v0.0.11-beta.2 — `failproofai audit`, first-run prompt, telemetry coverage

v0.0.11-beta.2 — failproofai audit, first-run prompt, telemetry coverage

Pre-release. Tracks every commit between v0.0.11-beta.1 (2026-05-20) and current main.

Highlights

• failproofai audit (beta) — retrospective scan of past agent sessions. New CLI command that walks transcripts from all 7 supported CLIs (Claude / Codex / Copilot / Cursor / OpenCode / Pi / Gemini), replays every tool-use event through the 39 builtin policies, and runs each through 8 new audit-only detectors for patterns not yet enforced in real time. Output is a GTM-oriented ANSI table (split into "✓ already protected" vs "○ slipping through" with per-row install CTAs) plus a sectioned, shareable markdown report at ./failproofai-audit.md. Flags + output may still change between beta releases.
• First-run install prompt on bare failproofai. PostHog showed only ~10% of npm-installed users ever ran failproofai policies --install; the no-args dashboard launch now detects "zero hooks installed across any detected CLI" and offers the existing interactive policy selection inline. Non-TTY (CI, piped) falls through with a stderr hint. Opt-out via FAILPROOFAI_NO_FIRST_RUN=1.
• PostHog telemetry coverage closed. 16 new server-side + 12 new web-UI events plug the gaps surfaced by the May audit — CLI install/uninstall outcomes, hook stdin/payload errors, builtin policy crashes (policy_evaluation_error, distinct from custom_hook_error), config validation warnings, postinstall lifecycle (first_install, version_changed), web dashboard interactions, and more.

Features

• failproofai audit (#377) — scan past agent transcripts and report how often the agent did things failproofai is built to stop. Replays through 39 builtin policies + 8 audit-only detectors:
  • redundant-cd-cwd, prefer-edit-over-read-cat, prefer-edit-over-sed-awk, prefer-write-over-heredoc, sleep-polling-loop, find-from-root, git-commit-no-verify, reread-after-edit
  • Flags: --cli, --project, --since, --policy, --limit, --show-examples, --report, --no-report, --json, --no-cache
  • Output: ANSI table (split into "already protected" vs "slipping through" sections with per-row install CTAs) + shareable markdown report
  • Per-transcript cache at ~/.failproofai/cache/audit/ auto-invalidates on policy/detector code changes
  • 4 PostHog events emitted (audit_started, audit_pattern_detected, audit_install_cta_shown, audit_completed); strict slug/count/boolean-only privacy contract, honors FAILPROOFAI_TELEMETRY_DISABLED=1
• First-run install prompt (#378) — bare failproofai invocation detects an unconfigured machine and offers the install flow inline; new src/hooks/first-run-nudge.ts module + 4 PostHog events to measure the uplift. Opt-out: FAILPROOFAI_NO_FIRST_RUN=1.
• PostHog telemetry expansion (#376) — 16 server-side + 12 web-UI events covering CLI lifecycle, hook errors, policy evaluation failures, config validation warnings, multi-scope warnings, beta-policy installs, postinstall lifecycle, and dashboard interactions. All honor FAILPROOFAI_TELEMETRY_DISABLED=1.

Breaking

• Removed undocumented cloud auth + event relay subsystem (#374). Deletes src/auth/ (OAuth 2.0 device-flow login against api.befailproof.ai, ~/.failproofai/auth.json token store) and src/relay/ (WebSocket event relay daemon, sanitized JSONL queue at ~/.failproofai/cache/server-queue/, PID tracking). Strips the failproofai login / logout / whoami / relay start|stop|status / sync subcommands and the internal --relay-daemon mode. Users who ran failproofai login should also wipe ~/.failproofai/{auth.json,cache/server-queue,relay.pid} and stop any running relay daemon by hand; new auth/cloud surface will land in a follow-up.

Docs

• New docs/cli/audit.mdx (beta) + nav entry, registered in docs/docs.json English section. Translation-sync workflow (#371) will add localized pages.
• First-run prompt documented in README, docs/introduction.mdx, and a new "First-run prompt" section in docs/cli/environment-variables.mdx (with FAILPROOFAI_NO_FIRST_RUN=1 opt-out).

