Faro/ docs
Get API key

Changelog

v1.2.02026-06

MCP typed output — agents get structured verdicts out of the box.

  • Each MCP tool (verify_url, verify_payee, verify_message) now advertises an outputSchema derived from VerdictResult — branch on recommended_action without parsing prose.
  • Tool responses emit structuredContent (typed JSON) plus a JSON-in-text fallback for clients that do not negotiate structured output.
  • Same engine and contract as REST; hosted endpoint unchanged at https://mcp.farofinance.app/mcp. See /docs/mcp.
  • Registry manifest at github.com/vedux98/Faro/blob/main/server.json for MCP Registry listing.
v1.1.12026-06

Developer dashboard and test-mode sandbox keys.

  • Dashboard at farofinance.app/dashboard — paste a self-serve key to see usage (last 30 days), recent verdicts, and your key prefix. The key is held in a secure http-only cookie, never in the browser.
  • Test mode — keys with the faro_test_ prefix short-circuit verify to deterministic fixtures: no Safe Browsing / RDAP / sanctions / LLM, no cost, and no writes to the reputation graph. Responses carry an X-Faro-Mode: test header; the VerdictResult shape is unchanged. See /docs/dashboard.
  • New per-key routes: GET /v1/me, GET /v1/me/usage, GET /v1/me/verdicts, and POST /v1/me/keys/test. Admin keys receive 403 — these are self-serve only.
  • POST /v1/reports from a test key is accepted as a no-op so sandbox integrations can exercise the path without touching live data.
v1.1.02026-06

Faro v1.1 is live — hosted MCP, payee enrichment, and official SDKs.

  • Hosted MCP server at https://mcp.farofinance.app/mcp — streamable-HTTP transport for cloud agents and MCP marketplaces. Run locally with faro-mcp (stdio) or faro-mcp-http / uvicorn faro.mcp_server.http_server:app for self-hosted HTTP. Same three tools (verify_url, verify_payee, verify_message), Bearer auth, per-key rate limits, body-size cap, and per-call timeouts.
  • Official Python (faro-client) and TypeScript (@faro/client) SDKs — typed VerdictResult, same contract as REST and MCP.
  • Curated OpenAPI 3.1 spec with Bearer auth, examples, and Redoc at /docs/api-reference.
  • Payee enrichment: GLEIF (LEI), OffshoreLeaks (via OpenSanctions), and GDELT adverse media — richer signals, same verdict shape.
  • Feedback loopPOST /v1/reports to flag bad actors or false positives; invalidates cached safe verdicts and feeds the reputation graph. See /docs/reports.
  • Signup now issues an API key immediately in the web flow (shown once, with copy-and-hide UX for safer handling).
  • Signup and key issuance hardening: server-side honeypot handling, stricter input validation, DB-backed per-email key throttling, and no-store response caching on secret-bearing routes.
  • Security headers tightened on web responses (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, HSTS).
  • Added Vercel Analytics integration.
v0.1.02026-06

Faro v0 — first public API.

  • Three verdict types: url, payee, message, plus a generic POST /v1/verify.
  • One consistent VerdictResult across REST and MCP.
  • Tiered engine: deterministic checks (Safe Browsing, RDAP, OpenSanctions, global payment-handle format) → LLM reasoning only when inconclusive.
  • Verdict-aware caching for fast, fresh repeat checks.
  • MCP server (faro-mcp) with three agent-facing tools.
  • Bearer API-key auth, consistent error envelope, per-request X-Request-ID.

Roadmap

  • Publish faro-client to PyPI and @faro/client to npm.
  • More deployment templates for self-hosted MCP transport.