hyperpolymath · hyperpolymath · Jun 5, 2026 · Jun 5, 2026
@@ -5,8 +5,8 @@
 # Relationships, dependencies, integration points.
 
 [metadata]
-version = "0.1.0"
-last-updated = "2026-04-11"
+version = "0.2.0"
+last-updated = "2026-06-05"
 
 [project]
 name = "burble"
@@ -38,4 +38,6 @@ points = [
   { system = "VeriSimDB", direction = "outbound", protocol = "HTTP REST + ClickHouse" },
   { system = "gitbot-fleet", direction = "outbound", protocol = "repository_dispatch (CI)" },
   { system = "hypatia", direction = "inbound", protocol = "Hypatia scan rules via .hypatia/ config" },
+  { system = "PROTOCOL.md (wire surface)", direction = "internal", protocol = "Bolt wire format (UDP/7373), WebRTC DataChannel, AI bridge HTTP REST" },
+  { system = "SECURITY-DEPLOY.md", direction = "internal", protocol = "Self-hosting hardening checklist" },
 ]
@@ -5,13 +5,13 @@
 # Architecture decisions, design rationale, governance.
 
 [metadata]
-version = "0.1.0"
-last-updated = "2026-04-11"
+version = "0.2.0"
+last-updated = "2026-06-05"
 
 [project-info]
 type = "service"
-languages = ["elixir", "zig", "idris2", "javascript", "rescript", "ephapax"]
-languages-target = ["elixir", "zig", "idris2", "javascript", "affinescript", "ephapax"]
+languages = ["elixir", "zig", "idris2", "javascript", "affinescript"]
+languages-legacy = ["rescript"]
 license = "MPL-2.0"
 author = "Jonathan D.A. Jewell (hyperpolymath)"
 
@@ -26,6 +26,12 @@ decisions = [
   { id = "ADR-007", title = "ReScript → AffineScript client migration", status = "accepted", date = "2026-04-16" },
   { id = "ADR-008", title = "Server-side Opus not implemented — SFU-opaque E2EE model", status = "accepted", date = "2026-04-16" },
   { id = "ADR-009", title = "P2P AI bridge is primary Claude-to-Claude channel (not server-side Burble.LLM)", status = "accepted", date = "2026-04-16" },
+  { id = "ADR-0003", title = "Bolt wire format — UDP+QUIC dual-bind, ALPN burble-bolt-v1", status = "accepted", date = "2026-05-13" },
+  { id = "ADR-0004", title = "Bolt-over-QUIC with optional quicer NIF for sender authentication", status = "accepted", date = "2026-05-13" },
+  { id = "ADR-0005", title = "WSL2 Bolt inbound — NAT + host UDP forwarder (default), mirrored last-resort", status = "accepted", date = "2026-05-19" },
+  { id = "ADR-0006", title = "Signaling failure-mode coverage added (relay + connection loss)", status = "accepted", date = "2026-06-02" },
+  { id = "ADR-0007", title = "Claims-to-evidence discipline — every README claim maps to code + test or flagged", status = "accepted", date = "2026-05-19" },
+  { id = "ADR-0008", title = "Formal-proof enforcement scope — compile/type-check only; runtime PoC tracked as issue #55", status = "accepted", date = "2026-05-19" },
 ]
 
 [development-practices]

@@ -5,8 +5,8 @@
 
 [metadata]
 project = "burble"
-version = "1.2.0-pre"
-last-updated = "2026-05-20"
+version = "1.3.0-pre"
+last-updated = "2026-06-05"
 status = "active"
 
