plainstamp 0.7.5 → 0.7.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -16,6 +16,23 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
|
16
16
|
|
|
17
17
|
Distribution is **npm-only**. Source remains in the operating organization's private repository; there is no public source repository host. Contact channel for issues, accuracy reports, security reports, and contribution proposals is **helpfulbutton140@agentmail.to** (see `docs/CONTRIBUTING.md`, `docs/SECURITY.md`).
|
|
18
18
|
|
|
19
|
+
## [0.7.7] — 2026-05-09
|
|
20
|
+
|
|
21
|
+
### Fixed (URL-monitor stabilization, round 3 — JSF random ids)
|
|
22
|
+
|
|
23
|
+
- `normalizeForHash` now strips JSF random element ids: `id="s\d+\.<random>"` (CA leginfo's billNavClient/billTextClient pages emit per-request random decimal suffixes on `s10.<num>`-style section ids) and `id="j_id<digits-or-underscores>(:<segments>)*"` (JSF auto-generated structural ids).
|
|
24
|
+
- Tests: 63/63 passing (added 2 new normalization tests targeting the JSF id patterns).
|
|
25
|
+
|
|
26
|
+
## [0.7.6] — 2026-05-09
|
|
27
|
+
|
|
28
|
+
### Fixed (URL-monitor stabilization, round 2)
|
|
29
|
+
|
|
30
|
+
- `normalizeForHash` now strips three additional dynamic-content patterns surfaced by live-fetch verification against bundled regulator citation URLs:
|
|
31
|
+
- **JSF `javax.faces.ViewState` hidden inputs** — California's `leginfo.legislature.ca.gov` is a JSF app and emits a per-request encrypted ViewState blob.
|
|
32
|
+
- **CSRF / session-token meta tags** — Rails-style `<meta name="csrf-token" content="…"/>` (Colorado's `leg.colorado.gov` and others). Now matched alongside `requestverification`, `session-id`, `api-token`, `ws-token`.
|
|
33
|
+
- **Cloudflare email-protection rotating fragments** — `/cdn-cgi/l/email-protection#<hex>` (FINRA and others). The rotating hex fragment after `#` is stripped; the protection-link path is preserved. The `data-cfemail` attribute value is also stripped (added to the existing `data-(?:csrf|token|nonce|build|version|cfemail)` family).
|
|
34
|
+
- Tests: 61/61 passing (added 3 new normalization tests targeting the three patterns above).
|
|
35
|
+
|
|
19
36
|
## [0.7.5] — 2026-05-09
|
|
20
37
|
|
|
21
38
|
### Fixed (URL-monitor source stabilization)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"url-monitor.d.ts","sourceRoot":"","sources":["../../../src/watcher/sources/url-monitor.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAW,MAAM,EAAE,MAAM,aAAa,CAAC;AAGnD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,iEAAiE;IACjE,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CACxB,GAAG,MAAM,CAkCT;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"url-monitor.d.ts","sourceRoot":"","sources":["../../../src/watcher/sources/url-monitor.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAW,MAAM,EAAE,MAAM,aAAa,CAAC;AAGnD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,iEAAiE;IACjE,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CACxB,GAAG,MAAM,CAkCT;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CA+CrD;AAED;;;;;;;;GAQG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,CAAC,EAAE;IAC9C,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CACxB,GAAG,MAAM,CAUT;AAED,mIAAmI;AACnI,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEhD"}
|
|
@@ -85,14 +85,31 @@ export function normalizeForHash(html) {
|
|
|
85
85
|
s = s.replace(/<script\b[^>]*>[\s\S]*?<\/script>/gi, "");
|
|
86
86
|
s = s.replace(/<style\b[^>]*>[\s\S]*?<\/style>/gi, "");
|
|
87
87
|
s = s.replace(/<!--[\s\S]*?-->/g, "");
|
|
88
|
-
// CSRF / authenticity hidden inputs — match common
|
|
89
|
-
|
|
88
|
+
// CSRF / authenticity / session-token hidden inputs — match common
|
|
89
|
+
// names. JSF's `javax.faces.ViewState` is included because its value
|
|
90
|
+
// is a per-request encrypted blob.
