Changelog
What's new in Intended.
Production readiness — billing meters, API v1 prefix, MFA & ops docs
Stripe Billing Meter reporting for authority decisions (optional), `/v1/*` URL aliases, optional AWS Secrets Manager bootstrap, portal MFA enforcement for privileged roles, CloudWatch dashboard starter JSON, dependabot + SBOM workflow, and expanded runbooks (status page, DR, golden path).
Documentation — canonical intent counts and OIL taxonomy
Specs and README now consistently cite 306 canonical intents from `intent-library.json`, 14 Open Intent Layer enterprise domains, and the 94-node `oil-taxonomy.json` hierarchy (domains + categories). Internal references to the superseded 135-intent / 18-domain figures were removed to prevent diligence confusion.
OpenAPI alignment for public integration paths
Documented REST paths match production hosts (`/intent`, `/execute`, `/audit/...`) with no spurious `/v1` prefix on `api.intended.so`.
Trial daily decision cap visibility
Console and marketing surfaces now spell out the 5,000 decisions/day (UTC) safety cap alongside the 25,000 one-time free credits.
Backoffice billing consumption signals
Operator views surface trial cap events (`billing.consumption.trial_daily_cap_reached`) with clear tenant messaging.
Platform launch — intent verification runtime
General availability of the authority loop: Intent → Authority → Token → Execution → Audit with RS256 tokens and hash-chained evidence.
Open Intent Layer v2.0 — physical / embodied processes
OIL extends to 29 domains and 173 categories. The original 14 digital-operations domains (OIL-100 — OIL-1400) are unchanged and stable; 15 new physical / embodied domains (OIL-1500 — OIL-2900) cover manipulation, locomotion, sensing, manufacturing, autonomous vehicles, aerial, surgical, agricultural, construction, hazardous, energy, mining, logistics, and embodied AI safety. Apache 2.0.
Open Intent Layer v1.0 — 306 intents / 14 digital domains
Canonical intent library with rules-backend compilation for deterministic intent classification without mandatory LLM calls.
Connector SDK and enforcement gateway hardening
BaseAdapter token verification, nonce consumption, and connector conformance checks for production enforcement paths.
MCP gateway integration templates
Documented flows for governing tool calls through `@intended/mcp-gateway` with the same decision primitives as HTTP integrations.
Enterprise admin: SSO/SCIM groundwork
Enterprise identity hooks and tenant administration paths for single-tenant and regulated deployment models.
Audit export and chain verification APIs
Tenant-scoped audit retrieval with on-demand SHA-256 chain verification endpoints for evidence bundles.
Domain LIM packs installation lifecycle
Pack installation, evaluation, and lifecycle APIs for domain-specific Large Intent Model signals atop the Open Intent Layer.
Authority simulations and replay tooling
What-if policy simulation plus decision replay streams for operators validating changes before production enforcement.
Semantic intelligence service integration
Optional semantic classification path with deterministic rules fallback to preserve fail-closed guarantees.
Console operator experience refresh
Updated decision queue, connector management, and audit verification workflows for tenant operators.
Multi-factor authentication for portal accounts
TOTP-based MFA with secure secret handling and session hardening for customer console access.
Per-tenant RSA keys and token ledger
Per-tenant signing keys with encrypted at-rest storage and ledgered token events for revocation and investigations.
Rate limits and idempotency for intent submission
Idempotency keys and tenant-scoped rate limits to protect evaluation paths during burst agent traffic.