LakshmanTurlapati/FSB

Highlights

This release rolls everything since v0.9.65 (2026-05-14) into one extension package. Three threads landed in parallel:

Telemetry attribution (mcp_client field)

• PR #57 (cd07d9b6) — Fixed the WS dispatcher leak that recorded every telemetry_events.mcp_client as unknown. The dispatcher was passing the bridge-instance object into the recorder where a string label was expected. Now extracts the canonical client label from payload.visualSession.client.
• PR #59 (ca95f919) — Closed the second half of the leak: non-action message routes (agent:register, mcp:get-tabs, mcp:get-dom, mcp:get-diagnostics, mcp:read-page) never carry a visualSession.client sidecar, so they kept writing unknown even after PR #57. Added a per-agent label cache in the dispatcher so subsequent non-action calls from a known agent inherit its label.

/stats dashboard

• PR #58 (bde9dcc0) — Replaced 8 chart views with richer visualizations: lollipop (weekly stars), sankey (issues), dual-axis (forks), streamgraph (PRs), punchcard bubble matrix (commits over time), gantt strip (maintenance), radial gauge, sparkline ring buffer, big-number tile.
• PR #53 (3e1f7d16) — Codex P1 follow-ups on PR #50: serialized recordDispatch r-m-w against concurrent dispatches, stripped attempts from the POST body.
• PR #61 (d587a599) — Moved all GitHub API calls off the Angular client onto a server-side 5-min poller backed by SQLite. /stats now reads from same-origin /api/public-stats/github/:endpoint_id. Stops every visitor's browser from burning the shared 60-req/hr GitHub rate limit; one authenticated server poller can use the 5000-req/hr quota instead. CSP tightened to connect-src 'self'.
• PR #62 (0bdbfd77) — Lowered the housekeeper k-anonymity floor from 5 to 2 so /stats actually surfaces real MCP client names. At single-digit total install counts, no real label could mathematically clear k=5 and the chart stayed at Other (uniq=6) forever. Raise back to 5 once installs exceed ~50.

MCP server (fsb-mcp-server)

• PR #63 (9c25405b) — Coerced string-encoded numeric tool params (tabId, tab_id, count, limit, topN). Some MCP clients (observed: Claude Code) serialize integers as JSON strings on the wire, which the server's bare z.number() rejected with Expected number, received string. Single fix point at the jsonSchemaToZod translator plus 7 hand-rolled Zod sites. Note: this fix ships with [email protected] (release pending).

Plumbing

• PR #51, #52, #54, #55, #56 — /stats SPA route wiring, CSP for GitHub API (later removed by #61), CI showcase deps, cumulative-commits chart, 0.9.65 → 0.9.66 version bump.

Install

Download fsb-extension-v0.9.67.zip from the assets below, unzip, and load the unpacked directory at chrome://extensions (Developer mode → Load unpacked).

Validation

• node scripts/validate-extension.mjs → OK (manifest valid, 245 JS files parsed clean)
• npm test → all suites green
• Manifest V3, name FSB v0.9.67, version 0.9.67, 362 files, 13 MB on disk