Changelog

What's new at MIR. Updated weekly. Product-level only—no sensitive security details, no partner names unless public.

Week of March 2, 2026

March 2 - 8, 2026

Shipped

  • MIR self-events — MIR now records behavioral events about its own users (logins, registrations, passkey usage, session creation) through the same event pipeline that partners use, bootstrapping every user toward tier 1
  • Unified live event feed — the demo activity feed now shows both partner agent events and MIR platform events in real time with distinct badge types
  • New blog post: IAM? IGA? PAM? You Need MIR. — positioning MIR as the behavioral signal layer that identity tools are missing
  • Actor type attribution — events and claims now support an actorType field (HUMAN, AGENT, UNKNOWN) to distinguish human from autonomous agent activity
  • Enterprise referral program — partners can now refer other organizations and track referral status through a dedicated dashboard
  • Context Safety guide — engineering guidance for partners integrating AI agents with MIR's API, addressing context window compaction risks
  • Acceptable Use Policy — comprehensive policy covering data interpretation, agent accountability, actor type attestation, and network integrity
  • Published The Rogue Agent Problem — position paper on autonomous agent trust failure modes and why continuity must not become trust
  • Continuity Log — the live event feed now includes a filterable continuity log showing identity activity across the MIR network, with filters for identity type, activity category, and result status
  • Audit logging for authentication — all login flows (email/password, magic link, passkey) now write to the audit log for compliance visibility
  • Configurable data retention policies for partners with automated lifecycle management
  • Daily claim digest notifications for users with recent activity

Improved

  • Expanded health endpoint with subsystem status reporting
  • Improved consistency of tier assignment across policy endpoints
  • Referral attribution now surfaced in partner application notifications

Fixed

  • Blog router 404 fallback now correctly renders the styled error page instead of failing silently

Week of February 23, 2026

February 23 - March 1, 2026

Shipped

  • Domain split: enterprise services now live on myinternetreputation.com, marketplace and consumer features remain on myinternetreputation.org
  • Real-time activity feed for enterprise demos — live visualization of agent events as they happen, with resolve signal sidebar
  • Dual attribution for AI agents — events submitted by agents are now recorded against both the agent and the user, so each accumulates independent participation history
  • New event type: mir.agent.action.completed for tracking agent activity across partners
  • Socket.io event emission on the primary event ingestion endpoint — real-time listeners now fire for all event submissions

Improved

  • Agent LinkedAccount creation now uses atomic upsert to prevent race conditions under concurrent submissions

Week of February 9, 2026

February 9 - 15, 2026

Shipped

  • Media Assertions is now its own platform at mirassertions.org — dedicated infrastructure for cryptographic media provenance, separate from MIR's participation history services
  • Perceptual hash cross-referencing: when assertions are created, MIR automatically detects visually similar artifacts on different hashes and alerts admins
  • Visually similar artifacts section on the assertion lookup page — shows related artifacts with distance badges, collapsed by default
  • File upload lookup now returns related artifacts alongside exact matches
  • Perceptual hash backfill: uploading a file for lookup automatically populates perceptual hashes on older assertions that predate the feature
  • Disputes page explaining all three dispute mechanisms (event disputes, assertion disputes, issuer appeals) with scenarios, edge cases, and resolution lifecycle
  • Agent registration for enterprise partners — register AI agents and service accounts with scoped permissions, independent rate limits, and event-type allowlists
  • Enterprise partners can now enforce agent-only API access across their organization
  • New blog post: The Internet Learned How to Remember — Just Not Who Was There
  • Introduced dual branding: MIR is "MIR" for individuals, "Memory Infrastructure Registry" for enterprises
  • MIR Badge Overlay widget — embeddable script that displays a verification badge on images with MIR assertions, with auto-hashing and one-click verification links
  • Blog images now carry MIR assertion badges, verifying provenance via the badge overlay

Improved

  • Strengthened session security for user accounts
  • New sign-in notification emails when your account is accessed from an unfamiliar device or location
  • Alerts for unusual concurrent session activity
  • Passkey-based verification now required for sensitive account operations when passkeys are registered
  • Hardened SSO authentication: partner disabled status is now checked during SSO callback
  • Suspended user accounts are now blocked from SSO login
  • Disabling a partner immediately invalidates all active sessions for its members
  • Platform-reprocessed images (LinkedIn, Twitter, etc.) now match original assertions via perceptual hashing
  • Improved session stability during page loads
  • Issuer portal and browser signer now recognize existing user sessions — no separate login required if already signed in to MIR
  • Session key rotation now propagates correctly across all assertion endpoints, preventing "Session expired" errors during signing
  • Badge overlay intelligently wraps images only when needed, preserving layout on third-party sites
  • Rebranded "reputation" terminology to "participation history" across the platform, emails, and all 16 supported languages

