Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.axiomancer.io/llms.txt

Use this file to discover all available pages before exploring further.

What’s new across the platform. Newer releases at the top.

Week of May 10–16, 2026 — Overwatch ghost-vessel inference, Layer Slack OAuth, Locus discover filters

New features

  • Overwatch: New Ghost Vessels layer on the alerts dashboard. Reverse-COLREGS solver back-solves the implied counterpart’s position, course, and speed for each candidate encounter type when a solo vessel makes an unprovoked starboard alter with no other vessel inside 6 NM. Surfaces on the live map as a confidence-shaded ”?”-labeled circle alongside a Ghost Inferences panel and a public GET /api/v1/ghost-inferences endpoint.
  • Overwatch: Course-alteration anomalies now appear in the unified alerts inbox alongside dark events, spoofing alerts, and Locus signals, with severity bucketed by turn magnitude. A matching Course alteration template lands in the Alert Rule Builder.
  • Layer: One-click admin-consent OAuth ships for Slack, Notion, and Atlassian. Slack moves from a workspace-subdomain + bot-token paste form to a “Sign in with Slack” button. Existing manual-paste connections keep working.
  • Locus: New Pioneer Signal and Permit Velocity filters on /discover. Filter cells by pioneer-signal status (none, emerging, active, advanced) and by per-metro permit-velocity percentile over the trailing 12 months.
  • Locus: New score direction and delta window filters on /discover — rising/falling cells over a 7-, 30-, or 90-day window, with a signed-Δ badge per row and CSV export columns to match.
  • Codex: New civic intelligence LLM extractor populates extracted entities, blockers, contingency dependencies, litigation-risk score, and a hostility index on council and zoning decisions in the civic intelligence dataset.
  • Codex: Publish-ready axiom_events view filters internal-only sources out of the public events stream.

Updates

  • Overwatch: COLREGS compliance scoring is now port-context-aware — encounters are tagged anchorage, approach, or open_sea from CPA midpoint geometry and the safe-distance threshold scales accordingly (0.1 NM / 0.2 NM / 0.5 NM). Routine port traffic is no longer flagged as non-compliant.
  • Overwatch: Pairwise encounter extraction is more resilient on dense corridors — paginated 1,000-row batches and a 250,000-pair safety cap, with the default window widened to 90 minutes.
  • Codex: Council-meeting extraction across Granicus-hosted cities now uses a JavaScript-aware crawler; Seattle joins the roster. A new PDF extraction pipeline lifts text and structured layout out of scanned filings.

Fixes

  • Overwatch: axiom_events envelope trigger no longer references a non-existent column on event tables without a metro slug.
  • Overwatch: Ingestion logs from the fetch-imls and osm-cultural Edge Functions always land a terminal row, even on mid-flight errors.
  • Codex: USPS vacancy ingestion surfaces a clean error when the upstream archive serves an HTML error page or a corrupt zip, instead of wedging the daily run.

Week of May 3–9, 2026 — Layer asset management and 4 new connectors, Overwatch Rule 17 deviation flags, NOAA water density into cargo validation, production sweep, Layer and Drift CSP hardening

New features

  • Layer: Asset management lands in the Layer dashboard — manual asset creation, CSV import up to 1,000 rows, and reusable asset bundles with a cost rollup and one-click assignment to a user. Useful for laptop-plus-license starter kits and any other repeatable allocation that previously needed item-by-item entry.
  • Layer: Three new SaaS-discovery connectors land on the integrations catalogMicrosoft Teams, Atlassian (Jira / Confluence / etc., per-product SaaS app with per-user last-active), and Workday HRIS (paginated workers with department, cost center, termination), the platform’s first dedicated HRIS source. Gmail Receipt Scanner is also now available for Layer, surfacing SaaS receipts from Gmail and Microsoft 365 mail as assets via the standard sync route with a 12-month initial scan window.
  • Layer: The GitHub connector now emits a User per organization member with last-active timestamps and a separate Copilot License asset per active assignment, so Copilot seats appear directly in license inventory and access reviews. It also emits a Team asset per GitHub team with MemberOf (user → team) and GovernedBy (repository → team) relationships, so team membership and repo governance surface alongside the org. The Google Workspace and Microsoft Entra ID connectors also emit a SaaS app per third-party OAuth grant detected during sync, so apps connected with “Sign in with Google” or “Sign in with Microsoft” surface on the integrations inventory automatically. The Okta connector now also emits a SaaS app per Okta-managed application and a per-user assignment for every user→app pairing, so dormant accounts and oversized license footprints surface in access reviews without a manual cross-reference. The JumpCloud connector now emits a SaaS app per app surfaced in the trailing 30 days of SSO events, plus Uses relationships per user→app pair and MemberOf relationships for every user group, so JumpCloud-managed seats and group memberships roll into the inventory alongside Okta and OneLogin.
  • Overwatch: Rule 17 deviation flags on vessel-to-vessel encounters. Each pairwise encounter now carries per-vessel max_course_change_deg and rule17_deviation fields. The flag fires when a vessel’s mean stand-on probability across the encounter is at least 0.6 and its largest single-step course change is 10° or more — a stand-on vessel taking unilateral evasive action that COLREGS Rule 17 only authorizes when the give-way vessel has clearly failed to keep clear. Useful for surfacing unannounced maneuvers, attributing close-quarters action to the correct party, and cueing forensic review.
  • Overwatch: Per-port surface water density now refreshes monthly into the cargo validation pipeline. NOAA CO-OPS real-time temperature for major US ports (New Orleans, Houston, Baltimore, Norfolk, Los Angeles) plus country- and water-body-aware climatology for the rest of the world (with overrides for Arctic, Persian Gulf, Red Sea, Black Sea, and Hormuz). Density is computed with UNESCO-80 and used directly in hydrostatic displacement, so freshwater-vs-saltwater corrections stay accurate per port.

