diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md index 2ba2f676..6ecabc7c 100644 --- a/.claude/CLAUDE.md +++ b/.claude/CLAUDE.md @@ -1,5 +1,5 @@ # CLAUDE.md - AI Assistant Instructions diff --git a/.claude/PROJECT.md b/.claude/PROJECT.md index 072fdb51..a6c5e657 100644 --- a/.claude/PROJECT.md +++ b/.claude/PROJECT.md @@ -1,5 +1,5 @@ # BOJ Server - Claude Code Instructions diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index 1a268b64..62fcd745 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -1,5 +1,5 @@ diff --git a/docs/FEDERATION.adoc b/docs/FEDERATION.adoc index 5b69ed9d..70260ac7 100644 --- a/docs/FEDERATION.adoc +++ b/docs/FEDERATION.adoc @@ -46,8 +46,6 @@ The model: you don't need a hosting budget if the community IS the hosting. This is non-punitive. We don't brick your installation. We just don't vouch for it. -The *PMPL license* encodes this same principle legally — provenance metadata with cryptographic signatures is required, so the legal framework and technical framework express the same thing. - === Gossip protocol Nodes discover each other via IPv6 gossip: @@ -138,7 +136,7 @@ Community nodes benefit from the full BoJ security stack: * *DoQ/DoH*: Encrypted DNS resolution for all BoJ traffic * *oDNS*: Oblivious DNS relay option for maximum privacy * *Hash attestation*: Binary integrity verification -* *PMPL provenance*: Cryptographic lineage tracking +* *Cryptographic provenance*: lineage tracking == Future: Dynamic Threat Response diff --git a/docs/architecture/README.adoc b/docs/architecture/README.adoc index fc756215..076d64f3 100644 --- a/docs/architecture/README.adoc +++ b/docs/architecture/README.adoc @@ -334,7 +334,7 @@ BoJ servers are community-hosted, like Tor or IPFS: * *Tampered nodes*: excluded from the community network, but can still run locally * *Gossip protocol*: nodes discover each other via IPv6 gossip (Byzantine fault tolerant) * *Load-aware routing*: requests go to healthy nodes (under 80% capacity) — _not yet wired_ -* *PMPL provenance*: the license's cryptographic provenance requirements ARE the attestation +* *Cryptographic provenance*: signed lineage metadata complements the hash attestation === Seed Nodes (Day 1) diff --git a/docs/outreach/show-hn-draft.md b/docs/outreach/show-hn-draft.md index 7383e74a..c59aa259 100644 --- a/docs/outreach/show-hn-draft.md +++ b/docs/outreach/show-hn-draft.md @@ -8,7 +8,7 @@ BoJ (Bundle of Joy) is an MCP server that bundles 99 tool cartridges — each wi What makes it different: -- **99 cartridges** covering cloud (Cloudflare, Vercel), comms (Gmail, calendar), GitHub/GitLab, databases, containers, security (DNS Shield, container hash monitoring, PMPL provenance), browsers, and more +- **99 cartridges** covering cloud (Cloudflare, Vercel), comms (Gmail, calendar), GitHub/GitLab, databases, containers, security (DNS Shield, container hash monitoring, licence-chain provenance via pmpl-mcp), browsers, and more - **Formal safety proofs** — every cartridge has an Idris2 ABI module with dependent types and zero `believe_me` postulates. The type system prevents entire classes of runtime errors - **Zero Python, zero TypeScript** — built with Zig (FFI), Idris2 (proofs), and a ReScript UI. No npm, no pip, no node_modules - **Glama AAA grade** — Security A, License A, Quality A diff --git a/docs/status/ROADMAP.adoc b/docs/status/ROADMAP.adoc index 8cee3fa9..9de0c316 100644 --- a/docs/status/ROADMAP.adoc +++ b/docs/status/ROADMAP.adoc @@ -64,7 +64,7 @@ zig adapter migration complete (0 `.v` files). Grade C achieved 2026-04-25. * [x] SDP cartridge (auto-SDP for community nodes) * [ ] DNS Shield cartridge (DoQ/DoH/oDNS) * [ ] Container hash state monitoring (vordr integration) -* [ ] PMPL provenance chain verification +* [ ] pmpl-mcp cartridge: licence-chain verification === v1.0.0 — Matrix Fill (Phase 6)