v1.10.0 — page-load capture + fidelity + page safety + WebSocket

Major capture-quality + safety release, driven by an adversarial edge-case audit (20 findings, 16 fixed) plus the LinkedIn page-load capture fix. 83 unit + 12 e2e green (real Chromium, real MV3 contexts).

Install

1. Download api-reverse-engineer-1.10.0.zip below and unzip it.
2. chrome://extensions → enable Developer mode → Load unpacked → select the unzipped folder (remove any older copy first).
3. For reverse-engineering your own APIs, untick Redact secrets for full-fidelity, replay-ready captures. Redaction is a safe-to-share feature, not self-protection.

Highlights

Capture coverage

• Page-load capture (document_start MAIN-world injection) — captures the API calls a SPA fires on load/navigation (LinkedIn Voyager graphql / RSC), previously missed entirely.
• WebSocket capture — realtime chat / presence frames (WS_SEND / WS_RECV), previously a blind spot.
• Decode blob/arraybuffer XHR bodies — LinkedIn serves Voyager JSON over responseType='blob'; the full responseType enum is handled and never throws into the page.

Fidelity (data lost even in raw mode)

• fetch(new Request(url,{body})) request body captured (RSC/GraphQL writes were body:null).
• Big-int IDs preserved byte-exact in request.bodyRaw (entityUrn / snowflake).
• URLSearchParams / FormData bodies serialized (were {}).
• Reused XMLHttpRequest no longer duplicates / mislabels captures.

Page safety

• Streaming / SSE responses no longer hang the page (response returned immediately; clone read detached + byte-capped). clone() guarded.

Redaction (safe-to-share, no-op in raw mode)

• Recurse arrays + deep nesting (Voyager included[] tokens leaked); redact URL query/fragment params.

Robustness

• Pre-recording buffer bounded by bytes + drop warning; closing the recording tab does an implicit STOP.

Deferred (low probability, documented): OPFS QuotaExceededError, large-capture download memory, fallback eviction signal, value-side header redaction.

Full notes in CHANGELOG.md.

v1.8.0 — i18n (English + Spanish UI)

Adds English + Spanish UI via chrome.i18n — the popup now follows your browser language (English by default, Spanish for es locales).

This re-implements the i18n proposal from @adc103 (#1) on the current popup; the original PR predated the 1.5–1.7 rewrite and no longer applied cleanly. Thanks @adc103 for the approach! 🙏

Everything from v1.7.0 is included (captures again, async OPFS, pause/resume, real LinkedIn preset, download site cookies).

Install: download api-reverse-engineer-1.8.0.zip, unzip, then chrome://extensions → Developer Mode → Load unpacked → select the folder.

v1.7.0 — captures again + async OPFS + pause/resume + LinkedIn + cookies

The extension captures again. v1.4.x silently captured nothing in real Chrome — createSyncAccessHandle (sync OPFS) isn't available in MV3 service workers, so the worker never loaded its buffers and every capture was dropped. The unit suite was green the whole time because the mock injected those buffers. This release fixes the regression and ships an honest unit + e2e suite (real Chromium) so it can't come back.

Highlights since v1.3.0

• ✅ Captures fetch + XHR again — importScripts wiring (B1) + the preset filter no longer drops everything (B2).
• 🔌 Async OPFS streaming (ADR-0003) — on-disk capture that actually works in the service worker (createWritable), and survives the worker sleeping.
• ⏸ Pause / Resume — a recording survives the MV3 service worker being killed (validated with CDP teardown in real Chrome).
• 🔗 LinkedIn preset updated to the real 2026 endpoints (/voyager/api/ + /rsc-action/), with telemetry/static exclusion and x-restli-protocol-version kept readable.
• ⬇ Download site cookies — including httpOnly auth (li_at / JSESSIONID) — for API replay.
• 📊 Live request counter restored on the toolbar icon.
• ✅ 78 unit tests + 5 e2e tests in real Chromium, CI on every push.

Install

Download api-reverse-engineer-1.7.0.zip, unzip, then chrome://extensions → enable Developer Mode → Load unpacked → select the unzipped folder.

Full changelog: CHANGELOG.md

v1.2.1 — Debug + CSP bypass

Bug Fixes

Issue: Extension wasn't capturing requests on some sites (including Skool).

Root Causes

1. CSP (Content Security Policy) blocking external scripts → now injects inline
2. No visual feedback when recording starts → now shows red ● badge immediately
3. Hard to debug when captures fail → added comprehensive console logging

Changes

• Inject interceptor as inline code (bypasses CSP restrictions)
• Set badge to red ● immediately when you click Start
• Console logging shows:
  • Whether interceptor was injected
  • Every request intercepted (with recording state)
  • Why requests are skipped (not recording / filtered)

How to Debug

1. Open DevTools Console (F12)
2. Click Start in the extension
3. Browse the site
4. Watch for [ARE Content] and [ARE Interceptor] logs

If you see intercepted requests in console but they're not being captured, check the recording: false flag.

v1.2.0 — Fix: recording stops mid-session

Bug Fix

Recording was stopping mid-session — Chrome kills service workers after ~30 seconds of inactivity, losing all in-memory state. This caused the extension to silently stop capturing after the browser was idle.

Fix

• Persist isRecording, recordingTabId, and all captured data to chrome.storage.session
• Restore full state when the service worker wakes up
• Content script reads recording state from session storage on page load

Install / Update

1. Download the zip below
2. Extract it (replace the old folder)
3. Go to chrome://extensions/ → click 🔄 on the extension

v1.1.0 — Tab-scoped recording

What's New

• Tab-scoped recording — captures only from the tab where you clicked Start
• URL filter (domain, path, or keyword)
• Deduplication: endpoints array has one entry per unique endpoint
• Live badge counter
• Fetch + XHR interception
• Manifest V3

Installation

1. Download the zip below
2. Extract it
3. Open chrome://extensions/ → Enable Developer Mode → Load unpacked → select the folder

How to use

1. Go to any website
2. Click the 🟢 icon in your toolbar
3. Set an optional filter (e.g. api.mysite.com)
4. Click ▶ Start
5. Browse the site normally
6. Click ⏹ Stop → ⬇ Download JSON