Release v0.1.4 Desktop Alpha RC

README.md

@@ -10,8 +10,8 @@
 
 **A sovereign, local-first compute fabric for trusted devices.**
 
-[![Tests](https://img.shields.io/badge/tests-160%20passing-00FF88?style=flat-square&labelColor=06090F)](./tests/test_sovereign_mesh.py)
-[![Release](https://img.shields.io/badge/release-v0.1.3-F6C177?style=flat-square&labelColor=06090F)](./README.md#current-status)
+[![Tests](https://img.shields.io/badge/tests-185%20passing-00FF88?style=flat-square&labelColor=06090F)](./tests/test_sovereign_mesh.py)
+[![Release](https://img.shields.io/badge/release-v0.1.4-F6C177?style=flat-square&labelColor=06090F)](./README.md#current-status)
 [![Version](https://img.shields.io/badge/wire%20version-sovereign--mesh%2Fv1-00D4FF?style=flat-square&labelColor=06090F)](./docs/OCP_STATUS.md)
 [![Status](https://img.shields.io/badge/status-active%20development-C8A96E?style=flat-square&labelColor=06090F)](./docs/OCP_MASTER_PLAN.md)
 [![Protocol](https://img.shields.io/badge/protocol-OCP%20v0.1-7BC6FF?style=flat-square&labelColor=06090F)](./docs/OCP_STATUS.md)
@@ -131,7 +131,7 @@ Some devices are powerful. Some are private. Some are fragile. Some are approval
 | `server_control_page.py` | Extracted control-deck renderer for the advanced operator surface |
 | `server_http_handlers.py` | Grouped HTTP route handlers so `server.py` stays a thin transport host |
 | `docs/` | Protocol notes, status, and roadmap |
-| `tests/test_sovereign_mesh.py` | Regression suite — 160 tests |
+| `tests/test_sovereign_mesh.py` | Regression suite — 185 tests |
 
 **Key runtime concepts:**
 
@@ -205,8 +205,28 @@ For a fuller walkthrough, see [docs/QUICKSTART.md](./docs/QUICKSTART.md).
 
 OCP ships a built-in one-app surface at `GET /` and `GET /app`. It is designed for phone browsers and can be added to the home screen as a local-first operator app.
 
+Mac beta desktop launcher:
+
+```bash
+python3 -m ocp_desktop.launcher
+```
+
+The launcher keeps state under `~/Library/Application Support/OCP/`, can start a local-only node or LAN-reachable Mesh Mode node, opens the OCP app, and shows the phone link for testing on the same Wi-Fi.
+
+Unsigned macOS beta bundle:
+
+```bash
+python3 scripts/build_macos_app.py
+open dist/OCP.app
+```
+
+The beta `.app` requires `python3` to be installed on the Mac. It excludes local state, identities, databases, `.git`, caches, and test artifacts from the bundle.
+
+When Mesh Mode is started from the desktop launcher, copied phone links include an operator token in the URL fragment and the browser stores it locally for OCP POST actions. If you start the server manually with `OCP_HOST=0.0.0.0`, set `OCP_OPERATOR_TOKEN` and open `http://HOST_IP:8421/app#ocp_operator_token=YOUR_TOKEN` from the phone.
+
 Inside the app:
 
+- `Today` shows mesh strength, Autonomic Mesh status, latest proof, next actions, and a phone link/QR
 - `Setup` embeds the easy setup flow from `GET /easy`
 - `Control` embeds the advanced control deck from `GET /control`
 - `Protocol` links the live manifest, device profile, and HTTP contract from `/mesh/*`
@@ -262,33 +282,21 @@ python3 -m unittest tests.test_sovereign_mesh
 python3 server.py --help
 ```
 
-Current baseline: **158 tests passing.**
+Current baseline: **185 tests passing.**
 
 ---
 
 ## Current Status
 
-**Released in v0.1.3**
-
-- protocol-kernel refactor that extracts real subsystem seams for protocol, state, scheduler, execution, artifacts, missions, helpers, and governance
-- `SovereignMesh` retained as the stable façade so routes, persistence, and current behavior stay compatible
-- execution boundary now owns runtime adapters, job submission and acceptance orchestration, and result packaging
-- broad regression suite remains green at 160 passing tests
-- continuity alpha now includes a 7026 vision document plus mission continuity vessel planning, verification, dry-run restore planning, `vessel`/`witness` artifact export, continuity metadata in manifests and mission state, continuity-aware scheduler explanations, additive treaty-aware continuity validation, and treaty posture surfaced in manifests and continuity summaries
-
-**Current main after v0.1.3**
+**Released in v0.1.4**
 
-- peer and discovery projections now expose treaty compatibility and custody-readiness hints
-- connect, sync, and handshake flows return plain-language `operator_summary` and `recommended_action` fields
-- peer lifecycle events and control-stream payloads carry compact treaty advisory state for live operator surfaces
-- mission continuity now recommends treaty/custody-capable restore targets when available
-- unified app shell at `/` and `/app` brings setup, control, and protocol inspection into one phone-friendly surface
-- easy setup and the advanced control deck still surface treaty posture without requiring raw JSON inspection
-- server internals now have grouped route modules, a dedicated `server_control_page.py` renderer, and a `/mesh/contract` snapshot with reusable protocol schemas, conformance fixtures, and lightweight ingress validation for the live HTTP surface
-- `server.py` now delegates grouped route families through `server_http_handlers.py`, keeping the HTTP host thin while preserving the existing route surface
-- treaty-bound artifact replication now enforces active local treaties plus custody-capable remote peers for sealed continuity artifacts
-- the repo now includes `scripts/check_protocol_conformance.py`, and CI runs it before the broader regression suite so protocol drift and package-boundary regressions fail earlier
-- artifact and mission services now rely more directly on their own row mappers instead of routing those conversions back through `SovereignMesh`
+- Autonomic Mesh alpha adds route health, one-button activation, proof repair, helper-safe enlistment, and app-visible summaries.
+- Desktop Alpha RC adds a Mac beta launcher, unsigned `.app` bundle builder, and a polished `/app` Today surface backed by `GET /mesh/app/status`.
+- LAN operator hardening now requires signed peer traffic or operator-token authenticated raw mesh mutations from non-loopback clients.
+- Private artifact content fetches now require operator auth unless the artifact policy is public.
+- Runtime execution now defaults to explicit environment inheritance, with `inherit_env_allowlist` for deliberate host env pass-through.
+- The signed envelope implementation now uses dependency-free Ed25519 helpers under `ed25519-sha512-v1`.
+- The protocol-kernel refactor and mission-continuity/treaty foundation from v0.1.3 remain intact, with the full regression suite green at 185 tests.
 
 **Implemented in the current runtime**
 
@@ -311,7 +319,7 @@ Current baseline: **158 tests passing.**
 ## Current Framing
 
 - `OCP v0.1` — protocol and spec draft
-- `v0.1.3` — current implementation release
+- `v0.1.4` — current implementation release
 - `Sovereign Mesh` — Python-first reference implementation
 - `sovereign-mesh/v1` — current wire version
 
@@ -334,6 +342,7 @@ OCP is already past "protocol sketch" stage. If it keeps going in this direction
 ## Related
 
 - [Status](./docs/OCP_STATUS.md)
+- [v0.1.4 Release Notes](./docs/RELEASE_v0.1.4.md)
 - [7026 Vision](./docs/OCP_7026_VISION.md)
 - [Quickstart](./docs/QUICKSTART.md)
 - [Master Plan](./docs/OCP_MASTER_PLAN.md)

docs/OCP_MASTER_PLAN.md

@@ -99,7 +99,7 @@ Core abstractions:
 
 Near-term implementation:
 
-- move from dependency-free Schnorr-style signing to Ed25519
+- continue hardening dependency-free Ed25519 signing with key rotation and signature agility
 - keep nonce replay tables and signed envelopes
 - support pinned peer keys and future multi-key rotation records
 

docs/OCP_STATUS.md

@@ -12,6 +12,7 @@ Related planning docs:
 ## Current framing
 
 - `OCP v0.1` = protocol/spec draft
+- `v0.1.4` = current Desktop Alpha RC implementation release
 - `Sovereign Mesh` = current Python-first reference implementation
 - `sovereign-mesh/v1` = current wire version
 
@@ -71,6 +72,10 @@ Related planning docs:
 - Active peer seek/discovery with candidate tracking, optional auto-connect, and mesh-visible discovery records
 - First operator-grade `Connect Devices` flow in the control deck with nearby scan, one-click connect, built-in reachability diagnostics, and one-click test missions
 - New unified OCP app shell at `GET /` and `GET /app` so phone and desktop operators get setup, control, and protocol inspection in one surface
+- App home now includes a `Today` panel with mesh strength, Autonomic Mesh activation, latest proof state, next actions, phone link/QR, and route-health summaries
+- Compact app status API at `GET /mesh/app/status` so product surfaces can render operator state without scraping the advanced cockpit
+- Mac-first beta desktop launcher with Local Only and Mesh Mode starts, Application Support state defaults, live status, app opening, and phone/LAN link copy
+- Unsigned macOS beta bundle builder at `python3 scripts/build_macos_app.py` that excludes local state, identities, databases, git metadata, caches, and test artifacts
 - Plain-language easy setup remains available at `GET /easy` so first-run pairing can stay friendly while `/control` remains the advanced cockpit module
 - Easy setup share-link copy and plain troubleshooting guidance so nearby pairing can fall back to “copy this link to the other computer” instead of terminal instructions
 - QR pairing on the easy page plus an auto-open launcher script so first-run setup can start with `python3 scripts/start_ocp_easy.py` and a scannable pairing link
@@ -171,7 +176,12 @@ Related planning docs:
 - HTTP contract and schema snapshot: `GET /mesh/contract`
 - Unified OCP app: `GET /`
 - Installable app shell: `GET /app`
+- App status: `GET /mesh/app/status`
 - App manifest: `GET /app.webmanifest`
+- Autonomic status: `GET /mesh/autonomy/status`
+- Autonomic activation: `POST /mesh/autonomy/activate`
+- Route health: `GET /mesh/routes/health`
+- Route probe: `POST /mesh/routes/probe`
 - Easy setup module: `GET /easy`
 - Phone control module: `GET /control`
 - Phone control stream: `GET /mesh/control/stream`
@@ -254,7 +264,7 @@ Related planning docs:
 
 ## Recommended next OCP builds
 
-1. Turn the control-deck pair/connect flow into a packaged desktop app with firewall prompts, tray presence, and startup defaults so OCP feels native instead of server-first.
+1. Add signed/notarized packaging, tray presence, startup defaults, and deeper firewall prompts after the unsigned Mac beta launcher proves the flow.
 2. Add a mission launch helper in the control surface so operators can create single-job or cooperative missions without dropping to raw JSON.
 
 ## Broader roadmap
@@ -270,4 +280,4 @@ python3 -m unittest tests.test_sovereign_mesh
 ```
 
