BugProof - Executable bugs, not bug reports
byâ˘
BugProof captures software failures as portable, reproducible .bug artifacts. Instead of sharing screenshots, logs, and lengthy bug reports, developers can package the exact failure including source state, environment metadata, execution context, and failure fingerprints into a single file that anyone can replay. Cross-platform, open source, AI-agent ready, and no Docker required.


Replies
SuperBrain
Congratulations on the launch. Every bug report I've ever come across has missing steps. Every single one. How do you handle the environment state piece â that's usually where reproduction breaks down even when the steps are right.
SuperBrain
@prashkom That's exactly the problem we're trying to solve.
BugProof captures more than just the steps it snapshots the environment schema, runtime versions, command invocation, relevant source state, and failure fingerprint into the .bug artifact. On replay, it compares the captured environment against the current machine and surfaces mismatches (missing dependencies, different Node/Python versions, OS differences, etc.).
It's not perfect for every possible stateful system yet, but the goal is to move from "here are the steps I think I ran" to "here's the exact failure context that produced the bug." That's where most reproduction time gets lost today.
Mailwarm
How do you share and store them safely, like can you redact secrets before exporting the file?
SuperBrain
@othman_katim Yes. Before BugProof packages the `.bug` file, it automatically scans your computer's environment variables for anything that looks like a secret â API keys, tokens, passwords. It catches them two ways:
1. By name â if a variable is named `API_KEY`, `SECRET`, `PASSWORD`, etc., it's flagged.
2. By pattern â if a value looks random and high-entropy (like `sk-proj-AbCdEf...`), it's flagged.
When you share the `.bug` file, the secret values are stripped out. The person on the other end can see that a secret existed and what it was named, but never gets the actual value. Your credentials stay on your machine.
I can definitely relate to this. Sometimes an AI agent is doing useful work and you don't want to be stuck at your desk waiting for it to finish. Being able to check in from your phone feels like a natural next step.