# Vuln Signal Content And Performance Backlog Use this backlog as a parking lot for future content, performance, Android, and platform work. It is intentionally broad. Pull from it in small themed batches, then move completed items into release notes or the AI handoff. ## How To Use - Pick one theme per batch. - Prefer shared modules, shared copy patterns, and reusable page structures. - Keep release gates green: `scripts/check-site.ps1`, `scripts/smoke-tools.ps1` for tool batches, and `scripts/release-prep.ps1` for release batches. - Do not add every idea at once. Ship the smallest coherent improvement that helps defenders. ## Content And Workflow Completed in the Practice Lab batch: - Add a Practice Lab page with interactive defensive drills. - Add Patch Priority, IOC Spotting, and CVSS Metrics practice rounds. - Add MITRE Mapping, Phishing Header, and Detection Tuning practice rounds. - Add difficulty filters for beginner, analyst, and advanced drills. - Add Study and Challenge modes with timed questions and streak tracking. - Add a Daily Mix run with one rotating question from each practice category and a final scorecard. - Add local-only scoring and review paths back to relevant tools and learning pages. - Add Practice Lab to Research navigation, route metadata, and the static search index. - Add Spot the Overclaim as a Training page for practicing claim-safe rewrites around compromise, exposure, remediation, attribution, KEV, EPSS, CVSS, and proof boundaries. - Add KEV vs EPSS Decision Drill as a Training page for practicing known-exploited and exploit-likelihood signal interpretation without overclaiming local proof. - Add Vendor Advisory Quiz as a Training page for practicing affected scope, fixed versions, mitigations, prerequisites, cloud responsibility, supersedence, and owner questions. - Add Scanner Finding Validation Drill as a Training page for practicing scanner evidence validation before patch deadlines, not-affected closure, mitigation, retest, or vendor clarification. - Add CVSS Scoring Drill as a Training page for practicing vector clues, disputed-score caveats, severity context, and decision boundaries. - Add Workflow Chain Challenge as a Training page for practicing advisory-to-IOC-to-detection-to-handoff tool workflows. - Add Evidence Packet Drill as a Training page for practicing compact proof collection before assignment, mitigation, monitoring, escalation, not-affected closure, or remediation proof. - Add Escalation Scenario Drill as a Training page for practicing triage, SOC, incident response, risk, vendor, and leadership escalation lanes. - Add Remediation Closure Drill as a Training page for practicing patched, mitigated, monitored, not-affected, accepted-risk, and pending-evidence closure language. - Add Leadership Briefing Drill as a Training page for practicing decision-ready executive updates with safe caveats, owners, blockers, and next review timing. 1. DONE - Add a First 10 Minutes triage guide. 2. DONE - Add a Patch vs Mitigate vs Monitor guide. 3. DONE - Expand glossary cards for EPSS, KEV, CVSS, CPE, CWE, PoC, and exploit maturity. 4. DONE - Add a What This Site Can Prove page. 5. DONE - Add a What This Site Cannot Prove page or section. 6. DONE - Add a walkthrough for reading a CVE detail page. 7. DONE - Add a guide for validating affected versions. 8. DONE - Add leadership briefing guidance that avoids overstating risk. 9. DONE - Add a workflow for unclear vendor guidance. 10. DONE - Add no-patch decision examples. 11. DONE - Add escalation-to-incident-response criteria. 12. DONE - Add not-affected evidence examples. 13. DONE - Add compensating-control evidence examples. 14. DONE - Add disputed CVSS score handling guidance. 15. DONE - Add responsible KEV prioritization guidance. 16. DONE - Add responsible EPSS interpretation guidance. 17. DONE - Add a Patch Tuesday operating routine. 18. DONE - Add a daily vulnerability standup template. 19. DONE - Add a weekly vulnerability review template. 20. DONE - Add SOC handoff examples. 21. DONE - Add patch owner handoff examples. 22. DONE - Add executive summary examples. 23. DONE - Add exception approval examples. 24. DONE - Add vendor escalation email examples. 25. DONE - Add asset owner validation questions. 26. DONE - Add common false positives in vulnerability feeds. 