Release Notes: Chrome Extension 0.1.81

Version 0.1.81 renders report overlays in an isolated sandbox document.

What Changed

• overlay.open now keeps the extension chrome in the shadow root but renders the agent-authored report HTML inside a sandboxed report iframe populated by the runtime.
• Agent-authored full-document CSS such as html, body, header, and .topbar now applies to the report document instead of colliding with the extension overlay shell.
• Report styles are injected as a constructed stylesheet in the report frame, so they still render on pages whose CSP blocks inline srcdoc styling.
• Scripts are still stripped before rendering or exporting overlay artifacts.
• Download/upload flows continue to use sanitized HTML artifacts.

Why It Matters

The previous overlay renderer parsed the agent’s HTML document, extracted styles, and inserted only the body fragment into .overlay-body. That meant full-document CSS did not render as authored, and generic selectors could collide with runtime chrome. The hosted agent could correctly call overlay.open and still produce overlays that looked boring, broken, or different from what it described.

The sandbox document makes the rendered report match the HTML/CSS the agent produces while preserving script isolation. The renderer avoids the naive srcdoc path because host-page CSP can allow the frame while still blocking the report’s inline CSS.

Verification

• Added a regression test proving html, body, header, and .topbar styles render inside the report iframe without affecting the overlay chrome.
• Added a restrictive-CSP regression test proving report CSS still renders when the host page declares frame-src 'none'.
• Updated existing overlay artifact tests to inspect report content through the iframe.
• Ran npm run test:overlay-runtime.