Skip to main content
The failproofai dashboard is a local web application for monitoring your AI agent sessions and managing policies. See what your agents did while you were away.

Starting the dashboard

failproofai
Opens at http://localhost:8020. The dashboard reads directly from the filesystem - your Claude Code project folders and the failproofai config files. Nothing is written to a remote service.

Pages

Projects

Lists all Claude Code, OpenAI Codex, GitHub Copilot CLI (beta), Cursor Agent (beta), OpenCode (beta), Pi (beta), and Gemini CLI (beta) projects found on your machine. Claude projects are discovered from ~/.claude/projects/ (or the path set by CLAUDE_PROJECTS_PATH); Codex projects are discovered by scanning every transcript under ~/.codex/sessions/<YYYY>/<MM>/<DD>/*.jsonl and grouping by the cwd recorded in each session’s first record; Copilot CLI projects are discovered by scanning each ~/.copilot/session-state/<sessionId>/workspace.yaml (configurable via COPILOT_HOME) and grouping by its cwd field; Cursor Agent projects are discovered by scanning per-session metadata under ~/.cursor/agent-sessions/<sessionId>/ (configurable via CURSOR_HOME, with conversations/ and sessions/ probed as fallbacks) for a cwd scalar in meta.json / session.json / workspace.yaml; OpenCode projects are discovered by querying its SQLite DB at ~/.local/share/opencode/opencode.db via opencode db --format json (we read the session and project tables and group by project_id); Pi projects are discovered by scanning per-session JSONL transcripts under ~/.pi/agent/sessions/<encoded-cwd>/<timestamp>_<uuid>.jsonl (configurable via PI_SESSIONS_DIR) and pulling the cwd from each session’s first record; Gemini CLI projects are discovered by scanning ~/.gemini/tmp/<basename>/chats/session-<timestamp>-<uuid-prefix>.jsonl (configurable via GEMINI_SESSIONS_DIR) and recovering the canonical cwd from the sibling .project_root text marker. A project that has been used by multiple CLIs renders as a single row with all matching badges. Use the CLI dropdown above the table to filter by a specific agent CLI; the URL preserves your selection as ?cli=claude|codex|copilot|cursor|opencode|pi|gemini. Each project shows:
  • Project name (derived from the folder path)
  • A CLI badge — Claude Code (orange), OpenAI Codex (purple), GitHub Copilot (blue), Cursor Agent (emerald), OpenCode (amber), Pi (pink), and/or Gemini CLI (sky)
  • Date of most recent session activity
Click a project to see its sessions.

Sessions

Lists all sessions within a project. Each session shows:
  • Session ID
  • Start and end timestamps
  • Number of tool calls
  • Hook activity count (policies that fired)
Use the date range filter and session ID search to narrow the list. Sessions are paginated. Click a session to open the session viewer.

Session viewer

The session viewer answers the key question for autonomous agents: what did the agent do, and did it stay on track? A CLI badge beside the header indicates whether the session is a Claude Code, OpenAI Codex, GitHub Copilot CLI, Cursor Agent, OpenCode, Pi, or Gemini CLI transcript. It shows a timeline of everything that happened in a session:
  • Messages - Claude’s text responses and user prompts
  • Tool calls - Every tool Claude invoked, with its input and output
  • Policy activity - For each tool call, which policies fired and what decision they returned
The stats bar at the top shows session duration, total tool calls, and a summary of hook decisions (allow / deny / instruct counts). Click the Download Logs button to export the session. For Claude Code, Codex, Copilot, Cursor, Pi, and Gemini sessions you get the original on-disk JSONL transcript byte-for-byte; for OpenCode (whose sessions live in SQLite, not on disk) you get a JSON document mirroring the underlying session / messages / parts tables.

