https://bidda.com/changelog Material updates to the Bidda compliance intelligence registry, platform, and trust posture. What shipped, when, and why. en-us Fri, 26 Jun 2026 14:59:43 GMT Bidda generate-site-data.js 1440 https://bidda.com/assets/bidda-logo.png https://bidda.com/changelog https://bidda.com/changelog#20260626 https://bidda.com/changelog#20260626 A single signed record covers one decision. The new Run Ledger covers a whole task or conversation. Connect a bot or agent (for example a support bot or chat widget), open a run, and record one entry per turn as it consults rules and answers the person, then seal the run into a single signed run receipt that covers every turn. Each entry locks in the one before it, so nothing can be added, removed or re-ordered afterwards without it showing, and the user's input can be stored as plain text or only as a private hash that never leaves your process. Anyone you hand the receipt to can verify it against our public key with no Bidda account. It is available on the Run Ledger tab at /attest, and through four new tools (open_run, record_run_entry, seal_run, get_run) on the Bidda MCP server and the bidda-shield SDK, which the bidda-shield package wraps in a one-line "with shield.run(...) as run" helper. Opening, recording and sealing use your Bidda key and a free trial counts; verifying a sealed receipt is free. Fri, 26 Jun 2026 00:00:00 GMT Bidda Engineering Changelog · Platform https://bidda.com/changelog#20260621 https://bidda.com/changelog#20260621 You can now check a Bidda signed record on your own, with no Bidda account, using a new page at /verify-attestation that runs entirely in your browser. Paste a record and it confirms the digital signature and that nothing in the record was changed. The exact method is published at /.well-known/bidda-attestation-spec.md, and command-line checkers for Node and Python are included for auditors who prefer the terminal. We also rotate our signing key from time to time as good security practice. Every key we have ever used to sign records stays published at /api/v1/attest/keys, so a record signed by an older key keeps verifying for as long as you hold it. Rotating our signing key changes only which key signs new records; it does not affect any record already issued, and it has no effect on your API key, your plan, or your trial, which are a separate system. Sun, 21 Jun 2026 00:00:00 GMT Bidda Engineering Changelog · Trust https://bidda.com/changelog#20260620 https://bidda.com/changelog#20260620 The Bidda MCP server at https://bidda.com/mcp and the bidda-shield Python SDK now expose fourteen tools. Ten are free with no API key: the existing discovery and runtime-intelligence tools plus a new browse_topics tool that lets an AI assistant explore the registry by cross-cutting topic. Four are for subscribers and use your Bidda key (a free trial counts): compare_jurisdictions (see how jurisdictions differ on a topic, including where their numbers differ), create_attestation (save a signed record of which rules a decision relied on), point_in_time (what a rule said at a past date), and watch_changes (email or webhook alerts when a watched source changes). The downloadable SDK and the published bidda-shield package on PyPI were updated to match, so an autonomous agent can now run the full set programmatically. Sat, 20 Jun 2026 00:00:00 GMT Bidda Engineering Changelog · Developers https://bidda.com/changelog#20260620 https://bidda.com/changelog#20260620 Bidda now ships a set of self-serve tools for compliance teams. Signed Records at /attest let you save a time-stamped, digitally signed record of which rules a person or AI agent relied on for a decision, and let anyone confirm later that the record has not been changed. Point-in-time records capture what a rule said on a specific past date, tied to its entry in our public history. Change Alerts at /alerts let you watch the rules and pillars that matter to you and get an email or webhook when their primary source changes. Compare Jurisdictions at /compare lets you search a topic and see how different countries address it side by side, including where their numeric thresholds differ, such as a breach-notification deadline of 72 hours in one place and 30 days in another (it shows the real numbers and never ranks which is stricter). Browse by Topic at /topics is a cross-cutting view that groups rules by subject across every pillar and jurisdiction, while your existing pillars stay exactly as they are. The signed-record and alert