Updates

  • Layer: Microsoft Entra ID now reads each user’s signInActivity.lastSignInDateTime and flags accounts inactive for 90+ days, so dormant identities surface ahead of an access review or scheduled offboarding without a directory export.
  • Layer: Sweeping dashboard polish wave on app.axiomlayer.io — collapsible grouped sidebar (Discover / Finance / Operations / Account) with persisted state and a max-width content area, normalized PageHeader across every page, four-card stats strips on Apps / Contracts / Renewals, recharts-backed charts replacing hand-rolled SVGs on Spend detail and Benchmarks, loading skeletons matching the actual layout of Spend / Licenses / Contracts / AI Usage / Benchmarks / Assets / Audit, and a ⌘K command palette synced with the new sidebar groups. See the May 8 daily entry.

Fixes

  • Overwatch: Production sweep — webhook URL validation on alert channels now rejects internal hostnames, link-local ranges, and other non-routable destinations; security headers on axiomoverwatch.io and internal cron auth were tightened across ingestion, archival, alert delivery, and Locus portfolio refresh; and the public /api/v1/positions/latest endpoint now returns underlying error details instead of collapsing to a generic 500.
  • Overwatch: Course-alteration worker is now self-observable — a new monitor raises a worker_inactive alert when no course_alteration events have landed in the trailing 7 days, instead of silently leaving the Ghost Vessels inference cron with no input. Alerts auto-resolve as soon as events resume. Stale pg_cron schedules pointing at deleted Edge Functions were also retired with a reusable detector so future drift surfaces immediately, and the MPO TIP scout now distinguishes silent upsert failures from idempotent no-ops.
  • Overwatch: Course-alteration anomaly detection is now actually running in production. The detector that emits course_alteration events for 45°+ heading deviations more than 10 km from any port had been wired into a path the production worker never executed, so no events had ever landed in the live vessel risk feed or the unified alerts inbox. Detection now runs on every AIS tick, with a course_alterations_detected counter exposed in the worker’s heartbeat. Forward-only — no backfill.
  • Codex: The envelope coverage dashboard refresh no longer times out on tables above one million rows. Tables above that threshold (primarily ais_positions) are now sized from the live row-count statistic rather than an exact COUNT(*) scan, so the nightly refresh completes cleanly. Coverage numbers for smaller tables are unchanged.
  • Overwatch: Cold archive credential handling is hardened — surrounding whitespace is trimmed and credentials containing control characters fail fast with a clear configuration error instead of stalling historical-position archival with an opaque runtime failure.
  • Overwatch: Retryable failed vessel enrichment queue rows that hadn’t exhausted their attempt budget are now reset back to pending automatically, so transient Equasis errors no longer leave otherwise-resolvable vessels parked in the failed bucket.
  • Layer: The Apps, Assets, dashboard, and Cost per employee pages on the Layer dashboard are populating again after a row-level security regression that had silently zeroed every read for these views. The pages had been rendering empty even with intact inventory and spend data; reads now flow through the corrected tenant-resolution path and the previously empty rollups, app lists, and asset tables surface their full contents on next load.
  • Layer: The public marketing surface and the sign-in / sign-up pages on the Layer dashboard now render a recovery screen with a Try again button when an unexpected server error occurs, instead of leaving the browser stuck on a blank page after a closed render stream.
  • Layer: Sentry Session Replay is now disabled on every authenticated route in the Layer dashboard and stops cleanly on client-side route transitions, so tenant data never enters a replay buffer even on long-lived single-page navigations.
  • Layer: Tightened the production Layer dashboard Content-Security-Policy — 'unsafe-inline' and 'unsafe-eval' are no longer permitted in script-src outside local development, closing a class of script-injection paths without affecting any user-facing functionality.
  • Layer: The cross-product marquee on the Layer marketing site no longer overflows the viewport on mobile.
  • Drift: Tightened the production Content-Security-Policy on Drift'unsafe-inline' and 'unsafe-eval' are no longer permitted in script-src outside local development, frame-src is now 'none' so the dashboard cannot embed third-party iframes, and base-uri, object-src, and frame-ancestors are also locked down. No user-facing behavior changes; analytics, billing, and the provider integrations powering shadow-IT discovery continue to work unchanged.
  • Drift: Per-IP rate limits on the Drift ingest webhook, manual connection creation, and sync endpoints now key on the trusted platform-supplied client IP instead of the raw X-Forwarded-For header, so a spoofed forwarding header can no longer be used to evade per-IP throttling.
  • Drift: Dashboard reads on the Drift Apps, Benchmarks, dashboard, Inventory, and Renewals pages now query the canonical workspace identifier instead of a stale legacy column, so paid workspaces no longer see an empty inventory or zeroed spend totals after the recent multi-tenant migration.
  • Layer: Connection connect and disconnect events on the integrations page now record the trusted platform-supplied client IP in the audit log instead of the raw X-Forwarded-For header, so admins reviewing audit entries see an IP that can’t be spoofed by a forwarded-header rewrite.
  • Codex: The RouteShift entry in the cross-product navigation bar on axiomcodex.io now points to routeshift.io instead of an unowned .com domain, so clicks from Codex no longer dead-end. The brand mark in the bar was also refreshed to match the canonical RouteShift glyph.

