makiri 0.2.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f88832bca79aadf7ea686b37739a5b600d9ff4a2075f28e9d59a885a66afab80
-  data.tar.gz: 6f835ef9f2bee6318e9ef5ff179dac48b7e99b2f019fb85f86c67eb94fced1e9
+  metadata.gz: 30e3037756fec29474a8fb0c62e38d06a3337bba9c3ad844e6bdcfc02cff5026
+  data.tar.gz: 5b2f2a2887019261a359a64c35bddd36eb076a8c6a4f145c1a2ec1d84f679be6
 SHA512:
-  metadata.gz: 4171815b57b086979c4638b44cd9316562e7293b16c40302a62e78b7a93c30f0a1e0dd4f09764574fe20c5b6e948699dee64dad6d45136e582da22b4ac5fc74d
-  data.tar.gz: ee5dda37c9dc8722d7313b96981312b0d1b1599dde764eeb108ba8397655586cfd793d6ce1a3f9473ae0cfc0e542d6e50f87c93dc355d9237432de00d088bb29
+  metadata.gz: 2b6bf4ed94ae428e23bcb3af8ec71febda16c83c5187ffb8cadd3698327681d951ead4b68d7df78328e8eeeec82a09de310d862cd110323c2874ac1fb0adf62c
+  data.tar.gz: 9ebd0a7562d7ff5541ead1e61f4dae1719257b29ff8cf4414e5ca2c23e2c708849c360b26471fc132bebd0ddd9cd5866ec11ab44aec4ac4044cdba10958a1038

data/.github/workflows/conformance.yml

@@ -57,6 +57,15 @@ jobs:
       - name: CSS Selectors differential vs Nokogiri::HTML5
         run: bundle exec rake conformance:css
 
+      - name: XML XPath 1.0 differential vs Nokogiri::XML
+        run: bundle exec rake conformance:xpath_xml
+
+      - name: XML CSS-selector differential vs Nokogiri::XML
+        run: bundle exec rake conformance:css_xml
+
+      - name: XML Builder differential vs Nokogiri::XML::Builder
+        run: bundle exec rake conformance:builder
+
   # Nightly: a wide XPath differential sweep across many seeds and a high
   # generated volume, to surface divergences the curated corpus and a single
   # seed miss. Fails fast (bash -e) on the first real divergence.
@@ -92,3 +101,16 @@ jobs:
             XPATH_ARGS="--generate 20000 --seed ${seed}" bundle exec rake conformance:xpath
             echo "::endgroup::"
           done
+
+      # The W3C XML conformance suite fetches its (pinned) test corpus on first
+      # run, so it lives in the nightly rather than on every PR.
+      - name: XML 1.0 well-formedness vs the W3C XML Conformance Test Suite
+        run: bundle exec rake conformance:xmlconf
+
+      # Property-based tree differential: generated documents, Makiri's parsed
+      # tree + canonical output vs Nokogiri::XML. Scalable volume - nightly gets
+      # a much larger batch than the resident in-suite PBT specs.
+      - name: XML property-based tree differential vs Nokogiri::XML
+        run: bundle exec rake conformance:xml_pbt
+        env:
+          PBT_ARGS: "--count 20000"

