v0.0.11 — Introducing Audit

First stable release of the 0.0.11 line. Published to npm as failproofai@0.0.11 under the latest tag.

Highlights since 0.0.10

Features

• /audit dashboard + failproofai audit CLI — scan your agent-CLI session history and get a personality-driven audit (8 archetypes, 0–100 score, shareable poster) with prescribed policies. Runs fully local; install-free via npx -y failproofai audit.
• Email-OTP auth — failproofai auth login | logout | whoami, wired to the api-server; tokens stored at ~/.failproofai/auth.json.
• Supply-chain CI gate (OSV-Scanner + Socket) and a PR-level MDX parse check.
• Broader, more reliable PostHog telemetry across all four channels.

Breaking changes

• Default policy namespace renamed exospherehost → failproofai. Configs that reference builtins as exospherehost/<name> must update to failproofai/<name>. Flat shorthand (e.g. "sanitize-jwt") is unaffected.
• Removed the legacy cloud auth + event-relay subsystem (the old failproofai login / logout / whoami / relay / sync commands) ahead of the new auth surface above.

Other

• Community moved from Slack to Discord; docs live at https://docs.befailproof.ai/introduction.

Full per-change detail is in the CHANGELOG.

v0.0.11-beta.12 — Discord community link, responsive activity table + mode-pill fix, audit copy

Features

• Collapse the dashboard "Reach Us" dropdown's three GitHub links (Request a Feature / Report an Issue / Ask a Question) into a single Feedback & Issues entry pointing at the GitHub issue chooser (/issues/new/choose).
• Reorder the policies → activity table columns to: time · decision · event · cli · tool · policy · reason · mode · duration · session.

Fixes

• Fix the policies → activity table collapsing on narrow / portrait windows. Columns no longer overlap — each data cell clips with an ellipsis at its own edge and headers stay on one line — and the table holds a readable min-width (1280px), scrolling horizontally below that via a themed scrollbar instead of squeezing columns into each other. The badge / long-header columns (decision, event, cli, mode, duration, session) were widened so their content fits — the mode column in particular now holds its widest pill (bypassPermissions) instead of clipping it mid-word, and the mode pill truncates with an ellipsis + hover tooltip if a longer / custom mode ever appears.

Docs

• Replace the community Slack invite with Discord (https://discord.gg/2zjBZP7yQJ) everywhere it's user-facing: the failproofai --help LINKS banner, the dashboard "Reach Us" dropdown, and the README community badge (English + 14 translations). The Slack webhook notification example (examples/policies-notification.js) is intentionally left as-is — it's a feature integration, not a community link.
• Reword the /audit invite card ("Share with friends" / "wanna know how your friends' agents score?") and grammar-pass the X/LinkedIn share templates (article/adverb/coordination/comma-splice fixes only — no behavioral or structural change).

v0.0.11-beta.11 — invite emails show audit score, quieter server logs, PR-level MDX parse check

Features

• Add a PR-level MDX parse check (bun run validate:mdx, wired into the CI docs job) that compiles every docs/**/*.mdx with the same MDX engine Mintlify runs at deploy time. mintlify validate only checks docs.json structure and nav links — it never parses page content — so syntax errors slipped through to the post-merge deploy. This catches them on the PR instead (#455).
• Invite emails now include the inviter's audit score: sendInvites() and the /api/audit/invite proxy forward a clamped (0–100) score to the api-server, which renders "my agent scored a N/100" in the body. Threaded AuditDashboard → ComeBackBetterSection → InviteDialog; optional end-to-end so it degrades to score-free copy when absent (#456).
• Rewrite the X/LinkedIn share templates (10 each): lead on the score and archetype and end on the npx -y failproofai audit CTA + handle (@failproofai / @Failproof AI), with no URLs in the copy so the pasted audit-card image isn't replaced by a link-preview card (#456).
• Enlarge the audit poster's four corner labels so they read clearly at share size, on both the dashboard render and the downloaded PNG (#456).

Fixes

• Fix three translated docs pages that failed the Mintlify deploy parse. docs/tr/cli/audit.mdx had a dropped closing backtick that pushed <slug> out of its inline-code span (parsed as an unclosed JSX tag); docs/ja/built-in-policies.mdx and docs/zh/built-in-policies.mdx carried translator-injected {#id} heading anchors that MDX reads as JS expressions. All three now match the other 12 locales (#455).
• Stop the failproofai server log from repeating the benign Next.js "Failed to find Server Action" deployment-skew error. A browser tab left open across a dashboard rebuild/upgrade POSTs a stale Server Action ID; the client recovers via Next's graceful 404, but the standalone server still logged a 3-line error block to stderr per stale request. The start launcher now pipes the server's output through a filter (scripts/skew-log-filter.ts) that drops just that block — all other output, and color via FORCE_COLOR, passes through untouched; dev is unchanged (#456).

Dependencies

• Add @mdx-js/mdx as a dev dependency, used by the new validate:mdx docs parse check (#455).

