# Changelog

```json
{"@context":"https://schema.org","@type":"ItemList","name":"Changelog \u2014 Mnemom","description":"Lo que se envi\u00f3 recientemente en la plataforma Mnemom \u2014 seguridad, fiabilidad y actualizaciones de plataforma con postura honesta, no marketing.","url":"https://www.mnemom.ai/es/changelog","inLanguage":"es-ES","publisher":{"@id":"https://www.mnemom.ai#organization"},"dateModified":"2026-06-08","itemListElement":[{"@type":"ListItem","position":1,"item":{"@type":"CreativeWork","name":"Standard agent-discovery surfaces are published and resolvable.","datePublished":"2026-06-05","url":"/for-agents"}},{"@type":"ListItem","position":2,"item":{"@type":"CreativeWork","name":"AEGIS L5: public advisories and STIX 2.1 IoC feed are live.","datePublished":"2026-05-23","url":"/trust/advisories"}},{"@type":"ListItem","position":3,"item":{"@type":"CreativeWork","name":"The threat thermometer now reads live per-axis Protection Network state.","datePublished":"2026-05-23","url":"https://docs.mnemom.ai/concepts/protection-network"}},{"@type":"ListItem","position":4,"item":{"@type":"CreativeWork","name":"L1 cross-tenant aggregator: campaign-state rolling stats across customers.","datePublished":"2026-05-22","url":"https://docs.mnemom.ai/concepts/protection-network"}},{"@type":"ListItem","position":5,"item":{"@type":"CreativeWork","name":"Safe House per-evaluation webhooks (sh.*) are wired end-to-end.","datePublished":"2026-05-22","url":"https://docs.mnemom.ai/specs/webhooks"}},{"@type":"ListItem","position":6,"item":{"@type":"CreativeWork","name":"Continuous adversarial arena: 15 canonical personas, mutation-phase gated.","datePublished":"2026-05-22","url":"https://docs.mnemom.ai/concepts/arena"}},{"@type":"ListItem","position":7,"item":{"@type":"CreativeWork","name":"Customer false-negative and false-positive reports feed the Managed Rules pipeline.","datePublished":"2026-05-22","url":"https://docs.mnemom.ai/guides/recipes-report"}},{"@type":"ListItem","position":8,"item":{"@type":"CreativeWork","name":"Three reviewer modes \u2014 with a structural dual-control invariant on tier 1-2.","datePublished":"2026-05-22","url":"https://docs.mnemom.ai/concepts/protection-network"}},{"@type":"ListItem","position":9,"item":{"@type":"CreativeWork","name":"Admin review queue with append-only audit chain.","datePublished":"2026-05-22","url":"https://www.mnemom.ai/changelog#aegisReviewQueue"}},{"@type":"ListItem","position":10,"item":{"@type":"CreativeWork","name":"Ed25519-signed Managed Rules with KV+R2 dual-write and a 24h observe soak.","datePublished":"2026-05-21","url":"https://docs.mnemom.ai/concepts/protection-network"}},{"@type":"ListItem","position":11,"item":{"@type":"CreativeWork","name":"Substrate fingerprinting: every evaluation now carries the L0 axis identity.","datePublished":"2026-05-20","url":"https://docs.mnemom.ai/concepts/supply-chain-detection"}},{"@type":"ListItem","position":12,"item":{"@type":"CreativeWork","name":"Detectores de Safe House reforzados en las clases de prompt injection y fuga de PII.","datePublished":"2026-03-31","url":"https://docs.mnemom.ai/guides/safe-house-config"}},{"@type":"ListItem","position":13,"item":{"@type":"CreativeWork","name":"La identidad de agente con passkey y clave hardware est\u00e1 en vivo.","datePublished":"2026-03-24","url":"https://docs.mnemom.ai/concepts/agent-identity"}},{"@type":"ListItem","position":14,"item":{"@type":"CreativeWork","name":"El gateway auto-escala ahora hasta el techo M0 sin cambios del operador.","datePublished":"2026-03-15","url":"https://www.mnemom.ai/changelog#scaleM0"}}]}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.mnemom.ai/es"},{"@type":"ListItem","position":2,"name":"Lo que hemos enviado.","item":"https://www.mnemom.ai/es/changelog"}]}
```

Enviado

# Lo que hemos enviado.

Un registro honesto de lo que se puso en producción, cuándo y por qué importa. Sin barniz de marketing — solo los cambios, la postura que habilitan y los comprobantes.

