Changelog

​

This week at a glance

​

New features

• Overwatch: New Bloomberg-style terminal landing at /dashboard. A fixed-viewport HUD with two preset modes — TRADE for commodity flow tracking and SANC for sanctions analytics — each laying out 12 live-data panels (port-flow heatmap, live vessel mini-map, export forecasts, berth utilization, commodity tape, trade-flow tracker, active alerts, dark-fleet map, anomaly queue, risk profiles, verification queue, and a recent-events stream). F1–F12 jump to the equivalent dashboard sub-route, and ⌘K (or Ctrl+K) opens a command palette. Pin actions reuse your existing watchlist. A simplified mobile view is shown on small screens. The previous landing page is preserved at /dashboard/overview and all 24 dashboard sub-routes still work as before.
• Overwatch: Built-in service status page showing real-time health for database connectivity, AIS data freshness, ingestion pipeline, and visit pipeline, with each service’s current state and a 24-hour visual timeline so intermittent issues are easy to spot. Health checks run every five minutes, three consecutive failures trigger an automatic alert, and a programmatic health endpoint is available for external monitoring tools. Visit it from Dashboard > Status.
• Overwatch: New public /api/v1/positions/latest endpoint returns a global GeoJSON FeatureCollection of the latest position for every tracked vessel (~18K) in a single request. No auth required, CDN-cached for five minutes, with optional type filter and a bounding box. Use it to power your own live map, heatmap, or periodic dashboard refresh instead of paging port-by-port.
• Overwatch: Multi-recipient verified email delivery on alert channels. PUT /api/v1/alerts/channels now accepts up to five recipient addresses on the email channel. Your own account email is auto-verified; every other address receives a one-time confirmation link with a 24-hour expiry, and only verified recipients are dispatched to — both for /channels/test and for the production watchlist cron. Per-pair guards (5-minute resend cooldown, 10/24h hard cap) and a 3-per-hour limit on test sends prevent the channel from being used as a phishing relay against arbitrary inboxes. Single-recipient self-only delivery, the previous interim mitigation, is removed.
• Overwatch: New daily ingestion of 41 FRED economic series across rates, industrial production, capacity utilization, orders, inventories, housing, freight, commodity prices, CPI/PPI, employment, trade, and financial conditions. Observations are vintage-aware — FRED revisions are recorded as new prints rather than overwriting prior values — so historical queries are reproducible. The fetch runs at 14:00 UTC, idempotent on each run.
• Overwatch: Sentinel-1 SAR ship detections from each dark-fleet verification run are now persisted alongside the dark events they confirm, instead of being discarded after the scene-level CFAR pass. Each detection is keyed by event and scene so daily re-runs are idempotent, and the underlying scene-level evidence is now durable for review and audit. The 08:00 UTC cron that drives verify-dark-fleet-sar is also now explicitly scheduled.
• Overwatch: Per-vessel ETA and route-waypoint forecasts on every vessel currently in transit, with a new Expected Arrivals dashboard panel on /dashboard/forecasts/[port] listing vessels forecast to arrive in a rolling 7-day window with ETA p50 and p10/p90 spread. An hourly run projects an eight-point great-circle arc from the vessel’s current position to its declared destination port, with an ETA distribution (p10 / p50 / p90) at each waypoint, falling back to a per-class cruise speed when reported speed is too low to be predictive. Use it to anticipate arrival windows, plan berth assignments, and surface vessels likely to slip their declared ETA. See the forecasts API.
• Overwatch: Each vessel detail page now renders the active route forecast inline. A four-stat strip pins distance to go, current speed, ETA p50, and the p10→p90 window above an interactive map showing the eight-waypoint great-circle projection with hover tooltips for per-waypoint ETAs, plus a compact waypoint table beneath. The panel hides itself for vessels not currently in transit (no recent fix or no declared destination) so non-transiting ships don’t show an empty card.
• Overwatch: Voyage time-allocation reports on every closed vessel visit, with a new /dashboard/[port]/voyage-times page rendering per-visit stacked bars (approach / anchor wait / berth / idle other), median summary cards, and a 50-row drill-down table. Each visit now carries a sibling breakdown that splits arrival → departure into hours spent on approach, anchor wait, berth, and idle other, answering the “where did the time actually go?” question that aggregate berth hours alone couldn’t. A one-time backfill is populating historical visits. Useful for benchmarking turnaround efficiency, attributing congestion to anchor versus berth bottlenecks, and quantifying loading work versus offshore waiting.
• Overwatch: Watchlist-scoped vessel-to-vessel near-pass detection for watchlist members. The new detector flags any vessel passing within a configurable distance of a watchlist vessel — including underway encounters that the existing ship-to-ship transfer detector deliberately filters out (slow speed, outside port zones, latest-position only). Useful for tracking suspicious rendezvous, fleet-against-fleet contact patterns, and dark-fleet associations that don’t match the slow-and-loitering STS profile. Backend ships first, with alert dispatch wired up later in the week; a UI surface follows in a later release.
• Overwatch: Pairwise encounter extraction — the algorithm that derives vessel-to-vessel CPA, TCPA, range, closing speed, and bearing-rate geometry from raw AIS positions — now runs hourly in production at minute :07, with a 30-minute overlap so encounters straddling the hour boundary are captured end-to-end. Stable upsert keys make every re-run idempotent, and a 50,000-pair safety cap aborts runaway windows cleanly. A new backfill driver chunks any historical since → until range so a 7-day re-pull completes in roughly 10–20 minutes. Encounter-derived fields on the Risk and Investigations APIs now carry fresher coverage and complete historical fills as a result.
• Overwatch: Every encounter epoch is now annotated with COLREGS-aligned rule posteriors (p_head_on, p_overtaking, p_crossing, summing to 1) and per-vessel role posteriors (give_way_prob, stand_on_prob) derived from epoch geometry alone. Reciprocal-course and bow-aligned gates resolve head-on; parallel-course plus aft-of-beam bearings resolve overtaking; the residual mass goes to crossing, with role assignment by the give-way-on-starboard rule. Clean geometry pushes the matching rule posterior past 0.85; ambiguous geometry produces a soft mixture instead of a brittle vote. See Rule and role posterior inference.
• Overwatch: New Rule 17 deviation flags on pairwise encounters. Each encounter now carries per-vessel max_course_change_deg and rule17_deviation fields. The flag fires when a vessel’s mean stand-on probability across the encounter is at least 0.6 and its largest single-step course change is 10° or more — the geometry of a stand-on vessel taking unilateral evasive action that COLREGS Rule 17 only authorizes when the give-way side has clearly failed to keep clear. Useful for surfacing unannounced maneuvers, attributing close-quarters action to the correct party, and cueing forensic review. See Rule 17 deviation detection.
• Overwatch: New Rule 17 handoff timestamp on pairwise encounters, building on the deviation flag. Each encounter now records rule17_handoff_ts — the exact moment Rule 17(a) “keep course and speed” authority transitions to Rule 17(b)/(c) “may / must take avoiding action” — alongside rule17_handoff_trigger indicating whether the transition was driven by give-way inaction (give-way vessel hasn’t maneuvered while collision risk is high and CPA is closing inside half a nautical mile) or in extremis geometry (CPA has collapsed below ~200 m and Rule 17(c) compels stand-on action regardless). Useful for distinguishing premature unnecessary deviation from required avoidance when reviewing close-quarters action.
