Truth table · ETHGlobal Open Agents 2026 submission

What is live, what is mock, what is not yet

Every claim the project makes is filed under one of three columns below. When a judge asks "is X actually live?", the answer is on this page. No marketing fluff — every row links straight to the source-of-truth artefact.

21 surfaces live · 5 have a mock fallback · 13 documented as not-yet · 26 rows total

Where the keys live. Agent intent passes through SBO3L's 6-step boundary — parse, policy, spec, sign, audit, link — and routes to the executor or a fail-closed deny path. The signing key never leaves the boundary; the agent never holds it.

Sponsor integrations

Surface	Live	Mock	Not yet
KeeperHub	POST to live workflow `m4t4cnpmhv8qquce3bv3c` returns real `executionId`. IP-1 envelope shipped.	Default in CI: `local_mock()` returns deterministic `kh-`.	—
ENS — mainnet read	`sbo3l agent verify-ens sbo3lagent.eth` reads 5 records via PublicNode mainnet RPC. policy_hash byte-matches offline fixture.	Offline fixture in `crates/sbo3l-identity/fixtures/`.	Mainnet OffchainResolver (Phase 2 amplifier; needs ~$10 mainnet ETH). Sepolia OffchainResolver deployed but orphan (no subnames wired to it on Sepolia chain).
Uniswap — read side + mainnet broadcast	Sepolia QuoterV2 returns real quote for USDC→WETH. Guards: token allowlist + max notional + max slippage + quote freshness + treasury recipient. Mainnet UNI-A1 broadcast LIVE: 0.005 ETH → 11.5743 USDC at block 25,013,950 ([0xed68d1…aff0b](https://etherscan.io/tx/0xed68d1301b479c4229bc89cca5162b56517b80cbaeb654323e05b183000aff0b)).	—	—

AI provider SDK adapters

Surface	Live	Mock	Not yet
Anthropic Claude tool-use	`@sbo3l/anthropic` published on npm. `examples/anthropic-research-agent/` runs end-to-end with `ANTHROPIC_API_KEY=…`.	`npm run smoke` — deterministic synthetic `tool_use` dispatch, no API key required.	—

Storage + audit

Surface	Live	Mock	Not yet
SQLite audit chain (single-tenant)	Default storage backend. Hash-chained `audit_events` table; `Storage::audit_last` returns the head.	—	—
Postgres audit chain (multi-tenant)	V020 migration ships per-tenant scoping. `apps/sbo3l-playground-api` uses Neon Postgres in production.	—	—
On-chain audit-root anchor	Sepolia `AnchorRegistry` at `0x4C302b…f4Ac`. `sbo3l audit anchor` broadcasts via alloy. `sbo3l audit verify-anchor ` reads back.	`sbo3l audit checkpoint create` (without `--anchor`) does mock anchoring — no chain TX, deterministic checkpoint.	Mainnet anchor (waiting for production-grade signer; KMS work-in-progress).
0G Storage backend (`sbo3l audit export --backend 0g-storage`)	0G Galileo testnet upload via the indexer at `https://indexer-storage-testnet-turbo.0g.ai/file/upload`. Captures `rootHash` + wraps the bundle in an export envelope carrying a `live_evidence` block. 6 documented invariants covered by `httpmock` unit tests; `live_testnet_upload` integration test gated behind `ZEROG_TESTNET_LIVE=1` so CI doesn't flake on the upstream (#391).	Default backend stays `local` — zero behaviour change for existing callers. `--backend mock` available for offline tests.	Mainnet 0G deploy (gated on ≥30d testnet dual-anchor soak per `docs/cli/0g-backend.md`). Browser-upload fallback on /proof for the SDK chunk-merge timeout (Dev 2 Task C).

Identity + signing

Surface	Live	Mock	Not yet
Local file Ed25519 signer	`sbo3l_core::signers::local_file::LocalFileSigner` — production-shape, file-based key.	—	—
AWS KMS signer	—	—	Compile-only stub. Crate compiles, but `sign()` is `unimplemented!()`. Awaits AWS access key from operator.
GCP Cloud KMS signer	—	—	Compile-only stub. Same shape as AWS KMS. Awaits GCP service account.
Phala TEE signer	—	—	Placeholder trait. No TEE deployment. Phase 3+.
ERC-8004 IdentityRegistry	Sepolia `0x600c10dE…Db37` deployed + pinned. `sbo3l agent register` writes via the registry.	—	Mainnet registry deployment.

