Changelog

📚 Tools directory + dark theme + housekeeping

New

• page /tools.html — a dedicated directory page for all 39 tools with descriptions and category grouping.
• page /changelog.html — this page.
• post Apple Intelligence Privacy in 2026 — three privacy tiers, one common misunderstanding. With an enterprise MDM checklist.
• post Chrome 3rd-Party Cookies in 2026 — cookies survived, Privacy Sandbox didn't. The status table of every Privacy Sandbox API.
• post The EU AI Act in June 2026 — what's in force, what got postponed by the Digital Omnibus.
• post MCP Security Checklist — companion to the new MCP Inspector tool.
• post The 2026 Prompt Injection Casebook — 12 patterns still working.
• feature Site-wide dark theme with a binary toggle in the header. Saves your choice, defaults to OS preference.
• feature Favicon — sparkle on the FunWithText gradient. Browser tabs no longer look like blank rectangles.
• feature QR/Image page (/qr-image.html) modernized — swapped to the maintained qrcode library, added SVG output, custom foreground/background colors, vCard QR type, and webcam scanning with rear-camera preference.

Fixed

• hygiene Removed 14 broken og:image references across the site — every preview image was 404'ing, making social shares look ugly.
• SEO Trimmed 27+ false hreflang declarations: 5 pages claimed en/no/de/fr/es all pointing to themselves; 2 pages had de pointing at the wrong URL; the homepage promised /de/ which 404'd.
• hygiene De-spammed the QR/Image page's 600-character multilingual keyword-stuffed meta description.
• hygiene Fixed the blog/(futurue) … .html filename typo across 6 placeholder files (futurue → future).
• hygiene Masked demo tokens in the JWT decoder and agent log redactor source so secret scanners (GitGuardian, TruffleHog) don't flag the teaching examples as real leaks.
• hygiene Deleted the legacy FunwithtextBackend(not in use)/ folder.

🤖 AI Safety sweep — 4 new tools

• tool MCP Server & Tool Description Inspector — the flagship. Paste an MCP manifest; surface tool poisoning, instruction smuggling, Unicode tag-character abuse, wide-open schemas, confused-deputy patterns. No competitor has one in 2026.
• tool Indirect Prompt Injection Scanner (HTML) — paste HTML; find hidden LLM instructions in comments, white-on-white CSS, aria-labels, meta tags, hidden inputs.
• tool Multimodal Injection Check — drop an image; OCR with tesseract.js plus a high-contrast pass to expose near-invisible text that vision models would read.
• tool Agent Log Redactor — 18 secret/PII detection categories (OpenAI / Anthropic / AWS / GitHub / Slack keys, JWTs, file paths, internal URLs, emails, CCs, SSNs).

🛡️ Privacy expansion — 5 new tools

• tool PDF Metadata Stripper — strip Info dictionary and XMP packet from PDFs (most simple strippers miss the XMP, which is what Acrobat shows in File → Properties).
• tool Email Header Analyzer — parse RFC 5322 headers; trace the Received chain; surface SPF / DKIM / DMARC with pass/fail pills.
• tool TLS Certificate Inspector — look up every public certificate ever issued for a hostname via Certificate Transparency logs.
• tool Browser Permissions Inspector — survey of 20 web permissions; shows current grant state for the current origin.
• tool Passkey / WebAuthn Tester — register and verify a real WebAuthn credential against an in-page relying party. Hand-rolled COSE-key CBOR parser; verifies the signature client-side via Web Crypto.

🧑‍💻 Tier 1 quick wins — 7 new dev tools

• tool YAML Formatter & YAML ↔ JSON — js-yaml backed; surfaces the YAML 1.1 "Norway problem".
• tool Regex Tester & Builder — live match highlighting, capture group + named group display, flag toggles, cheat-sheet sidebar.
• tool Text Diff / Compare — side-by-side or inline, LCS-based, whitespace/case ignore.
• tool HTML Entity Encoder / Decoder — named, decimal, or hex output; safe textarea-based decoder.
• tool Cron Expression Parser — parse cron + @daily-style shortcuts; show next 10 fire times in local time.
• tool Number Base Converter — bin/oct/dec/hex/base-36, BigInt-backed, two's-complement view with overflow detection.
• tool Color & WCAG Contrast — hex / RGB / HSL / OKLCH converter plus real-time WCAG AA/AAA contrast pills.
• tool EXIF Metadata Stripper — drop a photo; view GPS / camera / timestamp metadata (GPS in red); download a clean re-encoded copy.
• tool URL Encoder / Decoder — three encoder modes plus a query-string parser.

🚀 The first batch — 3 new tools

• tool JWT Decoder & Inspector — decode header + payload, surface iat/exp/nbf in human time, flag expired tokens and the insecure none algorithm.
• tool DNS Leak Test & Resolver Inspector — compare DNS-over-HTTPS responses from Cloudflare, Google, Quad9, AdGuard side-by-side. Spot DNS filtering and hijacking.
• tool LLM Token Counter & Cost Estimator — estimate tokens and round-trip API cost across GPT, Claude, Gemini. Updated June 2026 pricing (Opus 4.8 dropped to $5/$25/M).