• Overwatch: New vessel density dashboard at /dashboard/density. A daily H3 res-8 density layer aggregates the last 30 days of AIS positions by vessel type, with per-IMO-per-hour bucketing so 10-second-ping vessels can’t drown out hourly pingers. Filter by vessel type chip — bulk carrier, tanker, container, etc. — to see where each fleet actually clusters as a viridis-shaded H3 hex map (log-scaled by position count, capped at 5,000 cells per render) alongside a per-type rollup. The layer refreshes daily at 02:00 UTC after yesterday’s bucket closes, and the page surfaces the last-refreshed timestamp and freshness status from the underlying ledger so you can tell at a glance whether the view is current. The same data is also exposed at GET /api/v1/density?type=…&day=YYYY-MM-DD for programmatic consumers.
• Overwatch: Course-alteration anomalies now flow into the vessel risk event stream. A new detector emits a course_alteration event whenever an underway vessel deviates by 45° or more from its rolling 6-hour mean heading and is more than 10 km from any port zone, so legitimate maneuvering inside or near a port doesn’t generate noise. Each vessel is deduplicated against itself on a 6-hour window, so a single sustained turn produces one event rather than a flood. Useful for surfacing unannounced route changes, evasive maneuvers, and rendezvous course corrections without waiting for a full ship-to-ship pattern to develop. UI surface and alert-rule template follow in a later release.
• Overwatch: Tip-and-cue SAR confirmation of vessel transits through Bab-el-Mandeb, the Strait of Hormuz, the Suez approaches, and Cape Agulhas. AIS positions are forward-projected by dead-reckoning to predict each upcoming chokepoint transit, and Sentinel-1 SAR scenes are queried over the predicted ETA window to confirm the transit, mark it as a dark transit (no AIS, but a hit in the SAR scene), or flag it as missed once the window expires. Useful for tracking vessels through corridors with patchy or absent terrestrial AIS coverage without paying for continuous satellite-AIS. Weekly chokepoint volumes are exposed via a new reporting RPC.
• Overwatch: User-defined custom geofences on your account. Draw or upload a polygon — a port approach, an EEZ, an ice-edge buffer — optionally scope it to a vessel type or fleet, and Overwatch will record an open event the moment any qualifying vessel enters and close it the moment they leave. The detector runs every minute against a rolling 5-minute window of AIS positions, so a 30-knot vessel covers ~2.5 nm between checks — well under typical user-drawn geofence sizes. Backend ships first; the in-app polygon-draw UI follows in a later release.
• Overwatch: Watchlist near-pass events now flow into the alerts dispatch pipeline alongside dark events, STS events, and OFAC matches. Each alert payload carries the other vessel’s IMO and name, the closest-pass distance, and both speeds at the closest fix, with per-watchlist notify_on gating so users who only want STS events don’t see near-pass traffic. Set notify_on to near_pass (or v2v_proximity) on a watchlist entry to start receiving them.
• Overwatch: Weekly and monthly vessel density rollups alongside the daily H3 surface, sourced directly from AIS positions rather than summed across the daily matview so unique-vessel counts don’t double-count vessels that ping every day. Sixteen rolling weeks and twelve rolling months are now available; both refresh on Mondays and the 1st of each month at 03:00–04:00 UTC after the daily refresh closes.
• Overwatch: Aircraft tracking is live as a sibling surface to vessel sanctions, targeting the well-documented evasion pattern of sanctioned individuals swapping tail numbers and operating ghost flights. A new aircraft positions feed ingests ADS-B fixes hourly for every airframe in the curated identities list — seed coverage spans Mahan Air (EO 13224), Qeshm Fars Air (IRGC-QF cargo, OFAC 2019), Pouya Air (the rebranded Yas Air, EO 13382 NPWMD), Air Koryo (the DPRK state airline, UN 1718 + OFAC + EU), and Cham Wings / Fly Cham (Syria SDN airframes that survived the July 2025 Syria revocation; the June 2025 rebrand is itself an evasion-tracking signal) — and surfaces a cross-modal lead when a sanctioned aircraft lands within 200 km of a high- or critical-tier dark vessel event. Schema mirrors ais_positions for symmetry with the rest of the risk graph.
• Overwatch: New public per-vessel GET /api/v1/ais/{provider}/{imo}/location/latest endpoint returns the most recent position for any tracked vessel as a citable URL — no API key required, IP-keyed at 60 requests per minute and 1,000 per day. Pick the provider (aishub, aisstream, satellite, spire, or any) or let the endpoint pick the freshest fix across all providers. Responses ship a JSON-LD attribution block so journalists, academics, and AI ingestion pipelines can pick up the source claim cleanly.
• Locus: New free, fully-unlocked Fastest-Growing Neighborhoods (Population) ranking sourced directly from U.S. Census ACS 5-year estimates and cited back to census.gov/programs-surveys/acs. Ranks neighborhoods on raw population change between the two most recent ACS 5-year vintages and exposes population-specific columns — Population Change % (5-year ACS), Population (latest vintage), Population (5 years prior), and the ACS vintage used — in full with no preview cap. Tracts with fewer than 1,000 prior residents are filtered out so small-denominator anomalies don’t dominate the leaderboard. The existing composite list is now disambiguated as Fastest-Growing Neighborhoods (Axiom Composite) and continues to rank on the forward-looking population_momentum signal. Use the public list when you need a defensible, third-party-cited answer; use the composite list for Axiom’s leading indicator.
• Locus: New free, fully-unlocked Most Building Permits Issued (Last 12 Months) ranking sourced directly from municipal building-permit open data and cross-referenced with the U.S. Census Building Permits Survey. Ranks locations by raw permit count over the trailing 12 months across 10 metros (1.2M permits indexed) and exposes permit-specific columns — total permits issued, total declared valuation, and the count of distinct permit types — in full with no preview cap. Every number is verifiable in your city’s open-data portal. The list refreshes nightly.
• Layer: New bulk contract upload on the Renewals page. Drag and drop up to five mixed-format files — text PDFs, scanned PDFs re-saved as images, PNGs, or JPEGs — and Layer extracts vendor, contract value, start date, end date, and renewal terms in parallel using a vision-capable model. Each row shows confidence dots and supports inline editing before you finalize, and any file with missing required fields is flagged as Needs review and blocks the batch save until you fill it in. Original files are stored privately so you can re-open the source PDF or image from the contract page later. Single-file upload and the manual contract entry path are unchanged.
• Layer: New self-contained demo mode for evaluation tenants. Workspaces flagged as demo open with 60+ seeded SaaS apps spanning productivity, dev tools, security and compliance, finance, HR, marketing, sales, and AI — each with 12 months of spend, 18+ contracts spread across the next 12 months of renewals, 12 months of AI usage records across OpenAI, Anthropic, and Copilot, and a mix of healthy and needs_reauth data source connections so every dashboard, alert, and recommendation has realistic data on first load. A pink banner makes the mode obvious, and a Reset demo data action in Settings wipes and re-seeds the workspace in a single click. The reset endpoint is hard-gated to demo workspaces, so production tenants can never trigger it. Public per-visitor demo links and ephemeral auto-purge are on the roadmap.
• Layer: New dedicated AI Usage entry in the dashboard sidebar, between Hardware and Renewals, for tracking LLM spend per employee across OpenAI, Anthropic, Google, and other providers. The page introduces RouteShift — the LLM proxy gateway behind Layer’s AI cost tracking — with a one-click Open RouteShift handoff for managing per-employee keys, smart routing, savings, and live analytics (cache hit rate, p95 latency, error rate, and savings reporting on daily, weekly, or 24-hour windows). Per-employee spend roll-up directly inside Layer is on the roadmap; until then, the existing per-person, department, and provider ROI views remain available via AI usage tracking.
