FailproofAI · NiveditJain · May 22, 2026 · May 22, 2026 · May 22, 2026 · coderabbitai
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## 0.0.11-beta.2 — 2026-05-21
+
+### Breaking
+- Remove the undocumented cloud auth + event relay subsystem ahead of a from-scratch redesign. Deletes `src/auth/` (OAuth 2.0 device-flow login against `api.befailproof.ai`, `~/.failproofai/auth.json` token store) and `src/relay/` (WebSocket event relay daemon, sanitized JSONL queue at `~/.failproofai/cache/server-queue/`, PID tracking). Strips the `failproofai login` / `logout` / `whoami` / `relay start|stop|status` / `sync` subcommands and the internal `--relay-daemon` mode from `bin/failproofai.mjs`, along with their `--help` entries and "did you mean" suggestions. Removes the fire-and-forget `appendToServerQueue` + `ensureRelayRunning` calls from `src/hooks/handler.ts` so hook evaluation no longer enqueues events or lazy-spawns a daemon. The whole subsystem had zero references in `README.md`, `docs/`, `examples/`, or `__tests__/`, and only had internal cross-imports — `tsc`, `eslint`, `vitest` (1623 tests), and the `bun run build` bundles all stay green. Users who ran `failproofai login` should also wipe `~/.failproofai/{auth.json,cache/server-queue,relay.pid}` and stop any running relay daemon by hand; new auth/cloud surface will land in a follow-up.
+
 ## 0.0.11-beta.1 — 2026-05-20
 
 ### Breaking

diff --git a/bin/failproofai.mjs b/bin/failproofai.mjs
@@ -74,28 +74,14 @@ if (hookIdx >= 0) {
   }
 }
 
-// --relay-daemon — internal: long-running background process started by
-// ensureRelayRunning(). Streams queued events to the server via WebSocket.
-if (args.includes("--relay-daemon")) {
-  try {
-    const { runDaemon } = await import("../src/relay/daemon");
-    await runDaemon();
-    process.exit(0);
-  } catch (err) {
-    const msg = err instanceof Error ? err.message : String(err);
-    console.error(`Relay daemon error: ${msg}`);
-    process.exit(1);
-  }
-}
-
 /**
  * Centralised error handler for all CLI subcommands.
  * CliError  → clean message, no stack trace, exit exitCode (1 or 2)
  * Error     → unexpected; shows message only, exits 2
  */
 async function runCli() {
   // --help / -h  (only when not inside a subcommand that handles its own --help)
-  const SUBCOMMANDS = ["policies", "login", "logout", "whoami", "relay", "sync"];
+  const SUBCOMMANDS = ["policies"];
   if ((args.includes("--help") || args.includes("-h")) && !SUBCOMMANDS.includes(args[0])) {
     const extraArgs = args.filter((a) => a !== "--help" && a !== "-h");
     if (extraArgs.length > 0) {
@@ -132,12 +118,6 @@ COMMANDS
 
   policies --help, -h            Show this help for the policies command
 
-  login                          Authenticate with the failproofai cloud (Google OAuth)
-  logout                         Clear local auth tokens and stop relay daemon
-  whoami                         Print current logged-in user
-  relay start|stop|status        Manage the event relay daemon
-  sync                           One-shot flush of pending events to the server
-
   --version, -v                  Print version and exit
   --help, -h                     Show this help message
 