2026-06-05

Plataforma

## Standard agent-discovery surfaces are published and resolvable.

An agent with no prior knowledge can now find the Mnemom API, learn how to authenticate, and see what skills it can invoke — entirely from standard files at www.mnemom.ai. Every URL resolves to something real; nothing is aspirational.

-   <code>/.well-known/api-catalog</code> (RFC 9727) points at the live OpenAPI 3.1 spec; <code>/.well-known/oauth-protected-resource</code> and <code>/.well-known/oauth-authorization-server</code> (RFC 9728) faithfully mirror our real upstream IdP (Supabase GoTrue) — we run no first-party OAuth server, stated plainly in <code>/auth.md</code>.
-   <code>/.well-known/agent-skills/\*</code> lists invokable skills backed only by real public endpoints, and <code>/.well-known/agent-card.json</code> ships an A2A-style service card; Content-Signal directives in robots.txt declare our search and AI posture.
-   Added the <code>api-auth-discovery</code> commitment to the agent-readiness manifest, verified nightly against production.

[Read the agent-readiness manifest](/es/for-agents)

2026-05-23

Protección

## AEGIS L5: public advisories and STIX 2.1 IoC feed are live.

The transparency surface of the Protection Network is open. /trust/advisories carries signed post-incident write-ups; /v1/trust/iocs serves a STIX 2.1 indicator bundle. Empty by design at GA — the system tells the truth.

-   <code>/trust/advisories</code> is live with its first synthetic post-mortem, clearly labeled synthetic per the calm-at-GA contract.
-   /v1/trust/iocs returns a STIX 2.1 bundle, authenticated and rate-limited, ready for threat-intel pipelines (curl + JSON-LD).
-   New <code>advisory.published</code> and <code>ioc.added</code> webhook events join the catalog, so threat-intel pipelines can react the moment the Protection Network publishes.

[Read the latest advisory](/es/trust/advisories)

2026-05-23

Protección

## The threat thermometer now reads live per-axis Protection Network state.

Customers now see the cross-tenant threat picture at <code>/dashboard/threats</code>: per-axis state across substrate, vertical, pattern, and source, refreshed every 30 seconds. Calm at GA, by design.

-   <code>GET /v1/network/threat-state</code> returns per-axis aggregation of the live Protection Network picture, ready to poll from your dashboards.
-   A dashboard page at <code>/dashboard/threats</code> ships with four per-axis cards and a totals card.
-   A new <code>network.threat\_level.changed</code> event lets you wire threat-level transitions straight into your own alerting.

[Read the Protection Network concept](https://docs.mnemom.ai/concepts/protection-network)

2026-05-22

Protección

## L1 cross-tenant aggregator: campaign-state rolling stats across customers.

Per-axis rolling stats now correlate signals across arena, Sideband, and integrity-checkpoint traffic — the cross-tenant correlation engine that sees campaigns no single customer could.

-   The correlation engine joins per-axis fingerprints across integrity, arena, and Sideband signals to build campaign-level state no single tenant can see.
-   Per-bucket state machine with 6h-window hysteresis on exit; states wired to cells.ts via four concrete campaign\_state cells (safe-house-hardening#246).
-   The engine refreshes continuously, keeping the cross-tenant picture current across the whole Protection Network.

[Read the Protection Network concept](https://docs.mnemom.ai/concepts/protection-network)

2026-05-22

Plataforma

## Safe House per-evaluation webhooks (sh.\*) are wired end-to-end.

Five Safe House front-door events join the AEGIS catalog with per-org delivery mode controls — table-stakes for SOC/SIEM integration. Brings the AEGIS-GA webhook catalog from 10 to 15 fully-wired events.

