Sweep 4: validated fixes — commands, endpoints, claims, nav#116
Open
TeoSlayer wants to merge 9 commits into
Open
Sweep 4: validated fixes — commands, endpoints, claims, nav#116TeoSlayer wants to merge 9 commits into
TeoSlayer wants to merge 9 commits into
Conversation
Product-truth fixes (verified against web4 source + module caches): - consent/getting-started/security/privacy: skill-inject toolchains corrected (no Cursor; add PicoClaw), real marker block (pilot:begin/end), auto is the fresh-install default (GetMode returns ModeAuto when key absent), real broadcast signature, pilotd -> pilot-daemon - go-sdk: SDK actually lives at github.com/pilot-protocol/common/driver - configuration: PILOT_RC is the edge-channel flag, add -registry-trust row, unpin --pin example, drop unverifiable "hourly" updater interval - cli-reference: add sign-request/verify-request, network admin subcommands (create/delete/rename/promote/demote/kick/role/policy), skills set-mode Dead links (all curl-verified 404s): - research/python-sdk/firewalls: repo paths that don't exist publicly - PlainLayout footer skills.json -> live TeoSlayer URL - blog: 14 IETF draft-00 links -> -01, phantom-post retargets, org-typo openclaw link, 12 dead externals unlinked, A2A -> a2a-protocol.org Stale commands (source-verified): - blog: 10x pilotctl gateway -> extras gateway; invented syntaxes replaced (search->member-tags get, port-policy->network policy, events->publish/ subscribe, data send/recv->send-file/recv, create-network->network create) Honesty/consistency: - index: spec-valid address, IETF "Spec/Submitted" not "Standard", live +N app badge, no-central-dependency -> direct-data-path framing, unattributed quote and "surveyed" framing removed, two-paths reflects auto default - p2p: "no server in the data path" (matches its own FAQ), bench note - compatibility: stale v1.10.3 pins removed, last-verified stamp added - press: Google Fonts removed (GDPR, PILOT-175 self-hosting) - publish: AGREEMENT_VERSION synced to 2026-07-06 agreement - legal: entity unified to Vulture Labs, Inc. (Delaware) - nav: App Store top-level, Tech dropdown active state, tracking targets - docs: /docs/tags into docsNav + chain, dead DocFooter removed, networks early-access caveat, network-9 explainer, registry/beacon/rendezvous glossary, setups empty-fetch fallback, blogPosts orphan entry removed Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
87 auditor agents validated every user-visible sentence against the web4 Go source, pinned module caches, install.sh, live endpoints, and GitHub. Result: 11,054 verified · 627 FALSE · 1,466 UNVERIFIABLE — every flagged sentence recorded per page with evidence and what would verify it. Index and ranking in audit/README.md. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Consent page now matches shipped behavior: app_usage event disclosed, daemon-side -telemetry-url caveat, sender-side broadcast model, default-off review feature flags, real skill-inject manual/disabled semantics and outside-marker writes, sandbox honestly described as startup validation. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…eb4 #366) Re-passed the consent telemetry copy from interim disclosure to the strong promise now that app_usage is removed from the product entirely. No per-call app-store telemetry exists on the wire. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stacked on #115 (
fix/sweep-3) — merge that first; this PR auto-retargets tomain.Every fix here was validated against a ground truth before editing: the Go source in
web4, pinned module caches (skillinject@v0.2.3,common@v0.5.0,protocol@v1.10.5),release/install.sh, live curls (all 468 external URLs checked),gh apifor repo/path existence, and a livebrew trustrun.Highlights
auto(nothing ever setsmanualon fresh install) — consent docs, getting-started, security, privacy, and the homepage Two-paths section now say so honestly. Real marker block (<!-- pilot:begin v=1 hash=… -->), real toolchain list (PicoClaw in, Cursor out — it was never supported).github.com/pilot-protocol/common/driver.2026-06-20→2026-07-06) — submissions were recording the wrong version.pilotctl gateway→extras gateway; five invented syntaxes replaced with real commands.sign-request/verify-request,networkadmin subcommands,skills set-modedocumented.Full validation methodology and the sentence-level claim audit ledger will land as a follow-up commit on this branch (
audit/— workflow in progress, 87 auditors).Build: 345 pages green locally.
🤖 Generated with Claude Code