feat(claims): ground the two PARTIAL honesty claims after verifying the code

content/grounding.json

@@ -1,11 +1,20 @@
 {
-  "_source": "Grounded facts bounded.tools genuinely backs — the source for string-audit's claim->grounding check (emitted to data/audit/grounding.json by emit-catalog). Each key is a lowercase phrase a `claim`-typed symbol may assert; the value records WHY it is backed. ONLY genuinely-backed facts belong here: adding an unbacked term to pass the gate is the exact overclaim this check exists to prevent. Scope: ENFORCED graded claims + blocking-gate conformance evidence. PARTIAL/ASPIRATIONAL claims are NOT grounded — they stay `body`, never typed `claim`.",
+  "_source": "Grounded facts bounded.tools genuinely backs — the source for string-audit's claim->grounding check (emitted to data/audit/grounding.json by emit-catalog). Each key is a lowercase phrase a `claim`-typed symbol may assert; the value records WHY it is backed. ONLY genuinely-backed facts belong here: adding an unbacked term to pass the gate is the exact overclaim this check exists to prevent. ENFORCED terms are CI-proven on this build. PARTIAL terms name mechanisms VERIFIED code-complete in the linked repos (file cited); their activation/transport gap is carried by the visible PARTIAL grade — do not promote them to unconditional. ASPIRATIONAL claims (prx/claude-box converge; contracts stay honest) are bets — NOT grounded, kept `body`.",
+
   "docs generate from source": "ENFORCED — gen-blog / gen-conformance generate from source; --check staleness gates fail CI on drift",
   "fail ci on drift": "ENFORCED — the committed catalog/structure/blog --check gates block the build on drift",
   "behaviour specs execute": "ENFORCED graded claim — guest-room's behaviour specs run against the engine (evidence-linked)",
   "graded against the running code": "ENFORCED — gen-conformance folds blocking-gate verdicts into the conformance projection",
   "reproducible build": "conformance-evidence.reproducibleBuild — blocking gate",
   "sbom": "conformance-evidence.sbom — SPDX SBOM generated and completeness-checked",
   "signed release manifest": "conformance-evidence.signedReleaseManifest — blocking gate",
-  "content digests": "conformance-evidence.contentDigests — RFC 9530, blocking gate"
+  "content digests": "conformance-evidence.contentDigests — RFC 9530, blocking gate",
+
+  "in-toto": "PARTIAL — ocap-provenance/slsa.ts emits in-toto Statement v1 envelopes; gap: emission opt-in until Sigstore lands",
+  "slsa": "PARTIAL — ocap-provenance uses SLSA Provenance v1 (slsa.ts, SLSA-MAPPING.md); verified by prx verifySlsaDerivation; gap: enforcement conditional",
+  "signed per-actor": "PARTIAL — prx signer.ts derives a per-actor key; effect-ownership.ts attributes via builder.id; gap: prod default fail-open until Sigstore",
+  "content-addressed in a derivation ledger": "PARTIAL — anchored-chain derivation-store.ts (digest-keyed, derivationsByOutput); gap: ledger may be null on read-only replicas",
+  "fail-closed at the merge gate": "PARTIAL — prx workflow.ts canEnterReadyToMerge blocks on unsigned, merge-guard.ts; gap: only runs when requireSignedDerivations() is set",
+  "broker daemon": "PARTIAL — keeperd/daemon.ts holds the key and performs the push; agent holds only a socket (claude-box CAPABILITIES.md); gap: macOS TCP transport weaker than unix-socket possession",
+  "never holds the credential": "PARTIAL — claude-box ROOM.md/CAPABILITIES.md: container is credential-free, keeperd/contract.ts never returns key material; gap: not sandbox-hardened (TCB = daemon + container boundary)"
 }

content/marketing.feature

@@ -75,3 +75,11 @@ Feature: bounded.tools marketing micro-copy
   @marketing
   Scenario: The behaviour-specs claim (enforced) is consistent
     Then surfaces present the claim "guest-room's behaviour specs execute against the engine."
+
+  @marketing
+  Scenario: The provenance claim (partial) is consistent
+    Then surfaces present the claim "A git-write carries a verifiable in-toto / SLSA provenance derivation — signed per-actor, content-addressed in a derivation ledger, checked fail-closed at the merge gate."
+
+  @marketing
+  Scenario: The broker-credential claim (partial) is consistent
+    Then surfaces present the claim "The agent never holds the credential — a broker daemon does."

content/strings.json

@@ -17,5 +17,7 @@
   "bet-grade-label": { "$value": "This claim, graded:", "$description": "Inline grade label on the bet." },
   "bio-talk": { "$value": "If your team is chewing on the same problem, I'd like to talk.", "$description": "Colophon bio — contact prompt." },
   "claim-docs": { "$value": "Docs generate from source and fail CI on drift.", "$description": "Honesty claim (ENFORCED) — typed `claim`, grounded in content/grounding.json." },
-  "claim-specs": { "$value": "guest-room's behaviour specs execute against the engine.", "$description": "Honesty claim (ENFORCED) — typed `claim`, grounded in content/grounding.json." }
+  "claim-specs": { "$value": "guest-room's behaviour specs execute against the engine.", "$description": "Honesty claim (ENFORCED) — typed `claim`, grounded in content/grounding.json." },
+  "claim-provenance": { "$value": "A git-write carries a verifiable in-toto / SLSA provenance derivation — signed per-actor, content-addressed in a derivation ledger, checked fail-closed at the merge gate.", "$description": "Honesty claim (PARTIAL) — mechanisms verified in ocap-provenance/prx/anchored-chain; grounded; gap carried by the PARTIAL grade." },
+  "claim-broker": { "$value": "The agent never holds the credential — a broker daemon does.", "$description": "Honesty claim (PARTIAL) — verified in keeperd/daemon.ts + claude-box CAPABILITIES.md; grounded; macOS transport gap carried by the PARTIAL grade." }
 }

data/audit/catalog.json

@@ -1029,11 +1029,21 @@
     "$type": "body",
     "$description": "micro-copy token — content/strings.json#byline"
   },
+  "content/strings.json#claim-broker": {
+    "$value": "The agent never holds the credential — a broker daemon does.",
+    "$type": "claim",
+    "$description": "micro-copy token — content/strings.json#claim-broker"
+  },
   "content/strings.json#claim-docs": {
     "$value": "Docs generate from source and fail CI on drift.",
     "$type": "claim",
     "$description": "micro-copy token — content/strings.json#claim-docs"
   },
+  "content/strings.json#claim-provenance": {
+    "$value": "A git-write carries a verifiable in-toto / SLSA provenance derivation — signed per-actor, content-addressed in a derivation ledger, checked fail-closed at the merge gate.",
+    "$type": "claim",
+    "$description": "micro-copy token — content/strings.json#claim-provenance"
+  },
   "content/strings.json#claim-specs": {
     "$value": "guest-room's behaviour specs execute against the engine.",
     "$type": "claim",

data/audit/grounding.json

@@ -6,5 +6,12 @@
   "reproducible build",
   "sbom",
   "signed release manifest",
-  "content digests"
+  "content digests",
+  "in-toto",
+  "slsa",
+  "signed per-actor",
+  "content-addressed in a derivation ledger",
+  "fail-closed at the merge gate",
+  "broker daemon",
+  "never holds the credential"
 ]