tools are available to subscribers, including during a free trial. Sat, 20 Jun 2026 00:00:00 GMT Bidda Engineering Changelog · Platform https://bidda.com/changelog#20260608 https://bidda.com/changelog#20260608 Bidda now publishes a consolidated position against the three public-trust surfaces the Cybersecurity and Infrastructure Security Agency maintains for software vendors and defender tooling. The hub at /cisa links to a bidirectional crosswalk of CISA's eight Cybersecurity Performance Goals against Bidda's executable compliance nodes at /cisa/cpg-crosswalk, a public attestation against each of the seven Secure by Design Pledge goals with supporting evidence per goal at /cisa/secure-by-design, and a catalogue of the no-cost Bidda capabilities that are free at point of use for federal agencies, state, local, tribal and territorial governments, and operators of critical infrastructure at /cisa/free. The homepage carries a "Built to CISA's public-trust standards" band that links into the same position. JS-free plain-text mirrors of each of the four CISA pages were also added so AI crawlers that do not execute JavaScript can read the full content. Mon, 08 Jun 2026 00:00:00 GMT Bidda Engineering Changelog · Trust https://bidda.com/changelog#20260608 https://bidda.com/changelog#20260608 The privacy policy now includes a dedicated section 11a covering data-handling for users in the United States. The section names the rights granted to residents of the seventeen United States states with comprehensive consumer-privacy statutes (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Florida, Delaware, New Hampshire, New Jersey, Kentucky, Maryland and Minnesota), describes the posture Bidda holds for federal agencies and state, local, tribal and territorial governments and operators of critical infrastructure, and documents the cross-border transfer mechanism in place with sub-processors. Effective 2026-06-08, v2.2. Mon, 08 Jun 2026 00:00:00 GMT Bidda Engineering Changelog · Trust https://bidda.com/changelog#20260528 https://bidda.com/changelog#20260528 Bidda now spans 9,964 source-verified compliance nodes across 39 sovereign pillars, with zero critical schema violations. New depth this cycle: US federal statutory framework (RICO, mail and wire fraud, Hobbs Act, FISA, SECURE Act, SECURE 2.0, REAL ID, EU-US Data Privacy Framework), UK financial and human-rights law (Banking Act 2009, Human Rights Act 1998, Subsidy Control Act 2022), Australia federal criminal and digital-health law (Crimes Act 1914, My Health Records Act 2012), and the three Sprint J RegTech pillars: Data Protection & Privacy, Trade Compliance & Export Controls, and Financial Crime, AML & Sanctions. Thu, 28 May 2026 00:00:00 GMT Bidda Engineering Changelog · Registry https://bidda.com/changelog#20260525 https://bidda.com/changelog#20260525 Developer docs, methodology, use cases, pricing, about, audit trail, and node verification each ship a plain-text mirror so AI assistants and search engines that do not run JavaScript can read the full page, including the developer code examples. The sitemap and AI discovery manifests were expanded to list every public page. Refreshing any deep page now keeps you on that page instead of returning to the homepage. Mon, 25 May 2026 00:00:00 GMT Bidda Engineering Changelog · Discoverability https://bidda.com/changelog#20260525 https://bidda.com/changelog#20260525 Sovereign Insights now carries a dedicated briefing for each MITRE framework in the registry: ATT&CK Enterprise, ATT&CK Mobile, ATT&CK ICS, ATLAS, D3FEND, and CAPEC. Each explains what the framework covers, how Bidda crosswalks it to NIST 800-53, ISO 27001, PCI DSS and other standards, and how to query it through the API and MCP server. Mon, 25 May 2026 00:00:00 GMT Bidda Engineering Changelog · Insights https://bidda.com/changelog#20260524 https://bidda.com/changelog#20260524 Bidda now spans 9,964 source-verified compliance nodes across 39 sovereign pillars, with zero critical schema violations. Recent depth came from expanded United States federal regulation (eCFR) and sanctions (OFAC) coverage. Sun, 24 May 2026 00:00:00 GMT Bidda Engineering Changelog · Registry https://bidda.com/changelog#20260517 https://bidda.com/changelog#20260517 A new account area lets API customers view their plan, rotate their API key, and review a per-request audit log of their own usage. Lost access can be restored through magic-link recovery, with no passwords to store or leak. Sun, 17 May 2026 00:00:00 GMT Bidda Engineering