Docs/governance overhaul

CHANGELOG.md

@@ -1,32 +1,32 @@
 # Changelog
 
-All notable changes to this project will be documented in this file.
+All notable changes to the RootSpace project will be documented in this file.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [1.1.0] - 2026-03-17
+## [1.2.1] - 2026-03-26
 
-### Added
-
-- Integrated Vitest for automated testing.
-- Added GitHub Actions CI coverage for tests.
-- Created repository gap analysis and improvement plan.
-- Added `CHANGELOG.md` and `ROADMAP.md`.
-- Added GitHub Issue Templates.
-- Added `.env.example` and `docker-compose.yml`.
+### Fixed
+*   **NPM Pipeline Conflict:** Fixed an `EPUBLISHCONFLICT` in the `npm-publish.yml` CI workflow by explicitly bumping the `package.json` version and aligning the workspace scopes. The `@johnvteixido/rootspace` package now successfully traverses the GitHub Packages registry.
 
-## [1.0.1] - 2026-03-17
+## [1.2.0] - 2026-03-26
 
-### Fixed
+### Added
+*   **Dual License Model**: Ratified the AGPLv3 and Commercial Licensing separation, codifying the rules in `LICENSE` and `COMMERCIAL_LICENSE.md`.
+*   **Wiki Architecture:** Massively expanded the GitHub Wiki with official documentation for `Architecture`, `API-Reference`, `Deployment-Guide`, and `Development-Setup`.
+*   **Branch Protection**: `main` is now locked down with PR requirements, CI Status Check gates, and mandatory signed commits.
+*   **Projects**: Integrated a GitHub Projects backlog to manage roadmap features.
 
-- Initial package publishing fixes and CI/CD alignment.
+### Security
+*   **CVE-2026-32314**: Upgraded `yamux` multiplexer in the Rust core from `0.13.3` to `0.13.10` to mitigate a critical remote panic vulnerability via malformed SYN+Data frames.
+*   **CVE-2026-33672**: Upgraded `picomatch` in the Node.js API to `4.0.3` to prevent POSIX Character Class method injection.
 
-## [1.0.0] - 2026-03-10
+### Fixed
+*   **Docker Pipeline Builder**: Bumped target Rust builder image to `rust:bookworm` to resolve failing glibc / `time` crate Minimum Supported Rust Version (MSRV) errors.
+*   **GitHub Actions Outdates**: Replaced deprecated `actions/checkout@v6` placeholders with the supported `v4` to restore functionality across all workflows.
 
-### Added
+## [1.0.0] - Genesis Swarm
 
-- Initial release of RootSpace Daemon and Dashboard.
-- P2P networking via `libp2p`.
-- WebSocket Agent API.
-- Basic Proof-of-Pwn validation.
+*   Initial release of the RootSpace Rust daemon.
+*   Implementation of the experimental `wasmtime` agent executor.
+*   Vite + React 3D Dashboard preview.

CODE_OF_CONDUCT.md

@@ -1,15 +1,37 @@
-# Code of Conduct
+# RootSpace Code of Conduct
 
 ## Our Pledge
 
-We are committed to making participation in the RootSpace community a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
+In the interest of fostering an open, professional, and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
 
-RootSpace is an open-source tool for **ethical hacking**, vulnerability research, and authorized red team coordination. We do not condone, promote, or harbor malicious activities.
+## Our Standards
+
+Examples of behavior that contributes to creating a positive and professional environment include:
+* Using welcoming and inclusive language.
+* Being respectful of differing viewpoints and architectural decisions.
+* Gracefully accepting constructive code reviews and architectural feedback.
+* Focusing on what is best for the RootSpace network, the community, and enterprise stability.
+* Showing empathy towards other community members and maintainers.
+
+Examples of unacceptable behavior by participants include:
+* The use of sexualized language or imagery and unwelcome sexual attention or advances.
+* Trolling, insulting/derogatory comments, and personal or political attacks.
+* Public or private harassment.
+* Publishing others' private information, such as a physical or electronic address, without explicit permission.
+* Other conduct which could reasonably be considered inappropriate in an enterprise engineering setting.
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Maintainers have the right and responsibility to randomly remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
 
 ## Scope
 
-This Code of Conduct applies both within project spaces (GitHub, Subnet Gossipsub channels, Issues, Pull Requests) and in public spaces when an individual is representing the project or its community.
+This Code of Conduct applies within all project spaces, including the GitHub repository, Wiki, Discord/Slack channels, and mailing lists. It also applies when an individual is representing the project or its community in public spaces.
 
 ## Enforcement
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at `conduct@rootspace.io`. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.

COMMERCIAL_LICENSE.md

@@ -1,27 +1,23 @@
-# RootSpace Commercial & Government License
+# RootSpace Commercial License Agreement
 
-## License Introduction
+RootSpace is developed under a **Dual License** model.
 
-RootSpace is primarily licensed under the **GNU Affero General Public License v3 (AGPL-3.0)**. This ensures that the decentralized core remains free and open-source.
+While the core functionality is openly available for non-commercial, academic, and open-source projects under the **GNU Affero General Public License v3.0 (AGPLv3)**, commercial enterprises and businesses wishing to monetize or embed RootSpace into proprietary (closed-source) software must acquire a **Commercial License**.
 
-## Commercial Licensing Option
+## When Do I Need a Commercial License?
 
-For government agencies, contractors, and enterprises that cannot comply with the copyleft requirements of the AGPL-3.0 (e.g., when embedding RootSpace in proprietary systems or closed-source products), we offer a **Commercial/Government Purpose License**.
+You are required to purchase a Commercial License if you intend to:
+1. **Derive Revenue:** Build a commercial product, SaaS offering, or managed service using the RootSpace networking or execution engine.
+2. **Close Source:** Distribute or deploy RootSpace within a proprietary application without releasing your source code to the public.
+3. **Remove Copyleft Obligations:** Bypass the AGPLv3 requirement that users interacting with your modified node over a network receive the source code.
 
