floors fractional summary and value-bundle conflict metrics to non-negative integers, preventing negative or fractional injected aggregate counts from surviving sanitized preview/export output while keeping the no IDs, names, key names, values, provider account data, or raw key metadata boundary — Source: ROADMAP.md L-8; verified 2026-06-07 with focused sync-cockpit tests, typecheck, build, full check suite with 1510 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 119 GM value sync merge acceptance invariants: candidate merges can now report ready only when auto-selected keys cover the whole hypothetical result and review-key count is zero, with source/runtime parity checks proving the guard exists in both CloudSync source paths and focused preview tests pinning ready/manual-review totals — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync/parity tests, typecheck, build, full check suite with 1510 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 120 GM value sync preview export schema drift guard: the sync cockpit tests now pin the exact top-level scriptvault-sync-preview/v1 keys, sanitized summary keys, and value-bundle conflict entry keys while keeping extra top-level, summary, script ID, value key, and value fields out of exported JSON — Source: ROADMAP.md L-8; verified 2026-06-07 with focused sync-cockpit tests, typecheck, build, full check suite with 1511 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 121 GM value sync accepted-result evidence: dry-run summaries, sanitized preview exports, and real sync result logs now count ready-only accepted candidate result keys separately from total, auto-selected, and review key totals, preserving aggregate-only evidence while non-empty writes remain disabled — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync/sync-cockpit/parity tests, typecheck, build, full check suite with 1511 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 122 GM value sync preview-only merge simulation marker: blocked value-bundle preview entries and sanitized exports now include candidateMergeSimulation with ready-preview-only, manual-review, or unavailable labels, making dry-run merge readiness explicit without enabling non-empty writes or exposing IDs, key names, values, provider account data, or raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync/sync-cockpit/parity tests, typecheck, build, full check suite with 1511 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 123 GM value sync merge simulation totals: dry-run summaries and sanitized exports now include aggregate ready-preview-only, manual-review, and unavailable simulation counts, and the dashboard preview renders them separately from candidate gate totals without enabling non-empty writes or exposing IDs, key names, values, provider account data, or raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync/sync-cockpit/parity tests, typecheck, build, full check suite with 1511 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 124 GM value sync merge simulation result totals: dry-run summaries and sanitized exports now group hypothetical result-key totals by ready-preview-only, manual-review, and unavailable simulation states, and the dashboard preview renders those aggregate totals without enabling non-empty writes or exposing IDs, key names, values, provider account data, or raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync/sync-cockpit/parity tests, typecheck, build, full check suite with 1511 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 125 GM value sync export result invariants: Download Preview and dashboard preview sanitization now clamp accepted-ready, auto-selected, review, and simulation result-key totals to the aggregate candidate result budget, so impossible summary totals cannot overstate advisory merge evidence while non-empty writes remain disabled — Source: ROADMAP.md L-8; verified 2026-06-07 with focused sync-cockpit tests, typecheck, full check suite with 1512 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 126 GM value sync source simulation invariants: source CloudSync tests now assert that simulation counts mirror candidate gate counts, accepted-ready result totals mirror ready-preview-only result totals, and auto-selected/review plus simulation result partitions match aggregate candidate result totals while non-empty writes remain disabled — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync tests, typecheck, full check suite with 1512 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 127 GM value sync unavailable simulation coverage: source CloudSync tests now cover a remote value bundle whose local script exists without a local value bundle, pinning unavailable gate/simulation/reason output, zero result totals, and redaction while non-empty writes remain disabled — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync tests, typecheck, full check suite with 1513 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 128 GM value sync preserved result log guard: dashboard real-sync logs now floor preserved candidate counts and clamp preserved auto-selected, review, and accepted-ready result totals to the aggregate preserved candidate result budget before rendering — Source: ROADMAP.md L-8; verified 2026-06-07 with focused sync-cockpit tests, typecheck, full check suite with 1514 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 129 GM value sync preserved source invariants: source CloudSync tests now assert that real-sync preserved candidate gate counts match preserved bundle totals, auto-selected/review result partitions match aggregate preserved candidate result totals, and accepted-ready totals cannot exceed result or auto-selected totals — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync tests, typecheck, full check suite with 1514 