[0.1.11] — 2026-06-17

Added
- A source-code archive (web-ext-artifacts/reveal-urls-<version>-source.zip) for
the Firefox (AMO) and Thunderbird (ATN) stores, which require the original sources
whenever an add-on ships esbuild-bundled code. make package now emits it
alongside the per-target zips, and a new make source target builds it on its own
(make source REF=<tag> back-fills a past release, e.g. v0.1.10). The archive
carries reviewer build instructions in docs/mozilla-reviewer-build.md. Generation
is a host script (tooling/source-archive.sh) since the build image carries no git;
it skips gracefully (leaving the per-target zips) when host git or zip is
absent. A REF=<tag> back-fill archives a tag verbatim when that release ships its
own reviewer doc, and folds in the current instructions only for releases that
predate it — printing a warning in that case, since the authoritative toolchain is
whatever the archive's own Dockerfile / pnpm-lock.yaml pin (the doc says as
much) rather than an unverifiable "build process is unchanged" assumption. The
release workflow asserts the source archive exists before uploading, so a
silently-skipped archive cannot pass unnoticed. Covered by make test smoke tests
(tooling/test/source-archive.test.mjs, including the back-fill warning path) and
@source-archive Gherkin scenarios (features/source-archive.feature), both
skipped where the host tools are absent.

Changed
- The default colour of the revealed URL on honest (non-mismatch) links is now a
neutral very dark grey (#1a1a1a) instead of green, in both the browser
extension/Thunderbird add-on (matchColour) and the Gmail add-on card. A green
honest link could be read as a signal that the link had been checked or was
safe, which Reveal URLs does not claim; a neutral colour avoids that false
reassurance while the mismatch colour stays red. Users who saved a custom match
colour keep their choice; the new default applies where nothing was stored. (The
bundled screenshots still show the previous green and should be re-captured.)
- The Outlook add-in manifests (manifest.json and manifest.xml) now stamp a
1.0.x version, decoupled from the 0.x browser extensions, because AppSource
rejects an add-in manifest version below 1.0. The version stamper pins the
Outlook target's MAJOR.MINOR base (TARGET_VERSION_BASE) while keeping the
build number shared, so every shipped manifest still moves in lockstep.

Fixed
- The Outlook add-in XML manifest now passes Microsoft AppSource package
validation. Its VersionOverrides declared VersionOverridesV1_0, but the
ribbon and mobile command surfaces it carries are V1_1-only; that schema
failure made the validator unable to identify the add-in type, surfacing as
the misleading "manifest product ID could not be parsed", "package type not
identified" and "wrong package" errors.

[0.1.10] — 2026-06-16

Added

• Native email add-ons for Microsoft Outlook (Office.js task pane and
  command surface) and Gmail (Google Apps Script card service), so the
  link-destination reveal now works inside the desktop and web mail clients,
  not only in the browser extension. Each add-on ships its own manifest, icons,
  localisation, per-user/roaming settings storage, build pipeline and test
  suite.
• A shared findings module in packages/core, consumed by both new add-ons,
  that derives the displayable link findings (including mismatch highlighting)
  from parsed anchors, keeping the reveal logic identical across surfaces.
• Make targets and a containerised clasp workflow for creating, building and
  deploying the Gmail Apps Script project, including minimal-scope login and a
  bind-mounted token.
• Gherkin scenarios and step definitions covering the Gmail card and Outlook
  task pane, plus an add-on panel test harness and a CardService double.

Changed

• The Gmail add-on resolves link destinations through a bundled URL
  polyfill, brands its card with the project logo and colours the revealed link
  destinations; its OAuth request covers both the gmail.addons.execute and
  gmail.message.readonly scopes.
• Screenshots no longer mask sensitive data with solid black boxes; the store
  and documentation assets were regenerated accordingly.

Fixed

• Addressed review findings across the Gmail and Outlook add-ons, the website
  and the documentation (manifest AppDomains, privacy dates, icon scope,
  remote-code declarations and permission naming).