Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
86 commits
Select commit Hold shift + click to select a range
a48f52f
fix(site): full-sweep pass 3 — nav chain repair, retention counterwei…
teovl Jul 9, 2026
2aa575f
chore(plain): auto-regenerate stale machine-UI twins
github-actions[bot] Jul 9, 2026
f378fc7
ci: retrigger checks after plain-sync bot push
teovl Jul 9, 2026
6bd624a
feat(home): 'Two paths' section — the skill-injection choice, framed …
teovl Jul 9, 2026
e88944a
chore(plain): auto-regenerate stale machine-UI twins
github-actions[bot] Jul 9, 2026
9c2d31f
ci: retrigger checks after plain-sync bot push
teovl Jul 9, 2026
df324b2
feat(home): adopt the concept narratives — Network OS hero, 3-prop va…
teovl Jul 9, 2026
e95e8f8
chore(plain): auto-regenerate stale machine-UI twins
github-actions[bot] Jul 9, 2026
66510ed
ci: retrigger checks after plain-sync bot push
teovl Jul 9, 2026
18ade06
Sweep 4: fix every validated inconsistency site-wide
teovl Jul 10, 2026
b20a9aa
Add sentence-level claim audit ledger (167 pages, 16,608 sentences)
teovl Jul 10, 2026
61e20e0
Add autonomous claim-fix loop prompt
teovl Jul 10, 2026
da8eddb
loop prompt: SMS progress notifications with full URLs
teovl Jul 10, 2026
f35f11c
loop prompt: drain SMS inbox at iteration start
teovl Jul 10, 2026
fe41c09
loop prompt: standing goals + needs-user sections
teovl Jul 10, 2026
0364a14
audit-fix: docs/consent (33 false, 6 unverifiable resolved)
teovl Jul 10, 2026
9e45a7f
loop prompt: behavior-first fix policy (fix product, not just disclose)
teovl Jul 10, 2026
a49f8b8
audit-fix: consent telemetry — behavior-first (app_usage removed in w…
teovl Jul 10, 2026
1752d38
audit-fix: GA4 off /plain + set-mode disabled strong-promise copy
teovl Jul 10, 2026
77afafc
audit-fix: docs/cli-reference (21 false, 6 unverifiable resolved)
teovl Jul 10, 2026
931cc9d
audit-fix: docs/comparison-networking (13 false, 3 unverifiable resol…
teovl Jul 10, 2026
422448b
audit-fix: docs/comparison (10 false, 6 unverifiable resolved)
teovl Jul 10, 2026
ed69d83
audit-fix: docs/app-store (7 false, 2 unverifiable resolved)
teovl Jul 10, 2026
d01cbae
audit-fix: for/compatibility (16 false, 33 unverifiable resolved)
teovl Jul 10, 2026
d0af140
audit-fix: docs/enterprise-blueprints (24 false resolved)
teovl Jul 10, 2026
4f670ec
audit-fix: cookies (7 false, 4 unverifiable resolved)
teovl Jul 10, 2026
04aefbd
audit-fix: privacy (11 false, 37 unverifiable resolved)
teovl Jul 10, 2026
d8c9c41
audit-fix: docs/enterprise-identity (22 false resolved)
teovl Jul 10, 2026
8247051
audit-fix: enterprise-production blog (62 unverifiable resolved, hist…
teovl Jul 10, 2026
8201cff
audit-fix: docs/service-agents (16 false resolved)
teovl Jul 10, 2026
633bf02
audit-fix: for/setups/[slug] (56 unverifiable resolved + meta bug)
teovl Jul 10, 2026
36315b5
audit-fix: zero-dependency-encryption blog (15 false, 9 unverifiable)
teovl Jul 10, 2026
e0f51cf
audit-fix: docs/tags (15 false, 2 unverifiable resolved)
teovl Jul 10, 2026
bc39207
audit-fix: docs/gateway (15 false, 1 unverifiable resolved)
teovl Jul 10, 2026
e0c4879
audit-fix: github-com-alternatives blog (3 false, 43 unverifiable)
teovl Jul 10, 2026
e06e164
audit-fix: lightweight-swarm blog (9 false, 20 unverifiable)
teovl Jul 10, 2026
ad6c859
audit-fix: repo-wide batch — driver import/Connect/pub-sub across blogs
teovl Jul 10, 2026
8546b0e
audit-fix: benchmarking-http-vs-udp blog (4 false, 32 unverifiable)
teovl Jul 10, 2026
e799bbb
audit-fix: contributing-codebase-tour blog (9 false, 14 unverifiable)
teovl Jul 10, 2026
7cf5d62
audit-fix: zero-trust blog (4 false + roster/A2A corrections)
teovl Jul 10, 2026
63db34a
audit-fix: nat-traversal deep-dive blog (8 false, 12 unverifiable)
teovl Jul 10, 2026
d8495ce
audit-fix: 3 blogs (emergent-trust, openanp, build-multi-agent)
teovl Jul 10, 2026
c6770df
audit-fix: for/p2p (9 false, 6 unverifiable)
teovl Jul 10, 2026
3566c06
audit-fix: distributed-monitoring + marketplace blogs (11 false)
teovl Jul 10, 2026
7f4bff5