Quality

• +62 tests (1623 → 1685 total). New __tests__/audit/ covers per-detector positive/negative cases, replay through real builtins, and an end-to-end fixture-transcript run via runAudit().
• New lib/format-date.ts unit tests (#373).
• Refactored per-CLI tool-name + tool-input canonicalization out of src/hooks/handler.ts into src/hooks/tool-name-canonicalize.ts so the live handler and audit replay share one implementation.
• 0 lint errors, tsc --noEmit clean, 7 CI jobs (build / docs / quality / test × 3 / test-e2e) green.

Upgrade notes

• Audit users: failproofai audit --since 30d is a good first run. The markdown report at ./failproofai-audit.md is shareable in Slack/PRs.
• Anyone using cloud auth/relay: see the Breaking section. Clean up ~/.failproofai/{auth.json,cache/server-queue,relay.pid} manually.
• CI consumers: telemetry is opt-out — set FAILPROOFAI_TELEMETRY_DISABLED=1 to silence all events.

---

Full changelog: v0.0.11-beta.1...v0.0.11-beta.2

v0.0.11-beta.1

0.0.11-beta.1 — 2026-05-20

Breaking

• Default policy namespace renamed from exospherehost to failproofai. Configs that explicitly reference builtins as exospherehost/<name> must update to failproofai/<name>. Flat-name shorthand (e.g. "sanitize-jwt") continues to work unchanged because it auto-resolves to the new default namespace. Builtin docs (EN + 14 translations) updated to show the new namespace.

Docs

• Rename GitHub org URLs across package.json metadata, README CI badge (EN + 14 translated READMEs), CONTRIBUTING, in-app "Star us" banners (bin/failproofai.mjs, scripts/launch.ts, navbar, reach-developers component), Mintlify docs/docs.json, and 30 translated docs (package-aliases.mdx issues link + examples.mdx repo-tree link) to reflect the exospherehost → failproofai org rename. X social handle in docs/docs.json updated from x.com/exospherehost to x.com/failproofai.

Fixes

• Remove orphan exospheresmall token from the Next.js proxy matcher in proxy.ts — no asset by that name exists in the repo.

v0.0.10 — 7-CLI policy enforcement: Claude, Codex, Copilot, Cursor, Gemini, OpenCode, Pi

First stable release of the 7-CLI cycle. failproofai now enforces policies across all major terminal coding agents:

CLI	Config path	Stop semantics
Claude Code	.claude/settings.json	exit-2 force-retry
OpenAI Codex	.codex/hooks.json	exit-2 force-retry
GitHub Copilot	.github/hooks/failproofai.json	{decision:"block",reason} JSON force-retry
Cursor Agent	.cursor/hooks.json	{followup_message} JSON force-retry
Gemini CLI	.gemini/settings.json	{decision:"block",reason} JSON force-retry
OpenCode	.opencode/plugins/failproofai.mjs + .opencode/opencode.json	in-process plugin
Pi	.pi/settings.json + bundled pi-extension/	before_agent_start next-turn injection

Highlights this cycle

• Per-CLI multi-select control panel in the dashboard /policies Configure tab — install / uninstall the diff across all 7 CLIs in one round-trip, with brand-colored per-row status pills, a 7-segment coverage strip, and pre-checked detected CLIs for one-click adoption (#344).
• Pi Stop policy enforcement via before_agent_start system-prompt injection — works around Pi's AgentEndEvent having no Result type by capturing the deny reason and gating the next user turn (#341).
• OpenCode + Pi tool-input canonicalization — two-layer (shim + handler) so block-read-outside-cwd, block-env-files, and block-secrets-write actually fire on read/write/edit calls. Existing user-scope shims auto-upgrade on the next failproofai version bump without a re-install (#337, #340).
• Per-CLI Stop semantics docs — new "Per-CLI Stop semantics" subsection in docs/built-in-policies.mdx with a 7-row table + Pi-limitation callout so users enabling require-*-before-stop understand what they'll see on each CLI (#342).
• Dashboard restyle: single dark theme, project pages keyed by encoded cwd, full Gemini session UUIDs, plain-text startup line replacing the ASCII wordmark (#319, #335, #336, #338).
• release-prep-check workflow policy + dated ## <version> — <YYYY-MM-DD> CHANGELOG headings so every PR ships release-ready (no ## Unreleased drift) (#335).

