Appearance
Changelog
Real system updates. Not marketing.
2026-04-10 — Trust Center v3.0
- Content Integrity Policy (v2026-04-07) — All AI generation (agents + campaign generator) now constrained by a published policy prohibiting fabrication of any facts not present in provided data. Policy hosted at ai4love-policies.vercel.app, fetched at runtime, cached 10 minutes.
- v2 Agent Architecture — Agents 1-5 rebuilt with prefetch proxy pattern: Make.com pulls queue, backend pre-fetches full supporter timelines from Airtable, sends to Claude in one call. No MCP at generation time. Agent 6 writes insights server-side via
/api/agent-proxy/direct. - Insight Verification — New
/api/verify-insightendpoint compares AI-claimed metrics (total_donated, participations, days_silent) against actual Airtable data. Writes verification status (verified/mismatch/unverifiable) back to each insight record. - Cost Logging — Per-run cost breakdowns (Anthropic tokens + USD, estimated Make.com operations) written to Engine Logs table for full audit trail.
- Archived Insight Filtering — All surfaces (MCP tools, dashboard queries, agent inputs, KindMind enrichment) now filter
{status} != "Archived". Prevents v1 insights (67% hallucination rate) from resurfacing. - Model Upgrade — All agents and campaign generation migrated to claude-sonnet-4-6.
- Campaign Generation Guardrail —
generateAction.jsnow prepends Content Integrity Policy to all Claude system prompts. Prevents fabricated beneficiary names, programs, or outcomes. - Security — Patched lodash prototype pollution and code injection vulnerabilities. 3 remaining alerts are upstream in @nangohq/frontend → axios chain (low practical risk on Vercel).
2026-03-25 — Trust Center v2.6
- Published Trust Center as the canonical security reference
- Documented allow-list field filtering for MCP and agent prompts
- Added daily retrieval cap (5,000 records/key/24h) to MCP safeguards
- Clarified Service Account Access Token model for Airtable connections
- Added data minimization section for LLM sub-processor path
- Documented incident response timelines (4h containment, 72h notification)
- Added SIEM streaming option for forensic-grade log retention
2026-03-24 — Performance
- Reduced dashboard load time from 20–30s to 3–5s via parallel Airtable calls and query optimization
- Eliminated O(n^2) lookups in supporter list rendering
2026-03-22 — Security Hardening
- Patched high-severity vulnerabilities in rollup, undici, underscore dependencies
- Added browser globals to ESLint configuration
2026-03-20 — Agent Optimization
- Parallelized Airtable API calls in agent processing
- Added streaming to insight generation for reduced timeout risk
- Added PRIZM and Varonics enrichment fields to MCP tools
2026-03-07 — Auth Migration
- Migrated authentication from Authsignal to Clerk
- Implemented invite-only access model
- Added two-layer auth: Clerk identity verification + AI4Love JWT session
Entries reflect meaningful system changes. Routine dependency updates and minor UI fixes are tracked in git history but not listed here.