Changelog

Shipped changes, newest first. RSS.

Paid tiers live — Paddle verification cleared 2026-04-30

• Paddle merchant account activated. PADDLE_WEBHOOK_SECRET set; /v1/webhooks/paddle now verifies signatures and accepts transaction.completed, subscription.activated / updated / canceled, plus past_due / paused / resumed for observability. The 503 "integration is pending" soft-fail is retired.
• Top-bar banner flipped from "Paid checkout opens in the next 1–2 weeks" to live pricing callout. Hobby $12 / Pro $49 / Pro Plus $149 monthly; annual carries two months free.
• Funds reach us after Paddle's payout verification (1–2 business days from activation). Checkout is open immediately; transactions clear into an escrowed balance until the first payout lands.

Product + content polish, CSV + sandbox, stricter validation 2026-04-19

• GET /v1/regime/{sym}/history.csv — streams /history as CSV with a Content-Disposition: attachment header. Drops straight into pandas / polars / Excel without a round-trip through JSON.
• POST /v1/sandbox/key — issues a 24-hour trial API key with Pro Plus feature access (webhooks, custom presets, backtest, multi-timeframe consensus, allowlist) at Free-tier rate limit (60 rpm). One key per source IP per 24 h; expires lazily on first auth after the mark. Lets prospective customers test paid-gated endpoints before checkout opens.
• X-Amaneki-Calibration-Version response header on every call — constant per deploy, flips only when a new preset ships. Bot callers can detect a silent calibration swap without parsing the body.
• Paddle webhook 503 now carries a specific detail ("Paddle webhook integration is pending — the signing secret is not configured yet. This is expected while the Paddle account clears verification.") instead of the bare "webhook not configured".
• /stats Uptime card now shows "99.92% over 2.7 days" while the observation window is shorter than 30 days, so the reading isn't misread as a 30-day claim.
• /v1/iv-gap/{sym} 404 now names the supported symbols directly ("iv-gap is only available for btcusdt, ethusdt") instead of leaking a Python tuple repr. /v1/correlation/{sym} 404 points the caller at GET /v1/symbols.
• /blog index page added (was 404); footer link added so visitors can find the post without knowing the URL.
• Landing copy: hero split into shorter paragraphs; new section after the F1/lag block explaining why a 20-minute detection lag is still useful (/impact publishes the per-horizon distribution that plays out over the hours after the trigger); Impact section gains a "Try it live →" button to the Scalar reference; Pro Plus pricing card gains its own notify-me form. Impact curl example now refreshes at runtime from the live endpoint (static snapshot kept as JS-off fallback).
• Playground first-paint: "…" placeholders instead of 0 / em-dash. /stats and /status: inline the cardinal values (20 symbols, 6 timeframes, 120 series, preset name/version, Postgres) so the grid is meaningful before JS warms up.
• /v1/regime/{sym}/custom now rejects non-finite thresholds and enforces the numeric bounds the playground UI uses (high_enter ∈ [0.5, 5.0], low_enter ∈ [-5.0, -0.5], enter_k/exit_k ∈ [1, 64]). Previously ?high_enter=inf slipped through as a null-effect threshold.
• /v1/public-stats: added uptime_observed_pct (always populated over the observed-history window); uptime_30d_pct now returns null until the observation window reaches 30 days, so the field name stops being misleading during the first month.
• Problem Details responses: type field now uses the RFC 7807 standard about:blank instead of a synthetic amaneki.com/errors/<code> URL that returned 404. The same information lives in title / status / detail.
• Rotate-key error message no longer references the defunct /v1/billing/key endpoint.
• Landing hero regime snapshot no longer advertises code_commit — the private-repo git SHA was never useful to external observers.
• /methodology: explicit documentation of the backfill gap-handling policy — we skip missing bars rather than interpolate.
• Sentry: before_send drops 4xx events (client misuse), keeps 5xx at 100%, adds a per-fingerprint 10-per-60s soft cap so a single recurring exception can't drain the free-tier monthly quota.
• /security: new "Operational secret-exposure playbook" — eight numbered actions for rotating a leaked credential.
• Webhook SSRF guard hardened: metadata hostnames (169.254.169.254, metadata.google.internal, Fly internal .flycast), IPv4-mapped IPv6 loopback (::ffff:127.0.0.1), and DNS re-resolved per delivery so a rebinding attacker can't flip the record between subscribe and dispatch.
• /welcome now loads notice.js for page-wide 外部送信規律 disclosure consistency.
• Top-bar wording softened to "Paid checkout opens in the next 1–2 weeks".
• Python SDK 0.6.0 on PyPI: adds top_down, stories, conditional_returns, impact, lead_lag, public_stats, public_incidents, plus lookback_days on transition_matrix/regime_durations. regime_forecast stays callable but is documented as deprecated.

