v0.2.1

Added

• stygian-browser: Navigator.prototype.webdriver prototype-level patch — previously only the
  instance property was overridden; scanners such as pixelscan.net and Akamai probe
  Object.getOwnPropertyDescriptor(Navigator.prototype, 'webdriver') directly,
  so the prototype getter is now also patched on every new document context
• stygian-browser: Network Information API spoofing — navigator.connection (previously
  null in headless, an immediate detection signal) is replaced with a realistic
  NetworkInformation-like object (effectiveType: "4g", type: "wifi", seeded
  downlink/rtt values stable within a session)
• stygian-browser: Battery Status API spoofing — navigator.getBattery() (previously
  null in headless) now resolves with a plausible disconnected-battery state; level,
  dischargingTime are seeded from performance.timeOrigin to vary across sessions
• stygian-browser: examples/scraper_cli.rs — generic CLI scraper using StealthLevel::Advanced,
  WaitUntil::NetworkIdle; emits structured JSON (title, description, headings, links,
  text excerpt, timing); successfully scrapes Cloudflare-protected sites (CNN.com, etc.)
• stygian-browser: examples/pixelscan_check.rs — targeted pixelscan.net fingerprint scan
  example; polls until client-side result cards settle; extracts verdict, per-card pass/fail
  status, hardware/font/UA detail sections, and live nav_signals for stealth regression testing
• stygian-graph: SigningPort trait — request-signing abstraction for attaching HMAC tokens,
  AWS Signature V4, OAuth 1.0a, device attestation tokens, or any per-request auth material
  without coupling adapters to signing scheme
• stygian-graph: NoopSigningAdapter — passthrough signer for testing and optional-signer defaults
• stygian-graph: HttpSigningAdapter — delegates signing to any external sidecar over HTTP POST
  (e.g. a Frida RPC bridge exposing a /sign endpoint); configurable timeout and retries
• book: stealth guide updated — prototype-level webdriver patch, Network Information API
  spoofing, and Battery Status API spoofing sections added

Fixed

• stygian-browser: outerWidth/outerHeight now set via screen_script injection to match
  the spoofed screen resolution (headless Chrome returns 0 without this)
• stygian-browser: navigator.plugins spoofed with a realistic 5-entry PluginArray
  (PDF Viewer entries + navigator.mimeTypes with 2 entries), eliminating the
  empty-plugins headless signal

v0.2.0

Added

• stygian-graph: OpenApiAdapter — OpenAPI 3.x introspection adapter (kind = "openapi")
  • Fetches and caches parsed OpenAPI specs (JSON or YAML) per spec URL for the lifetime of the adapter
  • Resolves operations by operationId (e.g. "listPets") or "METHOD /path" syntax (e.g. "GET /pet/findByStatus")
  • Binds params.args to path parameters (substituted into the URL template), query parameters, and request body
  • Delegates all HTTP calls to the inner RestApiAdapter, inheriting full auth support, retries, and 429 handling
  • Optional proactive rate limiting via params.rate_limit (sliding-window or token-bucket, same shape as GraphQL rate limiter)
  • params.server.url overrides servers[0].url from the spec at runtime
  • Two new workspace dependencies: openapiv3 = "1", serde_yaml = "0.9" (always compiled; pure Rust)
• book: OpenAPI adapter section added to Built-in Adapters

v0.1.20

Added

• stygian-proxy: new crate — high-performance, resilient proxy pool with per-proxy circuit breakers, configurable rotation strategies (round-robin, random, weighted, failover), SOCKS4/5 support, health scoring, and in-memory storage; socks feature enables SOCKS proxy types via reqwest
• stygian-proxy: CircuitBreaker per-proxy state machine — open/half-open/closed transitions with configurable failure threshold and recovery window; wired into ProxyManager::acquire_proxy so unhealthy proxies are skipped automatically
• stygian-proxy: ProxyManager — unified pool orchestrator exposing add_proxy, remove_proxy, acquire_proxy, release_proxy, and pool_stats; every operation is traced and metered
• stygian-proxy: ProxyBrowserPool — browser feature flag wires the proxy pool into stygian-browser; browsers are launched with a live proxy from the pool and the proxy is re-evaluated on browser release
• stygian-graph: RestApiAdapter proxy integration via stygian-proxy (graph feature on stygian-proxy)
• book: stygian-proxy mdBook module added — architecture overview, circuit breaker semantics, rotation strategies, and browser/graph integration guides

Changed

• Workspace MSRV updated to Rust 1.94.0 (aligned with stable feature usage: async closures, LazyLock, let chains)

Fixed

• stygian-proxy: eliminated TOCTOU race in add_proxy — the circuit_breakers write lock is now held for the full duration of storage.add(), ensuring acquire_proxy can never observe a proxy record without a corresponding circuit breaker
• stygian-browser: CDP protection removes cdc_* and domAutomation automation artifact properties from window on every navigation, reducing fingerprint surface for Akamai/PerimeterX detectors