• Layer: AI Usage is now a three-tab hub — Overview, Keys, and Routing. Overview rolls up per-employee spend with real names instead of opaque IDs. Keys is an admin surface that lists every employee with a one-click Mint or Re-mint action that issues an identity-tagged RouteShift key and shows the plaintext secret in a copy-once modal. Routing shows the proxy endpoint, tenant ID, environment-variable status, and a deep link to RouteShift for routing-rule management. Every prompt, completion, and tool call now attributes back to the employee who made it, so per-employee spend rolls up cleanly across BYOK and credit-funded usage.
• Layer: New Audit log entry in the dashboard sidebar for admins, backed by an immutable audit_events ledger with 6-year retention. The page renders the 100 most recent events with outcome-coloured pills and is restricted to admin roles. Integration connect and disconnect actions on the integrations page now write to the ledger automatically, capturing actor, IP, and user-agent. Other surfaces — sync, asset CRUD, and login/logout — wire in over the next few releases. See Audit log.
• Layer: New Sign in with Auth0 option below the email/password form on the login page. Existing email/password and Google/Microsoft sign-in remain primary; Auth0 runs alongside as an additional Universal Login path during the auth migration. No action required on existing accounts.
• Layer: Stripe subscription events now flow into a dedicated Layer subscription ledger, so plan changes, renewals, and cancellations originating from Plans and billing reflect in the dashboard within seconds of the Stripe event. Plan tier is derived from the price ID rather than editable subscription metadata, closing a path where a tampered metadata field could upgrade an organization’s plan.
• Locus: Curated ranking lists — Top Overall, Fastest Growing, Safest, Most Business Active, Best for Restaurants, Strongest Economies, Best Accessibility, and Development Hotspots — now render the columns that drive each list’s sort, with the primary metric featured in big-number style next to a sort-direction indicator. Mobile cards mirror the same column order, so the headline metric matches the list’s purpose on both layouts.
• Locus: Each curated ranking list now shows an attribution footer under the table linking to the underlying methodology, so it’s clear at a glance which data source drives the order. Composite-driven lists credit the Axiom Composite Score; future public lists will cite their third-party source directly.
• Locus: The rankings index is now grouped into two clear sections — Public Data — Free for the third-party-cited lists (Census ACS population growth, building permits) and Axiom Composite — Analyst+ for composite-driven lists. Public lists always render the full top 25 to anyone, including signed-out visitors. Composite-driven lists preview the top 3 rows for free and unlock fully on the Analyst tier ($49/mo), with a clearly badged “Preview (top 3)” CTA on the index and an unlock card after the previewed rows on each list page. The paywall is enforced server-side so locked rows never appear in the HTML source.
• Locus: The map on locus.axiomancer.io/explore now shows a single national activity heatmap aggregated from the last 90 days of geocoded events, instead of a metro-scoped overlay that saturated inside the active metro. Color stops are retuned for the long-tail count distribution so dense metros read as the hottest spots without blowing out the rest. The explorer sidebar also gained an explicit Back to Dashboard link.
• Locus: The signed-in dashboard now opens with a national activity mini-map between the page header and the stat cards, rendering the same 90-day heatmap as the explorer so the dashboard preview and the deep-dive read as one continuous surface. Click anywhere on the map to land in the explorer at that location with the score panel ready, and use the Open Explorer button in the top-right for the full-map handoff. Palette and weight stops match the explorer exactly.
• Locus: The explorer now leads with intelligence rather than geometry. The map narrows to about a quarter of the viewport on large screens, and a new Intelligence Rail fills the rest with live alerts, top movers, monitored locations, and a metro-pulse snapshot — sourced from the same data that powers the signed-in dashboard. The cell-level score breakdown still lives in the left sidebar when you click a hex. A new mode toggle flips between the integrated view and the previous full-bleed map; append ?mode=fullscreen to the URL to land directly in the original layout. Below the large breakpoint, the rail is hidden and the map fills the page so mobile and tablet keep a map-first layout.
• Locus: The Intelligence Rail on the explorer is now cell-aware. When you click a hex, a Selected-cell panel pins to the top of the rail with the cell’s composite score, a 90-day score sparkline (trend-colored — emerald rising, red declining, dim flat, dashed when the underlying history is a synthetic fallback), and a signal contribution waterfall that ranks the eight signal groups by score with tier-colored bars so the strongest signals lead. Monitored locations filter to the active metro with explicit empty-state copy (“No monitored locations in SF yet”), and the rail header subtitle flips between Live signal feed for the current map and Cell selected · context so the mode is legible at a glance. A metro key-stats strip — composite average, GDP YoY, top-scoring signal — sits above the rail. The full sub-signal breakdown still lives in the sidebar’s score panel.
• Locus: Each row in the cell-detail signal contribution waterfall now click-throughs to its signal group detail page — business vitality, population momentum, demographics, economic strength, development pipeline, accessibility, safety & environment, and amenity demand — so you can jump from “this cell scores 78 on development pipeline” straight into the sub-signals and methodology behind that group in one click. Legacy signal labels render without a link.
• Locus: The Intelligence Rail now includes a Peer Metros comparison band that plots the active metro’s composite score against its three closest-by-composite peers as horizontal bars on the absolute 0–100 scale, so widths are directly comparable. Each peer row links straight to that metro’s pulse page, making a hop into deeper context one click away.
• Locus: The Intelligence Rail now includes a Safety Tier Mix stacked-bar that shows how the active metro’s scored cells distribute across five safety tiers — Prime, Strong, Solid, Watch, and Elevated — so you can answer “is this metro mostly safe, or mostly elevated?” without leaving the page. The same component is wired to render distributions for any of the eight signal groups in future updates.
• Locus: The Intelligence Rail now includes a 12-month permit trend chart that plots the active metro’s monthly building-permit volume as a small bar series so you can read the trajectory at a glance — accelerating, plateauing, or rolling over — without leaving the explorer. Sourced from the same municipal feeds that power the Most Building Permits Issued ranking.
• Locus: New free public Most Appreciated Real Estate (12-month price growth) ranking sourced directly from the FHFA House Price Index. Ranks metros by trailing-12-month repeat-sales appreciation with the FHFA HPI backfill behind it, full top 25 visible to anyone with explicit citation in the attribution footer.
• Locus: New free public Highest Mortgage Activity (Last 12 Months) ranking sourced from public HMDA loan-application data. Ranks metros by trailing-12-month mortgage origination volume with full top 25 unlocked.
• Locus: New free public Lowest Crime Rate ranking sourced directly from FBI UCR / NIBRS and municipal open-data crime feeds. Ranks neighborhoods by part-1 incidents per 1,000 residents over the trailing 12 months with the source cited inline.
• Locus: New free public Best Public Schools ranking sourced from the NCES Common Core of Data. Ranks neighborhoods by aggregate school-quality score across nearby public schools, with the underlying NCES record visible per row.
• Locus: New free public Most Parks ranking ranks neighborhoods by per-cell park count and total park acreage from the curated POI catalog. Useful for residential, retail, and amenity-driven site selection.
• Locus: Two new Analyst+ momentum rankings — Fastest-Rising Cells and Fastest-Falling Cells — surface the cells whose Axiom Composite Score moved the most over the trailing 7, 30, and 90 days. Where the existing leaderboards rank by current level, these rank by change, so they answer “where is something quietly happening right now?” ahead of the next quarterly recompute. Each row carries the latest composite, the composite at each lookback window, the signed delta, and the snapshot date so you can verify the move directly. Refreshed nightly at 04:15 UTC after the daily score-history rollover.
• Locus: New Council Activity card on every metro pulse page showing the trailing-90-day count of high-signal council meetings, rezonings approved, new-construction approvals, housing units mentioned, dollar amounts, and the most recent meeting date — sourced from extracted council and planning-commission decisions in the civic intelligence dataset. Live for San Francisco, Chicago, and Houston this week, with additional metros rolling in as extraction coverage expands. The card hides itself when no extracted decisions are available so coverage gaps stay clean.
