Skip to main content
OpenSettle
Start building
Changelog

What’s shipped.

Notable shipments since the first commit on 2026-04-18. Pre-launch — the first user-facing release notes will arrive once external merchants are live.

  1. infra-notice-github· 2026-06-03Notice

    Our GitHub got flagged again — turns out we ship too hard for the robots

    Transparency note, with a side of self-roast. GitHub's automated spam filter flagged the OpenSettle org again. The crime? Shipping too fast — multi-hundred-file commits landing at odd hours, day after day, apparently pattern-matches to 'bot' more than 'caffeinated founder.' We'll take it as a compliment. Here's what it is NOT: not a breach, not a security incident, not anything touching your data or your money. It's a visibility flag on our GitHub *profile* — and because OpenSettle is non-custodial, your funds were never anywhere near a repo to begin with. The payments API, dashboard, checkout, SDKs, and webhooks are all running completely normally. While we appeal, we're standing up a backup GitHub mirror and pointing the site's repo links there, and the 'Continue with GitHub' sign-in option flips back on the moment the mirror's OAuth app is live. Google sign-in and passkeys never went anywhere — use those in the meantime. We'll drop the mirror link right here once it's up.

  2. v0.3.0-buyer-flow· 2026-05-31Feature

    Buyer chain+token picker, late-arrival recovery, payment receipt email

    Four merchant-visible UX wins from a multi-agent hostile-buyer audit pass. (a) Buyers now pick their preferred (chain, token) at the hosted checkout from the merchant's verified wallets — no more 'merchant chose Base, buyer only has Polygon' deadlock. Brand-color ChainGlyph + gas-cost hint + a slow-settlement disclaimer for Polygon. (b) Late-arrival recovery: when a buyer paying from a CEX has their withdrawal land AFTER the checkout's 30-min expiry, the page now surfaces 'we got your payment, contact the merchant' with the tx hash + explorer link instead of a dead-end 'session expired'. There's also a +30-min CEX-withdrawal grace timer the buyer can self-serve. (c) Buyers get a confirmation email on every paid checkout (any chain) with tx hash + explorer URL — handy if their tab closed before SuccessPanel rendered. (d) 'I broadcast it' button — buyers can paste their tx hash for self-serve confirmation when our chain-reader hasn't caught up to their wallet yet.

    Details
  3. v0.2.3-hardening· 2026-05-30Security

    Security hardening pass — concurrent-buyer race, reorg guard, response-body cap

    Eight defenses shipped across the chain-ingest, webhook-delivery, and subscription-lifecycle paths after a multi-agent audit + live pen-test sweep. Highlights: concurrent prepare-payment requests on the same checkout now serialize cleanly (no more duplicate pending rows), a pre-promotion canonical block-hash check rejects payments whose underlying block was reorged out during the confirmation window, webhook response bodies are stream-read with a 64KB cap (defends the deliverer against malicious-merchant memory exhaustion), restricted-jurisdiction code normalisation strips Cyrillic / Greek / zero-width homoglyphs before matching, and plan-change validates currency-token peg + refuses mutations to cancel-scheduled subscriptions. 1640+ tests pass, zero CVEs. Platform security posture at /docs/security.

    Details
  4. v0.2.2-attribution· 2026-05-29Feature

    Per-buyer payment matching — concurrent buyers and rounded amounts both attribute correctly

    Two reliability fixes that change merchant experience on busy wallets. (a) Per-buyer tokenAmountBase jitter: every pending payment gets a deterministic sub-cent micro-offset (max ~$0.01) so two concurrent buyers paying the same plan price never collide on the on-chain matcher. (b) Close-match auto-promote: a buyer who rounds the displayed amount (e.g. sees 0.501995 USDC, sends 0.50) now has their pending row auto-credited if the received amount is within ±2% of expected and the linked checkout is still active. Across all three rails (EVM, Solana, Tron). Conceptual overview in the docs.

