I just shipped a significant update to Permi. This release tackles the biggest pain points reported by the community: JS scanning that actually works , smarter XSS detection , and much faster scans . 🧠 Smarter AI – Now CSP‑Aware Permi’s AI filter can now recognize when a target uses a Content‑Security‑Policy (CSP) that blocks inline script execution. This significantly reduces false positives on hardened websites like GitHub, banks, or government portals. Before: Reflected XSS payload found → flagged as REAL, even if CSP blocked it. After: AI checks CSP header → marks as harmless unless the policy allows execution. 🌐 Production‑Ready JavaScript Crawling The new --js flag launches a Playwright headless browser that can render React, Vue, Angular, and other SPAs. It even works behind Cloudflare thanks to playwright-stealth . bash permi scan --url https://example.com --js Reliability: Falls back to static HTML if JS times out (no more zero‑URL scans).…