July 2026
- Strengthened the native Rust CLI and repository checks with a pinned
toolchain, maximum compiler and Clippy policy, strict documentation checks,
and target-specific dependency review.
- Hardened npm and PyPI native launchers with bounded downloads, trusted
redirect validation, checksum enforcement, tamper-resistant caches, and
focused security tests.
- Made native releases reproducible across Linux, macOS, and Windows with a
Rust-generated build matrix, Rust-generated checksum sidecars, immutable
Actions, and resumable asset publication.
- Bound npm, PyPI, and crates.io publication to their dedicated trusted
workflow identities and one verified release tag and commit.
- Tightened the public OpenAPI contract with explicit collection and string
bounds while keeping private implementation and service topology out of
status responses and documentation.
June 2026
- Focused the public CLI on scraper API workflows: login, account, pricing,
scraper catalog, request lifecycle, usage, billing, and support.
- Removed public deploy and customer infrastructure commands from docs,
package metadata, and contract checks.
- Added a hard public-data boundary for scraper inputs: public URLs, public
search terms, public handles, public place ids, and public identifiers only.
- Kept npm and PyPI as thin launchers for the native Rust binary.
Last modified on July 11, 2026