Passport capsule verification

Surface	Live	Mock	Not yet
Structural verifier (CLI default)	`sbo3l passport verify` runs schema + cross-field structural checks on every capsule.	—	—
Crypto verifier (auto-promoted)	When the capsule is self-contained (v2 with embedded `policy_snapshot` + `audit_segment`), `verify` auto-runs the 6 strict crypto checks. Tampered self-contained capsules now fail with exit 2.	—	—
WASM verifier (browser, /proof)	`apps/marketing/public/wasm/sbo3l_core_bg.wasm` (2.4 MB). Verifies entirely client-side, zero network call.	—	—

CCIP-Read flow

Surface	Live	Mock	Not yet
Gateway HTTP API	`https://sbo3l-ccip.vercel.app/api/{sender}/{data}.json` returns signed `(value, expires, signature)` for `text(node, key)` queries.	—	—
Sepolia OffchainResolver → ENS chain	Redeployed at `0x87e9…b1f6` with canonical URL template (#383). `sbo3lagent.eth` registered on Sepolia ENS + `research-agent.sbo3lagent.eth` subname wired to the new OR (#390). End-to-end verified via SBO3L CLI (R20 #446 added CCIP-Read OffchainLookup follower) AND viem byte-for-byte: `sbo3l agent verify-ens research-agent.sbo3lagent.eth --network sepolia` returns the actual records.	—	Production-grade subname registration UX (today: `cast send setSubnodeRecord` on every new agent). Roadmap, not v1.
Mainnet OffchainResolver → sbo3lagent.eth	—	—	Currently sbo3lagent.eth points at PublicResolver with regular text records. Mainnet OR deploy ~$10 ETH. Operator-gated (needs primary wallet PK + record-migration risk on the existing live records).

Daemon + production posture

Surface	Live	Mock	Not yet
Daemon HTTP API (`/v1/payment-requests`, `/v1/healthz`)	`sbo3l-server` binary runs on `127.0.0.1:8730` by default. APRP envelope → policy → budget → audit → signed receipt end-to-end.	—	—
Daemon as production service	—	—	Marked dev-only in security notes. Hardcoded localhost bind. No TLS, no auth on default config. For production: behind reverse proxy + KMS signer + Postgres backend. Roadmap, not v1.
Tier-3 hosted daemon (Vercel)	`sbo3l-playground-api` on Vercel — Neon Postgres + Upstash KV + Blob + Ed25519 signing key. `apps/sbo3l-playground-api` source.	—	—

Brand + marketing surface

Surface	Live	Mock	Not yet
Visual brand kit (Wave 1)	Logo system + favicon + KeyFlowDiagram polish (#413). KeyFlowDiagram embedded on `/` and `/status` (rendered above this table).	—	—
Visual brand kit (Wave 2)	Inline-SVG components shipped: HeroIllustration on `/` (animated agent → gate → executor split, #418), PassportCapsule on `/proof` + `/demo` + `/try` (cover thumbnail + open spread, #420), SponsorCard replaces text-only sponsor strip with 4 brand-themed motifs (#423). All CSP-clean (no third-party image domains).	—	PNG-twin rasterisation for X/Twitter cards (today: SVG og:image works on Discord/LinkedIn/iMessage, but X falls back to summary card without preview).
Per-page OG share images	`/og/.svg` endpoint pre-renders 17 brand-styled OG images (1200×630) at build, one per registered page (#424). 6 variants — default / proof / status / roadmap / playground / sponsor. BaseLayout derives slug from `Astro.url.pathname` so every page gets its own OG without explicit prop.	—	PNG-twin output (same visual, raster format) for the X-Twitter compatibility gap above.
Trust DNS Manifesto (#388)	4890-word RFC-style manifesto at `docs/concepts/trust-dns-manifesto.md`. Section 2.5 ('Verifiable, not claimed') preempts Kevin (ENS team)'s 'user can set whatever text record' caveat with the policy_hash drift-check rebuttal (#421).	—	ENSIP-N submission to ENS DAO governance (post-hackathon window per DAO norms).

Why this page exists

Hackathon projects routinely overclaim. SBO3L's standing rule (Daniel's no-overclaim rule, originSession): every "live" claim must be backed by a real artifact a judge can hit (URL, contract address, npm package, executable command). Anything that isn't gets the "not yet" column with what's blocking it.

If you find a claim elsewhere in this site that contradicts this page, this page wins — please open a GitHub issue against the contradicting surface.