Changelog

Versioning & Release Policy

TameFlare follows Semantic Versioning (semver):

Major (X.0.0) — breaking changes to API, CLI, or configuration format. At least 30 days deprecation notice before removal.
Minor (0.X.0) — new features, new doc pages, new connectors. Backward-compatible.
Patch (0.0.X) — bug fixes, security patches, documentation updates. Backward-compatible.

Release cadence

| Type | Frequency | Examples | |---|---|---| | Patch releases | As needed (typically weekly) | Bug fixes, security patches | | Minor releases | Monthly | New features, new connectors | | Major releases | When necessary (rare) | Breaking API changes |

Deprecation policy

Deprecated features are marked in the changelog and docs with a Deprecated badge
Deprecated features continue to work for at least 2 minor releases (typically 2 months)
Removal is announced in the changelog with migration instructions
Breaking changes are always documented in the Upgrade Guide

Staying updated

Changelog — this page (updated with every release)
GitHub Releases — github.com/your-org/agent-action-firewall/releases
GitHub Watch — watch the repo for release notifications

v2.0.2 — Security & Trust Hardening

Based on a 150+ question new-user audit across 4 personas (solo engineer, security engineer, engineering manager, SRE).

Security

SECURITY.md — vulnerability disclosure process, security design principles, known limitations, supported versions
CA key protected — ca.key and ca.crt added to .gitignore (auto-generated per installation, must never be committed)
CLI token security — tf connector add now supports --token-stdin (pipe from stdin) and --token-env <VAR> (read from env var) to avoid shell history exposure. --token flag warns about history visibility

Landing Page

CTA clarity — "Open dashboard" → "Self-host now" with "Requires local install" subtext
Zero telemetry statement — added to "What TameFlare is not" section: no analytics, no phone-home, no license checks
Connector badges — now labeled "(all stable)" with action counts for all 5 connectors
Version badge — "v2.0 · Production-ready" in hero area

Configuration

.env.example — POSTHOG_KEY and SENTRY_DSN commented out with "disabled by default, zero telemetry" note

Purchase Flow & Community (v2.0.11)

Support (new page) — 4-tier support matrix (Community/Pro/Team/Enterprise), response time SLAs by severity (critical/high/medium/low), email support scope table, enterprise support details (dedicated Slack, named engineer, professional services), self-help resource links, security vulnerability reporting process
Plans page expanded — purchase flow FAQ (manual process with 24h SLA, self-serve planned), payment methods table (credit card, invoice NET 30, wire transfer), 30-day money-back refund policy, annual pricing (coming soon ~20% discount), overage behavior (hard block at limit, 402 response, monthly reset at UTC), enterprise contact details
Changelog expanded — versioning & release policy (semver commitment, release cadence table, deprecation policy with 2-release notice period, staying updated via GitHub releases)
Security page expanded — third-party audit statement (honest: not yet audited, planned), test coverage table (278+ tests across 6 suites), security-specific test areas (auth bypass, RBAC, kill switch, rate limiting, nonce replay, Zod validation)
About page expanded — team & governance section (maintainers, governance model, bus factor with honest assessment), security audit status summary
Sidebar expanded — Support page in Reference, Community section (GitHub Discussions + Source Code with external link handling), Learn section (tutorials, example agent repo)
CONTRIBUTING.md — contribution guidelines, code style, testing instructions, license agreement

Team Rollout & Exit Documentation (v2.0.10)

Team Rollout (new page) — multi-environment deployment guide (separate instance per env, shared policies via export/import, single-instance alternative), RBAC reference (4 roles, 12-row permissions matrix, honest "no custom roles"), user registration flow (first user = owner, REGISTRATION_OPEN, DEFAULT_USER_ROLE), new member onboarding, multi-tenancy status (honest: single-org per instance), SSO roadmap (planned for Team tier), agent-scoped visibility (current state + roadmap), config migration guide (8-step checklist)
Uninstall page expanded — vendor lock-in assessment (6-component risk table, removal path per integration mode, transferable concepts)
Plans page expanded — per-environment licensing FAQ, downgrade procedure (resource-by-resource impact table with what happens to excess agents, actions, audit, and features)

Audit, Monitoring & Operations Documentation (v2.0.9)