• Locus: Four new live public stats on every metro pulse hero — Population Δ, Home Price Δ, Median Household Income, and Median Gross Rent — sourced directly from Census ACS B19013 and B25064 and the FHFA HPI, replacing static placeholder copy. Eight verifiable public numbers now lead every metro page with explicit BEA, BLS, Census ACS, and FHFA citations alongside.
• Locus: The 8-signal grid and metro composite score on the metro pulse pages are now teaser+blur for free visitors with an Analyst+ unlock card, while the public stats hero (population, home prices, income, rent) and #1 top-neighborhood remain free. The split mirrors the rankings index — public, third-party-cited numbers stay free; Axiom’s composite scoring unlocks at the $49/mo Analyst tier.
• Locus: New Maritime → CRE port-risk propagation surfaces a port-congestion warning on cell detail panels when a Locus metro’s primary or secondary port is showing elevated wait times in Overwatch. Twenty-two Locus metros are now mapped to the major US ports in their economic catchment by trucking corridor (e.g. Phoenix → Los Angeles / Long Beach via I-10), with risk levels of watch, elevated, or severe derived from p90 wait, median wait, and trend. The badge hides itself when seas are calm.
• Locus: Top movers on the signed-in dashboard are now split into two side-by-side panels — Risers and Decliners — instead of a single mixed list, so positive and negative momentum are equally legible at a glance. Same data, two columns.
• Locus: Refreshed locus.axiomancer.io home page with corrected platform stats (12M+ temporal events, up from a stale 3M+ figure) and a new Verify every number showcase between the customers section and the CTA. The showcase leads with the four free public-data rankings (FHFA HPI, HMDA, building permits, crime), each with its public source and citation URL visible inline.
• Locus: New Compare plans strip on the free Location Report page summarizes what each tier unlocks side-by-side — Free now (one report), Analyst at $49/mo* (50 cells, portfolio tracking, CSV export), and *Pro at$199/mo (500 cells, custom formulas, full API) — with a See full pricing → link straight to locus.axiomancer.io/pricing. Visitors can now read the upgrade path the moment they request a free report, instead of clicking through to find it.
• Locus: Three new civic-intelligence collectors — meeting audio transcription, zoning board of appeals (ZBA) PDF extraction, and court dockets — feed the civic intelligence dataset and downstream Council Activity cards. Loaders for business_licenses, court_dockets, and zba_decisions are unblocked end-to-end.
• Locus: City council collection now defaults to Legistar HTML scraping instead of the JSON API, so metros where the Legistar JSON surface is incomplete (most of them) ingest the full set of meeting items, sponsors, and dispositions out of the box. Same data path that powers council decisions on Codex.
• Locus: The Nearby POIs list in the explorer sidebar is now collapsed into an accordion by default, so the at-a-glance Nearby summary badges and Crime Safety indicator stay in view without the long POI list pushing them off-screen. Expand the accordion to see the full list.
• Layer: axiomlayer.io now renders branded link previews when shared on Slack, Twitter, LinkedIn, or any embed-friendly surface. Previously, shares had no card at all. The new image uses the refreshed pink and indigo brand palette and highlights the free shadow IT scan.
• Codex: axiomcodex.io now ships branded OpenGraph preview cards and a summary_large_image Twitter card, so links unfurl with a full-bleed gold-on-black preview instead of the old small thumbnail.
• Platform: The Axiomancer Labs landing page now ships a 1200×630 OpenGraph preview card in the cross-product cyan-and-gold palette and uses the larger summary_large_image Twitter card, so links to the parent site unfurl as full-bleed branded previews on Slack, X, LinkedIn, and any embed-friendly surface.
• Codex: A robots.txt and sitemap.xml are now served at the site root, enumerating the standards overview and every standard page so search engines can index them without relying on nav-link discovery.
• Codex: axiomcodex.io now emits structured data (SoftwareApplication JSON-LD) on the homepage, including pricing tiers and organization details, so Google can surface rich pricing and category hints in search results and AI overviews.
• Layer: axiomlayer.io now serves a robots.txt and sitemap.xml covering the public marketing surface — home, free shadow IT scan, signup, login, privacy, and terms — so search engines can discover and index the site without relying on link traversal. Authenticated dashboard and onboarding routes are explicitly disallowed.
• Platform: The Axiomancer Labs landing page now serves a robots.txt and sitemap.xml at the site root so search engines can discover the homepage directly. The internal /api surface is explicitly disallowed.
• Platform: axiomancer.io now embeds Organization structured data (JSON-LD) on every route with sameAs links to all four product domains — axiomlayer.com, axiomoverwatch.io, locus.axiomancer.io, and axiomcodex.io — so Google can build the Axiomancer Labs knowledge-graph relationship between the parent brand and its sub-products.
• Platform: RouteShift is now a first-class product alongside Layer, Overwatch, Locus, and Codex in the cross-product navigation bar at the top of every Axiom site, so you can switch into the LLM proxy gateway from anywhere in the platform with one click. The bar’s emerald RouteShift mark matches the brand palette already used on the Layer AI Usage hub handoff and on routeshift.io.
• Platform: New RouteShift card on the Axiomancer Labs Products catalog, alongside Overwatch and Locus. The card surfaces RouteShift’s headline stats — 12 supported providers and 3% of measured savings — and links straight to routeshift.io for sign-up.

​

Updates

• Overwatch: Panning the live map to a new region of the globe is now instant — the map loads the full global vessel layer once on first paint and renders every subsequent pan from data already on the client, matching the always-on-globe feel of VesselFinder and MarineTraffic. Positions still refresh every five minutes.
• Overwatch: Vessel markers on the live map now use elongated, bow-forward triangles that match the industry-standard silhouette on VesselFinder and MarineTraffic, so heading direction is easier to read at a glance. Vessels are also more visible at world and regional zoom levels.
• Overwatch: All 40+ dashboard sub-pages and shared chrome — sidebar, mobile nav, global search, and port selector — now share the obsidian-and-amber palette of the new terminal, so jumping from the terminal to any /dashboard/* page no longer flips colors. Primary buttons, status badges, and divider/ring accents across every sub-route were tuned in a follow-up pass so they read clearly against the dark background instead of merging into it. The sidebar header also gained a ← Term pill to jump back to the terminal in one click.
• Overwatch: The default homepage hero map has moved from the Bosphorus Strait to the Port of Long Beach, giving you an immediate view of one of the busiest container ports in the Western Hemisphere when you first land on Overwatch.
• Overwatch: Refreshed live platform counts on axiomoverwatch.io and the intelligence and platform marketing pages — 31.5M AIS positions (up from 7.15M), 41,000+ tracked vessels (up from 18,600), 369K port events, and 26K dark events — pulled directly from production rather than the previously stale figures.
• Overwatch: Approximately 16,000 historical vessel visits that were missing hydrostatic cargo estimates have been retroactively processed, so previously empty cargo fields on departed vessels now carry tonnage estimates calculated using the same methodology as live arrivals. No action is required on your part.
• Overwatch: Equasis vessel enrichment now surfaces ISM Manager, Commercial Manager, and Technical Manager as their own fields and emits a distinct relation per role on the vessel relationship graph. The legacy ship_manager field keeps its ISM-fallback behavior so existing consumers see no change. When ISM and ship manager are the same company, the graph still records a single edge per relation and target.
• Overwatch: The cross-product navigation bar now appears consistently on every page — including intelligence, blog, pricing, and dashboard sub-pages — so you can switch between Layer, Overwatch, Locus, and Codex from anywhere.
• Platform: RouteShift is now the fifth product in the cross-product navigation bar across every Axiomancer site, alongside Layer, Overwatch, Locus, and Codex. Jump straight to the LLM proxy gateway — or its docs — from any Axiomancer surface in one click.
• Platform: Faster first paint and Largest Contentful Paint on the Axiomancer Labs landing page. The hero Mux video player now renders server-side so the browser can request the player chunk and manifest immediately instead of waiting for hydration, two unused display fonts that were generating preload tags competing with the Mux preconnect have been dropped, and the Mixpanel (~70 KB) and Intercom (~90 KB) launchers are now deferred behind dynamic imports and requestIdleCallback rather than running on the critical path. The PostHog analytics SDK is also deferred until the browser is idle, dropping ~244 ms of session-recorder work out of the initial bundle and shaving roughly 800 ms off PostHog bootup time as measured by Lighthouse. Page-view tracking is unchanged. Social-media unfurls also got a small win — the OpenGraph image now caches its Inter font fetch so each scrape no longer triggers a cold Google Fonts hop.
• Locus: Faster Largest Contentful Paint on the locus.axiomancer.io home page. The hero video poster is now preloaded at high priority from the initial document, so it appears earlier instead of waiting for the player to mount, and is requested from a CDN-warm preset size — dropping roughly 1.3 MB from the home page payload at the same visual quality and avoiding the multi-second origin-resize stall first-time visitors were hitting.
• Overwatch: Faster hero video startup on axiomoverwatch.io. The browser now warms TLS connections to the Mux streaming origins while the rest of the page is still parsing, so the homepage hero begins playback noticeably sooner on a cold first visit.
• Overwatch: Sharper homepage first paint on axiomoverwatch.io. The hero thumbnail — the largest element on first load — is now declared as a preload hint in the initial document and reused as the video player’s poster, so it’s discovered in parallel with the rest of the page and only fetched once.
• Overwatch: Faster catch-up on AIS downsampling and a cleaner long-term archive path. Each downsample run now processes up to five days per tier instead of one, so any backlog drains in days rather than weeks while steady-state runs still touch only the most recent day. Positions older than 90 days are now served from the cold archive instead of the live database, so the retention tiers on the live database top out at 90 days. Archived positions remain available at full resolution on request — see Archive storage.
• Overwatch: Satellite AIS coverage polling is back on its hourly cadence after a temporary pause to keep credit usage from leaking on a stale configuration. The pipeline now fails fast with an explicit error and a logged ingestion record when its API key is missing, so any future configuration gap is loud and catchable instead of silently burning lookups. Per-run lookup caps are unchanged.
• Overwatch: Terrestrial AIS coverage widened to the chokepoint corridors that feed SAR confirmation — Bab-el-Mandeb, the Strait of Hormuz, the Suez approaches, and Cape Agulhas — bringing the active cluster set from 8 to 12 ports and corridors. Each cluster now refreshes every 12 minutes instead of leaving four of the previous eight unpolled, so positions inside the chokepoints stay fresh enough for the dead-reckoning ETA predictor to seed transits accurately.
• Overwatch: Per-vessel ETA confidence bands on the forecasts API are now calibrated against the actual transit-speed distribution observed for each vessel class, instead of a flat ±20% / ±30% multiplier. The new model derives p10/p25/p50/p75/p90 effective transit speeds from real port-to-port voyage history, with a minimum of five sample voyages per class and floor/ceiling guards on degenerate single-sample classes. Bulk carriers, container ships, and tankers now carry tighter, class-appropriate envelopes; forecasts using the new model are tagged forecast_method = 'great_circle_v2_class_calibrated' so dual-write coverage can be backtested against the prior heuristic.
• Overwatch: All 41 FRED economic series now ingest cleanly. The first production run surfaced two retired series codes — the trade-balance series and a paperboard-container industrial-production series — which have been swapped for their current FRED equivalents (AITGCBS and IPN32221S). The semantic intent of each replacement (trade balance, freight proxy) is unchanged.
• Locus: Free Location Report requests on locus.axiomancer.io now require a Cloudflare Turnstile CAPTCHA and email confirmation by the recipient before the report is generated and sent, so the request form can no longer be used to mail unsolicited reports to non-consenting addresses. The recipient receives a confirmation link with a 24-hour expiry and lands on a new Report confirmed acknowledgment page after clicking through. Per-IP and per-recipient daily rate limits add a further backstop.
• Locus: The developmentPipeline signal group on /api/score now incorporates a new Permit Scope Quality sub-score (source: "AXL-108", weight 0.10) that weights every recent permit by its LLM-extracted scope_type (new construction, addition, demolition, renovation, repair) and estimated_cost_tier, so cells dominated by genuine new construction separate cleanly from cells where permits mostly reflect maintenance churn. Composite and group scores remain on the same 0–100 scale; cells without LLM-annotated permits see AXL-108 listed under the group’s sourcesMissing instead. See Development pipeline sub-scores.
• Locus: Each row in the cell-detail signal contribution waterfall on the Explorer score panel is now click-through. Selecting any of the eight canonical signal groups — Business Vitality, Population Momentum, Demographics, Economic Strength, Development Pipeline, Accessibility, Safety & Environment, or Amenity Demand — jumps you straight to the corresponding /signals/[group] detail page so you can dig into how that signal is computed without leaving the Explorer. Legacy or composite labels with no detail page render as plain text.
• Locus: The cell-detail signal contribution waterfall now carries per-signal freshness chips alongside an aggregate “refreshed X ago” indicator on the section header, so a stale score is impossible to miss at a glance. Chips are color-coded by SLA — dim under 72 hours, amber 72–168 hours, red beyond a week — and hovering shows the absolute refresh timestamp.
• Locus: The default general scoring profile on /api/score has been rebalanced to align signal weights with peer-reviewed CRE price-correlation literature. developmentPipeline moves from 0.12 to 0.20, economicStrength from 0.15 to 0.20, and accessibility from 0.10 to 0.12, offset by trims to businessVitality (0.20 → 0.15), populationMomentum (0.15 → 0.10), demographics (0.12 → 0.10), and amenityDemand (0.08 → 0.05). Use-case profiles (qsr, office, industrial, retail, data_center, self_storage) are unchanged. Pin to the previous behavior with profile_version if you need replicable historical scores.
• Locus: Cell scoring now supports per-metro H3 resolution overrides. Ten low-density, large-parcel metros — Phoenix, Houston, Las Vegas, Dallas, San Antonio, Nashville, Jacksonville, Oklahoma City, El Paso, and Fort Worth — are now scored at H3 r7 (~5.16 km²) instead of the default r8 (~0.74 km²) so each cell carries enough samples to be statistically meaningful. Every row in cell_scores is tagged with the resolution it was computed at via resolution_variant — filter or group on it if you query across metros. See Per-metro resolution overrides.
• Locus: The /api/score/batch endpoint is now rate-limited and validates every H3 index in the request body as 15-character lowercase hex before hitting the database, bringing it in line with /api/cells, /api/pois, and the rest of the metered surface. Responses now include X-RateLimit-Remaining so clients can pace themselves; the existing 200-cell cap and CDN cache for repeat H3 sets are unchanged.
• Locus: API key daily request quotas now read from the canonical plans table instead of a stale {free, pro, team} lookup, so Analyst, Enterprise, and Supply Chain Risk subscribers get their full quota on /api/keys instead of silently falling through to the 10-request-per-day Free ceiling.
