Skip to main content

Changelog

All notable changes to the CrowdProof API and protocol.

v1.7.0 — 2026-03-02

Added

  • ML Scoring Engine — 6 LightGBM regression models (overall, defi_lending, payment_history, fraud_risk, credit_utilization, compliance) replace SHA256 placeholder scoring; 7 derived categories via rule-based formulas; 3-tier fallback (ML → rule-based → hard minimum)
  • Training data pipeline — 50K synthetic wallet profiles across 9 archetypes with 53 features (16 on-chain + 37 credit); deterministic label generation
  • Model admin API — 3 new endpoints at /api/v1/admin/models/ (status, categories, hot-reload)
  • Score refresh worker — Background service refreshes stale scores (>7 days) in batches of 50 on a 6-hour cycle
  • 44 new ML tests — ScoreCalibrator, CategoryModelMapper, MLScoringEngine rule-based, CombineFeatures, ModelRegistry tests (140 total .NET tests)

Improved

  • MeteringMiddleware — Fixed "Headers read-only" crash by moving response header set to OnStarting() callback
  • Postman collection — Regenerated with 78 requests across 19 folders (was 70)
  • Swagger — Now documents 73 endpoints (was 70)

v1.6.0 — 2026-03-01

Added

  • Credit Bureau Expansion — 7 sprints transforming CrowdProof into a full decentralized credit bureau
  • Default Registry — Smart contract + API for on-chain debt default tracking with 7-year expiry
  • Credit Reports — Hard/soft pull endpoints with FCRA retention rules
  • Cluster Intelligence — Protocol-level cluster detection with swap-and-pop member management
  • Fraud Signal Aggregation — 12 fraud types, 5 severity levels, logarithmic scoring
  • Subscription & Protocol management — 4 subscription + 3 protocol endpoints with HMAC webhook secrets
  • 3 ZK Proof circuits — CreditworthinessProof, CreditCapacityProof, NoDefaultProof (Circom/Groth16)
  • 10 new database tables — CreditEvents, CreditScoreProfiles, DefaultRecords, ClusterRecords, FraudSignals, and more

v1.5.0 — 2026-03-01

Added

  • Swagger / OpenAPI docs — Interactive API explorer at /swagger powered by Swashbuckle 10.1.4; OpenAPI 3.0.4 spec with XML doc comments on all 35+ endpoints; [Tags] grouping, [ProducesResponseType] for all status codes, remarks and parameter descriptions
  • Bug bounty program — RFC 9116 security.txt at /.well-known/security.txt; enhanced /security page with bounty tiers (Critical $5K–$25K, High $2K–$5K, Medium $500–$2K, Low $100–$500), in-scope assets, and hall of fame
  • SDK integration tests — Test suites for all 6 SDKs (TypeScript/Vitest, Python/pytest, Go/testing, Java/JUnit 5, C#/xUnit, Swift/XCTest) covering Reputation, Identity, Proofs, Compliance, and Disputes modules; env-var gated for CI safety
  • SDK changelogs — CHANGELOG.md files for all 6 SDKs following Keep a Changelog format

Improved

  • Security headers — HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, X-Permitted-Cross-Domain-Policies; Server header suppressed; production error sanitization (no stack traces leaked)
  • SDK versioning — All 6 SDKs normalized to 0.1.0 (pre-release SemVer); version constants fixed in Java, Swift, C#, and pom.xml
  • CORS — Added docs.crowdproof.id and Docusaurus SWA origin to allowed origins

v1.4.0 — 2026-02-28

Added

  • Debt Claims API — Submit, dispute, and resolve on-chain debt claims (/api/v1/debt-claims)
  • Output caching — Response caching for score queries (60s), DID resolution (5min), and health checks (10s)
  • CDN cache headers — Immutable caching for static assets, stale-while-revalidate for logos
  • Staging environment — Preview deployments at staging.crowdproof.id
  • Documentation site — Comprehensive docs built with Docusaurus

Improved

  • Accessibility — WCAG 2.1 AA compliance: skip-nav, aria-expanded, focus-visible, color contrast, prefers-reduced-motion
  • Lighthouse scores — Performance: 98, Best Practices: 100, SEO: 92, Accessibility: 95+

v1.3.0 — 2026-02-27

Added

  • Portal dashboard — Web app for exploring addresses, viewing scores, and managing account
  • WebSocket support — Real-time score updates via SignalR at /hubs/scores
  • Webhook subscriptions — HTTP callbacks with HMAC-SHA256 signatures
  • Stripe billing — Checkout sessions and subscription management

Improved

  • Application Insights — Structured logging and telemetry SDK integrated
  • Rate limiting — Sliding window rate limiter per API key with tier-based limits

v1.2.0 — 2026-02-26

Added

  • Compliance module — KYC initiation, age verification (ZK), OFAC sanctions screening
  • Dispute system — Submit, escalate, and withdraw disputes
  • Azure Key Vault — Secret management for API keys and connection strings
  • Data retention policy — 90-day PII retention, 7-year financial records

Improved

  • Input validation — Custom Ethereum address, transaction hash, and DID validators
  • CORS lockdown — Restricted to crowdproof.id domains and portal SWA

v1.1.0 — 2026-02-25

Added

  • ZK proof generation — Groth16 SNARKs for score threshold proofs
  • Batch queries — Query up to 100 addresses in a single request
  • API versioning — All endpoints under /api/v1/ prefix
  • API key authentication — Tiered access with X-API-Key header

v1.0.0 — 2026-02-24

Initial Release

  • Reputation scoring — 6 categories (DeFi Lending, DEX Trading, Governance, NFT, Social, Credit History)
  • DID registration — EVM-based Decentralized Identifiers
  • Verifiable Credentials — Issue and resolve credentials
  • SIWE authentication — Sign-In with Ethereum for JWT tokens
  • REST API — Full CRUD for identities, scores, and credentials
  • Website — Landing page at crowdproof.id with product overview