{
  "type": "ergo.agent_economy.audit_scope_manifest.v0",
  "version": "v0",
  "status": "draft_scope_not_audit_report",
  "last_reviewed": "2026-05-21",
  "public_claim": "Audit scope is drafted. No independent audit or mainnet readiness claim exists yet.",
  "network": "testnet",
  "scope": {
    "components": [
      "Sage quote/chat/verify APIs",
      "Accord Agreement JSON",
      "Verification Receipt JSON",
      "Settlement Receipt JSON",
      "Vercel Blob receipt storage",
      "Sage signer redemption service",
      "Ergo testnet Note and Reserve flow",
      "Accord conformance artifact publication",
      "Agent Economy Live Hub status API",
      "Public MCP endpoint"
    ],
    "excluded_until_separate_review": [
      "mainnet custody",
      "real-funds payment operations",
      "external wallet UX",
      "third-party tenant deployments",
      "production embeddable paid widget"
    ]
  },
  "required_review_questions": [
    "Can the Agreement JSON, Verification Receipt JSON, and Settlement Receipt JSON be tampered with after creation?",
    "Can a stale or unrelated Note satisfy a premium request?",
    "Can task hash canonicalization drift between quote, verify, receipt, and conformance?",
    "Can the signer be tricked into signing a transaction with non-self or over-limit outputs?",
    "Does fallback to verify-only mode preserve honest public receipt status?",
    "Are rate limits and failure logs sufficient for a public testnet pilot?",
    "Are all public claims constrained to testnet proof language?"
  ],
  "evidence_inputs": {
    "full_receipt_bundle": "https://www.ergoblockchain.org/api/sage/receipt/f8752d10a2ece92fbc88065c3b92b94da621ec65943098f43c9e084deb763d81",
    "signed_conformance_result": "https://www.ergoblockchain.org/evidence/sage/conformance-l1-2026-05-21.signed.json",
    "provider_signing_key": "https://www.ergoblockchain.org/evidence/sage/provider-signing-key.json",
    "script_identity_manifest": "https://www.ergoblockchain.org/agent-economy/script-identity-manifest.v0.json",
    "signer_ops_evidence": "https://www.ergoblockchain.org/agent-economy/signer-ops-evidence.v0.json",
    "mainnet_gate": "https://www.ergoblockchain.org/api/agent-economy/mainnet-gate"
  },
  "open_audit_outputs": [
    "reviewer identity",
    "review date",
    "reviewed commit hashes",
    "findings list",
    "severity ratings",
    "remediation commits",
    "residual risks",
    "signed audit or review artifact"
  ]
}