 [project-context]
@@ -27,7 +27,7 @@ milestones = [
   { name = "Phase 1 — Audio dependable (Opus honest, comfort noise, REMB, Avow chain, echo-cancel ref, neural spectral-gate verified)", completion = 100 },
   { name = "Phase 2 — P2P AI channel dependable (burble-ai-bridge fixes, round-trip tests, docs) — CRITICAL PATH for family/pair-programming use case", completion = 100 },
   { name = "Phase 2b — server-side Burble.LLM (provider, circuit breaker, fixed parse_frame, NimblePool wired) — SECONDARY, not required for family use case", completion = 100 },
-  { name = "Phase 3 — RTSP + signaling + text + AffineScript client start", completion = 85 },
+  { name = "Phase 3 — RTSP + signaling + text + AffineScript client start + web client tests", completion = 90 },
   { name = "Phase 4 — PTP hardware clock via Zig NIF, phc2sys supervisor, multi-node align", completion = 85 },
   { name = "Phase 5 — ReScript -> AffineScript completion", completion = 95 },
   { name = "Bolt — magic incoming-call packets (UDP+QUIC dual-bind, ALPN burble-bolt-v1)", completion = 100, date = "2026-05-13" }
@@ -74,7 +74,7 @@ phase-1-audio = [
 ]
 
 [maintenance-status]
-last-run-utc = "2026-04-01"
+last-run-utc = "2026-06-05"
 last-report = "docs/reports/maintenance/latest.json"
 last-result = "pass"
 open-warnings = 0
@@ -213,13 +213,29 @@ open-failures = 0
 #             exhausted at merge time (concurrency-pool throttle);
 #             will surface in next post-merge run on main.
 
+# 2026-05-20 to 2026-06-05 (window since last update):
+# 2026-06-01: CI/CD configuration fixed (campaigns C001-C005): CodeQL language
+#             fixes, license identifier standardization, outdated actions audit,
+#             standards refs pinned to SHA 861b5e9, workflow-level permissions added
+#             (PR #98, #97, #96 reusable-workflow replacements; PR #102 scorecard;
+#             PR #103 fake-SHA fix; PR #104 web-client tests; PR #111 CodeQL cron
+#             monthly; PR #112 a2ml-validate-action bump; PR #113 no-JS scan).
+# 2026-06-02: SECURITY-DEPLOY.md published (self-hosting hardening checklist, PR #108).
+#             PROTOCOL.md published (discoverable wire surface, PR #107).
+#             Open-issue triage 2026-06-02 report (PR #110).
+#             Signaling failure-mode coverage added (PR #109).
+# 2026-06-02: License drift fixed — LICENSE + 3 manifests (admin/deno.json,
+#             client/lib/deno.json, server/mix.exs) were AGPL drift while 679
+#             source files already declared MPL-2.0. Owner-confirmed alignment
+#             to MPL-2.0 throughout (PR #114). LICENSE is now pure MPL-2.0.
+
 [crg]
 grade = "C"
 achieved = "2026-04-21"
 previous-grade = "D"
 demoted-on = "2026-04-18"
 demotion-reference = "docs/governance/CRG-AUDIT-2026-04-18.adoc"
-notes = "CRG C provisionally — CI workflow added, awaiting first green run. Three D-blockers resolved 2026-04-21: (1) READINESS.adoc created at repo root (verified complete), (2) per-directory README.adoc added to all seven core subtrees (timing, llm, chat, transport, media, client/web/src, ffi/zig), (3) .github/workflows/elixir-ci.yml created (test + dialyzer jobs, OTP 27 / Elixir 1.17, PLT cache). CODEOWNERS already covered * @hyperpolymath — no change needed."
+notes = "CRG C provisionally — CI workflow present; gate still deactivated (continue-on-error: true) pending OTP27 CI run (issue #39). Post-2026-05-20 progress: web-client test suite wired (PR #104), CI/CD campaigns C001-C005 completed, SECURITY-DEPLOY.md + PROTOCOL.md published, license drift resolved (MPL-2.0 throughout, PR #114). Remaining blocker: re-arm CI test gate once OTP27 run validates suite. READINESS.adoc + per-directory READMEs + elixir-ci.yml all present."
 
