Close gaps → Ship sandbox → B2B path
flowchart LR
subgraph Now["📍 NOW"]
A[Current Sandbox]
end
subgraph M1["Milestone 1"]
B[Control Tower]
end
subgraph M2["Milestone 2"]
C[Task & Audit Integrity]
end
subgraph M3["Milestone 3"]
D[Pool Hardening]
end
subgraph M4["5A Ship"]
E[Sandbox Ready]
end
subgraph M5["5B Path"]
F[Org Model & B2B Prep]
end
subgraph End["🎯 END GOAL"]
G[B2B Real-Money]
end
A --> B --> C --> D --> E --> F --> G
timeline
title EmbiPay Roadmap: Gaps → Ship → B2B
section Now
Current state : Sandbox live, SDKs, docs
Gaps : Kill switches missing
Gaps : Owner limits admin-only
Gaps : Dual task systems
Gaps : Audit chain incomplete
section Milestone 1 — Control Tower
Kill switches : Add is_paused / wallet_frozen
Kill switches : Block agent APIs when paused
Owner limits : API for owners to set limits
Owner limits : UI for limit controls
section Milestone 2 — Task & Audit
Unify tasks : Deprecate payment_requests or migrate (deferred)
Audit chain : ✅ PATCH agent tasks → task_audit + ledger
Explainability : ✅ status_change audit + agent_task ledger for payment tasks
section Milestone 3 — Pool Hardening
Usage limits : ✅ Block record-pool-usage at 0 (-1=unlimited)
Pool exit : ✅ POST /api/admin/pool-exit
Overuse alert : ✅ GET /api/admin/pool-overuse
section Milestone 4 — 5A Ship
Sandbox ready : All gaps closed
Control Tower : 8/10+ alignment score
Launch : Developer sandbox public
section Milestone 5 — B2B Prep
Org model : Lightweight org/tenant layer
Waitlist : B2B interest capture
Docs : B2B conversion path
section End Goal — 5B
Payment provider : Stripe Connect / Dwolla
KYC : Business verification
Monetization : Usage-based billing
| Gap | Action | Milestone |
|---|---|---|
| No pause / freeze / block | Add is_paused (or similar) to agentwallet; enforce in agent APIs; add owner API + UI |
1 |
| Owners can't set limits | Add /api/wallet/update-limits for linked owners; UI on wallet page |
1 |
| ✅ Fixed — Unified under agent_tasks; for-agent, complete-by-session, fetch-tasks use agent_tasks | 2 | |
| Agent task PATCH doesn't audit | Insert task_audit row on status change in PATCH /api/agent/tasks/[id] |
2 |
| Agent task PATCH doesn't ledger | Insert ledger entry for completed/failed payment-like tasks | 2 |
| Pool usage goes negative | In record-pool-usage, return 400 when usage_limit <= 0 for limited contributions |
3 |
| No pool exit | Add API to remove/revoke agent contribution from pool | 3 |
| — | Enforce pool overuse detection / alerting | 3 |
flowchart TD
subgraph M1["Milestone 1 — Control Tower"]
A1[Kill switches]
A2[Owner limit API]
end
subgraph M2["Milestone 2 — Task & Audit"]
B1[Unify or document task model]
B2[PATCH → task_audit]
B3[PATCH → ledger]
end
subgraph M3["Milestone 3 — Pool Hardening"]
C1[Block pool overuse]
C2[Pool exit API]
end
M1 --> M2
M1 --> M3
M2 --> Ship[5A Ship-Ready]
M3 --> Ship
Ship --> B2B[B2B Prep]
| # | Work | Why first |
|---|---|---|
| 1 | Kill switches (pause / freeze) | Safety before scale; enables human control |
| 2 | Owner limit API | Core Control Tower; no admin workaround needed |
| 3 | PATCH → task_audit + ledger | Explainability; "why did this happen?" |
| 4 | Unify or document task model | Reduces confusion and bugs |
| 5 | Pool usage hard stop at 0 | Prevents overuse silently |
| 6 | Pool exit API | Lets humans remove agents from pools |
| 7 | Org model (optional) | Prep for B2B; can defer |
| Stage | Outcome |
|---|---|
| Milestones 1–3 | Gaps closed; Control Tower alignment 8/10+ |
| 5A Ship | Developer sandbox publicly ready |
| 5A+ | Feedback, waitlist, iteration |
| 5B | Org model → payment provider → KYC → B2B launch |
See also: PROJECT-STATUS.md · PHASE5-SANDBOX-TO-B2B-PLAN.md