audit-fix: replace-webhooks + private-agent-network blogs (14 false)
teovl Jul 10, 2026
74d2945
audit-fix: 3 blogs (build-agent-swarm, replace-message-broker, encryp…
teovl Jul 10, 2026
a61ccab
audit-fix: 3 blogs (mcp-plus, build-openclaw, cloud-networking) — 20 …
teovl Jul 10, 2026
c84ece3
audit-fix: 3 blogs (pilot-vs-tcp, decentralized-networking, connect-a…
teovl Jul 10, 2026
3a00711
audit-fix: publish + enterprise-audit (11 false)
teovl Jul 10, 2026
d03ecc7
audit-fix: python-sdk + pubsub + networks docs (21 false)
teovl Jul 10, 2026
e668825
docs: fix backtick-dropped words in needs-user note
teovl Jul 10, 2026
2defabf
audit-fix: error-codes + pilot-director + messaging docs (18 false)
teovl Jul 10, 2026
e2993c3
audit-fix: getting-started + enterprise-rbac + webhooks docs (16 false)
teovl Jul 10, 2026
58e1270
audit-fix: for-networks + diagnostics + concepts (15 false)
teovl Jul 10, 2026
3a68cf2
audit-fix: configuration + integration + mcp-setup (11 false)
teovl Jul 10, 2026
253dc43
audit-fix: services + sdk-parity + research docs (9 false)
teovl Jul 10, 2026
861ae2c
audit-fix: mcp + enterprise-policies + firewalls docs (12 false)
teovl Jul 10, 2026
259ffdf
audit-fix: enterprise + go-sdk + index (6 false)
teovl Jul 10, 2026
e5dd60d
audit-fix: app-store data drift + terms date (apps/[id], app-store, t…
teovl Jul 10, 2026
a7abc88
audit-fix: troubleshooting + for/skills + node-sdk (4 false)
teovl Jul 10, 2026
363a2f5
audit-fix: http-services + trust-model blogs (12 false)
teovl Jul 10, 2026
213b0e0
audit-fix: cross-company + file-transfer blogs (10 false)
teovl Jul 10, 2026
19706ca
audit-fix: how-pilot-protocol-works packet layout (5 false)
teovl Jul 10, 2026
bf1948b
audit-fix: move-beyond-rest + chain-ai + distributed-rag (13 false)
teovl Jul 10, 2026
b9ce46c
audit-fix: a2a + aegis + agent-comm-security blogs (12 false)
teovl Jul 10, 2026
4ac7f7d
audit-fix: skills + enterprise-rbac + research-collab blogs (12 false)
teovl Jul 10, 2026
6185bc0
audit-fix: discovery + pipelines + openclaw-meets blogs (9 false)
teovl Jul 10, 2026
666104c
audit-fix: direct-comm + smart-home + sociology blogs (9 false)
teovl Jul 10, 2026
2ab0ec2
audit-fix: python-sdk + overlay + userspace-tcp blogs (9 false)
teovl Jul 10, 2026
a109eb9
audit-fix: scriptorium + ietf-draft + hipaa blogs (6 false)
teovl Jul 10, 2026
29570c1
audit-fix: run-agent + openclaw-nat blogs (8 false)
teovl Jul 10, 2026
8f07e35
audit-fix: network-stack + pilot-vs-vpns + discover blogs (6 false)
teovl Jul 10, 2026
27271b8
audit-fix: virtual-addresses + p2p-no-server + mcp-across blogs (6 fa…
teovl Jul 10, 2026
1af3edd
audit-fix: p2p-examples + mas-guide + claude-teams blogs (6 false)
teovl Jul 10, 2026
831a85a
audit-fix: blog/index + clawhub + advanced-automation (6 false)
teovl Jul 10, 2026
9762cc2
audit-fix: secure-comm + scaling-fleets + persistent-addressing (3 fa…
teovl Jul 10, 2026
5a850b5
audit-fix: persistent-strategies + net-security + multi-cloud (3 false)
teovl Jul 10, 2026
f0c21f1
audit-fix: legacy-integration + ietf-rev01 + federated-learning (3 fa…
teovl Jul 10, 2026
0b246c8
audit-fix: last 4 FALSE claims (roadmap, encryption, nat-vpn, a2a-exa…
teovl Jul 10, 2026
d944362
audit: milestone — all FALSE claims across 167 pages resolved
teovl Jul 10, 2026
0bb2a93
audit-soften: how-626 + preferential-attachment (paper-backed pages)
teovl Jul 10, 2026
ce19b47
audit-soften: workflow + mutual-trust + decentralized-comm (accept)
teovl Jul 10, 2026
bfb1f36
audit-review: clear 13 low-flag pages (2 fixes, legal->needs-user)
teovl Jul 10, 2026
e628454
audit: COMPLETE — every ledger row resolved (167 pages)
teovl Jul 10, 2026
161ef0f
ci: trigger website build + preview on main-targeted PR #116
teovl Jul 11, 2026
f5b3ee2
chore(plain): auto-regenerate stale machine-UI twins
github-actions[bot] Jul 11, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
113 changes: 113 additions & 0 deletions .github/workflows/publish-manifest.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
name: publish-manifest

