For: Anyone trying to evaluate SBO3L from the playground
How the SBO3L playground works (3-tier architecture)
Why the playground splits into mock cinematic, WASM client-side, and hosted live daemon — three tiers for three audiences.
SBO3L's playground gives every audience their own proof-level. A judge glancing for 60 seconds sees motion graphics; a tech sceptic edits the policy and re-runs in WASM; a sponsor reviewer submits a real APRP and watches the capsule appear on Sepolia. Three tiers, one product.
Tier 1 — Mock cinematic
No daemon, no WASM, no network. Pre-rendered animated SVG sequence showing what a decision looks like. Auto-loops, ~17 seconds end-to-end, ships zero KB of JavaScript. The cost of being wrong here is "the judge thinks the demo is cute" — not "the judge thinks the cryptography is broken." Cheap to ship, fast to load, accessible (reduced-motion pins to scene 3 with the deny code visible).
Tier 2 — WASM playground
sbo3l-core compiled to wasm32-unknown-unknown
via wasm-bindgen. Loads in the browser, runs the same
decision pipeline as the daemon, signs receipts with a deterministic
mock key derived from sha256("playground.sbo3l.dev/mock-key-v1").
The mock-signing is the catch — capsules from Tier 2 are not
cryptographically distinguishable from a real attacker who knew the
same derivation. Tier 2 is for education, not auditable
evidence.
Bundle weight is the constraint: ~200 KB gzipped target. Anything more and the playground becomes annoying to load on mobile, defeating the "edit and re-decide in real time" experience.
Tier 3 — Hosted live daemon
A real sbo3l-server runs as a Vercel Function (Fluid
Compute, Node 24 LTS), backed by Vercel Postgres for the audit chain
and Vercel KV for per-IP rate limiting. Every 6 hours a cron publishes
an anchor of the audit-chain root to the Sepolia AnchorRegistry
contract — so any visitor's capsule can be verified against an
on-chain timestamp.
Tier 3 capsules carry a real Ed25519 signature from a key generated
at deploy time, stored sealed in Vercel env. The capsule's
verifier_pubkey field points to that key, registered
under playground.sbo3l.dev in ENS. A skeptic can verify
the capsule offline against the public key + verify the public key
is what ENS says — full chain of custody.
Why split into three?
| Audience | Path | Time |
|---|---|---|
| Judge in 60s | Lands → cinematic auto-plays | ~30s |
| Tech sceptic | Tier 2 → edits scenario → verifies WASM source | 3-5 min |
| Sponsor reviewer | Tier 3 → submits APRP → on-chain Etherscan link | 2-3 min |
What this is NOT
- Tier 1 is not "the product." It's a teaser for the product.
- Tier 2 capsules are mock-signed — DO NOT use them as real audit
evidence. The bundle clearly labels every output capsule with a
"mock_signed": truefield. - Tier 3 is rate-limited (10 req/min/IP) and the audit chain is public — don't put real secrets in your APRP. The page banner says so explicitly.