X-Proxy v1.6.1

[1.6.1] - 2026-04-23

Added

• Keyboard navigation for the profile modal: Escape closes the modal; focus is restored to the triggering button on close; the first form field is auto-focused on open; Tab and Shift+Tab wrap inside the modal instead of leaking into the page behind it. Clears WCAG 2.1.2 "No Keyboard Trap" and aligns with the WAI-ARIA dialog pattern.
• lib/icon-paths.js: pure helper resolveIconPaths(profileColor, mode) shared by the background worker and unit tests. Makes the three-way branch (profile / direct / system) testable without stubbing chrome.action.
• E2E coverage pass to close long-standing blind spots:
  • e2e/modal-visual.spec.ts — 6 visual baselines (Add/Edit modal in light + dark, Options Profiles dark, Options About dark).
  • e2e/migration.spec.ts — storage v1→v2 integration guard (non-destructive reads, first-write upgrade, Direct-mode distinct persistence).
  • e2e/keyboard-nav.spec.ts — 6 tests driving the new keyboard behavior red→green.
• Regression guards (earlier in 1.6.1):
  • tests/update-icon.test.js — pins down the path resolver contract (8 assertions incl. the direct-vs-system distinctness rule).
  • e2e/popup-visual-simplicity.spec.ts — asserts .status-dot / .action-check are removed from the DOM and #addProfileBtn toggles with the state-empty body class.
  • e2e/icon-differentiation.spec.ts — asserts Direct and System resolve to strictly different chrome.action.setIcon paths via a new lastIconPaths / lastIconMode field on GET_STATE.
  • e2e/popup-visual.spec.ts — screenshot baselines for empty / populated / direct-active / system-active / profile-active popup states.
• npm run test:e2e:update script so regenerating baselines is discoverable.

Changed

• Popup active-mode signaling reduced from 4 simultaneous indicators to 2 (per sergeevabc's feedback on #28). Removed the animated .status-dot in the top status chip and the right-edge .action-check ✓ on each card. The active card still communicates selection via its blue gradient background and white-inherited icon — enough signal without the visual noise.
• Visual regression tolerance tightened from maxDiffPixelRatio: 0.05 to 0.01. The previous ~46k-pixel budget on a 1280×720 frame silently absorbed entire text changes like the About-panel version string, so baselines could drift several versions while CI kept passing.
• CONTRIBUTING.md rewritten to match the actual project (plain JS + three-component Vite build, no React, no .ts source) and gains a three-tier Release Checklist so future version bumps can't miss docs/index.html JSON-LD, STORE_LISTING, or the hardcoded version assertion in e2e/options.spec.ts.

Fixed

• Toolbar icon now distinguishes Direct from System mode (#28 tail). Previously both modes resolved to icon-inactive-*.png (gray) so there was no way to tell at a glance whether the extension was actively bypassing proxies or deferring to the OS. Direct mode now renders a new green arrow icon family (icon-direct-{16,32,48,128}.png); System mode keeps the gray inactive icon it had before.
• Popup empty-state no longer shows three redundant "add profile" entry points (#36). The header "+" button is hidden while the profile list is empty — the big "Add your first profile" CTA is the single obvious action. The header "+" returns once profiles exist.
• CSS-transition race in axe color-contrast scans. emulateMedia({colorScheme:'dark'}) flipped :root custom properties synchronously, but transition: all var(--transition-base) interpolated element colors over ~250ms, so axe sampled mid-transition rgba values and reported spurious AA failures. Fixed by disabling CSS transitions before the media flip (e2e/a11y.spec.ts).
• Stale version references across options.html About panel, README.md roadmap, docs/index.html JSON-LD softwareVersion (user-visible in Google search results), docs/STORE_LISTING.md, docs/SEO_GUIDE.md, and the hardcoded assertion in e2e/options.spec.ts. Caused by having no single source of truth for "where does the version string live"; the new Release Checklist Tier 1 table pins this down.
• Nine stale visual baselines under e2e/__screenshots__/visual.spec.ts/ regenerated so screenshots match shipped UI.

Credits

• Thanks again to @sergeevabc for the detailed UX feedback on #28 and for filing #36. Your "count the signals" instinct was the right call.

X-Proxy v1.6.0

[1.6.0] - 2026-04-20

Added

• Direct Connection mode: new top-level mode that bypasses all proxies (including the OS-level / IE proxy that System falls back to). Surfaces as a dedicated button in the popup next to System. Closes a gap where users on Windows couldn't escape an IE-wide proxy without leaving the extension. (#28)
• Storage schema v2: new top-level mode: 'direct' | 'system' | 'profile' field in x-proxy-data. Automatic one-way v1 → v2 migration infers mode from existing activeProfileId; stale ids are dropped safely. No user action required.
• Accessibility test infrastructure: new e2e/a11y.spec.ts uses @axe-core/playwright to scan popup + options + Edit Profile modal in both color schemes for WCAG color-contrast violations. Catches readability regressions automatically without needing baseline screenshots. (#34)
• Regression guards: new Vitest suite for migration edge cases (tests/mode-migration.test.js) and new Playwright specs for the Direct button (e2e/direct-mode.spec.ts) and backdrop-filter removal (e2e/no-blur.spec.ts).

