Changelog

• Blog post #30 — "Giving your AI agent a conscience: the case for runtime guardrails". Static analysis vs. pre-flight policies vs. runtime approval — the three-layer model for AI agent safety.
• Command search — new search box in the Commands/Pending tab filters pending commands by command text as you type, with a clear button.
• expacti status — updated CLI status command shows backend version, git SHA, human-readable uptime, DB status, queue depth, and active session count in a compact dashboard format.

• Reviewer mobile UX — approve/deny buttons now have min-height 48px and min-width 80px on mobile, all inputs use 16px font to prevent iOS auto-zoom, and a new @media (max-width: 600px) breakpoint makes command cards and buttons full-width side-by-side on small screens.
• expacti whitelist — new CLI command lists all whitelist rules in a tabular format showing pattern, type, action, and source.
• Risk score filter — new dropdown in the Commands tab header lets reviewers filter pending commands by risk level (All, Low, Medium, High, Critical) with a live count of matching commands.
• Blog post #29 — "The cost of a misfire: what happens when an AI agent runs the wrong command". Blast radius analysis, incident walkthrough, and recovery playbook.

• Blog post #30 — "Multi-party approval: when one human is not enough". AllOf, AnyOf, and MinRole approval models, regulated-industry requirements (SOX, PCI-DSS, ISO 27001), and full configuration examples.
• GET /api/whitelist/:id/history — new API endpoint returns the full version history for a whitelist rule, including pattern, risk level, changed-by, and timestamp for each version.
• expacti orgs — new CLI command to list, create, and manage organizations. Supports orgs list, orgs create, orgs members, and orgs invite subcommands.

• Bulk approve/deny — select-all checkbox, individual command checkboxes, action bar with approve/deny selected (N) buttons, and standalone approve-all/deny-all in the pending header. Confirm dialog before batch processing.
• Whitelist history modal — "History" button on each whitelist rule row opens a modal showing version history: version, pattern, risk level, changed by, and changed at.
• Blog post #27 — "From zero to production-safe AI agent in 15 minutes". Step-by-step tutorial: install, connect LangChain, approve, whitelist, ship.

• expacti config generate — expanded to include ALL config sections: server, auth, db, policy, notify, email, stripe, push, ai, reports, rate_limit, oidc, slack, saml.
• expacti logs — new CLI command. Shows last N audit entries with color-coded actions. -f flag for follow/watch mode (polls every 3s).
• Blog post #26 — "The anatomy of a safe AI agent: how we think about trust boundaries". Autonomy spectrum, four trust principles, trust budget concept.
• Integrations page — added webhook POST payload example.

• expacti config generate — new CLI subcommand prints a complete, commented config.toml template to stdout. Covers all sections: server, auth, rate_limit, policy, storage, notify, smtp, reports.
• expacti version — new CLI subcommand shows local CLI version and backend version/uptime/git SHA (or [unreachable]).
• Whitelist rule versioning — whitelist_versions table snapshots old values before every update. New endpoint: GET /api/whitelist/:id/history.
• Blog post #25 — "Why your AI agent's audit log is lying to you". Compliance angle (SOC 2 CC6.3/CC7.2), three unanswerable questions, pre-execution audit trails.

• Audit log pagination — response now includes data, total, page, per_page, total_pages. Frontend prev/next buttons with page indicator.
• Whitelist rule tagging — tags field on whitelist rules (DB + API + frontend). Tag filter: GET /api/whitelist?tag=docker. Tag pills in UI, comma-separated input in Add Rule form, tag filter dropdown.
• Blog post — "The hidden cost of autonomous AI: 5 incidents that could have been prevented".
• Blog post — "From SSH bastion to AI agent firewall: how expacti evolved". The pivot from logging to before-execution approval.

• expacti whoami CLI command — calls GET /api/auth/me and displays email, role, org, and 2FA status.
• Blog post #22 — "Building a Human-in-the-Loop SSH Proxy in Rust". Technical deep-dive into expacti-sshd: PTY-level command interception, atomic approval flow, bidirectional bridging, and the auth_none trick.
• Webhook retry with exponential backoff — 3 attempts with 0s/1s/5s delays. Final failures logged to audit_log with action "webhook_delivery_failed".

• API Keys management tab in the reviewer dashboard — admin-only tab to list, create, and revoke API keys. Create modal with name, role, and optional expiry. Key shown once after creation with copy button and warning. Revoke with confirmation.
• Blog post #21 — "The Anatomy of an AI Agent Gone Wrong". Post-mortem style analysis of AI agent failures: trust escalation, three failure scenarios with code examples, blast radius concept, and an agent-safe production checklist.

