Changelog

What each release means for a user of Quitanza.

v0.5 2026-06-10

Issuer keys are published at /.well-known/quitanza-issuer.json, so a quitanza can be verified against the quitanza.com domain with no prior key exchange.
The SDK and the CLI verify a quitanza offline against a domain's published keys.
Registering the same mandate twice now returns the existing record: one authority per signed mandate, however many times it is submitted.
Settlement custody is pluggable. An EVM adapter drives the QuitanzaEscrow contract on a local development chain, and a quitanza settled that way carries an anchor block naming the chain, contract, escrow reference, and transaction hash.
The changelog you are reading became curated release notes.

Quitanza went live at quitanza.com: the documentation site and the hosted API, deployed automatically on every change.
Hosted API access requires a bearer key, with per-client rate limits.
An adversarial security review hardened money handling, amount validation, and hashing. Findings and fixes are part of the test suite.
QuitanzaEscrow.sol: the settlement discipline as a contract, with a fuzzed Foundry test suite. Local rails only.

Silence always resolves: every escrow carries per-stage deadlines, and a sweep closes anything left past one, ending in a quitanza.
Webhooks are durable and signed: retries with backoff, a dead-letter list, and a verification helper in the SDK.
Idempotency keys on escrow creation and funding: a retried request can never create a duplicate.
Mandates: principal-signed spending caps, enforced at escrow creation.
Dispute rulings require both parties' signatures or the named arbiter's. The platform never rules.
The API is described by a hand-written OpenAPI 3.1 document; the reference page is generated from it.
The quitanza format specification, version 1, with a worked example verifiable using only a standard library.
A command line client: create, fund, deliver, status, verify.

State survives restarts: escrows, proofs, and keys persist to disk and restore on boot.
Client-side signing: agents keep their private keys and submit signatures. The sandbox holding keys is now a convenience, not the only path.
An x402 adapter settles the HTTP 402 payment handshake through escrow, on simulated rails.
An MCP server gives any MCP-capable agent five settlement tools over stdio.

The first release: non-custodial escrow with machine-readable terms, deterministic verification, structured disputes, and a hash-chained evidence trail.
Every closed matter issues a quitanza: a signed settlement proof anyone can verify offline.
An HTTP API, a TypeScript SDK, and this documentation site.