What we shipped.

Critical fix: prevent cross-scan data leakage in wildcard subdomain matching. `isChildOfScan()` now requires an InstanceID match when the parent scan has one, so new wildcard runs no longer absorb subdomains/findings from previous scans of the same domain.

Fix: sync `XALGORIX_API_BASE` from `apiBaseOverride` when switching providers in the LLM settings tab. The env file now falls through `apiBase` → `apiBaseOverride` → catalog BaseURL.

Security fix: block the agent from self-scanning its own server's public IP on any port. `ipsMatchLocalInterface` now runs unconditionally. 4 regression tests added.

Fix: slice-bounds panic in `rewriteShellSegments` with multi-byte UTF-8 commands (em-dashes, IDN domains, emoji). Switched to explicit byte-index stepping via `utf8.DecodeRuneInString`.

Simplify the LLM tab — drop the Providers tab and openclaw catalog editor.

Provider catalog, OAuth profiles, scope-guard fix, and LLM resolver.

Resources: RAM-only scan admission; remove dead CPU/disk slot inputs. Release pipeline now pushes to `release/<version>` and opens a PR.

Scope guard hardening v2: four targeted fixes — token-splitting on `=?#@`, 8 KiB arg cap, redaction of out-of-scope hosts in `add_note`, single DNS resolution per `isBlockedTarget` call.

Block out-of-scope tool calls and self-listener scans. Unconditional in-scope guard now rejects any tool call whose host arguments aren't a configured target or subdomain. Listener-port check added to `isBlockedTarget`.

UI responsiveness: topbar overflow at 1024px, severity-legend overlap, 22-phase tile reflow with `auto-fill, minmax(140px, 1fr)`, and scan-detail header truncation.

Read-anywhere with deny-list for filesystem tools. Reads outside `allow_list` succeed by default; built-in deny-list protects `~/.ssh`, `/etc/shadow`, `/etc/sudoers`, `/proc/kcore`, etc. `XALGORIX_READ_DENY_LIST` extends it.

Findings consistency + pagination: 25/50/100/200 rows per page, URL-synced. Counter flicker eliminated via `keepPreviousData`. Findings deduplicate across runs by `(target, endpoint, title, severity)`.