Fixed

• Toolbar icon color was delayed after profile activation. Activating a profile from the popup did not immediately repaint the toolbar icon; it stayed gray until the user interacted with the address bar. The real root cause was that the icon logic only painted the profile color when the current tab's URL started with http(s):// — on chrome://newtab, about:blank, or any extension page it fell through to the inactive gray icon even with a profile active. Fixed by showing the profile color unconditionally when no per-domain routing rules are enabled (the simple case); per-tab indication is preserved for profiles that DO have routing rules since that's where it carries real information. The popup-window tab-query path was also hardened via chrome.windows.getLastFocused({windowTypes:['normal']}) as a belt-and-braces improvement.
• Dark-mode form input text was hard to read: inputs in the Edit Profile modal rendered typed values in Chrome's UA-default mid-gray against the dark #1C1C1E surface because form controls don't inherit color from body. Fixed by adding explicit color: var(--text-primary) so values match label brightness; placeholders in dark mode bumped from near-invisible #48484A to readable #8E8E93. (#34)
• WCAG AA color-contrast violations across popup and options: --primary-color darkened #007AFF → #0062CC (white text on .btn-primary now 5.79:1, was 4.01:1); --text-secondary brightened (light 0.6 → 0.76 opacity; dark #8E8E93 → #AEAEB2) — fixes sidebar nav, section descriptions, and empty-state copy; dark-mode .nav-item.active switched to white text on the tinted selection background. (#35)
• Performance: Removed backdrop-filter: blur() from options modal, options header/sidebar, and popup header/footer. Fixes severe UI lag on low-end hardware without GPU acceleration (reported on Windows 7 without dedicated GPU, where switching between form fields in the Add Profile dialog could take several seconds). Modal overlay opacity bumped from rgba(0,0,0,0.4) to rgba(0,0,0,0.55) to preserve visual separation. (#27)

Changed

• Visual polish pass on the options page: added missing --border-radius / --transition design tokens (previously falling back to 0, flattening inputs and killing hover transitions), added proper dark-mode support for the options page (previously hardcoded light), and aligned focus-ring and danger-hover colors with the iOS blue/red palette used throughout.

Credits

• Thanks to @sergeevabc for reporting issues #27 and #28.

X-Proxy v1.5.1

[1.5.1] - 2026-04-16

Added

• Dynamic toolbar icon colors — icon reflects the active profile's color (blue, green, red, orange, purple, teal, yellow, gray)
• Dark mode improvements — enhanced popup visuals with corrected CSS variables, better contrast and readability

Fixed

• Security: Upgraded Vite to v6.4.2 (fixes GHSA-4w7w-66w2-5vf9, GHSA-p9ff-h696-f583)
• CI: Updated Node.js test matrix to 20/22, removed deprecated tsconfig baseUrl

Credits

• Thanks to @Schleuse (René Schleusner) for contributing PR #21 (icon colors) and PR #22 (dark mode improvements)

X-Proxy v1.5.0

PAC File Support (Issue #19)

Added

• Custom PAC (Proxy Auto-Configuration) file support
  • New PAC (Auto-Config) proxy type alongside HTTP/HTTPS and SOCKS5
  • Supports HTTP/HTTPS URLs (e.g., http://example.com/proxy.pac)
  • Supports local file paths (e.g., C:\data\proxy.pac, /etc/proxy.pac)
  • Automatic conversion of local file paths to file:// URLs
• Options page UI updates
  • PAC type option in proxy type dropdown
  • Dedicated PAC URL input field (shown when PAC type selected)
  • Host/port/auth/routing fields hidden for PAC profiles
• Import/Export: PAC profiles supported in JSON import/export
• Unit Tests: 28 new test cases for PAC URL conversion, normalization, and proxy config building
• E2E Tests: 44 Playwright tests for options and popup pages

Fixed

• isInitialized not set on active profile restore, causing redundant initialization
• High severity vulnerabilities in flatted, happy-dom, picomatch

Full Changelog: v1.4.2...v1.5.0

X-Proxy v1.4.2

Proxy Authentication (Issue #17)

Added

• Username/Password authentication for proxy servers
  • Optional username and password fields in profile configuration
  • Handled via chrome.webRequest.onAuthRequired (asyncBlocking, survives service worker restart)
  • Works with both HTTP/HTTPS and SOCKS5 proxy types
  • Credentials stored locally, never transmitted externally
• New permissions: webRequest, webRequestAuthProvider
• UI: Password show/hide toggle in options page
• Unit Tests: 36 tests passing (auth handler + normalization + backward compat)

Fixed

• flatted dependency high severity DoS vulnerability

Full Changelog: v1.4.1...v1.4.2

X-Proxy v1.4.1

Bug Fix & Unit Tests

Fixed

• Domain routing not working — Missing mode property in routingRules normalization caused PAC script generation to fail. Users reported: "Proxy doesn't work by domains although such settings exist."

