v0.0.3 — Compliance by deployment: Box Trust Center mapped to tiers

Adds a deployment-tier compliance posture reference doc. Auditors and procurement teams can now self-serve which deployment model maps to which regulatory regime, with authoritative Box-official URLs for every claim.

What ships

references/compliance-by-deployment.md — three deployment models × every regulation Box publicly claims coverage for:

Deployment models

Model	Components	Best for
A — On-prem air-gapped	box-memory-onprem only + Box Drive	IL4 / ITAR / strictest air-gap
B — Hybrid	Both plugins; user picks per workflow	Mixed regulated + non-regulated workflows
C — Cloud-only	box-memory only (full Box AI)	Compliance via Box's platform certs, no air-gap claim

Regulations covered

HIPAA / HITECH, FedRAMP Moderate, FedRAMP High, DoD IL4, ITAR, EAR, IRS 1075, CJIS, StateRAMP, GxP / 21 CFR Part 11, FINRA / SEC 17a-4, GDPR / UK DP, CCPA, PCI DSS Level 1, GLBA.

For each: recommended deployment model + required Box plan + required add-ons (Box Governance, KeySafe, Zones, Shield) + authoritative URL.

Explicit caveats Box doesn't always emphasize

• BAA tier gate — Business / Business Plus cannot sign a HIPAA BAA
• GovCloud-vs-commercial — commercial tenants don't inherit FedRAMP / IL4 / ITAR even though Box (the company) holds those certs
• NOT publicly claimed by Box — IL5, ISO 27701, C5, ENS, IRAP, FedRAMP+ MDA. Don't represent these to regulated customers.
• Box Drive's per-product scope is not publicly enumerated; request explicit attestation from CSM if needed
• Shared-responsibility model — Box's certs cover Box's controls, not your configuration

Workspace config fields added

Optional declaration in _box-memory.json.settings:

compliance_target: hipaa | fedramp-moderate | fedramp-high | il4 | itar | gxp | gdpr | null
box_plan: business | enterprise | enterprise-plus | enterprise-advanced | box-federal
box_addons: [governance, keysafe, zones, shield]
box_zone: us | gov | eu-ireland | eu-germany | uk | au | jp | sg
baa_signed: <date or null>

/box-airgap-status reads these and flags mismatches (e.g., declared HIPAA but plan = Business → fail).

Why this lives in the on-prem repo

Regulated workloads are the primary reason users choose the air-gapped variant. They need to defend that choice to auditors. This doc gives them the citations.

The cloud variant (mrdulasolutions/BOX) references the same doc — the compliance landscape applies to both deployment models, with different trade-offs per model.

Verification

Artifact	SHA256
box-memory-onprem-plugin.zip	efefe60dad6c47d5f71d04145c8ec655f6ef234f593296128fddf54b8bacf7b2
box-memory-onprem-skills.zip	503e4a2260308ae12ec52eac353fe1e64494dc7cb1ac8564ffd1de225e0a66fa

All five CI gates pass. No skill code changes; no .schema-pin bump.

How to use the doc

1. Pick your deployment model based on regulatory regime.
2. Confirm Box plan + add-ons match the model's requirements.
3. Cite the Box-official URLs from the table for each cert.
4. Document compliance_target in your workspace config; run /box-airgap-status to capture as an audit artifact.

Install

Same as v0.0.2 — docs-only release. If you already have v0.0.2 installed and just want the new doc, git pull is enough (or re-download the new plugin zip).

v0.0.2 — Docs sync with BOX v0.1.0; airgap boundary clarified

Docs-only release. The cloud variant (mrdulasolutions/BOX) shipped v0.1.0 with extensive Box AI integration. This release documents the deliberate boundary — Box AI is server-side and cannot be reached from an air-gapped plugin by construction. No code or skill changes.

What changed

• .schema-pin bumped to mrdulasolutions/BOX@7403fb0 (the cloud's v0.1.0 release commit). Picks up new operational notes 7 (Hub indexing warm-up) and 8 (SDK v10.6.0 tags breaking change) into synced/operational-notes.md.
• references/airgap-trust-model.md — explicit section "Box AI features are deliberately not reachable from this plugin" documenting: what the cloud offers, why none of it works on-prem, trade-off table per feature, air-gap-compatible alternatives (self-hosted LLM, local OCR, local vector DB).

