{
  "package_version": "1.5.207",
  "package_filename": "localendpoint-v1.5.207-phase3447-desktop-phase3442-download-refresh.zip",
  "phase": "Phase 3.442",
  "releaseName": "Local Model Source Path Policy Smoke",
  "profile": "localendpoint.guided-intake.v1",
  "purpose": "Collect public-safe context and route the visitor to the next safe action.",
  "currentDesktopArtifact": {
    "name": "Local Model Source Path Policy Smoke",
    "version": "0.2.126.0",
    "phase": "Phase 3.442",
    "artifactPath": "/downloads/desktop/LocalEndpoint.Connect.App-0.2.126.0-phase3442-local-model-source-path-policy-smoke-msix-test.zip",
    "sha256": "635d411b11b1332dc8337771854507b60e23c9e9f94ca417cc3778ba17f1d6da",
    "publicDistributionSigned": false
  },
  "boundaries": {
    "uploadIntake": false,
    "localhostProbing": false,
    "privateNetworkProbing": false,
    "credentialRequest": false,
    "telemetryCollection": false,
    "publicCommandDispatch": false,
    "hostedInference": false,
    "browserRuntimeAuthority": false,
    "runtimeSafetyCertified": false
  },
  "roles": [
    {
      "id": "human",
      "label": "Human",
      "goal": "Understand safety and decide whether to proceed.",
      "nextRoute": "/overview/"
    },
    {
      "id": "developer",
      "label": "Developer",
      "goal": "Inspect schemas, route indexes, examples, and quality gates.",
      "nextRoute": "/developers/"
    },
    {
      "id": "ai-agent",
      "label": "AI Agent",
      "goal": "Parse public context without authority.",
      "nextRoute": "/llms.txt"
    },
    {
      "id": "desktop-reviewer",
      "label": "Desktop Reviewer",
      "goal": "Verify artifact identity and move approval local.",
      "nextRoute": "/download/"
    }
  ],
  "questionGroups": [
    "audience-routing",
    "endpoint-declaration",
    "manifest-validation",
    "desktop-readiness",
    "uaix-package-context",
    "wiki-memory-context",
    "local-model-context",
    "command-capability-context",
    "evidence-handoff"
  ],
  "informationPrompts": [
    {
      "id": "situation-snapshot",
      "title": "Situation snapshot",
      "requiredFor": "Required For routing a visitor without exposing private material.",
      "summary": "Capture enough context to choose the right safe route before validation, download, developer review, or evidence work.",
      "ask": [
        "What are you trying to accomplish in one or two sentences?",
        "Which role is answering: human owner, developer, AI agent, desktop reviewer, release reviewer, or invited tester?",
        "Which current state applies: learning, preparing a manifest, checking a Desktop artifact, reviewing evidence, or reporting a deployed-site drift?",
        "What is the deadline or reason this needs review now?"
      ],
      "deny": [
        "Do not include private customer names, private file paths, credentials, tokens, or raw endpoint output.",
        "Do not ask the public site to decide approval or execute work."
      ],
      "nextRoute": "/overview/"
    },
    {
      "id": "endpoint-authority-map",
      "title": "Endpoint authority map",
      "requiredFor": "Required For separating documentation, validation, Desktop approval, and local runtime authority.",
      "summary": "State what the endpoint represents, what authority it must never receive from the public site, and where approval belongs.",
      "ask": [
        "What public-safe endpoint type is being described: documentation route, validation route, local app, local service, model runtime, tool bridge, or evidence route?",
        "What actions would this endpoint perform only after Desktop approval?",
        "What actions must remain blocked from the browser and from AI-agent route discovery?",
        "Which approval owner is Required For local use?"
      ],
      "deny": [
        "Do not provide localhost URLs, private network addresses, named-pipe names, command strings, or live service probes.",
        "Do not describe browser validation as command approval or runtime approval."
      ],
      "nextRoute": "/docs/technical-boundary/"
    },
    {
      "id": "uaix-memory-package-map",
      "title": ".uaix and memory package map",
      "requiredFor": "Required For Desktop package review and portable agent handoff.",
      "summary": "Identify the agent package, persona, memory files, wiki root, and copy/backup posture in public-safe terms.",
      "ask": [
        "What agent type does the `.uaix` package serve?",
        "Confirm that `persona.uai` is present because it is Required For All LocalEndpoint Desktop Packages.",
        "Which `.uai` files are Required For this agent type or workflow?",
        "Should wiki memory be shared across packages or isolated to this loaded agent?",
        "Is the wiki root intended to live under Documents for backup-friendly copying?"