Audit Log (new page) — append-only architecture (no delete API, honest note about no cryptographic chaining), 26 event types with full schema, event-specific JSON examples, per-tier retention (30d/30d/1yr), cleanup job (manual + cron), CSV + webhook export, SIEM integration guide (Splunk, Datadog, ELK, Sumo Logic), compliance evidence guide (approval chain proof, 5 provable claims, 3 honest limitations)
Architecture page expanded — component independence (gateway runs without control plane), gateway health monitoring (traffic log discrepancy detection, silent drop detection), log rotation & disk management (growth estimates, manual prune, thresholds), HA/scaling limitations (honest: single-node SQLite, no HA gateway, Turso for multi-node control plane, planned improvements)
Policies page expanded — policy hit analytics (SQL query for top policies, pattern diagnosis table, dashboard charts, Prometheus PromQL)

Integration & Connector Documentation (v2.0.8)

3 new documentation pages + integration guide expanded:

Connectors — per-connector reference: GitHub (20+ actions, GHE custom base URL), OpenAI (15+ actions, Azure workaround via generic connector), Stripe (11+ actions), Slack (10+ actions), Generic HTTP (method-based, action counting, custom auth header). Custom connector development guide with Go interface, Jira example, and registration instructions.
Proxy Behavior — headers (added/stripped/preserved/not-logged), SSE streaming (fully supported), chunked transfer, protocol support matrix (HTTP/HTTPS yes, WebSocket/gRPC/UDP no with rationale), NO_PROXY domain exclusions, upstream proxy chaining (not yet supported + workaround), connection handling (timeouts, pooling, keep-alive), rate limiting reference (120 req/min proxy, 60 req/min SDK).
Observability — 10 Prometheus metrics with labels, scrape config, 6 Grafana PromQL dashboard panels, 6 Prometheus alert rules (high denial rate, kill switch active, gateway down, high latency, agent rate limited, upstream errors), Alertmanager integration (Slack + PagerDuty), Datadog options, health monitoring endpoints.
Integration guide expanded — framework interception explanation (transport-layer, 9 framework compatibility table), multi-agent setup guide (DevOps Bot + Finance Bot example, agent isolation, naming conventions).

Policy & Enforcement Documentation (v2.0.7)

Policies page expanded from 572 to 910 lines with 7 new sections:

Policy model overview — access rules vs policies, which takes precedence, evaluation order (kill switch → access rules → policies), when to use each (decision table)
Decision algorithm — deny-wins precedence with pseudocode, 5-row precedence table, worked example with 3 policies
Default behavior — no matching policy = deny with hint, catch-all policy example with warning
Policy scoping guide — 6 scope levels (global, per-connector, per-action-type, per-agent, per-environment, combined), priority range recommendations
Policy-as-code workflow — git → PR → CI → API deployment, GitHub Actions example, version history in dashboard
Risk model — 6 built-in risk hints, agent-provided vs connector-provided, risk scoring table (0-100)
Testing expanded — dry-run response example (JSON), dashboard UI walkthrough, simulation endpoint for batch testing

Core Reference Documentation (v2.0.6)

9 new documentation pages added to the "Operations" section:

Failure Modes — gateway crash, SQLite corruption, approval timeout (5min → 408), DNS failure, malicious YAML handling, disk full, connector auth errors, cold start times, load balancer compatibility
Backup & Restore — SQLite backup (file copy + .backup API), config export/import, full backup script, automated cron, disaster recovery matrix (5 scenarios)
Upgrade Guide — standard upgrade (git pull + pnpm db:push), version pinning, breaking change checklist, v1→v2 migration steps, Docker Compose upgrades, rollback procedure
Performance — proxy latency (p50/p95/p99), policy evaluation scaling, gateway resource usage, control plane resource usage, SQLite throughput, cold start times, scaling limits
Architecture — component diagram, 3 deployment topologies (single-node, split, Docker Compose), network requirements, blast radius analysis, scaling patterns
CI/CD Integration — GitHub Actions workflow, Docker-based CI, ephemeral container pattern, health check best practices, artifact collection
Database & Storage — why SQLite, full schema overview (17 tables), data growth estimates, Turso cloud support, data residency matrix
Uninstall & Exit — 6-step removal guide, credential extraction, data export, system trust cleanup, GDPR data deletion
Kill Switch Recovery — activation (dashboard/CLI/API), investigation runbook (7 steps), notification options, false alarm prevention

Docs sidebar reorganized with new "Operations" section.

