Exchange quickstart — bRRAIn Docs

Submit your first skill / plan / standard / project to the Exchange, pass Zone 7 security scans, get approved, and receive 75% of every sale directly in your Stripe Connect balance.

Exchange quickstart

Exchange is the security-verified marketplace at exchange.brrain.io for four kinds of reusable bRRAIn artifacts:

  • Skills — prompt + tool manifests plugged into any bRRAIn instance
  • Plans — multi-step agent playbooks
  • Standards — reference ontologies or document schemas
  • Projects — entire pre-populated Vault workspaces

Every submission is scanned (Zone 7 static sweep) and sandboxed (Zone 8 microVM) before listing. The platform takes 25% of each sale; 75% lands in the submitter's Stripe Connect balance automatically.

Prerequisites

  • Active bRRAIn subscription or a certification + verified bRRAInUserID
  • A Stripe Connect account with payouts_enabled = true
  • Your bundle (a folder or tarball) containing the skill/plan/standard/project

1. File a submission

curl -X POST https://exchange.brrain.io/api/v1/exchange/submissions \
  -H "Content-Type: application/json" \
  -d '{
    "submitter_user_id": 123,
    "type": "skill",
    "title": "PDF table extractor",
    "short_description": "One-shot extraction of all tables from a PDF into typed JSON.",
    "long_description": "Handles merged cells, multi-page tables, and OCR'd scans.",
    "price_cents": 1999,
    "tags": ["pdf", "extraction", "tables"]
  }'

The submission enters state=queued awaiting the scanner pipeline.

2. Eligibility check

Before filing in real flow, check that your account is eligible:

curl https://exchange.brrain.io/api/v1/exchange/eligibility/{user_id}

Returns either {"Eligible": true, "Reason": "active_subscription"} or {"Eligible": false, "Reason": "need_certification", "Route": "https://learn.brrain.io?..."} pointing at the cleanest remediation path.

3. Zone 7 scan

Once your bundle is uploaded, trigger the scan:

curl -X POST "https://exchange.brrain.io/api/v1/exchange/submissions/{slug}/scan" \
  -H "Content-Type: application/json" \
  -d '{
    "files": [
      {"path": "README.md", "content": "..."},
      {"path": "skill.yaml", "content": "..."},
      {"path": "LICENSE",    "content": "..."}
    ]
  }'

The pipeline runs five scanners in parallel:

| Scanner | Catches | |---|---| | secrets | AWS/Stripe/Anthropic/GitHub tokens, PEM private keys | | malware_hash | SHA-256 match against platform denylist | | license | AGPL/GPL/Commons-Clause/non-commercial signals | | pii | US SSN, credit card, email, phone patterns | | dep_denylist | Known-compromised npm/go/pip packages |

Each scanner emits a report with severity (info / low / medium / high / critical) and findings. The aggregate verdict is:

  • pass → state=review (admin-queue approval)
  • review → state=review with medium-severity notes
  • block → state=quarantined (admin override required)

4. Admin approval

An admin reviews the submission in the console, inspects the scan findings, and approves. On approval:

  1. State transitions to approved, published_at stamped now.
  2. A Stripe Product + one-time Price are auto-created on the platform account.
  3. The listing goes live at exchange.brrain.io/listing/{slug} and in full-text search on brrain.io/exchange.

5. Sales arrive

When a buyer clicks Buy for $N.NN, they're sent to a Stripe Checkout Session with:

  • application_fee_amount = 25% of gross
  • payment_intent_data.transfer_data.destination = your Stripe Connect account

Stripe handles the charge, deducts the 25% platform fee, and routes 75% directly to your Connect balance. Your checkout.session.completed webhook records the purchase in exchange_purchases with the precise platform/submitter split.

You get two emails automatically:

  1. Purchase receipt (to the buyer) with access instructions
  2. Payout posted (to you) confirming the transfer

6. Track your earnings

curl https://exchange.brrain.io/api/v1/exchange/submitters/{your_user_id}

Returns aggregate earnings, listing counts by state, review count/average, last purchase timestamp.

Reviews

Confirmed buyers can leave reviews (1–5 rating + title + body):

curl -X POST "https://exchange.brrain.io/api/v1/exchange/submissions/{slug}/reviews" \
  -H "Content-Type: application/json" \
  -d '{"buyer_user_id": 456, "rating": 5, "title": "Works first try", "body": "..."}'

The buyer-only guard requires a matching non-refunded exchange_purchases row — reviews can't be faked.

Non-human submitter cap

Bots and agents can submit via non_human: true, but are limited to 3 submissions per 24-hour window per submitter ID. Exceeding returns 400.

What's next

  • API Overview — full endpoint reference across all three surfaces
  • bR2bR quickstart — verified identity required for the cert+ID eligibility path