Week of April 26–May 2, 2026 — Overwatch terminal, COLREGS encounter analytics, aircraft tracking, public Locus rankings, Layer AI Usage

New features

  • Overwatch: New Bloomberg-style terminal at /dashboard with two preset modes — TRADE for commodity flow tracking and SANC for sanctions analytics — laying out 12 live-data panels with F1F12 shortcuts and a ⌘K command palette. The previous landing is preserved at /dashboard/overview.
  • Overwatch: Built-in service status page showing real-time health for database, AIS data freshness, ingestion, and visit pipelines, with a 24-hour timeline and a programmatic health endpoint.
  • Overwatch: New public /api/v1/positions/latest endpoint returns a global GeoJSON FeatureCollection of the latest position for every tracked vessel (~18K) in a single request — no auth, CDN-cached, with optional type and bounding-box filters.
  • Overwatch: Multi-recipient verified email delivery on alert channels. Up to five recipient addresses per channel, each gated by a one-time confirmation link with a 24-hour expiry, with per-pair cooldowns and daily caps so the channel can’t be used as a phishing relay.
  • Overwatch: Per-vessel ETA and route-waypoint forecasts now have a dedicated Expected Arrivals dashboard panel listing vessels forecast to arrive in a rolling 7-day window, plus a new /dashboard/[port]/voyage-times page rendering per-visit stacked bars (approach / anchor wait / berth / idle other), median summary cards, and a 50-row drill-down table.
  • Overwatch: Daily ingestion of 41 FRED economic series — rates, industrial production, capacity, orders, inventories, housing, freight, commodity prices, CPI/PPI, employment, trade, and financial conditions — with vintage-aware observations so historical queries are reproducible.
  • Overwatch: Sentinel-1 SAR ship detections from each dark-fleet verification run are now persisted alongside the dark events they confirm, so scene-level CFAR evidence is durable for review and audit instead of being thrown away after each scan.
  • Overwatch: New vessel density dashboard at /dashboard/density. Daily H3 res-8 layer over the last 30 days of AIS positions, filterable by vessel type, with per-IMO-per-hour bucketing so high-frequency pingers don’t dominate. Same data exposed at GET /api/v1/density?type=…&day=YYYY-MM-DD.
  • Overwatch: Course-alteration anomalies now flow into the vessel risk event stream — course_alteration events fire when an underway vessel turns 45° or more off its 6-hour mean heading more than 10 km from any port zone, with a 6-hour per-vessel dedup window so a sustained turn produces one event rather than a flood.
  • Overwatch: Aircraft tracking is live as a sibling surface to vessel sanctions — hourly ADS-B ingestion for sanctioned airframes (seed coverage now spans Mahan Air, Qeshm Fars Air, Pouya Air, Air Koryo, and Cham Wings / Fly Cham across IRGC-QF, EO 13382, UN 1718, and Syria SDN designations) and a cross-modal lead when a sanctioned aircraft lands within 200 km of a high- or critical-tier dark vessel event.
  • Overwatch: Pairwise encounter extraction — vessel-to-vessel CPA, TCPA, range, closing speed, and bearing-rate geometry derived from raw AIS — now runs hourly in production with stable upsert keys for idempotent re-runs, and a new backfill driver fills any historical window. Encounter-derived fields on the Risk and Investigations APIs see fresher coverage as a result.
  • Overwatch: Every encounter epoch now carries COLREGS-aligned rule posteriors (head-on / overtaking / crossing) and per-vessel role posteriors (give-way / stand-on) derived from epoch geometry alone. Clean geometry pushes the matching rule posterior past 0.85; ambiguous geometry produces a soft mixture instead of a brittle vote. See Rule and role posterior inference.
  • Overwatch: New Rule 17 deviation flags on pairwise encounters — each vessel is flagged when its mean stand-on probability across the encounter is at least 0.6 and its largest single-step course change is 10° or more, surfacing stand-on vessels that took unilateral evasive action that COLREGS Rule 17 only authorizes when the give-way side has clearly failed to keep clear.
  • Overwatch: New Rule 17 handoff timestamp on pairwise encounters records the exact moment Rule 17(a) “keep course and speed” authority transitions to Rule 17(b)/(c) “may / must take avoiding action,” tagged as either give-way inaction or in-extremis geometry. Useful for distinguishing premature unnecessary deviation from required avoidance.
  • Overwatch: New COLREGS compliance scoring in a sibling colregs_encounters table. Every non-compliant encounter gets a compliance_deficit_nm — a counterfactual lateral distance between the give-way vessel’s actual position at CPA and where it should have been under the minimum-effort compliant maneuver — alongside the resolved encounter type, give-way and stand-on IMOs, the required starboard alteration, and both vessels’ actual Δcourse. A new hourly Edge Function lands at minute :17, ten minutes after encounter extraction; a 6-hour-window backfill driver fills history. See COLREGS compliance scoring.