27. DONE - Add common mistakes when interpreting CVEs. 28. DONE - Add a beginner path for CVE triage. 29. DONE - Add a beginner path for SOC analysts. 30. DONE - Add a beginner path for patch managers. 31. DONE - Add a beginner path for leadership. 32. DONE - Add a source confidence explainer. 33. DONE - Add a live-derived signal explainer. 34. DONE - Add a threat map limitations explainer. 35. DONE - Add ransomware watch methodology. 36. DONE - Add appliance vulnerability playbook examples. 37. DONE - Add identity exposure playbook examples. 38. DONE - Add cloud exposure playbook examples. 39. DONE - Add OT vulnerability playbook examples. 40. DONE - Add silent patch investigation guidance. 41. DONE - Add zero-day response guidance. 42. DONE - Add exploit chain example library entries. 43. DONE - Add a vendor advisory reading guide. 44. DONE - Add NVD vs vendor advisory differences. 45. DONE - Add CISA KEV response guidance. 46. DONE - Add search workflow examples. 47. DONE - Add Saved workspace tutorial content. 48. DONE - Add Compare workflow tutorial content. 49. DONE - Add Brief Builder tutorial content. 50. DONE - Add a sample investigation from CVE to handoff. 51. DONE - Add a remediation evidence quality reference for comparing proof strength across owner, scanner, vendor, SOC, control, exception, and closure evidence. 52. DONE - Add an Evidence Library for validation, priority, closure, owner handoff, vendor, and communication evidence paths. 53. DONE - Add a Priority Model reference for combining severity, exploitation, exposure, asset context, patchability, and evidence quality. 54. DONE - Add Affected Range Examples for backports, disabled components, major upgrades, cloud responsibility, scanner changes, and stale containers. 55. DONE - Add an Exploit Maturity Explainer for rumor, PoC, weaponized, active exploitation, KEV, and safe communication language. 56. DONE - Add a Security Product Lab hub for cybersecurity product ideas, MVP choices, product families, safety boundaries, and recommended build order. 57. DONE - Add a CyberShield Blueprint with MVP scope, scan checks, scoring, finding library, architecture, data model, API shape, worker flow, and roadmap. 58. DONE - Add a Product Idea Matrix covering 28 cybersecurity website and SaaS ideas by audience, MVP shape, AI potential, SaaS potential, portfolio value, and difficulty. 59. DONE - Add Platform Blueprints for small-business security, developer security, SOC/threat intelligence, and GRC product combinations. 60. DONE - Add PhishGuard, APIShield, and ComplianceTrack blueprint pages for the next strongest SOC, AppSec, and GRC product ideas. 61. DONE - Add Product Chooser so product ideas become a build decision based on goal, user, safety, scope, and technical signal. 62. DONE - Deepen CyberShield with demo-vs-SaaS MVP boundaries and additional finding examples for TLS, MX, CAA, SPF, MTA-STS, TLS-RPT, dangling CNAMEs, and wildcard DNS. 63. DONE - Add Product Lab Roadmap for sequencing CyberShield demo MVP, SaaS MVP, PhishGuard, APIShield, ComplianceTrack, and later platform expansion. 64. DONE - Add CyberShield MVP Checklist for domain input, passive checks, scoring, findings, report output, UI states, and deferred features. 65. DONE - Add Product Demo Data Pack with fake domains, seeded scan results, UI states, and report copy for safe early product demos. 66. DONE - Add a browser-only CyberShield Demo Scanner with seeded domains, simulated scan progress, score breakdown, grouped findings, report copy, and JSON export. 67. DONE - Add a CyberShield Dashboard so the Product Lab has a seeded product overview with scores, domain cards, scan history, open findings, and next actions. 68. DONE - Add a CyberShield Report Preview so the Product Lab has customer-facing report sections, copy output, and JSON export before PDF generation exists. 69. DONE - Promote Product Lab and CyberShield from Learn, Start Here, Practice Lab, Workflows, Role Paths, Site Map, and What's New as a safe build/portfolio discovery path. 70. DONE - Add a Product Lab route chooser and align CyberShield links across Product Lab, Product Chooser, Product Matrix, and Dashboard so users can move idea -> dashboard -> scanner -> report without guessing. 