Skip to content

Releases: dupe-com/standdown

standdown v0.3.0

Choose a tag to compare

@i8ramin i8ramin released this 14 Jul 09:38

Minor release. Rolls up everything merged since 0.2.6: a new URL-only adapter, two new authoring/lint helpers, and a Rakuten stand-down fix — alongside a large docs and tooling cycle (agent-first setup, the conformance showcase, and a Claude Code plugin).

Added

  • standdown/url adapter — a new package entry point for URL-only decision contexts that have no webRequest/redirect plane (server, edge, content-only). Like the content adapter, it marks every non-stand-down decision degraded: true because there's no redirect plane to observe — so gate on decision.standDown alone; it still fails closed.
  • expandSelfExemption(matcher, policies) — an authoring helper that fans one self-click matcher into a policyId-scoped self-exemption per policy, so a global ignore_param clears stand-down for every network without hand-enumerating one pattern per pack (and silently under-exempting the moment you forget one). Pure sugar over the existing scoped-exemption path — no new decision semantics and no new hijack surface. Keep matchers value-specific.
  • lintPolicies(policies) — a construction-time config lint, now run automatically when a webext or content adapter is created. It surfaces the bare-label suffix footgun (a kind: 'suffix' rule like 'ebay.' matches no real host → a silently inert block) at wiring time instead of buried per-navigation. Also exported for standalone use.

Fixed

  • Rakuten bare ranEAID hijack gap — a landing carrying only ranEAID (the Encrypted Affiliate ID, with no ranSiteID/ranMID) is a genuine partner click, but the bundled rakutenPolicy had no ranEAID-alone group and so did not stand down — leaving that attribution open to an overwrite hijack. Added the ranEAID group. The conformance grader now also grades every declared landing-param group rather than just the first, so a group that quietly stops standing down is caught as a MISS.

Changed

  • README rewritten agent-first: guarantees up front, quick-nav, a real skill-install path, and the affiliate networks the bundled packs cover.
  • POLICIES.md updated for the new Rakuten ranEAID group.

Tooling (repo-only — not shipped in the npm package)

  • "Graded with standdown" showcase — a CI-verified wall of fame (verify-by-reproduction) with a tiered A / A+ badge and Tier 2 live-verification against the published Chrome Web Store .crx.
  • Claude Code plugin/standdown:setup, /standdown:adopt, /standdown:showcase for agent-driven integration, plus a disclosure + consent gate on showcase submissions.

The published package ships only dist, README.md, LICENSE, POLICIES.md, and ADOPTING.md; the audit/, showcase/, and plugin trees are repo-only.

Full diff: v0.2.6...v0.3.0

standdown v0.2.0

Choose a tag to compare

@i8ramin i8ramin released this 12 Jul 03:14

Minor release. The published 0.1.1 predated several shipped features now on main; this is the first release to include them.

Added

  • selfExemptionScope: 'policy' | 'session' on the session, webext, and content surfaces. 'session' persists a network-precise self-exemption for a host (Dupe ignore_param semantics) that re-applies to that network's later signals; default 'policy' stays per-navigation. New exports ExemptionRecord, SelfExemptScope. Exemptions are recorded only when no stand-down is active and never lift one, preserving fail-toward-standing-down; they persist through the store layer and drop on a new browser session.
  • detection.disableHosts — per-host hard-disable primitive, immune to session exemptions.
  • Degraded marker on non-stand-down decisions made under partial coverage, distinguishing "no attribution found" from "couldn't fully observe."

Changed

  • Impact and Rakuten packs set to session-only durations; documented session-or-min semantics.
  • Bundled policy packs aligned with production ground truth; dropped the unenforced prompt-cap field.
  • README merchandises the guarantees up front, documents the black-box conformance grader, and shows the affiliate networks the bundled packs cover. Cookie matching documented as name-only.

Notes

  • The audit/ conformance harness and CI policy-conformance suite were added this cycle but do not ship in the npm package (files: dist, README.md, LICENSE, POLICIES.md).

Full changelog: CHANGELOG.md

standdown v0.1.0

Choose a tag to compare

@i8ramin i8ramin released this 11 Jul 12:42

Initial release. Affiliate stand-down, done right, for browser extensions: client-side detection engine, session state machine with floor semantics, user-gesture activation guard, cited per-network policy packs, monotone signed policy refresh, Rakuten PublisherStandown-SDK schemaVersion 2 interop. Zero runtime dependencies, MIT. See CHANGELOG.md.