-   New <code>sh.evaluation.warn</code> / <code>quarantine</code> / <code>block</code> webhook events fire at each verdict point, plus <code>sh.session.escalated</code> when a session crosses a risk tier.
-   Per-org delivery modes (full, 10% sampled, or summary-only) keep high-traffic orgs in control, with HMAC-signed delivery on every event.
-   13 sh\_emission cells in the harness pin every checkpoint × mode firing path (safe-house-hardening#247).

[Read the webhook spec](https://docs.mnemom.ai/specs/webhooks)

2026-05-22

Protección

## Continuous adversarial arena: 15 canonical personas, mutation-phase gated.

The adversarial arena now spans every canonical threat type across all four Safe House checkpoints, with mutation-phase gating that lets attacks evolve only while detection holds. Findings that slip past feed straight into the Managed Rules pipeline.

-   All 15 personas now cover every canonical threat type across the four Safe House checkpoints, including a supply-chain archetype at inside.integrity.
-   Mutation-phase gating lets attacks evolve per fingerprint bucket only while detection holds, with hysteresis to prevent thrash.
-   Attacks that beat detection are captured automatically as Managed Rules candidates over an isolated, attribution-stamped path — no human in the loop to lose a finding.

[Read the arena concept](https://docs.mnemom.ai/concepts/arena)

2026-05-22

Protección

## Customer false-negative and false-positive reports feed the Managed Rules pipeline.

Customer signal is now a first-class source. Reports flow through an authenticated endpoint, a CLI command, and an acknowledgment-email pipeline that ships in five locales — feeding the same candidate review queue as arena and the cross-tenant aggregator.

-   The report endpoint is live, with a <code>recipe.candidate.created</code> webhook fan-out to your account whenever a report becomes a rule candidate.
-   <code>mnemom recipes report-fn</code> and <code>report-fp</code> commands shipped in the @mnemom/mnemom CLI.
-   Customer-FN acknowledgment email rendered in en/fr/de/it/es via the Track D template pipeline.

[Read the recipes report guide](https://docs.mnemom.ai/guides/recipes-report)

2026-05-22

Seguridad

## Three reviewer modes — with a structural dual-control invariant on tier 1-2.

Platform admins can flip reviewer mode between manual, auto-approve-trusted-sources, and auto-approve-high-confidence. The protective invariant is structural, not procedural: tier-1 and tier-2 rules can never auto-promote without human dual-control, regardless of mode.

-   Reviewer mode and threshold persist platform-wide and are read and written through <code>/v1/admin/settings/reviewer-mode</code>, with every change written to the audit trail.
-   The admin reviewer-mode control ships with a confirmation step and full audit attribution on every change.
-   Three concrete reviewer\_mode cells pin the invariant: trusted-sources promotes tier-3, high-confidence inserts ONE approval on tier-1 but does NOT promote, manual blocks all auto-approval (safe-house-hardening#245).

[Read the Protection Network concept](https://docs.mnemom.ai/concepts/protection-network)

2026-05-22

Seguridad

## Admin review queue with append-only audit chain.

Platform admins now triage Managed Rule candidates from a dedicated queue: approve, reject, needs-changes, or promote. Every action lands as a service-role-only INSERT on an append-only chain — the audit surface CISOs and regulators can rely on.

-   Every review action lands on an append-only chain, rooted at candidate creation and running through promotion or retirement — the audit surface CISOs and regulators can rely on.
-   An admin review-queue UI ships with full rule detail and telemetry.
-   Every state transition emits a governance signal, and no rule can go active without dual-control sign-off — two-person approval enforced by the platform, not by policy.

2026-05-21

Protección

## Ed25519-signed Managed Rules with KV+R2 dual-write and a 24h observe soak.

Promoting a recipe to a Managed Rule is now a cryptographically signed event. Each rule is Ed25519-signed, served fail-closed, and routed through a 24-hour observe soak before it enforces in production.

