LatticeKit
Early access

Built in the open. Shipping every week.

LatticeKit is in active build. New primitives, lifecycle paths, and design decisions land continuously. Read through what shipped recently — then join the waitlist if you want a sandbox tenant when early access opens.

Join the waitlist

Tell us what you would use LatticeKit for. We are quietly onboarding first partners and will reach out as your spot opens.

Join the waitlist on latticekit.app
What's shipping

Recent updates

  1. June 11, 2026
    • Hardening phases 0–2, complete and in production. The June 10 review's launch plan executed in a day. Phase 0 closed the tenant header-trust hole with a trusted-proxy-secret gate — only callers presenting X-Foundation-Proxy-Secret (injected by the render-runtime and console on every server→API call) may assert a tenant header. Phase 1 added a per-account brute-force lockout on Mannix password credentials, Speaker delivery-webhook signature verification plus a closed device-registration IDOR, structured JSON logging in prod, CloudWatch alarms with an SNS pager on the deployment unit, an inert-by-default continuous-deploy workflow, and a disaster-recovery runbook (Aurora point-in-time restore + secret/scheduler recovery). Phase 2 brought a tenant SUSPENDED / CLOSED kill-switch, GDPR person data export + anonymize-in-place erasure, and a two-connection test harness proving the locking invariants. Prod is pinned to the full Phase 0+1+2 release.
    • Stripe Payment Element deposits. Booking deposits are now collected with real cards on the public booking flow: a booking-deposit PaymentIntent endpoint on Payments, webhook settlement (payment_intent.succeeded settles the deposit and confirms the booking), and a Stripe Payment Element deposit widget in the render-runtime.
    • POS tax. The Hober point-of-sale path now charges sales tax, and the tax-divergence bug between the order and the Mallow invoice is dead.
  2. June 10, 2026
    • Whole-project review → Phase 0 fixes, same day. A verified whole-project health review produced a phased launch plan, and Phase 0 landed immediately: the Seldon/Trantor double-booking races and cross-tenant slot anchors are closed; the Payments/Mallow/Hober money path tells the truth (no more optimistic statuses ahead of the processor); cross-tenant, LFI, and XSS holes in Palver, Korell, and the render-runtime are fixed; prod stops leaking raw exception messages to API callers; credential endpoints are actually rate-limited (the old IP limiter targeted a dead route); and the scheduler service is restored to the deployment unit.
  3. June 9, 2026
    • Pelorat report viewer. Report runs now write durable output to S3 and stream back through a tenant-scoped download endpoint (GET /pelorat/v1/reports/{id}/runs/{runId}/download) — reports stopped being fire-and-forget.
    • Mallow onboarding defaults. New tenants get their financial spine seeded at onboarding — a chart of accounts and a default tax rate — so the first invoice posts without setup.
    • Demo polish + a fresh API spec. Every step of the live demo now works end to end (payments, receipts + receipt config, reports, tabs), and the OpenAPI spec was regenerated — 429 paths, up from 320 — picking up Hober subscriptions, Terminus employees, and Pelorat downloads in the live API reference. Prod was promoted to the full release the same night.
  4. June 8, 2026
    • Korell is live — AI-driven data import, end to end. The import primitive went from phase-1 scaffold to operator-usable in a day. Upload a CSV, XLSX, or a whole ZIP export of your old system (presigned S3 upload, an archive inspector enumerates the entries); propose_import_plan has Beth read your files against a typed target-field catalogue and propose the mapping; a dry-run preview validates before anything writes; and an ImportRefMap remaps cross-file IDs so customers imported this morning link to bookings imported this afternoon. Operators get a Demerzel import wizard (with per-file target + mapping editing and an inline run-in-chat card) — or just drag a data export onto Beth's chat. Targets so far include Terminus persons + employees and Trantor resources, with every row going through the target primitive's normal validation.