Landing Page & Pricing Copy (v2.0.5)

Landing Page

Agent definition — hero now explains "any process that makes HTTP calls — Python scripts, LangChain agents, n8n workflows, shell scripts"
"Zero code changes" clarified — "(Mode A)" qualifier added; CLI section explains Mode B requires SDK
Platform template badges — OpenClaw, LangChain, n8n, Claude Code all marked "(stable)"
Monitoring scope — "What TameFlare is not" clarifies: monitors own activity only, not app metrics/infra/APM
ES256 link — "Allow" decision links to Concepts docs page for token details
Fail-closed link — "Deny" decision links to Security docs page
Security model summary — new section: HTTPS interception, credential isolation, fail-closed, link to full security docs
Social proof — GitHub stars button, "source-available since 2025", TameFlare vs alternatives link
Roadmap link — added to footer navigation
Demo sandbox — CTA section links to dashboard demo sandbox

Pricing Page

Scenario table — "Which plan fits your team?" with Solo dev / Small team / Platform team recommendations
4 new FAQs — agent limit (total vs concurrent), license expiry (falls back to Starter), annual pricing (not yet), trial (Starter = full eval)
Action counting — clarified: only connector-matched requests count, blocked-no-connector don't
Purchase SLA — CTA buttons now say "Get license key (within 24h)"
Trial statement — Starter description: "All features testable — no time limit"

Security Model Documentation (v2.0.4)

HTTPS interception explained — TLS termination with local CA, per-installation uniqueness, trust store configuration (Python, Node.js, Go, macOS)
Proxy bypass analysis — honest limitations table (5 bypass methods) with OS-level mitigations
Credential vault deep dive — encryption details, access matrix (5 actor types), key loss recovery
Data logging scope — what tf logs (11 data types) and what it intentionally does NOT log (5 types with reasons)
Inter-component security — localhost-only default, service token auth, agent port isolation
Data residency — zero outbound calls table, Slack notification data scope, no telemetry confirmation
Fail-closed model — 9 denial scenarios documented (no fail-open mode)
Operational checklist expanded — added signing keys, CA key, credential vault permissions
Responsible disclosure — updated email, linked to SECURITY.md

First-Run Experience (v2.0.3)

Prerequisites section — Node.js ≥18, pnpm ≥8, Go ≥1.22, OS support matrix (Linux/macOS/Windows native)
pnpm requirement — explicit explanation that npm/yarn won't work with monorepo workspaces
pnpm dev scope — clarified: starts Next.js control plane only, gateway started separately
Smoke test — new step 5: curl /api/health expected output + tf status
Docker Compose services — lists both services started (web + gateway) with ports
Config file guide — .TameFlare/ directory contents with commit safety table (config.yaml = safe, ca.key = never)
Environment variables — split into Required (none for dev), Recommended (4 for production), Optional
ES256 key auto-generation — explained: ephemeral for dev, persistent for production with link to env-vars page
Port conflict troubleshooting — PORT=3001 pnpm dev and .TameFlare/config.yaml port override
System requirements — Gateway ~20-50 MB RAM, control plane ~200-400 MB RAM
CLI token security — --token-env GITHUB_TOKEN in quickstart examples
Env-vars docs — telemetry section clarified as "disabled by default, zero telemetry"

v2.0 — Proxy-First Architecture

Major release: transparent HTTP proxy that intercepts all agent outbound traffic. Zero code changes required.

Gateway v2 (Go)

Transparent HTTP/HTTPS proxy — intercepts all agent outbound traffic via HTTP_PROXY/HTTPS_PROXY
Per-agent proxy ports — each agent gets a dedicated port for traffic isolation
ECDSA P-256 CA — auto-generated TLS certificate authority for HTTPS interception
SQLite traffic logger — every request logged with agent, domain, action, decision, latency
Enforcement levels — monitor (log only), soft_enforce (log would-deny), full_enforce (block)

Connectors (6 built-in)

GitHub — 20+ action types (PRs, issues, branches, releases, files, repos, webhooks, workflows)
OpenAI — 24+ action types (chat, completions, embeddings, images, audio, files, fine-tuning, assistants, batches)
Anthropic — messages, models (dual-provider with OpenAI connector via provider field)
Stripe — 40+ action types (charges, refunds, payment intents, customers, subscriptions, invoices, payouts, transfers, products, prices, disputes)
Slack — 35+ action types (messages, channels, files, reactions, pins, users, bookmarks, reminders, admin ops, webhooks)
Generic HTTP — any domain, bearer/api_key/basic auth

Permission System

Per-agent, per-connector, per-action permissions with wildcard patterns (github.pr.*)
5-level resolution — exact match > wildcard > all actions > global > default deny
Deny-all default — no connector configured = no access

Credential Vault

AES-256-GCM encrypted credential storage on disk
Proxy injects credentials at request time — agent never sees real API keys

Approval Workflow (Proxy)

