v0.2.1 — broader bot-protection coverage

First tagged release of cloakFetch. Both activation paths (PostToolUse hook + SKILL.md skill) now route through CloakBrowser whenever a fetch is blocked by any major bot-protection / WAF stack — not just Cloudflare.

Vendor coverage

• Cloudflare (IUAM, JS challenge, passive Turnstile)
• DataDome
• Akamai Bot Manager
• PerimeterX / HUMAN
• Imperva / Incapsula
• F5 / Distil
• Kasada
• AWS WAF
• Sucuri (common on self-hosted WordPress)
• Generic WAF / CDN screening (catch-all)

Each gets explicit telltale signatures in SKILL.md (telltale body strings, cookies, headers) and the hook's FAILURE_REGEX matches the same brand names plus 403, 429, enable javascript and cookies, please verify you are a human, and pardon our interruption.

What's not covered (by design)

Interactive captchas (slider, image-grid, Turnstile checkbox, hCaptcha), geo-blocks where the IP itself is the problem, and login walls — the skill's "When NOT to trigger" table calls these out so the agent reports honest failures instead of looping.

Performance

• cloak_fetch.py SPA selector wait reduced from 15s → 5s; example.com-style plain pages now finish in ~13s instead of ~22s
• Cloudflare-protected pages (e.g. science.org): ~37s wall, ~26 KB clean markdown

Docs

• README.md (English) and README_CN.md (Chinese) with badges, Community/Support/Author sections
• LICENSE (MIT, © 2026 Agents365-ai)

Path A (hook, Claude Code only) and Path B (skill, any SKILL.md-aware agent) both share the same cloak_fetch.py backend and now stay in sync vendor-for-vendor.