-   Promotion cryptographically signs each rule; gateways verify the signature and serve through a tiered, fail-closed read path with a sub-30s P95 propagation target.
-   Rules escalate from observe to active automatically, with auto-rollback if the false-positive rate climbs; the reasoning surfaces in <code>recipe.promoted</code> and <code>recipe.retired</code> webhooks.
-   A nightly sweep automatically retires rules with zero hits after 90 days, so the active rule set stays lean and current.

[Read the Protection Network concept](https://docs.mnemom.ai/concepts/protection-network)

2026-05-20

Protección

## Substrate fingerprinting: every evaluation now carries the L0 axis identity.

The supply-chain detection signal is live. Every integrity checkpoint, arena attempt, and sideband analysis is now stamped with substrate, vertical, pattern, and source fingerprints — the cross-tenant correlation key that catches behavioral deviation across every customer running on the same substrate.

-   Every evaluation is now stamped with its four-axis substrate fingerprint at write time — deployed in production.
-   The underlying data model for the Protection Network is in place, with row-level isolation enforced from the first write.
-   Rules compose like cards — Platform → Org → Team → Agent, strictest-wins.

[Read the supply-chain detection concept](https://docs.mnemom.ai/concepts/supply-chain-detection)

2026-03-31

Seguridad

## Detectores de Safe House reforzados en las clases de prompt injection y fuga de PII.

Los detectores front-door y back-door han recibido una pasada de calibración. Menos falsos positivos en llamadas a herramientas legítimas, mejor tasa de bloqueo en patrones de injection nuevos — sin ampliar los datos que recopilamos.

-   Detectores de prompt injection reentrenados sobre un corpus adversarial reciente; 12 % menos de falsos positivos.
-   El filtrado back-door detecta ahora fugas de PII con tokens fragmentados (p. ej. SSN o números de tarjeta repartidos entre chunks en streaming).
-   El formato de veredicto firmado incluye ahora la versión del detector, de modo que los auditores pueden reproducir el clasificador exacto utilizado.

[Lea la guía de configuración de Safe House](https://docs.mnemom.ai/guides/safe-house-config)

2026-03-24

Seguridad

## La identidad de agente con passkey y clave hardware está en vivo.

Los agentes pueden ahora vincularse a una passkey o a una clave respaldada por hardware desde el primer día. La firma Ed25519 sigue siendo el valor por defecto; la identidad de agente basada en WebAuthn está disponible para equipos que quieren un onboarding infalsificable.

-   Atestación WebAuthn soportada para el enrolamiento de agentes.
-   La rotación de identidad de agente no rompe las proof chains históricas; las claves antiguas siguen siendo verificables.
-   Funciona tanto para el gateway auto-alojado como para los tenants gestionados.

[Leer la guía de identidad de agente](https://docs.mnemom.ai/concepts/agent-identity)

2026-03-15

Fiabilidad

## El gateway auto-escala ahora hasta el techo M0 sin cambios del operador.

Trabajo de fiabilidad bajo el capó. El gateway gestionado aprovisiona elásticamente para picos de tráfico hasta el techo del tier M0 sin ninguna configuración del tenant. Los despliegues auto-alojados reciben los mismos valores por defecto del autoscaler en el chart de Helm.

-   Auto-escalado de 2 a 10 réplicas con CPU sostenida > 70 %.
-   Ruta de arranque en frío reducida un 40 % en la imagen auto-alojada.
-   Sin cambio de precio — el escalado se queda dentro del techo de su tier.

## Vea lo que la plataforma demuestra de verdad.

Cada cambio enviado respalda una de dos afirmaciones: lo que demostramos o cómo mantenemos seguros a sus agentes.

[Lo que demostramos](/es/what-we-prove)[La Safe House](/es/security)

---
_Source: /es/changelog/index.html · Generated by build-markdown-mirrors.mjs · For agent-readability commitment #4 see https://www.mnemom.ai/for-agents_