Ana içerik geç

Changelog & migration

2026-05-28 — ZG · First live fork (zeqstate.com) + ZG.AUDIT

The framework's first production fork went live this week. zeqstate.com runs the full Desktop = GitHub = VPS source-parity pattern: per-domain Docker container, isolated Postgres, ZSC vault bootstrapped from two pointers (ZEQ_FIELD_KEY + DATABASE_URL), every other secret encrypted at rest. The bring-up procedure (ZG.0 → ZG.7) is now the canonical checklist for any future framework domain.

The fork pattern is proven on production HTTPS: signup → state machine → workbench Pulse → Step 5 SKILL → Step 6 PLAN → Step 7 BUILD → DEPLOY → live page at /s/<slug>/ AND /s/<slug>/p/main/. See Hosting a fork for the bring-up flow.

Fork bring-up (Phases ZG.0–ZG.7)

  • Single-process vault wrapper. infra/zeq-dev-launch.mjs is the only launcher. Reads ZEQ_FIELD_KEY + DATABASE_URL from the host shell, opens the ZSC vault, hydrates every other secret (SESSION_SECRET, HITE_SECRET, ALLOWED_ORIGINS, all BYOK keys) into process.env, then spawns the bundled dist/server.mjs. Two pointers in, full framework out.
  • Per-domain Postgres + volume mount. Each fork gets its own database container; static apps/zeq-dev/public/ is mounted read-only from the Desktop = VPS source so every UI change propagates via git pull — no rebuild needed for static surfaces.
  • Auto-detected public origin. getPublicOrigin() reads from domain_genesis.public_base_url (auto-pinned on first request, or pre-seeded via infra/setup-zeq.mjs). CSP allowlists, OpenRouter Referer, OG meta, security.txt, MCP discovery — all read this single signal. Operators set zero domain env vars.

ZG.AUDIT — six user-surface fixes shipped post-bring-up

After ZG.7 closed, the user drove the workbench end-to-end and surfaced four user-visible bugs. All fixed and verified live; the build-pipeline → publish → root URL serving cycle is end-to-end clean on the fork.

  • Workbench no longer auto-opens on every /s/<slug>/ page load. Commit 176aed6b removes the auto-open flag in workbench.js and restores the host's data-theme attribute on workbench close.
  • CSS bleed hardened. Welcome canvas body gets !important on bg/color + a defensive html[data-theme] body selector so BYOK Pulse's theme switch can't repaint the host page light when the user opens settings. Deployed pages were already immune via inline background:#000. Commit b5873085.
  • Apps you've built panel. renderDefaultCanvas() in siteHost.ts now queries state_machine_pages WHERE slug=:slug AND is_published=true and renders a mint-on-black list above the welcome scaffold. Users can find every page they've deployed. Commit 69af364f.
  • nginx LLM timeout. proxy_read_timeout 600s on the zeqstate.com block. Default 60s was cutting builds off mid-stream (typical Step-7 BUILD completion ≈ 50s). Server-side only, no commit.
  • BUILD wrapper recovery. When the LLM emits a full <html>...</html> document without the expected <zeq-build-output page_slug="main"> wrapper (token-budget cutoff under verbose models), the agent now recovers and synthesises the wrapper in-process. Recovered block flows through the same compliance gate + two-write publish path so audit-entangled state integrity is preserved. Commit 7b326209.
  • Post-register identity refresh. wizard-home.js now re-runs Zeq.identity.refresh() after accounts.add() on register success. Without this, server-derived fields (machineId, genesisZeqond, plan) stayed null until a hard reload. Commit 309a8709.

Lessons folded into ZG.0 for future forks

  • Pre-boot DB schema diff. The fork bring-up dump occasionally lags the bundle. The §9.7 sanity check catches missing tally_transitions / domain_economy_config / network_snapshots.econ_version before the container crash-loops.
  • nginx proxy_read_timeout 600s on every domain block — LLM routes need it.
  • Browser-cache invalidation note. After a fresh DEPLOY, the user's browser may show the canvas-cache one more time; verify via curl/incognito before declaring a regression.
  • Workbench/orb CSS bleed regression check. Confirm closing the workbench leaves the host page in its original theme, especially on the welcome canvas.

2026-05-10 — Phase 5B.ECONOMY → Q.ORB-EVERYWHERE (catch-up entry)

A consolidated entry covering every release between v1.287.5 (April) and the May 10 economy-and-Pulse pass. Each line below was a discrete shipped phase; details live in the linked concept pages.

