StateAnchor Changelog

1.9.0-beta

Added

• Two new blog posts: "How to write tool descriptions that don't confuse your AI agents" and "Speakeasy builds your MCP server. Who ensures it never drifts?"
• First-sync observability: projects.first_sync_at, users.onboarding_completed_at, users.stuck_onboarding_nudge_at recorded on first successful sync (migration 096)
• Stuck-onboarding nudge cron: daily Trigger.dev task fires 48h+ after signup if user never synced after connecting GitHub

Fixed

• 16 missing email description handlers in lib/change-descriptions.js -- every ERR/WARN kind now produces a specific, actionable email
• ERR_KINDS count corrected to 16 in protection-summary and weekly-summary email templates
• CLI docs page (/docs/cli) now documents real stateanchor check command -- previously described nonexistent @stateanchor/cli npm package
• Quickstart pages (/docs/quickstart/nextjs, /docs/quickstart/nodejs) rewritten to document real stateanchor check -- previously referenced nonexistent npm CLI
• Turbopack unicode panic: non-ASCII bytes removed from layout.jsx, export route, and landing page

1.8.0-beta

Added

• First-sync observability: projects.first_sync_at and users.onboarding_completed_at recorded on first successful sync -- migration 096
• Stuck-onboarding nudge email: daily cron detects users who connected GitHub but never completed a first sync (48h+ elapsed) and sends targeted setup instructions
• Email change descriptions: all 16 ERR and 9 WARN change kinds now have accurate email subject and body text -- previously unknown kinds fell through to a generic fallback

Fixed

• Dead code audit: confirmed createSyncTrace and oneOf_anyOf_modified handlers already removed in prior sessions
• Email notifications: 16 missing change-description handlers added for ERR/WARN kinds activated in sessions 33-36

1.7.0-beta

Added

• ERR gate block email notification -- repo owners now receive an email when StateAnchor blocks a breaking change (requires this release + migration 095)
• Notification preferences -- manage gate block and weekly digest email preferences in Settings
• Credit pack one-time purchase -- buy 10, 50, or 250 sync credits without a subscription
• Weekly digest now includes protection metrics (ERR blocks stopped, clean streak)
• /vs/postman comparison page -- StateAnchor and Postman: different jobs, complement framing
• Share page: OG metadata, "How it works" accordion, detection accuracy stat
• Blog: "What is StateAnchor?" post
• Pricing: annual billing toggle (display)
• Landing: benchmark social proof section

Fixed

• /docs/compare prerender error (JSX element objects rendered with {VAR} not <VAR />)
• Landing detection accuracy stat was hidden (5th stat behind overflow:hidden)
• /vs/fern Postman rebrand note added

1.6.0-beta

Added

• Subscription plan enforcement: active subscribers bypass the credit gate; past_due treated as active -- no service interruption during payment retry window
• Dashboard subscription status bar: shows plan, renewal date, and manage billing link (active / canceling / past_due / free / canceled states)
• Plan-aware pricing page: Current Plan badge replaces the CTA for your active tier; subscribed users see a manage billing CTA instead
• POST /api/billing/portal: Stripe billing portal session for subscription management (cancel, update card, download invoices)
• lib/plan-access.js: canAccessTeamFeature() and canAccessProFeature() helpers for plan-tier feature gating
• Compliance export now gated to Team+ plan tier
• Webhook endpoint creation (POST /api/webhook-endpoints) now gated to Pro+ plan tier

Fixed

• /docs/gate-kinds blank content on page load -- DocsAnimated viewport fix makes content immediately visible
• Dashboard inner sidebar removed -- three-panel layout cleaned up, no duplicate navigation
• Scroll animation gaps reduced on landing and pricing pages (40→16px gap, 0.65→0.4s duration)
• Docs header CTA updated from "Get early access" to "Connect a repo →"
• /concepts/change-kinds now permanently redirects to /docs/gate-kinds

1.5.0-beta

Added

• Subscription billing end-to-end: migrate to a paid plan directly from the pricing page (Stripe checkout)
• /docs/compare: full breaking-change scenario comparison table (BC-01-BC-20) -- StateAnchor spec-diff 100% vs api-smart-diff 65%
• concepts/change-kinds: complete rewrite -- all 33 kinds documented with correct names and before/after examples
• /vs/oasdiff: competitive update with benchmark data and oasdiff Pro context
• /docs/faq: three new detection accuracy Q&As