Hold-connection model — proxy holds HTTP connection open until human approves (5 min timeout)
Approve/deny via CLI (tf approvals approve/deny) or dashboard
SQLite-backed with waiter channels for goroutine synchronization

Scoped Kill Switch

Block ALL traffic, or scope to a specific connector or agent
Instant activation via CLI or dashboard

CLI v2

tf init — scaffold .TameFlare/ directory, generate TLS CA, start gateway
tf run --name "Bot" <cmd> — register process, set proxy env vars, spawn process
tf status, tf stop, tf logs — gateway management
tf connector add/list/remove — manage connectors
tf permissions set/list — manage per-agent permissions
tf approvals list/approve/deny — manage pending approvals
tf kill-switch activate/deactivate — emergency controls

Platform Templates

tf init --platform openclaw — OpenAI + Anthropic, deny all else
tf init --platform langchain — LLM APIs + search tools
tf init --platform n8n — OpenAI + Slack + GitHub workflows
tf init --platform claude-code — GitHub + package registries

Dashboard Updates

Traffic page — live proxy traffic log with decision badges, method colors, agent/decision filters
Connectors page — live connectors from gateway, available types, permission model docs
Proxy approvals — one-click approve/deny with 5s auto-refresh
Overview — proxy gateway status, agent/connector counts, traffic stats

Landing Page & Docs

Landing page rewritten for proxy-first model with terminal-first code examples
README rewritten with proxy quickstart, architecture diagram, connector docs
Public docs updated: quickstart, concepts, API reference, integration guide, changelog

Hardening (v2.0.1)

Rate limiting — 120 req/min per agent, sliding window, 429 with Retry-After
Prometheus metrics — GET /internal/metrics with aaf_traffic_total, latency histograms, active agent/connector gauges, uptime
Response headers — X-TameFlare-Decision, X-TameFlare-Agent, X-TameFlare-Connector, X-TameFlare-Action on all proxied responses
Structured JSON logging — optional JSON log output to stderr with agent, connector, decision, latency fields
SQLite WAL mode — journal_mode=WAL + busy_timeout=5000 for concurrent performance
Docker — apps/gateway-v2/Dockerfile (multi-stage Alpine), docker-compose.yml updated (gateway-v2 primary, v1 legacy profile)
CI — gateway-v2 build + vet, CLI typecheck, v1 gateway renamed to legacy

v0.8.1 — Devil's Advocate Improvement Pass

Comprehensive improvement pass based on a 200-question devil's advocate audit of all user-facing pages, dashboard, and documentation.

Trust & Credibility

Version badge (v0.8.0) added to landing page hero and About page
ELv2 license tooltip in footer with plain-English explanation
About page rewritten with project maturity metrics, component status, and license section
"Coming soon" labels replaced with "In progress" + trackable issue links

Landing Page Clarity

Code snippet extended to show full request → execute flow (8 lines)
Latency note added: "Policy evaluation typically completes in single-digit milliseconds"
Mode B description improved: "Ideal for initial rollout and monitoring"
Connector claims qualified: "GitHub (11 actions) and generic webhooks"
"No managed/hosted version is planned" added to "What TameFlare is not"
Problem cards softened: "few or no runtime guardrails" instead of "no guardrails"

Pricing & Purchase Flow

Slack approvals and webhook connector moved to Starter tier (free)
Starter audit retention increased from 7 → 30 days
Policy Builder and email approvals removed from paid tiers (not implemented)
New FAQ: "Is the Starter tier really free?"
Upgrade link added to Settings > Plan section

Dashboard Onboarding & UX

Settings page reordered: Plan & License first, kill switch second
Enforcement level recommendation text added (L0 → L1 → L2 progression)
Production checklist improved: severity indicators (Critical/Recommended/Optional) + generation commands
Integration links: Slack setup, GitHub PAT creation, Docker Compose gateway URL hint
Agents empty state: suspend vs revoke explanation, runtime field description, lost key guidance
Policies: "recommended for new users" on GitHub Safe Defaults pack, improved priority explanation
Approvals: sandbox hint in empty state, approver group tooltip
Connectors: Gateway start command when offline
Webhooks: webhook_url usage explanation in empty state
Users: Copy invite link button, DEFAULT_USER_ROLE env var documentation
DEFAULT_USER_ROLE env var implemented (default: viewer, configurable)

Documentation

New Environment Variables reference page with all env vars, defaults, and generation commands
Quickstart env var table expanded with 5 new variables
Plans docs updated: Starter includes Slack + webhook + 30-day audit
Concepts: default role text updated to mention DEFAULT_USER_ROLE
Troubleshooting: Turso env var names fixed (TURSO_DATABASE_URL)
Sidebar: Environment Variables page added to Reference section

v0.8.0 — Messaging, Security & UX Improvements

Comprehensive improvement pass based on a 206-question audit of all user-facing pages.