• Locus: Faster /api/score responses. The supplemental data fetch — covering ~18 additional queries that don’t depend on the core scoring inputs — now runs concurrently with the seven core scoring RPCs instead of waiting for them to finish, removing one full round-trip from every scoring call. Median latency drops by roughly 100–200 ms with no behavior change on the response payload.
• Locus: New scoring-research surfaces document Locus’s robustness to the Modifiable Areal Unit Problem (MAUP) — the well-known sensitivity of spatial statistics to grid choice. The platform now ships an H3 resolution ensemble (r6/r7/r8/r9), a grid-jitter spatial-robustness check, signal-distribution sensitivity (S-MAUP), MAUP decision sensitivity for ranked decisions, and a consensus core / ambiguity shell classification per cell so you can tell at a glance which scores are robust across grid choices. A metro-velocity multiplier on temporal decay also lets fast-moving metros decay older signals faster than slow movers.
• Layer: Refreshed link previews and tab titles on axiomlayer.com. The Twitter and OpenGraph metadata now leads with Layer’s current Lifecycle Operations positioning instead of the older “IT Asset Management” framing, so shares unfurl with up-to-date copy.
• Layer: Faster icon rendering across the dashboard. The Iconify icon CDN is now warmed during the initial page load, so connector tiles, sidebar icons, and integration logos paint sooner on first visit.
• Codex: Faster Largest Contentful Paint on the axiomcodex.io home page. The hero Mux video player is now lazy-loaded so the poster image can paint before the ~200 KB player chunk arrives, the Mixpanel (~70 KB) and Intercom (~90 KB) launchers are deferred behind dynamic imports and requestIdleCallback, and the browser warms TLS connections to the Mux streaming origins while the page is still parsing. The hero poster is also preloaded at high priority directly from the initial document, so the largest visible element on first load is discoverable in parallel with the rest of the page instead of waiting for the player to mount.
• Overwatch: Faster vessel detail page loads. The page was firing a dozen IMO-keyed lookups one after the other — visits, dark events, ship-to-ship transfers, loitering, identity history, P&I coverage, sanctions, destination reliability, draft mismatches, voyage earnings, and positions — even though only related-anomaly enrichment depended on visits. The independent queries now run in parallel, cutting roughly 300–700 ms of round-trip time off every vessel detail load.
• Overwatch: Faster vessel context popups on the live map. The live weather fetch and the local port-weather fallback now run concurrently instead of the fallback waiting for the live fetch to finish or time out, so a slow upstream response no longer pushes popup latency past 4.5 s. The Amplitude analytics SDK is also now deferred behind requestIdleCallback, moving ~150–200 KB off the critical hydration path so it doesn’t compete with map WebGL initialization. Tracking is unchanged.
• Overwatch: Smaller bundles on every page that loads the dynamic live map wrapper. The Mapbox GL stylesheet was being pulled in twice — once by the underlying map component and again by the wrapper — adding roughly 15 KB of redundant CSS to every parent bundle that imported the wrapper, including routes that never actually rendered a map. The duplicate import has been removed; the styles still load with the map itself, so map rendering is unchanged.
• Overwatch: Stripe checkout from the pricing page now accepts promotion codes, matching Layer, Locus, and Codex. Apply a valid coupon directly in the Stripe-hosted checkout — no support handoff needed.
• Locus: Faster cold-start latency on the /api/export endpoint. A previously-dynamic plan-feature import is now resolved at module load time, so the first export request after a cold invocation no longer waits on a serialized module init alongside the auth round-trip. Steady-state latency is unchanged.
• Locus: New saved=true filter on /api/export restricts the response to the cells you have saved as monitored locations, so portfolio-level CSV and JSON pulls are now a single call instead of an export-then-filter dance. Combine with format=csv or an existing metro= filter to scope the output further; an empty saved set short-circuits to a clean empty response without a full-table scan. The endpoint remains gated to plans with the bulk_export feature.
• Layer: Faster marketing hero on axiomlayer.com. Hero copy and headline now render server-side with a CSS-driven entrance animation, so the largest above-the-fold text paints immediately on first load instead of waiting on client hydration.
• Layer: Cost-rollup responses on the dashboard now set Cache-Control: private, no-store, so per-employee, hardware, and AI cost roll-ups can never be served from a CDN cache to the wrong tenant. Public marketing endpoints are unchanged.
• Layer: Faster dashboard first paint — roughly 450–1200 ms quicker. The hardware costs, employee costs, and security discovery panels previously fetched in three sequential round-trips before rendering; those calls now run in parallel, so total time-to-first-byte is bounded by the slowest single fetch instead of the sum. The assets listing page also fetches a narrower column set tailored to the table view, avoiding pulling raw payload and wide metadata blobs over the wire on large tenants.
• Layer: Marketing copy now consistently describes the integration catalog as 40+ integrations. The hero, integrations wall, FAQ answer on the marketing route, the landing-page mirror copy, and the Starter pricing card had been overstating the count at 80+; the catalog itself is unchanged — only the marketing claim was corrected.
• Layer: The dashboard sidebar logo is now visually aligned with the AxiomBar brand mark, so the in-product chrome reads as one continuous surface from the cross-product bar through the sidebar header on every page.

​

Fixes

• Overwatch: Hardened the v1 API against database-error leakage. All 500 responses now return a generic Internal server error message instead of forwarding the underlying Supabase error text, which previously surfaced internal column names, constraint identifiers, and occasional row fragments to API clients. Real error detail is still captured server-side for debugging.
• Overwatch: Closed a tier-escalation path on the v1 API. Internal admin tier (100k req/day, exports, positions, webhooks) is now strictly gated on the X-Internal-Auth shared secret. The previous fallback that granted admin tier when the request Origin or Referer host matched the API host has been removed, since both headers can be spoofed from non-browser callers.
• Overwatch: Added a Content-Security-Policy header across the entire stack and lifted HSTS to a 2-year max-age with preload, matching the platform-wide baseline. The CSP is tuned for the actual provider stack — analytics, Mux Player, Intercom, and Mapbox — and includes frame-ancestors 'none' for clickjacking defense even when X-Frame-Options is dropped by intermediaries.
• Overwatch: Alerts queries now anchor on the API key owner at the query layer in addition to row-level security, so alerts can never be exposed to the wrong tenant if the auth surface shifts in a future change. No behavior change for valid callers.
• Overwatch: Fixed a berth utilization regression where every berth zone in a port returned the same port-wide aggregates for occupancy %, vessels served, and total tons handled. Per-zone occupancy is now computed correctly via the spatial join the schema already supports, so /api/v1/berth-utilization and /api/v1/berth-utilization/weekly return distinct numbers per zone.
• Overwatch: Stripe checkout from pricing now redirects to the production apex (axiomoverwatch.io) when the app URL env var is unset, instead of falling back to a personal preview deployment URL. Customers can no longer be sent off-domain after completing checkout.
• Overwatch, Locus: Restored end-to-end plan upgrades from Stripe checkout. The webhook handler claims an idempotency record before applying each Stripe event, but the underlying table was missing from the shared Overwatch/Locus database, so every claim insert silently failed and the handler short-circuited as a duplicate — leaving paying customers on the free plan after a successful checkout. The table is now in place and captured in source migrations, so subscription, invoice, and customer events apply on first delivery and plan tiers update within seconds. Affected customers have already been reconciled.
• Overwatch: The robots.txt sitemap URL now points at the apex domain and the unlinked PTKG demo page is explicitly disallowed from crawler indexing.
• Overwatch: Vessel context cache no longer reuses tier-gated data across users — each request is now keyed by the requesting account’s tier, so signed-in views and anonymous views read from separate cache entries.
