Phase 3 · Marketplace · Author flow

Publish a policy

Authoring is a four-step flow: edit → sign → register → adopt. The first three steps live inside the hosted app — the marketing site doesn't accept private keys; nothing here ever sees your signing material.

1. 1. Edit

   Open the policy editor in the hosted app. Monaco autocompletes against the sbo3l.policy.v1 schema; inline diagnostics flag unknown fields. Test against any APRP envelope via the dry-run pane.

   Open editor →

2. 2. Sign

   When the policy validates, sign it with your KMS-backed signer (in-memory, file, AWS KMS, GCP KMS, or Vault — see /concepts/signing). Output: a signed JSON document with issuer, policy_snapshot_hash, and signature fields.

3. 3. Register

   POST the signed document to the marketplace registry endpoint. The registry verifies the signature, computes the policy_id, indexes the rules + budgets, and emits a policy.published audit event. Initial reputation score: 0.50 (community baseline); rises with adoption + observed decision outcomes.

   Endpoint: POST sbo3l-app.vercel.app/api/marketplace/register (admin-gated). Today this surface is private; ask Daniel for early-adopter access.

4. 4. Adopt

   Once registered, your policy appears in the public listing. Adopters pin it via policy.toml in their daemon (id = "<your-policy-id>"). Each adoption + each successful decision under your policy contributes to your reputation score.