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 130 GM value sync unavailable preserve coverage: source CloudSync tests now cover value-storage failure after a remote opt-in bundle merges onto a local script without a local value bundle, pinning preserved unavailable gate/reason counts, zero result totals, remote-bundle preservation, and no value write — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync tests, typecheck, full check suite with 1515 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 131 GM value sync unavailable log coverage: sync cockpit formatter tests now pin the unavailable preserved-candidate real-sync log output for preserved/failure counts, unknown timestamp evidence, unavailable candidate gates, zero result totals, unavailable local snapshot reason, and redaction of injected identifiers, values, and raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-07 with focused sync-cockpit tests, typecheck, full check suite with 1516 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 132 GM value sync failure log safeguards: sync cockpit formatter tests now pin failure-only real-sync log sanitization so fractional unavailable/failure counts are floored, negative activity is dropped, blocked sub-reasons stay hidden without blocked bundles, and injected identifiers, value keys, and values remain ignored — Source: ROADMAP.md L-8; verified 2026-06-07 with focused sync-cockpit tests, typecheck, full check suite with 1517 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 133 GM value sync unavailable result invariants: source CloudSync tests now use a named invariant helper to prove unavailable preserved candidates map to the unavailable block reason and carry zero result, auto-selected, review, or accepted-ready key totals — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync tests, typecheck, full check suite with 1517 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 134 GM value sync write-failure source coverage: source CloudSync tests now cover failed empty-local ScriptValues.setAll() writes, pinning aggregate failure reporting, remote-bundle preservation for retry, ready-candidate result evidence, unchanged local values, and merged remote script code — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync tests, typecheck, full check suite with 1518 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 135 GM value sync write-failure log coverage: sync cockpit formatter tests now pin preserved-plus-failed write-failure log output with ready candidate gates, accepted-ready result counts, unknown timestamp evidence, and redaction of injected identifiers, value keys, values, and raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-07 with focused sync-cockpit tests, typecheck, full check suite with 1519 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 136 GM value sync ready-result parity guards: source CloudSync tests now use a named invariant helper to prove ready write-failure preserves keep auto-selected and accepted-ready totals equal to the result-key budget with zero review keys — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync tests, typecheck, full check suite with 1519 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 137 GM value sync timestamp parity guards: source CloudSync tests now use a named invariant helper to prove no-timestamp preserved paths count every preserved bundle as unknown timestamp evidence while remote-newer, local-newer, same, remote-only, and local-only timestamp buckets remain zero — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync tests, typecheck, full check suite with 1519 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 138 GM value sync timestamp log clamp: dashboard real-sync logs now clamp preserved timestamp buckets to the aggregate preserved bundle budget, preventing injected remote-newer, local-newer, same, one-sided, or unknown counts from overstating aggregate evidence while preserving redaction of identifiers, value keys, values, and raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-07 with focused sync-cockpit tests, typecheck, full check suite with 1520 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 139 GM value sync write retry diagnostics: real sync results now report aggregate writeFailureRetryReady evidence only for failed empty-local writes, dashboard logs render and clamp that retry-ready count, and read failures remain distinct generic failures while identifiers, value keys, values, and raw key metadata stay redacted — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync/sync-cockpit tests, typecheck, build, full check suite with 1521 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 140 GM value sync retry preview evidence: the write-failure source fixture now follows a failed empty-local value write with a dry-run preview proving the preserved remote bundle remains applicable, apply-ready, and write-free while preview output omits script IDs, value keys, and values — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync tests, typecheck, full check suite with 1521 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 141 GM value sync retry support diagnostics: last sync result persistence now stores sanitized aggregate valueBundleSync counts, local health/support snapshots expose lastResult.writeFailureRetryReady plus a retry-ready warning, and provider error text, identifiers, value keys, values, URLs, handles, paths, and raw key metadata stay out of support diagnostics — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, typecheck, build, full check suite with 1521 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 142 GM value sync support snapshot allowlist: dashboard support snapshots now rebuild the gmValueSync local-health block from aggregate allowlisted