{
  "type": "ergo.agent_economy.audit_readiness_checklist.v0",
  "version": "v0",
  "status": "ready_for_external_review_not_audit_report",
  "last_reviewed": "2026-05-23",
  "public_claim": "The testnet evidence pack is ready to hand to an external reviewer. This file is not an audit report and does not open mainnet readiness.",
  "network": "testnet",
  "provider_id": "provider://sage-ergoblockchain",
  "review_target": {
    "site_repo": "https://github.com/bez111/ergo_v0",
    "sage_widget_repo": "https://github.com/bez111/sage-widget",
    "mcp_repo": "https://github.com/bez111/ergoblockchain-mcp",
    "accord_registry_repo": "https://github.com/accord-protocol/accord-protocol",
    "public_live_hub": "https://www.ergoblockchain.org/agent-economy/live",
    "public_review_pack": "https://www.ergoblockchain.org/agent-economy/review-pack",
    "public_review_pack_api": "https://www.ergoblockchain.org/api/agent-economy/review-pack",
    "public_status_api": "https://www.ergoblockchain.org/api/agent-economy/live",
    "public_mainnet_gate": "https://www.ergoblockchain.org/api/agent-economy/mainnet-gate",
    "public_release_watchlist": "https://www.ergoblockchain.org/agent-economy/release-watchlist.v0.json",
    "current_release_api": "https://www.ergoblockchain.org/api/agent-economy/release/current",
    "release_attestation_2026_05_23": "https://www.ergoblockchain.org/agent-economy/release-attestation-2026-05-23.v0.json",
    "external_audit_review_schema": "https://www.ergoblockchain.org/agent-economy/external-audit-review.schema.v0.json",
    "mainnet_script_identity_schema": "https://www.ergoblockchain.org/agent-economy/mainnet-script-identity.schema.v0.json"
  },
  "evidence_inputs": [
    {
      "id": "full_receipt_bundle",
      "uri": "https://www.ergoblockchain.org/api/sage/receipt/f8752d10a2ece92fbc88065c3b92b94da621ec65943098f43c9e084deb763d81",
      "expectation": "Agreement JSON, Verification Receipt JSON, and Settlement Receipt JSON are present for a settled post-Blob paid Sage turn."
    },
    {
      "id": "signed_conformance_result",
      "uri": "https://www.ergoblockchain.org/evidence/sage/conformance-l1-2026-05-21.signed.json",
      "expectation": "Signed Sage L1 conformance evidence validates the same receipt bundle."
    },
    {
      "id": "provider_signing_key",
      "uri": "https://www.ergoblockchain.org/evidence/sage/provider-signing-key.json",
      "expectation": "Public key verifies signed conformance artifacts."
    },
    {
      "id": "testnet_script_identity",
      "uri": "https://www.ergoblockchain.org/agent-economy/script-identity-manifest.v0.json",
      "expectation": "Observed testnet wallet, reserve, note, registers, and settlement identifiers are public."
    },
    {
      "id": "signer_ops_evidence",
      "uri": "https://www.ergoblockchain.org/agent-economy/signer-ops-evidence.v0.json",
      "expectation": "Signer health, policy limits, and failure logging posture are published for the testnet pilot."
    },
    {
      "id": "audit_scope_manifest",
      "uri": "https://www.ergoblockchain.org/agent-economy/audit-scope-manifest.v0.json",
      "expectation": "Scope states what is included and what remains excluded until separate review."
    },
    {
      "id": "developer_launch_kit",
      "uri": "https://www.ergoblockchain.org/agent-economy/launch-kit",
      "expectation": "Developers have a public five-minute path, service index, schemas, and guarded testnet entrypoints."
    },
    {
      "id": "wallet_agent_policy_check",
      "uri": "https://www.ergoblockchain.org/api/agent-economy/wallet-agent/policy-check",
      "expectation": "Wallet-agent actions are evaluated against deterministic local policy before any host wallet signing request."
    },
    {
      "id": "release_watchlist",
      "uri": "https://www.ergoblockchain.org/agent-economy/release-watchlist.v0.json",
      "expectation": "Post-deploy watch targets, security headers, npm audit expectation, and mainnet gate invariants are documented."
    },
    {
      "id": "current_release_api",
      "uri": "https://www.ergoblockchain.org/api/agent-economy/release/current",
      "expectation": "The currently served deployment reports its runtime Git/Vercel context without requiring a new static attestation for every deploy."
    },
    {
      "id": "release_attestation_2026_05_23",
      "uri": "https://www.ergoblockchain.org/agent-economy/release-attestation-2026-05-23.v0.json",
      "expectation": "The latest production deploy has a machine-readable record of commit, Vercel deployment id, security posture, post-deploy checks, and mainnet gate invariants."
    },
    {
      "id": "mcp_dns_health",
      "uri": "https://mcp.ergoblockchain.org/health",
      "expectation": "The public MCP DNS endpoint responds independently from the main site."
    }
  ],
  "reviewer_must_record": [
    "reviewer identity",
    "review date",
    "reviewed repository commits",
    "reviewed deployment id",
    "reviewed package-lock hash",
    "reviewed package versions",
    "reviewed public evidence URLs",
    "findings with severity, exploitability, remediation status, and residual risk",
    "explicit statement on whether any finding blocks mainnet language",
    "signature, public key, or durable attribution method"
  ],
  "review_questions": [
    "Can a stale, unrelated, replayed, wrong-recipient, wrong-value, wrong-reserve, or wrong-task Note satisfy a premium Sage request?",
    "Is task hash canonicalization stable across quote, verify, receipt, conformance, and widget surfaces?",
    "Can Agreement JSON, Verification Receipt JSON, or Settlement Receipt JSON be tampered with after creation without detection?",
    "Does the receipt API clearly distinguish full_receipt_bundle from chain_proof_only historical receipts?",
    "Can the signer settle more value than policy allows or settle to a non-Sage address?",
    "Are signer failure logs, health checks, limits, and manual runbooks sufficient for the stated testnet pilot?",
    "Does public wording stay constrained to testnet proof and avoid production/mainnet readiness claims?",
    "Are both pending mainnet blockers still enforced by /api/agent-economy/mainnet-gate?"
  ],
  "local_commands": [
    "npm run type-check",
    "npm run audit:blog",
    "npm run audit:locales",
    "npm run audit:agent-economy-gate",
    "npm run audit:assets",
    "npm audit --audit-level=moderate",
    "npm run smoke:routes",
    "npm run watch:agent-economy"
  ],
  "mainnet_gate_rule": {
    "must_remain_closed_until": [
      "https://www.ergoblockchain.org/agent-economy/external-audit-review.manifest.v0.json",
      "https://www.ergoblockchain.org/agent-economy/mainnet-script-identity.manifest.v0.json"
    ],
    "template_files_are_not_sufficient": true
  }
}