What's shipped.
Every release, generated straight from the repo's changelog. Beacon follows semantic versioning and the Keep a Changelog format.
unreleasedin progress
Added
- Reddit and Medium platforms (opt-in:
beacon config set platform reddit on,beacon config set platform medium on). Reddit drafts a title and a self-post body for a technical subreddit; Medium drafts a full story with title, optional subtitle, tags, and body.
Removed
- Bluesky and Mastodon platforms. Disable them in existing configs before upgrading if you rely on them —
platforms.blueskyandplatforms.mastodonare no longer recognized keys.
v0.5.0July 11, 2026latest
Added
beacon ui— review the queue in the browser: platform drafts side by side, inline editing, copy to clipboard, approve/discard, and live updates over SSE as new commits draft. Localhost-only with per-session token auth, a host-header allowlist against DNS rebinding, and a strict self-only Content-Security-Policy. Attaches to a runningbeacon serveinstead of starting a second instance.beacon serve— the local review API behind the UI, runnable headless:GET /queue,POST /entries/:id/approve|discard,PATCH /entries/:id/drafts,GET /events(SSE),GET /health.- Cross-process queue lock — the git hook,
beacon review, and the local API now serialize queue writes through an advisory file lock (~/.beacon/queue.lock), so concurrent writers can no longer lose each other's updates. Stale locks from crashed processes are detected and reclaimed automatically. - Per-repository config — a
.beacon.jsonat a repo root overrides the global config for that repo (enabled,platforms,significanceThreshold,language,authorNotes). It is ignored until you approve it withbeacon trust, which pins the file's SHA-256; editing the file lapses that approval automatically. A repo config may never setapiKey,baseUrl,provider, ormodel. enabled: false— opt a repository out entirely. The hook becomes a no-op ahead of any API call, so an opted-out repo costs nothing.beacon doctornow reports which config layers are in effect and warns when a.beacon.jsonis present but untrusted.- npm provenance — releases are published with a signed provenance attestation linking the package to the commit and CI run that built it. CI actions are pinned by commit SHA.
SECURITY.md— a written threat model: what leaves your machine, what never does, and what the scanner does not protect against.- Ollama auto-detection in
beacon init— picking Ollama now finds the running daemon and offers your pulled models as a picker, instead of asking you to type a base URL and a model name from memory. beacon config showis readable — an aligned key/value view that says which API key is actually in effect (and when an env var overrides the stored one). The old raw-JSON output is still there behind--json.
Changed
beacon initasks less — setup now needs only the essentials (provider and key); bio, voice notes, and language sit behind a single optional "personalize now?" step, and the significance-threshold question is gone (it defaults to 6 — tune it any time withbeacon config set significance-threshold). A failed connection test now offers to re-enter the key or retry instead of marching on with a broken setup.- A branded terminal — Beacon's yellow now runs through the whole CLI: a
✦ beaconwordmark opens each command, prompts render as one connected flow, andbeacon reviewshows each draft as a card with per-platform character counts (flagged when a tweet runs past 280).
Fixed
- Secrets in the commit message reached the model. The scanner only ever saw the diff, while the commit message was sent verbatim to both LLM calls — so
git commit -m "rotate sk-ant-…"shipped the key to the provider. Both surfaces are now scanned before either call. - The repository was named after the working directory. A commit from a subdirectory told the model (and the drafted post) that the repo was called
src, orpipeline; it now uses the repository root. - A queue from a newer Beacon reported as corrupt.
queue.jsonis now versioned: an older file is migrated (after its bytes are copied aside), and a newer one prompts you to upgrade rather than implying data loss. - Re-running
beacon initafter switching providers suggested the old provider's model. Choosing Anthropic on a machine previously set up for OpenAI offeredgpt-4o-minias the default; the suggested model now follows the provider you just picked. - Piping output could crash.
beacon config show | head(or any early- closing reader) died with an unhandledEPIPEstack trace; a closed pipe now ends the process quietly.
Security
queue.jsonwas world-readable and stored the raw diff. Awarning-level finding (an.envassignment, a private IP) is redacted from the model but does not block drafting, so the raw secret was written to a0644file.queue.jsonis now0600and stores only the redacted snapshot;~/.beaconand every file under it are owner-only, repaired on write.
v0.4.0July 10, 2026
Changed
- Leaner install — the
anthropicprovider now calls the Messages API directly instead of through@anthropic-ai/sdk. Beacon's LLM layer ships with no runtime dependencies: seven packages fewer on every install (9.8 MB in the SDK alone), and roughly 30 ms off CLI startup. base-urlapplies to every provider, not just OpenAI-compatible ones — pointanthropicat a proxy or gateway withbeacon config set base-url <url>.beacon doctornow reports the base URL whichever provider you use.