 [ecosystem]
 part-of = ["Burble Platform"]

@@ -32,7 +32,7 @@ Methodology-aware configuration for AI agents. Read by any AI agent
 == Relationship to Other Files
 
 * `AGENTIC.a2ml` says WHAT agents can do (permissions, gating)
-* `agent_instructions/` says HOW agents should work (methodology)
+* `bot_directives/` says HOW agents should work (methodology)
 * `bot_directives/` says what the gitbot-fleet does (fleet-specific)
 * `CLAUDE.md` says how Claude specifically should work (Claude-specific)
 

@@ -0,0 +1,133 @@
+# SPDX-License-Identifier: MPL-2.0
+# INDEX.a2ml — Contractile Registry
+# Author: Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>
+#
+# Machine-readable catalogue of all contractile verbs in this template set.
+# Consumers (CI scripts, the contractile CLI, Hypatia rules) SHOULD read this
+# file to discover available verbs rather than hard-coding the list.
+#
+# See: docs/CONTRACTILE-SPEC.adoc §Registry
+
+---
+id = "contractiles-registry"
+version = "2.0.0"   # 2.0.0 (2026-04-18): all 6 verbs on trident shape; verb set complete.
+spec = "docs/CONTRACTILE-SPEC.adoc"
+last_updated = "2026-04-18"
+base_schema = ".machine_readable/contractiles/_base.ncl"
+meta_schema_status = "pending — see CONTRACTILE-SPEC §validator-meta-schema"
+
+## Verbs
+
+[[verbs]]
+name = "adjust"
+semantics = "drift tolerances + corrective actions"
+trident = [
+  "adjust/Adjustfile.a2ml",
+  "adjust/adjust.ncl",
+  "adjust/adjust.k9.ncl",
+]
+manifest = "adjust/adjust.manifest.a2ml"
+status = "active"
+tier = "Yard"
+authority = "advisory"
+gating = "advisory (continue-with-warnings)"
+cardinality = "one per repo"
+notes = "Fifth trident instance (2026-04-18). First (Yard, advisory) authority pattern. Specialises in cumulative-drift catchment — tolerance bands + trend tracking across sessions. auto_fix_when_available applies deterministic patches; advisory otherwise."
+
+[[verbs]]
+name = "bust"
+semantics = "hard-stop / expiry / must-not-run declarations"
+trident = [
+  "bust/Bustfile.a2ml",
+  "bust/bust.ncl",
+  "bust/bust.k9.ncl",
+]
+manifest = "bust/bust.manifest.a2ml"
+status = "active"
+tier = "Hunt-read-only"
+authority = "blocking"
+gating = "hard (exit-nonzero)"
+cardinality = "one per repo"
+notes = "Fourth trident instance (2026-04-18). Completes the blocking-authority triple (must + trust + bust). Specialises in deprecated-path-reintroduction catchment. Injects failures via declared probes and verifies recovery paths."
+
+[[verbs]]
+name = "dust"
+semantics = "rollback / recovery / deprecation / audit-trail preservation"
+trident = [
+  "dust/Dustfile.a2ml",
+  "dust/dust.ncl",
+  "dust/dust.k9.ncl",
+]
+manifest = "dust/dust.manifest.a2ml"
+status = "active"
+tier = "Yard"
+authority = "advisory"
+gating = "advisory (continue-with-warnings)"
+cardinality = "one per repo"
+notes = "Sixth and FINAL trident instance (2026-04-18) — completes the full verb set. Specialises in audit-trail preservation + rollback-path verification. Destructive actions gated behind --apply flag + per-item approval; dry-run default."
+
+[[verbs]]
+name = "intend"
+semantics = "north-star (commitments + aspirations)"
+trident = [
+  "intend/Intentfile.a2ml",
+  "intend/intend.ncl",
+  "intend/intend.k9.ncl",
+]
+manifest = "intend/intend.manifest.a2ml"
+status = "active"
+tier = "Hunt"
+authority = "reporting"
+gating = "non-gating (continue)"
+cardinality = "one per repo"
+notes = "First trident instance in the estate (2026-04-18). Reports progress toward committed next-actions AND lists horizon aspirations. Absorbed the deprecated `lust` verb 2026-04-18. Never blocks. Remaining 5 verbs still on file_pair shape until tridents are built."
+
+[[verbs]]
+name = "k9"
+semantics = "trust-tier templates (EXCEPTION to one-verbfile rule)"
+file_pair = [
+  "k9/template-hunt.k9.ncl",
+  "k9/template-kennel.k9.ncl",
+  "k9/template-yard.k9.ncl",
+]
+status = "exception"
