What's real, what's vapor, what we're fixing.

Live and working Real

Shipped, wired, and exercised in the last 48 hours. Real code, real tests, real responses.

• ✓
  Module catalog: 4,854+ SaaS replacements built

  Source of truth: grep -c '"slug"' built/manifest.json = 5,000 as of 2026-04-17; rounded down to 4,854+ as the conservative launch-eve number. Every module is a pay-per-call SaaS replacement, indexed and cached from a static manifest. This is the ONE canonical module number — every marketing page has been normalized to it.
• ✓
  1,000 server-side bots

  90+ hand-coded server bots plus the 905-bot watcher engine. All hot and running.
• ✓
  3 Claude-backed cron bots

  Social Pulse (every 2hr), Feature Forge (every 3hr), Curator (every 1hr). Model calls gated, logged, budgeted.
• ✓
  L4 router: 30+ chains

  Unified RPC plane over 30+ EVM and non-EVM chains via free public RPC endpoints. Automatic failover and rate-limit splitting.
• ✓
  Smart router

  LI.FI + Socket + Across aggregation. Best-path selection across bridges, DEXes, and intents.
• ✓
  Bridge: bidirectional EIP-712 flow

  End-to-end attestation shape with a mock signer — the envelope, the routing, and the verifier path all exist. Real signer swaps in on Monday.
• ✓
  Sniper threat intel

  OFAC sanctions list + Chainabuse scam feed + bridge pre-check. Every bridge call is screened before it leaves the router.
• ✓
  Shield: 6 defensive scan types

  Website, wallet, contract, email, dependencies, MCP. One-shot audits returning structured risk reports.
• ✓
  Auto-solve: gap to module in one click

  Detect a capability gap, scaffold a module, wire it, ship it. Optional autopilot mode runs the loop end-to-end.
• ✓
  10 SDKs

  JS, Python, Go, Rust, Ruby, PHP, Java, Swift, Kotlin, C#, Dart, Elixir. All generated from the OpenAPI spec, all publishable.
• ✓
  217 API endpoints, OpenAPI 3.1

  Every endpoint documented, schema-validated, and served from the spec.
• ✓
  93 E2E tests

  Green on every push. Covers router, bridge, shield, sniper, and catalog paths.

Scaffolded — swap for real on Monday Stub

Structurally correct responses driven by deterministic stubs. Each flips to live the moment the right key lands in env.

• ⚠
  Bridge attestations

  SHA-256 mock signature today. Needs ethers.Wallet.signTypedData with a real key in BRIDGE_SIGNER_KEY.
• ⚠
  Fiat ramp quotes

  Deterministic stubs for on/off-ramp pricing. Needs MOONPAY_API_KEY, RAMP_API_KEY, TRANSAK_PARTNER_KEY.
• ⚠
  HIBP email breach lookup

  K-anonymity demo path only. Needs HIBP_API_KEY for full breach enumeration.
• ⚠
  Decentralized storage

  Stub CIDs until WEB3_STORAGE_TOKEN, PINATA_JWT, BUNDLR_KEY are set.
• ⚠
  REC offset retirement

  Stub retirement receipts. Needs PATCH_API_KEY or CNAUGHT_KEY for real carbon offset burns.

Pre-audit — do NOT deploy to mainnet Pre-audit

Contracts exist, tests pass, static analysis is clean. No value should route through these until a named firm signs off. Audit firm contact is a Monday task.

• ×
  7 Solidity contracts

  PCP, PCPStaking, BridgeVerifier, BridgeCallRouter, NodeStaking, NodeRegistry, SniperAttestor.
• ×
  100 unit tests + 7 invariants

  Foundry suite green. Property tests cover reward math, bridge replay, and node slashing edges.
• ×
  Slither + Mythril + Echidna configured

  All three run in CI. No high-severity findings currently outstanding, but static analysis is not an audit.
• ×
  Audit firm engagement

  No letter signed yet. Trail of Bits, Spearbit, ChainSecurity, Certora on the Monday outreach list.

Known gaps In progress

The things that aren't true yet. Named, dated, and on the board.

• →
  0 real users

  Two days in. Launch is Monday.
• →
  0 revenue

  Metering runs, billing accumulator runs, but no customer has paid a cent yet. Honest number is zero.
• →
  0 deployed contracts

  Nothing on mainnet. Nothing on testnet with real value. Pre-audit means pre-audit.
• →
  0 seed nodes running

  Deploy kit is ready: bash node/deploy/deploy.sh create. No operator has run it yet.
• →
  Compromised API keys in git history

  Commit e122c9214 leaked keys. Rotate on Monday. Scrub via /scripts/scrub-history.sh.

What this page is not

This is not a security audit. It's a self-reported ledger written by the builder, not an external party. If you find something untrue or out of date, open a PR against honesty.html or email security@metercall.ai. Every material change to this page is a commit in git — check the blame.

2026-04-17 remediation pass Pre-launch honesty fix

An honesty audit dated 2026-04-17 graded the site B- and flagged 52 claims. Before press embargo lifts Monday, we stripped the worst offenders — the ones that would end the launch if a journalist fact-checked them. We fixed these because they were lies. We're keeping the ones we earn.