data/.github/workflows/libfuzzer.yml

@@ -0,0 +1,83 @@
+name: libFuzzer
+
+on:
+  # Nightly: libFuzzer runs are coverage-guided and long-running; they complement
+  # the PR-level short fuzz (30s) and the nightly sanitizer fuzz (300s per target).
+  # We run them on a schedule because the coverage signal needs sustained CPU
+  # time to reach deep branches (e.g. DOCTYPE quote/bracket state machine,
+  # reference expansion boundaries).
+  schedule:
+    - cron: "0 3 * * *"
+  workflow_dispatch:
+
+jobs:
+  # Build the libFuzzer harnesses under clang with -fsanitize=fuzzer,address
+  # and run each target for 300s.  The corpus is stored as a build artifact so
+  # it can be seeded in subsequent runs (regression asset per the roadmap).
+  libfuzzer-nightly:
+    name: libFuzzer ${{ matrix.target }} (clang)
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [xml, xpath]
+
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+
+      # Build the vendored Lexbor first (plain mode is fine; the harness links
+      # the static archive).  The fuzzer binary itself is built with ASan.
+      - name: Compile the extension (builds Lexbor)
+        run: bundle exec rake compile
+
+      - name: Install clang
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y clang
+
+      - name: Build libFuzzer harnesses
+        run: |
+          cd ext/makiri/fuzz
+          make clean
+          make all
+
+      # Restore the previous corpus so the fuzzer starts from the accumulated
+      # regression seeds rather than from scratch.
+      - name: Restore corpus cache
+        uses: actions/cache@v4
+        with:
+          path: ext/makiri/fuzz/corpus/${{ matrix.target }}
+          key: libfuzzer-corpus-${{ matrix.target }}-${{ github.run_id }}
+          restore-keys: |
+            libfuzzer-corpus-${{ matrix.target }}-
+
+      - name: Run libFuzzer ${{ matrix.target }} (300s)
+        run: |
+          mkdir -p ext/makiri/fuzz/corpus/${{ matrix.target }}
+          cd ext/makiri/fuzz
+          ./${{ matrix.target }}_fuzz \
+            -max_total_time=300 \
+            -max_len=4096 \
+            -print_final_stats=1 \
+            corpus/${{ matrix.target }}
+
+      # Save the mutated corpus as an artifact for download / seeding.
+      - name: Upload corpus artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: libfuzzer-corpus-${{ matrix.target }}
+          path: ext/makiri/fuzz/corpus/${{ matrix.target }}
+          retention-days: 7

data/.github/workflows/release.yml

@@ -196,17 +196,22 @@ jobs:
             $pre --verify-tag || \
           gh release upload "${GITHUB_REF_NAME}" dist/*.gem --repo "${GITHUB_REPOSITORY}" --clobber
 
-  # --- optional: publish to RubyGems (manual, opt-in, never on a tag push) ----
-  # Auth is RubyGems Trusted Publishing (OIDC): no stored API key, short-lived
-  # token, MFA-compatible. Configure a matching Trusted Publisher on RubyGems.org
-  # for this gem: owner=takahashim, repo=makiri, workflow=release.yml, and set its
-  # Environment to "rubygems" (matching `environment:` below).
+  # --- publish to RubyGems, behind the `rubygems` environment approval gate ---
+  # Held until the `rubygems` environment's Required-reviewers rule is approved,
+  # so a tag push releases on GitHub immediately but the RubyGems push waits.
+  #
+  # Auth is RubyGems Trusted Publishing (OIDC): no stored API key. Configure a
+  # matching Trusted Publisher on RubyGems.org (owner=takahashim, repo=makiri,
+  # workflow=release.yml, Environment=rubygems) so the token is only accepted
+  # through this gated environment.
   publish:
     name: Publish to RubyGems
     needs: [source-gem, native-gem]
-    if: github.event_name == 'workflow_dispatch' && inputs.publish_to_rubygems
+    if: >-
+      startsWith(github.ref, 'refs/tags/') ||
+      (github.event_name == 'workflow_dispatch' && inputs.publish_to_rubygems)
     runs-on: ubuntu-latest
-    environment: rubygems   # add a Required-reviewers protection rule for an approval gate
+    environment: rubygems
     permissions:
       contents: read
       id-token: write       # OIDC identity token for Trusted Publishing

data/.github/workflows/security.yml

@@ -70,12 +70,71 @@ jobs:
           bundler-cache: true
 
       - name: Run short fuzz under sanitizers
-        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--isolated --time 30"
+        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--time 30"
+
+  # macOS-only malloc-leak gate: ASan everywhere runs with detect_leaks=0 (Ruby
+  # and Lexbor are uninstrumented), so this is the ONLY automated leak check. It
+  # flags per-call leak stacks through the extension, including on rescued
+  # failure paths (see script/check_leaks.rb).
+  security-leaks:
+    name: Malloc-leak gate (macOS leaks)
+    runs-on: macos-latest
+    if: github.event_name != 'schedule'
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
 
