ChangelogWhat we shipped
What we shipped, in plain language.
The same release notes our pilot customers see, published the day they go out. Features, fixes, security work, and translation passes.
March 2026— 1
- v1.0
Initial release — The Veil v1.0
AddedAddedAddedFirst production release with full split-knowledge architecture, PII sanitizer, and Veil Protocol attestation.
What's new
Split-knowledge inference proxy
The core
/api/v1/proxy/messagesendpoint is now in production. Submit aprompt_templatewith namedcontextplaceholders — context values are routed through the PII sanitizer and ID Bridge before reaching Sandbox B. The AI never sees identity data.PII Sanitizer — three layers
- Layer 1: Known-entity matching using Cologne phonetics and Levenshtein distance (active on
/service/analyzepath) - Layer 2: Presidio NER with spaCy DE/EN models and custom German recognisers — active on all inference paths
- Layer 2.5: Quasi-Identifier Risk Engine — scores re-identification risk from field combinations using k-anonymity and l-diversity
The Veil Protocol
Every inference request now produces a cryptographically signed VeilCertificate:
- Ed25519-signed claims from all pipeline services
- External co-signing via RFC 3161 TSA and Sigstore Rekor
- Three certificate views: technical proof, DPO summary, regulatory mapping (GDPR Art. 25/32, EU AI Act Art. 10/15)
Account portal
Self-service account management at
/account/— view usage, manage license, download deployment configs, and contact support.Breaking changes
None — this is the initial release.
Upgrade notes
Deploy using the Helm umbrella chart at
deploy/helm/. Seedocs/superpowers/specs/2026-03-21-helm-k8s-deployment-design.mdfor the full deployment guide. - Layer 1: Known-entity matching using Cologne phonetics and Levenshtein distance (active on
Want to see what's coming next?
The roadmap shows what we're working on this quarter, what's queued for next, and what's deferred — with the reasons.