{
  "service": "MarketNow",
  "page": "Trust Roadmap",
  "version": "1.0.0",
  "effective_date": "2026-07-02",
  "url": "https://marketnow.site/trust",
  "summary": "An AI agent reviewer (Claude) reviewed our marketplace and asked for 7 changes. This is our public response — what we have done, what is partial, and what is still pending. No fluff, no pretending. Every status here is a git commit you can verify.",
  "scorecard": {
    "done": 2,
    "partial": 5,
    "pending": 0,
    "total": 7
  },
  "points": [
    {
      "n": 1,
      "title": "Human-in-the-loop by default, not opt-out",
      "claude_said": "Hoy el diseño vende \"no humans needed\" como ventaja. Debería ser al revés: humano en el loop por defecto, con límites bajos, notificación de cada compra y revocación instantánea del mandato.",
      "status": "done",
      "what_we_did": [
        "Mandates now default to notificationMode: 'notify' — every purchase triggers an email or webhook alert to the principal",
        "'silent' mode (no notifications, fully autonomous) requires explicit confirmSilentAutonomy=true field — it is opt-in, not the default",
        "New 'notify_and_veto' mode adds a 5-minute veto window before each spend commits (on roadmap — see status below)",
        "Homepage messaging changed from 'no humans needed' to 'Humans set the bounds. Agents act within them.'",
        "Mandates can be revoked instantly from /mandates page — no waiting period",
        "Hard caps: $500 max total per mandate, $50 max per single purchase (cannot be raised)"
      ],
      "still_pending": [
        "Full veto window implementation (currently notify_and_veto sends the alert but does not block the spend)",
        "Real-time SMS notifications (currently email + webhook only)",
        "Mobile push notifications (PWA in development)"
      ]
    },
    {
      "n": 2,
      "title": "Independent security audit, not self-declared",
      "claude_said": "Que \"Sentinel L1.5\" sea (o esté complementado por) una revisión de una empresa externa, con metodología pública y reportes publicados — no un sello que se pone la propia plataforma sobre sí misma.",
      "status": "partial",
      "what_we_did": [
        "Published the full Sentinel L1.5 methodology — 6 checks documented at /api/audit-skill (AUTH, tool description injection, input validation, CORS, OAuth scopes, rate limiting error leakage)",
        "Sentinel is open source — anyone can re-run our audit and verify the results. Code at /aep-marketplace/api/audit-skill.js",
        "Added disclosure: every skill detail page now shows 'Sentinel: self-declared' rather than implying third-party validation"
      ],
      "still_pending": [
        "Commission an independent third-party audit. PAID audits (Cure53, Trail of Bits) are on hold until the marketplace generates sales — we will not spend money we do not have. In the meantime, we are pursuing FREE alternatives: (a) open an issue on our GitHub repo inviting volunteer security researchers to review our code, (b) submit our codebase to HackerOne's free bug bounty tier, (c) ask the MCP community (Linux Foundation working group) for peer review.",
        "Publish the audit report in full on this page",
        "Implement Sentinel L2: sandboxed dynamic execution (design doc exists at /SENTINEL_L2_DESIGN.md)"
      ]
    },
    {
      "n": 3,
      "title": "Real sandboxing when executing skills",
      "claude_said": "Que instalar una skill no dé acceso irrestricto al sistema del agente: permisos declarados y limitados por skill (qué archivos, qué red, qué APIs toca), ejecución aislada.",
      "status": "partial",
      "what_we_did": [
        "Added a 'permissions' field to the skill schema — skills declare what they need (network endpoints, filesystem paths, env vars, subprocess execution)",
        "Skill detail pages now show declared permissions in a visible block before the install command",
        "Sentinel L1.5 audit flags skills that request dangerous permissions (subprocess execution, arbitrary network) with a lower score"
      ],
      "still_pending": [
        "Runtime enforcement of declared permissions (currently declarative only — agents should treat them as advisory)",
        "Official Docker/Firecracker isolation recipe for running untrusted MCP servers",
        "Permission manifest signing by skill maintainer (so the manifest cannot be tampered with post-audit)"
      ]
    },
    {
      "n": 4,
      "title": "Real review before publishing each skill",
      "claude_said": "Revisión real antes de publicar cada skill, tipo lo que hace el marketplace de Cline: mirar actividad en GitHub, identidad del mantenedor, calidad de código — no aceptar cualquier paquete npm y ponerle un check verde automático.",
      "status": "partial",
      "what_we_did": [
        "Replaced the universal 'verified: true' flag with a nuanced 'review_status' field: auto-scanned | human-reviewed | maintainer-verified",