• Locus: Resolved a crash on first page load that surfaced as a generic “Application error” screen. Analytics initialization was running out of order; the fix sequences it correctly so the app loads cleanly on first visit. No action is required on your part.
• Locus: Walkability scoring now counts pedestrian infrastructure by category — footways, crossings, intersections, and sidewalks each tallied separately from OpenStreetMap — instead of taking a single union-wide total and splitting it 40/20/20/20 across the four categories. A cell with 100 footways and zero crossings was previously credited with 20 phantom crossings; per-cell walkability scores now reflect what’s actually on the ground.
• Locus: Plan lookups no longer silently downgrade paying users to Free during a transient outage of the subscriptions table. The auth helper still fails open to Free so feature gates stay responsive, but non-recoverable errors are now logged server-side so subscriptions outages are observable instead of quietly capping paying users at the Free quota.
• Locus: /api/score responses for paid tiers now set Cache-Control: private, no-store, so a CDN can’t serve a Team-tier response — including raw signal values, weights, and provenance — back to a Free-tier user that hits the same lat/lng. Free-tier responses are still cached as before.
• Locus: The /api/keys and /api/export endpoints no longer return raw database error text — including table, column, and constraint names — to API clients on 500 responses. Real error detail is still captured server-side for debugging; clients now receive a generic message.
• Locus: Hardened budget caps on the pipelines that refresh POI inventory for Locus scoring, so concurrent jobs racing on the same counter can no longer push usage past each upstream provider’s free-tier ceiling. Per-key Google Places usage now caps with a small safety margin, the global weekly collection budget caps below the combined ceiling, and Yelp now has an explicit monthly cap under its free-tier limit. POI freshness on the data freshness table is unchanged — the weekly refresh still completes well within the new budgets.
• Locus: More accurate neighborhood names on cell enrichment, scoring, and location lookups. Neighborhoods now resolve to the names you’d recognize from Google Maps — SoHo, Williamsburg, Mission District — instead of the administrative subdivisions the previous source returned (NYC Community Boards, township and city names elsewhere). Curated polygons are preferred, with OpenStreetMap and Census fallbacks for areas without curated coverage. Rows that previously returned a Community District name have been cleared and a backfill is populating full coverage across all 22 supported metros.
• Codex: In-app support chat fonts now load cleanly on axiomcodex.io. The Intercom messenger pulls its typeface from a separate font subdomain that was not on the allowlist, generating browser console errors on every page view. Console is now clean and the messenger renders with its intended typography.
• Overwatch: More resilient ingestion of cultural amenity data from OpenStreetMap. Records with freeform start_date values like "1870" or "c. 1900" no longer fail to load — the ingestion job validates the date and falls back to ingestion time when the value can’t be parsed, so the long tail of historical sites flows in cleanly. Coverage on the envelope dashboard is unchanged.
• Overwatch: Brazilian ANTAQ vessel-call ingestion no longer silently strands existing rows without cargo tonnage. Three concurrent issues — an upsert path that ignored later updates instead of patching them, a swallowed Carga-archive fetch failure that hid the missing-cargo cause from operators, and a scoping bug in the temporal-edge emission that threw whenever bulk arrivals were processed — were all fixed in one pass. Cargo tonnage now flows into the cargo validation pipeline as soon as the upstream archive is reachable, and any future fetch failure surfaces on the status page instead of disappearing into a console warning.
• Overwatch: Vessel visit completion is reliable again. A schema mismatch was silently rejecting the closing update on each visit, leaving status stuck on the prior value and hydrostatic cargo confidence blank — the closing write now succeeds, so visits transition to departed cleanly and confidence is populated end-to-end.
• Overwatch: Stale-data-source alerts on the status page now clear automatically as soon as the source recovers, including for slower feeds that run less than every six hours. Previously, an alert could stay open after a successful run if the recovery happened outside the recent-activity window.
• Overwatch: Equasis enrichment no longer reports daily-cap rate-limiting as a pipeline failure on the status page. Hitting a per-account daily query cap is normal rate-limit behavior, not an outage; cycles that bail on the cap are now logged as skipped runs rather than failed runs, so the failure-rate metric reflects real failures and the page stops showing red when enrichment is healthy but throttled.
• Overwatch: Watchlist near-pass detection now fires on schedule. The detector’s hourly cron was registered against an unset configuration parameter and aborted on every firing; the schedule now uses the standard helper that powers every other working cron in the codebase, so near-pass alerts flow without manual intervention.
• Overwatch: More reliable vessel enrichment from Equasis on fresh logins. The first vessel in every batch was failing because the initial-login path skipped the session warm-up the re-login path already performed; the warm-up now runs in both paths, so registered owner, flag state, and deadweight tonnage populate consistently from the start of every run.
• Overwatch: AISHub bulk ingestion no longer drops entire batches in dense corridors. The poller now writes positions in 250-row chunks with a 50 ms breathing pause between chunks, so each statement finishes well under the database’s 60-second timeout and the busiest geographies — NW Europe / Channel and the Strait of Hormuz / N Gulf — stop losing whole cluster fetches under contention. ingestion_logs.status gained a new 'partial' value for runs where some chunks landed and others failed, with the per-chunk failure count surfaced as metadata.chunks_failed. If you query ingestion_logs directly, handle 'partial' alongside 'success' and 'failed' — a partial run still wrote real data.
• Overwatch: Live map controls no longer clip on shorter viewports. Trail playback controls now respect the browser’s safe-area inset, the vessel-types legend reflows above the trail controls on shorter screens, and the viewport-loading disclaimer no longer overlaps the legend on desktop. See the live map.
