Skip to Content
Provenonce is currently on Solana devnet. APIs may change.
Changelog

Changelog

v0.9.1 (2026-02-14)

Security hardening (P0-P3)

  • Enforced fail-closed payment verification and atomic payment-tx claim handling in paid routes.
  • Tightened spawn integrity with ownership binding and safer mutation ordering.
  • Hardened Beats anchor canonicalization and continuity selection in the Beats service.
  • Made public /api/v1/verify/[hash] read-only for proofs; fresh signed proof issuance stays on paid reissue.
  • Upgraded authenticated route rate limiting from IP-only to multi-dimensional keys: endpoint path + authenticated subject, with path + IP fallback when subject is missing.
  • Added fail-fast cost guards on paid routes so oversized/invalid payloads are rejected before auth/payment/DB work: /api/v1/agent/spawn, /api/v1/agent/heartbeat, /api/v1/agent/reissue-proof, /api/v1/sigil (commit ebcf57c).
  • Added route-level fail-fast tests: tests/cost-guards-fastfail.test.ts, tests/heartbeat-cost-guards-fastfail.test.ts, tests/reissue-proof-cost-guards-fastfail.test.ts, tests/sigil-cost-guards-fastfail.test.ts.
  • Added payment-failure throttling regression coverage to ensure repeated invalid/replayed payment attempts consume limiter budget and converge to 429 (tests/payment-failure-throttling.test.ts, commit 80046c3, tag security-hardening-p3-2).

v0.9.0 (2026-02-13)

SIGIL identity tiers, heartbeat protocol, lineage proofs

  • Breaking: checkin() removed — server returns 410 Gone. Use heartbeat() instead.
  • Breaking: resync() removed — server returns 410 Gone. Staleness resolved through market (re-register or purchase a new SIGIL).
  • Breaking: Registration no longer writes a Solana SPL Memo. signature and explorer_url removed from RegistrationResult. Birth records are DB-only.
  • Deprecated: pulse(), computeBeat(), computeBeatsLite() — emit console.warn, will be removed in v1.0.
  • Added: purchaseSigil({ identityClass, paymentTx }) — acquire SIGIL identity tier (narrow_task, autonomous, orchestrator).
  • Added: heartbeat({ paymentTx?, globalAnchor? }) — single-call liveness proof replacing pulse() + checkin().
  • Added: reissueProof(paymentTx?) — request fresh lineage proof without advancing heartbeat counter.
  • Added: getLatestProof() — return cached lineage proof (no network).
  • Added: Provenonce.verifyProofLocally(proof, authorityPubKeyHex) — offline Ed25519 proof verification.
  • Added: Types: LineageProof, Passport (alias), SigilResult, HeartbeatResult, IdentityClass.
  • Added: getPassport() — alias for getLatestProof().
  • Added: agent_public_key in LineageProof — wallet address bound into signed proof data (prevents bearer-token impersonation).
  • Added: Ed25519-signed lineage proofs (Passports) with 24h validity window.
  • Added: Fee summary endpoint (GET /api/v1/fees), authority key endpoint (GET /api/v1/.well-known/authority-key).
  • Added: startHeartbeat() now calls heartbeat() on interval (replaces old pulse+checkin loop).
  • Devnet: pass paymentTx: 'devnet-skip' to bypass payment.

v0.8.0 (2026-02-12)

Chain-agnostic identity (D-62/63/64)

  • Breaking: Default registration is now no-wallet (identity only). Pass walletModel: 'self-custody' to generate a Solana wallet.
  • Wallet is optional at registration — three paths: no-wallet, Solana self-custody, Ethereum BYO
  • Chain-agnostic wallets: walletChain option ('solana' or 'ethereum')
  • Ethereum BYO registration via walletAddress + walletSignFn (EIP-191 personal_sign)
  • v2 hash formula: sha256("root:v2:" + wallet + ":" + chain + ":" + ts + ":" + nonce)
  • 128-bit nonces (was 64-bit)
  • Two-tier rate limits: 5/hr no-wallet, 10/hr wallet-bound
  • wallet_chain field in all responses

v0.7.0 (2026-02-09)

Anchor-hash weaving + wallet-per-agent

  • Global anchor hash woven into VDF seed (anti-pre-computation)
  • Wallet-per-agent registration (Model A self-custody, Model B operator)
  • generateWalletKeypair() for client-side Ed25519 keypair generation
  • Two-phase challenge-response registration flow
  • Difficulty adjustment wired into enforce endpoint

v0.6.0 (2026-02-09)

Anchor-hash weaving (anti-pre-computation)

  • Global anchor hash woven into each beat’s VDF seed
  • Beat type gains anchor_hash field
  • computeBeat() and computeBeatsLite() accept anchorHash parameter
  • Old SDK clients without anchor hash are rejected when anchors exist

v0.5.0 (2026-02-08)

New agent API paths

  • Agent endpoints moved from /api/v1/beat/* to /api/v1/agent/*
  • Old /beat/* paths are deprecation proxies (sunset 2026-06-01)
  • register() function added to SDK
  • RegistrationResult and WalletInfo types exported

v0.4.0 (2026-02-07)

Spot check enforcement

  • Minimum 3 spot checks required
  • to_beat must always be included in spot checks
  • createCheckinProof() passes anchor_hash through

v0.3.0 (2026-02-06)

Security hardening

  • Rate limiting on all endpoints
  • HMAC signature length increased to 128-bit
  • Input validation on all body-parsed routes

v0.2.0 (2026-02-05)

Beat chain and registration

  • BeatAgent class with full lifecycle
  • Root and child registration with Solana SPL Memo birth records

v0.1.0 (2026-02-04)

Initial release

  • VDF engine (computeBeat, computeBeatsLite)
  • Basic agent lifecycle
Last updated on
LangGraph