+      - name: Run the leak gate
+        run: bundle exec rake leaks
+
+  # OOM-injection sweep: rebuilds with MAKIRI_ALLOC_INJECT=1 and fails each core
+  # C allocation site in turn, gating that every OOM branch fails closed - a
+  # clean exception or a baseline-identical result, never truncated output
+  # (see script/check_alloc_failures.rb).
+  security-alloc-inject:
+    name: OOM-injection sweep
+    runs-on: ubuntu-latest
+    if: github.event_name != 'schedule'
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+
+      - name: Run the OOM-injection sweep
+        run: bundle exec rake oom
+
+  # Nightly: fuzz EVERY target (the 30s PR fuzz covers only the default xpath
+  # target; the CSS engine reuse and the XML parser/mutator are each their own
+  # documented memory-safety risk, so each gets a full 300s run).
   security-fuzz-nightly:
-    name: Nightly sanitized fuzz
+    name: Nightly sanitized fuzz (${{ matrix.target }})
     runs-on: ubuntu-latest
     if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [xpath, css, xml, mutate, xmlcss]
     steps:
       - name: Checkout (with vendored Lexbor submodule)
         uses: actions/checkout@v6
@@ -92,4 +151,30 @@ jobs:
           bundler-cache: true
 
       - name: Run nightly fuzz under sanitizers
-        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--isolated --time 300"
+        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--target ${{ matrix.target }} --time 300"
+
+  # Nightly: the whole spec suite with Lexbor ITSELF built under ASan (mraw
+  # poisoning on), catching intra-arena overflows that a plain ASan build cannot
+  # see - the class the v3.0.0 :lexbor-contains overflow belonged to. Heavy
+  # (full instrumented Lexbor rebuild), so nightly only.
+  security-sanitize-lexbor:
+    name: Nightly instrumented-Lexbor ASan suite
+    runs-on: ubuntu-latest
+    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+
+      - name: Build Lexbor under ASan and run the suite
+        run: bundle exec rake "sanitize:lexbor"

data/.github/workflows/valgrind.yml

@@ -0,0 +1,135 @@
+name: Valgrind + GC.compact
+
+on:
+  # Nightly: these jobs are heavy (Valgrind is ~10-50x slower, GC.stress is ~10x
+  # slower) and check structural properties that do not vary by day-to-day code
+  # churn, so run them on a schedule rather than on every push/PR.
+  schedule:
+    - cron: "0 2 * * *"
+  workflow_dispatch:
+
+jobs:
+  # Valgrind memcheck on the full spec suite.  Complements ASan by catching
+  # layout-independent errors ASan misses: use of uninitialised values, and
+  # invalid reads/writes that happen to land inside valid malloc regions
+  # (intra-arena overflows).  Runs on Linux because Valgrind is x86_64/amd64
+  # Linux only.
+  valgrind-memcheck:
+    name: Valgrind memcheck (Ruby ${{ matrix.ruby }})
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    env:
+      BUNDLE_WITH: valgrind
+      # These heavy jobs verify memory discipline (uninit values, intra-arena
+      # overflows, use-after-move), not the property space - so the full
+      # 300-iteration PBT sweep (already run by the normal CI matrix) is
+      # overkill here and, multiplied by Valgrind's 10-50x slowdown, never
+      # finishes.  A handful of iterations exercises every C memory path while
+      # keeping the run tractable.
+      PBT_COUNT: "15"
+      CSS_PBT_COUNT: "15"
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["3.4"]
+
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Compile the extension
+        run: bundle exec rake compile
+
+      - name: Install Valgrind
+        run: sudo apt-get update && sudo apt-get install -y valgrind
+
+      # ruby_memcheck (the `spec:valgrind` rake task) runs the suite under
+      # memcheck. It ships Ruby's Valgrind suppression files itself (matched to
+      # the running Ruby), so there is no longer a ruby.supp to fetch from
+      # ruby/ruby - that path was removed upstream and the fetch step 404'd.
+      - name: Run spec suite under Valgrind (ruby_memcheck)
+        run: bundle exec rake spec:valgrind
+
+  # GC.auto_compact + GC.stress run of the full spec suite.  This structurally
+  # tests the borrowed-pointer discipline under the condition that Ruby Strings
+  # actually move (compaction) and that every allocation triggers a full GC
+  # cycle (stress).  Failures here are typically use-after-move or stale
+  # pointer bugs in the C extension or bridge layer.
+  #
+  # THREADING is deliberately OFF here.  The :threading suite (spec/threading_spec.rb)
+  # is 8 threads x tens of iterations, and forcing the job-level GC.stress onto it
+  # means a full GC per allocation across every thread - which made this job run
+  # for 30+ minutes without finishing.  It also adds little: that suite already
+  # runs in ci.yml (ubuntu/3.4), and its GC-sensitive examples opt into GC.stress
+  # themselves via their own `around` hook, so cross-thread interactions are
+  # covered there.  This job's unique value is the *single-threaded* full suite
+  # under stress+compaction, which catches use-after-move across every code path.
+  gc-compact-stress:
+    # Temporarily disabled, too long
+    if: false
+    name: GC.auto_compact + GC.stress (Ruby ${{ matrix.ruby }})
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    env:
+      # As in the Valgrind job: GC.stress (a full GC per allocation) makes the
+      # 300-iteration PBT sweep run for hours, and these jobs check memory
+      # discipline rather than the property space, so trim the iteration count.
+      PBT_COUNT: "15"
+      CSS_PBT_COUNT: "15"
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["3.4"]
+
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Compile the extension
+        run: bundle exec rake compile
+
+      # GC.stress is scoped to each example via an around hook rather than set
+      # process-wide: under a global GC.stress, even requiring the 88 spec files
+      # runs a full GC per allocation, so loading alone took tens of minutes and
+      # the job never reached the first example.  auto_compact stays global so
+      # objects actually move during those stressed examples (the point of the
+      # job), while loading/collection runs at normal speed.
+      - name: Run spec suite under GC.auto_compact + GC.stress
+        run: |
+          bundle exec ruby -Ilib -e '
+            GC.auto_compact = true
+            require "rspec/core"
+            RSpec.configure do |c|
+              c.around(:each) do |example|
+                GC.stress = true
+                begin
+                  example.run
+                ensure
+                  GC.stress = false
+                end
+              end
+            end
+            exit RSpec::Core::Runner.run(ARGV)
+          ' spec