Hardening + pricing + payment-provider migration 2026-04-18

• New endpoints: /v1/regime/{sym}/top-down (Dow-theory chain alignment in one call, now with consensus, alignment_score, and a match=any mode), /v1/regime/{sym}/stories (human-readable transitions for LLM / Discord use, with a 5-minute rolling dedup on flaps), /v1/regime/{sym}/conditional-returns with a baseline block so callers can quantify how much the regime label shifts the distribution. /forecast kept as an alias with Deprecation + Sunset: 2027-01-30 headers.
• /matrix, /durations, /state_at now consult the postgres event archive instead of only the in-memory ring, so they answer meaningfully over the full backfill horizon. Bar-boundary-aligned backfill seeded 11,190 regime events across 20 symbols × 6 timeframes × up to 180 days.
• /impact response gains a warning field when sample_size < 20. /v1/regime/{sym} now drops null warmup/message fields when absent. /v1/regime/{sym} carries calculation_version + computed_at_ms for audit trails.
• Hobby $12/mo pricing tier (300 rpm) slots between Free and Pro; Pro gains /backtest + custom threshold presets; Hobby/Pro/Pro Plus all carry webhooks (1 / 5 / unlimited). Annual billing is 2 months free.
• Billing migrated to Paddle as Merchant of Record (handles tax, invoicing, compliance). New endpoints under /v1/billing/paddle/*; /welcome picks up the raw API key via Paddle's ?_ptxn=<id> redirect; /commerce names Paddle.com Market Ltd as MoR.
• API security: HSTS / X-Content-Type-Options / X-Frame-Options / Referrer-Policy / Permissions-Policy on every response; dedicated tight CSP on /v1/reference. REST rejects ?api_key= with a 400 Problem Details (WebSocket /v1/stream stays the one exception). /v1/beacons path/referrer strict-regex validated.
• POST /v1/signups now rejects non-string email with a clean 400 instead of 500. /backtest responses include an explicit caveats block (fees=0, slippage=0, in-sample validation).
• /v1/public-stats adds uptime percentage computed over the observed-history window, surfaced on /status + /stats. Dashboard stale-banner thresholds widened and gated behind a two-refresh debounce. Timeline ribbon widened from 7 days to 30 days.
• Methodology: use-case-first docs index, /iv-gap coverage note (BTC/ETH only), honest-limits section (percentile choice arbitrary, no walk-forward validation yet, F1 0.45 ceiling not proven), output-distribution vs ground-truth disclosure, competitor comparison vs Velo + Laevitas.
• Infra: nightly pg_dump via GitHub Actions (90-day artifact retention). /refunds policy page with trial, cancellation, billing-error, and SLA-credit rules.

Analytics + derived endpoints, polish pass 2026-04-17

• GET /v1/regime/{sym}/matrix — 3×3 transition probability matrix. GET /v1/regime/{sym}/durations — per-regime duration distribution. GET /v1/regime/{sym}/explain — distance-to-transition + streaks. GET /v1/regime/{sym}/state_at?ts_ms=. GET /v1/sizing/{sym}?target_vol=. GET /v1/funding/{sym}.
• POST /v1/feedback + GET /v1/feedback — closed feedback loop. POST /v1/me/rotate-key + GET /v1/me/events — key rotation + audit log. PUT /v1/presets/custom/{name} — named per-key threshold presets. Custom vol_window / baseline_window on /regime/{sym}/custom. 4h and 1d timeframes added. GET /v1/badge/{sym}.svg — embeddable status badge. GET /v1/health/deep.
• Regime timeline ribbon on the landing. Fly HA: 2 machines running. X-Request-ID + X-RateLimit-* headers on every response. SSRF guard on outbound webhook URLs. Historical backtest over arbitrary time windows. OG image, favicon, full security header suite on the landing. SDK 0.3 on PyPI with webhook management. Per-symbol calibration for 10 symbols with an honest F1 table.

Infrastructure + billing 2026-04-16

• Cloudflare proxy on api.amaneki.com
• Webhook idempotency + customer dedupe for the payment processor
• Postgres-backed post-checkout key cache
• Email signup form replaces checkout button during build
• Terms / Privacy pages + footer links

Core service 2026-04-15

• 10 symbols (BTC / ETH / SOL / XRP / BNB / DOGE / ADA / AVAX / POL / LINK) × 4 timeframes (now 20 symbols × 6 timeframes)
• Cross-exchange consensus (Binance + Coinbase + Bybit)
• Webhook alerts with HMAC signing
• Correlation + RV-IV gap endpoints
• Prometheus /v1/metrics + Sentry
• GitHub Actions CI (ruff + pytest + deploy-on-tag)