# ADR-0011 · Communication & transparency **Status**: accepted **Date**: 2026-05 ## Context Blocao Labs is starting a content engine around the project (a wiki → WordPress publisher) and adopting a build-in-public posture. The immediate commercial goal is to **sell the products** (Sovereign Phone, the Blocao platform), **not to raise investment**. In a market whose value proposition is sovereignty, trust is the product: open source, auditable schemes, and honest documentation are themselves the strongest sales argument. Two product lines have opposite appetites for transparency: - The **Sovereign Phone**, the UI design language, and the sovereignty philosophy benefit from maximum openness — auditability is a feature. - The **forensics platform** serves security-sensitive customers; `wdmUI` is marked internal. Publishing fine-grained architecture of a hardened OS or of forensics internals hands a map to attackers and competitors. "Build in public" therefore cannot mean "build *everything* in public". ## Decision Adopt **build-in-public with layered transparency**. Every artifact is classified into one of three tiers: - **Public-first**: Sovereign Phone, design language / tokens, the *why* of decisions (ADRs are narrative gold), cookbooks, open-source components. - **Private-by-default**: the forensics platform — only its vision / philosophy layer is public; technical internals are not. - **Never public**: customer identity, hardening details that materially aid an attacker, keys / secrets, pricing and sales specifics. Operating rules: 1. **Editorial bar**: the only test for publishing is *"does this help a buyer trust and a technician audit?"* — not investor optics. 2. **Licenses & attribution**: every published piece declares the licenses and attributions of everything it uses. Non-negotiable; it is both ethics and brand. 3. **RF / regulatory rule**: every cookbook touching radio spectrum states its **regulatory framework at the very top**. We document only the legal path (shielded / lab dev, shared or licensed spectrum, coordinated and authorized emergency use). We explicitly do **not** publish clandestine-network or interception recipes — that is the opposite of the brand. 4. **Resilience framing**: recipes target real-world degraded conditions (off-grid, ad-hoc) and are explicit about which comms family they belong to (unlicensed ISM / LoRa / WiFi HaLow vs spectrum-sensitive LTE / SDR). 5. **Pipeline & gate**: the wiki is the source of truth; a public / private **tag** on each page is the editorial firewall; the publisher only touches pages tagged public, always **draft-first** into WordPress for human review. One cookbook = one post. ## Consequences **Good**: - Transparency reinforces the core sale (sovereignty) instead of leaking the things that would undermine it. - A single, simple rule (the tag) keeps confidential material out of the public pipeline. - License / attribution discipline pre-empts the credibility attacks that routinely hit privacy products. - No investor narrative to maintain means less spin, more signal. **Bad / trade-offs**: - Classifying every artifact adds friction to publishing. - The public / private boundary needs periodic review as the products evolve. - Building in public invites scrutiny; claims must hold up, which raises the documentation bar. ## Alternatives considered - **Full build-in-public (everything open)**: maximal trust signal, but unacceptable for the forensics platform and its customers. - **Fully closed / marketing-only blog**: safe, but forfeits the trust advantage that is the entire point of a sovereignty brand. - **A separate public-only repo for all public content**: cleaner confidentiality boundary, but fragments the source of truth; revisit if the tag-gate proves insufficient.