 Current standalone baseline:
-- `tests.test_sovereign_mesh`: 156 tests passing
+- `tests.test_sovereign_mesh`: 185 tests passing

docs/OPEN_COMPUTE_PROTOCOL_v0.1.md

@@ -103,7 +103,7 @@ All mutable OCP requests are carried in a signed envelope:
     "protocol_release": "0.1",
     "implementation": "Sovereign Mesh",
     "protocol_version": "sovereign-mesh/v1",
-    "signature_scheme": "schnorr-sha256-modp1024-v1",
+    "signature_scheme": "ed25519-sha512-v1",
     "signature": "..."
   },
   "body": {
@@ -150,6 +150,11 @@ The current reference implementation exposes the protocol under `/mesh/*`.
 | `/mesh/artifacts/publish` | POST | Publish artifact |
 | `/mesh/artifacts/{artifact_id}` | GET | Fetch artifact subject to policy |
 | `/mesh/agents/handoff` | POST | Send explicit delegation packet |
+| `/mesh/app/status` | GET | Operator/app-facing status projection |
+| `/mesh/autonomy/status` | GET | Current Autonomic Mesh posture |
+| `/mesh/autonomy/activate` | POST | Assisted discovery, route probing, helper planning, and proof activation |
+| `/mesh/routes/health` | GET | Known route-candidate health projection |
+| `/mesh/routes/probe` | POST | Probe and refresh reachable peer routes |
 
