# Changelog All notable changes to this project will be documented in this file. This project follows [Semantic Versioning](https://semver.org/). --- ## [Unreleased] ### ✨ Features - _Nothing yet β€” add upcoming features here._ ### πŸ› οΈ Refactors - _Nothing yet β€” add upcoming refactors here._ ### πŸ› Fixes - _Nothing yet β€” add upcoming fixes here._ --- ### ✨ Features * **UI Modernization** Migrated the entire front-end to **Tailwind CSS (compiled)** with **Flowbite JS** components for better responsiveness, consistency, and developer productivity. Introduced a **new navbar and layout system**, improving navigation and making future expansion easier. Added **Docker-based CSS build** to keep builds reproducible and lightweight. * **Reusable CSS Components** Added custom utility classes (`badge`, `badge-ok`, `badge-warn`, `badge-danger`, `chip`, `card`, etc.) to replace long Tailwind strings. This reduces repetition and ensures a consistent look across the app. * **Roadmap (YAML-driven + in-app UI)** Added a YAML-backed roadmap with an in-app view at `/roadmap`. Supports section switching (Roadmap / Backlog / Open Questions), filters (`q`, `tag`, `min_priority`, `milestone`), tag chips, and a **Details** modal that renders multi-paragraph content from a new `details` field. The roadmap file path is configurable via `ROADMAP_FILE` (env or Flask config) for dev/prod flexibility. * **Modal sizing & ergonomics** Increased modal width at larger breakpoints and made the body scrollable so long details don’t squish other content. * **Text Analysis Pipeline (Rules)** Implemented `analyse_text()` to extract visible page text and evaluate `category: text` rules. Captures matched phrases into a deduped `content_snippet` (length capped via `settings.ui.snippet_preview_len`). Exposes results in JSON as `suspicious_text` and surfaces them in the UI via a new partial (`templates/partials/result_text.html`) that mirrors the Forms table. ### πŸ› οΈ Refactors * **Template Includes** Extracted shared UI sections (headers, footers, layout chunks) into separate **Jinja includes**, improving maintainability and readability of templates. * **Roadmap loader simplification** Removed the cache layer; loader now returns typed dataclasses (`RoadmapData` / `RoadmapItem`) and normalizes `details` via `_normalize_details()` (accepts block string or list). * **Safer JSON in templates** Use `|tojson|forceescape` when embedding the item payload in `data-item` attributes to avoid escaping issues. * **Rules Engine Regex handling** Honor per-rule regex flags (string or list) and **default `IGNORECASE` for `category: text`** when no `i` flag is specified. Centralizes compilation in `compile_if_needed()`. * **Engine/Scanner logging** Added dispatch-time visibility: `"[engine] applying categories: …"` (gated by `settings.app.print_rule_dispatch`) and a browser dispatch log including text/html lengths. Eases tracing when categories are skipped or text is empty. * **Code cleanup** Removed obsolete code paths and utilities that were no longer used after the recent refactors. Eliminated a **duplicate call to `enrich_url`**, reducing redundant work and potential side-effects. ### πŸ› Fixes * **Table Rendering** Locked table column widths and fixed snippet scaling issues to prevent column misalignment and content reflow. This ensures analysis results (like script and form findings) remain readable and properly aligned. * **Rules Engine State** Fixed a bug where the **rules engine** was not being pulled correctly from the application state after the previous refactor. This restores proper detection of suspicious scripts/forms and ensures rule definitions (with `name` and `description`) are honored. * **YAML parsing edge cases** Resolved `ScannerError` by quoting scalars containing `:` / `#` and using explicit `null` where appropriate. * **/roadmap page stability** Fixed `AttributeError: 'dict' object has no attribute 'roadmap'` by returning structured objects from the loader. * **Modal population** Ensured `details` are passed through the route and included in the button payload; JS now uses DOM-ready + event delegation to reliably populate the modal. * **Text indicators not displayed** Addressed missing text results in the JSON/UI by introducing the text analyzer and aligning the result shape with the new `result_text` partial. --- ## [v0.1] – Initial Work - Implemented initial **Flask-based web UI** for URL submission and analysis. - Added **domain & IP enrichment** (WHOIS, GeoIP, ASN/ISP lookups). - Built first version of the **Suspicious Rules Engine** for script and form detection. - Basic Docker setup for sandboxed deployment.