Cortex Scout v3.3.7

Changed

• Updated MCP setup guidance so hard timeout env vars are treated as required guardrails in copy-pasteable MCP config examples, not optional tuning.

Fixed

• Fixed MCP tool sessions getting stuck on pathological fetches by enforcing hard per-tool timeouts in both HTTP and stdio dispatch, plus bounded timeouts for expensive scrape stages and browser launch/probe paths.
• Fixed web_fetch on the LLVM CodeGenerator.html path by removing UTF-8-unsafe string slicing in the cleaner, which could panic a worker and leave the MCP caller waiting indefinitely.

Verified

• Re-tested the exact web_fetch MCP request from the stuck-user report against https://llvm.org/docs/CodeGenerator.html with output_format=clean_json, strict_relevance=true, extract_relevant_sections=true, section_limit=6, quality_mode=high, and max_chars=12000; the first call now returns normally in about 18 seconds and an immediate repeat in the same stdio session returns in under 0.1 seconds instead of hanging.

---

Built on macOS arm64 via cargo-zigbuild.

Cortex Scout v3.3.6

Changed

• Updated MCP tool descriptions and agent guidance to clarify that proxy use is optional by default, balanced fetches stay on the non-proxy/native path unless blocking signals appear, and all tool responses now expose timing information.
• web_fetch balanced-mode strategy now prefers the fast native HTTP path on normal server-rendered pages such as GitHub, only escalating into CDP earlier for proxy mode, high/aggressive mode, or known JS-heavy/problematic hosts.

Added

• Added _tool_metrics total-duration reporting to all Cortex Scout MCP tool responses through the shared HTTP/stdio dispatch layer.
• Added structured phase timing metrics to web_fetch/scrape responses and visual_scout responses so slow steps can be identified without external profiling.

Verified

• Re-tested the live MCP runtime after rebuild/reload and confirmed timing metrics now appear in visual_scout, extract_fields, and proxy_control responses.
• Re-tested the GitHub discussion fetch path through MCP and confirmed the same content path now completes in about 1.7 seconds instead of hanging for tens of seconds on the prior CDP-first behavior.

---

Built on macOS arm64 via cargo-zigbuild.

Cortex Scout v3.3.5

Changed

• Updated agent guidance to prefer direct MCP-tool validation on realistic public URLs after rebuilds when verifying runtime behavior for release decisions.

Fixed

• Fixed extract_fields natural-language schema parsing so prompts like fields: page_title, page_type, main_topics, summary and Return a JSON response with fields ... now resolve to the requested strict output fields instead of drifting into generic auto-extraction keys.
• Fixed extraction grounding so metadata-backed fields such as summary and inferred classification fields such as page_type no longer trigger false grounding_fail warnings or depressed confidence.
• Fixed MCP handler/schema parsing drift by routing prompt-to-schema parsing through the shared extractor implementation instead of maintaining a second copy.

Verified

• Re-tested extract_fields, proxy_control(status), and visual_scout through MCP tools only, using realistic public pages, and confirmed the runtime output now matches the documented behavior.

---

Built on macOS arm64 via cargo-zigbuild.

Cortex Scout v3.3.4

Added

• Added cross-process host guard coordination for search engines and scrape hosts so multiple Cortex Scout processes on the same machine/IP space requests out instead of self-triggering rate limits.
• Added shared cross-process search cache + singleflight locking so concurrent repos/agents can reuse live search results instead of duplicating the same upstream traffic.
• Added regression tests for deep_research history URL extraction and timeout helper behavior.

Changed

• Lowered the default outbound concurrency budget to 16, staggered search-engine fan-out, and tightened when community expansion runs so normal multi-agent usage is less bursty by default.
• deep_research now treats history as a first-class bootstrap source, skips empty history shells, and returns partial results when a hop scrape exceeds the configured timeout instead of hanging until the MCP caller times out.
• Cleaned up post-release compiler hygiene by removing a cross-target unused import warning in the setup permission checks.

Fixed

• Fixed stdio cold-start memory races so memory_search, search duplicate detection, and deep_research can wait briefly for LanceDB instead of missing reusable history on first request.
• Fixed deep_research history reuse so previously logged search previews and deep-research result objects expose reusable URLs for later runs.
• Fixed deep_research tool-level timeout failures under hostile scrape targets by enforcing a hop timeout and preserving partial output.

Verified

• Re-ran production cleanup passes over the Rust sources to confirm there are no live todo!, unimplemented!, or compiler-reported dead-code/unused warnings on the default target.

