Changelog
Append-only log of infrastructure changes, incidents, and operational decisions with verifiable evidence.
Overview
This page is the canonical record of how PVERSE infrastructure evolves over time. It exists to prevent silent change, preserve operational memory, and provide audit-grade traceability across releases, configuration changes, incidents, security updates, and major execution events.
The changelog is append-only by policy. It should describe what changed, why it changed, how it was verified, whether rollback is possible, and where the evidence lives. The objective is deterministic truth rather than narrative spin. If someone needs to understand when a rule changed, when a provider rotated, when pricing behavior was locked, or how a launch action was executed, this page should provide the canonical starting point.
Scope
This page defines the canonical recording rules for infrastructure change history across PVERSE systems.
- releases, rollouts, and runtime configuration changes
- security posture changes, RPC strategy updates, data migrations, and payment-engine behavior changes
- incidents, degraded-state records, post-incident references, and follow-up evidence
- major irreversible operational actions such as key policy changes, DEX market-open actions, and migration events
Core Model
The changelog follows an append-only, evidence-first model. Past entries are not silently rewritten. If a correction is needed, a new corrective entry is added that references the original ID. Every meaningful entry includes classification, impact, verification notes, and at least one evidence pointer such as a commit hash, tx hash, dashboard snapshot, or internal log reference.
- changes are appended, not rewritten
- every material change must leave evidence
- time is recorded in UTC, with optional KST where useful
- major actions should be understandable without reading private operator memory
Operational Behavior
In normal operation, every infrastructure-affecting change should be logged shortly after execution or, for major irreversible operations, logged once before execution and once after completion. This preserves both plan intent and execution evidence. For policy-only changes, the changelog can point to the updated canonical doc page. For code changes, it should include a code reference and verification statement. For incidents, it should point toward the relevant runbook or postmortem path.
Under degraded conditions, changelog discipline becomes even more important. The page should record what happened, when it happened, what the impact was, what evidence exists, and how the system recovered. Incidents that only live in chat memory or operator intuition are operational debt. This page exists to eliminate that debt.
Constraints
- the changelog should not expose secrets, private endpoints, or sensitive internal-only material that would weaken platform security
- not every low-level debug event belongs here; this page is for material operational history, not raw telemetry
- exact private evidence pointers may sometimes remain internal, but the entry should still indicate what class of evidence exists
- if a correction is required, it must be added as a new corrective entry rather than silently editing the original record
Integrity Considerations
The changelog is part of infrastructure integrity because it prevents invisible drift. Without it, policy changes, pricing changes, fallback rules, and operator actions blur into folklore. With it, the system can explain when and why something changed. This matters especially for payments, settlement, signer policy, key rotation, DEX activation, and incident handling.
- append-only records protect operational memory
- evidence pointers make claims verifiable later
- material changes should always be attributable to a time, owner, and verification step
Logging rules (append-only)
- Append-only. Do not edit past entries. If a correction is required, add a new entry labeled Correction that references the original ID.
- Evidence required. Every entry must include at least one evidence pointer such as commit hash, PR, transaction hash, dashboard snapshot, or internal log reference.
- Time standard. Entries record timestamps in UTC. KST can be included as a secondary label when helpful.
- Classification required. Every entry includes Type, Severity, and Impact.
- Deterministic truth. Describe what changed and how it was verified, not opinion or hindsight drama.
Taxonomy
Use consistent tags so entries remain searchable, linkable, and comparable over time.
Change type
- RELEASE — deployments, rollouts, version changes
- CONFIG — flags, parameters, runtime settings
- SECURITY — key policy, permissions, hardening, access changes
- RPC — provider rotation, node strategy, rate limits, retries
- DATA — schema changes, migrations, retention, backups
- PAYMENT — payment-engine logic, settlement behavior, commit rules
- WALLET — address derivation, sweep rules, wallet indexing
- OBSERVABILITY — logs, metrics, alerts, dashboards
- INCIDENT — outages, degraded states, security events, postmortems
- DEX — DEX listing plan, LP operations, enableTrading execution
- PWA — service worker, caching, offline behavior
Severity
- S0 Critical — widespread outage, funds risk, key compromise risk
- S1 High — partial outage, severe degradation, significant ops risk
- S2 Medium — localized impact, moderate degradation, recoverable risk
- S3 Low — minimal impact, internal cleanup, informational
Impact
- USER — user-facing behavior changed or degraded
- OPS — operational behavior changed such as monitoring, deployment, or runbooks
- NONE — no measurable external impact; internal refactor or preparatory change
Entry format (copy/paste template)
Use the following structure for every new entry.
[INFRA-YYYYMMDD-HHMM-XXXX] One-line summary
Date (UTC): 2026-02-16 02:15:00Z
Type: PAYMENT | RPC | SECURITY | ...
Severity: S0 | S1 | S2 | S3
Impact: USER | OPS | NONE
What changed:
- ...
Why:
- ...
Verification:
- ...
Rollback:
- possible | not possible | not needed
Evidence:
- commit: <hash>
- tx: <hash>
- dashboard: <id>
- log: <pointer>
Owner:
- operator / handle
Latest entries
This section contains recent entries. As the log grows, older entries can be archived into yearly pages while keeping stable IDs and anchors.
2026
2026-02-16
[INFRA-20260216-0215-A1F3] PAYMENT: Lock pricing snapshot at commit creation
What changed:
- Deposit commits now lock a pricing snapshot at commit creation time, including PVR price and optional quote-asset details.
- Commit records include locked fields and a timestamp indicating when the quote was fixed.
Why:
- Prevents pricing drift between commit creation and later detection or confirmation, preserving deterministic accounting.
- Improves auditability by making settlement calculations reproducible.
Verification:
- Created commits before and after the update and confirmed locked fields remain unchanged during polling.
- Validated lifecycle posture remains stable: CREATED → PENDING → CONFIRMING → CONFIRMED.
Rollback: Possible by code revert, but not recommended once commits exist with locked snapshot fields.
Evidence:
- commit: add hash
- log: payment-engine commit creation output, add pointer
Owner: operator
2026-02-11
[INFRA-20260211-1840-RPC1] RPC: Provider fallback policy hardened
What changed:
- Documented a strict fallback order of primary → secondary → tertiary and required retries with exponential backoff.
- Defined rate-limit handling behavior and timeout posture for log scans.
Why:
- Reduces operational ambiguity during degraded RPC periods and helps prevent watcher stalls.
Verification:
- Simulated provider failures and confirmed watchers continue scanning with bounded latency increase.
Rollback: Not applicable. This is a policy and documentation hardening change.
Evidence:
- doc:
/docs/infrastructure/rpc-providers/, add final link once published - log: watcher fallback traces, add pointer
Owner: operator
Incidents
When incidents occur, they are recorded here and referenced from other pages such as Operations (Runbooks), Reliability & Limits, Security Model, and postmortem records as needed.
Major changes
Major or irreversible operations such as DEX enableTrading, key-rotation policy changes, signer-boundary changes, or schema migrations should follow a two-entry pattern:
- Pre-flight entry — plan, checks, backout strategy, and exact execution window
- Execution entry — what happened, evidence, verification, and final state
Archives
As this page grows, archive older entries into year-based pages while preserving canonical linking and stable anchor IDs.
/docs/infrastructure/changelog/2026//docs/infrastructure/changelog/2025/
Treat each entry anchor as permanent. Links from other docs, incident notes, and runbooks should continue to resolve cleanly.