Fixed

• Flaky tests stabilized (auth-flows CSP, security-headers, stage-b0-preverification) via hookTimeout increase
• Landing page test count updated to 3,088

1.4.0-beta

Added

• 11 previously-declared detection kinds now active: param_removed, response_field_removed, response_field_type_changed, response_schema_type_changed, validation_constraints_tightened (ERR); optional_field_removed, response_field_required, response_constraints_relaxed, response_enum_value_added (WARN); deprecated_flag_added, constraints_relaxed (INFO)
• Request/response context awareness: response schema changes now produce distinct kind names from request schema changes -- response_field_removed and response_field_type_changed are now distinct from their request-side counterparts
• Nested object diffing: changes within nested object properties now detected at the leaf level rather than reporting the parent object as changed
• $ref resolution: $ref schemas resolved before diffing -- previously unresolved refs caused silent false negatives
• allOf merging: allOf schemas merged before diffing -- allOf compositions no longer escape detection
• Validation constraint detection: constraint tightening (validation_constraints_tightened, ERR) and relaxation (constraints_relaxed, INFO) now detected for minLength, maxLength, minimum, maximum, pattern, enum
• Detection benchmark corpus: 34-scenario ground-truth corpus established in CI -- regression guard for spec-diff quality

Fixed

• Production bug fix: drift.js was silently discarding all api-smart-diff breaking change detections due to incorrect root-level iteration of the api-smart-diff response. The gate was not receiving these findings. Fixed by correctly destructuring { diffs } from the api-smart-diff result (PR #320).
• Optional vs required field removal now distinct: optional_field_removed (WARN) no longer misfires as field_removed (ERR) -- reduces false positives for optional field removal
• param_removed now distinct from field_removed: parameter removal is now classified separately from request body field removal, with accurate ERR scoring

1.1.0

Added

• Observe mode: StateAnchor now defaults to advisory mode on first install -- gate results appear as PR comments but nothing blocks until you flip mode: enforce. No workflow disruption while you calibrate.
• API changelog: every gate decision generates a structured changelog entry -- exportable as Markdown. Share a permanent link to each entry or embed a changelog tab in your partner portal.
• SOC 2 compliance export: gate decisions and drift exceptions exported as a CC8.1-mapped evidence package (JSON or Markdown). Download directly from project settings for your next audit.
• Protection summary: a stats bar showing your clean-run streak and breaking changes caught in the last 30 days. Appears on your project cockpit after five syncs -- the invisible success problem made visible.
• Spec scaffolder: generate a starter stateanchor.yaml from a plain-language description of your API at /tools/yaml-scaffolder -- no LLM calls, no account required.
• Exception notifications: filing a drift exception now sends a confirmation email explaining the anergic state, what signal activates it, and how to track its lifecycle.

Fixed

• Gate accuracy: required parameter additions now correctly block (ERR) rather than warn. Previously, adding a required field was classified as a lower-severity WARN -- a logic error that left consumers silently exposed to breaking changes.
• Gate accuracy: optional-to-required parameter transitions now block (ERR). A parameter shifting from optional to required is a breaking contract change for any existing caller that omits it.
• Gate accuracy: success status code removal now blocks (ERR). Dropping a 200 or 201 from a response that callers expect breaks every client that checks the status code.
• Re-engagement emails now correctly identify active users by checking recent sync activity -- previously the query targeted a removed legacy table and always returned zero, sending daily emails to all users regardless of usage.