    • Mallow exports for the accountant. CSV financial export, a QuickBooks-ready QBO journal CSV, and PDF account statements (dompdf) — with a Demerzel export & statements download UI, Imports/Exports surfaced to tenant operators behind per-capability gating, and customer self-service statement download through Mannix.
    • Tenant isolation goes claim-mode — on prod. Tenant identity is now sourced from the verified Mannix token claim rather than a trusted header, activated on dev and production (with business-unit isolation claim-sourced and piloting STRICT on dev). The operator surface kept pace: an airtight operator-mode boundary in the render-runtime, the operator-capability proxy hop wired end to end, a Palver operator realtime token, and a frontend Centrifugo client with a live_tabs widget for Palver-pushed operator reads.
    • Handbook & cost wins. The staff Engineering Handbook was regenerated into a 52-chapter onboarding backbone grounded in current code, and infra costs dropped — Container Insights off in dev, S3 gateway endpoints, and dev Aurora auto-pause.
  5. June 7, 2026
    • Hober subscriptions v0. Recurring revenue landed as a real state model — a Plan, a Subscription, and a SubscriptionPeriodCharge per billing period — with a billing cycle that charges, invoices into Mallow, and advances the period, plus pause / resume / cancel and a full HTTP surface. Beth reads it and operators manage it from the console.
    • Multi-location businesses. Sub-tenant (business-unit) isolation arrived in one arc: a SubTenantQueryScoper + business-unit directory, a write guard with a real-database isolation proof, the header→claim flip, and the scoper rolled onto Person / Booking / Order / Invoice / subscription list reads. Demerzel gained admin business-unit CRUD, a per-location activity breakdown, and a team roster.
    • Employees & roles. Terminus grew an employee STAFF spine (roster + profile read model) and an employee provisioner — hire / re-role / suspend / terminate — driven from the console's new /dashboard/team. Underneath, a platform role/permission keystone (resolver + gate + catalogue) puts per-operator console roles on the token, with a PermissionGate rolled across operator and per-location admin surfaces.
    • Operators on the public site. The render path gained server-side view-level enforcement and a console→render operator identity handoff (revocable sessions + exit) behind an "Open operator view" button — and the first operator-gated component: POS as a widget, a pos ui_view component scoped by the new RENDER_OPERATOR front-end class.
  6. June 6, 2026
    • Onboarding & invites. Beth's onboarding learned the difference between a duration and a cadence (a 14-day rental now provisions cleanly instead of failing), and invite-accept got friendlier — it reuses an existing operator rather than 409-ing, and prompts a brand-new invitee to set a password through Mannix.
    • Agentic onboarding. The tenant build loop became a real agentic loop: hard validation relaxed to integrity-only checks so Beth has room to design, Beth triggers the build herself when the design is ready, a second AI build critic confirms the design before provisioning, and build failures route back to Beth to fix and retry.
    • Variable-length stays. Multi-day rentals where the customer picks the length: an adaptive provisioner materializes multi-day stay windows on a range Offer, the BookingCalendar renders them, and Beth recognizes stays / rentals / variable-length businesses at onboarding.
    • Beth capability coverage, three waves. A 20-agent audit of Beth's tool coverage produced a fix-plan executed the same evening: her primitive catalogue rebuilt accurate + complete, safe non-sensitive reads exposed to her over MCP across 18 primitives, and the console's existing forms wired to useSherpaForm so she can drive them.
    • Quality gates & prod parity. A frontend quality gate plus a shared API-error mapper close a class of UI bugs, and end-to-end "getting into LatticeKit" access journeys now run in CI — with CI itself pulling a prebuilt runtime image (~50 min → ~5 min). On the infra side, prod gained full worker parity (a Daneel worker + a low-priority worker) and a fix for the emission worker that had been crash-looping.
  7. June 5, 2026
    • Seldon emission, rebuilt for precision. The lifecycle-emission pipeline was reworked to fire events within tens of milliseconds of their target. A just-in-time Lambda emit consumer on a custom PHP 8.5 runtime skips the Symfony kernel (cold start 5.5s→1.67s); the Meerkat worker pre-warms on the upcoming schedule; and a deliver-at-target path leads each fire by the learned one-way latency so the event lands on time, not late. Cancels propagate through Redis markers, and fire times now carry microsecond precision.