-### Benefits of the Commercial License:
-- **Exemption from AGPLv3**: No requirement to share source code of your proprietary integration.
-- **Enterprise Support**: Direct access to core maintainers for security architecture and FedRAMP advisory.
-- **Warranty & Indemnification**: Standard commercial warranties and intellectual property indemnification.
-- **FIPS Compliance Support**: Assistance with configuring FIPS-validated cryptographic modules.
+## Commercial License Benefits
+* **Proprietary Exemption**: Use, modify, and distribute RootSpace within closed-source enterprise software.
+* **Warranties & Indemnification**: Legal protections unavailable under the open-source license.
+* **Priority Support**: Direct technical support, architectural reviews, and prioritized bug fixes directly from the core maintainers.
 
-## Contact Information
+## Purchasing a License
+To inquire about enterprise pricing, OEM distribution, or to purchase a Commercial License, please contact:
 
-To inquire about a commercial license or to discuss specific government procurement requirements (e.g., GSA Schedule, SEWP), please contact:
-
-**Sales & Licensing Team**
-Email: johnvteixido@gmail.com
-Website: [www.linkedin.com/in/johnvteixido](www.linkedin.com/in/johnvteixido)
-
----
-
-*Note: This document serves as a notice of licensing options and does not itself constitute a binding legal agreement. A separate signed contract is required for the Commercial/Government License.*
+**Email**: licensing@rootspace.io
+*(Update this email/contact link as the project matures)*

CONTRIBUTING.md

@@ -1,29 +1,61 @@
 # Contributing to RootSpace
 
-First off, thank you for considering contributing to RootSpace! It's people like you that make RootSpace the robust, decentralized tool it is.
+First off, thank you for considering contributing to RootSpace! It's people like you that make this decentralized network possible. 
 
-## 🤝 How to Contribute
+RootSpace is an enterprise-grade execution environment running a dual-stack architecture: a rigid **Rust** high-performance core, and an agile **Node.js** API gateway and dashboard.
 
-### Reporting Bugs
+## ⚖️ Contributor License Agreement (CLA)
 
-If you find a bug in the source code or a mistake in the documentation, you can help us by submitting an issue to our GitHub Repository. Even better, you can submit a Pull Request with a fix.
+Because RootSpace operates under a Dual License model (AGPL-3.0 and Commercial), all external contributors must sign our Contributor License Agreement (CLA). This ensures that the core team retains the necessary rights to offer the software under dual-licensing terms and defends the project legally.
 
-### Suggesting Enhancements
+*When you open your first Pull Request, you will be automatically prompted by our CLA Bot to sign the agreement.*
 
-Is there a Subnet topology missing? Do you want to see a new feature? You can suggest enhancements by submitting an issue to our GitHub Repository.
+## 🏗️ Local Development Setup
 
-### Your First Pull Request
+### Rust Core (`rust-v2/`)
+1. Ensure you have the latest stable Rust toolchain (`>= 1.85`).
+2. Run tests locally before committing: `cargo test`
+3. Run the linter: `cargo clippy -- -D warnings`
+4. Format code: `cargo fmt`
 
-1. Fork the repo and create your branch from `main`.
-2. Ensure you have installed dependents via `npm install`.
-3. If you've added code that should be tested, add integration tests.
-4. Ensure the test suite passes.
-5. Issue that pull request!
+### Node.js Integration (`/` and `dashboard/`)
+1. Ensure you have Node.js (`>= 20.x`).
+2. Install dependencies: `npm install && cd dashboard && npm install`
+3. Run the linter: `npm run lint:all`
+4. Ensure tests pass: `npm run test:all`
 
-## 🦀 The V2 Rust Port
+## 🔀 Pull Request Process
 
-We are actively planning the migration from Node.js to Rust (`libp2p-rs`) to achieve unprecedented speeds and concurrency for our Daemons. If you are a Rust developer interested in P2P infrastructure, please check out the pinned `V2 Rust Migration` issue on our repository to get started.
+The `main` branch is strictly protected. **You cannot push directly to `main`.**
 
-## License
+1. Ensure your code passes all established local tests and linting.
+2. Ensure you have added or updated tests for any new features or bug fixes.
+3. Update the `README.md` or Wiki if your change impacts documentation.
+4. **Sign your commits**: RootSpace requires signed commits. Follow GitHub's guide on [signing commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits).
+5. Open a Pull Request against the `main` branch.
+6. Your PR must pass all required CI Status Checks:
+    * Rust CI
+    * Node.js CI
+    * Docker Build and Push
+    * CodeQL Vulnerability Scanning
+7. A project maintainer will review your code. Minor iterations may be required to meet our architectural or security standards.
 
-By contributing, you agree that your contributions will be licensed under its GNU Affero General Public License v3.0 (AGPL-3.0).
+## 🐛 Bug Reports
+
+If you discover a bug, please search our existing Issues before opening a new one. 
+If it is a **security vulnerability**, do NOT open a public issue. Refer to `SECURITY.md` for responsible disclosure instructions.
+
+For standard bugs, please include:
+* Operating System and version
+* Node.js and Rust versions
+* A minimal reproduction repository or list of steps
+* Expected vs Actual behavior
+
+## ✨ Feature Requests
+
+Feature requests are highly encouraged! Please open an issue with the `enhancement` label and describe:
+1. The problem you are trying to solve.
+2. Your proposed solution or architecture.
+3. Relevant alternatives considered.
+
+*If you plan to submit a PR for a major feature, please open an Issue to discuss the architecture first to ensure it aligns with the project Roadmap.*