Token economy (Phases F–H)

  • Tier-aware burn rate model. Five tiers (Free → Architect), burn rate calibrated so each tier's retained daily ZEQ exactly matches the published per-seat allowance (143 / 500 / 2,500 / 7,500 / 25,000 ZEQ/day). Free tier retains exactly 0.1287% — the HulyaPulse signature carried into the supply curve. See ZEQ economy.
  • OPERATION_COSTS table. Every paid framework action calls chargeForCompute() atomically before doing work: 1–20 ZEQ for compute, 5 for contract transitions, 25 for page-chat, 50 for skill / operator / source-audit / state-machine spawn, 75 for agent spawn, 100 for HTML generation. 80% burns, 20% to foundation pot.
  • tally_charge field on every API-mode /api/zeq/compute response. Caller sees exactly what got charged + what split happened. See POST /api/zeq/compute.
  • 402 INSUFFICIENT_BALANCE error path on every paid endpoint — no work is performed when the wallet is short.
  • Foundation account (purpose='master'). Receives 20% of every paid action; mints 1 ZEQ/Zeqond passively; serves the swap rail at $0.01/ZEQ. Excluded from heartbeat burn. See Foundation (Phase V).
  • Two-channel revenue model. Subscriptions (uncapped) + swap pot (capped at $1,112/day). Both visible on /transparency/.
  • Frictionless crypto swap in /tally/. BTC/ETH → ZEQ via the foundation pot at list price.

Transparency Oracle (Phase 167-168)

  • Per-Zeqond network supply state contract. New network_snapshots table; the oracle ticks every 4 Zeqonds (~3.108 s) and writes a snapshot row aggregating the entire economy. Public dashboard at /transparency/. See API · Transparency.
  • Endpoints. /api/transparency/now, /history?n=N, /breakdown, /revenue — all public, no auth, rate-limited.

Agent runtime (Phases #15–#52)

  • /api/zeq/agent/* endpoint set (11 endpoints). Spawn (75 ZEQ), tick (5), kill (0), list (0), get-by-id (0), mesh SSE (0), page-chat (25), generate-html (100), skills/synthesise (50), operators/derive (50), operators/promote (0). See API · Agent and Agents.
  • Agent ZIDs. Every spawn gets ZID-XXXXXXXX; the rail bridge, picker, and audit log all reference agents by ZID.
  • Skill synthesis. When the LLM can't find an operator, it mints a parameterised JSON-defined skill (50 ZEQ). Stored in synthesised_skills and reusable.
  • Operator derivation (5-step protocol). When even synthesis isn't enough, the agent formally derives a new operator (50 ZEQ). Stored in derived_operators; can be promoted to the canonical catalogue after 100+ uses with ≥99% fitness.
  • Mesh SSE. Live event stream of every spawn / tick / kill / derive across an agent mesh under one master.

BYOK (Phases #30–#33)

  • /api/zeq/llm/credentials/* CRUD. 8 providers (OpenAI, Anthropic, DeepSeek, Ollama, OpenRouter, Together, Groq, Fireworks). Account-scoped, AES-256-GCM-encrypted with ZEQ_FIELD_KEY, prefix-only after creation. Paid-tier gated. See BYOK and API · LLM Credentials.
  • /api/chat/free — replaces the old LLM Gateway. Free-tier Fireworks chat with kernel CKO envelope baked in. CORS-open; ~10 chats/day per visitor IP. Self-heals on upstream errors. See API · Chat.

Source-audit Phase D (Phases #60–#65)

  • Universal source-audit core (no MongoDB dep). Specialty adapters: Mongo, Postgres, S3, MQTT, Redis, Kafka, HTTP webhook. See Universal source-audit and API · Audit Source.
  • Sidecar daemon (apps/zeq-audit-daemon) + LLM narrator daemon.
  • source_audit_create cost = 50 ZEQ (one-time per data source).

Pulse + Pulse (Phases #82–#92, P-Q)

  • Pulse Phases 1–8. Sandboxed Zone API, ZeqondClock, ZeqContract.bind/ verify/history, agent runtime, 5 themes + 42 Moves vocabulary, .zeq Moments HITE-temporal-bound persistence, ingestor, PWA shell.
  • Universal Pulse on every framework page. /pulse-everywhere.js bootstrapper + 88-page sweep. See Pulse.
  • Public embed snippet. /embed/orb.js — one line for any third-party page. Full docs at Embed the Pulse.
  • Opt-in injection toggles (Phase L3). New columns state_machines.inject_agent_rail + inject_pulse_orb, default FALSE. Owners flip them via PATCH /api/chain/:slug/settings. Default canvas always ships with the Pulse regardless.

