What we ship verifiably. What we deliberately do not claim.

Verifiable today

• Public-beta sandbox is live. Five smoke checks pass continuously on sandbox.aisthetic.services and the fallback URL. Reproduce in thirty seconds with pnpm public-beta:try.
• Workbench is browser-verified end to end. Real Chromium ran a 99-row matrix at desktop, tablet, and mobile widths against app.aisthetic.services. Zero critical, zero high, zero mobile overflow findings after fixes shipped.
• Receipts are Ed25519-signed. Anyone can verify a receipt offline with the published gateway public key. The verifier never sees a private key; signing is behind a port that production binds to a key-management service.
• Audit chain is hash-linked, append-only. Every decision (allow / deny / charge / challenge) emits a bounded event. Segments rotate; a retention worker enforces the configured horizon.
• Solana mainnet anchor is verifiable. A canary anchor was placed at slot 417332203, signature prefix 5maJNxr…ZP5p, payload hash 5b2da2d3…fbbe4. Verify on Solscan or via the public verifier at verify.aisthetic.services.
• Base mainnet AnchorRegistry is deployed. Contract 0xfc15A1E9…1e6d, deployment tx 0xa7db8202…b5f7, block 45517520. Source-verified on Sourcify with an exact match.
• Cross-chain match is reproducible. The same payload hash anchors on Solana memo and on Base AnchorRegistry. The public verifier confirms the four-state proof in one click.
• Wallet binding is non-custodial. The lifecycle is a five-state machine (no binding / active / superseded / revoked / recovery required). The gateway never holds a private key. The user signs a challenge with their own wallet via the SDK.
• External operator verification covers four lanes. Signed webhook, x402 funded testnet, GCS sandbox bucket, and Grafana Cloud Mimir Alertmanager. All four passed provider-native.
• The workspace test suite is green. About three thousand tests across twenty packages, zero failures at the current head.

What we do not claim

Each row pairs a topic with the explicit posture. The same register validates against the readiness CLI on every continuous-integration run.

• Customer base. None claimed. No logos. No testimonials. No revenue figure. No statement of usage by any organization other than the operator.
• Production billing. Not launched. No live checkout. No live invoice. No live subscribe button. The dashboard billing page surfaces a mailto-only "talk to us" affordance and nothing else.
• Real signed customer pilot. None completed. The first signed pilot remains an operator-side gate that unlocks only after counsel review on the pilot terms is real and validates against the bounded reader.
• SOC 2, ISO 27001, HIPAA, PCI, and official Okta or SCIM conformance. None claimed. No external audit has been commissioned, started, or completed for any of those frameworks. Internal SAML / SCIM enterprise baselines exist as code; certification audits do not.
• Counsel-reviewed terms. Pending. Four legal templates (terms, privacy, cookies, DPA) are drafted but not counsel-reviewed. Production-contract acceptance is refused server-side until the bounded counsel sign-off artefact validates.
• Adopted external standard for the agent-identity manifest. Schema only. No external standards body has adopted it.
• General availability for wallet-native onboarding. Public-beta only. Ships ready-with-caveats; not a general-availability claim.
• Public mainnet anchor commercial launch. Canary only. The slot above was a single one-shot validation, not a commercial launch.
• Enterprise general availability. Not claimed.

Reproduce in your terminal (thirty seconds)

# 1) No identity → 401
curl -i -X POST https://sandbox.aisthetic.services/g/aisthetic/probe

# 2) Identity headers + no payment → 402
curl -i -X POST \
  -H "X-AgentTrust-Wallet-Address: 0xSANDBOX" \
  -H "X-AgentTrust-Signature-Scheme: sandbox" \
  -H "X-AgentTrust-Principal: did:web:sandbox.aisthetic.services" \
  https://sandbox.aisthetic.services/g/aisthetic/probe

# 3) + sandbox payment proof → 200 + X-AgentTrust-Receipt-Id: <UUID>
curl -i -X POST \
  -H "X-AgentTrust-Wallet-Address: 0xSANDBOX" \
  -H "X-AgentTrust-Signature-Scheme: sandbox" \
  -H "X-AgentTrust-Principal: did:web:sandbox.aisthetic.services" \
  -H "X-AgentTrust-Sandbox-Proof: demo-paid" \
  https://sandbox.aisthetic.services/g/aisthetic/probe

Or run pnpm public-beta:try from a clone of the repo. The script executes all five checks and outputs the live receipt id, which is itself an Ed25519-signed value the recipient can verify offline.

Where to fact-check, by category

What unblocks the next gates

These are operator-side gates, not engineering gates. Each changes the truth lock above when it lands; none requires another engineering pass on its own.

• Counsel sign-off. A real bounded counsel-review artefact validates against the published schema. The bounded reader flips the legal gate forward. Production-contract acceptance unlocks. This is the single immediate gate.
• First signed customer pilot. After counsel sign-off, the operator walks the thirteen-step pilot checklist with one bounded candidate, captures the bounded questionnaire event, and authors the posture flip.
• Public billing launch. Engineering scope independent; counsel sign-off is the prerequisite. Real checkout, customer portal, paid-plan activation.
• Penetration-test letter. Independent assessor, small-scope, around two to three weeks. Useful for early enterprise conversations; not a blocker for the hackathon submission or the public-beta evaluation.
• Industry audit-framework letters. The short-cycle path runs about four to eight weeks for a snapshot via an accelerator plus a third-party CPA. The continuous-observation path is measured in months. The security-management-system path is a longer arc. None has been started; the operator commissions when commercially required.

Hard rules — the brand's strongest asset

These are not aspirational copy. They are active product invariants validated continuously by the readiness CLI and by source-scan suites that fail the build if a certification keyword appears outside an explicit negation window.

• No real customer, company, person, email, or domain in any committed file.
• No raw cookie, CSRF, session id, API key, or private key in any rendered DOM, log, response body, or artefact.
• No counsel-review claim until the bounded artefact validates.
• No SOC 2, ISO 27001, HIPAA, or PCI claim until an external audit completes. None has been commissioned, started, or completed.
• No customer-base figure until a real signed pilot completes.
• No fake count, fake metric, fake screenshot, or fake quote.
• No high-pressure marketing claim copy. The deck and the demo show what is live; they do not promise what is not.
• Wallet binding is non-custodial. The gateway never holds private material.
• Sandbox is the default for the payment adapter. Production requires explicit per-merchant opt-in with the production flag set.