See CHANGELOG.md for the complete per-beta breakdown across the 13 betas in this cycle.

v0.0.10-beta.12

[luv-342] feat: enforce Pi Stop policies via before_agent_start hando…

v0.0.10-beta.11

What's Changed

• [luv-340] fix: regenerate OpenCode dev shim + handler-side canonicalization for OpenCode/Pi by @NiveditJain in #340

Full Changelog: v0.0.10-beta.10...v0.0.10-beta.11

v0.0.10-beta.10 - OpenCode + Pi policy enforcement; clean startup output

Fixes

• scripts/launch.ts: drop the dashboard-startup ASCII wordmark entirely. Every iteration (the original 10-row pixel-block banner, the 6-row trim, and the colored half-block render of the brand PNG) read poorly in standard terminals — too tall, vertically stretched, or just visual noise. Replace with a plain-text failproof ai title and a 📦 Version: <ver> line padded to the same column as the existing ⭐ Star us: / 📖 Docs: / 💬 Slack: lines, so version and URLs form one cleanly-aligned block (#338).
• Read full session UUID from each Gemini JSONL's metadata header at project-page session-listing time (lib/gemini-projects.ts), so links route to a valid [sessionId] segment instead of the 8-hex filename prefix that the session detail route's UUID_RE check rejects (404). Hooks-section links were already correct because hook stdin carries the full UUID; this aligns the projects-section with that path (#336).
• Canonicalize OpenCode and Pi tool-input arg keys so the path-checking builtin policies actually fire on read / write / edit tool calls. OpenCode delivers args as filePath / oldString / newString / replaceAll; Pi delivers path. The failproofai builtins read ctx.toolInput.file_path, so the shape mismatch silently no-op'd block-read-outside-cwd (OpenCode), block-env-files, and block-secrets-write for both CLIs — letting an OpenCode session read paths outside its CWD without any deny, and letting Pi sessions write to .env / SSH-key paths unchecked. Existing OpenCode users must regenerate their shim via failproofai policies --install --cli opencode to pick up the fix; Pi users must reinstall via failproofai policies --install --cli pi (#337).
• Route OpenCode project pages by encoded cwd (encodeFolderName(worktree)) instead of opencode's project name / basename, fixing the dashboard /project/<slug> 404 for OpenCode-only sessions and merging same-cwd OpenCode + other-CLI rows on the Projects page (#335).
• .failproofai/policies/workflow-policies.mjs: drop the ## Unreleased section; new release-prep-check policy + updated changelog-check instruct the agent to put entries under a dated ## <version> — <YYYY-MM-DD> heading so each PR ships release-ready, and all four workflow policies now anchor command-phrase matches to shell boundaries to avoid false-positives from HEREDOC bodies (#335)

v0.0.10-beta.9 - dashboard restyle, single dark theme

Features

• Restyle the dashboard to match the failproofai brand: near-black canvas (#0a0a0a) with pink primary #e4587d, sharper 0.5rem radius, Geist Mono via next/font/google, faint pink radial vignette, and the failproof wordmark in the navbar replacing the Exosphere icon + "Failproof AI" text combo. Drops light mode entirely — ThemeContext, ThemeToggle, Logo (theme-branching), the localStorage-keyed pre-paint script, the inline loading-splash <style>, the .light CSS block, and the obsolete public/exospheresmall*.png assets all go. Also fixes the entry-highlight keyframe (which referenced hsl(var(--primary) / …) against a hex variable so the row-click highlight never actually painted) using color-mix(in oklch, …) (#332).
• Redesign the dashboard-startup ASCII banner: hand-crafted chunky pixel-block lowercase "failproof ai" compressed with Unicode 2×2 quadrant block characters and horizontally scaled 4:3 so the full wordmark fits in ~75 cols × ~10 rows, with a plain-text fallback for narrower windows. Also drops the noisy "Using default .claude projects path: …" startup log line (#322).
• Remove the undocumented --projects-path / -p CLI flag — custom Claude project folders can still be pointed at via the CLAUDE_PROJECTS_PATH environment variable (#322).

