Changelog
RSSGTM reshape: agent governance, not date-pinned compliance
Repositioned Faultline as the agent-governance category leader rather than a date-pinned compliance product. Hero eyebrow now reads "Agent Governance"; framework pills broadened to include NIST AI RMF and ISO 42001 alongside EU AI Act / SOC2 / GDPR / HIPAA / FDA; new marketplace-distribution row positions FW for AWS Marketplace · Azure · Salesforce AppExchange · ServiceNow Store · MCP. Brand subheadlines, root + compliance SEO metadata, JSON-LD featureList, and README all lead with "future-proof your agent stack" — EU AI Act demoted to one trigger context among many. Driven by the Digital Omnibus deferral signal (the April 28 trilogue ended without agreement; May 13 trilogue is next).
Claim Graph: connected SOTA visualization (UAT-7)
Replaced static Mermaid subgraph boxes with React Flow + dagre auto-layout. Argument sits at the root; every claim branches off with a verdict-colored edge (green solid "backs", red dashed "breaks", amber "wobbles", slate "leans on"). Animated flow on supported/contradicted edges, glow on threat nodes, hacker-palette dark theme throughout. Dropped mermaid + isomorphic-dompurify deps.
Scan UX: thinking ticker + punchy claim loading (UAT-8)
During per-claim verification gaps (~12s each on prod), the scan log now rotates pseudo-log lines ("consulting sources...", "weighing evidence...", "synthesizing verdict...") every 1.8s — faux but honest, since the backend LLM IS doing grounded search. Per-claim loading cards swapped faint shimmer for terminal-style "VERIFYING_" label with blinking cursor + animated scan-line sweep. Patience no longer wears thin during long scans.
UAT-4/5/6: latency ETA, onboarding unblock, stats counters
Scan ETA multiplier 2s/claim → 12s/claim (observed FP reality, no more under-promising). Cancel button now sits next to the progress stepper during in-flight scans. Onboarding modal replaced with a non-blocking bottom banner — hero scanner interactive from first paint. Stats counters (40,609 portfolio tests / 5 providers / 17 projects) now animate on mount instead of waiting for scroll.
Landing chrome cleanup (UAT-2/3) + back-button re-scan fix (UAT-1)
Removed the "pip install nxtg-atlas" ghost (different NXTG product) from hero + public/llms.txt + llms-full.txt. "Star on GitHub" now points at the correct faultline-web repo. Landing CLI card reframed as "For developers" with explicit "Same engine as the web tool — different surface" copy + enterprise teaser (SSO · audit trails · custom frameworks · dedicated support). Back-button from /pricing to /results no longer re-runs the LLM scan — results now hydrate from sessionStorage cache.
FR-5: /weakest + /critique end-to-end
Faultline-Pro shipped the two endpoints (commit 682f337 on FP). FW-side had been dark-launching for weeks with a 404-masked-by-401 bug; with both layers fixed, the weakest-link + critique panels on /results now populate with real LLM-generated analysis (argument strength, fragility scores, improved-prompt rewrites). No more perpetual shimmer on the verification section.
P0 Dependabot remediation — 19 vulns → 0
Show HN pre-launch security clearance: non-forcing npm audit fix + manual patch-in-minor bump on next (16.2.0 → 16.2.4). Zero vulnerabilities before going live.
Demo timing calibrated against real scans
Demo mode playback cadence recalibrated from ground-truth live scan data (147s for 8 claims → ~18s/claim on verify stage). Demo now runs ~16s end-to-end instead of 2.5s — feels like real work without boring the user.
FR-4 spec + live-scan reference corpus
Filed FR-4 (embed full ComplianceReport in /scan/stream complete event — closes FR-1 parity gap). Added docs/live-scans/ with the canonical financial-claims reference payload + HTML/PDF reports for UI calibration.
SOTA UX: sources auto-surfaced on contradicted claims
Grounding sources appear inline on contradicted/mixed claims without needing to expand. No click required.
SOTA UX: cache hit indicator
Reads X-Cache: HIT from Faultline-Pro. Shows "↑ result from cache" in results footer.
SSE translation layer for progressive streaming
fp-proxy.ts translateFPStreamEvents() maps FP stream events to faultline-web format. Ready for POST /scan/stream when FR-1 ships.
PLG Unblock — free tier quota + anonymous scan system
Free-plan users now use their 5 scan/month quota instead of being hard-blocked. Anonymous users (no account) get 3 real scans/day via Cloudflare Turnstile + IP-based quota. Demo mode is now explicit opt-in with a "See a demo instead →" escape hatch.