Messaging & Trust

Standardized licensing language to "source-available under ELv2" across all pages
Removed all cloud/managed service references (no cloud product exists)
SDK install commands updated to install-from-source (npm/PyPI packages coming soon)
Honest connector count: 2 built-in (GitHub + Webhook), not implied broader support
Qualified data privacy claims with integration caveats

Registration & Security

Registration closed by default after the first user (bootstrap mode auto-opens)
New REGISTRATION_OPEN env var to allow new signups when needed
Encryption at rest ungated to all tiers — security is no longer a paid feature
Register page shows closed state with admin instructions

Landing Page

New Two integration modes section: Mode A (full enforcement) vs Mode B (policy-only)
New "What TameFlare is not" callout: not prompt engineering, not monitoring, not a framework, not cloud

Dashboard UX

Getting Started button — re-open the welcome guide from the overview page
Production readiness checklist on Settings page (6 live checks)
Improved agents page empty state with API key guidance
Policy model explanation (deny-wins, priority, scopes) on policies page
Sandbox description clarified: no real execution, policies auto-installed on first run

Documentation

Fixed wrong license in FAQ (was "MIT", now ELv2)
Fixed priority explanation that contradicted deny-wins model
Fixed stale "Managed Cloud" changelog entry
Updated plans docs: encryption listed under Starter tier

Legal

v0.7.0 — Licensing & Paid Tiers

Tiered licensing model

4 tiers: Starter (free), Pro ($20/mo), Team ($49/mo), Enterprise (custom)
License keys are HS256-signed JWTs with tf_lic_ prefix
Set TF_LICENSE_KEY env var or activate via dashboard/CLI
No internet required for license validation (offline HMAC verification)

Usage tracking & enforcement

Monthly action counters per org, tracked in usage_counters table
Agent limits enforced at creation time
402 Payment Required when plan limits reached
403 Forbidden for feature-gated endpoints

Feature gates

Batch API (Team+), Slack approvals (Pro+), webhook connector (Pro+)
Prometheus metrics (Pro+), config export/import (Team+)
Encryption at rest (all tiers as of v0.8.0), webhook callbacks (Pro+)
Audit retention enforced per tier

Dashboard plan UI

PlanUsage component with progress bars and tier badge
PlanBanner upgrade CTA at 80%+ usage
FeatureGate locked overlay for gated features
New Settings > Plan page with feature comparison table
Sidebar footer shows current tier badge

License management

POST /api/license/activate — validate and activate a key
GET /api/license/activate — check current license status
POST /api/license/issue — generate signed keys (admin, MAINTENANCE_SECRET)
/activate page — UI for pasting license keys
CLI: tf license status, tf license activate, tf license usage

SDK updates

Node.js + Python: 402/403 errors are not retried (immediate throw)
Error objects include upgradeUrl, tier, feature, requiredTier
Python: is_plan_limit and is_feature_gated convenience properties

Pricing page rewrite

Starter / Pro / Team cards with Enterprise CTA
Updated FAQs for license key model
Source-available language replaces open-source

Documentation

New Plans & Licensing page in public docs
TECHNICAL_SPEC Section 13: Licensing & Tiers
OpenAPI spec updated with license endpoints
README updated with ELv2 license, new env vars

v0.6.0 — Improvement Tracker Complete

Batch action endpoint

New POST /api/v1/actions/batch — submit up to 20 action requests in a single call
Each action evaluated independently against the same policy set
SDK: new batchRequestActions() method in Node.js SDK
Documented in API Reference with request/response examples

Prometheus metrics endpoint

New GET /api/metrics — Prometheus text format for observability integration
Metrics: total actions, active agents, hourly rate, 24h outcome breakdown, audit event count
Protected by MAINTENANCE_SECRET bearer token
Compatible with Grafana, Datadog, and any Prometheus scraper

SDK improvements

Failover mode (circuit breaker): failoverMode: 'open' returns a synthetic deny result when TameFlare is unreachable instead of throwing
onFailover callback for alerting/logging when failover triggers
Batch requests: batchRequestActions() for multi-action evaluation
Publish prep: npm exports map, keywords, repository, engines, README for Node.js; PyPI classifiers and project URLs for Python

Parameter redaction

Sensitive fields in action parameters (password, token, secret, api_key, authorization, etc.) are automatically redacted with [REDACTED] before database storage
Original values used for policy evaluation and token hashing but never persisted
New redactSensitiveFields() utility in @/lib/redact