data/CHANGELOG.md

@@ -5,30 +5,165 @@ All notable changes to this project will be documented in this file.
 The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [0.4.0] - 2026-06-12
+
+### Added
+
+* CSS selectors on `Makiri::XML`. `#css` / `#at_css` / `#matches?`, lowered
+  to the native XPath engine (case-sensitive, namespace-aware). Covers the
+  standard selector set including combinator arguments to `:is`/`:where`/`:not`/
+  `:has`, untyped `:*-of-type`, and `:lexbor-contains`. Verified by a differential
+  against `Nokogiri::XML` plus property-based tests.
+
+* `Makiri::XML::Builder`, a Nokogiri-compatible DSL for building an XML
+  document or subtree from scratch (block / `instance_eval` forms, namespaced
+  elements via `xml["prefix"]`, the `tag.class.id!` attribute short-cuts, raw-XML
+  `<<`, and `.with`). Verified by a differential against `Nokogiri::XML::Builder`.
+
+### Changed
+
+* The XML declaration emits `encoding="UTF-8"` only when the source declared
+  one (or `#to_xml(encoding:)` is passed); built or declaration-less documents
+  now serialize to a bare `<?xml version="1.0"?>`, like Nokogiri (the output is
+  UTF-8 either way).
+
+* Faster XML queries. A document-rooted `//name` / `css("name")` is served
+  from a lazily-built element-name index instead of a full-tree walk (~11x
+  Nokogiri on the benchmark feed); name tests resolve their prefix once per step,
+  and `at_css` / `at_xpath` short-circuit on prefixed name tests.
+
+* CSS class/ID selectors now match case-sensitively in no-quirks documents
+  (case-insensitively only in quirks mode), like browsers and `Nokogiri::HTML5` -
+  via an upstreamed Lexbor fix (see below).
+
+* XPath number parsing now follows the XPath 1.0 `Number` grammar exactly and
+  is locale-independent, matching libxml2/Nokogiri and browsers. C `strtod`'s
+  superset forms are no longer accepted: `1e3` / `0x1A` lex as a Number followed
+  by a name (a syntax error as a full expression, where they previously parsed
+  as 1000 / 26), `number()` returns NaN for exponent/hex/`+`-signed strings, and
+  only XPath whitespace (space/tab/CR/LF, not `\v`/`\f`) is trimmed around the
+  coerced value. Valid literals (`5.`, `.5`, `1.5`) are unchanged.
+
+### Security
+
+* Updated the vendored Lexbor (v3.0.0 -> `3a2d595`), which includes two
+  CSS-selector fixes we upstreamed - class/ID case-sensitivity follows quirks
+  mode, and a prefix-less type selector no longer defaults to the universal
+  namespace - plus a heap-overflow fix in its `:lexbor-contains()` parser
+  (reached from `Node#css`) and other post-v3.0.0 bugfixes. (An untagged master
+  commit, taken deliberately; see CLAUDE.md.)
+
+* Hardened native memory safety. The XML arena is ASan-red-zoned to catch
+  intra-arena overflows, the engines are fuzzed under ASan/UBSan, and buffer
+  growth is bounded by a hard ceiling.
+
+* Extended the lint-enforced bounded-reader (`mkr_span`) discipline to the
+  remaining byte-scanning code: the source-location line table, the XPath
+  string-function scanners (now explicitly length-bounded instead of relying on
+  the NUL contract), and the number parse above. Fixed a borrowed-RSTRING
+  pointer held across a potential GC point in the XML encoding sniffer, and a
+  missing NUL-termination guarantee in the libFuzzer XPath harness.
+
+## [0.3.0] - 2026-06-06
+
+### Added
+
+* **Native XML 1.0 reader + in-place editor** - `Makiri::XML::Document.parse(source)`
+  / `Makiri::XML(source)`. No libxml2: a strict, fail-closed parser builds its own
+  node arena (case- and namespace-preserving), queried by the native XPath engine.
+  * Strict & secure: fail-closed decode (bad UTF-8 / NUL -> `XML::SyntaxError`),
+    duplicate attributes rejected, XML 1.0 only; verified against the W3C XML
+    Conformance Test Suite.
+  * Encoding autodetected (BOM / `<?xml encoding?>`); a contradicting String
+    encoding is a fatal error, not a silent mis-decode.
+  * DoS-bounded by a single arena byte ceiling (default 256 MiB; raise per parse