    • Daneel execution modes, in plain language. Workflow execution modes are now operator-facing as Wait, Background, and Durable (Background is the default) — the old queue picker is gone — over the same sync / SQS / Temporal backends underneath. A default Background queue + worker ship with it.
  8. June 4, 2026
    • NEW: the capability registry. Every primitive now publishes its operations as typed capabilities in one platform CapabilityRegistry. The AI tool surface is auto-generated from it — the nine hand-written MCP tool providers were retired onto a single MCP bridge — and an exposure matrix gates every front-end by actor class (customer / operator / staff / AI). On top of it, operators (or AI) can wire an event straight to an outcome — a capability call, a Daneel DAG, or an SQS publish — through event→outcome bindings, with no workflow to author.
    • NEW: the needs ledger. A persisted ledger of deferred obligations (a Need) gates a flow until its condition clears: a booking deposit-to-confirm, an Elliot delivery payment-to-dispatch, an approval-to-proceed. Needs expire on a timer, unwind through saga compensation when a flow is abandoned, and surface in a Demerzel operator UI — approvals, pending payments, and outstanding obligations in one place.
  9. June 3, 2026
    • Mannix completes the auth surface. The last four phases landed in a day: passkeys (WebAuthn, enrolled as "this computer" or "phone / security key"), social sign-in ("Continue with Google", pluggable), Mannix as an OIDC provider (a standard authorize / token / userinfo flow + discovery document, so third-party apps and branded domains can "Login with LatticeKit"), and machine API keys + a service-token exchange that ends the old internal header-trust. Operators get an Account → Security page for passkeys + MFA, and the console root is now a real sign-in rather than the waitlist landing.
    • Production deployment configs. The prod pool-1 service set — api, console, render-runtime, worker, Centrifugo, and the Seldon emission workers — is wired up, ahead of the cutover going live in production.
    • Apex cutover, platform email, operator sessions. Production cut over to the latticekit.app apex behind a standalone root-DNS stack; Speaker made platform SendGrid (an ops-managed key, click/open tracking off) the default email provider; and operator sessions moved to Valkey, with staff operator management and the ability to invite an email to an existing tenant.
  10. June 2, 2026
    • NEW: Mannix, the authentication primitive (in progress). One hardened enforcer owns every credential, token, and auth flow — for customers, operators, and machines, across every tenant. A global Principal (keyed by verified email) holds the credentials, so a customer reuses one login across businesses with no business-to-business visibility and without ever seeing "LatticeKit"; a per-tenant toggle can isolate a tenant's pool instead. Mannix issues short-lived RS256 access tokens that every primitive verifies offline against a published JWKS, with a revocable Session behind the refresh token. Today's phases — password auth, the cross-tenant pool + Terminus Person backlink, the operator cutover (the Demerzel console becomes a relying party, magic-link retired), and TOTP MFA — supersede the day-old Terminus customer-auth in a clean rebuild. Authorization stays with each primitive of record: Mannix says who, the owner says what they may do.
    • The page builder. The Radiant ui_view editor became a real site builder: a live preview that renders through the actual render-runtime (so it's WYSIWYG and data-bound widgets show live tenant data), if conditions evaluated as real CEL, view_ref layouts composed on a drag-and-drop canvas, theme assets that bind a palette, and a platform template library (Home hero, About, Hours, Contact, Gallery, FAQ, Menu, Booking) a tenant binds or forks. New no-JS disclosure and live menu (self-fetching the tenant's Hardin menu) components round it out.
  11. June 1, 2026
    • Deployment shape collapsed. The platform went from ~15 per-primitive services to one coordinated unit — a single api gateway, a worker, the render-runtime, and the Next.js console — with the render-runtime serving tenant sites on their own subdomains, env-aware tenant base domains, and an SES grant so the platform can send email itself.