  • Overwatch: New public per-vessel /api/v1/ais/{provider}/{imo}/location/latest endpoint — citable URL, no API key, IP-keyed at 60/min and 1,000/day, with a JSON-LD attribution block so AI ingestion pipelines pick up the source claim cleanly.
  • Locus: New free, fully-unlocked Fastest-Growing Neighborhoods (Population) ranking sourced directly from U.S. Census ACS 5-year estimates. The existing composite list is now disambiguated as Fastest-Growing Neighborhoods (Axiom Composite).
  • Locus: New free, fully-unlocked Most Building Permits Issued (Last 12 Months) ranking sourced from municipal open data (1.2M permits across 10 metros) and cross-referenced with the U.S. Census Building Permits Survey.
  • Locus: Four more free, third-party-cited public rankings — Most Appreciated Real Estate (FHFA HPI), Highest Mortgage Activity (HMDA), Lowest Crime Rate (FBI UCR / NIBRS), Best Public Schools (NCES CCD), and a Most Parks ranking on the curated POI catalog.
  • Locus: New Council Activity card on every metro pulse page showing 90-day high-signal council meetings, rezonings approved, new-construction approvals, housing units mentioned, and dollar amounts — sourced from the civic intelligence dataset. Live for SF, Chicago, and Houston.
  • Locus: Four new live public stats on every metro pulse heroPopulation Δ, Home Price Δ, Median Household Income, Median Gross Rent — sourced from Census ACS B19013, B25064, and the FHFA HPI. The 8-signal grid and metro composite are now Analyst+ teaser+blur, while the public stats hero stays free.
  • Locus: New Maritime → CRE port-risk propagation surfaces a port-congestion warning on cell detail panels when a Locus metro’s primary or secondary port is showing elevated wait times in Overwatch. Twenty-two metros mapped to major US ports by trucking corridor.
  • Locus: Top movers on the signed-in dashboard split into side-by-side Risers and Decliners panels.
  • Locus: 12-month permit-trend chart added to the explorer Intelligence Rail.
  • Locus: Saved searches and a per-row + Portfolio action on discover. Persist any filter set as a named search, jump back via ?saved=<id>, and add result rows to a portfolio in one click. A Saved Searches panel on the dashboard lists the six most recent. Anonymous visitors see /discover unchanged.
  • Locus: Per-portfolio asset class on portfolios — tag any portfolio with one of the seven baked-in scoring profiles (general, qsr, retail, office, industrial, self_storage, data_center) at create time or via inline picker on the detail page, and Locus automatically scores every member under the matching weight profile. Pairs with a new /api/score-comparison endpoint that returns composite + per-signal-group scores under any combination of profiles in one round-trip, so side-by-side comparisons surface how the same location reads as office vs. retail vs. industrial without N calls to /api/score.
  • Layer: New AI Usage entry in the dashboard sidebar, with a one-click handoff to RouteShift — the LLM proxy gateway powering Layer’s AI cost tracking — for per-employee keys, smart routing, savings, and live analytics across OpenAI, Anthropic, Google, and other providers.
  • Locus: Curated ranking lists now render the columns that drive each list’s sort, with the primary metric featured in big-number style. Each list also gained an attribution footer linking to the underlying methodology.
  • Locus: The rankings index is now split into Public Data — Free (full top 25 for everyone) and Axiom Composite — Analyst+ (top 3 preview free, full list on the $49/mo Analyst tier). Paywall is enforced server-side, with an unlock card after preview rows on each composite list page.
  • Locus: The explore map now shows a single national activity heatmap aggregated from the last 90 days of geocoded events, replacing the metro-scoped overlay.
  • Locus: Intelligence Rail on the explorer is now cell-aware — click a hex to pin a Selected-cell panel with a 90-day score sparkline, a signal contribution waterfall ranking the eight signal groups (each row click-throughs to its signal group detail page), and metro-scoped monitor filtering. A metro key-stats strip (composite avg, GDP YoY, top-scoring signal) sits above the rail.
  • Layer, Codex, Platform: Branded OpenGraph and Twitter summary_large_image social preview cards on axiomlayer.io, axiomcodex.io, and axiomancer.io.
  • Layer, Codex, Platform: robots.txt and sitemap.xml now served at site root for axiomlayer.io, axiomcodex.io, and axiomancer.io. Codex also emits SoftwareApplication JSON-LD; Axiomancer Labs embeds Organization JSON-LD with sameAs links to all four product domains.
  • Platform: RouteShift is now a first-class product alongside Layer, Overwatch, Locus, and Codex in the cross-product navigation bar at the top of every Axiom site, with a matching emerald mark and a card on the Axiomancer Labs Products catalog. One-click access to the LLM proxy gateway from anywhere in the platform.