71. DONE - Add Product Matrix shortlist lanes and align Platform Blueprints and Product Roadmap to the CyberShield dashboard-first product loop. 72. DONE - Deepen PhishGuard, APIShield, and ComplianceTrack blueprints with route strips, report shapes, safer output language, and platform expansion links. 73. DONE - Add after-CyberShield decision layers to Product Lab, Roadmap, Platform Blueprints, and Product Chooser so the second-product branch is role-driven instead of scattered. 74. DONE - Normalize Product Lab manual-review wording so early MVP paths point to dashboard and report-preview output before future PDF generation. ## Tool Content Completed in the tools polish batch: - Add sample inputs for every tool. - Add "when to use this tool" copy to each tool surface. - Add "what not to paste" privacy notes per tool family. - Add result interpretation and next-step recommendations after tool output. - Add shared Tool Actions for sample data, reset, copy, and download. - Add local-only and backend-assisted runtime labels. - Add Tools index filter counts, search clear, and accessible active filter state. - Add automated tool smoke checks for boot scripts, samples, and launcher wiring. Completed in the tools information architecture cleanup: - Reframe Tools Hub filters around job families: Extract & Normalize, Score & Validate, Draft Detection, Inspect Artifacts, Infrastructure, and Email & Identity. - Replace the single default workflow strip with common analyst flows for advisory-to-hunt, patch triage, detection draft, and phishing review. - Preserve legacy category matching in the Tools Hub filtering logic while showing clearer user-facing categories. - Split shared Tool Actions into Input, Copy, and Export groups so sample loading, copy wrappers, and downloads are easier to scan. - Add responsive layout styling for grouped Tool Actions on desktop and mobile. Remaining ideas: 51. DONE - Add copy-as-ticket-comment output mode. 52. DONE - Add copy-as-SOC-note output mode. 53. DONE - Add copy-as-leadership-summary output mode. 54. DONE - Add download JSON for structured outputs. 55. DONE - Add download CSV for indicator outputs. 56. DONE - Add IOC Extractor examples from multiple synthetic advisory styles. 57. DONE - Add CVSS scoring examples. 58. DONE - Add Sigma rule tuning checklist. 59. DONE - Add YARA rule tuning checklist. 60. DONE - Add Regex false-positive examples. 61. DONE - Add Email Header interpretation guide. 62. DONE - Add TLS certificate interpretation guide. 63. DONE - Add Exposure Checker version caveat examples. ## Performance Completed in the tools refactor batch: - Split `js/tools-page.js` into smaller modules by tool category. - Add a route-level render map for page module dispatch in `js/main.js`. - Add preload hints for the shared stylesheet across HTML pages. - Add asset cache-busting for tool CSS and JS updates. - Lazy-load only the current tool handler from the dispatcher. - Lazy-load Tools index launcher behavior only on the Tools page. - Lazy-load MITRE ATT&CK lookup data separately from the MITRE tool binder. - Lazy-load the static search index only when global search has a query or the Search page renders. - Extract the detail modal controller out of `js/main.js` into `js/modal-controller.js`. - Extract live intel, health, news, cache, and demo fallback handling out of `js/main.js` into `js/live-data-controller.js`. - Extract saved/bookmark/compare/note/triage event handling out of `js/main.js` into `js/user-actions-controller.js`. - Remove the full `main.js` app bundle from individual tool pages. - Automate the tool smoke test and run it from release prep. Completed in the release build hygiene batch: - Add `scripts/build-public-indexes.ps1` to regenerate `search-index-static.json` and `sitemap.xml` from one command. - Add `scripts/production-build.ps1` to run CSS bundling, JavaScript compacting, public index generation, and release prep in sequence. - Keep production build optional and non-deploying so it prepares local release artifacts without committing or publishing. - Add `css/styles.min.css` from the shared CSS source build and release checks to ensure the minified artifact exists. - Add `scripts/build-js.ps1` to generate a compact `js-min/` module mirror, plus release checks for coverage, freshness, and aggregate size savings. - Add `search-index-static.min.json` from the public-index build and