Changelog

Every /result/[id] now states where its verdict ranks against the whole corpus — one roast-voice line under the badge, e.g. “Only 4% of ideas get this verdict. Frame it.” for SHUT_UP_AND_TAKE_MY_MONEY, or “You and 31% of everyone else. Congratulations on inventing the wheel.” for ALREADY_EXISTS. Pure distribution math over the existing verdict store — no new AI call.

The share card (/api/og/[id]) carries the same stat (“Top X% — told to ship”), so the percentile travels with every link. Existing OG images are cache-busted so platforms re-fetch the new card.

Home counter strip upgraded to the doctrine pattern: “{total} ideas roasted · {x}% told to ship · {y}% already exist”, sourced from the same 30s-cached distribution behind /api/stats.

New programmatic surface at /agent-for/[topic] — ~60 seed topics (e.g. customer-support, incident-triage, lease-review) each rendering verdict distribution, top-shared roasts, the best one-liner, and a competitor snapshot — all assembled at ISR time from real published analyses that keyword-match the topic. No boilerplate; every page is unique to its corpus.

Per-topic share row + schema.org ItemList + FAQPage JSON-LD + OG card reusing the existing /api/og/[id] route, anchored to each topic's featured (most-shared) result.

Indexability is gated, not unconditional. Topics below a threshold of three matching analyses render the “roast the first one” CTA but emit robots:noindex and are excluded from the sitemap. Promotion happens automatically on the next ISR pass once the corpus catches up. This is the helpful-content-update defense — we'd rather publish a dozen substantive pages than sixty thin ones.

The result page “Save” button now downloads the canonical OG card straight from /api/og/[id] instead of rasterising the hero <div> client-side. The file you save is now byte-identical to what X, LinkedIn, and Slack render as the link preview — same 1200×630 layout, same verdict colour, same radar. Removes the html-to-image code path from ShareBar and the dead heroRef plumbing that fed it.

On premium-tier verdicts (SHUT_UP_AND_TAKE_MY_MONEY, GENUINELY_BRILLIANT, ACTUALLY_NOT_BAD), an above-the-fold “Steal this idea →” secondary CTA next to “Try Your Own Problem” links straight to the claim board. Hidden on non-claimable verdicts so it never points anywhere useless.

Production-readiness odds, OWASP-MCP risk badges, and the governance checklist are now collapsed into a single “How this was generated” disclosure (<details>) below the fold — defaults closed. Trust and provenance information is still on every result, just not interrupting the verdict→share read. Nothing was deleted.

Verbose problem descriptions were silently failing — Claude's JSON response was being truncated at the 2048-token cap and falling through to a generic 500. Bumped the output ceiling to 4096, and truncations now surface as a 422 with a useful “try a shorter version” message instead of a black-box error.

/api/health public endpoint returning model pin, live count, and last-published timestamp.

Home page now shows a “last published” micro-stat alongside the running total. Repeat visitors can see the site is alive at a glance.

/api/stats now exposes live_count separately from total — the former counts only non-expired results, the latter is the all-time roast count.

Production-readiness odds on every result — a single number, with a governance checklist underneath that grades the idea against the real things that kill agent projects (cost modeling, eval harness, abuse surface, kill-switch posture).

“Honest variant” renderer for the readiness score — shows you why a 38/100 isn't the same flavor of 38 as someone else's 38.

Embeddable readiness badge — drop a one-line snippet on your site and it renders the verdict + score from your roast.

Per-result llms.txt at /result/[id]/llms.txt — a plain-text feed crawlers and LLMs can ingest without parsing our HTML.

Public ?explain=1 query param opens an inline rationale panel on result pages without forcing a separate route.

Sora-generated hero banner on the home page.

/result/[id] moved from force-dynamic to ISR (revalidate=86400) and wrapped in unstable_cache — every result is now CDN-cacheable. View-counting moved to a client beacon so it doesn't bust the cache on first paint.

F-N1 “Build this with” bootstrap on every result — one-click starter context for shipping the agent the verdict describes.

F-N5 OWASP-MCP threat badges on results that touch tool-calling surfaces.

generateStaticParams added to /result/[id] for genuine static prerendering.

F1 Agent-Readiness Score — the 0-to-100 number that gates the rest of the verdict UI.

F2 “Steal This Idea” claim board — public list of unbuilt agents anyone can claim.

Apex canonical unification, breadcrumb JSON-LD on every content page, sitemap dedup (was double-listing /explore/hall-of-fame and /hall-of-fame), audit CI on PRs.

Every secret rotated at its source and re-added to Vercel with the “Sensitive” flag set, in response to the 2026-04-19 Vercel env-var enumeration disclosure. See /security for the full incident timeline.

Admin endpoints moved off query-param auth to an x-admin-key header with constant-time compare.

Pre-commit gitleaks hook, GitHub Secret Scanning, and Push Protection all turned on at the repo level. URLs returned by the AI for competitor links are now validated (HTTPS-only, no credentials-in-URL, no IP literals, tracking params stripped) before rendering.