    • Four demo businesses, fully populated. A one-command seeder (and a bootstrap-dev that stands up a whole environment) provisions salon, restaurant, fitness, and courier tenants and drives synthetic customers through the entire stack — bookings across the full Seldon lifecycle into Mallow invoices + double-entry ledger, mock Payments, and consent-gated Speaker comms (a seeded salon tenant lands ~880 bookings / ~477 paid invoices). Each gets a real customer-facing home page with a live booking widget.
    • Seldon scheme templates + a real booking calendar. Parameterized scheme templates (Salon / Restaurant / Fitness / Services) materialize a working chair or table grid — cascade edges and all — in one POST /seldon/v1/templates/{id}/use. A new booking-surface read (GET /seldon/v1/availabilities/{id}/booking-surface) backs a scheme-aware booking_calendar render component, so demo sites take a real end-to-end customer booking in the business's own hours and timezone — with a best-effort confirmation email on self-serve bookings.
  12. May 31, 2026
    • NEW: Media, the media-store primitive. A MediaAsset backs a three-step presigned-upload flow — the browser PUTs the bytes straight to S3 and the application never proxies a file. Public assets serve from a CloudFront distribution (Origin Access Control, objects private); private assets mint short-lived presigned reads. Terraform provisions the bucket + CDN, and a Demerzel media library uploads, browses, copies URLs, and deletes. Everything else points at an opaque med_* id.
    • NEW: Sign, the e-signature primitive (in progress). One SignatureEnvelope drives the signing lifecycle (DRAFT → SENT → PARTIALLY_SIGNED → COMPLETED, with declined / voided branches); the document is a Media asset and each signer an opaque Terminus ref. The actual vendor sits behind one SignatureProviderInterface — the same driver shape as Payments processors and Elliot carriers — with HMAC-verified webhooks advancing status and the executed PDF recorded back into Media. A Mock driver ships today; the Demerzel signing UI composes envelopes and manages providers. Real DocuSign / Dropbox Sign / Adobe Sign drivers are the next slice.
    • Elliot freight EDI. Elliot gained an X12 layer so carriers that run on EDI rather than REST ride the same tender lifecycle — a pure-PHP codec emits a 204 Load Tender + 997 ack and decodes inbound 990 / 214 / 997, with async tendering parking a shipment in TENDERED until the 990 resolves it. The carrier-driver registry made it a new CarrierType::EDI driver, no core rework.
    • Seldon variable-duration grid bookings. A grid Booking can now span N consecutive SlotInstances, so a set-duration service (salon 30 / 60 / 90) books on the appointment grid without abandoning it — contiguous slots locked in id order, capacity restored across the whole span on cancel / no-show / modify. Plus a per-scheme generation lock so concurrent slot regeneration can't double-run.
    • Seldon group & staged bookings, Daneel-owned journeys. Three more booking shapes landed on top of the grid work. A BookingGroup parents N sibling Bookings with all-or-nothing creation — one member failing (slot full, tier gate, no resource) rolls the whole group back with no leaked Trantor holds — plus single confirm / cancel and a single-invoice anchor (POST /seldon/v1/booking-groups). A range-availability window enumerator projects the bookable windows for a range Offer the way the grid pre-renders slots (GET /seldon/v1/availabilities/{id}/windows), cached in Valkey and busted on every booking write; a matching Trantor fix makes the discrete-resource read path overlap-aware, so a resource with an unrelated same-day hold stops hiding its other free windows. And multi-stage journeys are now orchestrated by a Daneel DAG instead of a Seldon entity: a seldon.book_offer step books a stage and seldon.cancel_booking compensates it, so a tenant composes book → wait → book → branch as a workflow — a staged_flow Offer is booked through its DAG, not directly.
