Circadify SDK Changelog: Updates and Migration Guide
A detailed look at how rPPG SDK changelogs and migration guides shape developer adoption, reduce integration risk, and keep health platforms running smoothly through version updates.
Anyone who has upgraded a third-party SDK at 2am because production broke knows the feeling. You pull up the changelog, scan for breaking changes, and try to figure out whether "improved API surface" means your authentication code stopped working. The Circadify SDK changelog and migration guide exist specifically so that doesn't happen — but the broader question of how health-tech SDKs handle versioning and migration is worth examining, because most of the industry still gets it wrong.
"Semantic versioning, when applied consistently, reduces unplanned integration failures by giving consuming teams a reliable signal about the scope of each update." — AWS DevOps Blog, 2025
Why SDK changelogs matter more in health technology
In consumer apps, a botched SDK upgrade means a feature breaks for a few hours. In health technology, it can mean vital signs stop recording during a telehealth session or an insurance underwriting flow drops biometric data mid-scan. The stakes are different, and the changelog discipline needs to reflect that.
The Google Fit API deprecation happening through 2026 is a good case study. Google announced the migration to Health Connect, gave developers a timeline, and published migration guides. But the transition still caught teams off guard because the data models changed significantly, the OAuth flow shifted, and some endpoints disappeared without direct replacements. According to Google's own developer documentation, the migration requires rethinking not just API calls but authorization architecture and data persistence strategies.
Fitbit's API is going through something similar. Thryve Health published an analysis in early 2026 noting that the transition from Fitbit's authorization system to Google OAuth 2.0 means teams need to rebuild not only their integrations but their compliance documentation. For health platforms handling PHI, that's months of work that a changelog entry alone can't capture.
This is the gap that a proper migration guide fills. A changelog tells you what changed. A migration guide tells you what to do about it.
What developers actually need from a changelog
Most changelogs read like commit messages that got dressed up for a press release. "Improved performance" tells you nothing. "Reduced face detection latency from 45ms to 28ms on Snapdragon 6-series chipsets" tells you everything. The difference between a useful changelog and a useless one comes down to specificity.
| Changelog element | Bad example | Good example | Why it matters |
|---|---|---|---|
| Breaking change notice | "Updated authentication" | "OAuth token refresh endpoint moved from /v2/auth to /v3/auth; v2 endpoint deprecated, sunset August 2026" | Developers can grep their codebase and find exactly what to change |
| Performance update | "Improved speed" | "Heart rate estimation pipeline reduced from 3.2s to 1.8s on devices with 3GB+ RAM" | Teams can update their performance budgets |
| New feature | "Added breathing rate" | "New getBreathingRate() method returns respiratory rate in breaths/min; requires camera access for minimum 45 seconds" |
Integration teams know the constraints up front |
| Bug fix | "Fixed crash" | "Resolved null pointer exception when camera permission revoked mid-scan on Android 13+" | QA teams can remove their workaround |
| Deprecation | "Legacy method deprecated" | "startScan(config) deprecated in favor of initSession(config).start(); legacy method removed in v4.0" |
Developers know how long they have and what to switch to |
How semantic versioning applies to health SDKs
Semantic versioning — MAJOR.MINOR.PATCH — sounds straightforward. Major versions break things, minor versions add things, patch versions fix things. In practice, health-tech SDKs complicate this because "breaking" is contextual. Changing the precision of a blood pressure reading from two decimal places to one might not break the API contract, but it absolutely breaks a clinical display that shows "120.45/80.32 mmHg."
TinyMCE's engineering team wrote about their adoption of semantic versioning in 2025, noting that the hardest part wasn't following the numbering scheme but defining what constitutes a breaking change in the first place. Their solution was to maintain a compatibility matrix alongside the version number. For health SDKs, that matrix needs to include data format changes, accuracy threshold shifts, and supported device lists — not just API surface changes.
The Shen.AI SDK changelog provides a reference point for how rPPG-specific versioning works in practice. Their version 2.9, released in July 2025, introduced multimodal sensing that combined rPPG with remote ballistocardiography (rBCG). That's a minor version bump by semver rules — new functionality, no breaking changes — but it fundamentally altered what the SDK could do. Teams that pinned to 2.8.x missed out on breathing rate model improvements. Teams that auto-updated to 2.9 had to handle new data fields they weren't expecting.
This is where module-level versioning becomes relevant. Instead of one version number for the entire SDK, individual pipeline components — face detection, signal extraction, parameter estimation — can version independently. A team that only cares about heart rate can pin the signal extraction module while letting face detection update freely. Circadify's SDK architecture uses this approach, as described in the getting started guide, where individual pipeline modules are versioned independently so that signal extraction improvements can ship without forcing updates to face detection.
Migration strategies that actually work
Azure's FHIR API migration, scheduled to complete by September 2026, offers some lessons in how to handle a major health-tech platform transition. Microsoft published migration strategies that break the process into phases: assessment, parallel running, data migration, and cutover. The parallel running phase — where both old and new systems process data simultaneously — is the piece most SDK migrations skip, and it's the piece that prevents disasters.
For SDK migrations specifically, the patterns that reduce risk look like this:
Adapter pattern
Write a thin layer between your application code and the SDK. When the SDK version changes, you update the adapter instead of hunting through your entire codebase. This is standard software engineering, but it's remarkable how many health platform teams call the SDK directly from their business logic and then spend weeks untangling things during a major version upgrade.
Feature flags for SDK versions
Run the old and new SDK versions in parallel behind feature flags. Route 5% of traffic to the new version, monitor for accuracy regressions or crash rate increases, and gradually roll out. This is how the multi-platform rPPG SDK approach works in practice — you're not switching everything at once.
