v0.3.0
Hardening + modern best practices release. Highlights from the changelog:
Added
- SECURITY.md (security model + private vulnerability reporting), CONTRIBUTING.md, PR template
- Format configs (.prettierrc, .editorconfig, Chromium .clang-format) enforced in CI
- Dependabot; all workflow actions pinned by commit SHA
- Input validation at trust boundaries (daemon: poster URL / device IP; extension: castability shape)
Fixed
- Daemon: async replies addressed by stable connection ids (no fd-reuse misdelivery); mirror stop thread tracked and joined; socket path overflow guard; Lounge ids URL-encoded
- Extension: reply-timer cleanup, session persistence across MV3 suspension, takeover confirm expiry
- web-ext 10 + patched shell-quote: npm audit clean
Changed
- daemon.cc request handling split into per-action handlers
- CI: native-sanity job, id-sync/format checks, regen-patch --verify-only
- Shared nm-host wrapper template (install + PKGBUILD)
Full details in CHANGELOG.md. The signed .xpi will be attached by the release workflow once the AMO signing secrets are configured.