    • Payments & Hober deepened. Payments filled in manual capture (authorize-now / capture-later, partial + tip), stored-credential / MIT reuse, processor routing + failover, a full dispute / chargeback state machine, and signature-verified per-processor webhooks (dedupe + dispute ingestion). Hober added refunds & returns (an OrderRefund that books a Mallow CreditNote and restocks inventory through the outbox), even-split payment, delivery-address editing, a receipt-printer driver seam, and a ledger-readiness probe.
    • Deferred-backlog sweep across the Live primitives. A broad pass filled in the next slice on nine primitives: Mallow AR-aging + a TaxJar/Avalara provider seam; Terminus segment CEL→query compiler, attribute constraints, and HoldBack trim/reject wired into Seldon booking; Trantor pluggable allocation strategies, RRULE blackout rules, low-stock alerts + purchase orders, and a real hold sweeper; Hardin tier / channel / segment pricing scopes; Radiant POST /validate, YAML parse-on-publish, and generic promote-to-asset; Speaker fallback-on-failure chains + a web-push driver scaffold; Palver per-entity ACL v2 (CEL) + replay-from-position; Branno experiment scope + a termination sweeper; and Daneel reactive state triggers v2.
    • Demerzel: onboarding, dashboards, and a handbook. A new Explorer walks a new operator through a conversation that provisions their tenant and then tours it; operator dashboards landed for the Media library and Sign envelopes; proactive insights and clustered Signal Themes graduated to v1; a mobile-friendliness pass shipped; and a staff-only Engineering Handbook (72 codebase-derived docs behind the staff gate) went up. Beth now defaults to Sonnet 4.6 (~5× cheaper than Opus for chat + tool orchestration).
    • Sandbox & platform hardening. Test-mode gained one-click Reset sandbox (purges every sandbox-tagged invoice / message / charge / effect for the tenant) and report isolation — sandbox audit events are tagged and excluded from Pelorat, so test traffic never pollutes reports. Tier-1 production scaling added two cache pools (disposable vs. never-evicted) and a durable-pool-backed rate limiter returning RFC 7807 429s.
  13. May 30, 2026
    • Elliot is live. In a day the logistics primitive went from MVP to real carriers: production-grade parcel drivers (EasyPost, Shippo, direct UPS / FedEx), on-demand last-mile couriers (DoorDash Drive, Uber Direct), and a freight LTL/FTL broker driver with a full CarrierTender lifecycle (shop every broker → award → tender). Signature-verified carrier tracking webhooks ingest status and stream it to Palver, and a Hober order.closed now auto-creates a draft shipment — ship-to from the order, one parcel per line at the variant's ship weight.
    • Composable additions to the Live primitives: Mallow stored-value — gift cards, store credit, and loyalty as one double-entry ledger primitive (open / issue / redeem); Terminus typed Person attributes — composable custom customer fields with a promoted index that Magnifico audiences filter on; Seldon event-series + roster — leagues and tournaments as an additive listener over Offers (series, sessions, registrations, attendance); and Payments card-present (EMV) Slice 1 — connection tokens + a capture-mode for in-person chip terminals.
    • Speaker push. A real PUSH channel: a Web Push driver (VAPID) and a device-token registry back browser and mobile push, the operator console ships as an installable PWA, and the first live trigger pushes operators when a proposal needs review.
    • Radiant ui_view templates + instances: author a view once with a typed variables: block, instantiate it per tenant, and resolve at render time. The Layer-2 git bridge is real now too — creating a proposal enqueues an async job that materializes it to a GitHub branch + PR without blocking the API.
    • Sandbox / test-mode (platform): a per-request sandbox flag and an effect log that captures what would have happened, with egress neutralized so Speaker won't send, Payments won't charge, Mallow won't post, and Elliot won't dispatch — while every internal effect still runs for real. An effect-log endpoint (its own Sandbox API tag) and a Demerzel toggle let an operator flip into test mode and review the captured effects.
