# Availability And Readiness

**Status:** Live customer decision guide for Supply-Y Protocol 1.0. The current status snapshot is generated from the immutable Release Manifest, public Agent Bundle and Agent Conformance Profile; this guide does not turn an unavailable implementation surface into a production claim.

## Read the protocol and the product separately

Protocol 1.0 is the stable cross-company contract. Its object semantics, API shape, cryptographic profile, event behavior, security boundary and compatibility rules are versioned and digest-pinned.

Product availability is a different question. A stable protocol does not imply that the hosted API, public SDK distribution, production Skill signing trust or certification program is generally available. The status matrix above keeps those claims separate.

## Choose the path that matches your decision

Use the public evaluation path when a technical team wants to inspect exact contracts, validate fixtures, run the [Hosted Agent Sandbox](/sandbox) or implement the protocol in an existing Agent. The Sandbox issues a 60-minute test token and executes signed Policy Receipts, encrypted Packages, receipts and audit evidence with fictional data. It requires no customer account, production credential or repository access.

Use the managed-pilot path when two named companies have one bounded decision loop to test. The pilot starts with fictional or sanitized data, customer-controlled keys and explicit stage gates. It is not an automatic production rollout.

Do not make a production dependency decision from the stable protocol label alone. A production procurement decision still needs generally available service endpoints, production trust roots, operating commitments and implementation-specific certification evidence.

## What must exist before a production claim

The production answer changes only when the missing evidence changes. Supply-Y must publish and verify:

1. a generally available production API with operating commitments; the public Sandbox is evaluation evidence, not a production endpoint;
2. a protected production Skill signing root with rotation, revocation and retained release history;
3. supported implementation distribution, including a public SDK path where promised;
4. interoperability with an independently maintained external Agent plus customer KMS or HSM evidence; the repository-local Node.js-to-Python path already passes;
5. a Catena-X partner interoperability result for the EDC path;
6. an external security and privacy review plus a time-limited certification program.

Until then, the public materials support local evaluation and a controlled pilot, not an unsupported production-readiness claim.

## Evidence stays portable

Customers can retain the Protocol 1.0 Manifest and digest, Bundle, fixtures, conformance results, Connection Profile digest, Package and receipt identifiers, signatures and ciphertext-safe audit evidence. The evidence does not require Supply-Y to hold customer private keys or business plaintext.

Continue with the [Hosted Agent Sandbox](/sandbox) for a live fictional exchange, [Getting Started](/docs/getting-started) for local evaluation, [Plan a Managed Pilot](/docs/pilot) for a bounded two-company test, or [Protocol 1.0 Release](/docs/release) to inspect the immutable publication.

## Current manifest-backed snapshot

- **Protocol release:** Protocol 1.0 (stable)
- **Published:** 2026-07-14T00:00:00Z
- **Release inventory:** 15 pinned artifacts; 12 normative
- **Public Agent Bundle:** 55 artifacts; customer data included: no
- **Evaluation evidence:** 7 valid fixtures; 17 rejection fixtures; 9 Agent checks
- **Transport modes:** native, catena_x

| Surface | Status | Published evidence | Customer action |
| --- | --- | --- | --- |
| [Protocol contract](https://supply-y.net/docs/release) | Protocol 1.0 stable | 15 digest-pinned release artifacts; 12 are normative. | Pin and implement the immutable release. |
| [Public Agent Bundle](https://supply-y.net/protocol/1.0/bundle.json) | Available now | 55 public implementation and conformance artifacts; no customer data. | Evaluate in any Agent language without repository access. |
| [Local conformance](https://supply-y.net/docs/conformance) | Available now | 9 language-neutral Agent checks, 24 fixtures and a passing Node.js-to-Python Agent path. | Run locally and retain your own evidence. |
| [Hosted Agent Sandbox](https://supply-y.net/sandbox) | Public evaluation | Short-lived Bearer sessions exercise signed Policy Receipts, Native ciphertext, idempotency, recipient receipts, notifications and hash-chained audit evidence against the Protocol 1.0 API shape. | Use fictional fixtures only; retain the run result as evaluation evidence. |
| [Managed two-company pilot](https://supply-y.net/docs/pilot) | Available by agreement | One bounded loop, customer-controlled keys, explicit stage gates and portable closeout evidence. | Begin with fictional or sanitized data. |
| [Production Hosted Agent API](https://supply-y.net/docs/api) | not generally available | The public evaluation Sandbox is available, but the stable OpenAPI contract still does not claim a generally available production endpoint or SLO. | Do not create an unsupported production dependency. |
| [TypeScript SDK distribution](https://supply-y.net/docs/sdk) | preview source | Reference source is validated, but public registry distribution is not available. | Use the public protocol-contract profile unless access is authorized. |
| [Production Skill publisher trust](https://supply-y.net/docs/skills) | test only | Current signing material proves verification mechanics and cannot authorize production exchange. | Keep production activation disabled. |
| [Production certification](https://supply-y.net/docs/conformance) | not yet available | Reference conformance evidence is not a time-limited certificate for a customer implementation. | Require implementation-specific evidence before production use. |

Source: [Protocol 1.0 Release Manifest](https://supply-y.net/protocol/1.0/manifest.json), [Agent Bundle](https://supply-y.net/protocol/1.0/bundle.json) and [Agent Conformance Profile 1.0](https://supply-y.net/agent-conformance/1.0/profile.json).

---

Canonical HTML: [Availability and Readiness](https://supply-y.net/docs/readiness)
Agent documentation index: [llms.txt](https://supply-y.net/llms.txt)