Audit

A personality-driven report of how your agent has actually been behaving across past sessions. Runs the same scan as the failproofai audit CLI but renders it as a single-screen shareable poster + four below-the-fold sections:
  1. Poster — fills the first viewport. Self-contained PNG-capture region with the failproof_ai wordmark + audit label · archetype index (№ NN of 08) + audit date · numeric score (0–100) + percentile rank pill (top 15%) · the archetype name (one of the optimist, the cowboy, the explorer, the goldfish, the paranoid architect, the precision builder, the hammer, the ghost) + 3-keyword strip · // only N% of agents are this archetype rarity line · 8×8 pixel sigil tile · audit yours → failproof.ai footer. Three share buttons sit just outside the capture box: post your archetype (X intent), share on linkedin, download poster. Capture runs through html-to-image so the PNG matches the on-screen render pixel-for-pixel (dashed borders, SVG logo mask, gradients, font metrics — all preserved).
  2. Strengths — calm ✓ row list of behaviors your agent already does right, derived from the live audit data (clean tool-call rate, average session length, zero credential leaks, zero retry storms, etc.).
  3. Quirks — table of what slipped through, ranked by impact: time · what slipped + policy that would've caught it · severity pill · recurrence (new / Nx this wk / recurring).
  4. How to improve — calm row list, one per prescribed policy: policy name in white, one-line description, install command + copy button on the right side. An [install all] button at the section header copies the combined failproofai policy add a b c … command for every prescribed policy.
  5. Come back better — two side-by-side cards. Left: set a reminder (3d / 7d / 14d / 30d cadence picker; persists through /api/auth/reminder once authed). Right: unlock failproof perks — invite a friend opens a modal that takes a comma/space/newline-separated list of friend emails (max 10 per send), POSTs them to /api/audit/invite, which forwards to the api-server’s POST /v0/invite. The api-server sends one email per recipient from invite@failproof.ai with the sender Cc’d and Reply-To set, so the recipient sees who invited them and the sender gets a copy in their inbox. Anonymous users get routed through the AuthDialog first so the sender’s email is known before invites go out. Entitlement / perks fulfillment is a follow-up.
Driven by the failproofai audit runtime — see Audit CLI for the underlying scan engine, supported flags, and per-transcript cache invariants. The dashboard caches the latest result at ~/.failproofai/audit-dashboard.json (mode 0600, single slot, new runs overwrite) so revisits are instant; both the per-transcript and whole-result caches are rejected on read once they’re older than 7 days so the dashboard never silently serves a week-old result — past the TTL /audit falls through to its empty state and prompts a fresh run. Clicking [ re-audit now ] near the bottom of the report POSTs /api/audit/run with noCache: true — re-audit bypasses the per-transcript cache and re-scans every transcript from scratch rather than silently returning the cached result — and the dashboard polls /api/audit/status at 1Hz until the run finishes; a sticky pink progress strip pins to the top of the viewport during the run with an elapsed timer, and the fresh result swaps in place on success (no full-page reload; a failed re-audit leaves the prior report intact). On failure the strip turns red with copy keyed off the RerunError.kind (timeout / network / post_failed). Empty state (no cache or expired) and zero-sessions state (cache exists but the scan found no transcripts) are surfaced separately.

Policies

A two-tab page for managing policies and reviewing activity.
  • Multi-select which agent CLIs failproofai protects from a single panel — Claude Code, OpenAI Codex, GitHub Copilot, Cursor Agent, OpenCode, Pi, and Gemini CLI all have a row with install status (Active / Detected / Inactive), the user-scope settings path, and a brand-colored accent. Check or uncheck the CLIs you want and click Apply changes to install/uninstall the diff in one step. CLIs whose binary is detected on PATH are pre-checked.
  • Toggle individual policies on or off with a single click (writes to ~/.failproofai/policies-config.json — shared across every installed CLI)
  • Expand a policy to configure its parameters (for policies that support policyParams)
  • Set a custom policies file path

Auto-refresh

The dashboard has an auto-refresh toggle in the top navigation. When enabled, the current page refreshes periodically to show new sessions and policy activity as they appear. Essential for monitoring long-running autonomous agent sessions.

Disabling pages

If you only need some parts of the dashboard, set FAILPROOFAI_DISABLE_PAGES to a comma-separated list of page names: 
FAILPROOFAI_DISABLE_PAGES=policies failproofai
Valid values: policies, projects, audit.

Configuring the projects path

By default, the dashboard reads from the standard Claude Code projects directory. Override it for custom setups: 
CLAUDE_PROJECTS_PATH=/custom/path/to/projects failproofai

Accessing from a non-localhost host

When running the dashboard in dev mode (npm run dev) and accessing it from a hostname other than localhost - for example, a custom domain, a remote IP, or a tunneled URL - you may see a warning like: 
⚠ Blocked cross-origin request to Next.js dev resource /_next/webpack-hmr from "dashboard.example.com".
This is Next.js blocking cross-origin access to its HMR (hot module reload) websocket, which is a dev-only feature. To allow your host, use the --allowed-origins flag: 
npm run dev -- --allowed-origins dashboard.example.com
For multiple hosts or IPs, pass a comma-separated list: 
npm run dev -- --allowed-origins dashboard.example.com,192.168.1.5
You can also set the FAILPROOFAI_ALLOWED_DEV_ORIGINS environment variable instead: 
FAILPROOFAI_ALLOWED_DEV_ORIGINS=dashboard.example.com npm run dev
This only applies to dev mode. When running failproofai (production mode), there is no HMR websocket and no cross-origin dev resource issue.