changelog · 8 entries

Every
release, with reasons.

We ship in sprints. Each entry below is a real release — features we shipped, hardening passes, infrastructure changes. No marketing spin. If we removed something, you’ll read about that too.

  1. 2026-05-11featv0.2.0-beta.2

    Nomos brand · public docs · dark canvas everywhere.

    The platform now ships under the Nomos brand: dark-first, editorial typography, and a comprehensive public docs surface. Marketing pages, sign-in / sign-up, and onboarding all redrawn from the ground up.

    • New marketing home page with live decision panel
    • Public /docs (mirrors in-product user guide)
    • Public /security trust posture statement
    • Public /integrations matrix + adapter contract
    • Public /changelog (this page)
    • Sign-in / sign-up split-pane with brand panel
    • Onboarding wizard re-styled with Nomos tokens
  2. 2026-05-11featv0.2.0-beta.1

    Clawvisor parity · LLM intent verifier · standing grants.

    Closes the five-item parity gap with Clawvisor (YC W26). New surfaces: per-request LLM coherence verification (fail-closed), PDP response sanitizer, three new connectors (Linear, Stripe, Calendar), Telegram notification channel, durable standing-grant model.

    • LLM intent verifier (Claude Haiku 4.5, 1.5s timeout, fail-closed)
    • PDP response sanitizer middleware (secrets, HTML, zero-width)
    • Linear + Stripe OAuth connectors
    • Google Calendar scope expansion (5 templates)
    • Telegram notification channel via Knock
    • isStanding flag + nullable expiresAt on envelopes
    • Standing grants overview page in dashboard
  3. 2026-05-10featv0.1.0

    First win — Claude Desktop e2e green.

    Claude Desktop end-to-end demo passes green. Approval Envelope + UCAN resource_constraint + /v1/intent + filesystem proxy + mcp-filesystem demo all live. Hardening pass on top: zod bump, schema seed, connections UI, audit polish, edge PDP packaging.

    • Dynamic-scope filesystem slice landed
    • mcp-filesystem demo green
    • Customer-edge PDP Docker + Helm chart
    • Audit panel polish + proof bundle download
  4. 2026-05-09featv0.0.9

    Sprint 9 · step-up + WebAuthn passkey + cosigner UCAN.

    Two-pass cedar detection escalates risky calls to step-up. Passkey assertion in the browser → cosigner UCAN minted on the control plane → PDP three-layer validation. Knock dev-console fallback when KNOCK_API_KEY is empty.

    • WebAuthn passkey enrollment + assertion
    • Cosigner UCAN minting + validation
    • PDP three-layer cosigner validation
    • Knock workflow integration
  5. 2026-05-09infrav0.0.8

    Sprint 8 · push revocation + Postgres audit hash chain.

    Audit chain moved to Postgres with hash-chained rows. Daily Ed25519 signed roots stored in audit_roots. Revocation pushes via Server-Sent Events. R2 Parquet archive with 7-year lifecycle. Open-source audit-verify CLI.

    • Hash-chained audit_events
    • Ed25519 signed daily roots (env-managed)
    • audit-verify CLI
    • Cloudflare R2 Parquet archive
  6. 2026-05-09featv0.0.7

    Sprint 7 · visual policy builder + 20 templates.

    packages/policy-builder: IR / parse / emit / round-trip. Schema-packs: 20 starter templates across the four foundation connectors. Dashboard ships a Visual tab on the Policies page.

    • Cedar IR + visual builder
    • roundTrip() validation rule before save
    • 20 starter templates
  7. 2026-05-09featv0.0.6

    Sprint 6 · dashboard MVP shipped.

    Next.js 15 + tRPC + Better-Auth + Monaco editor + audit viewer. First end-to-end usable surface for the platform.

    • Next.js 15 App Router
    • tRPC + Better-Auth integration
    • Monaco-backed Cedar editor
    • Audit viewer + chain inspector
    • api-keys router
  8. 2026-05-09infrav0.0.5

    Sprint 5 · OAuth ↔ UCAN bridge + 24h refresh sweep.

    Four connectors live (GitHub, Slack, Google, Notion). Proxy mode swaps UCAN for OAuth bearer at the moment of the upstream call. On-demand refresh on 401 + 1-hour sweep with 24-hour lookahead.

    • 4 OAuth connectors
    • Proxy mode
    • Refresh sweep (1h cadence, 24h lookahead)