|
2 | 2 |
|
3 | 3 | All notable changes to this project will be documented in this file. |
4 | 4 |
|
| 5 | +## [0.3.0] - 2026-05-19 |
| 6 | + |
| 7 | +### Fixed — 28 bugs from 6-agent cross-audit |
| 8 | + |
| 9 | +**Critical (5)** |
| 10 | +- MCP buffer limit: `bufio.Reader` 4KB default → 10MB to prevent `ErrBufferFull` crash on real messages |
| 11 | +- MCP protocol: `notifications/initialized` no longer produces error response (JSON-RPC 2.0 §4.1) |
| 12 | +- CLI whitespace-only input no longer panics (`args[0]` index out of range) |
| 13 | +- CLI EOF no longer spins at 100% CPU |
| 14 | +- Fill element-not-found now returns an explicit error instead of silently succeeding |
| 15 | + |
| 16 | +**High (7)** |
| 17 | +- All 19 MCP tool handlers now check `json.Unmarshal` errors (previously silently zeroed on type mismatch) |
| 18 | +- JS injection vector fixed: Go `%q` replaced with `json.Marshal` for JavaScript string literals in Click/Fill |
| 19 | +- `Response.ID` changed from `int` to `*int` so `id:0` is not misclassified as notification |
| 20 | +- `json.Marshal` errors in `writeResult`/`writeError` and handler `MarshalIndent` calls now checked |
| 21 | +- `NavigateBack`/`NavigateForward` now validate both array bounds instead of one |
| 22 | +- PowerShell pipe discovery subprocess now has 15s timeout via `context.WithTimeout` |
| 23 | +- `readLoop` was blocking send on duplicate responses; now uses non-blocking select |
| 24 | + |
| 25 | +**Medium (5)** |
| 26 | +- `CUAType` now dispatches keyDown+char+keyUp sequence per CDP spec; attaches debugger once |
| 27 | +- Health check during pipe auto-discovery uses 5s timeout (was 60s) |
| 28 | +- CLI `try` command JSON extraction uses `args[2:]` instead of fragile byte offset |
| 29 | +- `DOMSnapshot` fallback prepends marker to distinguish plain-text from AX tree |
| 30 | +- `DomCUAClick` checks `len(content) >= 5` before box model coordinate access |
| 31 | + |
| 32 | +**Low (10)** |
| 33 | +- `newUUID` returns error + `fallbackUUID` via `math/rand` instead of `panic` |
| 34 | +- `BRIDGE_DEBUG_LOG` open failure now logs warning to stderr |
| 35 | +- `os.Exit` moved out of `runMCP`/`runCLI` into `main()` so deferred cleanup runs |
| 36 | +- `extractUUID` uses conditional single-char strip instead of greedy `TrimLeft` |
| 37 | +- `time.After` replaced with `time.NewTimer` + deferred `Stop()` to prevent leaks |
| 38 | +- `ClaimUserTab` auto-attach error now logged |
| 39 | +- Screenshots typo fixed (was already resolved) |
| 40 | +- `SendNotification` test coverage added (`TestSendNotificationFrame`) |
| 41 | +- `WaitForLoadTimeout` test: `strings.HasPrefix` replaces fragile `[:7]` slice |
| 42 | +- E2E Screenshot test now validates non-empty base64 return value |
| 43 | + |
| 44 | +### Audit |
| 45 | +- 6 subagents scanned in parallel: 2×Opus (core logic, protocol), 2×Sonnet (errors, tests), 2×Haiku (surface, main+discovery) |
| 46 | +- 30 bugs found, 28 fixed (93%). 2 deferred: global CDP attach optimization, CUAKeypress attach optimization |
| 47 | + |
5 | 48 | ## [0.2.0] - 2026-05-16 |
6 | 49 |
|
7 | 50 | ### Added |
|
0 commit comments