|
|
91
|
+
s = s.replace(/<input\b[^>]*name\s*=\s*["'][^"']*(?:csrf|authenticity|_token|requestverification|viewstate|j_id\d*:?javax\.faces)[^"']*["'][^>]*\/?\s*>/gi, "");
|
|
90
92
|
// Inline dynamic attribute values. We strip the *value*, not the
|
|
91
93
|
// attribute name, to preserve structural diffability.
|
|
92
94
|
s = s.replace(/\b(nonce|integrity)\s*=\s*"[^"]*"/gi, "$1=\"\"");
|
|
93
95
|
s = s.replace(/\b(nonce|integrity)\s*=\s*'[^']*'/gi, "$1=''");
|
|
94
|
-
s = s.replace(/\b(data-(?:csrf|token|nonce|build|version)[^=\s>]*)\s*=\s*"[^"]*"/gi, "$1=\"\"");
|
|
95
|
-
s = s.replace(/\b(data-(?:csrf|token|nonce|build|version)[^=\s>]*)\s*=\s*'[^']*'/gi, "$1=''");
|
|
96
|
+
s = s.replace(/\b(data-(?:csrf|token|nonce|build|version|cfemail)[^=\s>]*)\s*=\s*"[^"]*"/gi, "$1=\"\"");
|
|
97
|
+
s = s.replace(/\b(data-(?:csrf|token|nonce|build|version|cfemail)[^=\s>]*)\s*=\s*'[^']*'/gi, "$1=''");
|
|
98
|
+
// Cloudflare email-protection rotating-hex fragments. The path is
|
|
99
|
+
// stable; the fragment after `#` rotates per request.
|
|
100
|
+
s = s.replace(/(\/cdn-cgi\/l\/email-protection)#[0-9a-fA-F]+/g, "$1#");
|
|
101
|
+
// JSF-generated random section IDs. CA legislature's leginfo emits
|
|
102
|
+
// `id="s10.<random-decimal>"` per request. The numeric prefix
|
|
103
|
+
// (s10, s11, etc.) is stable across the page; only the decimal
|
|
104
|
+
// suffix rotates. Strip the suffix to stabilize.
|
|
105
|
+
s = s.replace(/(\bid\s*=\s*["']s\d+)\.\d+(["'])/gi, "$1$2");
|
|
106
|
+
// JSF auto-generated `j_id...` element ids — purely structural,
|
|
107
|
+
// typically stable but can rotate when the JSF state model changes
|
|
108
|
+
// between requests. Matches `j_id1`, `j_id_1`, `j_id1:foo`, etc.
|
|
109
|
+
s = s.replace(/(\bid\s*=\s*["'])j_id[_\d]+(?::[\w.]+)*(["'])/gi, "$1j_id$2");
|
|
110
|
+
// CSRF / session-token meta tags (Rails-style "csrf-token", "csrf-param",
|
|
111
|
+
// ASP.NET "RequestVerificationToken", etc.).
|
|
112
|
+
s = s.replace(/<meta\b[^>]*(?:name|property)\s*=\s*["'][^"']*(?:csrf|authenticity|requestverification|session-?id|api-?token|ws-token)[^"']*["'][^>]*\/?\s*>/gi, "");
|
|
96
113
|
// Timestamp-bearing meta tags.
