Roadmap · companion to /status

From hackathon submission to production v1 — and beyond

/status answers what is live right now. This page answers what's between today and a production v1, and what comes after that. Each item in the middle column has an explicit "what's blocking" line so a future engineer can pick one up.

Hackathon demo shipped

Every "live" row from /status, summarised. Each of these has a real artifact a judge can hit.

  • Cryptographic core

    Ed25519 signing, hash-chained audit log, JCS canonicalisation, strict-mode capsule verifier — all production-shape Rust in the sbo3l-core crate. 881/881 tests green.

  • Daemon HTTP API

    sbo3l-server binary serves /v1/payment-requests + /v1/healthz + /v1/admin/events. APRP envelope → policy → budget → audit → signed receipt end-to-end on a single binary.

  • WASM verifier

    Browser-side strict-mode verifier shipped at /proof. 2.4 MB bundle, zero network calls. Anyone can verify a capsule offline against the daemon's published Ed25519 pubkey.

  • Sponsor live integrations

    Live KeeperHub workflow + Sepolia QuoterV2 + Sepolia AnchorRegistry + Anthropic tool-use receipts. 7 sponsor pages on /submission/<slug>; status truth-table at /status.

  • ERC-8004 IdentityRegistry

    Deployed to Sepolia at 0x600c10dE…Db37. sbo3l agent register writes through the registry; ERC-8004 events emit on-chain.

  • Postgres multi-tenant backend

    V020 migration ships per-tenant scoping. apps/sbo3l-playground-api uses Neon Postgres in production. Tier-3 hosted daemon live on Vercel.

  • 21-locale i18n + RTL

    Marketing site translates via t() helper across 21 locales (EN+SK+KO+JA + Latin8 + RTL/CJK9). AR + HE render with dir=rtl via isRtlLocale().

  • Mock playground (Tier 2)

    Browser-side mock decision engine at /playground. 8 pre-loaded scenarios. Mock capsules use schema sbo3l.playground_mock.v1 + signature MOCK_NOT_SIGNED so they cannot pass strict-mode verification.

  • Hosted playground (Tier 3)

    Real Vercel-hosted /playground/live with provision-aware healthz banner. Capsules carry a real Ed25519 signature; audit chain is public.

Production prerequisites v1 blockers

Concrete items between today and a paying-customer deploy. None are research; all are scoped engineering with clear ownership.

  • AWS KMS / GCP Cloud KMS signer

    Crate compiles but sign() is unimplemented!(). Production deploys must rotate signing keys via a managed KMS — embedding the private key in disk or env is unacceptable for any tenant whose capsules carry real money.

    Blocking: Need AWS access key + GCP service account from operator; integration tests gated on a CI runner with secret access.

    Owner: Backend / infra

  • TLS termination + hardened daemon bind

    Default sbo3l-server config binds 127.0.0.1 with no TLS. Documented as dev-only. Production needs a reverse proxy (Caddy / nginx / ALB) with cert-manager-issued certs, and the daemon flag-gated to bind that interface only.

    Blocking: Deployment runbook + certbot automation. Per-environment domain (api.sbo3l.dev planned).

    Owner: Infra

  • Real Uniswap swap broadcast

    Read-side is live (Sepolia QuoterV2 returns real quotes). Write-side scope-cut for hackathon — no swap actually executes. Production v1 needs the broadcast path with mainnet ETH gas, plus the post-broadcast capsule wiring.

    Blocking: Mainnet ETH for gas + nonMartin's review of the broadcast path. Treasury approval for first-tx gas budget.

    Owner: Sponsor track lead (Uniswap)

  • Per-IP rate limiting (Tier 3)

    Tier-3 hosted daemon has no rate limit today; an enthusiastic user can flood the audit chain with low-value capsules. Need a token-bucket via Upstash KV (10 req/min/IP for unauthenticated, higher for tenant-scoped tokens).

