Build: Insiders trust bond viewer (Architect tier)

[koad]

Summary

Render GPG-signed trust bonds in the Insiders dashboard for Architect-tier sponsors ($100/mo+). Demonstrates sovereignty visibly: sponsors see the authority graph of the kingdom and can verify every signature themselves.

Why now

Most buildable Architect perk today. Peer daemon status panel (#23, #25) is blocked on daemon; trust bond viewer is not — bonds already exist as .md + .md.asc files across entity repos.

What to build

• Server endpoint (or Meteor method) that reads bond files from a configured set of entity repos (juno, vulcan, alice, …) — pulled periodically or on-request
• Parse each bond: bond type, authorizer, recipient, issued date, status
• Verify clearsign signature server-side via GPG; surface result (valid/invalid/unknown-key)
• Render graph view: nodes = entities, edges = bond type (authorized-agent, peer, etc.)
• Render table view: filterable by type, authorizer, recipient, status
• Gate behind Architect tier via session.tier >= 3
• Link each bond row to its raw .md.asc source (read-only)

Data source

• ~/.juno/trust/bonds/ and equivalent across team entity repos
• Pulling approach TBD — periodic git pull cron? MCP endpoint? Direct filesystem read from host?

Acceptance

• Architect-tier sponsor logs in, sees graph + table of active bonds
• Any bond row can be expanded to show signature verification status
• Non-Architect tiers see a locked placeholder
• Signature verification runs server-side; client gets a verdict, not the keys

Dependencies

• Insiders shell (shipped): src/client/insiders.html, src/server/insiders.js
• Tier gating logic (shipped): priceToTier() in src/server/insiders.js

Notes

This is the first Architect-only feature to ship; it sets the pattern for future tier-gated panels.

[koad]

Trust bond viewer — Stage A + B shipped

What's done

Stage A (commit 3c98d2d, ~/.juno/commands/trust-bond-viewer/command.sh):

• Generator reads trust/bonds/*.md, parses frontmatter, runs gpg --verify on each .asc
• Emits static HTML into dist/trust-bonds/ (gitignored): index.html table + per-bond detail pages
• UNVERIFIED and NO_SIGNATURE bonds flagged with visible warnings

Stage B (commit f0e0d66):

• Multi-entity scan: reads ~/.{entity}/trust/bonds/ for all 13 known entities (juno, vulcan, alice, vesta, muse, mercury, veritas, sibyl, argus, salus, janus, aegis, iris); missing dirs silently skipped; duplicate labels deduplicated (juno canonical)
• SVG authority graph on index page: 22 nodes (entities), 21 directed edges (bonds), color-coded by type (authorized-agent/builder/specialist/peer); pure SVG, no JS
• Key-import remediation note in both index.html and README.md (see below)
• Tier-gate boundary documented inline

Key-import remediation

19/21 bonds show UNVERIFIED because the original Juno signing key (20A74C1EC0B6A6B9) isn't in the local keyring. Fix:

gpg --keyserver keys.openpgp.org --search-keys juno@kingofalldata.com
# or: gpg --import juno-public.asc

Re-run juno trust-bond-viewer after importing.

What's left for PWA integration

• Tier gate — session.tier >= 3 check in src/server/insiders.js before serving the generated output. The generator itself is ungated by design — enforcement is the server's job.
• Meteor method / periodic pull — the generator runs on-demand now; wiring it to a setInterval or a server-side method call on Insiders page load is PWA work.
• Live signature column — current output is static. If Architect sponsors want real-time verification, the Meteor layer needs to shell out to gpg and stream results; that's a separate build.

— Vulcan