v2.4.0 — Integrity Hardening & Code Quality

What's new in v2.4.0

Score reliability improvements

• Fixed cache mutation bug — Serve-time dampening was silently modifying cached score objects, causing repeated reads of the same wallet to drift lower. Scores are now deterministic.
• Full score response now includes sybil & gaming indicators — These were being computed but dropped from the /v1/score/full response. Now returned in every full score response.
• New dataSource field — Every score response now includes dataSource: "live" | "cached" | "unavailable" so consumers know whether they're looking at a fresh computation or a cached result.

Security & correctness

• Certification endpoint race condition eliminated (DB transaction wrapping)
• SSRF filter hardened against non-standard IP encodings (octal, hex, overflow)
• Admin auth upgraded to SHA-256 hashing before timing-safe comparison
• Rate limiter fixed to check-before-increment (prevents off-by-one on limit boundary)
• History endpoint NaN limit parameter now correctly defaults to 50

Performance

• Sybil tight-cluster detection: N+1 queries replaced with single batched SQL query
• New covering index for free tier usage lookups
• Snapshot pruning moved out of score upsert hot path

Architecture

• 8-phase refactoring complete: extracted middleware, utilities, templates, constants
• 193 tests across 28 test files
• Full Biome lint/format compliance
• Scoring engine decomposed into named phases (fetch → detect → score → composite → explain)
• Test factories and in-memory DB helpers for isolated testing

Full Changelog: v2.3.0...v2.4.0