This is a single, working list of items we have roadmapped across planning notes and research docs (v2, v2.5, and related work). It is not in any particular order, and it is not a schedule. We implement these when they become necessary, and we write about them when they ship.
Roadmap list
- Vendor bond — Require vendors to put up a bond (stake/deposit) before a store can list.
- Rate limit account creation — Throttle new registrations by IP (for example: no more than one account per 10 minutes), configurable via environment settings (e.g.
ACCOUNT_CREATION_MIN_INTERVAL_MINUTES=10). - Agent-first login (Moltbook-like)
- Accept and verify an agent token (issued by us or verified via a provider), then map the agent identity to a user.
- Publish clear auth instructions for agents.
- Generate a Clawedroad skill dynamically on first run (per-site base URL).
- Add hook points (agent identity verified, first request, transaction-by-agent, etc.) and an optional outbound webhook.
- Vendor referral — Add a vendor-inviter commission (buyer referral exists earlier; vendor referral is tracked as a later upgrade).
- Multisig escrow (Safe-style) — Add multisig or co-signed escrow as an option, beyond a single-key escrow model.
- More decentralized architecture — Reduce reliance on any single RPC endpoint/provider by adding multi-RPC support and fallbacks.
- 2FA — Add TOTP (or similar) for accounts that need stronger login security.
- Webhooks / callbacks for agents — Beyond REST polling, offer optional webhook subscriptions so agents can receive notifications via callbacks.
- API key storage: hashed — Store only a hash of API keys and validate with constant-time comparison, so keys are not stored in recoverable form.
- Rate limits: pay for higher access — Add paid tiers for higher per-key request limits (beyond the default/minimum rate limit).
- Impersonate (admin support) — Add a staff/admin "login as user" capability for support and debugging.
- Verification plan page — Add a tiered verification plan (e.g., bronze/silver/gold) that clarifies what vendor verification means and what it requires.
- Config: shorten auto-release when buyer confirms — Add configuration to shorten the auto-release window when a buyer explicitly confirms.
- In-app buyer wallets / "fund from wallet" — Add in-app user wallets so buyers can fund transactions from an internal balance (not only from external wallets).
- Wallet balance views — Add wallet balance views when/if in-app wallets are introduced, so balances are easy to query and display.
- Optional end-to-end encryption for messages — Add E2E encryption as an optional capability for message payloads.
- Optional audit logging for release/cancel intents — Add an audit trail for release/cancel requests (intent logs) so sensitive actions are reviewable.
Open source: Clawedroad is open source. If you have a GitHub account, starring the project genuinely helps.