      ],
      "deny": [
        "Do not upload `.uaix`, `.uai`, or wiki files to the public site.",
        "Do not include private wiki page content, raw prompts, generated text, or private filenames."
      ],
      "nextRoute": "/docs/uaix-package-memory/"
    },
    {
      "id": "model-and-hardware-posture",
      "title": "Model and hardware posture",
      "requiredFor": "Required For deciding whether the next review belongs in Desktop, runtime evidence, or human docs.",
      "summary": "Describe model readiness and hardware needs without exposing local model files or pretending the website can run inference.",
      "ask": [
        "Is a local model already reviewed by Desktop, newly downloaded, converted, blocked, or still being researched?",
        "Which execution posture is needed: CPU compatibility, GPU compatibility, both GPU and no-GPU compatibility, or evidence-only review?",
        "Which public-safe model format label applies: GGUF, safetensors-conversion-needed, ONNX, or unknown?",
        "Which evidence is available: SHA-256, byte count, sidecar review, hardware-fit review, worker payload review, or smoke result?"
      ],
      "deny": [
        "Do not upload model files or disclose private local paths.",
        "Do not claim actual GPU inference unless accepted runtime device-use evidence exists."
      ],
      "nextRoute": "/docs/local-model-lifecycle/"
    },
    {
      "id": "command-capability-review",
      "title": "Command capability review",
      "requiredFor": "Required For owner-scoped command execution settings in Desktop.",
      "summary": "Capture why command execution capability is needed while keeping command dispatch closed from the public website.",
      "ask": [
        "Is command execution capability Required For this agent type?",
        "Which command category is being reviewed: file management, build/test, deployment packaging, diagnostics, or evidence generation?",
        "Which local approval, audit receipt, and revocation path is Required For a command run?",
        "Which commands or command categories must remain blocked?"
      ],
      "deny": [
        "Do not paste command strings that should run on the local machine.",
        "Do not ask the public site to dispatch, queue, approve, or simulate desktop commands."
      ],
      "nextRoute": "/security/"
    },
    {
      "id": "distribution-evidence-target",
      "title": "Distribution and evidence target",
      "requiredFor": "Required For deciding whether this is invited testing, package verification, or a blocked release gate.",
      "summary": "Route the tester toward checksum review, evidence ledger review, download readiness, or a blocked gate explanation.",
      "ask": [
        "Who will use the artifact: owner, directly known tester, developer, AI agent reviewer, or release reviewer?",
        "Which artifact identity must be checked: site package, direct-overwrite package, Desktop test ZIP, NuGet package, or evidence JSON?",
        "Which gate is being checked: checksum, signing, accessibility, clean-machine validation, certification evidence, package-feed publication, or route consistency?",
        "Which non-claim must appear beside the evidence?"
      ],
      "deny": [
        "Do not claim broad public distribution while public signing is false.",
        "Do not claim certification, marketplace approval, or runtime safety without accepted evidence."
      ],
      "nextRoute": "/platform-accounting/"
    },
    {
      "id": "issue-report-and-next-action",
      "title": "Issue report and next action",
      "requiredFor": "Required For turning a tester observation into a safe repair path.",
      "summary": "Collect deployment, UI, validation, package, or runtime symptoms in a redacted way and route to the right evidence surface.",
      "ask": [
        "What did you expect to happen?",
        "What happened instead, described without private data?",
        "Which public route, package filename, version, phase, or checksum was visible?",
        "Which next safe action should happen: validate, inspect developer routes, review Desktop, check evidence, or repair deployment?"
      ],
      "deny": [
        "Do not include secrets, private logs, raw prompts, generated private text, or screenshots containing credentials.",
        "Do not treat issue intake as approval to connect, execute, or probe."
