Skip to content

Sweep 4: validated fixes — commands, endpoints, claims, nav#116

Open
TeoSlayer wants to merge 9 commits into
fix/sweep-3from
fix/sweep-4
Open

Sweep 4: validated fixes — commands, endpoints, claims, nav#116
TeoSlayer wants to merge 9 commits into
fix/sweep-3from
fix/sweep-4

Conversation

@TeoSlayer

Copy link
Copy Markdown
Contributor

Stacked on #115 (fix/sweep-3) — merge that first; this PR auto-retargets to main.

Every fix here was validated against a ground truth before editing: the Go source in web4, pinned module caches (skillinject@v0.2.3, common@v0.5.0, protocol@v1.10.5), release/install.sh, live curls (all 468 external URLs checked), gh api for repo/path existence, and a live brew trust run.

Highlights

  • Skill-inject truth: shipped default is auto (nothing ever sets manual on fresh install) — consent docs, getting-started, security, privacy, and the homepage Two-paths section now say so honestly. Real marker block (<!-- pilot:begin v=1 hash=… -->), real toolchain list (PicoClaw in, Cursor out — it was never supported).
  • Go SDK page could not compile — now points at the real module github.com/pilot-protocol/common/driver.
  • Publisher agreement version stamp synced (2026-06-202026-07-06) — submissions were recording the wrong version.
  • Press page no longer loads Google Fonts (visitor-IP leak contradicting PILOT-175 + privacy policy).
  • ~90 dead/wrong links fixed across docs and blog (IETF draft-00s, phantom posts, nonexistent repo paths, org typos, dead externals).
  • Blog CLI accuracy: 10× pilotctl gatewayextras gateway; five invented syntaxes replaced with real commands.
  • Nav restructure: App Store is a top-level item; Tech dropdown gets a working active state; tracking targets normalized.
  • cli-reference completeness: sign-request/verify-request, network admin subcommands, skills set-mode documented.

Full validation methodology and the sentence-level claim audit ledger will land as a follow-up commit on this branch (audit/ — workflow in progress, 87 auditors).

Build: 345 pages green locally.

🤖 Generated with Claude Code

teovl and others added 9 commits July 10, 2026 12:59
Product-truth fixes (verified against web4 source + module caches):
- consent/getting-started/security/privacy: skill-inject toolchains corrected
  (no Cursor; add PicoClaw), real marker block (pilot:begin/end), auto is the
  fresh-install default (GetMode returns ModeAuto when key absent), real
  broadcast signature, pilotd -> pilot-daemon
- go-sdk: SDK actually lives at github.com/pilot-protocol/common/driver
- configuration: PILOT_RC is the edge-channel flag, add -registry-trust row,
  unpin --pin example, drop unverifiable "hourly" updater interval
- cli-reference: add sign-request/verify-request, network admin subcommands
  (create/delete/rename/promote/demote/kick/role/policy), skills set-mode

Dead links (all curl-verified 404s):
- research/python-sdk/firewalls: repo paths that don't exist publicly
- PlainLayout footer skills.json -> live TeoSlayer URL
- blog: 14 IETF draft-00 links -> -01, phantom-post retargets, org-typo
  openclaw link, 12 dead externals unlinked, A2A -> a2a-protocol.org

Stale commands (source-verified):
- blog: 10x pilotctl gateway -> extras gateway; invented syntaxes replaced
  (search->member-tags get, port-policy->network policy, events->publish/
  subscribe, data send/recv->send-file/recv, create-network->network create)

Honesty/consistency:
- index: spec-valid address, IETF "Spec/Submitted" not "Standard", live +N
  app badge, no-central-dependency -> direct-data-path framing, unattributed
  quote and "surveyed" framing removed, two-paths reflects auto default
- p2p: "no server in the data path" (matches its own FAQ), bench note
- compatibility: stale v1.10.3 pins removed, last-verified stamp added
- press: Google Fonts removed (GDPR, PILOT-175 self-hosting)
- publish: AGREEMENT_VERSION synced to 2026-07-06 agreement
- legal: entity unified to Vulture Labs, Inc. (Delaware)
- nav: App Store top-level, Tech dropdown active state, tracking targets
- docs: /docs/tags into docsNav + chain, dead DocFooter removed, networks
  early-access caveat, network-9 explainer, registry/beacon/rendezvous
  glossary, setups empty-fetch fallback, blogPosts orphan entry removed

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
87 auditor agents validated every user-visible sentence against the web4 Go
source, pinned module caches, install.sh, live endpoints, and GitHub.
Result: 11,054 verified · 627 FALSE · 1,466 UNVERIFIABLE — every flagged
sentence recorded per page with evidence and what would verify it.
Index and ranking in audit/README.md.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Consent page now matches shipped behavior: app_usage event disclosed,
daemon-side -telemetry-url caveat, sender-side broadcast model, default-off
review feature flags, real skill-inject manual/disabled semantics and
outside-marker writes, sandbox honestly described as startup validation.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…eb4 #366)

Re-passed the consent telemetry copy from interim disclosure to the strong
promise now that app_usage is removed from the product entirely. No per-call
app-store telemetry exists on the wire.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants