Roadmap · companion to /status
From hackathon submission to production v1 — and beyond
/status answers what is live right now. This page answers what's between today and a production v1, and what comes after that. Each item in the middle column has an explicit "what's blocking" line so a future engineer can pick one up.
Hackathon demo shipped
Every "live" row from /status, summarised. Each of these has a real artifact a judge can hit.
- Cryptographic core
Ed25519 signing, hash-chained audit log, JCS canonicalisation, strict-mode capsule verifier — all production-shape Rust in the sbo3l-core crate. 977/977 tests green.
- Daemon HTTP API
sbo3l-server binary serves /v1/payment-requests + /v1/healthz + /v1/admin/events. APRP envelope → policy → budget → audit → signed receipt end-to-end on a single binary.
- WASM verifier
Browser-side strict-mode verifier shipped at /proof. 2.4 MB bundle, zero network calls. Anyone can verify a capsule offline against the daemon's published Ed25519 pubkey.
- Sponsor live integrations
Live KeeperHub workflow + Sepolia QuoterV2 + Sepolia AnchorRegistry. Per-track submission pages on /submission/<slug>; status truth-table at /status.
- ERC-8004 IdentityRegistry
Deployed to Sepolia at 0x600c10dE…Db37. sbo3l agent register writes through the registry; ERC-8004 events emit on-chain.
- Postgres multi-tenant backend
V020 migration ships per-tenant scoping. apps/sbo3l-playground-api uses Neon Postgres in production. Tier-3 hosted daemon live on Vercel.
- 21-locale i18n + RTL
Marketing site translates via t() helper across 21 locales (EN+SK+KO+JA + Latin8 + RTL/CJK9). AR + HE render with dir=rtl via isRtlLocale().
- Mock playground (Tier 2)
Browser-side mock decision engine at /playground. 8 pre-loaded scenarios. Mock capsules use schema sbo3l.playground_mock.v1 + signature MOCK_NOT_SIGNED so they cannot pass strict-mode verification.
- Hosted playground (Tier 3)
Real Vercel-hosted /playground/live with provision-aware healthz banner. Capsules carry a real Ed25519 signature; audit chain is public.
- Mainnet Uniswap V3 broadcast UNI-A1
Real swap on Ethereum mainnet from the SBO3L deploy wallet — tx 0xed68d1…aff0b: 0.005 ETH → 11.5743 USDC via Universal Router, block 25,013,950, gas $0.71 @ 2.19 gwei. Same swap-policy guard (token allowlist + slippage cap + treasury recipient) protects this and any future agent-initiated swap.
- 5 KH-aware framework adapters
@sbo3l/langchain-keeperhub, @sbo3l/elizaos-keeperhub, @sbo3l/vercel-ai-keeperhub on npm + sbo3l-autogen-keeperhub, sbo3l-crewai-keeperhub on PyPI. Each shipped with a runnable demo. One-line install for the most common AI agent frameworks.
Production prerequisites v1 blockers
Concrete items between today and a paying-customer deploy. None are research; all are scoped engineering with clear ownership.
- AWS KMS / GCP Cloud KMS signer
Crate compiles but sign() is unimplemented!(). Production deploys must rotate signing keys via a managed KMS — embedding the private key in disk or env is unacceptable for any tenant whose capsules carry real money.
- TLS termination + hardened daemon bind
Default sbo3l-server config binds 127.0.0.1 with no TLS. Documented as dev-only. Production needs a reverse proxy (Caddy / nginx / ALB) with cert-manager-issued certs, and the daemon flag-gated to bind that interface only.
- Mainnet Universal Router via Trading API
Real Uniswap V3 mainnet swap broadcast UNI-A1 already shipped (tx 0xed68d1…aff0b: 0.005 ETH → 11.5743 USDC at block 25,013,950, gas $0.71). Production v1 would route through the Uniswap Trading API for server-side fee-tier discovery + signed-quote handling instead of building envelopes locally.
- Per-IP rate limiting (Tier 3)
Tier-3 hosted daemon has no rate limit today; an enthusiastic user can flood the audit chain with low-value capsules. Need a token-bucket via Upstash KV (10 req/min/IP for unauthenticated, higher for tenant-scoped tokens).
- Mainnet OffchainResolver for sbo3lagent.eth
Currently sbo3lagent.eth points at the PublicResolver with regular text records. To demonstrate the full CCIP-Read flow on mainnet — wildcard subname resolution via the SBO3L gateway — we need to deploy the OR on mainnet and migrate the records.
- Sepolia OffchainResolver wiring + URL fix
Resolver deployed at 0x7c69…8c3 but orphan — no Sepolia subname has it set as resolver. Also: the baked URL template ({sender/{data}.json}) is malformed; the contract needs redeploy or the URL needs a constructor arg correction.
Future work post-v1
Items that need their own design + a separate engineering cycle. Sized to a paragraph each so the column isn't handwaving — each is a real research direction.
- Cross-agent reputation
Today the policy + audit boundary is per-tenant. The next layer is portable agent reputation: agent A built a 1000-capsule history of clean decisions on tenant X; tenant Y wants to onboard A and trust those capsules without re-running every check. Needs a reputation-score primitive that compounds across tenants without leaking per-tenant policy. Open question: does this live on-chain (token-gated reputation pool) or off-chain (signed reputation receipts the agent carries)?
- On-chain audit anchoring at scale
Today every audit anchor costs ~24K gas on Sepolia per checkpoint. For high-throughput tenants we need either (a) batch anchoring with a Merkle root over N capsules, posted hourly, or (b) anchoring to an L2 with cheaper data costs (Base / Optimism). Either way: an indexer that lets a verifier walk back from a capsule to its on-chain anchor without scraping every block.
- Governance layer
Policy changes are currently a single tenant-admin write to the daemon. For multi-stakeholder tenants (DAOs, protocol treasuries) we need policy proposals — a multi-sig of admins approves, the policy diff is signed by quorum, the audit chain records the policy_hash transition. Distinct from the per-decision human_2fa flow; this is multi-party policy update, not multi-party single-decision approval.
- ENSIP draft for agent-bound subnames
ERC-8004 covers identity discovery; what's missing is a standardised way for an ENS name to declare 'I am bound to a SBO3L policy with this hash, the daemon for me lives at this URL, my capsules verify against this Ed25519 pubkey'. Today we encode that in three custom text records (sbo3l:policy_hash, sbo3l:gateway, sbo3l:verifier). An ENSIP would let any wallet / explorer / agent understand SBO3L-bound names without bespoke code.
- Mobile native apps (iOS + Android)
apps/mobile is an Expo skeleton with biometric-gated approvals + push notifications. Real submission to TestFlight + Play Internal Track is a $124/yr Apple Developer + Play Console gate; Daniel-side runbook in docs/mobile/SUBMIT-TO-STORES.md.
- Algolia DocSearch index
Cmd+K shortcut already wired on the marketing site to bounce to docs (Starlight Pagefind). Once Algolia approves our DocSearch application (1–2 week turnaround), wire DocSearch in apps/docs/. Runbook at docs/dev3/ALGOLIA-DOCSEARCH-SETUP.md.