Tests

• stygian-graph: 12 live integration tests against crawllab.dev (all #[ignore]) — status code classification (200/404/429/500), redirect following, redirect cycle detection, JSON/text/HTML content types, 204 No Content, and paginated forum endpoint
• stygian-browser: 4 live browser integration tests against crawllab.dev (all #[ignore]) — inline JS rendering, external script rendering, basic navigation, and JS eval with stealth verification

v0.1.19

Changed

• stygian-graph: CloudflareCrawlAdapter::new() and with_config() now return Result<Self> instead of panicking on reqwest TLS init failure; Default impl removed (breaking change for direct construction)

Fixed

• stygian-graph: RestApiAdapter::parse_spec body selection uses match instead of if let/else chain (lint)
• stygian-browser: BrowserPool::acquire_inner fast path drops mutex guard before spawning disposal tasks, reducing lock contention under unhealthy-pool conditions

v0.1.18

Fixed

• stygian-graph: RestApiAdapter now checks body_raw before body when both are present, matching the documented precedence contract
• stygian-graph: RestApiAdapter 429 responses now return ServiceError::RateLimited with the parsed Retry-After value; send_one honours the server-specified delay instead of blind exponential backoff
• stygian-graph: token-bucket rate limiter guards against max_requests = 0 or zero-duration window configs that previously caused a division-by-zero panic via Duration::from_secs_f64(inf)
• stygian-graph: CloudflareCrawlAdapter::with_config now panics with a clear message on TLS init failure instead of silently falling back to a misconfigured default reqwest::Client
• book: Cloudflare crawl adapter metadata example corrected to job_id, pages_crawled, output_format (was pages, url_count)
• book: HeadlessMode::Legacy docs across configuration and env-vars pages corrected to "classic --headless for Chromium < 112" (was incorrectly referencing chrome-headless-shell and Chrome 132 removal)

v0.1.17

Added

• stygian-browser: context-scoped browser pool segregation — BrowserPool::acquire_for(context_id) returns browsers isolated by context (bot, tenant, etc.) so multiple consumers share one pool without cross-contamination; release_context(id) drains all idle browsers for a context; context_ids() lists active contexts; BrowserHandle::context_id() exposes the owning context
• stygian-browser: pool eviction now walks both shared and per-context queues, pruning empty context entries automatically

Changed

• stygian-browser: PoolInner internal structure changed from single VecDeque to shared + HashMap<String, VecDeque> scoped queues (no public API break — acquire() remains fully backward-compatible)

v0.1.16

Changed

• Workspace license updated to AGPL-3.0-only OR LicenseRef-Commercial dual licensing; added LICENSE-COMMERCIAL.md
• thiserror 1.0 → 2.0 (unifies with chromiumoxide transitive dep)
• toml pinned at 0.8 (unifies with figment; previous bump to 1.0 caused duplicate)
• reqwest 0.12 → 0.13 (feature rustls-tls renamed to rustls; added query feature)
• toml 0.8 → 1.0
• scraper 0.20 → 0.25
• mockall 0.13 → 0.14
• criterion 0.5 → 0.8
• prometheus-client 0.22 → 0.24
• indicatif 0.17 → 0.18

v0.1.15

Added

• stygian-graph: RestApiAdapter — flexible REST JSON API adapter with 5 auth schemes (Bearer, Basic, API key header/query, none), 4 pagination strategies (none, offset, cursor, RFC 8288 Link header), dot-path JSON response extraction, configurable retries with exponential backoff, and 24 unit tests; registered as "rest-api"
• stygian-graph: CloudflareCrawlAdapter — delegates whole-site crawling to the Cloudflare Browser Rendering /crawl endpoint (open beta); polls until complete, aggregates page results, configurable poll interval and job timeout; gated behind cloudflare-crawl feature flag
• examples/rest-api-scrape.toml — example pipeline demonstrating unauthenticated GET, Bearer-auth + Link-header pagination, and API-key + cursor pagination patterns

Fixed

• stygian-graph: resolved all clippy -D warnings lint failures in rest_api.rs and cloudflare_crawl.rs — indexing_slicing, map_unwrap_or, manual_map, if_not_else, option_if_let_else, unnecessary_map_or, cast_possible_truncation, ignore_without_reason, panic in tests

v0.1.14

Fixed

• stygian-graph: corrected broken rustdoc intra-doc links in graphql_throttle module (pre_flight_delay → pre_flight_reserve, removed unresolvable link brackets from module-level prose)
• stygian-graph: fixed cargo fmt import ordering in graphql.rs (graphql_rate_limit before graphql_throttle)

v0.1.13

Added

• stygian-graph: RateLimitConfig (port layer) + RequestRateLimit / RequestWindow sliding-window request-count rate limiter — complements the existing leaky-bucket cost throttle; tracks up to max_requests in any rolling window duration using a VecDeque<Instant>; rate_limit_acquire sleeps until a slot is free before each request; rate_limit_retry_after imposes a hard block to honour server-returned Retry-After headers (a shorter value can never shorten an existing block); parse_retry_after parses integer seconds from a header string
• stygian-graph: GraphQlTargetPlugin::rate_limit_config() default method — plugins opt in to per-plugin request-count limiting by returning a RateLimitConfig; operates in parallel with cost_throttle_config() and both can be active simultaneously