    Details
  5. v0.2.2-event-dedup· 2026-05-28Security

    Webhook event deduplication for terminal lifecycle events

    Terminal-state events (payment.confirmed, checkout.succeeded, subscription.created, invoice.paid, etc) now carry a deterministic dedup_key. A partial unique index on (workspace_id, dedup_key) makes a second emission of the same logical event a no-op via ON CONFLICT — and the webhook fan-out is skipped, so your endpoint never sees a duplicate delivery for the same payment confirmation, no matter how many times an operator-triggered cursor rewind or a chain-reader retry re-processes the underlying tx. Non-terminal events (payment.pending, sub.renewed) emit unbounded as before. Replay button on the dashboard bypasses the dedup so legitimate replays still work.

    Details
  6. v0.2.2-volume-pricing· 2026-05-27Feature

    Volume pricing restored — 1% / 0.85% / 0.65%

    Reverted the 2026-05-18 flat-0.6% experiment back to the cascading volume model: 1% on the first $50k of monthly volume, 0.85% from $50k to $250k, and 0.65% above $250k — charged tax-bracket style so each slice is priced at its own rate. Fees accrue at confirmation; funds always settle directly to your wallet on-chain. Still no setup fee, no monthly minimum, no subscription.

    Details
  7. v0.2.1-pricing-simplify· 2026-05-21Feature

    Pricing simplified to a single live tier

    Removed the Compliance Pack and Enterprise tiers from /pricing. Compliance Pack was a SOC-2-engagement-letter-gated waitlist that conflicted with our updated 'Exploratory' framing on the Trust Center and Security pages; Enterprise targeted licensed-operator segments we're de-emphasising. At the time, Base pricing was 0.6% flat per settlement, non-custodial, no minimums, no monthly fee — that flat rate was itself reverted to the cascading 1% / 0.85% / 0.65% volume model on 2026-05-27 (see the entry above). Higher-volume customers can write to sales@opensettle.io for a scoped contract. Backend tier enums and admin workspace plans are unchanged so existing integrations and bookmarked links still resolve.

    Details
  8. v0.2.0-tier4· 2026-05-18Feature

    Tier 4 pricing rewrite — flat 0.6% + Compliance Pack

    Replaced the cascading Starter/Growth/Scale rates with a single 0.6% flat per-settlement rate. A higher tier bundled additional contractual and compliance support (indemnified MSA, dispute SLA) — since removed on 2026-05-21, see the entry above. Enterprise (gated to $5M+/yr volume) was $50K+ platform fee + 0.3% per settlement.

    Details
  9. v0.2.0-vps· 2026-05-17Security

    Platform moved to single-VPS deployment

    Web, API, workers, and Postgres consolidated onto a single Hetzner CPX22 VPS in Nuremberg. Replaces the prior Vercel + Fly + Supabase stack. Sub-processor list updated at /legal/sub-processors; data residency now eu-central.

    Details
  10. v0.1.0-pricing· 2026-05-02Feature

    Cascading pricing introduced (since superseded)

    Starter 1.0% / Growth 0.85% / Scale 0.65% / Custom <0.5%. Superseded on 2026-05-18 by flat 0.6% pricing — see the entry above.

    Details
  11. v0.1.0-sdk· 2026-05-01Feature

    TypeScript SDK published to npm

    @opensettle/sdk@0.1.0 — typed end-to-end against the v1 API. Signed-webhook verifier, idempotent writes, and bounded retries built in.

    Details
  12. v0.1.0-audit· 2026-04-25Security

    Platform security audit

    OWASP-aligned threat modeling completed and remediated. 10 P0/P1 fixes shipped covering webhook-secret encryption, SSRF guards on outbound delivery, refund-recipient pinning, and step-up auth on every high-blast-radius route.

    Details
  13. v0.1.0-mainnet· 2026-04-22Launch

    Mainnet settlement live

    Multi-chain settlement live on Base, Ethereum, Polygon, and Arbitrum (USDC). Solana (USDC) and Tron (USDT) crypto-verified end-to-end (Ed25519, secp256k1, TIP-191) and queued for first mainnet merchant.

  14. v0.0.0· 2026-04-18Launch

    First commit

    Repository opened. Build began.