Changelog

Real-time updates, security patches, and platform enhancements.

v3.0.02026-03-13
RELEASE
  • B2C Content Protection Platform: individual creators can now protect content with cryptographic proof of authorship
  • Auto-provisioned personal issuers and Ed25519 signing keys on consumer signup — no onboarding required
  • New POST /v1/consumer/mint endpoint: upload a SHA-256 hash and receive a signed attestation anchored to the transparency log
  • New Protect page in consumer app with drag-and-drop upload, client-side hashing, and AI-powered metadata extraction
  • My Protections page: view, manage, and toggle visibility of all protected content
  • Public Portfolio: set a username to showcase public protections at verify.truthlocks.com/portfolio/username
  • Shareable Proof pages with OG tags, AI-generated summaries, and embeddable verification badges
  • Downloadable SVG protection certificates via /api/certificate/{id}
  • Embeddable shields.io-style verification badges via /badge/{id} (SVG)
  • Creator Dashboard upgrade: protection stats, quick-protect dropzone, and recent protections timeline
  • Consumer billing tiers: Free (50/mo), Creator $9/mo (500/mo), Pro $29/mo (unlimited)
  • Database migration 102: consumer_protections table with RLS, issuer_type column, username column with unique index
  • New API endpoints: consumer stats, protection visibility toggle, username management
  • WWW homepage updated with dual-track hero (creators + enterprise) and HomepageCreators section
  • New /creators and /developers landing pages on marketing site
  • Pricing page updated with individual Creator plans alongside business tiers
  • 4 new Consumer API reference pages: Protect Content, List Protections, Public Portfolio, Consumer Stats
  • New B2C Content Protection guide in documentation
  • Updated navigation: Protect and My Content in consumer navbar and mobile bottom nav
v2.5.02026-03-12
RELEASE
  • Content integrity: Console verify page now sends document_hash_hex (SHA-256) for file-based verification instead of raw payload, matching the verification-service contract
  • B2C Signup: company_name is now optional for consumers — defaults to user's name + Workspace or 'Personal'
  • B2C Signup: auth/sign-up page fixed to use /v1/consumer/signup (previously called non-existent /v1/tenants/bootstrap)
  • B2C Signup: password minimum length aligned to 10 characters across frontend and backend
  • Pending inbox deliveries: credentials minted for unregistered consumers are now stored as pending and automatically claimed on signup
  • New database migration: pending_inbox_deliveries table for deferred B2C delivery
  • Mint page: delivery status now shows 'pending' for unregistered recipients instead of 'error'
  • Email template: improved mint notification with step-by-step claim instructions
  • SDK Integration: new /settings/sdk page in tenant console with JavaScript and Go code examples, install instructions, and links to docs
  • Transparency: checkpoint health dashboard added to Public Profile page showing tree size, root hash, timestamp, and signer info
  • SEO: added 301 redirects for /home, /seat/mo, /month on www; /sdks on docs; /signup on console
  • 4 new Consumer (B2C) API reference pages: Signup, Login, Inbox, Deliver to Inbox
  • Consumer (B2C) section added to API reference sidebar navigation
v2.4.02026-03-12
RELEASE
  • Verification Packs — Full Wiring: attestations can now be linked to packs via pack_id during minting
  • Pack verification counts are automatically incremented when attestations are linked
  • New PUT /v1/attestation-packs/{id} endpoint to edit pack name, description, and category
  • New POST /v1/attestation-packs/{id}/increment-count internal endpoint for cross-service counting
  • Status validation added — UpdatePackStatus now rejects invalid status values
  • Filter attestations by pack_id in the list endpoint and tenant console
  • Pack detail page now shows recent linked attestations and edit functionality
  • Mint page includes optional verification pack selector
  • 5 new API reference pages for verification pack endpoints
  • Fixed accept-invite redirect from non-existent /dashboard to /
  • Onboarding shell now supports light and dark themes
  • Toast notifications added to all onboarding wizard steps
  • Issuer approve/suspend/revoke/reinstate actions now work from the tenant detail panel
  • Evidence download button on issuer application review is now functional
v1.3.12026-03-07
RELEASE
  • Mint API: new document_hash field for direct SHA-256 hash submission — auto-computes hash when not provided
  • Proof bundle validation: tamper detection via bundle_hash_b64url verification — any modification now fails integrity check
  • Transparency log: server-side pagination with 100 checkpoints per page and total count
  • Attestation packs: fixed RLS policy enforcement so tenant packs display correctly
  • Audit events: fixed tenant audit log visibility in console
  • Blog content audit: removed false claims and misleading partnership references
  • API docs: updated mint attestation reference with document hash resolution guide
v1.3.02026-03-01
RELEASE
  • Platform UI upgrade: three-column API docs layout (Bridge/Stripe style) with code panel
  • Console enterprise UI: shared component library (20+ components), nav-rail, breadcrumbs
  • Consumer portal redesign: mobile-first layout, credential cards, bottom navigation
  • API docs: all 35 credential schemas with JSON claim templates in mint reference
  • Environment switcher: sandbox/production toggle in docs Try-It panels
  • Lead management: full onboarding flow with status tracking and enterprise invite emails
  • Enterprise signup: company name, business type, country collection
  • Password change UI in consumer security settings
  • Audit DNS fix: correct Cloud Map service discovery for ECS
  • CORS proxy routes for docs API playground
  • Logo added to all 22 email templates
  • Mobile-responsive docs with adaptive tables, code blocks, and cards
v1.2.22026-02-18
FEATURE
  • Canonical Routing: Unified /v1/audit prefix ownership under audit-service
  • Legacy Bridge: Reverse proxy for trust-registry audit endpoints
  • Documentation: Removed duplication and established enterprise redirects
  • Quality Gates: Enhanced gateway-parity and openapi-drift checks
v1.2.12026-01-28
ADR
  • ADR-056/057 accepted: RFC-8785 canonicalization + console proxy hardening
  • Console proxy Phase A controls: allowlists, auth enforcement, logging, kill-switch
  • Release-pack gates added for ADR presence and proxy usage
  • Public site (Ticket 40A): enterprise navigation, mobile menu, theme/footer polish
v1.2.02026-01-26
RELEASE
  • Webhooks system with signing, retries, and delivery logs (T31)
  • Issuer onboarding: applications + S3 evidence workflow + review actions (T32)
  • Tenant branding and organization profile pages (T33)
  • Policy runtime enforcement on mint/verify with detailed violations (T34)
  • Multi-environment support with per-env RLS (T35)
  • Audit export + retention policies and access logs (T36)
  • Pricing site with calculator (T50)
  • SCIM 2.0 provisioning endpoints and token management (T52)
  • KMS signing provider + issuer key migration fields (T53)
  • Data residency enforcement + docs (T54)
  • Compliance pack v1 + threat modeling + pen-test readiness (T55–57)