Changelog
What shipped, grouped by sprint. Architectural milestones are tagged Feature; compliance + safety are Security.
Admin can post incidents (minor / major / critical) with affected components and a timeline of status updates (investigating → identified → monitoring → resolved). Each update surfaces immediately on the public /status page above the auto health banner. Replaces the previous 'no way to tell customers we're investigating without a code push' gap.
Admin overview now opens with a Revenue card showing MRR, ARR, paying / trialing / past-due counts, MRR broken down per tier (pro / team / business / enterprise), and top 5 customers by monthly revenue. Yearly subscriptions amortized to monthly equivalent. Previously required opening Stripe Dashboard.
Admin can bump rate limits and caps for a specific org without changing their tier — common during 30-day pilot evaluations. API/month, API/minute, max VARVEs, max agents all overridable with an audit trail (who set it, when, why). Non-null values replace tier defaults; clearing all fields restores tier limits.
After the calculator creates a Stripe product + price, admin picks an org from a dropdown and either (a) starts the subscription immediately with billing, or (b) generates a share-link Checkout URL. Closes the workflow end-to-end — previously the price_id sat orphaned in Stripe after generation.
Feature-equivalent companion to the Python SDK, ships as nage-ai on npm. Native fetch (Node 18+, browsers, Deno, Bun, Cloudflare Workers). Strict TypeScript, automatic retries on 429/5xx with exponential backoff + jitter, 8 passing vitest smoke tests. Dedicated /docs/typescript reference page with 12 sections.
Official Python client at pip install nage-ai. Typed dataclasses (ThinkResponse, Stemma, VARVE), auto-retry on 429/5xx, context-manager support, surgical privacy_delete, hash-chained audit access. Dedicated /docs/python reference page with 11 sections. Replaces the older Nage KLM placeholder on PyPI.
Public /contact captures structured pilot inquiries (name, email, company, role, team size, vertical, use case) — routes to founder email and appears in the admin Leads tab. 6-column funnel counter (new → contacted → demo → trial → converted → lost) with inline status dropdown per row. Closes the gap where mailto links went to inbox and didn't get tracked.
Structured page ready to populate the moment the first pilot approves a public quote. Until then: 4 verticals we're piloting with (Legal, Compliance, Finance, Healthcare) with use case + need, 'why regulated teams' positioning, and a pilot conversation CTA. Disclaimer that case studies only go live with customer approval.
Every chat auto-saves to localStorage — survives refresh and new tab. 'Export ↓' downloads the full conversation as Markdown with STEMMA attribution blockquoted per response. 'Share' creates a read-only public /s/{token} URL (copyable, revocable, expirable) so pilots can circulate an AI-assisted research thread to their team.
Daily volume bar chart, p95 latency line chart, errors-per-day bar, 5 KPIs (total requests with period-over-period change, MTD vs quota, avg + p95 latency, error rate, tier + cap). Range selector 7/30/90 days. Drill-down from /dashboard/insights.
Create webhooks with event type pills, secret shown once after creation, per-row 'Send test' + 'Delete'. Ad-hoc URL tester posts a signed event to any URL without saving it (useful before committing). Signature verification code snippets in Python / Node / Go — all timing-safe compare.
Closes the Pro→Business gap. Public pricing now 4 tiers in a grid plus an Enterprise callout. Seat cap enforcement on invites: 402 Payment Required with structured 'Upgrade to add more seats' hint when cap reached. Backend Stripe Checkout + Customer Portal + webhook sync. Admin pricing calculator generates Stripe products + prices via API.
Bug: F.cross_entropy(logits, labels) had no causal-LM shift, so training learned an identity mapping instead of next-token prediction. Train loss collapsed to 0.01 while eval loss exploded to 24 (10x worse than pre-training). First Phase 2 run produced garbage VARVEs. Fix: standard shift — logits[..., :-1] predicts labels[..., 1:]. After fix: val_loss averaging 1.47 across 15 VARVEs — real model quality.
Repaired 11 stale tests that had been failing on every run for weeks due to API drift (health returns {varves: list} not dict-by-name, VARVE default init is V=U=zeros per v2 asymmetric design, consolidation now skips when distance < 0.30, bench needs a tokenizer, frozen-model autograd requires at least one grad-requiring param). Also fixed a pre-existing divide-by-zero in consolidate_facies. 20+ consecutive red runs broken.
Five-minute quickstart now leads the docs. New STEMMA interpretation section covers entropy bands, facies_mass, and production patterns — with an explicit note that STEMMA is a mechanistic activation indicator, not an epistemic proof. WebSocket stream fully documented: 6 topics, envelope, reconnection, React hook.
Four public pages wrapped in a shared PublicShell — consistent nav and footer. Pricing shows 4 tiers + Validation Credits add-on + 15-row comparison. Security covers 6 pillars (isolation, privacy_delete, hash-chained audit, data residency, auth, Governed Consolidation) plus compliance roadmap. About gives the founder narrative and architecture formula. Status polls /health every 30s with tier SLAs.
Every VARVE now exports a hash-chained audit trail as JSON, NDJSON, or text — HMAC-signed for EU AI Act Article 13 evidence. The VARVE detail page surfaces SEDIM-Bench scores across five dimensions (VARVEiq, RoutingIQ, FusionIQ, IsolationIQ, AttributionIQ).
Legal, Compliance, Finance, Healthcare, Sales, and Internal flows ship as pre-built canvases. One click creates a populated canvas; replace the Document source and you are running a real flow.
Right-click context menu, auto-layout, duplicate with ⌘D, nudge with arrows, delete with ⌫, save with ⌘S — plus a save toast so you know it stuck. Full native SVG+HTML canvas, no React Flow.
Per-agent permissions (read_files, write_db, send_email, ...), budget caps (tokens / tool calls / runtime / cost), approval-required actions via Checkpoint nodes, and execution modes (dry-run / shadow / live). Regulated-sector default configuration.
VARVE → FACIES merge is irreversible, so it now requires a propose → admin approve → superadmin execute chain. A FACIES snapshot is saved before execution as an emergency revert path.
Golden Sets (20-50 labeled queries) runnable inline against any VARVE + inference mode. Runs are async, results label-able, shareable read-only via share_token. Regression baselines can block promotion when pass rate drops.
Document, Live Source, VARVE, Priority, Agent, Checkpoint, Action, Dynamic UI nodes. Build / Test / Deploy / Monitor modes. WebSocket subscribes to stemma.update, canvas.node_change, system.metric for real-time pulses.
Six-state machine (seed → active → volatile → archived → merged → forgotten) with versioning. Hash-chained audit events. privacy_delete anonymizes weights + STEMMA logs while retaining a signed deletion proof — GDPR / KVKK Article 17 built into the architecture.
11 regex rules scan every uploaded file before training starts. Severity-weighted risk score surfaces in a modal; user decides go / refine / cancel. Prevents accidental PII bake-in at the ingest boundary.
Error tracking wired end-to-end. /metrics exports Prometheus counters + histograms. The WS hub publishes 6 topics, tenant-scoped via JWT.