Changelog

On premium-tier verdicts (SHUT_UP_AND_TAKE_MY_MONEY, GENUINELY_BRILLIANT, ACTUALLY_NOT_BAD), an above-the-fold “Steal this idea →” secondary CTA next to “Try Your Own Problem” links straight to the claim board. Hidden on non-claimable verdicts so it never points anywhere useless.

Production-readiness odds, OWASP-MCP risk badges, and the governance checklist are now collapsed into a single “How this was generated” disclosure (<details>) below the fold — defaults closed. Trust and provenance information is still on every result, just not interrupting the verdict→share read. Nothing was deleted.

Verbose problem descriptions were silently failing — Claude's JSON response was being truncated at the 2048-token cap and falling through to a generic 500. Bumped the output ceiling to 4096, and truncations now surface as a 422 with a useful “try a shorter version” message instead of a black-box error.

/api/health public endpoint returning model pin, live count, and last-published timestamp.

Home page now shows a “last published” micro-stat alongside the running total. Repeat visitors can see the site is alive at a glance.

/api/stats now exposes live_count separately from total — the former counts only non-expired results, the latter is the all-time roast count.

Production-readiness odds on every result — a single number, with a governance checklist underneath that grades the idea against the real things that kill agent projects (cost modeling, eval harness, abuse surface, kill-switch posture).

“Honest variant” renderer for the readiness score — shows you why a 38/100 isn't the same flavor of 38 as someone else's 38.

Embeddable readiness badge — drop a one-line snippet on your site and it renders the verdict + score from your roast.

Per-result llms.txt at /result/[id]/llms.txt — a plain-text feed crawlers and LLMs can ingest without parsing our HTML.

Public ?explain=1 query param opens an inline rationale panel on result pages without forcing a separate route.

Sora-generated hero banner on the home page.

/result/[id] moved from force-dynamic to ISR (revalidate=86400) and wrapped in unstable_cache — every result is now CDN-cacheable. View-counting moved to a client beacon so it doesn't bust the cache on first paint.

F-N1 “Build this with” bootstrap on every result — one-click starter context for shipping the agent the verdict describes.

F-N5 OWASP-MCP threat badges on results that touch tool-calling surfaces.

generateStaticParams added to /result/[id] for genuine static prerendering.

F1 Agent-Readiness Score — the 0-to-100 number that gates the rest of the verdict UI.

F2 “Steal This Idea” claim board — public list of unbuilt agents anyone can claim.

Apex canonical unification, breadcrumb JSON-LD on every content page, sitemap dedup (was double-listing /explore/hall-of-fame and /hall-of-fame), audit CI on PRs.

Every secret rotated at its source and re-added to Vercel with the “Sensitive” flag set, in response to the 2026-04-19 Vercel env-var enumeration disclosure. See /security for the full incident timeline.

Admin endpoints moved off query-param auth to an x-admin-key header with constant-time compare.

Pre-commit gitleaks hook, GitHub Secret Scanning, and Push Protection all turned on at the repo level. URLs returned by the AI for competitor links are now validated (HTTPS-only, no credentials-in-URL, no IP literals, tracking params stripped) before rendering.