Framework integration guides

New section in SDK docs: LangChain (Python), OpenAI function calling (Node.js), CrewAI (Python)
Shows the universal pattern for wrapping tool calls with TameFlare policy checks

Migration guides

Added to Troubleshooting docs: SQLite → Turso, password → email auth, adding encryption at rest, upgrading between versions

Documentation expansion

New Action Types page (/docs/action-types) — all 16 Gateway actions, naming convention, custom types
New Security page (/docs/security) — threat model, token lifecycle, encryption, auth, operational checklist
Performance & architecture section in Deployment docs — architecture overview, latency, scaling, resource requirements
Cloud deployment guides — Fly.io, Railway, AWS ECS with step-by-step instructions
10 new FAQ entries — hallucination, deny-wins, token timing, failover, GDPR, timezones
About page (/about) — project status, motivation, community links

Landing page & pricing

Hero section jargon clarified with plain-English explanations
GitHub stars badge and community links added
Misleading claims fixed (latency, connector scope, setup time)
Non-Slack approval options documented on landing page
Pricing page rewritten: vaporware tiers removed, honest Starter / Pro / Team / Enterprise model

Dashboard UX

6 demo scenarios across 3 domains (GitHub, payments, infrastructure)
Policy Builder wizard — 5-step form alternative to raw YAML editing
Auto-refresh toggle — visible Live/Paused button with localStorage persistence
Agent management — suspend action with tooltip explanations, better UX
RBAC visibility — role descriptions and invite hint on Users page
Connectors page — Gateway optional note, expandable action lists per connector
Configurable per-agent rate limits — checkRateLimit() accepts optional maxRequests

v0.5.0 — Credibility, Integration & Onboarding

Integration guide

New Integration Guide docs page with end-to-end walkthrough for connecting agents to TameFlare
Two integration modes documented: Mode A (full enforcement via Gateway) and Mode B (policy-only)
Framework-specific examples: Node.js, Python, LangChain, CrewAI, and raw HTTP
Step-by-step credential migration path from agent to Gateway
Recommended rollout plan (L0 Monitor → L1 Soft enforce → L2 Full enforce)
Troubleshooting table for common issues

Custom sandbox

Sandbox now has Presets and Custom tabs
Custom tab provides a JSON editor with a starter template
Type any action spec and evaluate it against your installed policies
Results show outcome, risk score, reason, and matched policies

Welcome modal

First-time users see a 4-step guided tour on their first dashboard visit
Steps: try sandbox, install policies, register agent, connect agent
Dismissible via "Get started" button, remembered in localStorage

User management

New Users page at /dashboard/users with role badges and status indicators
Role change dropdown (owner/admin/member/viewer) with RBAC enforcement
Suspend and activate controls for user accounts
POST /api/dashboard/users endpoint protected by admin role
Three new audit event types: user.role_changed, user.suspended, user.activated

Contextual empty states

Actions page empty state now shows icon, explanation, and links to sandbox and integration guide
Approvals page empty state explains requires_approval and links to policies and Slack config
Risk score indicator shows Low/Medium/High label and risk factor explanation on hover

Credibility fixes

Created /privacy and /terms pages (previously 404)
Fixed placeholder GitHub repo URLs (your-org → agentfirewall) across README, quickstart, and docs
Changed pricing CTA from "Start free trial" to "Get started"
Aligned enforcement level names across Settings UI, Concepts docs, and Technical Spec (Monitor / Soft enforce / Full enforce)
Removed unused env vars (NEXTAUTH_SECRET, GITHUB_CLIENT_ID/SECRET), documented MAINTENANCE_SECRET and AUDIT_RETENTION_DAYS
Fixed footer links on landing and pricing pages
Fixed stale "NextAuth" references in Technical Spec (actual auth is custom email/password with bcrypt + DB sessions)

Inline help links

Settings integrations form: links to Slack app creation, GitHub token creation, and Gateway setup guide
Create Policy modal: "Syntax docs" link to Writing Policies documentation

Production deployment guide

New Deployment docs page covering Docker Compose, environment variables, key generation, SQLite vs Turso, TLS/HTTPS (Nginx, Caddy, cloud), platform guides (Fly.io, Railway, VPS), approval channels, maintenance, and backups

Encryption key warning

Settings integrations form shows an amber warning banner when SETTINGS_ENCRYPTION_KEY is not configured
Explains that secrets are stored in plaintext without the key

Toast notifications for settings

Enforcement level, organization settings, and integration settings all show success/error toast notifications on save
Uses the existing useToast() system

