What changed.

Big rebrand. The commercial managed-infra surface is now fleet.ochk.io. “Console” was a generic developer-tools word that said nothing about what we do — fleet describes the product literally: enterprise fleet management for AI agents that hold Bitcoin-bound authority. The dashboard list at /agents is your fleet; the Pledge premium tier is fleet-wide bonded reputation; the audit bundle is your fleet's replayable history. The name finally matches the surface.

Four adapter packages shipped. The integration story stopped being “available to design partners on request” and became “yarn add and go.” @orangecheck/agent-anthropic, @orangecheck/agent-openai, @orangecheck/agent-vercel, and @orangecheck/agent-langgraph all published at v0.2.0. Each one ships stamp…, postActionToFleet, and a high-level wrapper (invokeWithStampAndPost, ocTool, or ocToolNode) — pre-call scope enforcement, post-call agent-action envelope emission, optional fire-and-forget POST to fleet.ochk.io. Each is MIT.

Webhook verifier published. @orangecheck/webhook-verify@0.2.0 — drop-in HMAC-SHA256 timing-safe verifier for outbound webhook deliveries. Three lines on your endpoint replaces a hand-rolled comparator (which is the only place hand-rolling timing-safe HMAC ever fails closed).

Family-wide rebrand mechanics. 10 repos updated (every oc-*-web footer, the docs site's /fleet section, oc-www's products list, oc-me-web's charter cross-pointers, and the v1.2-federation prose in oc-agent-protocol); @orangecheck/ui@0.2.0 with the renamed EcosystemSwitcher slug; Vercel project renamed; GitHub repo renamed; ConsoleClient → FleetClient, postActionToConsole → postActionToFleet across every adapter. No redirects: we confirmed nobody was using the old domain.

Persistence is live. The v1.1 in-memory mock has been replaced with real Postgres-via-Drizzle-via-Supabase-pooler. /api/health/deep probes the live DB on every check. Dashboard pages still keep the mock-data fallback when DATABASE_URL isn't set, so the OSS self-host path is preserved.

Subdelegation cron coverage. The three background workers (republish-nostr, retry-webhooks, upgrade-ots) now handle subdelegation envelopes (kind 30086) alongside delegation envelopes. Envelope-class symmetry in the audit pipeline — no special-case branches between the two.

A real bug shipped in v1.1: clicking sign-in routed to the auth host but landed back on whichever page you started from instead of /dashboard, and once you were on /dashboard the session-check endpoint didn't exist on fleet — so the auth gate looped you back to ochk.io which sent you back to the dashboard which looped again. Three real bugs stacked into one symptom.

Three fixes:

• The header sign-in chip used return_to=<current_page> as default (auth-client behavior). Now OcSessionProvider sets defaultReturnTo="/dashboard" so every sign-in lands on the operator surface regardless of where you clicked from.
• /signin and DashboardShell were sending ?redirect= to ochk.io but the auth host accepts ?next= or ?return_to= — so my param was silently dropped. Both call sites now use the canonical ?return_to=.
• /api/auth/me didn't exist on fleet. The provider polled it, got 404, flipped status to error, the dashboard guard redirected to ochk.io, ochk.io bounced back, repeat. Endpoint now implemented (Ed25519 verify against OC_AUTH_PUBLIC_JWK, no DB), with a contract test that catches this exact bug class.

Plus a few more low-risk additions in the same window: /api/auth/logout (local cookie hygiene), /api/health (liveness probe for uptime monitors), /500 custom server-error page, /press brand kit, /docs 308 → docs.ochk.io.

Lesson: 200-status smoke tests don't catch redirect-loop logic. Live auth flows now have contract tests that exercise the real signing + verification path so this class of bug fails in CI, not in production.

Big push. Same release window as launch but the surface multiplied:

Language fix. Every “OpenTimestamps anchor” reference now leads with OC Stamp — receipts are OC Agent action envelopes (kind 30084) reusing OC Stamp's envelope structure; OpenTimestamps is named only as the underlying anchor rail. We dogfood the family.

v1.1 — operator dashboard. /agents, /agents/new, /agents/[id] with overview / scope / audit / settings tabs, /audit with full filtering + signed-bundle export, /billing with cycle usage + invoice history at sat-USD parity, /team with RBAC + SSO config, /settings with project, scope-policy, API tokens, webhooks, danger-zone. Sidebar shell auth-gated against ochk.io; backend persistence wired against in-memory mock until v1.2.

v1.1 — real checkout, env-driven. /pricing Pro CTAs now POST to /api/checkout/stripe (Stripe Checkout subscription mode) and /api/checkout/lightning (BTCPay Server, BTC + BTC-LN, no custodian). Webhooks at /api/webhooks/{stripe,btcpay} with raw-body signature verification. Buttons fall through to /contact when env isn't set — no broken UX, real activation is just a credentials swap.

v1.1 — integration detail pages. anthropic, openai, vercel-ai, langgraph. Each documents what the adapter will do, why the stack matters, the realistic status, with a preview snippet of the eventual API. @orangecheck/agent-mcp is already on npm at v0.1.0 with runnable examples in oc-agent-examples; the MCP page reflects that.

v1.2 preview — federation sign-in. /federation explains the strategic case for Fedimint guardians as first-class principals (M-of-N BIP-322 quorum). The /signin chooser shows both methods; federation is gated “v1.2” with a link to the explainer.

v2 preview — pledge premium tier. Public reputation profiles at /a/[address] render every published OC Pledge against an address — claim, resolution rule, bonded sats, witnesses, delivery state, OC Stamp anchor. Pledge composer at /reputation/compose drafts an envelope with live JSON preview; ends at “sign in wallet” pending v2 wallet plumbing.

First public version of OrangeCheck Fleet. Marketing surface live with full copy: why, integrations, pricing, reputation, security, charter, about, contact, status.

BIP-322 sign-in routed through the family auth host at ochk.io. Dashboard stub at /dashboard accepts design-partner waitlist signups.

MCP integration page published. The @orangecheck/agent-mcp adapter — already on npm at v0.1.0 — is the canonical reference.