+    with `max_bytes:`).
+  * `<!DOCTYPE>` recognized but **not processed** (`#internal_subset` ->
+    `XML::DocumentType`); zero entity/DTD I/O, so **XXE and billion-laughs are
+    structurally impossible**. Kept off the tree, as in libxml2.
+  * Read API mirrors Nokogiri: `#xpath` / `#at_xpath` (`{prefix => uri}`),
+    name/namespace readers, `#text`, `#[]`, traversal, and namespace introspection
+    (`Makiri::XML::Namespace`); `XPathContext` works over XML nodes too.
+  * Prolog/epilog comments & PIs kept on the document node; adjacent same-type
+    character data coalesced - byte-identical to Nokogiri (property-based diff).
+  * `#to_xml` / `#to_s` (`pretty:` / `indent:` / `encoding:`) and `#canonicalize`
+    (Inclusive C14N 1.0, byte-identical to libxml2); buffers fail closed.
+  * Unsupported surface raises `NotImplementedError`: `#css` / `#at_css` and HTML
+    serialization.
+  * Tree mutation - fully fail-closed, detach-never-destroy:
+    * in-place: `#[]=` / `#delete`, `#content=`, `#name=`, `#remove` / `#unlink`;
+    * factories: `Document#create_{element,text_node,comment,cdata,processing_instruction}`
+      (+ Nokogiri-style `.new` constructors);
+    * insertion: `#add_child` / `<<`, `#before` / `#after`, `#replace` - namespaces
+      resolved at the insertion point; a cross-document insert deep-copies;
+    * fragments: `XML::DocumentFragment.parse` / `XML::Document#fragment`;
+    * from scratch: `XML::Document.new` + `#root=`.
+* `XML::Element#element_children` and `Node#clone_node` for XML nodes (also enabling
+  `Node#dup` / `#clone`); a clone keeps name case, namespace and the CDATA type.
+* `Node` includes `Enumerable` over its child nodes (`each` / `map` / `select` / ...).
+* `Node#<=>` + `Comparable` - sort by document position (`nil` across documents or
+  for attributes).
+* `NodeSet.new(document_or_node, list = [])` - foreign / cross-representation nodes
+  are rejected.
+* `NodeSet#[]` accepts a `Range` or `start, length` (like `Array#[]`).
+* `Node` / `NodeSet` / `Document` `#dup` / `#clone` now return real independent
+  copies (`#dup(0)` shallow; `#clone(freeze:)` honoured).
+* A **frozen node is genuinely immutable** - every mutator raises `FrozenError`.
+
+### Changed
+
+* CSS queries reuse one shared Lexbor engine (GVL-safe) and `at_css` wraps the match
+  directly: `at_css('#id')` ~5x faster than nokolexbor (was ~1.16x slower).
+* HTML serialization pre-reserves its buffer - `to_html` now at parity with nokolexbor.
+* Node-class names are the WHATWG DOM interface names (`CDATASection`, `Attr`,
+  `DocumentType`, ...), with the Nokogiri spellings (`CDATA`, `DTD`) kept as aliases;
+  added `Node#cdata?`.
+* Text-index range table uses `uint32` bounds (24 -> 16 B/entry; ~27% less retained
+  index, byte-identical text).
+* Parsing **honours the input String's encoding** - Shift_JIS / EUC-JP / ... are now
+  transcoded to UTF-8 instead of mangled.
+* Parsing skips its UTF-8 validation scan when the String's coderange already proves
+  it valid.
+* Faster HTML parse/serialize: `memchr` line table + validate-only UTF-8 scan (~7%),
+  and a single-copy serializer buffer (~1.2-1.3x).
+
+### Fixed
+
+* **Hardened the HTML/XML representation boundary.** HTML (Lexbor) and XML (arena)
+  nodes are now distinct TypedData types, so the wrong representation raises
+  `TypeError` instead of corrupting memory:
+  * `Node#==` / `XPathContext#node=` with an XML `Document` no longer aborts the
+    process;
+  * `NodeSet#|` / `+` / `&` / `-` across different documents raise `Makiri::Error`
+    (was a silent mis-wrap);
+  * HTML-only APIs (`import_node`, `add_child` / `before` / `after` / `replace`,
+    `fragment(context:)`) reject an XML node argument (was a segfault).
+* The bundle exported the entire vendored Lexbor symbol table (~1700 `lxb_*`); now
+  only `Init_makiri` is exported, so loading alongside another Lexbor gem (e.g.
+  nokolexbor) no longer segfaults. (Precompiled gems: rebuild required.)
 