Password reset

Admins can reset user passwords from the Users page via the Manage dropdown
Generates a temporary password shown once in a modal with a copy button
Login page "Forgot password?" link explains the self-hosted reset process

Troubleshooting & FAQ

New Troubleshooting docs page with 9 common issues (auth errors, policy matching, gateway connection, encryption, login, DB upgrades) and 9 FAQ entries

Your First Policy tutorial

New step-by-step tutorial: define a policy goal, write YAML, test in the sandbox, understand rule evaluation, and refine
Covers deny, requires_approval, and allow rules with real examples

Connector action documentation

API Reference now lists all 11 GitHub connector actions and 5 webhook connector actions with parameter tables

Server-side audit search

Audit log search now runs server-side via SQL LIKE queries across event type, agent ID, action type, and details
Previously filtered client-side after fetching all results — now pagination works correctly with search

Action type filter

Actions page now has an action type search input alongside the existing status filter buttons
Active filters shown as removable chips with a "Clear all" option

Trust signals

GitHub repo icon link added to landing page navigation bar
Footer updated with GitHub link and MIT License badge

v0.4.0 — Dashboard UX & Observability

Agent detail page

New Agent Detail Page at /dashboard/agents/[id] — click any agent name to see the full profile
7-day activity sparkline (Recharts bar chart), action history table with risk scores, stats (total actions, today, denied, pending approval)
Agent info card with runtime, environment, API key prefix, status, timestamps
Audit timeline showing every event for that agent
Inline controls: suspend, activate, revoke — with toast notification feedback

Policy version history

New policy_versions database table tracks every change to a policy (version number, YAML content, who changed it, change type)
New Policy Detail Page at /dashboard/policies/[id] — click any policy name to see current YAML, tags, priority, and full version timeline
Versions are recorded automatically on policy creation (update tracking coming next)

Command palette

Press Cmd+K (Mac) or Ctrl+K (Windows/Linux) to open a global search overlay
Search across 8 dashboard pages and 4 quick commands (toggle kill switch, register agent, create policy, export audit)
Full keyboard navigation: arrow keys to move, Enter to select, Escape to close
Search button with platform-aware shortcut hint in the dashboard header

Toast notifications

New ToastProvider context and useToast() hook for mutation feedback
Three types: success (green), error (red), warning (amber)
Auto-dismiss after 4 seconds with slide-out animation
Wired into agent detail controls (suspend/activate/revoke)

Breadcrumb navigation

Auto-generated from the current URL pathname
Clickable segments for every level (Dashboard > Agents > agent-id)
Label map for all known dashboard pages, truncation for long IDs
Hidden on the overview page to keep it clean

Responsive mobile layout

Sidebar hidden on screens below lg breakpoint
Hamburger menu button in the header opens a slide-out panel with full sidebar navigation
Responsive padding (px-4 on mobile, px-8 on desktop)
Overlay backdrop when mobile menu is open, auto-closes on navigation

Webhook delivery log

New webhook_deliveries database table logs every webhook callback attempt
fireWebhook() now records URL, HTTP status code, latency (ms), response body, and errors
New Webhooks page at /dashboard/webhooks with stats cards (total, successful, failed) and a delivery history table
Added to sidebar navigation under Setup

Dark/light theme toggle

New ThemeProvider context with useTheme() hook supporting dark, light, and system modes
Persisted to localStorage, respects prefers-color-scheme media query
Toggle appears in the UserMenu dropdown with Moon/Sun/Monitor icons
System mode automatically follows OS preference changes

Config export/import

Export: GET /api/dashboard/export (requires admin) — downloads all policies, agents, and org settings as a JSON file
Import: POST /api/dashboard/import (requires owner) — restores policies and agents from a JSON bundle, creates audit trail entry
Imported agents receive new API keys; policies are created as new entries

API response headers

All /api/* responses now include X-Request-Id (unique per request) and X-TameFlare-Version headers
Injected via Next.js middleware on both public and dashboard API routes
Middleware matcher expanded from dashboard-only to all API routes

v0.3.0 — Platform Maturity

Action investigation

New Action Detail Page at /dashboard/actions/[id] — click any action row to see the full lifecycle
Action spec JSON, policy evaluation trace (matched policies, risk factors, constraints), decision details, approval flow, execution result
Audit timeline showing every event for that action in chronological order

Analytics dashboard

Recharts-powered charts on the Overview page: 7-day stacked area chart (actions over time by outcome), pie chart (decision breakdown), horizontal bar charts (top agents by volume, top denied action types)
Charts appear automatically once you have action data