@@ -429,73 +409,6 @@ EXAMPLES
     process.exit(0);
   }
 
-  // login — authenticate with failproofai server via Google OAuth
-  if (args[0] === "login") {
-    const { login } = await import("../src/auth/login");
-    await login();
-    process.exit(0);
-  }
-
-  // logout — clear local tokens and stop relay daemon
-  if (args[0] === "logout") {
-    const { logout } = await import("../src/auth/logout");
-    await logout();
-    process.exit(0);
-  }
-
-  // whoami — print current user and auth status
-  if (args[0] === "whoami") {
-    const { whoami } = await import("../src/auth/logout");
-    whoami();
-    process.exit(0);
-  }
-
-  // relay start|stop|status — manage the event relay daemon
-  if (args[0] === "relay") {
-    const subcmd = args[1];
-    const { relayStatus, stopRelay } = await import("../src/relay/pid");
-
-    if (subcmd === "status") {
-      const s = relayStatus();
-      if (s.running) console.log(`Relay daemon running (pid ${s.pid})`);
-      else if (s.pid !== null) console.log(`Stale PID file (${s.pid}); daemon not running`);
-      else console.log("Relay daemon not running");
-      process.exit(0);
-    }
-
-    if (subcmd === "stop") {
-      const stopped = stopRelay();
-      console.log(stopped ? "Relay daemon stopped" : "Relay daemon was not running");
-      process.exit(0);
-    }
-
-    if (subcmd === "start") {
-      const { ensureRelayRunning, waitForRelayAlive } = await import("../src/relay/daemon");
-      ensureRelayRunning();
-      // Spawn is async — give the child a moment to write its PID file
-      const alive = await waitForRelayAlive();
-      const s = relayStatus();
-      if (alive && s.running) {
-        console.log(`Relay daemon started (pid ${s.pid})`);
-        process.exit(0);
-      }
-      console.log("Failed to start daemon");
-      process.exit(1);
-    }
-
-    throw new CliError(
-      `Usage: failproofai relay <start|stop|status>`
-    );
-  }
-
-  // sync — one-shot flush of pending events to server (fallback for no daemon)
-  if (args[0] === "sync") {
-    const { runOneShotSync } = await import("../src/relay/daemon");
-    const count = await runOneShotSync();
-    console.log(`Synced ${count} event${count === 1 ? "" : "s"} to server`);
-    process.exit(0);
-  }
-
   // Unknown flag guard — must appear after all known-flag branches
   const knownFlags = ["--version", "-v", "--help", "-h", "--hook"];
   const unknownFlag = args.find(a => a.startsWith("-") && !knownFlags.includes(a));
@@ -514,7 +427,7 @@ EXAMPLES
       return dp[m][n];
     }
 
-    const primary = ["--version", "--help", "--hook", "policies", "login", "logout", "whoami", "relay", "sync"];
+    const primary = ["--version", "--help", "--hook", "policies"];
     const closest = primary.reduce((best, flag) => {
       const dist = levenshtein(unknownFlag, flag);
       return dist < best.dist ? { flag, dist } : best;

diff --git a/src/auth/login.ts b/src/auth/login.ts
diff --git a/src/auth/logout.ts b/src/auth/logout.ts
diff --git a/src/auth/token-store.ts b/src/auth/token-store.ts
diff --git a/src/hooks/handler.ts b/src/hooks/handler.ts
@@ -340,25 +340,6 @@ export async function handleHookEvent(
     hookLogWarn("activity persistence failed");
   }
 
-  // Enqueue for server relay — fire-and-forget, never blocks hook.
-  // queue.ts is a no-op if the user is not logged in (no auth.json), and
-  // sanitizes the entry before persisting (drops toolInput/transcriptPath,
-  // hashes cwd, redacts known secret patterns in `reason`).
-  try {
-    const { appendToServerQueue } = await import("../relay/queue");
-    appendToServerQueue(activityEntry);
-  } catch {
-    // Server queue is best-effort; fail-open
-  }
-
-  // Lazy-start relay daemon if user is logged in — ~1ms when already running
-  try {
-    const { ensureRelayRunning } = await import("../relay/daemon");
-    ensureRelayRunning();
-  } catch {
-    // Relay is best-effort; hook must succeed regardless
-  }
-
   // Fire PostHog telemetry for decisions that affect Claude's behavior
   if (result.decision === "deny" || result.decision === "instruct") {
     try {