Skip to main content

v0.0.73

Released Jul 14, 2026

All releases

Release Notes

Hosted MCP grows up: sessions renew themselves instead of expiring, connecting shows exactly what you're granting, and agents get a direct feedback channel. Plus a friendlier installer and a stack of cloud reliability fixes.

Added

  • Hosted MCP sessions no longer expire out from under you. Connecting over OAuth now issues rotating refresh tokens, so a session renews itself silently instead of going stale and demanding a browser re-consent every 30 days. Any replay of an already-used refresh token revokes the whole session family on the spot.
  • The MCP consent screen shows exactly what you're granting. Approving a client now lists each permission (run audits, view credits, create API keys) with individual toggles, and the required read access is clearly marked. A client that asks for nothing specific no longer receives a full-access grant by default.
  • Agents can send feedback mid-session. A new send_feedback MCP tool takes a category and a message, optionally tied to a run or website, so an agent can report confusing output or missing data the moment it hits it. Works with read-only credentials.
  • The terminal report now leads with the big picture. squirrel audit output opens with the four top-level group scores as a bar breakdown, and categories are ordered most-severe-first, matching the other report formats.
  • A friendlier install. The install script greets you with the CLI's own banner and finishes with a numbered get-started guide: first audit, agent skills, cloud login, plus shell completion and squirrel self doctor hints.
  • Failed installs can now tell us why. The install scripts report a failure's platform, step, and a sanitized error line (paths scrubbed, nothing personal) so broken installs get fixed fast. Reporting never blocks or slows an install, and setting NO_TELEMETRY disables it, same as the CLI.

Fixed

  • A cloud audit that wedges mid-run is now failed at its own deadline and refunded. Stuck running audits were previously reaped by a blanket 75-minute backstop; each run is now judged against its own configured budget, fails promptly with an honest message, and refunds automatically whichever path notices first.
  • Quick audits stay quick. The post-crawl phase (site metadata, technology detection) now respects the audit's overall time budget instead of adding up to four unbounded minutes to a fast crawl.
  • Rendered audits no longer lose cookies. A header-handling bug made cloud rendering drop every cookie a site set, breaking pages behind cookie-dependent front-ends and blinding the cookie security rules. All Set-Cookie headers now survive the full render path.
  • CLI settings writes are now atomic. A crash or full disk mid-write can no longer corrupt settings.json; settings are written with owner-only permissions, and a permission problem reading credentials is reported loudly instead of being treated as logged out.
  • Crawls cut short now say so. A crawl interrupted by the time backstop gets a distinct "stopped" status: its collected pages are still analyzable, and squirrel report explains the crawl stopped before finishing instead of leaving an ambiguous state.
  • Max pages per audit now follows your plan on every path. A couple of API paths could start an audit above the plan's page ceiling or estimate below it; dispatch and pricing now clamp consistently, and a stored setting above your plan's ceiling is honored at the ceiling.
  • Publishing a report with an extremely long list of findings on a single check no longer fails the audit; oversized lists are trimmed safely with a note, keeping the rest of the report intact.
  • Toggling a website's badge on and off in quick succession now always lands on the state you chose, even when the clicks race.
  • When an audit fails because the CLI that started it disconnected, the failure message now says exactly that instead of a generic infrastructure error.

Update to this version

squirrelscan will auto-update, or run this command to update now:

$

Downloads

macOS

Detected
Intel
squirrel-0.0.73-darwin-x64 · 73.0 MB
Download
SHA-256
Apple Silicon (M-series)
squirrel-0.0.73-darwin-arm64 · 67.6 MB
Download
SHA-256

Linux

x64
squirrel-0.0.73-linux-x64 · 96.3 MB
Download
SHA-256
x64 (musl/Alpine)
squirrel-0.0.73-linux-x64-musl · 93.3 MB
Download
SHA-256
ARM64 (musl/Alpine)
squirrel-0.0.73-linux-arm64-musl · 92.2 MB
Download
SHA-256
ARM64
squirrel-0.0.73-linux-arm64 · 96.4 MB
Download
SHA-256

Windows

x64 (Intel/AMD)
squirrel-0.0.73-windows-x64.exe · 100.2 MB
Download
SHA-256

Audit your site in one command

SEO, performance, security, accessibility and agent experience issues, with exact fixes for your coding agent.

Install
$

No account needed for the CLI. Cloud audits include free monthly credits.