Shared UI components

StatusBadge, RiskIndicator, and StatCard extracted to @/components/ui/ and deduplicated across dashboard pages
Consistent styling and behavior everywhere these components appear

Real health monitoring

New GET /api/health endpoint that checks database connectivity and gateway latency
HealthStatus client component in the dashboard header replaces the previously hardcoded "All systems operational"
Hover tooltip shows per-service status with latency in milliseconds
Auto-refreshes every 30 seconds

Input validation

Zod schemas for all major API routes: action requests, dry-run, agent creation, approval responses
POST /api/v1/actions now returns structured validation errors with field paths
Error format: { "error": "Validation failed", "details": "action_spec.resource.provider: provider is required" }

RBAC enforcement

New requireRole() middleware with role hierarchy: owner > admin > member > viewer
Kill switch toggle requires owner role
Agent and policy management requires admin role
Returns 403 Forbidden with required_role and your_role in the response

Data cleanup

New POST /api/maintenance/cleanup endpoint for purging expired data
Cleans expired token nonces, expired sessions, and used nonces older than 24 hours
Optional audit event retention via AUDIT_RETENTION_DAYS environment variable
Protected by MAINTENANCE_SECRET bearer token

Query layer hardening

All 13 database query catch blocks now log errors via logQueryError() instead of silently swallowing them
Organization ID cache uses a 60-second TTL instead of caching permanently (fixes stale cache in multi-org scenarios)

Policy editor

Create Policy modal now has a line number gutter alongside the YAML editor
Live YAML validation via the dry-run API (debounced at 500ms) with inline feedback
Valid/invalid indicator next to the editor label
Error and warning panels below the editor with specific messages
Full TameFlare policy template as placeholder text

Hardcoded values fixed

Sidebar plan label reads from org.plan in the database instead of hardcoded "Free plan"
Landing page footer links now point to /privacy, /terms, and mailto: instead of #
Health status in dashboard header is real, not decorative

v0.2.0 — Auth, Testing, and Developer Experience

User authentication

Email/password registration and login with bcrypt-hashed passwords
Session tokens with secure cookie management
User menu in dashboard header with role display and logout
Backward-compatible with DASHBOARD_PASSWORD shared password mode
First registered user automatically becomes org owner

Integration settings

New Settings > Integrations section for Slack, GitHub, and Gateway configuration
Credentials saved to DB and read at runtime via getIntegrationSettings()
Env vars take precedence; DB settings used as fallback
"Test connection" buttons for Slack and Gateway
Settings cache with 10s TTL, invalidated on save

Demo sandbox

Three built-in scenarios: safe (create issue), risky (merge PR), destructive (delete branch)
"Try the Firewall" buttons on dashboard overview
Real policy evaluation with audit trail

Audit log improvements

Search input filters events by text across all fields
Event type dropdown filters by specific event types
CSV export with optional type and search filters

Dashboard polish

Interactive enforcement level selector (L0/L1/L2) persisted to DB
Dynamic org name in sidebar from DB instead of hardcoded value
Connectors page "Configure" buttons link to Settings > Integrations

Testing

51 policy engine tests via vitest
- 35 condition tests covering all 14 operators, nested combinators, empty groups
- 16 evaluator tests covering deny-wins, scope filtering, priority, risk scoring, traces

Infrastructure

GitHub Actions CI pipeline: typecheck, unit tests, build (web + docs + gateway)
All hardcoded localhost URLs replaced with env-driven config (NEXT_PUBLIC_DOCS_URL, NEXT_PUBLIC_APP_URL)
Updated .env.example with all new variables

v0.1.0 — MVP

Initial release with full E2E flow.

Core

Policy engine with YAML DSL, deny-wins precedence
ES256 decision tokens with nonce replay protection
13 API routes including dry-run and token verify
In-memory rate limiting (60 req/min per agent)
Webhook callbacks on action decisions
Structured JSON logging with request IDs
Multi-org support

Gateway

Go execution gateway with 11 GitHub action handlers
Generic webhook connector (5 HTTP methods)
Real token verification via control plane

Dashboard

8 pages with real-time auto-refresh
Policy dry-run UI, interactive kill switch, approve/deny buttons
Paginated tables, trend indicators, error boundaries
Live gateway connector status
Password protection (opt-in)

SDKs and CLI

Node.js SDK with auto-retry and approval polling
Python SDK (sync + async)
CLI: init, status, agents, policies commands

Infrastructure

Docker Compose (web + gateway + seed)
3 built-in policy packs
OpenAPI spec