Security: empty @grant granting all permissions, @connect bypass via
malformed URL, GM_addElement case-insensitive sanitization, signing
trustKey prototype pollution, Monaco adapter source validation.

Crashes: ScriptStorage search/getByNamespace/duplicate null-safety,
toggleScript undefined enabled, context menu tab.url crash, GM_cookie
null result, _makeRuleId collision, requireCache wrong key, signing
CRLF and whitespace fixes.

Performance: import getAll() O(N*M) to cached, resources O(N^2) to
chunked, urlchange handler dedup, console capture cap, audio tab
cleanup.

Dashboard: heatmap innerHTML+= DOM destruction, standalone
revokeObjectURL timing, profiles urlWatcher reset, chains deep copy,
diff/linter Uint32Array, devtools HAR version.

374/374 tests green. background.js 16,673 lines.