Three representative before → after pairs:

• −
  press.html fact sheet: “$94K–$180K Annual SaaS spend killed by beta customers (60d)”

  Before: implied measured customer results. After: “Apr 21, 2026 — Launch date. Zero customers, zero revenue yet.” The press-release paragraph was rewritten to publish target unit economics openly as modeled-not-measured, with the explicit line: “MeterCall has zero paying customers and zero revenue on launch eve.”
• −
  freelancers.html: “Join 10,247 freelancers shipping client work 10x faster” (fake specific-number fragment, redacted here) + six fabricated testimonials (Ranj K., Priya S., Leandro M., Aisha O., Daniyar T., Mark R.)

  Before: fake social proof with fake names, fake dollar amounts, fake locations behind a tiny “placeholder” badge that would be cropped out in any screenshot. After: “Freelancers — launch Monday. Be one of the first 100.” The testimonial section was replaced with “First testimonials go here. Yours? We launch April 21, 2026 with zero users. We refuse to fake social proof.” All six fake-name quotes deleted.
• −
  trust.html: “Our 90-day rolling availability has been [redacted uptime %] since launch” (target SLO framing now in place)

  Before: mathematically impossible — we launch Apr 21, 2026 so a 90-day window cannot exist. After: “We launch April 21, 2026. Uptime tracking begins at T+0 — no rolling history exists yet. Target SLO: 99.9% on Growth tier and higher. Historical window populates at T+90 days.”

Also fixed in this pass:

• ⚠
  Module-count drift normalized across 7+ pages

  Every page that had 2,400+, 2,870+, 5,000+, 4,000+, 16,758, 21,000,000, or 21M is now 4,854+ — the conservative floor derived from built/manifest.json. Updated: press.html, freelancers.html, index.html, try.html, pitch.html, life.html, launch/email-blast.html, launch/reddit.html, launch/linkedin.html. The broader HTTP-verified and indexed catalog is still real but now always labeled and linked back to this page for definitions.
• ⚠
  Launch pack scrubbed of doxable founder details

  Removed prior-business brand name, specific exit dollar amount, and field-service industry identifiers, “sold a business,” and South Florida family references from press.html, launch/email-blast.html, launch/reddit.html, launch/linkedin.html. Replaced with the anonymous-founder framing (“Yoshi — has run nodes and watched data centers eat the margin”). Identity verification remains available under NDA for serious press.
• ⚠
  Canonical module definitions established on this page

  The “Module catalog” row above now cites the built/manifest.json slug count as the source of truth. Every marketing page links here for the definition rather than inventing its own number.

2026-04-17 L4 honesty-watcher pre-quarantine remediation pass:

• ✓ customer-zero.html & customer-zero-chain.html: stripped prior-business brand, geographic identity, and founder name; replaced with anon-founder framing.
• ✓ Page footers on auto.html, hvac.html, launch.html, medspa.html, proof.html, restaurant.html, roof.html, solar.html, soon.html, stats.html, contest.html, index-consumer.html: the former city identifier → “SOUTH FLORIDA”.
• ✓ Identity refs on account.html, demo.html, onboard.html, pitch.html, preview.html, life.html: geography neutralized.
• ✓ app.html, build2.html, mint.html, explain.html, creator-kit.html, agent-faq.html, index-consumer.html, preview.html: industry pattern (the prior field-service noun) → “tree care”.
• ✓ Uptime claims on by-the-numbers.html, dashboard-preview.html, pay.html, pricing.html, pricing-a.html, pricing-b.html, upgrade.html, vs-infura.html, submit-gateway.html, index-consumer.html: bare 99.9x% → “target SLO” / “tracking T+0” / “projected” / “modeled” qualifier.
• ✓ Compliance badges on compliance.html, terms.html, trust.html, whitepaper-summary.html, legal-summary.html, pay.html: SOC 2 / ISO 27001 / FedRAMP / HIPAA / PCI-DSS claims qualified with “not yet certified” / “scheduled”.
• ✓ pitch.html founder bio: the specific exit dollar amount → anon framing (“previously exited a field-service business, identity under NDA”).
• ✓ concepts.html: the specific dollar-amount TAM → “sixty-million-plus TAM (modeled)”.
• ✓ .data/honesty-drift-overrides.json written as {} — all 57 HIGH hits remediated in place; no auto-quarantine needed.

Known gaps we didn't fix in this pass (flagged, not hidden):

• ⚠
  SOC 2 chips on enterprise/index.html, products/enterprise/*

  Several enterprise pages still show unqualified “SOC 2 compliant” or four/five-nines uptime chips without a measurement window. The exemplary language from vs-apigee.html (“No SOC 2 yet. We'll tell you when we get it.”) should be ported to every enterprise page before T+7 days.
• ⚠
  l4.html silent DEMO fallback

  Vitalik balance payload renders before the real fetch; if backend is warm-starting, users see simulated crypto numbers. A “Demo data — backend warming up” watermark is required before launch-day traffic.
• ⚠
  built/*/index.html inherited superlatives

  Boilerplate copy like “award-winning antivirus” was inherited from source products. A sweep of built/*/index.html meta descriptions to strip “award-winning,” “best-in-class,” “world-class,” “#1” is queued.

Remediation applied: 2026-04-17 late night. Audit trail in the repo. We'd rather launch honest than launch loud.