    • Failure console: one feed for everything that breaks. A HealthSignal store + ingest API collect failures from the CI gate (PHPStan + PHPUnit on every push and PR), the nightly tester, and production, surfaced in a Demerzel dashboard and mirrored to GitHub — so a regression shows up in one place instead of scattered logs.
    • Demerzel: the assistant Beth gained voice input, a mobile-friendly panel, and the full bookable-business playbook, plus proactive insights — evidence-backed nudges Beth raises on its own — while operator feedback clusters into a ranked staff backlog (Signal Themes). Operators can now author Radiant proposals in-dashboard (make a branch, AI-draft or hand-write, see the diff), spin up a real or demo tenant from the admin page, and bulk- or duplicate-create resources. MCP coverage and dashboards expanded across Elliot (carriers + shipments), Magnifico, Mallow stored-value, Terminus attributes, and Seldon event-series.
  14. May 29, 2026
    • NEW: Elliot, the logistics primitive. One Shipment model and one mode-agnostic carrier-driver contract (quote / book / cancel) span three flavors that all landed today: parcel shipping (quote → buy label → track), last-mile own-fleet (zone-gated dispatch, pickup/dropoff stops, driver progress), and recurring B2B freight (RRULE route templates → materialized runs → advisory load consolidation). A Mock and an OwnFleet driver ship; real carriers (EasyPost, UPS, FedEx), real geocoding/routing, and the cross-primitive wiring are the next slices.
    • Branno is live — and now wired into pricing end-to-end. Hober calls the bandit when a line is added to an order and attributes the realized revenue back when the order closes (durably, through the outbox relay). A continuous-reward Normal-Gamma allocator joins the binary Thompson one, and an auto-convergence detector runs hourly on the new platform scheduler — settling experiments that clear their confidence threshold and, for proposals started from Radiant, self-merging the winning variant with no human in the loop. Demerzel surfaces the convergence verdict per experiment.
    • Seldon field-service: travel-aware availability. An Offer can carry a travelBufferSec that widens only the Trantor hold window, so a technician's prior job bleeding into the inbound drive is rejected as a conflict; a service-area gate runs each booking through Elliot's zone resolver; and a read-only tech-route view projects a technician's ordered day with appointment and travel-buffered windows.
    • Hardin demand signal: a predictive demand feature now feeds the yield engine. An hourly job refreshes a model-free trailing-velocity signal per variant; a YieldRule can reference it (predicted_demand) to adjust the base price before Branno's bandit layer sits on top.
    • Demerzel: MCP tool coverage expanded to Hardin pricing, Branno, Pelorat, Payments, and Speaker; per-experiment convergence surfaces; invitation emails now send outside the DB transaction (with an SES provider seed); and the assistant now presents as Beth.
    • Platform & infra: a supercronic scheduler service now runs every recurring job — Seldon slot regeneration, the Hardin demand-signal refresh, Branno auto-convergence, demo-tenant cleanup — and a P0 in the outbox relay was fixed. Centrifugo's URL + API key are wired into the task environment so Palver's outbox fan-out reaches the live socket, and the outbox now tracks per-subscriber delivery for durable money legs.
  15. May 28, 2026
    • NEW: Branno, the experimentation primitive. Experiment + Arm + Allocation with Thompson / UCB1 / ε-greedy / fixed-split allocators; cohort-stable allocation (a UNIQUE(experiment, cohort) row means one customer always sees one arm); push-attribution of outcomes, idempotent on the source reference. It closes the config-as-code loop with Radiant: a VersionProposal can carry a banditExperimentId, run as a live experiment when it's approved, and the winning arm merges itself — or the proposal closes if control wins.
    • Radiant config-as-code grows three layers past the pull-request primitive: a Layer-2 git bridge (in-memory back-end + signature-verified webhook receiver — a skeleton ahead of the real GitHub client), a Layer-3 AI proposal author (POST /assets/{id}/proposals/draft-with-ai opens a proposal with authorKind=AI), and the Layer-5b bandit handoff above. Assets also gained an audience (tenant_private / tenant_public / platform) and a fork endpoint that copies a platform asset into a tenant.