Updates

  • Overwatch: Panning the live map is now instant — the map loads the full global vessel layer once on first paint and renders every subsequent pan from data already on the client. Positions still refresh every five minutes.
  • Overwatch: Vessel markers on the live map now use elongated, bow-forward triangles matching the industry-standard silhouette on VesselFinder and MarineTraffic.
  • Overwatch: All 40+ dashboard sub-pages and shared chrome — sidebar, mobile nav, global search, port selector — now share the obsidian-and-amber palette of the new terminal.
  • Overwatch: The default homepage hero map moved from the Bosphorus Strait to the Port of Long Beach.
  • Overwatch: AIS downsampling catches up faster — each run processes up to five days per tier. Positions older than 90 days are now served from the cold archive; live database tiers top out at 90 days. See Archive storage.
  • Overwatch: ~16,000 historical vessel visits backfilled with hydrostatic cargo estimates.
  • Overwatch: Equasis vessel enrichment now surfaces ISM Manager, Commercial Manager, and Technical Manager as separate fields, with a distinct relation per role on the vessel relationship graph. The legacy ship_manager field is unchanged.
  • Overwatch: Cross-product navigation bar now appears consistently on every page, including intelligence, blog, pricing, and dashboard sub-pages.
  • Overwatch, Locus, Platform: Faster first paint across axiomoverwatch.io, locus.axiomancer.io, and axiomancer.io via Mux preconnects, hero poster preloads, smaller LCP poster sizes, and deferred PostHog initialization.
  • Layer: Server-rendered marketing hero text on axiomlayer.com — the headline now paints immediately instead of waiting on client hydration. Cost-rollup endpoints in the dashboard also set Cache-Control: private, no-store so per-employee, hardware, and AI cost data can never be served from a CDN cache to the wrong tenant.
  • Locus: Free Location Report requests on locus.axiomancer.io now require a Cloudflare Turnstile CAPTCHA and recipient email confirmation (24-hour link expiry) before a report is generated and sent, with per-IP and per-recipient daily rate limits as a backstop.
  • Locus: New Permit Scope Quality sub-score in the developmentPipeline signal group on /api/score, weighting each recent permit by LLM-extracted scope_type (new construction vs. renovation vs. repair, etc.) and estimated_cost_tier. Surfaces as source: "AXL-108" in the group’s subScores. See Development pipeline sub-scores.
  • Locus: Default general scoring profile on /api/score rebalanced to align signal weights with peer-reviewed CRE price-correlation literature — developmentPipeline, economicStrength, and accessibility weighted up; businessVitality, populationMomentum, demographics, and amenityDemand weighted down. Use-case profiles (qsr, office, industrial, retail, data_center, self_storage) are unchanged. Pin to the previous behavior with profile_version for replicable historical scores.
  • Locus: Cell scoring now supports per-metro H3 resolution. Ten low-density metros — Phoenix, Houston, Las Vegas, Dallas, San Antonio, Nashville, Jacksonville, Oklahoma City, El Paso, Fort Worth — are now scored at H3 r7 instead of the default r8. See Per-metro resolution overrides.
  • Locus: New Permit Scope Quality sub-signal in the development pipeline score. Each cell now reflects what was permitted, not just how many — new construction weighs more than additions, additions more than renovations, renovations more than repairs, with a separate cost-tier multiplier layered on top. Wired into the existing 6-month permit window at 10% weight inside the development pipeline group; other sub-signals are unchanged.