Fixed
beacon doctorexits non-zero when the live provider ping fails, as documented. An invalid API key previously reported a healthy setup.
Removed
ANTHROPIC_BASE_URLis no longer read from the environment. Usebeacon config set base-url <url>instead.
v0.3.1July 4, 2026
Added
- Production website — Next.js port of the project site at beacon-bip.vercel.app; docs in MDX, changelog page generated from this file at build time.
- README demo GIF showing
beacon init→ commit →beacon review.
Changed
- Site redesigned to match the new mockup: full-viewport hero with the platform flip word, responsive nav and type scale on mobile.
- The beacon GitHub repository is now public.
Fixed
punycodeDeprecationWarning no longer pollutes CLI output on Node ≥ 21 (upgraded@anthropic-ai/sdkto 0.110).- README pipeline description now matches the actual stage order.
- Site favicon adapts to dark browser chrome.
v0.3.0July 4, 2026
Added
beacon init— guided first-run setup: provider, key, model, voice, language, hook install, connection test — ending with a draft from your latest commit so the first session produces real output.beacon doctor— setup diagnostics: node/git versions, config, API key, hook presence and executability,beaconon PATH, and a live provider ping. Exits non-zero when a check fails.- Ollama preset in
beacon init— fully local, free drafting with no API key (http://localhost:11434/v1via the OpenAI-compatible provider). - Digest drafting —
beacon draft --since <when>,--week, and--todaycombine a range of commits into one draft ("here's what I shipped this week"). Accepts anythinggit log --sinceunderstands. - Bluesky and Mastodon platforms (opt-in:
beacon config set platform bluesky on). Platform keys in a draft set are now optional; only enabled platforms are drafted and validated, and queue entries from older versions still parse. - Configurable author identity and language — new config keys
authorName,authorBio, andlanguagedrive the drafter's voice prompt (previously hardcoded). Drafts can be generated in any language. - Project site (
design/beacon-site.html) — single-file landing, docs, and changelog pages; fully responsive, with the main nav collapsing into a toggle menu and a dedicated small-screen typography scale on mobile.
Changed
beacon reviewedit flow — editing now opens a single platform's draft as plain text (tweets separated by---, markdown for dev.to) instead of raw JSON, with structured parts falling back to the original draft when deleted. Edits are still schema-validated on save.- The drafter prompt is composed from enabled platforms only, reducing token cost when platforms are toggled off.
- CLI output overhauled — semantic color helpers (TTY- and
NO_COLOR-aware), a dependency-free spinner that animates on a TTY and degrades to plain lines when piped or inside the git hook, plus a shared first-run nudge and consistent friendly error rendering across commands.
Fixed
QuietSpinnerconstructor call passed an argument it did not accept.- OpenAI-compatible 401/403 responses now normalize to
AUTH_ERROR(wasAPI_ERROR).
v0.2.1June 25, 2026
Fixed
- LLM JSON parsing. Prompt templates no longer embed
//comments, which models echoed back as invalid JSON; parsing is also more tolerant of trailing commas in model output.
v0.2.0June 25, 2026
Added
- Multi-provider LLM support. Beacon is no longer Anthropic-only. A new provider abstraction (
src/lib/llm/) supports: ·anthropic(default) — via the official SDK. ·openai— any OpenAI-compatible Chat Completions endpoint (OpenAI, OpenRouter, Groq, Together, a local server, …) overfetch, configurable withbaseUrl. No new dependency. - New config keys:
provider(anthropic|openai) andbaseUrl. - New commands:
beacon config set provider <name>andbeacon config set base-url <url>. - Provider-aware API-key resolution:
ANTHROPIC_API_KEYorOPENAI_API_KEY(env vars take precedence over the stored key).
Changed
- Pipeline reordered to
capture → safety → significance → draft → queue. The safety scanner now runs before every LLM call. Previously the significance filter received a raw (unredacted) diff excerpt before scanning; now both LLM calls only ever see the redacted diff. A critical finding blocks the pipeline before any network call is made.
v0.1.1June 25, 2026
Fixed
binpath.bin.beaconpointed at./dist/cli/index.js, but the build emits./dist/index.js, so the globalbeaconcommand failed to resolve.- Git stderr (e.g.
fatal: Needed a single revisionwhen probingHEAD~1on a repo's first commit) no longer leaks into commit/hook output; it is captured instead of inherited.
v0.1.0June 25, 2026
Added
- Initial release:
run,install,review,draft, andconfigcommands. - Five-stage local pipeline that drafts build-in-public content for Twitter/X, LinkedIn, and dev.to from git commits.
- Regex-based safety scanner, significance filter, voice drafter, atomic JSON review queue, and a post-commit git hook.
- Daily log rotation with a 7-day retention window.