 ## Execution Lifecycle
 
@@ -197,14 +202,15 @@ It does not include:
 
 The working implementation in this repo intentionally stays pragmatic:
 
-- signature scheme is currently dependency-free Schnorr-style signing, not Ed25519
+- signature scheme is currently dependency-free Ed25519 signing under `ed25519-sha512-v1`
 - stream sync is snapshot-and-cursor based, not yet a permanent duplex session manager
 - Golem is treated as a provider lane, not a trust authority
 - the standalone OCP store remains the local source of truth for mesh runtime state
+- app/autonomy routes are operator-facing control surfaces, not consensus or settlement surfaces
 
 ## Planned OCP v0.2 Themes
 
-- standardized Ed25519 signatures
+- signature agility, key rotation, and scoped capability grants
 - true duplex federation sessions
 - background sync daemon
 - richer executor and scheduling metadata

docs/QUICKSTART.md

@@ -25,6 +25,22 @@ That launcher:
 - keeps the advanced deck available at `/control`
 - prints detected LAN share URLs automatically when the node is reachable from other devices
 
+Mac beta app launcher:
+
+```bash
+python3 -m ocp_desktop.launcher
+```
+
+Use `Start Local Only` for a private node or `Start Mesh Mode` when you want your phone or spare laptop on the same Wi-Fi to connect. The launcher stores its beta app state under `~/Library/Application Support/OCP/`.
+In Mesh Mode, `Copy Phone Link` includes a private operator token in the URL fragment so the phone app can safely run OCP actions such as `Activate Autonomic Mesh`.
+
+Build the unsigned Mac beta bundle:
+
+```bash
+python3 scripts/build_macos_app.py
+open dist/OCP.app
+```
+
 If you prefer the shell starter instead:
 
 ```bash
@@ -88,6 +104,22 @@ Bind so another machine on your network can reach it:
 OCP_HOST=0.0.0.0 ./scripts/start_ocp.sh
 ```
 
+If you want phone/LAN control actions when starting manually, set an operator token and open the app with that token in the URL fragment:
+
+```bash
+OCP_OPERATOR_TOKEN=change-me OCP_HOST=0.0.0.0 python3 scripts/start_ocp_easy.py
+```
+
+```text
+http://HOST_IP:8421/app#ocp_operator_token=change-me
+```
+
+On Windows PowerShell, set environment variables before starting Python:
+
+```powershell
+$env:OCP_HOST="0.0.0.0"; $env:OCP_NODE_ID="beta-node"; $env:OCP_DISPLAY_NAME="Beta"; python scripts/start_ocp_easy.py
+```
+
 If you are testing the UI from another machine and the deck is empty, seed activity against the LAN URL:
 
 ```bash
@@ -115,6 +147,7 @@ OCP_HOST=0.0.0.0 OCP_PORT=8422 OCP_NODE_ID=beta-node OCP_DISPLAY_NAME=Beta pytho
 ```
 
 Then open `http://HOST_IP:8421/` on each machine, choose the `Setup` tab, use `Connect Everything`, then `Test Whole Mesh`.
+For the polished flow, open `/app` from the phone and press `Activate Autonomic Mesh`; it will scan, probe routes, plan safe helpers, run a whole-mesh proof, and explain what happened.
 