1.0.0-beta

Added

• Git-native desired-state gate engine with ERR / WARN / INFO categorical lanes; ERR always blocks, WARN is threshold-based, INFO always passes -- a composite 0-100 score is display-only and never the decision signal
• Four-syndrome drift detection: parent diff, merge-base diff, last-known-good diff, and deployed diff -- four independent drift anchors evaluated on every push
• Append-only public Merkle audit log (RFC 6962 Certificate Transparency model) with GitHub App root publication and inclusion proof endpoint
• Outgoing webhooks with HMAC-SHA256 signed delivery to user-configured endpoints and per-endpoint delivery log with retry visibility
• Share tokens for public read-only gate result views -- no account required to view a shared run
• Anergic two-signal exception model: exceptions start inert, activate only when a second independent signal arrives (code-owner ack or consumer test)
• MCP server and SDK artifact generation -- TypeScript, Python, Go, Rust, PHP; typed wrappers and MCP server artifacts generated via Claude Sonnet 4.6
• Contract-aware AI coding tools: five MCP tools for IDE integration exposing real-time breaking-change detection before code is written
• Drift-debt scanner: evolvability score (0-100) from a 4-pattern library surfaced as an advisory scan on every push
• Closed-loop learning: implicit signal stack (fast exception, PR revert, rollback, re-block, 30-day true-negative) populates outcome labels for calibration
• Sparse monitoring: SILENT / ACCUMULATING / VELOCITY_SPIKE event classification, daily cron check, and email alert
• Drift velocity projection: forecasts threshold crossings N commits ahead and surfaces an advisory warning before the gate blocks
• Trust bootstrapping: first-run empty states, near-miss ledger, threat receipts, and DriftPressureGauge on the project cockpit
• Usage dashboard with endpoint count, sync history, credits balance, and drift pressure visualization
• Gate result quality score UI with lane legend on gate result and run detail views
• ICE consensus validator in Stage B (three-hash + topology signature fast-path) and Council Mode evaluator disagreement tracking in Stage C
• Content-addressed artifact storage: SHA-256 hashed objects with mutable project refs -- every artifact is replayable from its hash
• GDPR data export endpoint with full account data bundle and settings UI button
• Programmatic audit API with Merkle inclusion proof per sync run
• Sync-action GitHub Action: OIDC authentication, fork PR detection, PR annotation with gate verdict and suggested fix bullets
• enforce-on-prs option for the sync-action: advisory by default, opt-in blocking on PR gate ERR
• Exception creation UI: change type, endpoint, reason, 90-day TTL, anergic → active lifecycle with signal 2 submission and revocation
• Enriched share page with VerdictPanel, corpus citation, Merkle proof link, DPI gauge, run metadata, and SEO tags
• Public self-serve beta: free tier with 3 credits on signup
• Welcome, first-sync, first-block, and weekly summary email sequences
• List-Unsubscribe headers on all transactional email with one-click handler
• Scanner-based live-drift syndrome: fifth gate condition sourced from live API probes (feature-flagged)
• Bayesian SE calibrator: shadow-mode posterior over scorer error (not yet enforcing)
• LLM version canary: baseline + A/B drift detection before any model bump rolls out
• OOD spec novelty detector: structural novelty score gates unusual specs into human review

Changed

• Renamed from WrapForge to StateAnchor; nautical anchor mark, deep navy / cyan design system
• Gate engine rewritten from score-threshold to categorical lanes; ERR always blocks, WARN threshold-based, INFO always passes
• GitHub auth migrated from per-user OAuth to GitHub App installation tokens for all CI contexts
• WARN threshold sentinel redesigned: null/0 = advisory only, 1 = default (first WARN blocks), N > 1 = block when count >= N
• Response-side relaxations reclassified as WARN instead of INFO -- additive at the request level but breaking for strict response consumers

Fixed

• Four missing columns applied in production migration: generator_version, artifact_type, topology_signature, action
• Share URL 404: share tokens now minted server-side on the run detail page, not client-side
• oneOf_anyOf_modified split into variant_removed (ERR) and variant_added (WARN) for accurate consumer-impact classification
• CSP headers: allowed Clerk custom domains and wasm-unsafe-eval for the sign-in widget; HSTS pre-load header added
• PREDICTIVE_WARN graceful degradation when fewer than 3 syncs exist (velocity projection requires a baseline)
• Merkle log publication via GitHub App installation token fallback when primary installation is unavailable

Removed

• WrapForge amber accent and Fehu rune logo mark replaced by StateAnchor nautical anchor mark and cyan accent
• Invite-only access gate removed; free-to-start self-serve beta now live

Security

• Content-Security-Policy (frame-ancestors, script-src, connect-src) and HSTS headers on all responses
• OIDC token validation with JTI replay protection and full rejection log
• Row-level security (RLS) enabled on all database tables
• HMAC-SHA256 signature verification on all incoming GitHub App and Stripe webhooks
• GDPR delete endpoint: child records → users table → Clerk deletion in dependency order
• Stripe zero-credit fast-fail: generation blocked before any LLM call when credits are exhausted
• Scanner SSRF threat model: probe requests validated to prevent server-side request forgery
• PII redaction in scanner evidence and API probe logs