Week of February 2, 2026

February 2 - 8, 2026

Shipped

  • Multi-device signing: issuers can register signing keys on multiple devices and sign assertions from any of them
  • Smooth new-device onboarding with inline registration form, auto-detected device name, and pre-filled email
  • File timestamps on assertions: the lookup page now shows when asserted media was created or last modified
  • Enterprise SSO add-on available mid-cycle or at next billing, with Stripe proration
  • Self-serve enterprise plan upgrades with mid-cycle proration
  • SSO included directly in Stripe checkout for both monthly and annual plans
  • "About MIR" page — plain-English explanation of what MIR does, linked from homepage and footer
  • Image and video thumbnails in the Browser Signer file list
  • Founder pricing: first 1,000 issuers get their rate locked forever
  • Issuer applications now auto-approve — payment replaces admin approval
  • Browser Signer for media assertions with biometric-protected keys
  • Issuer verification pathways: DNS domain verification
  • Auto-verification for issuers after 20 successful assertions
  • Stripe subscription billing for assertion issuers ($79/year individual)
  • Billing portal in Issuer Portal: subscribe, cancel, reactivate
  • Shortened enterprise SSO session lifetime with automatic idle timeout
  • Expanded abuse protections for authentication flows
  • Desktop-responsive layout for Browser Signer page
  • Paste-to-search on the assertions verification page
  • Badge overlay widget: lightweight MIR logo overlay for images with assertions

Improved

  • Large file hashing now streams in chunks — no more crashes on mobile for big videos
  • Hashing progress shows "Computing fingerprint locally..." with percentage and "never uploaded" note
  • Assertion errors now stay visible with prominent styling instead of disappearing after 1 second
  • Failed files remain in the file list after submission so you can see what went wrong
  • Error alerts last longer (8 seconds for errors) and include the actual failure reason

Fixed

  • Fixed mobile assertion failures caused by loading entire large files into memory for hashing
  • Fixed broken image thumbnails caused by Content Security Policy blocking blob: URLs
  • Fixed enterprise plan upgrades being blocked for accounts in trial status

Week of January 26, 2026

January 26 - February 1, 2026

Shipped

  • Account data export now available in both HTML and JSON formats
  • Invite-only provisioning for enterprise SSO

Improved

  • Strengthened SSO state validation and integrity protections
  • Enhanced audit logging for enterprise authentication
  • Improved redirect and callback validation in SSO flows

Week of January 19, 2026

January 19 - 25, 2026

Shipped

  • Added separate claims layer for partner-submitted assertions
  • New endpoint: POST /claims for submitting attributed assertions
  • Resolve endpoint now returns claims separately from history
  • Constitution v1.1: Added "What MIR Will Never Do" section with explicit anti-box commitments
  • Account linking documentation added to Integration Guide with Web and Mobile sections
  • Mobile app linking samples for Android (Kotlin/Jetpack Compose) and iOS (Swift/SwiftUI)
  • New page: "The Man Who Kept Starting Over" - a story about continuity and why the internet keeps forgetting

Week of January 12, 2026

January 12 - 18, 2026

Shipped

  • Blog index now groups posts by month with collapsible accordion sections
  • Partner logo resources available in multiple sizes (100px to 960px) in the Integration Guide
  • New blog posts: "Why Portable Reputation Stalled" and "Self-Sovereign Identity Proved Identity Isn't Enough"
  • Constitution page explaining MIR's governance principles
  • Enhanced partner login experience
  • This changelog page

Improved

  • Upgraded SSO provider SDK to latest version
  • Hardened authentication reliability
  • Improved submission integrity and platform resilience
  • Better participation history transparency in API responses

Fixed

  • Blog post dates now display correctly regardless of timezone
  • Resolved all dependency security advisories

Week of January 5, 2026

January 5 - 11, 2026

Shipped

  • Enterprise SSO support for partners
  • Webhook delivery system for real-time partner notifications
  • Bulk event submission API for high-volume partners
  • API versioning infrastructure
  • System status page at /status
  • Usage analytics dashboard for partners
  • Audit log exports for compliance
  • New blog posts: "Continuity Is the Internet's Missing Primitive" and "How MIR Augments LifeLock"
  • Constraint page explaining MIR's operational boundaries

Improved

  • Enhanced rate limiting with partner-specific tiers
  • Better monitoring and alerting for API health
  • Uptime tracking and SLA reporting

Week of December 29, 2025

December 29, 2025 - January 4, 2026

Shipped

  • Blog launched with initial posts on trust, continuity, and reputation
  • Contact form for inquiries
  • Full internationalization (i18n) support across the platform
  • Policy evaluation system for partner-defined rules
  • Partner tier system with configurable rate limits
  • Shopify app customer linking flow

Improved

  • Account linking flow with better error handling
  • Email authentication with passwordless login option

Week of December 22, 2025

December 22 - 28, 2025

Shipped

  • Shopify integration with OAuth authentication
  • Account deletion workflow with data export
  • Request logging for debugging and audit trails
  • Initial partner onboarding flow

Notes

This marks the beginning of MIR's public changelog. Earlier development history is not included.