• Blog post #22 — "Human-in-the-Loop Without the Slowdown". Addresses the latency objection directly: whitelist hit rates (~5ms for 91% of commands), risk-gated timeouts, Slack-native approval (4.2s avg), backup reviewer chains, and the psychology of fast review UIs. Performance + safety framing targets teams evaluating adoption.

• Blog post #17 — "The 10 commands AI agents get wrong (and how to gate them)". Practical guide covering rm -rf with variable paths, git push --force, DROP TABLE, curl|sh, chmod 777, docker --privileged, systemctl stop, git reset --hard, aws s3 rm --recursive, and eval with dynamic input — with risk scores and approval-gate strategies for each.

• Blog post #15 — "Least privilege for AI agents: why read-only by default isn't enough". Five dimensions of agent privilege (data visibility, execution scope, network egress, temporal commitment, blast radius), the read-only illusion, and a practical three-tier approval model.

• /health response now includes git_sha — baked in at Docker build time via GIT_COMMIT_SHA ARG. Enables instant verification of which exact commit is running in production without SSH access.
• expacti status — CLI now displays commit SHA (first 8 chars) alongside version: ● expacti-backend v0.1.0 @ a36b778

• PTY parser upgrade — CommandBuffer now fully handles ANSI/VT100 escape sequences (arrow keys, CSI sequences), UTF-8 multi-byte input, Ctrl+C/D buffer clear, trailing whitespace trim. Test coverage increased from 8 to 23 tests.
• Anomaly detection false-positive fix — Rule 1 (first-seen) now requires ≥3 history entries before triggering. Rule 2 (unusual time) window widened to 05:00–23:00 UTC, eliminating noise for Romania morning hours.
• Blog post #14 — "Multi-Agent Systems and the Approval Problem". Covers orchestrator/subagent trust boundaries, minimal-footprint principle, approval granularity strategies.
• CONTRIBUTING.md — contributor guide: dev setup, project structure, code conventions, PR checklist, risk scoring + anomaly detection guidelines, API endpoint addition checklist.
• README rewrite — leads with "the problem" hook (AI agent autonomy failures), updated test count to 555, SDK integration examples (Python/LangChain, TypeScript/Vercel AI, GitHub Actions).

• Blog post #13 — "When to trust your AI agent (and when not to)". Practical trust spectrum framework: read-only vs. state-changing vs. irreversible vs. multi-system actions. When to require explicit approval, when to auto-approve, and why trust decisions need expiry dates.
• Blog index updated with post #13 at top.

• Caddy routing fix — all subdirectory pages (/blog/, /demo/, /pricing/, /compare/, /faq/, /use-cases/, /integrations/, /about/, etc.) were serving landing.html instead of the correct page. Root cause: try_files {path} landing.html missing the {path}index.html check. Fixed to try_files {path} {path}index.html /landing.html. All 13 verified URLs now return correct pages.
• CI web-deploy fix — deploy workflow only synced root *.html files, not subdirectories. Changed to full rsync expacti-web/ so all pages (blog/, pricing/, demo/, etc.) are actually deployed on push.
• Blog post #12 — "MCP Tools and the Case for Human Oversight Gates". Model Context Protocol opens powerful new attack surfaces — why tool calls need the same approval treatment as shell commands.
• Sitemap updated with MCP blog post.

• 7 new command categories: DATABASE_TOOLS, FIREWALL_CMDS, SERVICE_CMDS, DOCKER_CMDS, GIT_CMDS, CRON_CMDS, COMPILER_BUILD.
• SQL destructive detection: DROP/TRUNCATE/DELETE FROM → +65 score (psql + DROP TABLE → CRITICAL).
• Docker sub-command scoring: --privileged +35, host-mount +55, prune -af +15, destructive +30.
• Git force push +40, reset --hard +50, clean --force +30 — all ≥ HIGH.
• crontab -r → +35 (CRITICAL), eval/exec → +35, chmod 777 → +30, sed -i → +20.
• Critical pattern detection hardened: rm -rf / with word boundaries (no false positives on /tmp). dd if=/dev/zero of=/dev/* → 100, fork bomb → 100.
• 28 new tests, 543 total passing. Risk score reference docs added to CONFIGURATION.md.

• Blog post #11 — "The Principal-Agent Problem in AI Systems". Economics solved delegation risk with constrained authority and information mechanisms. Same principles apply to AI agents — here's how.
• Sitemap updated with new post.

