Changelog

All notable changes to Spondeo are documented here. Dates are ISO-8601. This file is published at /changelog.

The format follows Keep a Changelog. Until the public launch, versions are pre-1.0 and the API surface may change with notice.

[Unreleased]

Added

• Launch artifacts: unified-platform positioning, freemium price ladder, launch narrative + GTM,

and customer-facing legal copy (Terms / Privacy / Refunds).

[0.3.0] — 2026-06-04 — Agent-native integration

Added

• llms.txt at the site root — a machine-readable description of the platform and the

/v1/verify endpoint so AI agents and crawlers can discover how to call Spondeo.

• OpenAPI 3.1 specification served at /openapi.json, with request/response schemas for the

developer API and inline examples.

• MCP server (mcp/) exposing affiliation verification as a Model Context Protocol tool, so an

agent can verify a user's affiliation autonomously through the same metered, no-PII path.

[0.2.0] — 2026-06-04 — Webhooks + test/live isolation

Added

• Revocation webhooks — subscriber endpoints receive a signed, push-based notification when a

credential's status changes, instead of polling. Sends are SSRF-guarded and signed with a shared secret + timestamp + event id; managed from the developer profile.

• Test/live key isolation — sk_test_ keys operate against an isolated sandbox dataset and can

never read or mutate live data; sk_live_ keys are required for production verification.

• Developer-profile UI sections for managing webhooks and inspecting key scope.

[0.1.0] — 2026-05-29 — Developer API: API keys + metered verification

Added

• API keys (sk_test_ / sk_live_) — created and revoked from the account, stored hash-only,

authenticated via Authorization: Bearer.

• Metered POST /v1/verify — verifies an SD-JWT presentation (issuer signature, KB-JWT holder

binding, audience/nonce, revocation status, and required claim assertions) and returns { valid, claims, pid, reason }, billing only successful verifications, metered per account.

• /developers documentation page with copy-paste curl + SDK examples.
• TypeScript SDK @spondeo/verify.

Earlier work (the free consumer C2C utility — credential engine, share-a-proof / request-a-proof flows, per-link analytics, no-PII server) predates this changelog and is described in docs/superpowers/specs/2026-05-28-spondeo-c2c-design.md.