Identity + foundation (Phases #142–#152)

  • zeq-identity.js — single source of truth wired into nav, Pulse, wallet, BYOK, wizard.
  • Foundation account — domain-owner ZID + machine + wallet that receives all protocol fees + serves the swap pot.
  • Multi-account + sign-out fix.
  • Foundation slug aliasingslug=foundation permanently resolves to the master account.

IA / surface separation (Phases I, K, L, M)

  • Tab strip across /state/admin/*. General · Contracts · Site Hosting · AI · (Observer ↗ Wallet ↗). New /state/admin/contracts/ and /state/admin/ai/ pages.
  • /portal/settings/ — account-level controls; BYOK lives here.
  • Three-page audit + AI/State-Machine separation. /state/admin/site/ is now PURE hosting (no AI cards). /state/admin/ai/ is PURE AI (BYOK status, generate-page, embed Pulse, spawn agent, inject toggles).
  • Account dashboard archived (/account/ → 0-second redirect to /portal/).

SDK v0.2 (Phase H4)

  • @zeq-os/sdk 0.2.0 ships with ZeqWalletClient, OPERATION_COSTS constants, TIER_BURN_RATES, TIER_DAILY_LIMITS, TIER_PRICES, PRICE_PER_TOKEN_USD. Read surface for the entire economy. compute() responses now include tally_charge.

Migrations applied

  • 0010_inject_toggles.sql — adds inject_agent_rail + inject_pulse_orb boolean columns to state_machines. Default FALSE. Backfill is no-op (existing chains opt OUT).
  • All other migrations at the time of v1.287.5 still apply unchanged.

v1.287.5 — original release notes (April 2026)

The 1.287.5 release frames the state machine as the per-user computational backend the mathematical language runs against. Every compute a user issues — wizard, prove, mail, message, playground, app dev, contract transition — is attributed to one of the user's two keys (the account zeq_ak_* for compute, the state-machine zsm_* for entangled-state writes). One user, one state machine.

This is the largest behavioral change since the kernel went public.

Headline additions

State machines (/api/chain/*)

A new noun and a new HTTP surface — 15 endpoints under /api/chain/. Every state machine has:

  • A unique machine, an owner ZID, a genesis Zeqond.
  • A hash-chained audit log (rows in audit_log filtered by originId).
  • A 1:1-bound API key (zsm_…).
  • A role hierarchy: viewer / operator / admin / owner.
  • Public-or-private visibility, with the public registry at /api/chain/aggregate/list.

Spin-up is one POST; auto-mints a default zsm_ admin key returned ONCE in the response.

Concept: State machines. Tutorial: Spin up your first state machine.

Audit entangled state + PoHC

Every event lands in a hash-chained audit log. The entangled state validates against itself at any time:

curl https://zeqapi.com/api/chain/:slug/pohc/validate

Each row commits the hash of the payload, never the bytes. The framework proves what was claimed at Zeqond N; you keep the bytes.

Contracts (/api/chain/:slug/contracts/*)

JSON state machines living inside your state machine. 6 endpoints. A safe-eval condition grammar, atomic transitions, ZSP-sealed envelopes, proof on every step. ready-to-deploy templates ship across physics, engineering, and science domains, plus a domain-agnostic Foundations set (scheduled-compute, threshold-monitor, oracle-feed, approval-workflow, timelock-release, supply-chain-provenance, telemetry-rollup, rate-limiter, subscription-billing, attestation-notary).

Concept: Contracts.

Tally tokens

A receipt is minted on every successful contract transition. Transferable, burnable, queryable. The framework's economy.

  • Per-state-machine surface: /api/chain/:slug/tally/* (4 endpoints).
  • Protocol-level surface: /api/tally/* (15 endpoints).

Concept: Tally tokens.

Embed snippet

The universal tracker. One line, three install forms (script, iframe, pixel). Same posture as Google Analytics or Plausible — but every event lands on the entangled state. Status: snippet HTML and threat model finalized; HTTP routes ship in the next phase release.

Concept: Embed snippet. Threat model: Embed + hosting security.

State-channel HTML hosting

spin-up-as-webapp. Upload HTML/JS/CSS to your machine; the framework serves it from a separate, sandboxed origin under a strict CSP. Every byte commit + every serve is hash-recorded on the entangled state. Status: planned for the next release.

Concept: State-channel HTML hosting.

