Skip to content

Open-source NomadPosting with AGPL governance#1

Merged
s00ly merged 4 commits into
mainfrom
agent/readme-open-source
Jul 16, 2026
Merged

Open-source NomadPosting with AGPL governance#1
s00ly merged 4 commits into
mainfrom
agent/readme-open-source

Conversation

@s00ly

@s00ly s00ly commented Jul 15, 2026

Copy link
Copy Markdown
Owner

Scope

This pull request makes NomadPosting legally open source and adds the repository controls needed to accept contributions responsibly. It does not enable live posting or claim production readiness.

Decisions

  • License: GNU AGPL v3 or any later version (AGPL-3.0-or-later).
  • Contributions: Developer Certificate of Origin 1.1, contributor-retained copyright, no CLA.
  • Governance: one active maintainer, documented bus-factor limitation, and independent qualified review required before any live security gate can close.

What changed

  • Rewrites the README around the verified dry-run boundary and contributor hardening tracks.
  • Adds the canonical AGPL v3 LICENSE, DCO 1.1, contribution terms, governance, maintainer, conduct, and name/provenance policies.
  • Adds CODEOWNERS, issue forms, and a stronger pull-request template.
  • Separates vulnerability reporting from conduct reporting and documents authorized research boundaries.
  • Adds adoption-aware DCO enforcement and adversarial self-tests to both pinned workflows.
  • Keeps every live mode and production-readiness claim fail closed.

Local verification

  • Canonical AGPL and DCO texts verified after line-ending normalization.
  • scripts/check-dco-tests.sh: signed author and co-author cases passed; unsigned author, unsigned co-author, unsigned post-adoption, and empty-range cases failed as required.
  • Real range aef6a31..543d916: DCO adoption detected at aecbbe9; all three post-adoption commits passed.
  • All relative Markdown links resolve across 16 repository files.
  • All GitHub YAML parsed successfully after the workflow and issue-form changes.
  • go mod verify, go test -count=3 ./..., and go vet ./... passed all 10 packages.
  • gofmt, dependency-license policy, Linux amd64 CGO-disabled cross-builds, and high-signal literal-secret scan passed.
  • govulncheck v1.6.0 found no reachable symbol- or package-level vulnerability; the existing unreachable module advisory remains documented in docs/VERIFICATION.md.

CI evidence

Current head: 543d916cf3593c5898a97cb7bc9b520b52613cb9.

The prior head failed before assertions because the Windows-authored checker lacked an executable bit on Ubuntu. Commit 543d916 fixed the root cause by invoking the checker through Bash and recording both DCO scripts as executable; all replacement runs are green.

Production boundary

This remains a dry-run research preview. Live release is still blocked on the reviewed Linux namespace/WireGuard/nftables/DNS executor and teardown; packet-capture no-fallback proofs across every fault phase; broker-backed pinned transports; concrete NIP-46 identity, permission, and Schnorr verification; OS-backed secret sealing; same-exit X reconciliation and length conformance; remaining metadata-index encryption; live relay review; provisioned and validated infrastructure; full accessibility and visual regression; canary evidence; and three clean production adversarial rounds.

@s00ly s00ly closed this Jul 15, 2026
s00ly added 3 commits July 15, 2026 11:34
Signed-off-by: s00ly <s00ly@users.noreply.github.com>
Signed-off-by: s00ly <s00ly@users.noreply.github.com>
Signed-off-by: s00ly <s00ly@users.noreply.github.com>
@s00ly s00ly reopened this Jul 16, 2026
@s00ly s00ly changed the title Rewrite README for public hardening Open-source NomadPosting with AGPL governance Jul 16, 2026
@s00ly s00ly marked this pull request as ready for review July 16, 2026 12:08
@s00ly s00ly merged commit b0a5f7c into main Jul 16, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant