{"type":"dev.nipmod.agent-launch-activation.v1","updatedAt":"2026-06-06","status":"ready_for_agent_host_activation","objective":"Turn Nipmod from a useful package decision API into a clear agent-host product surface: onboard, prove, convert, announce and keep the risk radar useful without spam.","priorities":[{"id":"agent-onboarding","name":"Agent onboarding","status":"live","surface":["/agents","/api-access","/agent-activation-pack.json","/agent-launch-activation.json"],"doneWhen":"A host can issue a key, call /api/decision, understand the approval packet and avoid workspace writes in one pass."},{"id":"public-benchmark","name":"Public search and decision benchmark","status":"live","surface":["/benchmark","/benchmark.json","/proof"],"doneWhen":"A skeptical builder can see the measured question, score limits, source scope and safe claims without reading code."},{"id":"conversion-flow","name":"Website conversion","status":"live","surface":["/","/chat","/login","/account","/agents","/api-access","/proof"],"doneWhen":"Agent builders have a direct route from the first page to a key, a decision call and proof links."},{"id":"x402books-proof","name":"x402Books proof announcement","status":"draft_until_verified","surface":["/proof","/agent-launch-activation.json","https://x402books.xyz/registry/nipmod"],"doneWhen":"The queued state is documented and the Verified announcement is ready without claiming approval early."},{"id":"risk-radar","name":"Agent Package Risk Radar","status":"expanded","surface":["/agent-risk-radar","/agent-risk-radar.json"],"doneWhen":"The radar has review cards, an opt-in workflow, no-spam rules, expansion backlog and post kit."}],"onboarding":{"headline":"Connect an agent in 60 seconds.","promise":"Issue a key, call /api/decision, show the selected package, gate, approval packet and install boundary, then stop until the user or host approves.","hostRecipes":[{"host":"Codex, Claude, Cursor or custom HTTPS agent","setup":"Add the Nipmod instruction to the project or system prompt.","firstCall":"curl -s -X POST 'https://nipmod.com/api/keys/beta' -H 'content-type: application/json' -d '{\"label\":\"agent-host\"}'","decisionCall":"curl -s 'https://nipmod.com/api/decision?q=zod%20schema%20validation&sources=npm&limit=5' -H 'x-nipmod-api-key: <key>'","expectedOutput":["selected.id","decision.recommended.gate","approvalPacket.approval.status","agentHandoff.next.actionId"]},{"host":"MCP host","setup":"Register https://nipmod.com/api/mcp as a read-only remote MCP endpoint with x-nipmod-api-key.","firstCall":"POST https://nipmod.com/api/mcp method=initialize","decisionCall":"tools/call name=nipmod.package_decision with query and sources","expectedOutput":["tool result decision","approval boundary","no hosted workspace writes"]},{"host":"Account based agent","setup":"Create a persistent key at /account, then store it in the host secret manager.","firstCall":"Open https://nipmod.com/account","decisionCall":"GET https://nipmod.com/api/decision with x-nipmod-api-key","expectedOutput":["account key id","decision receipt","optional saved sandbox receipt path"]}],"requiredAgentBehavior":["Show the selected package, source, trust score, risk and gate.","Show warnings, blockers and requirements before approval.","Show the install command as review data only.","Do not install, clone, enable tools, load models, run code or write files before approval.","If the query is broad, ask what stack, language or website type the user means before choosing a package."],"failureStates":["No API key: issue a beta key or send the user to /account.","Review gate: ask the user or host policy to review evidence before approval.","Blocked gate: do not request approval until blockers are resolved or a safer alternative is selected.","Source outage: show the partial source report and avoid pretending the result is complete."]},"benchmarkProof":{"headline":"Public preflight benchmark.","measuredQuestion":"What can an agent know before installing, pulling, reusing or connecting external software?","publicClaims":["Nipmod benchmarks pre-install decision evidence, not generic security company quality.","The hosted benchmark performs zero installs, clones, artifact unpacking, model execution or workspace writes.","The score is authored by Nipmod and keeps that limitation visible."],"proofLinks":["https://nipmod.com/benchmark","https://nipmod.com/benchmark.json","https://nipmod.com/source-quality","https://nipmod.com/proof"],"avoidClaims":["Do not claim independent audit status.","Do not claim malware-free safety.","Do not use the score as proof that every source package is safe."]