    • Demerzel AI + admin surfaces: a performance-review agent reads Pelorat reports, calls the model, and opens DRAFT Radiant proposals (authorKind=AI) for a human to approve; the Sherpa autopilot lets the chat drive the dashboard itself through a browser-tool transport (WebMCP) with Manual / Auto / On-rails modes; plus the Palver Live Activity page, an admin waitlist queue with ?q= search, and one-click staff demo tenants.
    • Platform hardening: a security-audit sweep landed a real JWT-backed StaffGate in production with act-as override, a lock + idempotency + cumulative cap on payment refund/void, a pessimistic lock and status re-assert on Hober order close, Speaker failing closed on consent for identified recipients, discounts posting negative ledger lines + capped invoice discounts + compounded stacked codes, and the outbox relay re-acquiring its row before stamping.
    • OpenAPI generator + combined spec. Foundation now exports a single foundation.json generated from route introspection — 197 endpoints across every primitive, with per-primitive tag providers. The live API reference at latticekit.dev/docs/api/ renders it through Scalar with deep links from every primitive page (#tag/Radiant, #tag/Seldon, etc.).
    • Palver is live: real-time channels are deployed. Centrifugo runs at wss://palver.latticekit.app behind the same ALB and TLS as the API; the connect/subscribe proxy authorizes against Terminus on the same JWT the REST endpoints use. Twelve per-primitive channel derivers fan domain events out of the audit outbox, publishing happens out-of-transaction over Messenger, and Demerzel's new Live Activity page subscribes with the Centrifuge client.
    • NEW: Magnifico phase-1 marketing primitive. Audience + Campaign + CampaignRun + CampaignAttribution + Conversion entities; AudienceEvaluator + CampaignRunner; Daneel step handlers for in-flow dispatch; HTTP controllers for audiences and campaigns. Speaker dispatches; Terminus consent-gates; Daneel executes the steps.
    • Radiant Layer-1 PR primitive: VersionProposal + ProposalComment + ProposalApproval. Asset changes now flow through pull-request-style review — employees and AI agents open proposals through the same API; tenants configure required approvals; the merge handler atomically writes the new AssetVersion, sweeps superseded siblings, and emits the outbox event. DRAFT → OPEN → APPROVED → MERGED with explicit conflict gating.
    • Hardin pricing engine: dynamic pricing grows from phase-1 scopes into a full engine over a day — phase 2 (Magnifico audience scope on PriceOverride), tier 3 (raw CEL PricingRule fallback), tier 4 (YieldRule for yield / surge / off-peak adjustments), tier 5 (cart-shape promotions: CartDiscount, BogoPromotion), tier 5b (BundlePromotion fixed-price combos), and tier 6 (customer-redeemable promo codes with Hober redemption at order close). The catalog now carries every shape a real merchant pricing engine needs.
    • render-runtime AC1+AC2: the tenant-facing SSR runtime ships its ui_view component catalog (eight layout primitives) plus server-side ${binding.…} resolution and a data-loader. Demerzel-authored sites now have a real rendering layer underneath them.
    • Pelorat phase 3: report definitions and scheduled runs. Report + ReportRun entities plus a ReportRunner service plus a Daneel step handler — reports can now be authored, scheduled, and delivered through the same workflow engine that drives operational flows.
    • Demerzel authoring surfaces: Seldon dashboards (TimeScheme / Instance / ExceptionWindow / Edge) with a calendar view; a templates dashboard with per-row fork and audience-aware picker. Operators can configure scheduling and edit messaging without curl.
    • Daneel deploy substrate: lazy Temporal WorkflowClient with a factory that tolerates missing env — the platform no longer needs Temporal at boot to run sync- or sqs-mode actions.
  16. May 27, 2026
    • Demerzel operator console launched at latticekit.app — magic-link auth, AI chat with an MCP tool registry over every primitive, visual asset editor with "Apply to editor", multi-page tenant sites backed by a render-runtime ECS service.