---

Published to npm under the beta dist-tag — install with npm i failproofai@beta or run npx -y failproofai@beta.

v0.0.11-beta.10 — failproofai audit CLI, shareable-card polish, invite-auth UI fix

Features

• Add the failproofai audit CLI command: scans local agent-CLI session history, pre-warms the dashboard cache, and opens the /audit report — also runs install-free via npx -y failproofai audit. New src/audit/cli.ts (animated progress mirroring the dashboard's stages) and src/audit/open-browser.ts, wired into bin/failproofai.mjs (#453).
• Rework the shareable /audit card (dashboard render + downloadable PNG): remove the bottom-tier rank pill, center the score, and rebuild the footer as a glowing white befailproof.ai stamp + a glowing npx -y failproofai audit CTA. Expand the social-share copy to 10 X + 10 LinkedIn templates (short, on-brand) tagging @failproofai / @Failproof AI, drop the raw site URL, and append a clipboard paste hint on share (#453).

Fixes

• Show login-required copy ("Oops! Login required" / "What's your email?") on the invite-a-friend CTA's shared AuthDialog so it reads distinctly from the reminder CTA — content only, the auth flow is unchanged (#453).
• LinkedIn share now opens the feed composer with the post text pre-filled (feed/?shareActive=true&text=) instead of the deprecated share-offsite summary param that LinkedIn ignores (#453).

Docs

• Document the failproofai audit command and npx -y failproofai audit usage in docs/cli/audit.mdx, and refresh the docs/dashboard.mdx Audit section to the current poster flow (#453).
• Point the docs community anchor (docs.json) and the CLI launch banner at the Discord server instead of the Slack invite (#453).

---

Published to npm under the beta dist-tag — install with npm i failproofai@beta or run npx -y failproofai@beta.

v0.0.11-beta.9 — invite-a-friend flow, audit-poster PNG fix, Supply Chain green

0.0.11-beta.9

Features

• Invite a friend from /audit (#435) — the come back better card gains an invite modal: paste a comma/space/newline-separated list of friend emails (validated inline, capped at 10 per submit, deduped against your own address) and they're emailed an audit invite from failproof.ai with you Cc'd. Anonymous users are routed through sign-in first so there's a sender identity. Replaces the placeholder "1 of 3 invited" perks bar.

Fixes

• Supply Chain (OSV-Scanner) CI gate is green again (#446) — the dependency tree resolved a vite@8.0.14 (two advisories, incl. CVSS 8.2) and undici@7.27.2 (7 advisories) transitively. Both are now pinned via package.json overrides (vite@8.0.16, undici@7.28.0) to dedupe the whole tree. OSV-Scanner now reports "No issues found".
• /audit poster PNG export rendering (#435) — swapped the poster export from html2canvas to html-to-image, fixing broken dashed borders, a stray square cutting through the wordmark, and clone/flex misalignment that left content anchored off-center. The poster now rasterizes through the browser's native renderer, so masks, gradients, and font metrics match what's on screen.
• Dashboard restraint (#435) — dropped the decorative ━━ glyph prefix and amber slipping-count badge from every navbar tab, and calmed the /project/[name] page chrome (flat back chip, mono title, single meta line, calm sessions list).
• Correct CLI binary name in /audit install commands (#435) — the per-policy and [install all] rows emitted failproof policy add …; the shipped binary is failproofai, so a copied command would fail. Fixed at all call sites plus the docs example.
• CodeRabbit review follow-ups (#435) — invite flow now routes 401s back through sign-in and never leaks upstream error text to the client/telemetry; share-fallback telemetry no longer reports success on failure; transient /api/auth/status failures preserve prior auth state; new :focus-visible outlines on all new interactive controls.

Dependencies

• Consolidated Dependabot bumps #436–#445 (#446) — next 16.2.9, eslint 10.5.0, @tailwindcss/postcss + tailwindcss 4.3.1, @anthropic-ai/sdk 0.104.2, vitest 4.1.9, lucide-react 1.18.0, @tanstack/react-virtual 3.14.3, posthog-node 5.37.1, eslint-config-next 16.2.9.
• Add html-to-image@^1.11.13 for the audit-poster export (#435).

Docs

• Update docs/dashboard.mdx for the new 5-section audit flow and the invite a friend flow (#435).

Published to npm under the beta dist-tag (npm i failproofai@beta).

v0.0.11-beta.8 — audit first-run fix: fire-and-forget runs, scan all history

0.0.11-beta.8

Fixes

• The /audit first run no longer fails on the first click, and an audit is no longer time-capped (#434) — the first, cold scan used to abort after ~15s and bounce back to the empty state (a retry only worked because the first attempt had warmed the caches server-side). The run is now fire-and-forget with uncapped status polling, so an audit runs to completion however long it takes, and the default scan now covers your entire session history instead of just the last 30 days. The run-lock's 5-minute auto-expiry is removed so a long-but-healthy run is never cut short, and a run that can't persist its result now surfaces an error instead of silently reporting success.

Docs

• Update translated docs for changed English sources (#433).

