diff --git a/plan/expurge-progress.md b/plan/expurge-progress.md index 22d90d5..5bb69ba 100644 --- a/plan/expurge-progress.md +++ b/plan/expurge-progress.md @@ -99,6 +99,7 @@ superseded by the sidebar architecture — see `sidebar-nav.md` for the current - ~25 verified people-search brokers in brokers.json (all channels personally verified, trust bits stamped) - Pre-launch verify: CCPA template legal language; DROP registry cross-reference (Q-010) - CI schema validator: rejects malformed records, enforces trust-bit hygiene (contributed records must be `trust: unverified`) +- **Per-broker challenge-resolve gate** (onboarding checklist item): for each new broker, confirm its bot-gate **navigates away on solve** (like TPS `/InternalCaptcha`). `detectChallenge()`'s Turnstile-script signal is generic and manifest-bounded (it only runs where `content_scripts.matches` injects), but resolve-safety is proven on TPS **only (n=1)**. If a broker instead resolves **inline** — results swap in place, URL unchanged, the `challenges.cloudflare.com/turnstile` `