PoHC Protocol

/api/protocol/pohc/* — 8 endpoints. Standalone protocol surface for the 5-layer Proof of Harmonic Convergence: pulse-attestation, phase-agreement, hash-linkage, operator-coverage, energy-ledger.

Doctrine changes

"Every compute comes out of a state machine"

The state machine is the user's computational backend. Every wizard run, prove call, mail send, message send, playground run, app dev call, contract transition is attributed to one of the user's two keys — the account zeq_ak_* for compute, the state-machine zsm_* for entangled-state writes. Public read endpoints remain reachable without auth when the machine is flagged is_public=true.

"Hash-commitment-only" by default

Free-tier writes commit sha256(payload) to chain; the bytes themselves are not stored. To opt into server-side bytes, the caller wraps the payload in a HITE-sealed envelope and the audit row carries transitionType: "sealed_event". Paid-tier hosting tier persists bytes alongside the entangled state commitment (separate billing path).

"Public keys vs. write-back keys"

Embed snippets ship zsm_pub_… keys (read-only-public on the embed ingest endpoint only). Owner write-back keys (zsm_…) NEVER ship in user-facing snippets.

Migration — from earlier zeqsdk versions

The compute surface is backward-compatible. Existing callers of POST /api/zeq/compute, POST /api/zeq/prove, POST /api/zeq/verify, GET /api/zeq/pulse, and GET /api/operators continue to work unchanged.

The behavioral change is at the identity / billing layer:

BeforeAfter
One API key per user, account-scopedOne API key per state machine, slug-scoped
Compute logged against users.idCompute logged against state_machine_id
Free-tier was anonymous + IP-rate-limitedFree-tier requires a state machine; IP rate limit is unchanged but supplemented by per-machine quota
No audit entangled stateEvery action lands on the machine's entangled state
No contracts6 contract endpoints, ready-to-deploy templates
No tally tokensPer-machine + protocol-level tally surface

Required changes for existing zeqsdk users

  1. Register a Zeq identity if you don't have one. POST /api/zeq-auth/register-v3. The flow auto-creates a default state machine.
  2. Spin up at least one state machine. POST /api/chain/state-machines. Save the returned api_key.
  3. Repoint your compute calls. Use the new zsm_ key in Authorization: Bearer …. The compute endpoints accept it transparently.
  4. (Optional) Read your audit entangled state. GET /api/chain/:slug/explore?from=…&to=… — a new audit surface that didn't exist in earlier versions.

Old API keys (zeq_ak_…) continue to work for the compute surface during the deprecation window. They will be retired when the legacy usersTable.zeqApiKeyHash fallback is removed (target: v1.287.7).

TypeScript SDK migration

// before
import { ZeqClient } from "@zeq-os/sdk";
const zeq = new ZeqClient({ apiKey: "zeq_ak_..." });
const result = await zeq.compute({ operators: ["KO42","NM21"], inputs: {...} });

// after — same surface, key is now zsm_…
import { ZeqClient } from "@zeq-os/sdk";
const zeq = new ZeqClient({ apiKey: "zsm_..." });
const result = await zeq.compute({ operators: ["KO42","NM21"], inputs: {...} });
// new — chain APIs
await zeq.chain("my-iot-fleet").event({ type: "heartbeat", payload: {...} });
const chain = await zeq.chain("my-iot-fleet").explore({ from, to });

The zeq.chain(slug) namespace is new in 1.287.5.

MCP server migration

The MCP server (@zeq-os/mcp) recognizes zsm_… keys identically to the prior zeq_ak_… keys. The new tools zeq_chain_event, zeq_chain_state, zeq_chain_pohc_validate, zeq_contract_deploy, zeq_contract_transition, and zeq_tally_balance are added; existing tools (zeq_compute, zeq_pulse, zeq_verify, zeq_lattice, zeq_shift, zeq_field_status, zeq_list_operators) are unchanged.

Breaking changes

None at the wire level. All compute and pulse endpoints are backward-compatible.

The free-tier gate now requires a zsm_ key for any non-trivial work — anonymous IP-only compute is capped at 5 calls / 24 h via freeTierGate middleware. Earlier versions did not have this gate.

Deprecations

  • zeq_ak_… API keys remain valid through v1.287.6; removed in v1.287.7.
  • Legacy /api/auth/* endpoints (v1) remain valid; new code should use /api/zeq-auth/*-v3.
  • The unauthenticated /api/chat/free endpoint is removed (security task A2-F1, 2026-04-22). Use /api/llm/chat with a Bearer key.

Middleware active. Kernel on the 1.287 Hz HulyaPulse. Awaiting next Zeqond.