---

Built on macOS arm64 via cargo-zigbuild.

Cortex Scout v3.3.3

Added

• Added publish/ci/smoke_deep_research.py to sweep deep_research over MCP with coverage for every public parameter, clamp behavior, and invalid input handling.
• Added effective_config to deep_research responses so MCP clients and smoke tests can inspect the clamped execution parameters that were actually used.

Fixed

• Fixed browser launches in root/restricted environments by applying explicit no-sandbox handling across automation sessions, visible auth sessions, and the raw non-robot browser spawns.
• Fixed deep_research.max_chars_per_source=0 so the handler clamps it to a safe minimum of 1 instead of silently allowing an empty-content configuration.
• Fixed quality_mode contract drift by exposing high in MCP schemas and validation messages anywhere the runtime parser already supported it.

---

Built on macOS arm64 via cargo-zigbuild.

Cortex Scout v3.3.2

Added

• Expanded scout_browser_automate with broader Playwright-style parity: navigate_back, hover, wait_for, resize, tabs, file_upload, fill_form, handle_dialog, pdf_save, coordinate mouse actions, route inspection/removal, network state toggling, cookie/localStorage/sessionStorage CRUD, and verification helpers (generate_locator, verify_*).
• Added richer mock_api controls with persistent route registry, method matching, custom response headers, delay simulation, one-shot interception mode, and route listing/removal.

Changed

• Updated automation tool schema metadata so the new actions and parameters are discoverable by MCP clients and agents.
• Refreshed README, VS Code setup docs, and agent instructions to teach the latest omni-tool browser workflow.
• Tightened browser automation smoke coverage so release checks validate concrete outputs, mocked-header stripping, route teardown, and generated artifacts instead of only checking for step execution.

Fixed

• Hardened MCP tool-name routing compatibility so both public scout_* names and internal browser_* names resolve correctly for call dispatch.
• Fixed the automation handler/session plumbing so tab switching and the expanded browser action surface execute through the same persistent session safely.
• Fixed mock_api.remove_headers so stripped response headers are actually removed from mocked fetch/XHR replies, eliminating a browser-automation false positive in route mocking tests.

---

Built on macOS arm64 via cargo-zigbuild.

Cortex Scout v3.3.0

Added

• Unified the public MCP tool surface around grouped calls: web_search(include_content=true), web_fetch(mode="single"|"batch"|"crawl"), and hitl_web_fetch(auth_mode="challenge"|"auth").
• Expanded browser automation to behave more like a compact Playwright replacement, including nested flows, console capture, storage state helpers, and stronger auto-wait assertions.

Changed

• Refreshed usage docs, setup guides, and smoke coverage so the repository points agents at the current grouped tools instead of legacy tool names.
• Updated release/version metadata in lockstep for the next minor release.

Fixed

• Hardened schema validation and tool descriptions to remove stale or hallucination-prone references from the current tool catalog.
• Cleaned up several small clippy warnings and codepaths discovered during the release-prep scan.

---

Built on macOS arm64 via cargo-zigbuild.

Cortex Scout v3.2.0

Added

🎭 The "Playwright Killer" (Stateful Browser Automation)

CortexScout includes a built-in, stateful CDP automation engine designed specifically for AI Agents, completely replacing heavy frameworks like Playwright or Cypress for E2E testing workflows.

• The Silent Omni-Tool (scout_browser_automate): Instead of calling dozens of tools, agents pass an array of steps (navigate, click, type, scroll, press_key, snapshot, screenshot). The entire sequence executes in a single LLM turn, saving massive amounts of context tokens.
• Persistent Agent Profile: Automation runs silently in the background (--headless=new) using a dedicated isolated profile (~/.cortex-scout/agent_profile). It maintains cookies, localStorage, and session state across tool calls without causing SingletonLock collisions with your active desktop browser.
• QA Mock & Assert Engine: Built for enterprise E2E testing. Agents can inject XHR/Fetch network interceptors (mock_api) and run fail-fast DOM assertions (assert) that immediately halt the sequence if a UI state is incorrect.
• The Agent Auth Portal (scout_agent_profile_auth): If the silent agent encounters a CAPTCHA or complex OAuth login (like Google/Microsoft) on a new domain, this tool launches the agent's profile in a visible window. You solve the CAPTCHA once, the cookies are saved, and the agent returns to silent automation forever.