release checks to ensure it is smaller than the readable static search index. Completed in the static discovery metadata batch: - Add RSS discovery links to HTML heads. - Add canonical URLs plus Open Graph and Twitter preview metadata to HTML heads. - Add `scripts/build-static-metadata.ps1` for `site-metadata.json` and `feed.xml`. - Run static metadata generation from the public-index build. - Add release checks for RSS discovery links, canonical URLs, preview metadata, `feed.xml`, and `site-metadata.json`. Completed in the diagnostics performance visibility batch: - Add performance marks around page render modules. - Add Diagnostics performance timing cards. - Add Status cache-hit/cache-miss visibility for the intel session cache. - Add payload size estimates in Diagnostics for loaded records, route manifest, static search index, main bundle, and local workflow storage. - Add browser-visible image dimension checks and manifest asset reminders. - Add Lighthouse review prompts to QA documentation. Completed in the all-aspects polish batch: - Move reusable entry and news card rendering out of `js/main.js` into `js/entry-cards.js`. - Add central localStorage read/write guardrails and a Workspace storage-health card. - Add Diagnostics visibility for compact production artifacts and local workspace storage health. - Add compact static search-index generation and release checks. Completed in the session-cache resilience batch: - Add a sessionStorage size guard for the live intel session cache. - Show cached intel immediately while refreshing in the background when a usable cache exists. - Keep cached intel visible if the background refresh fails instead of falling straight to demo data. - Surface session-cache guard state in Status and Diagnostics. Completed in the render-efficiency batch: - Cache the active page render route list after the first DOM sentinel scan. - Reuse only active render routes on bookmark, compare, note, triage, and live-data refresh passes. - Surface active-route counts and refresh pass counts in Diagnostics. - Add a shared `replaceHtmlIfChanged` DOM helper that batches HTML replacement through template fragments. - Use stable news signatures to skip unchanged Home and Status news-section rewrites after feed refreshes. Remaining ideas: 64. DONE - Minify CSS for production. 65. DONE - Minify JS for production. 66. DONE - Reduce `js/main.js` by moving shared render helpers out. 67. Add preconnect only if external assets are introduced. 68. DONE - Compress `search-index-static.json` if it keeps growing. 69. Split static search index by section. 70. DONE - Add a sessionStorage size guard with a user-facing fallback. 71. DONE - Add stale-while-revalidate behavior for cached intel. 72. DONE - Reduce repeated DOM queries in render loops. 73. DONE - Batch expensive DOM writes with document fragments. 74. DONE - Avoid rerendering unchanged sections after news loads. 75. DONE - Make `refreshAllViews()` more surgical for bookmark and compare actions. 76. DONE - Add performance marks around feed load and page render. 77. DONE - Add Diagnostics performance timing cards. 78. DONE - Add Status card for session cache hit or miss. 79. DONE - Add payload size display in Diagnostics. 80. DONE - Add image dimension checks for icons and manifest assets. 81. DONE - Add RSS discovery link to HTML heads. 82. DONE - Add static metadata generation. 83. DONE - Add a combined sitemap and search-index generation command. 84. DONE - Add an optional production build script. 85. DONE - Add a Lighthouse manual checklist. ## Frontend And UX Completed in the shared view ergonomics batch: - Add a shared Current View bar for pages with filter/search controls. - Add copy-current-view, clear-filters, compact-mode, and detail back-to-results controls. - Improve mobile filter scrolling and disabled/loading button states. - Add print-friendly page rules for briefing and workflow review. - Document keyboard, print, compact mode, and shared filter checks in QA docs. - Add local recent/pinned workflow shortcuts, skeleton loading cards, page freshness notes, and derived-view explanations. - Add detail-page related-tool quick rails and copy buttons for generated validation/remediation snippets. Completed in Workspace V1: - Add a browser-local Workspace hub for saved items, saved searches, pinned