fields, clamped last-result retry evidence, known warning IDs, and forced privacy flags instead of passing through injected raw fields — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1522 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 143 GM value sync support summary polish: utilities diagnostics now cache the local-health report and the support snapshot summary displays aggregate GM value-sync opt-in, ready-bundle, total-key/byte, warning, and retry-ready preserved-write counts before export without exposing identifiers, value keys, values, provider account data, credentials, or raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot/local-health tests, typecheck, build, full check suite with 1523 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 144 GM value sync retry-age diagnostics: local health now adds sanitized retry-age minutes and none/fresh/recent/stale/old/unknown buckets for retry-ready preserved writes, support snapshots preserve only that aggregate age metadata, and the dashboard support summary labels retry-ready writes with the safe age bucket — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health/support-snapshot tests, TS runtime generation/check, typecheck, build, full check suite with 1523 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, forbidden-reference grep, and git diff --check
  • Cycle 145 GM value sync bounded retry history: sync result persistence now keeps a five-entry aggregate retry history, local health/support snapshots expose only summary counts/timestamps plus privacy flags, the support card reports recent retry-history event counts, and clear-all cleanup removes the new history key — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health/support-snapshot tests, TS runtime generation/check, typecheck, build, full check suite with 1524 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, forbidden-reference grep, and git diff --check
  • Cycle 146 GM value sync stale retry cleanup: retry history now has a seven-day retention window, sync result persistence prunes stale retry entries, local health/support snapshots expose only retained counts plus a stale-entry exclusion count, and the support card reports stale retry-history events without exposing identifiers, value keys, values, provider account data, credentials, or raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health/support-snapshot tests, TS runtime generation/check, typecheck, build, full check suite with 1524 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, forbidden-reference grep, and git diff --check
  • Cycle 147 GM value sync retry resolution drill: the source CloudSync write-failure fixture now follows the preserved remote bundle through preview and a second sync, proving a transient empty-local write failure can retry successfully without writeFailureRetryReady and without exposing identifiers, value keys, values, provider account data, credentials, or raw key metadata — Source: ROADMAP.md L-8; verified 2026-06-07 with focused source CloudSync tests, typecheck, full check suite with 1524 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 148 GM value sync retry-resolution health summaries: sync result persistence now records support-safe aggregate resolution evidence only after a clean retry applies a preserved bundle following recent retry-ready history, local health/support snapshots expose applied counts, prior retry-ready counts, timestamps, age buckets, and privacy flags, and clear-all cleanup removes the resolution key — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health/support-snapshot tests, TS runtime generation/check, typecheck, build, full check suite with 1525 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, forbidden-reference grep, and git diff --check
  • Cycle 149 GM value sync retry-resolution stale cleanup: sync result persistence now removes stale or malformed gmValueSyncRetryResolution records when no fresh clean retry-resolution record is written, preventing hidden local diagnostics from retaining old resolution evidence indefinitely — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, TS runtime generation/check, typecheck, build, full check suite with 1525 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, forbidden-reference grep, and git diff --check
  • Cycle 150 GM value sync resolution-history support evidence: sync result persistence now maintains a five-entry aggregate gmValueSyncRetryResolutionHistory, local health/support snapshots expose only total applied and prior retry-ready counts, retained/stale counts, timestamps, and privacy flags, and clear-all cleanup removes the history key — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health/support-snapshot tests, TS runtime generation/check, typecheck, build, full check suite with 1526 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, forbidden-reference grep, and git diff --check
  • Cycle 151 GM value sync retry-resolution export hardening: dashboard support snapshot sanitization now rejects malformed retry-resolution records without prior retry-ready evidence, zeros retained retry-history and retry-resolution-history totals when retained entries sanitize to zero, and normalizes impossible oldest/latest timestamp ranges while preserving the aggregate-only export boundary — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1526 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 152 GM value sync retry-resolution source invariants: local-health source-contract coverage now pins that retry-resolution records require successful clean applies after prior retry-ready history, reject failed or still-retry-ready results, and prune retry-resolution history through persistence before support export — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, typecheck, build, full