Changelog · release discipline
Changes are communicated with versioned clarity.
Enterprise systems integrate only when change is predictable. This page documents compatibility discipline and high-signal product updates.
Release policy
Compatibility expectations
Written for enterprise engineering, security, risk, and compliance review teams.
Versioned API
Major behavioral changes require a versioned endpoint path (e.g., /v2).
Additive first
Fields and endpoints are introduced in a backward-compatible way whenever possible.
Explicit semantics
Decision values, enforcement rules, replay constraints, and signature formats are documented in the API reference.
Operational readiness
Retries, timeouts, and export verification formats are designed to satisfy audit and incident workflows.
Changelog
Product updates
High-signal changes only—no noise.
v1.7.0 · Official SDK launch + end-to-end integration example (Node/TS) + docs polishJan 21, 2026
SDKDevelopersIntegrationsDocs
Release
•Official Node/TypeScript SDK now available on npm: presencebound-sdk@1.0.2 (ESM + CJS + .d.ts + sourcemaps).
•SDK provides typed methods across core PBI + billing endpoints, including an async iterator for receipts pagination (iterateReceipts).
•Strict runtime behavior: request timeouts via AbortController, query serialization that drops undefined, and exactOptionalPropertyTypes-safe typing.
•Typed error surface (PresenceBoundError): status + optional requestId + optional structured ErrorResponse details for fast incident correlation.
•End-to-end integration example added (WebAuthn → verify → receipt): ./packages/presencebound-sdk/examples/node-sdk (Express server + browser UI).
•Root README upgraded for enterprise onboarding: SDK install/quickstart, compatibility matrix, example link, and operational notes.
•Backward compatible: no breaking changes to /v1/pbi/* or billing endpoints; existing integrations continue to work unchanged.
v1.6.0 · Console IA upgrade: dedicated Webhooks + Exports modules (clean hub + task pages)Jan 21, 2026
PortalEnterprise UXCompliance
Release
•Console refactored into a clean control-plane hub (plan/quota/usage/keys + navigation) to reduce cognitive load for enterprise users.
•New dedicated console module pages for enterprise workflows:
•• /console/webhooks — configure receipt.created delivery (create/rotate/delete with secrets shown once).
•• /console/exports — generate signed evidence export packs with presets + advanced filters and offline verification guidance.
•Navigation updated to treat Webhooks and Exports as first-class destinations (separate from the homepage).
•No API key exposure: exports remain cookie-auth via /v1/portal/receipts/export.
•Backward compatible: no changes required for existing API integrations.
v1.5.0 · Enterprise onboarding + CORS resilience (rollout guide, console links, origin normalization)Jan 21, 2026
ReliabilityPortalEnterprise UX
Release
•New public Enterprise Rollout Guide page: /enterprise/rollout (Day 0 → Day 7 production implementation sequence).
•Console updated to surface the rollout guide at critical touchpoints (nav, setup CTAs, mobile quick actions, enterprise controls context).
•CORS hardened for portal reliability: normalize origins (trim, strip quotes, remove trailing slashes) to prevent brittle exact-match failures.
•CORS denial logging added (cors_origin_denied) to make production misconfiguration diagnosable instantly.
•No breaking changes: existing portal and /v1/pbi integrations continue to work unchanged.
v1.4.0 · Portal enterprise controls: webhooks + signed evidence exports (self-serve)Jan 21, 2026
PortalComplianceEnterprise UX
Release
•New portal export endpoint: GET /v1/portal/receipts/export — cookie-auth evidence exports (no API keys in browser).
•Customer dashboard upgraded with Enterprise Controls: configure receipt.created webhooks and download signed evidence packs from the console.
•Portal API keys response now surfaces governance metadata (scopes, last_used_at, last_used_ip) for compliance review workflows.
•Webhook secrets are shown once (create + rotate) and designed for secure verifier integration.
•Export packs remain offline-verifiable (manifest hashes + Ed25519 signature + verification.json) with time-window enforcement for large exports.
v1.3.0 · Production hardening: resilient webhooks, deterministic exports, safer opsJan 21, 2026
ReliabilitySecurityOps
Release
•Webhook delivery worker hardened: multi-instance safe claiming, graceful DB failure handling, and no-crash interval execution.
•Webhook deliveries now use an explicit processing state with stale-claim reclaim to prevent stuck jobs after restarts.
•Webhook HTTP delivery adds a strict timeout (AbortController) and preserves exponential backoff retry semantics.
•Export packs upgraded for audit correctness: deterministic receipts.ndjson and canonical manifest.json bytes aligned with the signature model.
•Export signing now includes a stable keyId derived from the public signing key fingerprint to support pinning and rotation workflows.
•Export ZIP creation hardened: sanitized entry names, clearer failures when zip tooling is missing, and guaranteed temp cleanup.
•Postgres pool defaults made production-safe (remote SSL by default unless disabled, sane timeouts, and pool error handling).
•Graceful shutdown: worker stop + HTTP server close + DB pool close for predictable deploy/restart behavior.
v1.2.0 · Enterprise WOW pack: webhook delivery, export packs, and key governanceJan 20, 2026
EnterpriseComplianceIntegrations
Release
•Receipts listing upgraded with time windows, explicit ordering, opaque cursors, and higher limits (max 500).
•New export endpoint: GET /v1/pbi/receipts/export generates a signed, offline-verifiable zip pack (manifest + hashes + signatures).
•Portal webhooks: create/list/update/delete endpoints for receipt.created events, with HMAC signatures + retry semantics.
•Receipt and challenge payloads enriched with policy metadata, verifier context, and trace identifiers where available.
•API key governance upgrades: rotation endpoint, last-used fields, and optional per-key scopes (export requires pbi.export).
•OpenAPI and portal docs refreshed to document cursor semantics, webhooks, export pack format, and key rotation.
v1.1.0 · Audit-friendly receipts listing + richer receipt contextJan 18, 2026
AuditReporting
Release
•New endpoint: GET /v1/pbi/receipts — customer-facing receipts listing designed for audit/export workflows.
•Cursor-based pagination added for receipt listings (nextCursor).
•Receipt listing supports filters: actionHashHex, challengeId, purpose, decision, limit.
•Each receipts list item returns receipt + associated challenge metadata (challenge context included when available).
•Receipt detail endpoints now include an embedded challenge object when available:
•GET /v1/pbi/challenges/{challengeId}/receipt
•GET /v1/pbi/receipts/{receiptId}
•OpenAPI updated to document receipts listing, combined receipt+challenge schemas, metering fields, and expanded error coverage (invalid requests, quota, unknown challenge IDs).
•README updated to include the receipts listing endpoint in the core API surface.
•Portal homepage updated: API Docs card now surfaces receipts endpoints for customer visibility.
•Internal: strengthened typing around receipt/challenge date handling to prevent invalid date parsing (no customer-facing behavior change).
•Backward compatible: no breaking changes; existing integrations continue to work as-is.
v1.0.0 · Initial public releaseJan 15, 2026
Foundation
Release
•Presence-bound challenge → UP+UV verify → receipt model.
•Action-hash binding and non-replayable challenge semantics.
•Portal billing + API keys + usage metering.
•Optional portable proof export model for audit workflows.
Enterprise change review
Enterprises can request change review expectations, environment separation guidance, and rollout sequencing via /enterprise.