# Receives a `repository_dispatch` event of type `manifest-update` from
# `web4/.github/workflows/release.yml` after a tag ships. The event carries
# the rendered manifest in `client_payload.manifest`; this workflow merges it
# into `public/.well-known/latest.json` and commits to main, which triggers
# the Cloudflare Pages deploy.
#
# Merge rules:
# - `latest_stable` is only advanced when the incoming manifest is for a
# non-prerelease tag (`is_prerelease == false`). RC tags update only
# `latest_prerelease` and `channels.edge`.
# - `platforms` is replaced wholesale with the incoming map for the tag.
# - `updated_at` is taken from the incoming manifest.
#
# Manual trigger (`workflow_dispatch`) is available for the case where the
# dispatch from web4 was dropped (missing token, transient 5xx) and the
# operator needs to nudge the manifest forward by hand.

on:
repository_dispatch:
types: [manifest-update]
workflow_dispatch:
inputs:
manifest:
description: 'Inline manifest JSON (overrides the dispatch payload path)'
required: true

permissions:
contents: write

jobs:
merge-and-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: main
fetch-depth: 0

- name: Resolve incoming manifest
id: incoming
env:
DISPATCH_MANIFEST: ${{ toJson(github.event.client_payload.manifest) }}
MANUAL_MANIFEST: ${{ inputs.manifest }}
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "$MANUAL_MANIFEST" > /tmp/incoming.json
else
echo "$DISPATCH_MANIFEST" > /tmp/incoming.json
fi
jq . /tmp/incoming.json > /tmp/incoming.pretty.json
cp /tmp/incoming.pretty.json /tmp/incoming.json
echo "incoming manifest:"
cat /tmp/incoming.json