Fixes

  • Layer: Workspaces auto-provision on first dashboard load, on the integration OAuth connect callback, and on the free shadow IT scan submission, so first-touch flows complete cleanly without “Unauthorized” or no_tenant dead-ends.
  • Layer: Email/password sign-ups that included a workspace name now succeed end-to-end after a regression in the workspace-provisioning trigger was rolling back accounts. Sign-up errors now also show the underlying reason inline.
  • Layer: Connecting an integration right after sign-up no longer fails with a save_failed redirect — the OAuth callback writes through a tenant-authoritative path so brand-new workspaces are recognized on the first connect attempt. Connector tiles also now show the right logo for Microsoft, AWS, Jamf, JumpCloud, and the rest of the catalog.
  • Layer: New users without a workspace now go through an explicit Create your workspace step instead of having a workspace auto-named from their email domain — closing a tenant-hijack edge case on invitee and SSO flows. See Getting started.
  • Layer: Connector tiles on the integrations catalog now flip to Connected the moment an OAuth callback or credential save completes, instead of waiting for a session refresh — newly-connected integrations were briefly displaying as unconnected even after the credential was saved.
  • Layer: Failed Stripe payments now flip the relevant subscription to past_due after three consecutive failed attempts on Plans and billing, restoring an invoice.payment_failed lifecycle hook that briefly went silent during the recent webhook consolidation.
  • Locus: Neighborhoods on cell enrichment, scoring, and location lookups now resolve to the names you’d recognize from Google Maps — SoHo, Williamsburg, Mission District — instead of administrative subdivisions. NYC coverage was also restored after the upstream NYC Open Data feed was withdrawn, and multi-part polygons now preserve islands and exclaves.
  • Locus: Cell scoring no longer fabricates a “Safe” badge or a 0/100 permit-activity score when the underlying data is missing. Safety scores also no longer read 100/100 from a FEMA flood zone alone — the safety group now requires at least two sub-signals before producing a number.
  • Locus: Tiny tracts no longer dominate the public Fastest-Growing by Population ranking — census tracts with fewer than 1,000 prior residents are now filtered out so small-denominator anomalies (e.g., 62→2,382 = +3,741%) don’t push genuinely fast-growing inhabited neighborhoods off the leaderboard. Column labels were sharpened to clarify the metric is a roughly 5-year ACS delta.
  • Locus: Cell score history writes restored after a month-long silent freeze — the daily scorer was upserting a column that only existed on cell_scores, so every history write was being rejected and quietly swallowed. The 90-day trajectory sparkline on the Explorer’s selected-cell panel had been falling back to its dashed (estimated) stand-in during the freeze; real time-series data starts populating from the next scorer run forward, and the silent error handler has been replaced with explicit logging so future schema drift surfaces immediately.
  • Locus: Signing in now drops you on the authenticated dashboard at /dashboard instead of the explorer map.
  • Locus: Hardened budget caps on the pipelines that refresh POI inventory for Locus scoring, with explicit per-key Google Places, weekly global, and Yelp monthly caps under each free-tier ceiling.
  • Overwatch: Vessel enrichment from Equasis now warms the session on fresh logins as well as re-logins, eliminating the first-vessel-of-batch failures that accounted for nearly all recent enrichment errors.
  • Overwatch: AISHub bulk ingestion now writes positions in 250-row chunks instead of one statement, so dense corridor fetches (NW Europe / Channel, Strait of Hormuz) no longer trip the database’s 60-second statement timeout and lose the entire batch. ingestion_logs.status gained a new 'partial' value for runs where some chunks landed and others failed, with the per-chunk failure count surfaced as metadata.chunks_failed.
  • Overwatch: Live map controls no longer clip on shorter or mobile viewports — the map now sizes to 100dvh and trail controls and the legend respect the safe-area inset.
  • Overwatch: Stale-data-source alerts on the status page now clear automatically as soon as the source recovers, including for slower feeds running less than every six hours.
  • Overwatch: More resilient ingestion of cultural amenity data from OpenStreetMap — records with freeform start_date values like "1870" or "c. 1900" no longer fail to load.
  • Overwatch: Brazilian ANTAQ vessel-call ingestion no longer silently strands existing rows without cargo tonnage. Tonnage now flows into the cargo validation pipeline as soon as the upstream archive is reachable, and any future fetch failure surfaces on the status page instead of disappearing into a console warning.
  • Codex: In-app support chat fonts now load cleanly on axiomcodex.io — the Intercom font subdomain has been added to the CSP allowlist.
  • Codex: Tightened the Content-Security-Policy on axiomcodex.io to drop unsafe-eval from script-src, closing a class of script-injection paths without affecting any user-facing functionality.
  • Layer: Scheduled reports no longer double-send when the cron loop runs twice in the same window — each scheduled send is claimed exactly once per (schedule, scheduled-for) window, so a Vercel cron retry, manual overlap, or multi-region replica race cleanly skips instead of re-emailing recipients.