Published to npm under the beta dist-tag (npm i failproofai@beta).

v0.0.11-beta.7 — audit re-audit bar removed; re-audit forces a fresh scan

0.0.11-beta.7

Fixes

• Remove the top-of-page [ re-audit ] bar from the audit page (#431) — on the empty/expired path it stacked a second "run an audit" CTA that read as broken, and on loaded reports the freshness strip earned little. Re-auditing still works from [ run audit ] on the empty state and [ re-audit now ] at the bottom of a report; the sticky progress strip, soft-refresh-on-success, and 7-day cache TTL are untouched.
• Re-audit now forces a genuinely fresh scan (#432) — [ re-audit now ] sends noCache: true, so it bypasses the per-transcript cache and re-scans every transcript from scratch instead of silently returning the identical cached result. The empty-state first run stays on the fast cached path; a failed re-audit leaves the prior report intact.

Published to npm under the beta dist-tag (npm i failproofai@beta).

v0.0.11-beta.6 — audit 7-day cache TTL, top-of-page re-audit bar, classifier hardening

Features

• 7-day cache TTL on both audit caches. Per-transcript cache (src/audit/cache.ts) gains a cachedAt field and a CACHE_TTL_MS = 7d reject-on-read check (schema bump 2 → 3 forces a clean re-scan of pre-existing entries). Dashboard cache (src/audit/dashboard-cache.ts) reuses the existing isCacheStale(cachedAt, 7d) helper on the read path so a week-old result is never silently served. (#428)
• Top-of-page re-audit bar. New TopAuditBar renders above the IdentitySection with the last-audit timestamp (audited 3d ago), an amber expires in 14h — re-audit to refresh chip inside the final 24h of the TTL, and a [ re-audit ] button. Modes: cached, expired, empty. (#428)
• Sticky progress strip + soft refresh during re-audit. Pink hard-offset banner pinned to the top of the viewport during a run, mm:ss elapsed timer, CSS-only edge pulse. On RerunError it swaps to a red strip with copy keyed off RerunError.kind. Success path soft-refreshes the dashboard cache via getAuditResultAction() — no more window.location.reload(). (#428)

Fixes

• Goldfish classifier hardening. PR #426's GOLDFISH_ENTROPY retune exposed that normalised lift entropy can't tell "every cluster at typical baseline" apart from "real scatter". Adds GOLDFISH_MIN_SECOND_LIFT = 1.3 so goldfish only fires when ≥2 clusters genuinely over-index; uniform-at-baseline profiles fall through to the existing argmax. (#429)
• Stop the Next.js 16 dev-overlay "signal is aborted without reason" warning. lib/fetch-with-timeout.ts swaps the manual AbortController + setTimeout (which called controller.abort() with no reason and silently dropped any caller-supplied init.signal) for platform AbortSignal.timeout() composed with AbortSignal.any(). (#428)

Docs

• Update the dashboard + audit-CLI docs for the new TTL behaviour and the top-of-page re-audit bar. Reword cachedAt as TTL metadata (not part of the cache key). Fix a stale failproof policy add typo to failproofai policy add. (#428)
• Translation refresh for changed English sources. (#427)

Full details in CHANGELOG.md under 0.0.11-beta.6.

v0.0.11-beta.5 — /audit persona fix: behavior-calibrated archetypes

Fixes

• Behavior-calibrated /audit archetypes — the persona classifier no longer collapses nearly every agent onto "the explorer". The lift denominator now uses empirical firing shares instead of catalog weights, so a persona wins only when it fires more than a typical agent; block-read-outside-cwd is dropped from the signal map (off by default + ubiquitous ambient reads), and the goldfish entropy threshold is retuned. Real-world distribution now spreads across all 8 personas instead of ~100% explorer. (#426)

Docs

• Document that contributors must build the project before the in-repo dev hooks resolve the failproofai import against dist/index.js. (#426)

Full details in CHANGELOG.md under 0.0.11-beta.5.

v0.0.11-beta.4 — /audit share-card hotfix (desktop intent + correct domain)

/audit share-card hotfix

Two fast follow-ups on the /audit share flow introduced in 0.0.11-beta.3.

Fixes

• Desktop "share on X" / "share on LinkedIn" no longer open the Windows share dialog. lib/share-card.ts shareCardNative() early-returns false on non-mobile devices (detected via navigator.userAgentData.mobile with a UA-string fallback for Safari / Firefox + a maxTouchPoints check for iPadOS 13+), so the ShareDock falls through to its existing clipboard + x.com/intent/tweet / linkedin.com/sharing/share-offsite path. Mobile keeps the one-tap system share sheet because there the OS sheet actually surfaces the X / LinkedIn apps as targets (#425).
• Share templates linked to the wrong domain. Every X / LinkedIn template embedded https://failproof.ai, but the actual marketing site is befailproof.ai — so every shared post linked to a dead URL. Updated SITE_URL in both app/audit/_components/share-templates.ts and app/audit/_components/share-dock.tsx, plus the bare failproof.ai mention in the 4th X template; tightened the template test to assert the new domain so a regression fails fast (#425).

---

Full diff: v0.0.11-beta.3...v0.0.11-beta.4
Full changelog: https://github.com/FailproofAI/failproofai/blob/main/CHANGELOG.md#00114-beta4--2026-06-10