- name: Merge into public/.well-known/latest.json
run: |
INCOMING=/tmp/incoming.json
CURRENT=public/.well-known/latest.json
mkdir -p public/.well-known
if [ ! -f "$CURRENT" ]; then
# First-ever publish — start from the incoming manifest, but
# rewrite the prerelease-aware fields into their final names.
jq '{
"$schema": "https://pilotprotocol.network/.well-known/latest.schema.json",
"updated_at": .updated_at,
"latest_stable": (.proposed_stable // ""),
"latest_prerelease": (.proposed_edge // .tag),
"channels": {
"stable": (.proposed_stable // ""),
"edge": (.proposed_edge // .tag)
},
"release_notes_url": .release_notes_url,
"homebrew_formula_url": .homebrew_formula_url,
"platforms": .platforms
}' "$INCOMING" > "$CURRENT"
else
jq --slurpfile inc "$INCOMING" '
. as $cur |
$inc[0] as $i |
{
"$schema": ($cur["$schema"] // "https://pilotprotocol.network/.well-known/latest.schema.json"),
"updated_at": $i.updated_at,
"latest_stable": (if $i.is_prerelease then $cur.latest_stable else $i.proposed_stable end),
"latest_prerelease": ($i.proposed_edge // $i.tag),
"channels": {
"stable": (if $i.is_prerelease then $cur.channels.stable else $i.proposed_stable end),
"edge": ($i.proposed_edge // $i.tag)
},
"release_notes_url": $i.release_notes_url,
"homebrew_formula_url": $i.homebrew_formula_url,
"platforms": $i.platforms
}
' "$CURRENT" > "$CURRENT.new"
mv "$CURRENT.new" "$CURRENT"
fi
echo "merged manifest:"
cat "$CURRENT"

- name: Commit and push
run: |
if git diff --quiet public/.well-known/latest.json; then
echo "manifest unchanged — nothing to commit."
exit 0
fi
git config user.name "pilot-release-bot"
git config user.email "release-bot@pilotprotocol.network"
TAG=$(jq -r '.latest_prerelease // .latest_stable // "unknown"' public/.well-known/latest.json)
git add public/.well-known/latest.json
git commit -m "manifest: bump to ${TAG}" \
-m "Triggered by upstream release workflow."
git push origin main
61 changes: 61 additions & 0 deletions audit/LOOP-PROMPT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# Autonomous claim-fix loop — Pilot Protocol website

You are resolving the sentence-level claim audit in `/Users/calinteodor/Development/pilot-protocol/website/audit/` — 627 FALSE and 1,466 UNVERIFIABLE sentences across 167 page ledgers (see `audit/README.md` for the severity ranking). Work autonomously. Every fix must be **verified by actually running something** — a grep of product source, the real CLI command, a live curl, a build — never by assumption. The ledgers are the work queue AND the proof-of-work record.

## Repo/branch state
- Website: `/Users/calinteodor/Development/pilot-protocol/website`, branch **`fix/sweep-4`** (PR #116, stacked on PR #115 / `fix/sweep-3`). All work goes here.
- **NEVER merge PR #115 or #116** — the user merges. Never force-push.
- Product source: `/Users/calinteodor/Development/pilot-protocol/web4` (Go). Installer: `/Users/calinteodor/Development/pilot-protocol/release/install.sh`. Modules: `/Users/calinteodor/go/pkg/mod/github.com/pilot-protocol/{skillinject@v0.2.3,common@v0.5.0,protocol@v1.10.5}`.
- Live: `https://polo.pilotprotocol.network/api/public-stats`, `https://pilotprotocol.network/install.sh`, `gh api` for repo facts. Latest release: check `gh api repos/pilot-protocol/pilotprotocol/releases/latest` fresh each session — do not hardcode.

