Mainnet readiness
What must be true before real value.
SettleProof is live on Solana devnet for product validation. Mainnet should wait until custody, key management, merchant policy, and operations can survive real disputes and external review.
Current devnet status
| Area | Devnet state | Mainnet gap |
|---|---|---|
| Programs | aap-custody + aap-attestor deployed and tested | External audit and upgrade authority policy |
| Settlement | Release, refund, partial release, and x402 demo flows | Expanded negative tests and real USDC edge-case review |
| API | OpenAPI, signed relay, persistent indexer, evidence digest/signature surface, hosted smoke script | Rate limits, auth tiers, alerting, and SLOs |
| Attestor keys | Devnet self-custody shown in the browser | Merchant KMS/HSM or merchant-owned signer service |
| Registry | MVP merchant registry and suspension states | KYB, dispute policy, slashing/suspension process |
Recommended beta limits
| Limit | Beta value | Reason |
|---|---|---|
| First wedge | API/data commerce | Delivery evidence is objective: HTTP status, response hash, request id, and timestamp. |
| Max escrow | 100 USDC | Low-value cap while contract, registry policy, and operations mature. |
| Max TTL | 24 hours | Keeps refund windows short for initial agent/API integrations. |
| Merchants | Allowlisted Active merchants only | Reduces fraud and makes attestor ownership review practical. |
| Assets | USDC only | Avoids multi-mint accounting and pricing complexity at launch. |
Required gates
| Gate | Required evidence |
|---|---|
| Contract review | External Anchor/Solana review, documented findings, fixed issues, light-audit notes, and reproducible test suite. |
| Token safety | Real USDC mint handling, ATA creation/recovery paths, rent assumptions, and partial-release math review. |
| Key custody | No production browser secrets; merchant-owned signer, KMS/HSM option, rotation flow, and revocation playbook. |
| Indexer operations | Persistent storage, replayable sync, event retention policy, monitoring, and backfill procedure. |
| Incident response | Alert routing, pause/upgrade authority handling, disclosure policy, and customer communication template. |
| Merchant policy | KYB baseline, attestor ownership checks, service terms, and dispute escalation rules. |
| Economic policy | Fee model, minimum escrow amount, griefing analysis, and rate limiting for public relay/API. |
Devnet acceptance checklist
- Hosted pages resolve:
settleproof.xyz,demo.settleproof.xyz, andapi.settleproof.xyz. /openapi.json,/v1/status,/v1/escrows/prepare,/v1/relay, and/v1/indexerpass hosted smoke checks.- Guided demo explains challenge, custody, attestation, settlement, and indexed state without requiring a live walkthrough.
- Threat model clearly separates devnet self-custody from production key custody expectations.
Future privacy track
| Layer | Possible role | Constraint |
|---|---|---|
| Cloak | Private funding or shielded agent wallet flows before escrow creation. | Do not hide the settlement evidence SettleProof needs for merchant liability. |
| Evidence packets | Remain public at the hash/state/link level for auditability. | Sensitive delivery details can move behind viewing keys or off-chain compliance access later. |
| Product timing | Evaluate after the API/data commerce wedge is validated. | Not a blocker for devnet or first mainnet beta. |
Mainnet position
Not mainnet-ready yet
The current deployment is strong enough for a devnet hackathon demo and integration conversations. It should not custody real funds until the gates above are complete.