Added

• 20 unit tests for profile normalization and PAC script generation
  • Normalization fallback defaults (including mode property)
  • Round-trip normalization consistency
  • Whitelist/blacklist PAC script behavior
  • Wildcard domain matching
• Vitest configuration with real test scripts (npm test, npm run test:watch)

Changed

• Version bump to 1.4.1
• Updated CHANGELOG.md and README.md
• Added Ko-fi donation link

Full Changelog: v1.4.0...v1.4.1

X-Proxy v1.4.0

What's New

📤 Export Profiles

• Export all proxy profiles as a JSON file for backup and migration
• Versioned export format (x-proxy-export) for forward compatibility
• Automatic filename with date: x-proxy-profiles-YYYY-MM-DD.json

📥 Import Profiles

• Import profiles from a JSON export file
• Strict validation of file format and profile data
• Non-destructive append mode — existing profiles are preserved
• Partial import support: invalid profiles are skipped with a count shown
• Graceful error handling with user-friendly messages

🔒 Security Fix

• Upgraded vitest / @vitest/coverage-v8 / @vitest/ui from v3 → v4 to resolve GHSA-3ppc-4f35-3m26 (minimatch ReDoS vulnerability)

Full Changelog

See CHANGELOG.md for details.

Closes #11

X-Proxy v1.3.1

Bug Fix Release

Fixed

• Domain validation for blacklist mode (Issue #9)
  • Added IPv4 address support (127.0.0.1, 192.168.*, 10.0.0.0/24)
  • Added IPv6 address support (::1, fe80::1)
  • Added simple hostname support (localhost)
  • Added single-level wildcard support (*.local)

Credits

Thanks to @jasonliaotw for reporting the issue and contributing the regex patterns.

---

Full Changelog: v1.3.0...v1.3.1

X-Proxy v1.3.0

[1.3.0] - 2025-12-27

Added - Bypass List Feature (Issue #6)

• Routing Mode Selection

  • Added radio buttons for whitelist/blacklist mode selection
  • Whitelist mode: only listed domains use proxy (existing behavior)
  • Blacklist mode: listed domains bypass proxy, all others use proxy
  • Dynamic label and placeholder updates based on selected mode

• User Interface Enhancements

  • Clean radio button design with visual feedback
  • Mode-specific placeholder text with example domains
  • Help text for domain pattern syntax
  • Profile color now displayed in Popup (matches Options page)
  • Simplified "Add Profile" button text

Changed

• PAC Script Generation

  • Enhanced generatePAC() to support both whitelist and blacklist modes
  • Blacklist mode reverses proxy logic (matched domains go direct)
  • Maintains backward compatibility with existing whitelist-only profiles

• Data Model

  • Extended routingRules with mode property ("whitelist" | "blacklist")
  • Default mode: 'whitelist' for backward compatibility
  • Profile duplication now copies routing mode

Technical

• New helper method: updateDomainListLabel()
• CSS styling for radio button components
• Updated profile normalization to include mode property

Backward Compatibility

• Existing profiles without mode default to whitelist behavior
• No migration required for existing configurations

X-Proxy v1.2.0

🎯 Major Feature: Domain-Based Routing

Configure specific domains to use proxy while others go direct - perfect for selective proxy usage!

Key Features

• Whitelist Mode: Only listed domains use proxy, all others go direct
• Wildcard Support: Use patterns like *.google.com to match all Google services
• Auto-Reactivate: Changes apply immediately when editing active profiles
• Profile Management: Copy routing rules when duplicating profiles

🔒 Security

• Fixed critical vulnerabilities in happy-dom dependency (GHSA-37j7-fg3j-429f, GHSA-qpm2-6cq5-7pq5)

✨ UI Improvements

• Polished toggle switch with proper sizing and shadows
• Unified font styling across all input fields
• Clear visual feedback with status messages
• Clean, intuitive routing rules editor

🔧 Technical Details

• PAC (Proxy Auto-Configuration) script generation
• Seamless switching between PAC mode and fixed_servers mode
• Enhanced data normalization for backward compatibility
• Improved proxy activation logic

📚 Documentation

• Comprehensive domain routing guide in README
• Updated CHANGELOG with all changes
• Enhanced GitHub Pages and Chrome Web Store listing

📦 Installation

1. Download the extension from Chrome Web Store (coming soon)
2. Or clone the repository and build from source

🚀 How to Use Domain Routing

1. Open Options (right-click extension icon → Options)
2. Edit or create a proxy profile
3. Enable "Domain Routing Rules" toggle
4. Add domains (one per line):

   *.google.com
   github.com
   *.youtube.com
   

5. Save and activate the profile

Full Changelog: https://github.com/helebest/x-proxy/blob/main/CHANGELOG.md

---

Note: This release includes security fixes. Please update to this version.