v0.1 as of 2026-05-14

Honest Status

What is shipped. What is stubbed. What is not yet built. No inflated metrics, no fake customers, no security claims that cannot be defended.

Shipped

(19)

✓Public landing page with hero, problem, capability passport overview, prompt-vs-native explainer
✓Public registry preview with 10 seed packages
✓Capability Passport detail pages for all 10 seed packages
✓Manifest Spec v0.1
✓Capability Passport Spec v0.1
✓Install Receipt Spec v0.1
✓Policy Pack Spec v0.1
✓Prompt-URL-Install Spec v0.1
✓LLM-readable site install card at /llms.txt (text/plain)
✓LLM-readable per-package install cards at /packages/[slug]/llms.txt (text/plain)
✓Machine-readable registry endpoint declaration at /.well-known/apai.json
✓Honest status page (this page)
✓Security baseline page
✓Pricing preview page
✓Private registry beta and waitlist pages
✓Publisher application page
✓JSON Schemas for manifest, passport, receipt, policy
✓CLI scaffold under packages/cli/ (commands print stub output and write local receipts)
✓Install Card Verification: per-package install cards include a SHA-256 Checksum line. Agents echo it back; POST /api/install/verify validates. Catches LLM fabrications about which card was loaded. Does NOT enforce runtime behavior - that is the Policy Pack story.

Stubbed

(5)

Exists in code; not yet functional in the way the spec describes.

~CLI install behavior: apai search/install/passport/audit/rollback commands exist but print placeholder output and do not yet fetch real packages
~Scanner: lib/scanner.ts checks suspicious patterns and hidden Unicode only; real prompt-injection, OAuth-scope, and dependency scanning lands in Phase 5
~Waitlist form: submits to /api/waitlist but persistence is in-memory only; Phase 4 adds Neon Postgres + Resend confirmation email
~Audit API: /api/audit/package returns the scanner stub findings; real audit pipeline lands in Phase 5
~Install preview / receipt API: /api/install/preview and /api/install/receipt return example payloads; real install flow lands in Phase 1

Not built

(11)

Roadmap items. Not present in any form yet.

○User accounts, sessions, authentication, billing (Phase 4)
○Real CLI install behavior (Phase 1)
○Remote MCP gateway at mcp.apai.run (Phase 6)
○Private workspaces and approval queue (Phase 5)
○Publisher verification and package signing (Phase 6)
○Audit log export (Phase 5)
○Real prompt-injection, OAuth-scope, and dependency scanning (Phase 5)
○Multi-tenant database (Phase 4)
○Stripe billing integration (Phase 4)
○Workspace policies and runtime enforcement (Phase 5)
○Trademark clearance for APAI name (legal track, not engineering)

Notes

·APAI is a trust wrapper. The CLI does not replace npm, pip, brew, cargo, gh skill, gemini extensions, claude connectors, or any other package source. It wraps the underlying installer, adds a Capability Passport + scanner + receipt, and exposes a rollback command. v0.1 ships the CLI scaffold; multi-source routing (npm:, pip:, brew:, cargo:, gh:, gemini:, claude:, hf:, mcp:) lands in Phase 1.
·Three install modes by where the install lands: local-tool (user's machine, durable receipt) for Claude Code / Codex / Cursor / Gemini CLI / Aider / Local CLI; cloud-sandbox (session-scoped sandbox owned by the LLM provider, ephemeral) for ChatGPT code interpreter / Claude.ai code execution / Gemini Workspace; remote-connector (no software fetched, just a URL added to the client) for Claude.ai custom connectors / xAI Grok remote MCP / ChatGPT Apps SDK.
·The framing 'LLMs cannot install software' that appears in some LLM provider docs is a CYA statement about specific browser sandboxes, not a property of LLMs. Tool-enabled agents install software constantly. APAI is honest about where the install lands instead.
·APAI.run is an independent product. It is not a child product of GriffAI, GriffHQ, PromptGate, or any other AI platform. Possible future working relationships are not shared ownership.
·The 10 seed packages in the registry are reference implementations authored by apai-official to demonstrate the manifest, passport, and install-card shape. Public publisher submission opens with Phase 4.
·Install card verification uses SHA-256 (SubtleCrypto) with deterministic canonicalization: rstrip trailing whitespace per line, normalize line endings to LF, exclude the Checksum line itself before hashing. The checksum is embedded after the title line. Verification endpoint: POST /api/install/verify returns { valid, expectedChecksum, agentReportedChecksum, reason? }.