• Layer: New users no longer hit a dead-end “Unauthorized” or no_tenant screen when they reach Layer through paths that skip the standard sign-in callback. Workspaces now auto-provision on first dashboard load, on the integration OAuth connect callback, and on the free shadow IT scan submission, so first-touch flows complete cleanly
• Layer: Email/password sign-ups that included a workspace name now succeed end-to-end. A regression in the workspace-provisioning trigger was silently rolling back these accounts, so the browser appeared to confirm the sign-up but no account was created and no confirmation email arrived. Getting started now works whether you sign up with Google, Microsoft, or email and password — if you tried earlier and never received a confirmation email, retry from app.axiomlayer.io
• Layer: When workspace provisioning fails during sign-up, the login page now shows the underlying reason inline instead of a generic “couldn’t finish setting up your organization” message, so it’s easier to tell whether to retry, contact support, or check your own configuration
• Layer: Connecting an integration immediately after sign-up no longer fails with a save_failed redirect. The OAuth callback now writes the connection through a tenant-authoritative path so the brand-new workspace is recognized on the first connect attempt instead of waiting for the session to refresh. If a write does fail in the future, the underlying reason is surfaced in the integrations banner instead of just the generic banner code, so the next step is obvious from the dashboard
• Layer: Connector tiles on the integrations catalog now show the right logo for every connector, including Microsoft, AWS, Jamf, and JumpCloud. The previous icon source 404’d on those marks because of trademark policy; logos now come from a comprehensive set with a colored-letter fallback for the long tail
• Layer: Connected integrations now show as Connected on the integrations page immediately after you finish the OAuth or credential flow, instead of re-rendering as Connect with no visible failure. The catalog read is now tenant-scoped through a verified path that matches the way the OAuth callback writes the connection, so saved connections appear on first refresh
• Locus: NYC neighborhood coverage restored after the upstream NYC Open Data feed was withdrawn. Neighborhoods on cell enrichment, scoring, and location lookups now resolve to the current 2020 Neighborhood Tabulation Areas — names like East Village, Lower East Side, and Murray Hill-Kips Bay — instead of falling back to Manhattan Community Board 3 or similar administrative subdivisions. The OpenStreetMap fallback covering metros outside NYC now also identifies itself to the Overpass API, so curated polygons load reliably across all 22 supported metros
• Locus: Neighborhood boundaries can now contain multiple disjoint polygons, so islands, exclaves, and peninsulas separated by water resolve correctly. Previously, multi-part shapes were silently truncated to their largest piece, which could miss matches in smaller components and fall back to a coarser administrative name
• Locus: Signing in now drops you on the authenticated dashboard at /dashboard instead of the explorer map, and the explorer sidebar’s Back to Dashboard link points to the same place instead of the marketing landing page
• Locus: Cell scoring no longer reports synthetic “Safe” badges or fabricated permit-activity scores when the underlying data is missing. On the live explorer, absence of crime data now cleanly omits the safety badge instead of showing a misleading 0-incident “safe” label, and a cell with no permit data is treated as no-signal in the development-pipeline group instead of being scored 0 out of 100. See scoring conventions
• Locus: Safety scores no longer read as 100/100 when a FEMA flood zone is the only available sub-signal. The safety group now requires at least two sub-signals before producing a number, so cells without crime, environmental justice, NRI, air quality, or 311 data fall through to the standard no-signal value of 50 instead of letting the universally-present flood-zone-X source dominate. Cells with full safety coverage are unaffected
• Locus: Tiny tracts no longer dominate the public Fastest-Growing Neighborhoods (Population) ranking. Census tracts with fewer than 1,000 prior residents are now filtered out so small-denominator anomalies — like an industrial-to-residential conversion that grew from 62 to 2,382 people and showed as +3,741% — don’t push genuinely fast-growing inhabited neighborhoods off the leaderboard. Column labels and the list description were sharpened to match
• Layer: New users without a workspace now go through an explicit Create your workspace step on first sign-in instead of having a workspace auto-named from their email domain. The previous behavior — silently binding a new user as owner of a brand-new “Gmail” or “Acme” workspace — was a tenant-hijack vector on invitee and SSO flows where the standard workspace-creation trigger hadn’t fired. Existing workspaces, sign-ups that already include a workspace name, and users invited into an existing workspace are unaffected. See Getting started
• Locus: Every admin entrypoint — including the scoring-audit data fetcher — is now uniformly gated by the same email allowlist used by the rest of the admin surface. Previously, the audit dashboard’s data route was protected only by “must be signed in,” meaning any authenticated free-tier user could read its payload; non-allowlisted accounts now receive 403 Forbidden. Self-hosted and preview deployments must populate the ADMIN_EMAILS environment variable with a comma-separated list of admin addresses — when unset, all admin pages and admin API routes fail closed for everyone, and the server logs a warning explaining how to populate it. Hosted Locus is unaffected
• Locus: The batch /api/score/batch endpoint is now rate-limited and emits the same X-RateLimit-Remaining headers as /api/cells, /api/pois, and the rest of the metered surface, so it can no longer be used to fan out unbounded requests against the scoring backend. The 1-hour CDN cache on the route is unchanged, so repeat hits on the same H3 set still serve from the edge. Inbound H3 indexes are also validated before any database work, and plan-lookup outages now surface as a clean 503 instead of a 500 with leaked database error text
• Platform: Closed 14 pre-existing access-control gaps across configuration, civic data, queued free-report jobs, lead capture, and operational telemetry tables. Read-only public reference data is now policy-protected at the row level, and sensitive operational state — including pending free-report submissions and inbound lead captures — is restricted to the service role, so customer-submitted data can no longer be read by other tenants under any circumstance
• Platform: Brought the Axiomancer Labs landing page up to the same security-header baseline as Layer, Overwatch, Locus, and Codex. Every route now sets a Content-Security-Policy header (with frame-ancestors 'none' for clickjacking defense) tuned to the actual provider stack, alongside HSTS preload, X-Content-Type-Options, Referrer-Policy, X-Frame-Options, and Permissions-Policy. Hosts in the CSP allowlist mirror the product sites, so headers stay consistent across the platform.
• Layer: Hardened Stripe billing webhook handling on Plans and billing. Plan tier is now derived strictly from the Stripe price ID — editable subscription metadata is no longer trusted as the source of truth — and every webhook event is processed exactly once via an idempotency claim, so retried deliveries can no longer double-apply. Customer-to-organization binding is verified against the database mapping before any plan change takes effect, so a tampered metadata field can’t bind an attacker’s customer to a victim organization
• Layer: Closed several findings from a cross-platform security review. Scheduled report email bodies now HTML-escape vendor, asset, and app names so a tenant admin can’t plant a clickable link in another admin’s inbox via a crafted vendor name. The scheduled-reports trigger token comparison is now timing-safe so it can’t leak length or prefix-match information. The internal queue-stats token has a higher minimum length, and the AI Usage admin path no longer silently falls back to a lower-privilege key when its admin token is missing — failing closed with a clear error instead
• Overwatch: More representative kinematic fingerprint samples behind vessel risk scoring and behavioral analytics. The daily fingerprint-library job now samples vessel visits stratified across class and load-state buckets, so under-represented vessel profiles (such as light-displacement bulk carriers) are no longer crowded out of the reference library by the most-frequent buckets. Behavioral comparisons are more accurate as a result, especially for less common vessel types.
• Overwatch: Recalibrated dark-event risk-tier thresholds against the actual production score distribution, so the high and critical tiers now classify the meaningful tail of the distribution instead of staying empty. The previous thresholds assumed dark-event scores would compound across multiple risk factors, but most events are isolated AIS gaps that score well below the original high cutoff — meaning zero events ever reached high and the downstream Sentinel-1 SAR verification pipeline had nothing to verify. Existing rows have been backfilled to the new tiers, so historical event lists now show a representative distribution and the SAR verification cron has a real queue of high- and critical-tier events to confirm on each run.
• Overwatch: SAR-verified dark-event scoring no longer biases risk scores down when a SAR scene was never observed. The Dempster-Shafer fusion behind the verification pipeline previously placed mass on Lawful when no SAR detection had been attempted at all (low/medium-potential events, missing credentials, or detection errors), pulling risk scores down on events with no evidence either way. Pure ignorance is now treated as ignorance — a missing SAR observation neither raises nor lowers the score — and weak detections carry a smaller lawful-mass than before. Strong detections are unchanged. The fix lands ahead of the high- and critical-tier events newly flowing into the SAR queue, so verified dark-event scores reflect the actual evidence from the first run forward.
• Layer: Connector tiles on the integrations catalog now flip to Connected the moment an OAuth callback or credential save completes, instead of staying on Connect until a session refresh. The card’s read previously couldn’t see its own freshly-written row through row-level security, so newly-connected integrations looked unconnected even though the saved credential was already in place. Reconnect retries are no longer needed — the tile reflects the real state on the next page load.
• Layer: Failed Stripe payments now flip the relevant subscription to past_due after three consecutive failed attempts on Plans and billing, restoring an invoice.payment_failed lifecycle hook that briefly went silent during the recent webhook consolidation. Successful retries clear the state automatically. No action is required if your subscription is current.
• Layer: Scheduled reports no longer double-send when the cron loop runs twice in the same window. Previously, a Vercel cron retry, a manual overlap, or a multi-region replica race could pick up the same due schedule and email recipients twice; each scheduled send is now claimed exactly once per (schedule, scheduled-for) window before any email goes out, so duplicate runs cleanly skip rather than re-deliver. Send timing and recipient lists are otherwise unchanged.
• Codex: Tightened the Content-Security-Policy on axiomcodex.io to drop unsafe-eval from script-src. The marketing site no longer permits runtime code evaluation in the browser, closing a class of script-injection paths without affecting any user-facing functionality.