+gating = "not applicable"
+notes = "k9 is service-automation meta-infrastructure, not a verb contractile. Three trust-tier templates (Kennel/Yard/Hunt). Does not have a Verbfile.a2ml. See CONTRACTILE-SPEC §k9-exception."
+
+# [[verbs]] lust REMOVED 2026-04-18 — name had unwanted associations;
+# the horizon/aspiration semantics were always meant to live inside `intend`
+# (the north-star verb). The [[wishes]] schema was absorbed into
+# intend/Intentfile.a2ml. Any `lust/` dir found in an estate repo is drift
+# and should be deleted.
+
+[[verbs]]
+name = "must"
+semantics = "invariant assertion — release-blocking"
+trident = [
+  "must/Mustfile.a2ml",
+  "must/must.ncl",
+  "must/must.k9.ncl",
+]
+manifest = "must/must.manifest.a2ml"
+status = "active"
+tier = "Hunt-read-only"
+authority = "blocking"
+gating = "hard (exit-nonzero)"
+cardinality = "one per repo"
+notes = "Third trident instance (2026-04-18). Completes the blocking-authority pair with trust: must = concrete + persistent invariants; trust = concrete + ephemeral transactions. Specialises in subtle invariant-erosion (tracking per-session trend; flagging silent regression). Single failure blocks merge. Simplest and most commonly populated verb."
+
+[[verbs]]
+name = "trust"
+semantics = "security + provenance + safe-hacking"
+trident = [
+  "trust/Trustfile.a2ml",
+  "trust/trust.ncl",
+  "trust/trust.k9.ncl",
+]
+manifest = "trust/trust.manifest.a2ml"
+status = "active"
+tier = "Hunt"
+authority = "blocking"
+gating = "hard (exit-nonzero)"
+cardinality = "one per repo"
+notes = "Second trident instance (2026-04-18). First (Hunt, blocking) verb — hard gate. Primary defense against threat-model misclassification (B1) and 'turn off the firewall' capability-collapse (C2). Inherits on_open negotiation+accountability+translation from intend.k9.ncl v2.0.0; adds threat_model_foregrounding + block_session_close_on_critical_drift."
@@ -0,0 +1,141 @@
+# SPDX-License-Identifier: MPL-2.0
+# (MPL-2.0 is automatic legal fallback until PMPL is formally recognised)
+#
+# _base.ncl — Shared contractile base
+#
+# Provides four named schema fragments imported by every verb runner:
+#
+#   pedigree_schema   — canonical pedigree block shape
+#   status_core_doc   — documentation of the shared status trio (String list)
+#   probe_schema      — target structured probe form (spec only; verb files
+#                       still use probe | String with TODO comments)
+#   run_defaults      — default runner behaviour
+#
+# Usage in a verb runner:
+#
+#   let base = import "../_base.ncl" in
+#   {
+#     pedigree = base.pedigree_schema & {
+#       contractile_verb = "must",
+#       semantics = "invariant",
+#       security = {
+#         leash = 'Kennel,
+#         trust_level = "read-only verification",
+#         allow_network = false,
+#         allow_filesystem_write = false,
+#         allow_subprocess = true,
+#       },
+#       metadata = {
+#         name = "must-runner",
+#         version = "1.0.0",
+#         description = "...",
+#         paired_xfile = "Mustfile.a2ml",
+#         author = "Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>",
+#       },
+#     },
+#     schema = { ... },
+#     run = base.run_defaults & { on_any_fail = "exit-nonzero" },
+#   }
+#
+# See: docs/CONTRACTILE-SPEC.adoc §Shared Base
+
+{
+  # -------------------------------------------------------------------------
+  # pedigree_schema
+  #
+  # The canonical shape of the `pedigree` block required in every verb runner.
+  # Verb runners merge this with their verb-specific values using Nickel's `&`
+  # (right-priority merge). Override contractile_verb, semantics, security.*,
+  # and metadata.* in each verb.
+  # -------------------------------------------------------------------------
+  pedigree_schema = {
+    schema_version | String | default = "1.0.0",
+    contractile_verb | String | default = "UNSET",   # MUST override in verb