• Blog post #9 — "GitHub Actions Approval Gates: Human-in-the-Loop for CI/CD Deployments". Per-command approval in CI workflows, migration gates, regional rollouts, on-call escalation patterns.
• Blog post #10 — "Prompt Injection and the Case for Human Approval Gates". Why input sanitization isn't enough, 5-layer defense model, Python SDK example with deny-on-timeout.
• Integrations waitlist fix — form now calls /api/waitlist instead of no-oping. Subscribers captured correctly.
• Sitemap updated with both new posts (priority 0.8).

• /integrations — 30+ integrations in a filterable grid (SDKs / DevOps / Notifications / Enterprise / CLI).
• 8 language SDKs: Python, TypeScript, Go, Rust, Java/Kotlin, PHP, Ruby, .NET. 3 AI frameworks: LangChain, Vercel AI SDK, LangChain4j.
• DevOps: GitHub Actions, Terraform provider, Kubernetes operator + Helm, install.sh.
• Notifications: Slack (Block Kit + approve/deny buttons), Microsoft Teams, Email (SMTP), Web Push (PWA), Webhooks.
• Enterprise/Auth: SAML 2.0, SCIM 2.0, Stripe billing, OIDC, TOTP 2FA, SOC 2, ISO 27001.
• 5 CLI tools: expacti-sh, expacti reviewer, expacti doctor, expacti ping, expacti audit/sessions.
• Featured integrations section, coming soon (VS Code, Datadog, PagerDuty, GitLab CI), and waitlist signup.

• /compare — expacti vs. Teleport, HashiCorp Boundary, CyberArk, Bastion hosts, plus a full-overview tab.
• Each comparison: verdict cards, narrative ("the core difference"), feature table, when-to-use guidance, CTA.
• URL hash routing: #teleport, #boundary, #cyberark, #bastion, #overview.
• Key framing: "before access / during access / after access" — expacti owns the during layer that no other tool addresses.

• /pricing — dedicated pricing page with annual/monthly billing toggle (save 20%), full feature comparison table across Free/Pro/Enterprise, 6 common objections answered.
• Landing page nav Pricing link now goes to /pricing (standalone URL, better for direct sharing and SEO).

• /faq — 22 questions across 6 categories: How it works, Latency & performance, Security, Integration, Pricing, Self-hosting.
• Category filter pills, accordion expand/collapse, URL hash routing (#security, #pricing, etc.).
• Landing page footer updated with Use cases, Demo, and FAQ links.

• /use-cases — persona-driven page with 5 buyer profiles: AI Coding Agents, DevOps Automation, Security & Compliance, Enterprise, Startups.
• Each section: scenario description, problem/solution cards, step-by-step flow, code snippet, targeted CTA.
• Tab switcher with URL hash routing (#ai-agents, #devops, #security, #enterprise, #startups).
• Landing page nav updated with Use cases link.

• Giving AI coding agents production access (without losing sleep) — practical framework with Python, TypeScript, and Go code examples. Covers the three failure modes (scope creep, irreversibility blindness, prompt injection), risk tiers, the whitelist-as-policy argument, and a pre-production checklist.

• /demo — fully interactive demo with 4 scenarios (deploy pipeline, AI coding agent, security audit, database ops). No signup needed.
• Side-by-side terminal + reviewer panel: watch commands arrive, review risk score, approve or deny with keyboard shortcuts (A/D).
• Auto-approve toggle for safe commands, scenario switcher, step progress indicators.
• Linked from landing page hero and nav.

• Blog post #6 — Limiting blast radius: how to scope what your AI agent can touch — practical framework for applying least privilege to AI agents across four dimensions: system access, command scope, data scope, and time scope.
• Includes a risk table (read-only → reversible → irreversible → privilege escalation) and practical scoping checklist for new agent deployments.
• Blog index updated (6 posts), sitemap updated, trailing slash consistency fixed on older posts.

• Blog post #5 — The audit trail your security team actually wants — what SOC 2 and ISO 27001 auditors ask for when AI agents run privileged commands, and what a real audit trail looks like vs. server logs.
• Covers: audit log format, compliance report exports (JSON/HTML/Markdown), session recording, anomaly detection as evidence layer.

• /changelog page — this page. Full product history as a public timeline, linked from footer and sitemap.
• Blog post #4 — The cost of blind trust: what actually goes wrong when AI agents act autonomously — six failure modes nobody talks about, and the one principle that prevents all of them.
• OG image — social share preview image added for all blog posts.