    Blocking: Spec the rate-limit dimensions (per IP, per tenant, per agent_id) and the deny path. Should the hosted daemon emit a synthetic deny capsule with deny_code=protocol.rate_limited, or 429 + drop?

    Owner: Backend

  • Mainnet OffchainResolver for sbo3lagent.eth

    Currently sbo3lagent.eth points at the PublicResolver with regular text records. To demonstrate the full CCIP-Read flow on mainnet — wildcard subname resolution via the SBO3L gateway — we need to deploy the OR on mainnet and migrate the records.

    Blocking: ~$10 mainnet ETH gas. Risk: messes up existing live records during migration. Operator-gated.

    Owner: Sponsor track lead (ENS)

  • Sepolia OffchainResolver wiring + URL fix

    Resolver deployed at 0x7c69…8c3 but orphan — no Sepolia subname has it set as resolver. Also: the baked URL template ({sender/{data}.json}) is malformed; the contract needs redeploy or the URL needs a constructor arg correction.

    Blocking: Redeploy with the correct URL template. ~0.01 SEP-ETH (we have plenty).

    Owner: Sponsor track lead (ENS)

Future work post-v1

Items that need their own design + a separate engineering cycle. Sized to a paragraph each so the column isn't handwaving — each is a real research direction.

  • Cross-agent reputation

    Today the policy + audit boundary is per-tenant. The next layer is portable agent reputation: agent A built a 1000-capsule history of clean decisions on tenant X; tenant Y wants to onboard A and trust those capsules without re-running every check. Needs a reputation-score primitive that compounds across tenants without leaking per-tenant policy. Open question: does this live on-chain (token-gated reputation pool) or off-chain (signed reputation receipts the agent carries)?

  • On-chain audit anchoring at scale

    Today every audit anchor costs ~24K gas on Sepolia per checkpoint. For high-throughput tenants we need either (a) batch anchoring with a Merkle root over N capsules, posted hourly, or (b) anchoring to an L2 with cheaper data costs (Base / Optimism). Either way: an indexer that lets a verifier walk back from a capsule to its on-chain anchor without scraping every block.

  • Governance layer

    Policy changes are currently a single tenant-admin write to the daemon. For multi-stakeholder tenants (DAOs, protocol treasuries) we need policy proposals — a multi-sig of admins approves, the policy diff is signed by quorum, the audit chain records the policy_hash transition. Distinct from the per-decision human_2fa flow; this is multi-party policy update, not multi-party single-decision approval.

  • ENSIP draft for agent-bound subnames

    ERC-8004 covers identity discovery; what's missing is a standardised way for an ENS name to declare 'I am bound to a SBO3L policy with this hash, the daemon for me lives at this URL, my capsules verify against this Ed25519 pubkey'. Today we encode that in three custom text records (sbo3l:policy_hash, sbo3l:gateway, sbo3l:verifier). An ENSIP would let any wallet / explorer / agent understand SBO3L-bound names without bespoke code.

  • Mobile native apps (iOS + Android)

    apps/mobile is an Expo skeleton with biometric-gated approvals + push notifications. Real submission to TestFlight + Play Internal Track is a $124/yr Apple Developer + Play Console gate; Daniel-side runbook in docs/mobile/SUBMIT-TO-STORES.md.

  • Algolia DocSearch index

    Cmd+K shortcut already wired on the marketing site to bounce to docs (Starlight Pagefind). Once Algolia approves our DocSearch application (1–2 week turnaround), wire DocSearch in apps/docs/. Runbook at docs/dev3/ALGOLIA-DOCSEARCH-SETUP.md.

Where the gaps come from

Daniel's standing rule (originSession): every "live" claim on this site must be backed by a real artifact a judge can hit. Anything that isn't — whether it's "we'll do this post-hackathon" or "this is a 6-month project" — gets called out explicitly here, on /status, or in per-component scope-cut reports under docs/dev3/.

If you find a claim elsewhere on this site that contradicts the gaps documented here, please open a GitHub issue against the contradicting surface — these three pages (/, /status, /roadmap) are the canonical truth statement.