Changelog · Platform https://bidda.com/changelog#20260513 https://bidda.com/changelog#20260513 Added /mitre.txt, /mitre-attack.txt, /atlas.txt, /d3fend.txt, /capec.txt as fully crawlable plain-text mirrors of the matrix pages for AI tools that do not execute JavaScript. RFC 9116 /.well-known/security.txt refreshed with security@bidda.com contact and safe-harbor terms. New /status page reads live from /api/v1/registry-health.json. New /aup acceptable use policy and /security vulnerability disclosure page. Privacy policy now lists all named sub-processors per GDPR Article 28 (see /privacy section 08 for the current list). Wed, 13 May 2026 00:00:00 GMT Bidda Engineering Changelog · Trust https://bidda.com/changelog#20260512 https://bidda.com/changelog#20260512 The full set of 34 industries Bidda covers is reachable within one scroll of the homepage, including the three newest pillars: immigration, agriculture, and water. A site-wide copy and typography pass brought consistency to every public page. Tue, 12 May 2026 00:00:00 GMT Bidda Engineering Changelog · Platform https://bidda.com/changelog#20260512 https://bidda.com/changelog#20260512 The /mitre-attack and /d3fend matrices now use the same horizontal-scroll Navigator pattern as /atlas: one column per tactic, technique cards stacked under each header, click to open a detail panel with the BLUF, the linked node_id, the external attack.mitre.org / d3fend.mitre.org URL, and an Open Node button. D3FEND also shows "Counters ATT&CK" with a cross-matrix link. Tue, 12 May 2026 00:00:00 GMT Bidda Engineering Changelog · MITRE https://bidda.com/changelog#20260512 https://bidda.com/changelog#20260512 New "Who Builds Bidda" section on /about with CIPC registration number 2026/363776/07, Cape Town registered office, integrity endpoint, and the public legal trio. Privacy, Disclaimer, Terms, and Refund Policy footers now carry the CIPC number and Cape Town office. Nav: "ATLAS" link replaced with "MITRE" pointing at the hub. Tue, 12 May 2026 00:00:00 GMT Bidda Engineering Changelog · Trust https://bidda.com/changelog#20260511 https://bidda.com/changelog#20260511 Latest CAPEC and D3FEND density batches landed. 9,964 verified compliance nodes are now live across 39 industries, including a MITRE layer across 6 frameworks (ATT&CK Enterprise/Mobile/ICS, ATLAS, D3FEND, CAPEC). Zero critical schema violations. Mon, 11 May 2026 00:00:00 GMT Bidda Engineering Changelog · Registry https://bidda.com/changelog#20260511 https://bidda.com/changelog#20260511 CAPEC (Common Attack Pattern Enumeration and Classification) joined ATT&CK Enterprise, ATT&CK Mobile, ATT&CK ICS, ATLAS, and D3FEND. The MCP get_mitre_mapping tool now recognises CAPEC-NN technique IDs and returns the cross-framework mapping. Reverse mappings into OWASP ASVS, NIST 800-53, ISO 27001, PCI DSS applied. Mon, 11 May 2026 00:00:00 GMT Bidda Engineering Changelog · MITRE https://bidda.com/changelog#20260511 https://bidda.com/changelog#20260511 Bidda is reachable from any MCP client (Claude Desktop, Cursor, Windsurf, claude.ai connectors) at https://bidda.com/mcp with 9 tools across discovery and runtime intelligence. The /scan REST endpoint accepts source code or a git diff and returns ranked regulatory matches plus a risk level. Free for discovery, $0.01 USDC for full vault unlocks. Mon, 11 May 2026 00:00:00 GMT Bidda Engineering Changelog · Platform https://bidda.com/changelog#20260504 https://bidda.com/changelog#20260504 EU AI Act Article 10 (Data Governance for High-Risk AI Systems) is publicly accessible without payment so prospective buyers can see exactly what a full 13-key vault node contains. Deterministic workflow, actionable schema, 7 primary legal citations, framework crosswalks. Mon, 04 May 2026 00:00:00 GMT Bidda Engineering Changelog · Registry https://bidda.com/changelog#20260430 https://bidda.com/changelog#20260430 Every workflow step in every node now traces directly to its primary source instrument. No placeholder or unverified content reaches customers: each step is grounded in the cited regulation, standard, or framework. Thu, 30 Apr 2026 00:00:00 GMT Bidda Engineering Changelog · Quality https://bidda.com/changelog#20260429 https://bidda.com/changelog#20260429 Every primary source URL in the registry is now fingerprinted weekly by TLS SPKI hash and content SHA-256. Tamper-evident git Merkle chain. Public health endpoint at /api/v1/registry-health.json with no authentication required. Wed, 29 Apr 2026 00:00:00 GMT Bidda Engineering Changelog · Trust