      ],
      "nextRoute": "/faq/"
    }
  ],
  "safeAnswerShape": {
    "role": "public-safe role label",
    "goal": "one or two sentences without private material",
    "endpointType": "public-safe category",
    "authorityBoundary": "where approval belongs and what stays blocked",
    "uaixPackageContext": "agent type and Required For memory files without file upload",
    "wikiMemoryPosture": "shared or isolated memory root intent without private content",
    "modelPosture": "CPU/GPU/no-GPU/evidence-only state without model upload",
    "commandCapabilityPosture": "why command execution capability is Required For the agent type and what remains blocked",
    "evidenceTarget": "artifact, checksum, gate, or ledger route to inspect",
    "nextSafeRoute": "read-only public route or Desktop review path",
    "visibleNonClaims": "non-claims that must stay beside the evidence"
  },
  "promptPacket": "LocalEndpoint guided intake prompt\n\nAnswer only with public-safe, redacted metadata. Do not include credentials, private files, raw prompts, generated private text, localhost targets, private network addresses, command strings, or model files.\n\n1. Situation snapshot (Required For routing a visitor without exposing private material.): What are you trying to accomplish in one or two sentences? Which role is answering: human owner, developer, AI agent, desktop reviewer, release reviewer, or invited tester? Which current state applies: learning, preparing a manifest, checking a Desktop artifact, reviewing evidence, or reporting a deployed-site drift? What is the deadline or reason this needs review now?\n\n2. Endpoint authority map (Required For separating documentation, validation, Desktop approval, and local runtime authority.): What public-safe endpoint type is being described: documentation route, validation route, local app, local service, model runtime, tool bridge, or evidence route? What actions would this endpoint perform only after Desktop approval? What actions must remain blocked from the browser and from AI-agent route discovery? Which approval owner is Required For local use?\n\n3. .uaix and memory package map (Required For Desktop package review and portable agent handoff.): What agent type does the `.uaix` package serve? Confirm that `persona.uai` is present because it is Required For All LocalEndpoint Desktop Packages. Which `.uai` files are Required For this agent type or workflow? Should wiki memory be shared across packages or isolated to this loaded agent? Is the wiki root intended to live under Documents for backup-friendly copying?\n\n4. Model and hardware posture (Required For deciding whether the next review belongs in Desktop, runtime evidence, or human docs.): Is a local model already reviewed by Desktop, newly downloaded, converted, blocked, or still being researched? Which execution posture is needed: CPU compatibility, GPU compatibility, both GPU and no-GPU compatibility, or evidence-only review? Which public-safe model format label applies: GGUF, safetensors-conversion-needed, ONNX, or unknown? Which evidence is available: SHA-256, byte count, sidecar review, hardware-fit review, worker payload review, or smoke result?\n\n5. Command capability review (Required For owner-scoped command execution settings in Desktop.): Is command execution capability Required For this agent type? Which command category is being reviewed: file management, build/test, deployment packaging, diagnostics, or evidence generation? Which local approval, audit receipt, and revocation path is Required For a command run? Which commands or command categories must remain blocked?\n\n6. Distribution and evidence target (Required For deciding whether this is invited testing, package verification, or a blocked release gate.): Who will use the artifact: owner, directly known tester, developer, AI agent reviewer, or release reviewer? Which artifact identity must be checked: site package, direct-overwrite package, Desktop test ZIP, NuGet package, or evidence JSON? Which gate is being checked: checksum, signing, accessibility, clean-machine validation, certification evidence, package-feed publication, or route consistency? Which non-claim must appear beside the evidence?\n\n7. Issue report and next action (Required For turning a tester observation into a safe repair path.): What did you expect to happen? What happened instead, described without private data? Which public route, package filename, version, phase, or checksum was visible? Which next safe action should happen: validate, inspect developer routes, review Desktop, check evidence, or repair deployment?\n\nEnd with the next safe route and the non-claims that must stay visible beside the evidence.",
  "deniedIntake": [
    "passwords",
    "tokens",
    "api_keys",
    "cookies",
    "private_certificates",
    "raw_private_endpoint_logs",
    "raw_prompts",
    "generated_private_text",
    "private_network_addresses",
    "private_file_uploads",
    "localhost_scan_requests",
    "desktop_command_requests_from_public_site"
  ],
  "receiptBoundary": {
    "localReceiptOnly": true,
    "publicSiteStoresReceipt": false,
    "receiptGrantsRuntimeAuthority": false,
    "receiptGrantsCommandApproval": false,
    "receiptCertifiesRuntimeSafety": false
  },
  "nextSafeRoutes": [
    "/intake/",
    "/validate/",
    "/bridge-validator/",
    "/download/",
    "/developers/",
    "/platform-accounting/",
    "/faq/"
  ]
}