 If scan does not immediately find the other machine, use `Copy My Easy Link` on one computer and paste that address into the manual connect box on the other one.
 You can also scan the QR code from the easy page on the other device and open the pairing link that way.
@@ -124,5 +157,7 @@ You can also scan the QR code from the easy page on the other device and open th
 - OCP is standalone.
 - Personal Mirror can integrate with it, but is not required to run it.
 - The main operator app is `/`.
+- The app status API is `/mesh/app/status`.
+- Autonomic Mesh APIs are `/mesh/autonomy/status`, `/mesh/autonomy/activate`, `/mesh/routes/health`, and `/mesh/routes/probe`.
 - The easy setup module remains at `/easy`.
 - The advanced deck module remains at `/control`.

docs/RELEASE_v0.1.4.md

@@ -0,0 +1,58 @@
+# OCP v0.1.4 Release Notes
+
+Date: 2026-04-23
+
+`v0.1.4` is the Desktop Alpha RC release. It keeps the Python-first Sovereign Mesh runtime and SQLite substrate intact while making OCP feel more like one local-first personal compute app.
+
+## Highlights
+
+- Autonomic Mesh alpha: `Activate Autonomic Mesh` scans nearby devices, probes working routes, plans safe helpers, runs a whole-mesh proof, retries once after route repair, and returns plain-language summaries.
+- Route health is first-class: OCP records route candidates, prefers recently proven reachable URLs, and exposes route state at `GET /mesh/routes/health` and `POST /mesh/routes/probe`.
+- Polished app home: `/` and `/app` now show a Today panel with mesh strength, route health, latest proof state, next actions, phone link/QR, and direct activation.
+- Mac beta launcher: `python3 -m ocp_desktop.launcher` starts Local Only or Mesh Mode nodes with state under `~/Library/Application Support/OCP/`.
+- Unsigned Mac beta bundle: `python3 scripts/build_macos_app.py` creates `dist/OCP.app` and excludes local state, identities, DB files, `.git`, caches, and common secret files.
+- Operator hardening: raw `/mesh/*` mutation routes require loopback access or `OCP_OPERATOR_TOKEN`; signed peer routes remain signed-envelope based.
+- Safer execution defaults: host environment inheritance is off by default and can be enabled deliberately with `env_policy.inherit_env_allowlist`.
+- Envelope crypto now uses the dependency-free Ed25519 implementation identified by `ed25519-sha512-v1`.
+
+## Public Surfaces
+
+- App shell: `GET /` and `GET /app`
+- App status: `GET /mesh/app/status`
+- Autonomic Mesh: `GET /mesh/autonomy/status` and `POST /mesh/autonomy/activate`
+- Route health: `GET /mesh/routes/health` and `POST /mesh/routes/probe`
+- Desktop launcher config: `~/Library/Application Support/OCP/launcher.json`
+- Desktop launcher state: `~/Library/Application Support/OCP/state/`
+
+## Upgrade Notes
+
+- Existing local identities created with the older signature scheme may be regenerated on first start. Reconnect/re-pair trusted peers if an old node identity no longer matches.
+- Phone/LAN POST actions need operator auth. The Mac launcher copies phone links with `#ocp_operator_token=...` so the browser can store the token locally and send `X-OCP-Operator-Token`.
+- Manual LAN starts should set `OCP_OPERATOR_TOKEN` and open `http://HOST_IP:8421/app#ocp_operator_token=YOUR_TOKEN` from the phone.
+- Private artifact content is no longer fetchable from off-loopback clients unless the request is operator-authenticated or the artifact policy is public.
+- Jobs that relied on inherited host environment variables must declare `env_policy.inherit_host_env` and/or `env_policy.inherit_env_allowlist`.
+- The Mac app is unsigned and not notarized in this release. It requires a local `python3` installation.
+
+## Verification
+
+Release candidates should pass:
+
+```bash
+git diff --check
+python3 scripts/check_protocol_conformance.py
+python3 -m unittest tests.test_sovereign_mesh -q
+python3 server.py --help
+./scripts/start_ocp.sh --help
+python3 scripts/start_ocp_easy.py --help
+python3 scripts/build_macos_app.py --help
+python3 -m ocp_desktop.launcher --plan local
+```
+
+Manual RC demo:
+
+1. Start Alpha in Mesh Mode.
+2. Open the copied phone link on the same Wi-Fi.
+3. Connect Beta or a spare laptop.
+4. Press `Activate Autonomic Mesh`.
+5. Confirm the proof completes and the app reports the mesh as strong.
+6. Restart or kill Beta, activate again, and confirm OCP either repairs the route or gives one concrete fix.