},"conversionFlow":{"primaryAction":"Create key","primaryPath":"/account","secondaryAction":"Run a decision","secondaryPath":"/chat","visitorPaths":[{"audience":"Agent host builder","entry":"/agents","firstAction":"Copy the 60-second instruction and call /api/decision.","proof":"/agent-activation-pack.json"},{"audience":"Security reviewer","entry":"/proof","firstAction":"Check source families, benchmark limits, x402Books state and no-execution boundary.","proof":"/benchmark.json"},{"audience":"Partner or marketplace","entry":"/agent-risk-radar","firstAction":"Review the no-spam radar, opt-in workflow and launch copy.","proof":"/agent-risk-radar.json"},{"audience":"Normal builder","entry":"/api-access","firstAction":"Create a key and paste one decision request.","proof":"/api/openapi"}]},"x402BooksAnnouncement":{"status":"manifest_queued_for_verification","registryProfile":"https://x402books.xyz/registry/nipmod","manifest":"https://github.com/nipmod/nipmod/blob/main/.x402books/wallets.json","queuedUpdate":"Nipmod is queued for x402Books verification. The public manifest declares the $NPM token contract separately from the owner/operator signing wallet, and decision events are already live with agent_id=nipmod.","verifiedXPost":"Nipmod is now verified on x402Books. This is our first public integration proof: Nipmod records the package decision, x402Books tracks the downstream outcome. Agents get a clearer view of what they installed, why they installed it and what changed after that decision. @x402Books https://x402books.xyz/registry/nipmod","verifiedDiscordPost":"Nipmod is now verified on x402Books. This gives our agent package decision layer a public registry profile with the $NPM token contract, owner/operator wallet declaration and live decision-event delivery. The integration is simple: Nipmod tracks the software decision, x402Books tracks the outcome layer."},"riskRadarExpansion":{"headline":"Turn risk into opt-in proof.","operatingMode":"Use owned pages, JSON reports and maintainer opt-ins. Do not create unsolicited GitHub issues, PRs, reviews, comments or negative package leaderboards.","expansionBacklog":["JSR TypeScript package provenance card","Terraform provider permission boundary card","Helm chart cluster permission card","Base agent SDK onchain action card","MCP server credential minimization card"],"optInWorkflow":["Maintainer requests a card or badge.","Nipmod runs a decision receipt with public metadata only.","Maintainer reviews evidence gaps and can submit corrections.","The card links to the decision path and owner-controlled notes.","Badge or GitHub Action is offered only after opt-in."],"weeklyCadence":["Publish one neutral card.","Publish one positive owner-improvement example.","Collect maintainer opt-ins.","Convert the highest-interest card into a deeper case study."]},"publicProofLoop":{"status":"ready","rule":"Publish owned proof and opt-in maintainer improvements. Do not create unsolicited GitHub issues, PRs, reviews, comments or negative package callouts.","weeklySchedule":[{"cadence":"Monday","surface":"X and Discord","output":"One neutral agent package decision card with source, trust score, risk, gate and no-execution boundary."},{"cadence":"Wednesday","surface":"Website and JSON","output":"One source-depth or benchmark proof update that links to machine-readable evidence."},{"cadence":"Friday","surface":"Discord and X","output":"One owner-improvement or maintainer opt-in example, never a public shame post."}],"readyNowPost":"Agents are starting to make package decisions by themselves. Nipmod's job is simple: ask for missing context, compare the right source families, show trust and risk evidence, and keep install actions blocked until approval. The safer path is not slower. It is clearer.","x402VerifiedPostGate":"Use the x402Books collaboration announcement only after the Nipmod registry profile is marked Verified. Until then, say the manifest is queued for verification."}}