Changelog
What shipped, and when.
A dated record of milestones, decisions, and shipped features. Platform builds in public.
Scanner Pro: real security tools, signed evidence, credit-gated endpoint
The free scanner runs six heuristic layers. Scanner Pro runs six production security tools inside a container image Lambda on ECR Private. Findings carry method_label: "tool_verified" — the same vocabulary token used by Gate devcontract evaluators, making findings formally citeable in governance evidence chains.
- bandit (Python SAST), semgrep p/ci (multi-language SAST), checkov (IaC)
- detect-secrets (credential scanning), pip-audit (CVE database), ruff (quality)
- HMAC-SHA256 signed evidence.json with tool versions and method labels
- Credit-gated via DynamoDB atomic ConditionExpression; deducted in handler.py
- Container image Lambda (1024 MB, 300s timeout) on ECR Private, eu-north-1
Account portal: Cognito auth, credit balance, subscription management
End-to-end login flow live. Cognito JWT authentication, API key generation on first sign-in, credit balance display, and Stripe subscription management via the account dashboard.
- Cognito hosted UI with custom domain
- API key auto-provisioned on account creation
- Credit balance via DynamoDB single-table
- Stripe webhook handler for subscription events
ops-agents: Lambda telemetry replaces Lightsail relay
Paperclip and the autossh Lightsail tunnel retired. Four EventBridge-scheduled Lambda agents now write telemetry directly to DynamoDB. SRE, cost, security, and CTO agents run on independent cron schedules.
- ticketyboo-ops-sre: hourly CloudWatch metrics
- ticketyboo-ops-cost: daily Cost Explorer summary
- ticketyboo-ops-security: daily S3/IAM/Lambda audit
- ticketyboo-ops-cto: daily GitHub Issues and PR digest
Extension v1.0.2: Open VSX publish, managed billing proxy
VS Code extension published to Open VSX Registry. Fork of Roo Code (Apache 2.0) with managed LLM billing layer. Credit metering per token. BYOK support. 6,491 tests passing.
- Open VSX: ticketyboo-dev/ticketyboo
- Managed proxy: eu-north-1 Lambda, api.ticketyboo.dev
- BYOK: Anthropic, OpenAI, and other providers
Governance agents: five-domain PR review with evidence.json
GitHub App integration triggering five parallel governance agents on pull requests. Security, finance, privacy, compliance, and data domains. SHA-256 signed evidence.json committed per run.
- All five agents: security, finance, privacy, compliance, data
- evidence.json: structured, signed, S3-stored
- GitHub App: PR comment with findings summary
Public scanner: six-layer analysis, no sign-in
Open scanner at /scan/ accepting any public GitHub repository URL. Six analysis layers run in parallel: secrets, SAST, dependencies, IaC, licence compliance, code quality. Health score output with per-layer findings.
- No account required
- Results cached in S3, shareable by URL
- API: api.ticketyboo.dev/v1/scan
AWS Free Tier stack: CloudFront, API Gateway, Lambda, DynamoDB
Production stack deployed in eu-north-1 on AWS Free Tier. CloudFront CDN for ticketyboo.dev, API Gateway proxied through ticketyboo-api Lambda, DynamoDB single-table design, ACM cert in us-east-1.
- Terraform state in S3 with DynamoDB lock table
- All resources tagged: Project=ticketyboo, Environment=prod
- SSM Parameter Store for secrets (not Secrets Manager)
Site: 45 articles, 18 tools, 6 demos published
ticketyboo.dev launched as a show-and-tell monorepo. Static site on CloudFront with no frontend framework. Articles covering AI development methodology, governance patterns, and platform findings.