Week of April 19–25, 2026 — Layer GA, Overwatch reliability, civic data fixes

New features

  • Layer: Major release across the SaaS lifecycle. New surfaces include the audit log, AI spend tracking, virtual cards with per-vendor caps, monthly and annual spend budgets, SaaS benchmarks, license management with seat harvesting, access reviews, multi-stage access approval workflows, AI contract extraction, a renewal calendar, automated offboarding, an onboarding readiness tracker, device shipping with carrier tracking, a compliance readiness dashboard, webhook notifications, custom fields, scheduled reports, and global search.
  • Layer: New MCP server lets AI assistants query your asset inventory, discovered apps, controls, and platform counts.
  • Layer: Free no-signup shadow IT scan for Google Workspace — discovers up to 50 apps in under five minutes.
  • Layer: Axiom Layer Precision browser extension tracks active versus passive SaaS usage on managed devices.
  • Layer: Plan-tier limits are now enforced at runtime, with in-context upgrade banners and rate-limit headers on /api. See Plans and billing.
  • Overwatch: Built-in status page showing real-time health for database, AIS data, and pipeline services, plus a programmatic /api/health endpoint.
  • Codex: New port authority governance dataset covering Oakland, Long Beach, Los Angeles, JAXPORT, and the Port Authority of New York and New Jersey.
  • Codex: All 111 tables now carry the full APRS envelope; coverage is enforced in CI and tracked on the envelope coverage dashboard.
  • Locus: In-app support chat, with identity verification when signed in.

Updates

  • Overwatch: Default AIS coverage radius expanded from ~55 km to 220 km per port, with an opt-in global tracking flag for dark-fleet and open-ocean monitoring.
  • Overwatch: New tiered AIS data retention policy — full resolution for 7 days, thinned to one position per minute through 30 days, archived to cold storage thereafter.
  • Overwatch: Vessel markers on the live map replaced with rotated triangle icons that read as bow-forward at every zoom.
  • Overwatch: ~16,000 historical visits backfilled with hydrostatic cargo estimates.
  • Layer: Dashboard persona setting (Finance, IT, or Both), hardware lifecycle settings, and a shadow app review queue with explicit approve/reject flow.
  • Layer: Brand accent refreshed from amber to pink across the Layer marketing site and dashboard; cross-product bar updated everywhere to match.
  • Codex / Locus: NYC council decisions and zoning variances are now populated, with a Legistar HTML fallback when the JSON API misses fields. Federal NEPA environmental reviews are now flowing in via the Federal Register.
  • Codex: Faster APRS backfill (5x) for the largest legacy datasets — projected completion now under 60 days. Restored NTD transit ridership data and improved data quality in NFIP and HMDA.
  • Locus: Refreshed social previews and sharper page titles on locus.axiomancer.io; the signals page now reads counts directly from the live catalog. Primary fonts are also self-hosted now, removing a render-blocking request and the brief flash of unstyled text on first load.
  • Platform: Cross-product bar inactive labels lifted to WCAG AA contrast, and the Docs link is now product-aware on every site.

Fixes

  • Locus: Cell scoring writes restored after upsert errors were being swallowed; scores, rankings, and downstream queries are flowing again.
  • Locus: Walkability scoring restored after the upstream OpenStreetMap provider began rejecting requests without a User-Agent.
  • Locus: Code enforcement collection now uses a 7-day window matching its weekly cadence, so updates no longer time out.
  • Overwatch: More reliable Equasis vessel enrichment (concurrent relay, full session re-warm) — registered owner, flag state, and deadweight tonnage populate consistently.
  • Overwatch: Daily risk-scoring feature generation restored after a column-mismatch failure; ship-to-ship transfer history and identity-change events stay current.
  • Overwatch: Port-call and disruption processing now uses smaller batches and per-query timeouts, eliminating OOMs and 504s during load spikes.
  • Overwatch: Flag-hopping detection now records all flag changes; client-side crash on first load resolved; first-time-seen and shared-MMSI vessels no longer drop position updates.
  • Overwatch: AIS positions ingested from AISHub now populate h3_index at write time, restoring 100% coverage on the envelope dashboard and unblocking spatial joins on the full ais_positions table.
  • Layer, Locus, Overwatch: Marketing pages and the cross-product bar now meet WCAG AA contrast across hero copy, footers, inactive product labels, and the Layer “Get started” CTA. Locus and Overwatch homepages — plus the Locus pricing page and all eight Locus content pages (blog, pulse, docs, methodology, sources, explore, signals, rankings) — also expose proper <main> landmarks for screen readers. The shared Locus content footer used across pricing, blog, pulse, and docs was lifted past AA contrast in a final follow-up.
  • Layer, Locus, Overwatch: Brand colors and Docs link fallbacks aligned across all four sites — the cross-product bar uses pink for Layer and indigo for Locus everywhere, and the Docs link falls back to the product’s own docs section.
  • Layer: Slack bot tokens are now exclusively encrypted at rest; virtual card operations verify cardholder ownership; multiple rounds of security hardening across authentication, RLS, idempotency, and rate limiting.
  • Layer: Content Security Policy now allows the providers the dashboard depends on — Intercom for in-app chat, Mux for embedded video, and the analytics stack — so the support widget loads reliably and tracked events are no longer dropped on browsers enforcing strict CSP.

