From 763fa7a46e3c1ab8594758c61a58dd4d4aed433c Mon Sep 17 00:00:00 2001 From: Eratostenes de Gitjabia Date: Mon, 25 May 2026 01:12:48 +0000 Subject: [PATCH] decisions: add ADR-0011 communication & transparency (build in public, layered) --- .../0011-comunicacion-y-transparencia.md | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 decisions/0011-comunicacion-y-transparencia.md diff --git a/decisions/0011-comunicacion-y-transparencia.md b/decisions/0011-comunicacion-y-transparencia.md new file mode 100644 index 0000000..452ecdc --- /dev/null +++ b/decisions/0011-comunicacion-y-transparencia.md @@ -0,0 +1,50 @@ +# ADR-0011 · Communication & transparency + +**Status**: accepted +**Date**: 2026-05 + +## Context + +Blocao Labs is starting a content engine around the project (a wiki → WordPress publisher) and adopting a build-in-public posture. The immediate commercial goal is to **sell the products** (Sovereign Phone, the Blocao platform), **not to raise investment**. In a market whose value proposition is sovereignty, trust is the product: open source, auditable schemes, and honest documentation are themselves the strongest sales argument. + +Two product lines have opposite appetites for transparency: + +- The **Sovereign Phone**, the UI design language, and the sovereignty philosophy benefit from maximum openness — auditability is a feature. +- The **forensics platform** serves security-sensitive customers; `wdmUI` is marked internal. Publishing fine-grained architecture of a hardened OS or of forensics internals hands a map to attackers and competitors. + +"Build in public" therefore cannot mean "build *everything* in public". + +## Decision + +Adopt **build-in-public with layered transparency**. Every artifact is classified into one of three tiers: + +- **Public-first**: Sovereign Phone, design language / tokens, the *why* of decisions (ADRs are narrative gold), cookbooks, open-source components. +- **Private-by-default**: the forensics platform — only its vision / philosophy layer is public; technical internals are not. +- **Never public**: customer identity, hardening details that materially aid an attacker, keys / secrets, pricing and sales specifics. + +Operating rules: + +1. **Editorial bar**: the only test for publishing is *"does this help a buyer trust and a technician audit?"* — not investor optics. +2. **Licenses & attribution**: every published piece declares the licenses and attributions of everything it uses. Non-negotiable; it is both ethics and brand. +3. **RF / regulatory rule**: every cookbook touching radio spectrum states its **regulatory framework at the very top**. We document only the legal path (shielded / lab dev, shared or licensed spectrum, coordinated and authorized emergency use). We explicitly do **not** publish clandestine-network or interception recipes — that is the opposite of the brand. +4. **Resilience framing**: recipes target real-world degraded conditions (off-grid, ad-hoc) and are explicit about which comms family they belong to (unlicensed ISM / LoRa / WiFi HaLow vs spectrum-sensitive LTE / SDR). +5. **Pipeline & gate**: the wiki is the source of truth; a public / private **tag** on each page is the editorial firewall; the publisher only touches pages tagged public, always **draft-first** into WordPress for human review. One cookbook = one post. + +## Consequences + +**Good**: +- Transparency reinforces the core sale (sovereignty) instead of leaking the things that would undermine it. +- A single, simple rule (the tag) keeps confidential material out of the public pipeline. +- License / attribution discipline pre-empts the credibility attacks that routinely hit privacy products. +- No investor narrative to maintain means less spin, more signal. + +**Bad / trade-offs**: +- Classifying every artifact adds friction to publishing. +- The public / private boundary needs periodic review as the products evolve. +- Building in public invites scrutiny; claims must hold up, which raises the documentation bar. + +## Alternatives considered + +- **Full build-in-public (everything open)**: maximal trust signal, but unacceptable for the forensics platform and its customers. +- **Fully closed / marketing-only blog**: safe, but forfeits the trust advantage that is the entire point of a sovereignty brand. +- **A separate public-only repo for all public content**: cleaner confidentiality boundary, but fragments the source of truth; revisit if the tag-gate proves insufficient.