Pinned dependencies with scheduled upgrades
Pin your SDK version in production. Don't auto-update. Schedule quarterly upgrade windows where you review the changelog, run your test suite against the new version, and promote to production in a controlled release. The OneUptime blog published a detailed API deprecation handling guide in February 2026 recommending this exact cadence for health-tech integrations.
| Migration strategy | Best for | Risk level | Effort |
|---|---|---|---|
| Adapter pattern | Teams with SDK calls spread across codebase | Low | Medium upfront, low ongoing |
| Feature flag rollout | High-traffic platforms where accuracy regressions are costly | Low | High upfront, medium ongoing |
| Pinned + quarterly upgrade | Small teams with limited QA resources | Medium | Low upfront, medium per cycle |
| Direct upgrade | Non-critical integrations, development environments | High | Low |
| Blue-green deployment | Enterprise platforms with strict uptime SLAs | Low | High |
What breaks during rPPG SDK migrations
Most rPPG SDK breaking changes fall into predictable categories. Knowing what to watch for makes the changelog less of a scavenger hunt.
Camera pipeline changes
When the SDK changes how it accesses or processes camera frames, every platform behaves differently. Android 13 introduced new camera permission behaviors that several SDKs had to accommodate. The Shen.AI changelog for version 2.9.1 specifically called out a camera freeze fix on Android — the kind of platform-specific regression that only shows up in production on specific devices.
Signal processing algorithm updates
An updated heart rate algorithm might be more accurate overall but produce different results for edge cases your application handles. If your app flags heart rates above 100 BPM as elevated and the new algorithm shifts readings upward by 2-3 BPM across the board, your alert thresholds need recalibration. This isn't a "bug" — the new numbers might be closer to ground truth — but it's a functional change that the changelog needs to call out.
Data model changes
Adding new vital signs (breathing rate, HRV metrics, stress indices) to the SDK response object can break parsers that use strict schema validation. Health platforms using HL7 FHIR for data exchange, as discussed in webhooks and real-time vitals streaming, need to update their FHIR resource mappings whenever the SDK's output schema changes.
Platform minimum version bumps
Dropping support for Android 9 or iOS 14 seems minor until you realize that 12% of your user base is still on those versions. The changelog should state minimum platform versions for every major release, and the migration guide should include fallback strategies for unsupported devices.
Current research and evidence
The software engineering research community has been studying SDK migration patterns with increasing rigor. A 2025 analysis published on the AWS DevOps blog found that teams using semantic versioning consistently experienced fewer unplanned integration failures compared to teams using date-based or arbitrary versioning schemes. The key factor wasn't the numbering itself but the discipline it imposed — forcing teams to categorize every change as breaking, additive, or corrective before release.
CrafterCMS documented their JavaScript SDK transition to semantic versioning in 2025, noting that the migration itself required a major version bump because their previous versioning hadn't followed any consistent convention. The lesson: adopting semver retroactively is harder than starting with it, because you have to audit every existing integration to establish a baseline.
The Developer Experience Knowledge Base (developerexperience.io) maintains a comprehensive resource on semantic versioning specifically aimed at SDK producers. Their guidance emphasizes that changelogs should be written for the consuming developer, not the producing team — a distinction that sounds obvious but gets violated constantly. "Refactored internal state management" means nothing to someone trying to figure out if their integration still works.
The future of SDK versioning in health technology
Health-tech SDK versioning is moving toward continuous compatibility testing. Instead of releasing a version and hoping integrations survive, SDK producers are starting to run their test suites against known consumer implementations before each release. If a new version breaks a registered integration pattern, the release gets flagged before it ships.
The regulatory dimension adds complexity. As rPPG technology moves toward clinical use cases, SDK versions may need to be tied to regulatory submissions. A version that was part of a 510(k) submission can't be silently patched without potentially invalidating the regulatory status. This means health-tech SDKs may end up maintaining multiple active version branches — one for regulated use cases with locked-down updates, and one for general use with normal semver progression.
Module-level versioning, combined with compatibility matrices and automated migration tooling, is where the industry is heading. The goal is to make SDK upgrades boring. Not painless — there will always be work — but predictable and well-documented enough that nobody's doing it at 2am.
Frequently asked questions
How often should we upgrade our rPPG SDK version?
Quarterly is a reasonable cadence for most teams. You want to stay close enough to the latest version that migration doesn't become a massive project, but far enough behind that critical bugs get caught by early adopters. Pin your version, review changelogs quarterly, and upgrade in a controlled window with rollback capability.
What should we do if a breaking change isn't documented in the changelog?
Report it to the SDK producer immediately — undocumented breaking changes are a serious quality signal. In the meantime, pin the previous working version in production and run the new version in a staging environment until you've identified all the differences. Document what you find, because other teams are probably hitting the same issue.
How do we handle SDK deprecation timelines?
Start migrating when the deprecation is announced, not when the sunset date approaches. Google's Health Connect migration and Azure's FHIR API transition both gave 12-18 month windows, which sounds generous until you factor in testing, compliance review, and staged rollout. Budget half the deprecation window for migration work and the other half for monitoring and cleanup.
Should we use the latest SDK version or wait for a patch?
For production health platforms, wait for the first patch release after any minor or major version bump. The x.y.1 release typically catches the integration issues that slip through the SDK producer's test suite. Use the x.y.0 release in development and staging to get ahead of any changes, but don't promote to production until that first patch confirms stability.
Health-tech SDK versioning is one of those infrastructure problems that only gets attention when something breaks. But the teams that treat their SDK changelog as a first-class engineering document — and build migration practices around it — are the ones that ship features instead of fighting fires. Circadify's approach to modular SDK architecture reflects this philosophy, keeping components independently versioned so that upgrading one part of the pipeline doesn't force a full integration overhaul.