PDF authority upgrade + easter egg
PDF exports now include FAULTLINE-YEAR-XXXX finding IDs, sub-second timestamps, SHA-256 scan fingerprint for tamper evidence, and a base64-encoded promo code hidden in PDF Author metadata. Renders with classification banner, severity color bars, and confidential footer.
Demo Mode — Zero-Friction Scan
Unauthenticated users get a full, realistic scan replay with streaming UX, trust gauge, weakest-link analysis, and compliance report — no account or API key required. Post-scan CTA to bring your own API key (Gemini, OpenAI, Anthropic) for real scans. DEMO banner on all demo screens.
Scan UX Upgrade — Streaming Terminal + Progress Ring
Live claim-extraction log streams to a terminal panel during scanning. Individual claim cards flash in as verifications complete. Circular progress ring replaces linear bar. Pro PDF export added to export menu.
Export Menu — PDF, Markdown, Share
Export results as PDF (Pro), Markdown, or shareable link. Share generates a public scan URL backed by Vercel KV. PDF rendered with full trust score, compliance report, and claim table.
Homepage Redesign + Test Quality
Removed mock data from homepage. Customer-facing capabilities bar replaces internal metrics. CRUCIBLE audit: 36 hollow assertions replaced with specific checks.
FP Proxy Architecture
All scan logic moved to Faultline Pro API. FW proxies SSE streams and JSON responses. Zero local engine code.
Regulatory Framework Builder + Admin Tools
Custom compliance framework editor with KV storage. Bulk user import and audit log viewer for admins.
API Docs + Onboarding + Changelog
Interactive API documentation portal with 25 endpoints. First-time onboarding wizard with sample texts. Changelog page with RSS feed.
Audit Log Viewer
Admin audit trail at /admin/audit with searchable, filterable log of all user actions. CSV export for compliance. Fire-and-forget instrumentation on scans, billing, and imports.
Bulk User Import
CSV-based bulk user import at /admin/import with Clerk invitations, polling progress, and welcome message support. Max 100 users per import.
Regulatory Framework Builder
Custom compliance framework CRUD via KV storage. HIPAA and FDA AI/ML pre-built templates. Admin editor UI with icon picker and section builder. Marketplace publishing for shared frameworks.
Production Billing
3-tier Stripe billing (Personal/Pro/Enterprise) with pricing page, scan limits, feature gating, and multi-plan webhook handling.
Compliance Wizard + Command Palette
Guided compliance wizard at /compliance with regulation templates (EU AI Act, SOC2, GDPR). Global command palette via Ctrl+K / ⌘K for quick navigation.
Team Workspaces
Clerk Organizations as workspaces with shared scan history, OrganizationSwitcher, and workspace dashboard.
Scan Status Polling + Notification Bell
Live polling via KV every 5s for in-progress scans. Notification bell for Pro users via Clerk publicMetadata.
Shared Scan Sessions + Batch Scan UI
Share scan results via unique URLs with Vercel KV storage. Batch scan UI for uploading multiple files at once.
Comparison View
Side-by-side comparison of two scan results with delta highlighting for trust scores, claims, and compliance.
Multi-Brand Theming + Embeddable Widget
Four branded subdomains with CSS custom properties. Embeddable verification widget with API key auth.
Admin Dashboard
Admin-only dashboard with user management and system overview. Role-based access control.
E2E Test Suite
Playwright end-to-end tests covering paste-and-scan, view-history, and export-report flows.
Performance Dashboard
Scan analytics with volume charts, trust trends, verdict distribution, and lowest-trust scans. CSS-only charts, zero new deps.
Stripe Billing Prototype
Subscription tiers with Stripe checkout, webhook handling, and paywall on compliance exports.
Clerk-Persisted Scan History
Server-side scan history stored in Clerk publicMetadata with localStorage merge on first sign-in.
Enterprise UI/UX Overhaul
Blue-tinted oklch dark theme, monospace typography system, redesigned claim cards, trust gauge, and compliance panel.
Compliance Report Panel
Inline compliance report with risk summary, finding cards, and regulatory mapping. Expandable panel in results view.
Scan History
Persistent scan history with localStorage. View, delete, and clear past scans. History page with search.
Tier 2 UI Polish
Claim highlight pulse animation, brand logo marks, refined card styling, and micro-interactions.
Clerk Auth Integration
Clerk authentication with sign-in modal, user button, and protected API routes. Session-based auth for all scan endpoints.
Tier 1 UI Polish
Trust score gauge animation refinements, claim card hover states, split-pane layout improvements, and keyboard shortcuts.
Test Coverage Push
Expanded test suite from 47 to 154 tests across 17 test files. Component, hook, and API route coverage.
MVP Launch
Initial launch of faultline.nxtg.ai with paste-box-to-results flow, SSE streaming scan, trust score gauge, export system, and subdomain middleware.