The thing here is, that nobody wants to give a bot access to their private keys. So if I understood correctly, the one with bitcoins sends the coins to the bot wallet. Then seller sends product, and buyer releases coins? Have I misunderstood your bot, or is this how it works?
I'm considering that way too, however by default I keep private keys. I know that nobody wants to give access, but 90% do anyway. Coinbase is a good example
Which way do you think is better? Should I allow direct contact between parties?
Should be a setting. Some people do not want their numbers to get exposed for sure.
Too many settings will only hurt, I better go opinionated.