Seven SDKs shipped in one day — covering the entire AI agent ecosystem:

• Python SDK — sync + async client, LangChain tool, pip installable
• Node.js / TypeScript SDK — dual CJS/ESM, LangChain + Vercel AI SDK tools, 13 tests
• Go SDK — gorilla/websocket, Shell helper, thread-safe, 9 tests
• PHP SDK — Ratchet/Pawl WebSocket, Laravel integration, PHPUnit tests
• Java + Kotlin SDKs — Gradle, Maven, Spring Boot examples
• Ruby SDK — faye-websocket, Gem packaging
• .NET / C# SDK — xUnit tests, NuGet-ready, Solution file
• Rust SDK (expacti-sdk crate) — tokio-tungstenite, 7 integration tests

CLI gained five new commands: expacti doctor (pre-flight checks), expacti init (interactive setup wizard), expacti audit, expacti sessions, and expacti ping. Blog launched with three posts on AI agent security and human oversight.

• Beta waitlist — public POST /api/waitlist endpoint, landing page form, admin dashboard tab, confirmation emails to user and admin
• Public status page — status.expacti.com with live health embed in landing nav
• Shell completions — bash/zsh/fish completions for expacti CLI via expacti completions <shell>
• SQLite backup cron — automated daily backups of the production database
• Zero-config eval quickstart — make eval spins up a full demo stack locally, no configuration needed
• GET /api/orgs/me — returns org info for any authenticated token; used by Terraform provider and CLI
• Upgrade success toast — shows confirmation after Stripe checkout redirect

A full enterprise feature sprint — expacti now has everything a large org would need before signing:

• SAML 2.0 SP — enterprise SSO (Okta, Azure AD, Google Workspace)
• SCIM 2.0 — IdP-driven user lifecycle management (create, deactivate)
• Stripe billing portal — checkout, plan upgrade flow, webhook signature verification
• Terraform provider — manage expacti resources as code
• Slack integration — Block Kit messages with Approve / Deny buttons
• Microsoft Teams webhook — adaptive card format
• GitHub Actions composite action — gate CI/CD commands through expacti
• SLA dashboard — p50/p95/p99 latency, SLA compliance tab
• expacti reviewer CLI — terminal-based approval flow
• Real SSH target bridging in expacti-sshd — full PTY-level proxy with actual command interception

• User signup + email login — full auth flow with bcrypt, org_id in JWT
• OIDC login — Google, GitHub, Microsoft buttons in reviewer UI (real token exchange)
• Multi-reviewer invite flow — invite by email, accept link, team management tab
• E2E encryption — RSA-OAEP + AES-256-GCM hybrid; backend is a pure ciphertext relay
• K8s operator — ExpactiDeployment CRD, reconciliation controller, Helm chart
• OperatorHub submission — OLM ClusterServiceVersion files
• Email verification — token-based, 1h TTL, graceful if SMTP not configured
• expacti-sshd crate — SSH proxy skeleton with PTY command interception
• PostgreSQL support — DbPool abstraction wrapping SqlitePool | PgPool

Expanded the initial proof-of-concept into a production-ready system:

• TOTP 2FA — enrollment, login flow, backup codes
• Password reset — via email, rate-limited (3/hr), no email existence leakage
• PWA + Web Push — service worker, VAPID keys, bell toggle in toolbar
• AI whitelist suggestions — heuristic pattern engine (UUID/hex → wildcards), optional LLM via OpenAI
• Session recording — asciinema v2 format, in-browser playback with speed control
• Compliance reports — SOC 2 + ISO 27001 Annex A mapping, JSON/CSV/HTML/Markdown export
• Anomaly detection — 8 rules (time-of-day, rare commands, privilege escalation, etc.)
• Risk scoring — 0-100 score, badges in UI and CLI
• Audit log — immutable append-only with hash chain, export + verification endpoint
• Slack notifications + email notifications + webhook delivery
• Whitelist import/export (bulk JSON), search/filter, TTL/expiry
• Analytics dashboard — commands/day, approval rate, p50/p95/p99 latency
• Landing page — pricing, comparison table vs Teleport/Bastion, trust signals, footer
• docs.expacti.com — documentation site

First working version of expacti: a shell that intercepts commands and routes them to a web reviewer before execution.

• expacti-sh — Rust REPL using brush-core for bash compatibility; every command intercepted via WebSocket
• expacti-backend — Axum server with WebSocket approval queue
• expacti-web — dark-theme reviewer UI with Allow/Deny buttons and live WS feed
• Token auth — shell token + reviewer token from config.toml
• Whitelist — exact match rules, bypass approval for known-safe commands
• Deployed to expacti.com on day 1