Fixes

• .github/workflows/translate-docs.yml: when an [auto] update translations PR is already open, push the new translations to its existing branch instead of skipping. Previously the consolidate step exited early but the cache-save step ran first, so the cache advanced to mark the lost translations as done — and the next run saw them as cached and never re-translated (#325).

Docs

• Rewrite the English README.md: new layout with shields.io badges, CDN-hosted wordmark logo, the existing 7-CLI logo grid (Claude / Codex / Copilot / Cursor / OpenCode / Pi / Gemini), a tighter "What it stops" table, a License section explaining the MIT + Commons Clause split, and a docs index linking to docs.befailproof.ai. Hero GIF swapped to readme-arch-hq.gif (#321).

Tick "Set as a pre-release" since the version contains -beta..

Full changelog: https://github.com/exospherehost/failproofai/blob/v0.0.10-beta.9/CHANGELOG.md#0010-beta9--2026-05-09

v0.0.10-beta.8

[luv-324] fix: enforce Stop hook on OpenCode + cut 0.0.10-beta.8 (#323)

* [luv-324] fix: enforce Stop hook on OpenCode

Stop hooks fired on OpenCode (visible in dashboard activity feed) but
the agent stopped without retry — same failure mode Cursor had pre-#318
and Copilot had pre-#299. Root cause: no `cli === "opencode"` branch in
policy-evaluator's Stop / SubagentStop handling, so OpenCode fell into
the generic exit-2 path. The plugin shim's applyDecision turns exit-2
into `throw new Error(reason)`, but throwing from the `session.idle`
event callback is a no-op — OpenCode is already idle by the time the
event fires.

Fix: emit `{hookSpecificOutput: {additionalContext: <MANDATORY ACTION
reasonText>}}` for opencode Stop / SubagentStop in both deny and
instruct paths. The shim already routes `additionalContext` through
`client.session.prompt(...)` which submits a new user message that
re-triggers the agent loop — same model as Cursor's `followup_message`
and Copilot's `{decision: "block", reason}`. Promote applyDecision to
async and `await client.session.prompt` for Stop/SubagentStop events
so the SDK round-trip completes before the plugin context tears down;
keep fire-and-forget for tool events to avoid hot-path latency.

Sister CLIs verified while in here:
- Gemini AfterAgent (canonical Stop) was already correctly emitting
  `{decision: "block", reason}`; new unit tests pin both deny and
  instruct shapes to prevent regression.
- Pi `agent_end` is observation-only by upstream design — Pi's agent
  loop has already exited and `AgentEndEventResult` exposes no `block`
  field. CLAUDE.md already documents this; no code change.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* [luv-324] docs: clarify OpenCode plugin shim Stop semantics

Update configuration.mdx to reflect the new Stop / SubagentStop force-
retry channel: deny on Stop now routes through `client.session.prompt`
just like instruct, since `session.idle` is notification-only and
throwing from it is silently dropped.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* [luv-324] fix: address CodeRabbit feedback + cut 0.0.10-beta.8

Address PR #323 review:
- CHANGELOG.md: append (#323) to the Unreleased entry per repo convention
  (every entry ends with the PR number).
- docs/configuration.mdx:199: "Unlike the other four CLIs" → "Unlike the
  other six CLIs" — the page now lists six other integrations
  (Claude Code, Codex, Copilot, Cursor, Pi, Gemini) so the count was
  stale.

Release prep: promote the Unreleased entry to a versioned heading
`## 0.0.10-beta.8 — 2026-05-08`. Add a fresh `## Unreleased` heading
at the top for the next development cycle. package.json is already at
0.0.10-beta.8 (pre-bumped by chore commit a146ae6 after beta.7 release).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

v0.0.10-beta.7

release: cut 0.0.10-beta.7 (#320)

Promote the entry under `## Unreleased` to a versioned heading
`## 0.0.10-beta.7 — 2026-05-08`. Add a fresh `## Unreleased` heading
at the top for the next development cycle.

package.json was already at 0.0.10-beta.7 (pre-bumped by the post-#318
chore commit 6039817); no version edit needed here. The CHANGELOG cut
completes the release-prep handshake.

Entry promoted:
- OpenCode dashboard tool-call render fix from #319

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

v0.0.10-beta.6

[luv-319] fix: enforce Stop hook on Cursor Agent CLI + cut 0.0.10-bet…