workflows, recent pages, compare queue, notes, feedback, local brief copy, and workspace import/export. - Add Workspace to navigation, Site Map, route metadata, route manifest, QA docs, and release notes. Completed in Detail Workbench V1: - Add top-of-detail copyable record briefs and saved-note starters. - Add direct pivots from Detail into Workspace, Saved, Action Tracker, Compare, and Brief Builder. Completed in the information architecture compass batch: - Add a Site Map Operating Compass that groups pages by work output: Intake, Validate, Decide, Act, Communicate, and Govern. - Add a Start Here card for users who know the output they need but not the page name. - Track the compass container in the route manifest so Diagnostics and release checks cover it. Completed in the content-quality audit batch: - Add Quality Center editorial audit cards for purpose, duplication, voice, density, discovery, and proof boundaries. - Add content triage lanes for Fix First, Consolidate, Expand, and Promote decisions. - Track Quality Center audit containers in the route manifest so release checks cover them. Completed in the visual consistency audit batch: - Add a Quality Center visual audit for density, mobile layout, action hierarchy, state design, text fit, and print readiness. - Add responsive `quality-audit-grid` styling from the source CSS bundle. - Track the visual audit container in the route manifest so release checks cover it. Completed in the release handoff batch: - Add `docs/release-handoff.md` as the final review note for generated artifacts, manual focus areas, and maintainer reminders. - Add production-build toolchain checks to release prep. - Update final QA and manual test decisions to prefer `scripts/production-build.ps1` as the one-command local release preparation path. Completed in the generated-artifact inventory batch: - Add `docs/generated-artifacts.md` to distinguish source files from generated CSS, JS, search, sitemap, feed, and metadata artifacts. - Link generated-artifact review from the release handoff and QA release checklist. - Add release-prep guardrails for `docs/release-handoff.md` and `docs/generated-artifacts.md`. - Add a production-build reminder to review generated artifacts before committing. - Add `scripts/review-worktree.ps1` to group dirty worktree files by source, docs, scripts, and generated artifacts before staging. - Add a release-prep guardrail for `scripts/review-worktree.ps1`. - Add `scripts/release-summary.ps1` to summarize route count, artifact sizes, metadata timestamps, and compact JS mirror status. - Add a release-prep guardrail for `scripts/release-summary.ps1`. - Run the release summary automatically at the end of `scripts/production-build.ps1`. - Add dirty-worktree category counts to the release summary so source, docs, scripts, and generated artifacts are visible at a glance. - Add route section counts to the release summary so product-area balance is visible as the site grows. - Add a non-blocking release-summary balance note when one product area holds 30% or more of route entries. - Add `scripts/check-doc-links.ps1` and run it from release prep so Markdown handoff/checklist links are checked. - Add `scripts/check-generated-freshness.ps1` and run it from release prep so generated artifacts stay newer than source inputs. - Add `scripts/audit-content-quality.ps1` as a non-blocking planning audit for route balance, long titles, short metadata, and duplicate inline purpose copy. - Expand short route-manifest purpose/workflow copy for Site Map, Defenders Today, Patch Watch, Trust Review, Defender Briefing Room, and Executive Board Report after the content-quality audit flagged them. - Expand short effective route metadata for small tools, Briefings, Exposure Operations, Vendor Analytics, and Patch Tuesday after the audit started checking route-metadata fallback coverage. - Clear the final short effective purpose findings for Vendors and YAML / JSON after the second content-quality audit pass. - Add `docs/content-governance-map.md` to define category rules, add-vs-consolidate decisions, batch rules, and review questions before more pages or navigation categories are added. - Add a release-prep guardrail for `docs/content-governance-map.md` so broad content/category guidance stays present. - Add `docs/content-governance-map.md` to the release summary review-doc list and generated-artifact review reminders. - Surface `docs/content-governance-map.md` directly in the content-quality audit and use it in section-balance warnings. - Expand `scripts/review-worktree.ps1` with modified/untracked counts plus generated-artifact and content-governance staging reminders. - Add modified/untracked path counts to `scripts/release-summary.ps1` so the build summary and worktree review use the same staging vocabulary. - Point the release-summary section-balance warning to `docs/content-governance-map.md` so build output and the content-quality audit recommend the same review path. - Add content-quality audit and content-governance checks to `docs/manual-test-matrix.md` for broad content, route, metadata, or navigation batches. - Add `scripts/final-review.ps1` as the preferred local pre-commit wrapper for production build, release prep, release summary, content audit, and worktree review. - Add a release-prep guardrail for `scripts/final-review.ps1` and surface it in release summary recommendations. - Add `docs/improvement-roadmap.md` as the full multi-batch proposal for release readiness, Training, IA, tools, search, Core consolidation, trust, performance, backend depth, and later product bets. 101. DONE - Improve mobile filters with scroll affordance. 102. DONE - Add clear-all-filters consistently. 103. DONE - Add copy-current-view-link consistently. 104. DONE - Add sticky filter summaries on long pages. 105. DONE - Add compact mode for dense analyst views. 106. DONE - Add print stylesheet for briefing pages. 107. DONE - Add better empty-state visuals without heavy assets. 108. DONE - Add skeleton loading for major feed cards. 109. DONE - Add last-updated text on every data-driven page. 110. DONE - Add "why am I seeing this?" explanations on derived cards. 111. DONE - Add a keyboard focus test checklist. 112. DONE - Add skip links to major page regions. 113. DONE - Add better focus restore after modals. 114. DONE - Add back-to-results behavior from detail pages. 115. DONE - Add persistent filter chips from URL params. 116. DONE - Add a recently viewed local list. 117. DONE - Add pin-this-workflow local shortcuts. 118. DONE - Add related-tool quick rails on detail pages. 119. DONE - Add copy buttons to more generated snippets. 120. DONE - Add clearer disabled and loading button states. ## Trust And Safety Completed in the trust and safety clarity batch: - Add dedicated Responsible Use cards to detection-adjacent tools through shared tool guidance. - Keep browser-local runtime labels on tools that do not require backend lookups. - Keep backend-assisted runtime labels for DNS and mail-auth lookups. - Add WebView and embedded-browser data retention caveats to Privacy And Data Use. - Add explicit browser localStorage and shared-device cautions to Privacy And Data Use. Completed in the derived-view claim caveats batch: - Make source confidence wording consistent across cards, detail views, and search results. - Reframe EPSS as exploit-likelihood context rather than exposure, compromise, or impact proof. - Add degraded-feed and parser-yield interpretation cards to Status. - Add "not compromise evidence" caveats to Threat Map. - Add vendor-validation guardrails to Patch Watch. - Add asset-exposure confirmation guardrails to the urgent queue. Completed in the trust transparency documentation batch: - Add legal and responsible-use caveats to Responsible Use. - Add public security contact verification guidance. - Add CSP staging test guidance. - Add deployed `_headers` review guidance. - Add dependency-free frontend security posture guidance. - Add feed fetching and parser transparency guidance. - Add known limitations and data freshness pages. 121. DONE - Add Responsible Use reminders beside offensive-adjacent tools. 122. DONE - Add local-only labels to tools that do not call the backend. 123. DONE - Add backend-assisted labels to DNS and mail tools. 124. DONE - Add a data retention note for WebView users. 125. DONE - Add a privacy note for browser localStorage. 126. DONE - Make source confidence badges more consistent. 127. DONE - Explain estimated EPSS vs live EPSS everywhere it appears. 128. DONE - Add degraded-feed callouts on affected pages. 129. DONE - Add parser-yield explanations in Status. 