Marmo Privacy ← Back to home
Product Roadmap

8 Months
Post-MVP

July 2026 — February 2027 Last updated: June 2026

This roadmap covers the eight months following the Marmo Privacy MVP launch. The MVP delivers: smart contract deployment on Base mainnet, a functional Telegram mini app, a desktop app for macOS/Windows/Linux, the @usemarmo/base-sdk npm package, and core stealth address infrastructure. Everything on this roadmap builds on that foundation.

Month 1 · Jul 2026
Production Hardening
Turn the MVP into a production-grade system.
  • Smart contract audit

    Commission and complete a third-party security audit of MarmoAccount.sol and MarmoAccountFactory.sol. Resolve all findings before proceeding to scale.

  • Bundler integration

    Connect desktop and Telegram apps to a production bundler (Pimlico or Alchemy) so UserOps are reliably submitted on-chain without manual configuration.

  • Dynamic gas estimation

    Replace hardcoded gas limits with live estimation. Prevent failed UserOps due to insufficient gas or stale limit assumptions.

  • Rate limiting and abuse protection

    Harden the co-signer API against spam and denial-of-service patterns. Introduce per-wallet and per-IP request limits.

  • Error monitoring

    Integrate production error reporting on both the co-signer and Telegram app for real-time visibility into failures.

Month 2 · Aug 2026
Full Stealth Receive
Complete the stealth address receive flow so users can detect and spend incoming stealth payments.
  • Stealth scanning

    Implement ERC-5564 Announcement event scanning. The wallet scans from the last synced block and identifies incoming payments destined for the user's view key.

  • Stealth sweep

    Automatically build and submit a UserOp that sweeps detected stealth UTXOs into the main smart account.

  • Receive inbox UI

    Replace the static meta-address display with an active inbox showing pending and confirmed stealth receives with timestamps and amounts.

  • Announcer contract

    Deploy the ERC-5564 Announcer contract on Base to standardise announcement publishing for all Marmo sends.

Month 3 · Sep 2026
Swap and Multi-Token
Let users swap tokens natively without leaving the wallet.
  • Uniswap V3 swap integration

    Route swaps through Uniswap V3 on Base. Show price impact, slippage, and fee breakdown before confirmation. No third-party frontend required.

  • Multi-token support

    Display and send WETH, USDT, DAI, cbBTC, and any ERC-20 held in the wallet. Token list sourced from the Uniswap default token list.

  • Live USD pricing

    Show real-time USD values for all token balances on the dashboard. Refresh every 30 seconds.

  • Transaction history

    Persist a local transaction history on both surfaces showing sent, received, and swap activity.

Month 4 · Oct 2026
Desktop App v1.0
Ship the desktop app as a polished, signed, auto-updating release.
  • Code signing

    Sign macOS (.dmg), Windows (.msi), and Linux builds. Remove "untrusted developer" warnings on first launch.

  • Auto-update

    Ship Tauri's built-in updater so users receive patches without reinstalling.

  • Key rotation UI

    Allow users to rotate Shard A or Shard C from within the app, sweeping funds to a new account. Essential after any shard compromise.

  • USB drive shard flow

    Guide new users through writing Shard A to a USB drive instead of the OS keychain, for air-gap-style cold storage.

  • Public v1.0 launch

    Update landing page download links to signed v1.0 builds. Remove all beta language from product and documentation.

Month 5 · Nov 2026
.marmo Handles and Identity
Make Marmo addresses human-readable and shareable.
  • .marmo handle registration

    Allow users to claim a .marmo username that resolves to their stealth meta-address. Implemented as an on-chain registry on Base.

  • Handle resolution in send

    The send screen accepts .marmo handles as recipients, resolving them to the appropriate stealth meta-address and generating a one-time address automatically.

  • ENS compatibility

    Read ENS stealth-meta-address text records so users can send to existing ENS names if the recipient has published a meta-address.

  • Public profile pages

    Each .marmo handle gets a profile page at usemarmo.xyz/u/handle showing only the handle and meta-address. No balance or history is exposed.

Month 6 · Dec 2026
Privacy Pools
Provide compliant outbound privacy for USDC sends.
  • Screened privacy pool integration

    Integrate with an EVM-compatible privacy pool that issues ZK proofs of compliance. Users can deposit USDC, receive a compliance proof, and withdraw to a fresh address.

  • Proof of innocence UI

    Display a "screened" badge on outbound transactions that used the privacy pool. Allow users to export the compliance proof for regulatory purposes.

  • Complete private payment cycle

    Combine stealth addresses for receive with privacy pool exits for send, creating a fully private inbound-to-outbound flow.

Month 7 · Jan 2027
Mobile App
Ship a native iOS and Android app for users who do not use Telegram.
  • React Native app

    Build marmo-mobile using React Native with native WebAuthn (passkey) integration via platform APIs on iOS and Android.

  • Biometric unlock

    Face ID and fingerprint unlock to access the wallet on mobile. Local authentication, not transmitted to any server.

  • Push notifications

    Native push notifications for incoming stealth payments detected during background scanning.

  • App Store and Play Store launch

    Submit for review and publish Marmo Privacy on both stores. Includes review preparation, screenshots, and localisation for English.

Month 8 · Feb 2027
SDK v2.0 and Developer Ecosystem
Make Marmo a platform other developers can build on.
  • @usemarmo/base-sdk v2.0

    Add stealth address generation and scanning, UserOp building, and co-signer integration. Developers can build Marmo-compatible wallets in under 50 lines.

  • Developer documentation

    Full docs site at docs.usemarmo.xyz with quickstart guides, API reference, and worked examples for all SDK surfaces.

  • Co-signer self-hosting guide

    Publish a Docker Compose setup so developers can run their own co-signer server with their own key material in under 10 minutes.

  • Bug bounty program

    Launch a public bug bounty covering the smart contracts, co-signer API, and SDK. Rewards funded from the operational budget.

Beyond 8 Months (Q2 2027 and later)

  • Multi-chain expansion — Optimism, Arbitrum, Polygon. The same MarmoAccountFactory deploys on any EVM chain.
  • Batch transactions — Combine multiple sends into a single UserOp via executeBatch, reducing gas and improving privacy.
  • Social recovery — Replace Shard C with a social recovery mechanism: designated trusted contacts who collectively unlock recovery.
  • Hardware integration — Optional Ledger or YubiKey support for Shard A as a premium security tier.
  • USDC paymaster — Allow users to pay gas in USDC, removing the need to hold ETH.
  • Institutional tier — An M-of-N variant for teams and small DAOs with customisable quorum and role-based signing policies.

Guiding Principles

01
Security before features
No new surface ships without passing a security review. The Month 1 audit gates everything downstream.
02
Complete increments
Each month ships something users can actually use end-to-end, not partial infrastructure waiting on the next phase.
03
Privacy by default
Every feature is evaluated for whether it reduces or increases the user's on-chain footprint. Privacy must not require user action.
04
Open source first
Every component ships as open source. Proprietary lock-in contradicts the self-custody ethos Marmo is built on.
Marmo Privacy — usemarmo.xyzcontact@usemarmo.xyz
Last updated: June 2026