Hosted control plane

The public website sits on top of a machine-readable operator layer.

BountyBox is not just a marketing shell. The hosted contract exposes discovery, identity, readiness, security, and maintenance surfaces so operators and future plugins can work against one canonical web layer. Public surfaces stay readable; live operator surfaces require sign-in.

Provider stack

public

Public rollout priorities for provider wiring, local routing, Paperclip integration, and security posture.

Open JSON →

Plugin bootstrap

sign-in required

Startup package for access posture, featured surfaces, bridge notes, and ownership context.

Open JSON →

Plugin contract

sign-in required

Machine-readable contract for discovery, identity, finance, validation, and hosted capabilities.

Open JSON →

Plugin governance

sign-in required

Exec Board plugin inventory, install-readiness posture, and the hosted governance write lane for approval, promotion, and fast-track actions.

Open JSON →

Surface manifest

sign-in required

Canonical index of hosted paperclip surfaces and grouped discovery routes.

Open JSON →

Maintenance contract

sign-in required

Supported maintenance actions, examples, defaults, and recovery posture for operators.

Open JSON →

Security audit

sign-in required

Live hosted risk posture across validation, disputes, and control-plane failures.

Open JSON →

Validation summary

sign-in required

Latest machine-readable contract suite result for deployment and operator verification.

Open JSON →

Verification lane

Hosted verification commands are part of the product surface now.

The OG BountyBox contract now advertises both the full hosted suite and the dedicated governance read smoke so operators can verify the exact Paperclip lanes we ship, not just browse them.

Open validation summary

Full hosted contract suite

Runs the canonical hosted verification flow across startup contract, governance reads, identity, finance, and payout release lanes.

pnpm hosted-contract:suite

Governance read smoke

Validates listing-scoped governance reads and the matching machine-readable contract/docs surfaces.

pnpm plugin-governance:read-smoke

Exec Board validation contract

Startup, readiness, and board lanes now share one drift gate.

The hosted web surface now treats validationContract.driftDetected as a first-class operator signal. Bootstrap consumers, readiness flows, and Exec Board escalation all read the same expected vs reported suite counts before trusting a passing summary.

Open Exec Board briefing

Plugin bootstrap

First-run startup package exposing validationContract for plugin trust gating.

/api/paperclip/plugin-bootstrap

Product readiness

Provider-stack posture plus mirrored validationContract and drift detection.

/api/paperclip/product-readiness

Exec Board briefing

Board escalation lane with validationContract carried alongside posture and pressure metrics.

/api/paperclip/exec-board-briefing

Control-plane examples

Machine-readable healthy vs drift examples for bootstrap, readiness, and briefing consumers.

/api/control-plane/examples

summary missing/var/task/tmp/hosted-contract-suite-summary.json

live drift detectedexpected 6reported 0missing 6

Contract rule: if driftDetected is true, operators should treat the hosted suite snapshot as incomplete until the manifest and reported steps are realigned.

Live validation surface: /api/paperclip/validation-summary

Operator summary routes

Overview, summary, and briefing lanes now carry the same governance action contract.

Higher-level Paperclip summary surfaces now expose the same plugin-governance lane split used by bootstrap, readiness, curated first-party packages, and raw governance reads. That means operators can stay on summary routes and still tell how much work is navigation versus executable API action.

Open control-plane summary

Developer overview

Developer-scope bridge, workflow, and operator activity summary now carrying plugin-governance lane splits.

/api/paperclip/developer-overview

Control-plane summary

High-level operator summary for bridge, finance pressure, governance posture, and plugin-governance action lanes.

/api/paperclip/control-plane-summary

Exec Board briefing

Escalation briefing with validation drift, board pressure, and plugin-governance lane summaries.

/api/paperclip/exec-board-briefing

Shared governance lane summary

These operator-summary endpoints now carry the same actionableSummary contract used by plugin bootstrap, product readiness, curated plugins, and raw plugin governance.

next actions 3listings 5next nav 1next api 2listing nav 2listing api 3

Plugin governance contract

Listing-scoped reads and hosted governance writes now share one contract.

The hosted governance lane supports broad inventory reads, promotion-focused filters, and direct single-listing lookups by listingId or slug. The same contract now carries executable governance actions for review, release posture changes, and GameWorlds first-party promotion. Service-token POST writes still require x-agent-space-request-id for replay protection.

Open full plugin contract

All listings

Full Exec Board governance inventory across review state, readiness, and promotion posture.

/api/paperclip/plugin-governance?scope=all

Published only

Promotion-ready published lane for featured, live, and first-party review work.

/api/paperclip/plugin-governance?scope=published

Pending only

Review-required and planned listings that still need governance decisions or package cleanup.

/api/paperclip/plugin-governance?scope=pending

Single listing template

Listing-scoped governance read lane for Paperclip, dashboards, and operator deep links.

/api/paperclip/plugin-governance?scope=all&slug=gameworlds-runtime-toolkit

Action summary contract

Hosted governance reads now expose a lane split between top-level queue actions and per-listing actions, with each lane reporting how much is pure navigation versus immediately executable API work.

next actions 3listings 5next nav 1next api 2listing nav 2listing api 3

{
  "nextActions": 3,
  "listings": 5,
  "nextActionDescriptors": {
    "total": 3,
    "navigations": 1,
    "apiRequests": 2
  },
  "listingActionDescriptors": {
    "total": 5,
    "navigations": 2,
    "apiRequests": 3
  }
}

Write contract

POST /api/paperclip/plugin-governance with x-agent-space-request-id. Top-level nextActions may now include both navigate and executable api_request actions.

Review listing

api request

Approve, reject, or request changes through the hosted Exec Board moderation lane.

{
  "action": "review_listing",
  "payload": {
    "listingId": "00000000-0000-0000-0000-000000000000",
    "decision": "approved",
    "reviewNotes": "Approved after Exec Board review.",
    "moderationReason": "release_promotion",
    "riskFlags": []
  }
}

Update governance

api request

Change featured state, visibility, and release stage for already-published packages.

{
  "action": "update_governance",
  "payload": {
    "listingId": "00000000-0000-0000-0000-000000000000",
    "featured": true,
    "visibility": "public",
    "releaseStage": "live"
  }
}

Fast-track to GameWorlds

api request

Promote an install-ready published listing into the GameWorlds-curated first-party lane.

{
  "action": "fast_track_gameworlds",
  "payload": {
    "listingId": "00000000-0000-0000-0000-000000000000",
    "featured": true
  }
}