130. DONE - Add "not compromise evidence" notes on threat views. 131. DONE - Add "validate with vendor" reminders on patch pages. 132. DONE - Add "confirm asset exposure" reminders on urgent views. 133. DONE - Add legal and responsible-use caveats where needed. 134. DONE - Add public security contact verification checklist. 135. DONE - Add CSP staging test checklist. 136. DONE - Add a stronger `_headers` review doc. 137. DONE - Add dependency-free security posture documentation. 138. DONE - Add a feed-fetching transparency page. 139. DONE - Add a known limitations page. 140. DONE - Add a data freshness page. ## Backend And Feeds 141. Add D1 pagination for older CVEs. 142. Add `/api/cves?page=` endpoint. 143. Add `/api/detail?id=` endpoint backed by D1. 144. Add a D1 `feed_changes` table. 145. Record severity changes over time. 146. Record KEV status changes over time. 147. Record patch availability changes over time. 148. DONE - Add change summaries to What's New. 149. Add source-specific last successful sync. 150. Add source-specific error counters. 151. Add parser yield history. 152. Add structured Red Hat parser. 153. Add structured Ubuntu USN parser. 154. Add MSRC CVRF or API parser. 155. Improve Fortinet parser robustness. 156. Improve Palo Alto parser robustness. 157. Add NVD pagination sync job. 158. Add feed sync duration metrics. 159. Add D1 row count by severity. 160. Add D1 row count by vendor. 161. Add D1 pruning or archive strategy. 162. Add stale record flagging. 163. Improve advisory-to-CVE linking. 164. Add vendor normalization table. 165. Add product normalization table. ## Search Completed in the search quality batch: - Add lightweight fuzzy matching and CVE prefix matching. - Group Search results by result type so broad queries are easier to scan. - Add local saved-search "check again" counts for new or refreshed matches. - Add an examples and syntax drawer with CVE, CPE, CWE, vendor alias, and product examples. - Add vendor alias expansion for common shorthand such as MS, MSRC, PAN, Forti, RHEL, and Apache httpd. - Add query support for CPE, CWE, affected product, and product-family fields when present in the loaded feed. - Add recently changed, mitigation-first, and ransomware-relevance filters while preserving patch and source-confidence filters. 166. DONE - Add fuzzy search. 167. DONE - Add prefix search for CVE IDs. 168. DONE - Group search results by type. 169. DONE - Add local-only saved search check-again prompts. 170. DONE - Add search examples drawer. 171. DONE - Add typo-tolerant vendor aliases. 172. DONE - Add search syntax help. 173. DONE - Add search by CPE. 174. DONE - Add search by CWE. 175. DONE - Add search by affected product. 176. DONE - Add recently changed search filter. 177. DONE - Add has-patch search filter. 178. DONE - Add has-mitigation search filter. 179. DONE - Add source-confidence search filter. 180. DONE - Add ransomware-relevance search filter. ## Android 181. Add app icon from existing site icon. 182. Add splash screen. 183. Add app theme color matching the site. 184. Add pull-to-refresh. 185. Add WebView download handling. 186. Add external browser fallback button. 187. Add share-current-URL intent. 188. Add Android back and forward menu actions. 189. Add offline message with Status link. 190. Add network connectivity detection. 191. Use custom tabs for external links. 192. Add deep link support for `main-9et.pages.dev`. 193. Add privacy screen option. 194. Enable WebView Safe Browsing where available. 195. Explicitly handle or disable file chooser behavior. 196. Add Gradle wrapper. 197. Add release signing docs. 198. Add Play Store checklist. 199. Add APK build GitHub Action. 200. Add Android smoke test screenshots. ## Recommended Batch Order 1. Android import hardening: Gradle wrapper, icon, splash, pull-to-refresh, and README. 2. Tool modularization: split tool handlers, keep shared quick actions and accessibility behavior. 3. What Changed Since Last Visit v2: D1-backed change records and clearer returning-user summaries. 4. Search quality: fuzzy/prefix search, examples, aliases, and stronger result grouping. 5. Trust transparency: feed freshness, limitations, source confidence, and EPSS explanations. 6. Performance instrumentation: Diagnostics timing, payload size, and render-cost visibility.