Trust Center
Release Transparency

Changelog

Reverse-chronological record of operational and governance changes shipped to the Vorantiq operating environment. The frontend is the navigational layer; canonical entries live as markdown in docs/changelog/.

Entry policy

Each entry carries a date, commit, scope, affected planes, operational-impact classification, deployment state, and rollback awareness. No entry on this page describes a change that does not exist as a markdown file in docs/changelog/. Tone is operational; growth-marketing language is not used.

2026-05-08frontend
Read full entry

Public Integrations + External-System Boundaries surface

Added /integrations as a governance surface, not a marketplace. Ten external systems enumerated with full schema per entry: purpose, trust boundary, data-flow direction, authentication, ownership, failure-domain, observability, rollback, and maturity state. Dual-state integrations (Neon: complete + blocked; OpenTelemetry: scaffolded + not enabled) avoid marking shipped-but-dormant code as complete. The integration code was not modified — only documented.

Commit
35da008e
Deployment
verified
Planes
FrontendDocumentationNetworkSpendRoutingAuditObservability
Rollback
reversible — single revert
/integrations/security/observability
2026-05-08frontend
Read full entry

Public Observability + Telemetry Posture surface

Added /observability as the symmetric companion to /status — describes how runtime visibility is approached. 8-capability matrix sourced to file:line, 6-row legend with a new Not enabled state, 9-row honest-gaps section, vendor-neutrality + telemetry-privacy posture stated explicitly. The existing observability code was not modified — only documented.

Commit
306acf14
Deployment
verified
Planes
FrontendDocumentationObservability
Rollback
reversible — single revert
/observability/status/security
2026-05-08frontend
Read full entry

/security aligned with evidence-cited Trust Center posture

Replaced the prior generic SaaS marketing copy on /security with a plane-aligned summary of every documented control. Counts derive from docs/trust/security-architecture.md; honest-gaps and disclosure surfaces are now publicly visible.

Commit
d3a66509
Deployment
verified
Planes
FrontendDocumentation
Rollback
reversible — single revert
/security/status
2026-05-08frontend
Read full entry

Public System Status page (/status)

Added a hand-authored, per-plane operational status surface. Five-state legend distinguishes operational, degraded, under observation, blocked by Production-Safety Stop, and planned external monitoring. No external probe yet; that fact is stated plainly.

Commit
b2b6bae9
Deployment
verified
Planes
FrontendDocumentation
Rollback
reversible — single revert
/status/trust/reliability
2026-05-08frontend
Read full entry

Trust Center frontend rollout

Six new public Trust Center routes (/trust, /trust/responsible-ai, /trust/reliability, /legal, /legal/dpa, /architecture) surface the canonical markdown evidence with restrained operational tone and plane-aligned vocabulary.

Commit
c1ba5ea0
Deployment
verified
Planes
FrontendDocumentation
Rollback
reversible — single revert
/trust/architecture
2026-05-08documentation
Read full entry

Trust Center canonical markdown surface

Established the markdown source-of-truth that every public Trust Center page renders from: security architecture, data handling, governance, reliability, responsible AI, procurement questionnaire, DPA template, onboarding, responsibility boundaries, plane vocabulary.

Commit
f4d8394b
Deployment
not applicable
Planes
DocumentationGovernance
Rollback
reversible — single revert
/trust
2026-05-08governance
Read full entry

Phase 1 governance hardening

Activated non-database Phase 1 hardening: Dependabot, structured PR/issue templates, branch-protection activation runbook, CODEOWNERS team activation runbook. None mutate runtime behavior.

Commit
f2498093
Deployment
not applicable
Planes
Governance
Rollback
reversible — single revert
/security
2026-05-08governance
Read full entry

Production-Safety Stop installed

After .env.production.local was proven to point at a development/test endpoint, the Stop was installed pausing all Phase B runtime advances (routing-schema migrations, SpendGuard rollout, audit-events activation) until live DATABASE_URL is verified via the Vercel/Neon dashboard. Existing production behavior is unaffected.

Commit
605e41df
Deployment
not applicable
Planes
DataControlGovernance
Rollback
explicit procedure
/status/security
2026-05-08documentation
Read full entry

Production operations runbooks

Documented incident response, key rotation, restore-from-backup (4 procedures), migration recovery (4 failure scenarios), and on-call. Each runbook describes preconditions, decision criteria, and explicit steps with command-line evidence.

Commit
ff92371f
Deployment
not applicable
Planes
DocumentationGovernance
Rollback
reversible — single revert
/trust/reliability
2026-05-08security
Read full entry

Procurement-ready disclosure policy

Rewrote SECURITY.md as a procurement-ready disclosure policy with explicit response SLAs and added an RFC 9116 /.well-known/security.txt route served by the production FastAPI surface.

Commit
e0f9cdc1d28254ee
Deployment
verified
Planes
NetworkDocumentationGovernance
Rollback
reversible — single revert
/security
2026-05-08governance
Read full entry

CODEOWNERS introduced — semantic ownership map

Plane-aligned ownership map encoded in .github/CODEOWNERS. Required-reviewer enforcement is gated on org-admin team activation and is named as an honest gap on /security.

Commit
d2e60918
Deployment
not applicable
Planes
Governance
Rollback
reversible — single revert
/security
2026-05-08security
Read full entry

Public source-map exposure closed

Disabled Webpack source-map output for production and added a post-build gate that fails the build if any .map file is present in the public output. Every subsequent build asserts the gate.

Commit
a45267b0
Deployment
verified
Planes
FrontendNetwork
Rollback
reversible — single revert
/security
View canonical changelog directory