## One iteration
1. `cd /Users/calinteodor/Development/pilot-protocol/website && git checkout fix/sweep-4 && git pull --ff-only`.
2. Open `audit/PROGRESS.md` (create on first run: a table `ledger | flagged | resolved | status`, one row per ledger file, all `todo`). Pick the **highest-severity `todo` page** per the ranking in `audit/README.md`. Batch tip: you may take up to 3 related pages per iteration if they share a subject (e.g. all comparison pages).
3. For each flagged row in that page's ledger:
- **FALSE** → re-verify the evidence yourself first (grep the cited source file/line, run the command, curl the URL). If the evidence holds, edit the page so the sentence matches shipped behavior. If the evidence does NOT hold, correct the ledger row instead and say why.
- **UNVERIFIABLE** → resolve by one of, in order of preference: (a) add a real citation/source link; (b) verify it yourself by running a measurement or check, then record the evidence; (c) rewrite to a weaker claim that IS verifiable; (d) delete the sentence; (e) `ACCEPTED` with a one-line justification (use sparingly — marketing tone words only).
- Append the resolution to the ledger row: `→ FIXED: <what changed + verification command/result>` or `→ ACCEPTED: <why>`. The ledger must always show how each row was closed.
4. **Verify the batch**: re-run the exact greps/commands/curls that prove each fix; then `npm run build` must pass (345+ pages).
5. Commit page fixes + ledger updates together, one commit per page/batch, message `audit-fix: <page> (<n> false, <m> unverifiable resolved)`. Push. End commit messages with `Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>`.
6. Update `audit/PROGRESS.md` counts and commit it (can ride the same push).

## Fix policy — where truth lives
- **BEHAVIOR-FIRST (user directive 2026-07-10): when the audit shows product behavior weaker than the promised/expected semantics, FIX THE PRODUCT (web4 / skillinject / related repos) so the strong promise becomes true.** Ugly-disclosure copy is only the interim state while a product fix is in flight, and the final copy states the strong promise once the fix ships. Track every such item in audit/PROGRESS.md under "Product fixes" with: behavior gap → code fix → PR → copy re-pass needed.
- For pages already rewritten to disclose warts (e.g. docs/consent), schedule a copy re-pass after the corresponding product fix merges/releases: restore the strong promise, gated on shipped behavior.
- Copy-follows-code still applies to things that are not behavior bugs (counts, versions, third-party facts, dead links).
- **Product bugs — fix in code, not by weakening the promise.** These, discovered by the audit, are code work:
1. **GA4 loads unconditionally on `/plain/*`** (`src/layouts/PlainLayout.astro:19-24`) with no consent check — consent-gate it the same way the main site does (this is website code; do it early, it is the GDPR item).
2. In **web4** (branch `fix/consent-truth`, open a PR, do NOT release): daemon-side `app_usage` telemetry ignores `consent.telemetry` (gated only by `-telemetry-url`, `cmd/daemon/main.go:107-113`, `appstore_adapter.go`) — add the consent check; receiver-side broadcast consent gate missing (`pkg/daemon/daemon.go:4344-4356`); `skills status` performs a write-reconcile instead of previewing (`cmd/pilotctl/skills.go:57-63` ForceTick) — make status read-only or add a true `--dry-run`; `set-mode disabled` does not remove files though docs say it does. Write tests where feasible; `go build ./... && go test ./...` must pass. While the shipped release still has the old behavior, the website copy must describe the SHIPPED behavior (add "as of vX.Y" wording only if a fix has actually shipped).
- **Legal pages** (privacy, terms, cookies, aup, publisher-agreement): fix objectively false statements (e.g. cookie inventory, "banner on every page") and stale external facts, but do NOT invent policy; anything that changes a commitment gets listed under "Needs user review" in `audit/PROGRESS.md` instead.
- **Third-party facts** (comparison pages: ZeroTier/Tailscale/Nebula/MCP/A2A/ACP): verify against the third party's current site/repo with curl/gh before rewriting; cite what you checked in the ledger row.
- **Blog posts**: never change slugs, filenames, canonicalPaths, or banner paths. Historical announcement posts may keep past-tense claims that were true at publication — mark those `ACCEPTED (historical)` — but commands shown must be runnable today.

