v0.8.8 — Credits & Pioneer fixes

v0.8.8 — Credits & Pioneer fixes

• Subscription reset now fires correctly — quota_reset_at and monthly_calls_reset_at fields synced; overdue reset triggered immediately
• Credit alerts now aware of Pioneer reserve pool — low/zero alerts only fire when total credits (plan + reserve) are depleted
• Pioneer day counter now derived from distinct Pacific calendar dates, not raw drip event count — robust against makeup drips and out-of-band events

v0.8.7 — Pioneer reserve pool

v0.8.7 — Pioneer reserve pool

• Pioneer drip credits now live in a separate overflow pool (pioneer_credits_balance) instead of the main credits balance
• Spend order: plan credits first, Pioneer reserve activates automatically when plan hits zero
• Dashboard shows two separate credit bars — plan and pioneer reserve — with overflow and low-credit banners
• Subscription reset: plan credits reset to plan max, pioneer reserve resets to zero each cycle
• USDC prepaid balance preserved on reset (Option A)
• /billing/balance and /auth/me now return pioneer_credits_remaining and total_credits fields
• Migration 055 + data-fix committed

v0.8.6 — WayforthRank integrity

v0.8.6 — WayforthRank integrity

• Fixed slug matcher bug: recalculate now matches clicked_slug directly against services.slug (was using name-derived proxy, hitting wrong duplicate rows)
• Deduped 8 managed service rows with split signal/base history; donor rows soft-retired (active=false, reversible)
• Added base-only scoring fallback for managed services with no signal — zero NULL wri_score enforced across all 16 managed services
• Added service_health.error_rate failure penalty (score × (1 − error_rate × 0.3), default on)
• Wired failure_code on /execute/batch (was the only missing path)
• Recalculate now stamps updated_at on every score write
• DB changes documented in scripts/data-fixes/2026-06-03-dedup-managed-services.sql

v0.8.5 — Security Hardening

v0.8.5 — Security Hardening

Internal adversarial audit across the full v0.1.0–v0.8.4 codebase. 17 findings identified and remediated.

• x402 and USDC payment rails disabled pending proper on-chain settlement implementation (v0.9.0)
• USDC watcher: payer address binding, block cursor persistence, atomic tx dedup
• JWT algorithm pinned; issuer verified
• Webhook SSRF protections hardened
• Anonymous rate limiting moved to Redis with IPv6 /64 keying
• Email canonicalization on signup and provider registration
• Auth throttling now fails closed on Redis loss
• Account deletion endpoint added with 24h grace period
• WRI self-dealing signal exclusion
• Circuit breakers on rate-capped managed services
• Shadow execute API removed from wayforth-rank service
• Migrations 050–053 committed to version control

This audit does not substitute for the scheduled external penetration test before v0.9.0 mainnet launch.

v0.8.4 — Integrity Patch

v0.8.4 — Integrity Patch

Credits

• DB-level CHECK constraint: credits_balance >= 0
• Fixed multi-key replenishment bug — users with multiple API keys were eligible for N credit resets per month; now gated to once per calendar month per user regardless of key count

WayforthRank

• Fixed pioneer signal_weight discount — pioneer-routed payment conversions now correctly weighted at 0.75× in both ranking paths
• Restored x402 +5 bonus to v1 inline formula (had silently drifted from ranker)
• /admin/rank/recalculate now runs automatically every 6h after health monitoring completes
• feed_signal.py now actually scheduled at 06:00 UTC (was documented but never wired)

Security

• Production database password rotated
• 25 orphaned null-user-id API keys removed