April 18, 2026 — Stripe billing + 6 new connectors + catalog cleanup

  • Layer: Stripe billing wired end-to-end. New /settings/billing page lets users pick Starter/Growth/Scale tiers (monthly or annual), open the Stripe Customer Portal, and see their current subscription. Webhook reconciles checkout.session.completed, subscription updates, cancellations, and dunning back to the subscriptions table (LAY-255).
  • Layer: 6 high-value connectors promoted from “legacy stub” to first-class discovery — AWS (native Sigv4 signing replaces broken legacy code), GCP (service-account JWT-bearer auth), Azure (OAuth2 client_credentials), GitHub, CrowdStrike, Datadog. All return assets + structured evidence with control-code mappings (LAY-251).
  • Layer: Hid 43 stub connectors from the integrations catalog — only end-to-end working integrations show up now. Added a “Request a connector” CTA so customers can express demand for the rest (LAY-250).

April 18, 2026 — Intercom across the platform + analytics provider rollout

  • All sites: Intercom Messenger now lives on every Axiom property (Layer app, Overwatch, Locus, Codex, Axiomancer, docs). Marketing visitors hit the same workspace anonymously; Layer signs them in with a server-minted JWT once they’re authenticated, so support sees a single conversation history per identity.
  • All sites: PostHog + Amplitude + Sentry providers wired uniformly across the 4 marketing sites (parity with Layer).
  • docs.axiomancer.io: Native Mintlify Intercom integration enabled — no client-side script required.

April 18, 2026 — Audit log + connector audit + Codex evidence catalogs

  • Codex: New evidence catalog pages for ISO 27001, HIPAA, and PCI DSS — per-control API references showing exactly what evidence Codex collects.
  • Codex: New framework guides for NIST 800-53, SOC 1, and FedRAMP.
  • Layer: Empty-state pitch on /integrations — when no integrations are connected, surface a “get started in 2 minutes” hero with the recommended first connections.
  • Layer: Onboarding flow now leads with one-click admin-consent OAuth language for Google Workspace and Microsoft 365. No more “API tokens” copy.
  • Layer: Audit log table migration drafted (review pending) — when applied, every integration connect/disconnect, asset mutation, and access change gets logged with tenant scoping.
  • Internal: Connector catalog audit published — 75 catalog entries, ~25 production-ready end-to-end. Backlog tickets filed for the rest.
  • Layer: Google Workspace and Microsoft 365 integrations now use one-click admin-consent OAuth (no GCP project, no Azure AD app registration on the customer side). Same flow extended to Microsoft Intune, Teams, and M365 Mail.
  • Layer: IdP token refresh wired transparently — delegated tokens auto-renew on 401, rotated tokens persist back to the encrypted credential store. Connections survive past the 1-hour Microsoft / Google token TTL without manual re-auth.
  • Layer: Daily integration health email cron (Vercel cron, opt-in via Resend API key).
  • Layer: Connector cards now show real brand icons (simple-icons CDN), translucent placeholder examples in inputs, and hover info tooltips next to each credential field label.
  • Layer: AxiomBar (cross-product nav) now appears on dashboard pages, not just marketing.
  • docs.axiomancer.io: This site went live. Auto-converted Overwatch (70 endpoints) and Locus (35 endpoints) API references; hand-written Layer integration guides for 11 connectors; Codex framework guides for SOC 2 / ISO 27001 / HIPAA. Mintlify-hosted with a free auto-generated MCP server so AI assistants can search the docs natively.
  • Internal: Tier 2 OAuth scaffolding script (Slack / Notion / Atlassian) — when credentials arrive, wiring is ./wire.sh slack <id> <secret>.

April 16, 2026 — Polish week

  • Layer: Shared AxiomBar component pinned to the top of every Axiom site for consistent cross-product nav.
  • Layer: Scroll-reveal animations on integrations, pricing, FAQ sections.
  • Layer: New animation primitives — Reveal, useInView, AnimatedCounter.
  • Layer: Brand mark corrected to the canonical hex-network design.
  • Layer: 4K Mux video on the marketing hero.
  • Layer: Apps page now shows an EmptyState instead of redirecting to login when org_id is missing.

April 14, 2026 — UI redesign sprint

  • Layer: People, Apps, Spend, Contracts, Renewals all redesigned with consistent metric cards + urgency bars + category filters.
  • Layer: Integrations grid redesigned — colored tiles, status rings, connected-state actions.

April 12, 2026 — Plans 1–4 shipped (April sprint)

  • Layer: Hardware cost foundation (hardware_purchase_events table, amortization engine, /api/employees/costs endpoint).
  • Layer: Cost intelligence UI — per-employee cost roll-ups, hardware monthly amortized totals, vendor consolidation.
  • Layer: Lifecycle workflows — onboarding/offboarding cards, MDM lifecycle.
  • Layer: AI usage tracking — per-employee LLM spend tracking via OpenAI / Anthropic admin APIs.
  • Layer: Navigation restructured — People / Apps / Hardware / Settings.

Earlier

For the full project history, see the GitHub repo and Linear project tracking.