 ## [0.2.0] - 2026-06-04
 
 ### Added
 
-* `Element#tag_name` (DOM `tagName`) — the qualified name uppercased for an
+* `Element#tag_name` (DOM `tagName`) - the qualified name uppercased for an
   HTML element in an HTML document (`"DIV"`), keeping the original case for
   SVG/MathML; `nil` for non-elements. Complements `#name`, which stays the
   lowercase qualified name.
-* `ProcessingInstruction#target` (DOM `target`) — a PI's target name; `nil` for
+* `ProcessingInstruction#target` (DOM `target`) - a PI's target name; `nil` for
   other node kinds. Its data is read via `#content`/`#text`.
 * `Document#create_processing_instruction(target, data)` (DOM
   `createProcessingInstruction`) and `Document#create_document_fragment` (DOM
-  `createDocumentFragment`, an empty fragment to build up programmatically —
+  `createDocumentFragment`, an empty fragment to build up programmatically -
   unlike `#fragment` / `DocumentFragment.parse`, which parse HTML). Both produce
   a detached node owned by the document; PI creation fails closed when the data
   contains the `?>` terminator (matching the DOM constraint). (DOM
   `createCDATASection` is intentionally not provided: per WHATWG DOM it throws on
   an HTML document, which is the only kind Makiri produces.)
-* `Node#{namespace_uri, prefix, local_name}` — the WHATWG DOM per-node
+* `Node#{namespace_uri, prefix, local_name}` - the WHATWG DOM per-node
   namespace accessors on `Element` and `Attribute` (`nil` on other node kinds).
   `namespace_uri` resolves an element's namespace from its node (so an HTML
-  element is the XHTML namespace `http://www.w3.org/1999/xhtml`, not `nil` — the
+  element is the XHTML namespace `http://www.w3.org/1999/xhtml`, not `nil` - the
   DOM-faithful value browsers and `namespace-uri()` return; SVG/MathML get their
   own URI), and agrees byte-for-byte with the `namespace-uri()` XPath function.
   For attributes it is `nil` unless prefixed, where it returns the parser-assigned
@@ -36,21 +171,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   segment of the qualified name (`nil` for the usual unprefixed HTML5 case), and
   `local_name` is the name without that prefix. Previously a node's namespace was
   reachable only through XPath (`namespace-uri()`/`local-name()`).
-* `Node#clone_node(deep = false)` — a copy of the node, owned by the same
+* `Node#clone_node(deep = false)` - a copy of the node, owned by the same
   document and detached from any parent (the DOM `cloneNode`, whose `deep`
-  defaults to `false` — a missing/`nil`/`false` argument is a shallow clone; a
+  defaults to `false` - a missing/`nil`/`false` argument is a shallow clone; a
   truthy one copies the subtree). Built on the same `import_node` +
   `<template>`-content fixup the fragment parser uses, so a deep-cloned
   `<template>` keeps its contents. Fails closed: a failed import raises rather
   than returning a partial node.
-* `Document#import_node(node, deep = false)` — a copy of `node` owned by the
+* `Document#import_node(node, deep = false)` - a copy of `node` owned by the
   receiver document (the DOM `importNode`, whose `deep` likewise defaults to
   `false`). Unlike `Node#clone_node`, the copy is owned by the target rather
   than the node's own document, so it is the way to bring a node across
   documents (Makiri never moves a node between arenas); the source is left
   untouched. Same import + `<template>`-content fixup as `clone_node`, and fails
   closed on a failed import.
-* `Node#pointer_id` — the underlying `lxb_dom_node_t` pointer as an Integer,
+* `Node#pointer_id` - the underlying `lxb_dom_node_t` pointer as an Integer,
   matching `Nokogiri::XML::Node#pointer_id`. Shares the value `#hash`/`#eql?`
   are built on, so it is a stable, Nokogiri-compatible identity key for
   consumers (e.g. wrapper caches) that key nodes by pointer. Stable for a
@@ -73,19 +208,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.1.0] - 2026-06-02
 