|
|
97
114
|
s = s.replace(/<meta\b[^>]*(?:name|property)\s*=\s*["'][^"']*(?:updated_time|last-?modified|revised|build-?time|generated-?at|page-?date)[^"']*["'][^>]*\/?\s*>/gi, "");
|
|
98
115
|
// Collapse runs of whitespace and trim ends. Single space between
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"url-monitor.js","sourceRoot":"","sources":["../../../src/watcher/sources/url-monitor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAMhC;IACC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,KAAK,CAAC;IACtC,MAAM,KAAK,GAAG,GAAW,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAElE,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,KAAK,CAAC,KAAK;YACT,MAAM,QAAQ,GAAc,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;oBACvD,IAAI,CAAC,GAAG,CAAC,EAAE;wBAAE,SAAS;oBACtB,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;oBAC7B,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;oBACzC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;oBACrC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,GAAG,GAAG,IAAI,IAAI,EAAE;wBACpB,KAAK,EAAE,GAAG;wBACV,GAAG;wBACH,WAAW,EAAE,KAAK,EAAE;wBACpB,KAAK,EAAE;4BACL,YAAY,EAAE,IAAI;4BAClB,cAAc,EAAE,GAAG,CAAC,MAAM;4BAC1B,iBAAiB,EAAE,UAAU,CAAC,MAAM;yBACrC;qBACF,CAAC,CAAC;gBACL,CAAC;gBAAC,MAAM,CAAC;oBACP,6EAA6E;gBAC/E,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,IAAI,CAAC,GAAG,IAAI,CAAC;IACb,8DAA8D;IAC9D,kDAAkD;IAClD,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,qCAAqC,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,mCAAmC,EAAE,EAAE,CAAC,CAAC;IACvD,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;IACtC,
|
|
1
|
+
{"version":3,"file":"url-monitor.js","sourceRoot":"","sources":["../../../src/watcher/sources/url-monitor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAMhC;IACC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,KAAK,CAAC;IACtC,MAAM,KAAK,GAAG,GAAW,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAElE,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,KAAK,CAAC,KAAK;YACT,MAAM,QAAQ,GAAc,EAAE,CAAC;YAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;oBACvD,IAAI,CAAC,GAAG,CAAC,EAAE;wBAAE,SAAS;oBACtB,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;oBAC7B,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;oBACzC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;oBACrC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,GAAG,GAAG,IAAI,IAAI,EAAE;wBACpB,KAAK,EAAE,GAAG;wBACV,GAAG;wBACH,WAAW,EAAE,KAAK,EAAE;wBACpB,KAAK,EAAE;4BACL,YAAY,EAAE,IAAI;4BAClB,cAAc,EAAE,GAAG,CAAC,MAAM;4BAC1B,iBAAiB,EAAE,UAAU,CAAC,MAAM;yBACrC;qBACF,CAAC,CAAC;gBACL,CAAC;gBAAC,MAAM,CAAC;oBACP,6EAA6E;gBAC/E,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,IAAI,CAAC,GAAG,IAAI,CAAC;IACb,8DAA8D;IAC9D,kDAAkD;IAClD,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,qCAAqC,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,mCAAmC,EAAE,EAAE,CAAC,CAAC;IACvD,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;IACtC,mEAAmE;IACnE,qEAAqE;IACrE,mCAAmC;IACnC,CAAC,GAAG,CAAC,CAAC,OAAO,CACX,4IAA4I,EAC5I,EAAE,CACH,CAAC;IACF,iEAAiE;IACjE,sDAAsD;IACtD,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,qCAAqC,EAAE,SAAS,CAAC,CAAC;IAChE,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,qCAAqC,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,6EAA6E,EAAE,SAAS,CAAC,CAAC;IACxG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,6EAA6E,EAAE,OAAO,CAAC,CAAC;IACtG,kEAAkE;IAClE,sDAAsD;IACtD,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,gDAAgD,EAAE,KAAK,CAAC,CAAC;IACvE,mEAAmE;IACnE,8DAA8D;IAC9D,+DAA+D;IAC/D,iDAAiD;IACjD,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,oCAAoC,EAAE,MAAM,CAAC,CAAC;IAC5D,gEAAgE;IAChE,mEAAmE;IACnE,iEAAiE;IACjE,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,iDAAiD,EAAE,UAAU,CAAC,CAAC;IAC7E,0EAA0E;IAC1E,6CAA6C;IAC7C,CAAC,GAAG,CAAC,CAAC,OAAO,CACX,iJAAiJ,EACjJ,EAAE,CACH,CAAC;IACF,+BAA+B;IAC/B,CAAC,GAAG,CAAC,CAAC,OAAO,CACX,oJAAoJ,EACpJ,EAAE,CACH,CAAC;IACF,kEAAkE;IAClE,2CAA2C;IAC3C,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAClC,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,wBAAwB,CAAC,IAExC;IACC,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACzE,OAAO,gBAAgB,CAAC;QACtB,EAAE,EAAE,qBAAqB;QACzB,WAAW,EACT,8LAA8L;QAChM,IAAI;QACJ,GAAG,CAAC,IAAI,EAAE,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAClE,CAAC,CAAC;AACL,CAAC;AAED,mIAAmI;AACnI,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACtE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "plainstamp",
|
|
3
|
-
"version": "0.7.
|
|
3
|
+
"version": "0.7.7",
|
|
4
4
|
"description": "AI disclosure compliance assistant — generates legally-grounded AI disclosure text per (jurisdiction × channel × use-case) and tracks regulatory updates. Operated by an autonomous AI agent under KS Elevated Solutions LLC.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|