## Environment quirks (real, will bite)
- The **aegis PreToolUse hook blocks Bash commands referencing `~/.claude` paths** — use the Read/Write/Edit tools for anything under `~/.claude`, never shell.
- **plain-sync CI dance**: after a push, the plain-sync bot pushes regenerated `/plain` twins to the branch; its bot push does not trigger CI, so if checks are missing/red after the bot commit, `git pull` then push an empty commit (`git commit --allow-empty -m "ci: retrigger after plain-sync"`).
- Temp files go to the session scratchpad directory, not /tmp.
- `pilotctl` is installed locally — you can run real commands (`pilotctl appstore catalogue`, `pilotctl skills status` etc.) to verify live behavior. Prefer read-only commands; do not change the local daemon's trust/config state.

## Inbox (the user texts you back)
At the START of every iteration, drain the SMS inbox and obey anything in it (it may re-prioritize or stop the loop):
`curl -s -H "Authorization: Bearer $(security find-generic-password -a pilot-relay -s pilot-relay-inbox-token -w)" https://pilot-relay.vulturelabs01.workers.dev/drain`
Reply to every drained message via `~/bin/pilot-sms` (answer + what you did about it). Note: the inbox KV is eventually consistent — a message can take up to ~60s to appear after sending; it will be caught by the next drain.

## Notifications (keep the user in the loop remotely)
After each iteration's push, send a one-line SMS via `~/bin/pilot-sms` (configured per the "SMS / voice updates" section of the user's global `~/.claude/CLAUDE.md`): pages fixed this round, running totals, and **full URLs** — always include `https://github.com/pilot-protocol/website/pull/116` and, when relevant, the branch preview `https://fix-sweep-4.pilotprotocol.pages.dev/`. If an iteration hits a true blocker, follow the escalation ladder in that CLAUDE.md section (SMS → ~15 min → voice call → park and continue). Batch: one SMS per iteration, not per commit.

## Standing goals beyond the ledger (work these in when a ledger iteration is short, or once ledgers run dry)
1. **GA4 consent gate on `/plain/*`** (`src/layouts/PlainLayout.astro:19-24`) — highest priority non-ledger item (GDPR).
2. **web4 `fix/consent-truth` PR** — per the Fix policy section above.
3. **PR #116 CI**: full build/plain checks only run after PR #115 merges (stacked base). Until then `npm run build` locally is the gate. After #115 merges, watch #116 retarget to main, let plain-sync regen twins, do the empty-commit retrigger if checks stall, and text the user when #116 is fully green.
4. Blog index `readTime` (every card shows "3 min read" — compute from post body length) and the 500-page "We've been notified" claim — both in ledgers; noting here so they aren't skipped as "minor".

## Needs user (park here, never guess)
- Merge PR #115 then #116 (user merges, always).
- Anthropic API key for the live voice bridge (voicemail→inbox works without it).
- Transfer `TeoSlayer/pilot-skills`, `pilot-mcp`, homebrew tap to the `pilot-protocol` org.
- Ed25519 skill-content signing enablement (key management decision).
- Any legal-policy commitment changes surfaced by ledger work.

## Stop condition
When every ledger row in every file is resolved (`FIXED`/`ACCEPTED`) and the build is green: write a final summary at the top of `audit/PROGRESS.md` (totals, product PRs opened, items under "Needs user review"), comment that summary on PR #116 via `gh pr comment 116`, push, and **stop the loop**. If genuinely blocked on something only the user can decide, add it to "Needs user review", skip it, and continue with the rest — only stop early if ALL remaining work is user-blocked.
Loading