 First public release. An HTML5 parser, a native XPath 1.0 query engine, and CSS
-selectors for Ruby — built on vendored [Lexbor](https://lexbor.com/) with **no
+selectors for Ruby - built on vendored [Lexbor](https://lexbor.com/) with **no
 libxml2 / libxslt dependency at any layer**.
 
 ### Added
 
 **Parsing & DOM**
 
-* `Makiri::HTML` / `Makiri.parse` — HTML5 parsing via vendored, unpatched Lexbor,
+* `Makiri::HTML` / `Makiri.parse` - HTML5 parsing via vendored, unpatched Lexbor,
   with browser-compatible UTF-8 decoding (invalid bytes → U+FFFD; parsing never
   fails on bad bytes). Read-only navigation and attribute/text readers across
   `Document`, `Element`, `Attribute`, `Text`, `CData`, `Comment`,
   `ProcessingInstruction`, `DocumentType`, and `DocumentFragment`.
-* `Node#line` — 1-based source line of an element, reconstructed from the
+* `Node#line` - 1-based source line of an element, reconstructed from the
   tokenizer without patching Lexbor (nil when the location is unknown).
 * `Element#attribute_nodes` and `Attribute#{name,value,parent,element}`, backed
   by a lazily-built attribute→owner index in the Lexbor compat layer.
@@ -138,7 +273,7 @@ libxml2 / libxslt dependency at any layer**.
 * UTF-8 text-input contract: HTML and fragment parsing are lenient (invalid
   bytes → U+FFFD, never reject), while strings passed to the XPath / CSS /
   DOM-mutation APIs must be valid UTF-8 with no NUL byte, otherwise they raise
-  `Makiri::Error` — never silently truncated, repaired, or reinterpreted.
+  `Makiri::Error` - never silently truncated, repaired, or reinterpreted.
 * Thread-safe by construction: parsing releases the GVL (concurrent parse scales
   ~2× on 8 cores), while XPath evaluation holds the GVL so sharing a document or
   context across threads cannot corrupt memory. Fail-closed string caps and
@@ -161,6 +296,8 @@ libxml2 / libxslt dependency at any layer**.
   domxpath, CSS differential vs `Nokogiri::HTML5`). GitHub Actions CI across
   Ruby 3.2–4.0 × Ubuntu/macOS plus a sanitizer job.
 
-[Unreleased]: https://github.com/takahashim/makiri/compare/v0.2.0...HEAD
+[Unreleased]: https://github.com/takahashim/makiri/compare/v0.4.0...HEAD
+[0.4.0]: https://github.com/takahashim/makiri/compare/v0.3.0...v0.4.0
+[0.3.0]: https://github.com/takahashim/makiri/compare/v0.2.0...v0.3.0
 [0.2.0]: https://github.com/takahashim/makiri/compare/v0.1.0...v0.2.0
 [0.1.0]: https://github.com/takahashim/makiri/releases/tag/v0.1.0