snapshot·2026·04·30·HEAD ea48a33

Where we actually are.

A commerce control plane for AI agent traffic. Every request through a deterministic 7-stage pipeline.
Public-beta sandbox is live; paid production billing has not launched.

codename · AgentTrust Gatewaybrand · aisthetic.servicesaccount · sandbox sessionlegal · pending counsel review

124

milestones accepted

169

ADRs in the log

1,564

api tests passing

4 / 4

external lanes verified

liveproduction · real URLs

websiteaisthetic.services↗workbenchapp.aisthetic.services↗sandbox apisandbox.aisthetic.services↗sandbox fallbackagenttrust-sandbox.fly.dev↗proof center/proof-center↗quickstart/docs/quickstart↗

the pipelineseven stages · every request

01identityagent + principal
02policyallow · deny · budget
03riskvelocity · denylist
04paymentHTTP 402 · verify
05upstreamproxy to provider
06receiptEd25519 signed
07audithash chained

try itlive · copy · paste

# 1 · liveness probe
curl -i https://sandbox.aisthetic.services/live

# 2 · sandbox identity, no proof  →  402 Payment Required
curl -i -X POST https://sandbox.aisthetic.services/g/sandbox/data \
  -H "X-AgentTrust-Wallet-Address: 0xSANDBOX" \
  -H "X-AgentTrust-Signature-Scheme: sandbox" \
  -H "X-AgentTrust-Principal: did:web:sandbox.aisthetic.services"

# 3 · sandbox identity + sandbox proof  →  200 + signed receipt
curl -i -X POST https://sandbox.aisthetic.services/g/sandbox/data \
  -H "X-AgentTrust-Wallet-Address: 0xSANDBOX" \
  -H "X-AgentTrust-Signature-Scheme: sandbox" \
  -H "X-AgentTrust-Principal: did:web:sandbox.aisthetic.services" \
  -H "X-AgentTrust-Sandbox-Proof: demo-paid"

# response carries  X-AgentTrust-Receipt-Id: rcp_…

ready17 fields · engineering surface

self-serve evaluation

cookie+CSRF onboarding · 5-step stepper · no sign-up

ready

self-serve console

Workbench at app.aisthetic.services

ready

sandbox durability

Postgres-backed · refresh recovery · reset cascade

durable_sandbox

terminal experience

pnpm public-beta:try · 5/5 checks

ready

external operator verification

4/4 lanes provider-native · webhook + x402 + GCS + Grafana

ready

mainnet canary

real Base mainnet x402 settle · 0.01 USDC · verified on-chain

passed

live ledger updates

bounded long-poll · session-isolated

ready

audit-log filters

kind + stage filters with bounded enums

ready

endpoint custom path

gateway-runtime alias resolution

ready

endpoint disable

HTTP 410 enforced at gateway

gateway_enforced

public-beta proof generate

strict_public_beta redaction profile

ready

proof download

application/zip stream · no signed URL exposed

ready

proof verify

registry-backed Ed25519 round-trip

ready

receipt detail

session-scoped · full WireReceipt + verify + generate-proof

ready

workbench evidence home

counters · health cards · recent activity (M124)

ready

sentry observability

3 projects wired · PII scrub on send

ready

dashboard custom domain

app.aisthetic.services bound · Vercel

ready

ready · with caveats5 fields · honest narrowing

Provider Workbench

real session-scoped surface · no multi-tenant production isolation beyond cookie

ready_with_caveats

Usage Proof Ledger

session-scoped real evidence · not a multi-tenant compliance ledger

ready_with_caveats

Per-endpoint request slice

custom-path endpoints real per-endpoint · legacy /g/aisthetic/probe still shared

legacy_default_path_available

Legal pages

terms · privacy · cookies · DPA template, pending counsel review

templates_pending_counsel_review

First public-beta user

operator self-observation · drove the durable flow live

real_user_observed

deliberatelynot claimed

Things we never say are true, even when the engineering exists.

Public production billing.Not launched. Pilot pricing is the conversation, not a published list.
Real signed customer pilot.Not yet completed.
Enterprise GA.Not claimed; flips only with a deliberate code change paired with an ADR.
SOC 2 · ISO 27001 · HIPAA · PCI.No commissioned audits. Internal enterprise baselines exist; certification audits don’t.
Official Okta · Entra · Google SAML.Not claimed.
Official SCIM 2.0 conformance.Internal enterprise baseline only.
Customer logos · revenue · testimonials · benchmarks.None invented. The bounded posture vocabulary is the truth lock.
Token · L2 · custody wallet.Out of scope. Will never ship. We coordinate the flow; we never hold funds.

roughly howwe got here · M0 → M124

Foundation · M0, M40

M0, M2scaffold · persistence · integration collapse
M3, M11admin auth · KMS signer · production x402 · wallet verifiers · ERC-8004 · edge hardening
M12, M19audit export · S3 + ZIP · OIDC + SAML SP · SCIM · production deploy · OTLP
M20, M30live x402 · proof bundles · Solana · DID + VC · SD-JWT · ERC-1271
M31, M40SIEM presets · audit segments · external operator verification packs

Public beta · M41, M124

M58, M68landing · developer portal · self-serve console · dataroom + onboarding + compliance evidence
M70, M82external sweep · Cloudflare HMAC · x402 funded testnet · Grafana provider-native
M83, M93commercial-ready release · public beta finalization · durable Postgres sandbox
M97, M97.3mainnet canary execute · first real Base mainnet x402 settle · first user observed
M114, M120.1Workbench · session ledger · live updates · custom path · enforced disable
M121, M124proof generate / download / verify · audit-log filters · receipt detail · evidence home

what’s nextthree gates remain

SR-M125

Controlled provider rehearsal

Walk a real first developer through the durable flow start to finish. Capture friction with the M95 recorder. Decide where the next push goes.

operator gate

Counsel review

Flips legalGate from pending_counsel_review to counsel_reviewed. Operator-driven, not engineering.

requires legal first

Paid billing

Polar / Stripe wiring. Flips publicBilling: not_launched → live. Counsel review is the prerequisite.

Generated from pnpm product:ready live values. Verify the claims →