    • Daneel goes from scaffolded to a full DAG engine — branch, switch, parallel, join, sleep, wait-for-event, wait-for-signal, and loop control-flow nodes; CEL triggers; three-backend executor (sync / sqs / temporal); ad-hoc run + external signal-send endpoints; retry policy; domain step library (fire_lines, serve_line, dispatch_action).
    • Speaker real drivers shipped — AWS SES (outbound + inbound forwarding for latticekit.dev), SendGrid, Twilio SMS. Mock driver retires from the dispatch path; consent-gated email and SMS are live.
    • Payments real drivers shipped — tokenized Stripe (PaymentIntent capture + status mapper) and tokenized Finix (Authorization → Transfer → Reversal). Credentials thread through refund and void; Transaction snapshots the consumer-entity link.
    • Mallow posting pipeline closed — chart of accounts lazy-seeds on first invoice; the register-payment subscriber flips Invoice to PAID on Hober close; refunds post a compensating Journal; TaxJurisdiction + JurisdictionResolver for address-driven tax-policy auto-pick; FiscalPeriod operator CRUD.
    • Terminus TierDefinition entity + auto-enrolment evaluator — tier programs now carry structured policy (entry rules, default validity window), not just Group + GroupMember rows.
    • Trantor calendar-aware allocation shipped — closed_by_calendar shortfall returns structured 409 detail when a Resource's availability calendar blocks an allocation window.
    • Seldon nightly slot regeneration converted to a Temporal Schedule, replacing the cron path.
    • Two new primitives: Pelorat (reporting-fork data plane, phase-1 data plane + phase-2 query + backfill) and Korell (data-import primitive, phase 1).
    • Infra: v0-demo brought up against the real AWS account; SES outbound + inbound mail forwarding for latticekit.dev; render-runtime ECS service with wildcard DNS.
  17. May 26, 2026
    • latticekit.dev marketing site shipped — hero, primitive grid, architecture flow, three use-case deep dives.
    • Documentation hub launched with 11 primitive spec pages, each with concepts, API surface, real examples, and a Mermaid architecture diagram in "How it fits."
    • Getting started walkthrough: seven curl calls from registering a Radiant repo to a confirmed Seldon Booking.
  18. May 25, 2026
    • Hober order primitive designed — POS live order tabs with split-by-item, split-tender, snapshot-at-add-time pricing, and a long-running OPEN → CLOSED lifecycle that lands as a Mallow Invoice.
    • Hardin catalog designed — products, variants, modifiers, composite-slot combos, recipe-driven Trantor inventory consume on order close.
    • Payments v0 landed — ProcessorConfiguration + Transaction + a mock driver. Expansion (PaymentIntent / Authorization / Settlement / Dispute) designed and queued.
  19. May 24, 2026
    • Terminus RankedGroup landed — one Group + GroupMember pair replaces eight near-duplicate entities (household, family, corporate, team, joint_account, care, tier, ad_hoc). Standalone Membership entity dropped.
  20. Earlier in May
    • Seldon BookingLifecycleAutoAdvancer wired to the outbox — booking.starting and booking.ending emissions auto-promote status (confirmed → checked_in → live → completed) without operator intervention.
    • Seldon Booking PATCH for modify — atomic Trantor hold swap, emission resync, gated by cancelDeadlineSec and modifyRevalidates.
    • Trantor allocator: atomic all-or-nothing holds via PESSIMISTIC_WRITE; AllocationConflictException returns structured 409 shortfall detail.
  21. Earlier in 2026
    • Seldon universal scheduling model locked — Offer + Availability + Booking handles appointment, stay, queue, open_capacity, staged_flow, and external sources in one model.
    • Radiant Git-backed config registry live — Repository, Asset, AssetVersion, Alias, and the resolve endpoint that pins a stable id to an effective version.
    • Trantor and Terminus directory services wired into the Booking flow via dependency injection — cross-primitive opaque-id refs, no Doctrine FKs.