Changed

• Scoped extraction confidence calculation. Confidence is no longer a fixed 0.8 baseline with per-null penalties; it is now a weighted score and still overrides to 0.0 for placeholder/JS-only pages.

Fixed

• Hallucination-proof extraction scoring. extract_structured/fetch_then_extract now computes confidence using a 3-factor score (non-null ratio, source grounding, type validation), with strict type checking and fuzzy grounding to ensure extracted strings actually appear in the source page.
• New grounding and type warnings. Extraction now emits grounding_fail and type_mismatch warnings when values cannot be verified in the source or do not match the schema.
• extract_fields / fetch_then_extract hallucination risk. Non-null but incorrect extracted values no longer automatically imply high confidence.

---

Built on macOS arm64 via cargo-zigbuild.

Cortex Scout v3.1.3

Fixed

• Auth-wall false positives on public pages with login modals.
  Pages like Discourse forum threads were incorrectly blocked with NEED_HITL
  because the password input in the header login modal triggered auth detection.
  Rewrote detect_auth_wall_html with a high/low-confidence selector split:

  • High-confidence selectors (e.g. #login_field, .auth-form, #loginForm)
    fire unconditionally.
  • Low-confidence selectors (e.g. [type='password'], generic /login form
    actions) now require corroboration from the page title or URL to fire.
    Added a word-count gate in mod.rs, cdp.rs, and scrape_url.rs: if a page
    has more than 100 words, any auth signal is downgraded from blocking to an
    advisory prepended to the content. Crawl aborts are now gated on
    word_count < 50 (was: any auth signal).

• rodio 0.22 build failure in non_robot_search.rs.
  OutputStreamBuilder and Sink were removed in rodio 0.22.2. Updated to
  DeviceSinkBuilder::open_default_sink() and Player::connect_new().

• rmcp 1.2 #[non_exhaustive] build failure in stdio.rs.
  Tool, ServerInfo, and Implementation are now #[non_exhaustive] in
  rmcp 1.2.0, preventing struct-literal construction outside the crate. Replaced
  struct literals with Default::default() + field mutation or the provided
  builder-chain methods.

---

Built on macOS arm64 via cargo-zigbuild.

Cortex Scout v3.1.2

Fixed

• CDP concurrent launches — SingletonLock race condition (closes #7).
  When multiple MCP tools triggered headless browser fetches simultaneously, all
  launched into the same default Chrome user-data dir, causing every instance
  after the first to fail with "SingletonLock". Each CDP launch now gets an
  isolated --user-data-dir under a unique /tmp/cortex-scout-cdp-XXXXXXXX
  directory (cleaned up automatically after each request). Concurrent headless
  scraping now works correctly under load.

• release.sh — Version Guard used relative path for server.json.
  python3 -c "... pathlib.Path('server.json') ..." resolved relative to the
  shell's working directory, not the repo root, causing the guard to fail when
  the script was invoked from any directory other than the repo root. Fixed to
  use the absolute $REPO_ROOT/server.json path.

• release.sh — empty ## Unreleased section causes silent commit failure.
  When ## Unreleased was absent or empty, promote_changelog left the file
  unchanged but the script still ran git commit, which exited 1 ("nothing to
  commit"), aborting the release via set -e. Script now checks for a
  ## Unreleased section and exits early with a clear error if absent.

Changed

• Documentation overhaul — all configuration guides updated for v3.1.x.
  All example configs previously used RUST_LOG=info (floods MCP stdio clients)
  and were missing the required -- separator before the binary path on
  macOS/Linux. All path examples referenced the old search-scrape repo name.
  Updated across README, IDE_SETUP.md, VSCODE_SETUP.md, window_setup.md, and
  ubuntu_setup.md:
  • RUST_LOG=warn in every example (was info)
  • "--" added before binary path in env-command args arrays
  • All paths use cortex-scout (was search-scrape)
  • Build command updated to --all-features (was --features non_robot_search)
  • New VS Code section with macOS/Linux vs Windows config split
  • Deep research env vars table added (DEEP_RESEARCH_SYNTHESIS_*)
  • 8 previously undocumented environment variables added to README table
  • window_setup.md: removed [DEPRECATED] tag, removed Browserless/ONNX
    references from v2 architecture, rewritten for current binary-only setup
  • docs/SAFETY_KILL_SWITCH_SUMMARY.md: deleted (stale internal dev note,
    superseded by docs/SAFETY_KILL_SWITCH.md)

---

Built on macOS arm64 via cargo-zigbuild.