+    semantics | String | default = "UNSET",           # MUST override in verb
+    security = {
+      leash | [| 'Kennel, 'Yard, 'Hunt |] | default = 'Kennel,
+      trust_level | String | default = "UNSET",       # MUST override in verb
+      allow_network | Bool | default = false,
+      allow_filesystem_write | Bool | default = false,
+      allow_subprocess | Bool | default = true,
+      # verb-specific additional security fields go in the verb's merge override:
+      # e.g. authorised_probes_only (trust), injection_scope (bust),
+      #      destructive_mode_requires_flag (dust)
+    },
+    metadata = {
+      name | String | default = "UNSET",              # MUST override in verb
+      version | String | default = "1.0.0",
+      description | String | default = "UNSET",       # MUST override in verb
+      paired_xfile | String | default = "UNSET",      # MUST override in verb
+      author | String | default = "Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>",
+    },
+  },
+
+  # -------------------------------------------------------------------------
+  # status_core_doc
+  #
+  # Documents the minimum shared status values present in every verb's status
+  # enum: declared, verified, failing.
+  #
+  # Nickel does not support structural enum extension, so verb files reproduce
+  # their full enum verbatim in `schema`. This field serves as documentation
+  # and for tooling that introspects the base.
+  #
+  # Verbs that extend status_core (i.e. all except must + trust):
+  #   adjust:  + 'partial
+  #   bust:    + 'drilled
+  #   dust:    'declared, 'proposed, 'approved, 'removed  (non-standard)
+  #   intend:  intents: 'declared, 'in_progress, 'done, 'deferred, 'retired
+  #            wishes:  'declared, 'in_progress, 'achieved, 'abandoned
+  #            (the wishes schema was absorbed from the deprecated `lust`
+  #             verb 2026-04-18; lust/ dir removed estate-wide)
+  #
+  # See: docs/CONTRACTILE-SPEC.adoc §Per-Verb Extension
+  # -------------------------------------------------------------------------
+  status_core_doc = "status_core values: declared | verified | failing — extended per verb",
+
+  # -------------------------------------------------------------------------
+  # probe_schema
+  #
+  # The TARGET structured probe form. See: docs/CONTRACTILE-SPEC.adoc §Probe
+  #
+  # IMPORTANT: This is a spec-only definition. Existing verb runner files still
+  # use `probe | String` with a `# TODO: migrate to probe_schema` comment.
+  # This is a breaking change; migration happens when the CLI supports both
+  # forms.
+  #
+  # Adopters writing new xfiles should prefer the structured form:
+  #   probe = {
+  #     command = "test -f my-file",
+  #     timeout_seconds = 60,
+  #     allowed_exit_codes = [0],
+  #     permission_class = 'read_only,
+  #   }
+  # -------------------------------------------------------------------------
+  probe_schema = {
+    command | String,
+    timeout_seconds | Number | default = 300,
+    allowed_exit_codes | Array Number | default = [0],
+    permission_class
+      | [| 'read_only, 'filesystem_write, 'subprocess, 'network |]
+      | default = 'read_only,
+  },
+
+  # -------------------------------------------------------------------------
+  # run_defaults
+  #
+  # Default runner behaviour. Verb runners merge this with verb-specific
+  # overrides using Nickel's `&` (right-priority merge).
+  #
+  # Most verbs override on_any_fail:
+  #   "exit-nonzero"          : hard gate  (must, trust, bust, adjust-gating)
+  #   "continue-with-warnings": advisory   (dust, adjust)
+  #   "continue"              : never gate (intend — covers both intents and wishes)
+  # -------------------------------------------------------------------------
+  run_defaults = {
+    on_pass = "continue",
+    on_any_fail = "exit-nonzero",
+    report_format = "a2ml",
+    emit_summary = true,
+  },
+}