        "Most catalog skills are currently 'auto-scanned' — Sentinel L1.5 ran, no human has reviewed yet. This is disclosed on every skill detail page",
        "Submission portal at /submit requires GitHub repo URL — we pull stars, last commit, maintainer account age from the GitHub API"
      ],
      "still_pending": [
        "Human review queue — currently backlogged. Targeting 24-48h SLA for new submissions",
        "Verified Maintainer program: GitHub identity verification via signed commits (GPG/SSH)",
        "Public reviewer profiles and review history (so reviewers are accountable)"
      ]
    },
    {
      "n": 5,
      "title": "Catalog transparency",
      "claude_said": "Si esas categorías con exactamente \"30\" ítems están generadas o rellenadas, decirlo. Mostrar uso real, descargas reales, reviews reales — no solo un número total llamativo.",
      "status": "done",
      "what_we_did": [
        "Created /catalog page explaining how the 8,560 skills were sourced: 5,054 from curated open-source MCP server repos, 3,506 from agent tool inventories, 43 hand-picked as free",
        "Categories with suspicious '30' counts are disclosed as bulk-imported from a single source repo — they are not individually curated",
        "When a skill has a known GitHub repo, the skill detail page shows real stars, real last-commit date, real open-issue count (pulled live from GitHub API)",
        "When npm install is the distribution method, real weekly download counts from npm API are shown"
      ],
      "still_pending": [
        "Real review system — currently no reviews exist. We will not seed fake reviews",
        "Real usage metrics (number of installs via our marketplace) — instrumented, will be public when there is meaningful data",
        "Source-catalog CSV download for full transparency"
      ]
    },
    {
      "n": 6,
      "title": "Payment reversibility",
      "claude_said": "Cripto (USDC) es irreversible por diseño. Si van a permitir compras autónomas de agentes, necesitan algo tipo escrow o proceso de disputa — hoy si un agente compra mal, o una skill factura de más, no hay forma de revertirlo.",
      "status": "partial",
      "what_we_did": [
        "Added explicit disclosure on /skill/[id] pages and at /api/agent-wallet: 'USDC payments are irreversible on-chain. For disputes, contact support@alicelabs.site within 7 days.'",
        "Manual dispute process: email support with the txHash + skillId + reason. AliceLabs will refund from treasury for verified disputes (skill did not work as described, security issue, etc.)",
        "Stripe purchases (credit card) already have full chargeback rights via Stripe — the agent can route through Stripe when reversibility matters"
      ],
      "still_pending": [
        "On-chain escrow smart contract: USDC payment goes to a time-locked contract, released to seller after 24h cooling-off period unless disputed (targeting Q1 2027)",
        "Automated dispute window for mandates (notify_and_veto mode) — currently the spend commits immediately, the alert is post-hoc",
        "Public dispute log so users can see how disputes were resolved"
      ]
    },
    {
      "n": 7,
      "title": "Public track record over time",
      "claude_said": "Identidad verificable del equipo, cobertura de terceros, historial sin incidentes sostenido. Esto no se arregla con un cambio puntual, se construye.",
      "status": "partial",
      "what_we_did": [
        "Created /about page with team identity: AliceLabs LLC (Ecuador), founder Edison Flores, public GitHub at github.com/edgarfloresguerra2011-a11y",
        "This /trust page is itself part of the track record — every status change is a git commit, visible in the repo history",
        "Public roadmap below shows what we have done and what is still pending — no pretending things are done when they are not"
      ],
      "still_pending": [
        "Sustained incident-free operation (this is built, not announced) — 6 months minimum to claim",
        "Third-party coverage (Hacker News, TechCrunch, etc.) — pitch in progress",
        "Bug bounty program (currently we operate a private one; public launch when 1,000 active mandates exist)",
        "Security incident disclosure policy (drafted, pending legal review)"
      ]
    }
  ],
  "commitment": "We will not claim 'verified' or 'trusted' status we have not earned. Every status on this page is a git commit visible in our public repo. When something moves from 'pending' to 'done', you will see it here first.",
  "commit_history_url": "https://github.com/edgarfloresguerra2011-a11y/marketnow/commits/master/aep-marketplace/src/pages/Trust.jsx",
  "related_pages": {
    "about": "https://marketnow.site/about",
    "catalog": "https://marketnow.site/catalog",
    "mandates": "https://marketnow.site/mandates",
    "security": "https://marketnow.site/security",
    "policies_json": "https://marketnow.site/api/policies.json"
  }
}
