{ "schema": "glee.public_contracts.v0", "generated_at": "2026-06-28T11:55:56Z", "canonical_url": "https://gleephoenix.com/contracts", "contracts_json_url": "https://gleephoenix.com/contracts.json", "purpose": "Make GLEE Cloud useful before it is powerful, while the Thousand Sunny stays sovereign.", "doctrine": [ "Ship signs. Fleet serves. Vela guides. MCP airlocks. Users authorize. Receipts prove. Money is remembered. Power is earned.", "The Thousand Sunny is the ship. GLEE Cloud is the fleet.", "The fleet may publish signals from the ship. The fleet may never silently command, expose, or compromise the ship.", "Do not fake liveness. Expose activity only from public receipts, status files, timestamps, logs, and verified artifacts." ], "ship_fleet_boundary": { "ship": { "name": "The Thousand Sunny", "role": "sovereign command center, private lab, root of trust, signing and verification source", "public_server": false, "may_publish": [ "signed artifacts", "public receipts", "public doctrine", "approved builds" ] }, "fleet": { "name": "GLEE Cloud", "role": "public site, onboarding, MCP airlock, GitHub repos, Cloudflare services, public receipts, search, accounts, contribution systems", "may_serve": [ "public website", "public search", "read-only MCP", "join sessions", "public status", "public receipts" ], "must_not_access": [ "Sunny shell", "Sunny filesystem", "signing credentials", "Captain credentials", "sensitive credentials", "unpublished private research" ] } }, "mcp_airlock": { "rule": "MCP is an airlock, not a hallway.", "initial_mode": "read-mostly public tools", "allowed_public_tools": [ "status.read", "receipts.search", "receipts.read", "projects.list", "projects.read", "search.public", "onboarding.start", "join.options", "support.options" ], "forbidden_public_tools": [ "admin.deploy", "sunny.command_execute", "env.read", "filesystem.write", "signing_credentials.read", "payment.execute_without_human_confirmation" ], "human_authorizes": true }, "user_states": [ { "state": "Visitor", "public_access": [ "read site", "search public state", "inspect receipts" ], "account_required": false }, { "state": "Follower", "public_access": [ "follow projects", "receive updates" ], "account_required": true }, { "state": "Supporter", "public_access": [ "contribution memory", "recognition preferences" ], "account_required": "optional until claim flow exists" }, { "state": "Contributor", "public_access": [ "submit work", "link receipts", "join project threads" ], "account_required": true }, { "state": "Node Runner", "public_access": [ "run local tooling", "request node pairing" ], "account_required": true }, { "state": "Trusted Contributor", "public_access": [ "higher-trust project actions after verified work" ], "account_required": true }, { "state": "Admin/Captain/Crew", "public_access": [ "internal authority only" ], "account_required": "private GLEE authority" } ], "join_session_contract": { "lifetime_minutes": 10, "source": "external_ai_or_public_site", "allowed_actions": [ "show_join_options", "create_account_later", "follow_project_later", "start_support_intent", "route_to_official_pages" ], "forbidden_actions": [ "collect_password", "collect_signing_credential", "access_sunny", "spend_money_without_confirmation", "authorize_identity_inside_ai_chat" ], "rule": "One-tap means low friction, not low consent." }, "flow_meter_contract": { "pricing_first_principle": "Pay for discovery. Subscribe from evidence.", "initial_mode": "pay-per-use later; no forced subscription before usage receipts exist", "hard_caps_required": true, "every_dollar_remembered": true, "recognition_boundary": "Contribution memory may affect recognition, access, trust, perks, founder status, or future platform privileges. It is not equity, a token, a profit share, or a promise of investment return." }, "authority_boundaries": { "glee_can_do_without_captain": [ "edit source files", "render static public site", "deploy from configured accounts", "verify public routes", "write receipts", "publish public-safe metadata", "prepare exact human-authority packets" ], "captain_or_human_authority_required": [ "accept terms of service", "enter passwords, passkeys, 2FA, recovery codes, bank details, or government identity", "spend money", "authorize payment provider, OAuth app, or account ownership actions", "approve private data exposure", "take irreversible destructive action" ], "current_missing_write_paths": [ { "id": "platform_custom_domain", "classification": "connected", "target": "platform.gleephoenix.com", "current_evidence": "Wrangler deploy attached platform.gleephoenix.com as a Worker custom domain; Cloudflare edge verification returned /health 200 with valid TLS via --resolve.", "workaround": "None needed for Worker routing. Continue using Workers.dev fallback only while local resolver caches settle." }, { "id": "github_oauth_credentials", "classification": "human_account_authority", "needed_fields": [ "client_id", "confidential OAuth value", "exact callback URL" ], "callback_url": "https://platform.gleephoenix.com/auth/github/callback", "rule": "GLEE may prepare settings and code. Captain/human authority must create/approve the GitHub OAuth app and confidential value entry." } ] } }