check suite with 1527 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 153 GM value sync retry-resolution support summary polish: the Support Snapshot card now surfaces aggregate retry-resolution history applies and stale retry-resolution-history exclusions before export, while preserving the no identifiers, value keys, values, provider account data, credentials, or raw key metadata boundary — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1527 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 154 GM value sync support-summary clamp hardening: the Support Snapshot card now re-clamps every displayed GM value-sync count before formatting, including retry-ready, retry-resolution, retry-history, stale-exclusion, opt-in, bundle, key, and byte totals, preventing fractional or negative injected local-health counts from surfacing in the pre-export summary — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1527 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 155 GM value sync retry-resolution stale-history evidence: local-health coverage now pins include-stale retry-resolution history reads, stale-entry exclusion counts, retained-entry filtering before totals, typed staleEntriesPruned output, and privacy flags, keeping stale recovery evidence aggregate-only — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, typecheck, build, full check suite with 1528 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 156 GM value sync support-summary schema drift coverage: support-snapshot redaction tests now pin the exact sanitized GM value fields read by the pre-export support summary and reject raw local-health field access, so new diagnostics cannot enter the summary without review — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1529 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 157 GM value sync support export schema drift coverage: support-snapshot redaction tests now pin the exact returned sanitizer keys for the GM value sync, last-result, retry-resolution, retry-resolution-history, and retry-history export schemas, so new aggregate fields cannot enter support exports without review — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1530 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 158 GM value sync support privacy schema drift coverage: support-snapshot redaction tests now pin the exact nested privacy keys and false values for the main GM value sync support export plus retry-resolution, retry-resolution-history, and retry-history summaries, keeping sensitive data-class flags explicit — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1531 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 159 GM value sync support warning-count schema drift coverage: support-snapshot redaction tests now pin the exact GM value warning-count allowlist and reject raw warning-count key iteration, so unknown warning IDs cannot enter support exports without review — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1532 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 160 GM value sync retry-age bucket schema drift coverage: support-snapshot redaction tests now pin the exact retry-age bucket allowlist and unknown fallback shared by retry-ready and retry-resolution support export paths — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1533 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 161 GM value sync retry-resolution cleanup guard: local-health source-contract tests now pin stale or malformed single retry-resolution removal, require cleanup only when no fresh resolution is written, and reject null/undefined retry-resolution persistence — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, typecheck, build, full check suite with 1534 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 162 GM value sync retry-resolution history storage contract: local-health source-contract tests now pin stored retry-resolution history entries to schema, timestamp, applied count, prior retry-ready counts, and latest retry timestamp only, rejecting privacy blocks and raw identifiers in local diagnostic history — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, typecheck, build, full check suite with 1535 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 163 GM value sync support summary phrase drift coverage: support-snapshot redaction tests now pin reviewed aggregate summary phrases for fallback, opt-in, ready-bundle, retry, resolution-history, stale-history, and capped-value wording while rejecting raw identifier labels — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1536 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 164 GM value sync support summary count-order coverage: support-snapshot redaction tests now pin the reviewed order of baseline opt-in/ready/key counts, retry, retry-resolution, history, stale exclusions, warning total, and final joined output in the pre-export summary — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1537 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 165 GM value sync support summary warning-total coverage: support-snapshot redaction tests now pin warning totals to sanitized gmValueSync.warningCounts, shared count clamping, and capped/excluded aggregate wording while rejecting raw local-health warning iteration — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1538 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 166 GM value sync retry-resolution history type schema coverage: local-health source-contract tests now pin retry-resolution-history typed response fields, privacy keys, and raw identifier exclusions so typed support-safe diagnostics cannot widen unnoticed — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, typecheck, build, full check suite with 1539 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 167 GM value sync support summary fallback-state coverage: support-snapshot redaction tests now pin sanitize-first fallback order so unchecked/unavailable states return before aggregate count formatting — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1540 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 168 GM value sync retry-resolution typed privacy coverage: local-health source-contract tests now pin single retry-resolution typed response fields, privacy keys, and raw identifier exclusions so typed support-safe diagnostics cannot widen unnoticed — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, typecheck, build, full check suite with 1541 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 169 GM value sync retry-history typed privacy coverage: local-health source-contract tests now pin retry-history typed response fields, privacy keys, and raw identifier exclusions so retry-ready diagnostics cannot widen unnoticed — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, typecheck, build, full check suite with 1542 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 170 GM value sync typed privacy coverage: local-health source-contract tests now pin top-level GM value sync response fields, privacy keys, and raw identifier exclusions so the main typed diagnostic envelope cannot widen unnoticed — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, typecheck, build, full check suite with 1543 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 171 GM value sync last-result typed schema coverage: local-health source-contract tests now pin last-result response fields, retry-age fields, and raw identifier/privacy exclusions so persisted sync result diagnostics stay aggregate-only — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, typecheck, build, full check suite with 1544 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 172 GM value sync support unavailable-state wording coverage: support-snapshot redaction tests now pin unavailable GM value summary fallback wording to the generic GM value diagnostics unavailable label while rejecting provider/account/credential/script/key/error detail — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1545 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 173 GM value sync last-result support export clamp coverage: support-snapshot redaction tests now pin retry-ready last-result evidence to sanitized failure/preserved counts and gate retry-age metadata on retained retry-ready evidence — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1546 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 174 GM value sync support unchecked-state wording coverage: support-snapshot redaction tests now pin unchecked GM value summary fallback wording to the generic GM values unchecked label while rejecting provider/account/credential/script/key/error detail — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1547 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 175 GM value sync last-result timestamp sanitizer coverage: support snapshot last-result export now routes timestamp normalization through the shared sanitizeSupportSnapshotTimestamp() helper and the redaction suite pins that shared-helper path — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1548 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 176 GM value sync retry-age unknown bucket coverage: local-health retry-age bucket classification now treats null/undefined age as unknown instead of fresh, and source-contract coverage pins the last-result retry-ready gating path — Source: ROADMAP.md L-8; verified 2026-06-07 with focused local-health tests, typecheck, build, full check suite with 1549 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 177 GM value sync support nested-field coverage: support-snapshot redaction tests now pin the exact nested last-result, retry-resolution, retry-resolution-history, and retry-history fields the pre-export GM value summary may read after sanitization — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1550 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 178 GM value sync retry-history timestamp retention coverage: support-snapshot redaction tests now pin retry-history and retry-resolution-history timestamp export to the retained-history helper so timestamps are nulled when no retained entries remain — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1551 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 179 GM value sync retry-resolution timestamp range hardening: support snapshot retry-resolution export now clamps an injected latest retry timestamp down to the resolution timestamp before export, and redaction coverage pins the normalized range — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1552 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check
  • Cycle 180 GM value sync retry-resolution age-bucket gating: support snapshot retry-resolution export now returns unknown when injected resolution-age minutes are absent, preventing an unsupported age bucket from surviving support export — Source: ROADMAP.md L-8; verified 2026-06-07 with focused support-snapshot tests, typecheck, build, full check suite with 1553 Vitest cases, high-severity audit, CWS remote-code scan, Monaco ESM scan, TS runtime check, forbidden-reference grep, and git diff --check

Stale / Obsolete Items

  • [STALE] README "v2.0" marketing claims for deleted modules — AI Assistant, Performance Dashboard, Script Analytics, Onboarding Wizard, "AI-powered" Smart Recommendations, "Browser Sync", "10 Theme Presets". Reason: the backing modules were removed from the codebase; the claims were corrected/removed under A-1/E-3 and are pinned by the check-readme-claims.mjs CI gate. Source: docs/archive/RESEARCH_FEATURE_PLAN_PASS2.md NF-3/NF-6; docs/archive/TODO.md Phase A.