Air-gap guarantees unchanged

The plugin still makes zero outbound calls to Box during skill execution. All five CI gates pass: claude plugin validate, ci-check-airgap.sh, ci-check-schema-sync.sh.

Verification

Artifact	SHA256
box-memory-onprem-plugin.zip	3e1aecb20e22902e7eb0e23ea36d22afa10618ae6a157ae959dfc047bf95fa76
box-memory-onprem-skills.zip	503e4a2260308ae12ec52eac353fe1e64494dc7cb1ac8564ffd1de225e0a66fa

Install

mkdir -p ~/.claude/plugins/box-memory-onprem
curl -L -o /tmp/plugin.zip https://github.com/mrdulasolutions/BOX-Onprem/releases/latest/download/box-memory-onprem-plugin.zip
unzip -o /tmp/plugin.zip -d ~/.claude/plugins/box-memory-onprem/

Or for Cowork (admin): Settings → Plugins → Add plugin → upload the zip.

When to install both variants

If your workflow has both air-gapped portions (regulated data) and online portions (general work), install both. They have separate plugin namespaces (box-memory: vs box-memory-onprem:) and don't conflict. Pick per workflow.

v0.0.1 — Initial release: air-gapped Box agent memory

The on-prem variant of mrdulasolutions/BOX. Skills make zero outbound calls to Box during execution; all operations go through the local Box Drive desktop-app mount. Box Drive handles compliant sync to Box cloud — where SOC 2 / HIPAA BAA / FedRAMP attestations apply.

What ships

9 skills (each is also a /box-* slash command):

Skill	Purpose
box-drive-detect	Probe Box Drive mount + writability + sync state
box-airgap-status	Report trust boundaries for the current session
box-init	Bootstrap a workspace on the local Box Drive folder
box-write	Save a memory file locally (lockfile-protected)
box-recall	Find memories via local _index.json
box-companion	Generate companion .md for a local binary file
box-team	Create local team subtrees
box-status	Read workspace state from local config + index
box-index-rebuild	Rebuild indexes from FS scan; merge .conflict files

Plugin zip stats

• Compressed: 27922 bytes (~28 KB)
• Files: 23 entries
• File permissions: 0644 / 0755 (Cowork-compatible)

Verification

Artifact	SHA256
box-memory-onprem-plugin.zip	16034032e77950d0ace41befbbdbc3af9a57282eb325599520e3e32c998a5d49
box-memory-onprem-skills.zip	503e4a2260308ae12ec52eac353fe1e64494dc7cb1ac8564ffd1de225e0a66fa

Verify before install: shasum -a 256 box-memory-onprem-plugin.zip should match the value above.

Install

Claude Code

mkdir -p ~/.claude/plugins/box-memory-onprem
curl -L -o /tmp/plugin.zip https://github.com/mrdulasolutions/BOX-Onprem/releases/latest/download/box-memory-onprem-plugin.zip
unzip -o /tmp/plugin.zip -d ~/.claude/plugins/box-memory-onprem/

Claude Cowork (admin)

Settings → Plugins → Add plugin → upload box-memory-onprem-plugin.zip.

Compliance scope

• Air-gap claim: the plugin's 9 skills make zero outbound calls to Box. Verified by scripts/ci-check-airgap.sh in CI.
• Box's compliance posture: applies to Box Drive (the sync engine) + Box cloud (storage). Not in scope of this plugin.
• LLM API path: separate trust boundary. See references/supported-llm-configs.md for supported configurations:
  • Anthropic API + signed BAA (HIPAA-eligible)
  • AWS Bedrock with Claude (FedRAMP Moderate)
  • Azure Government AI Foundry (FedRAMP High, DoD IL4/IL5, ITAR)
  • Self-hosted / local models (true air-gap)

See references/airgap-trust-model.md for the full trust-boundary breakdown.

Schema pinned to BOX repo

This release pins shared docs (schema, tier-matrix, architecture, operational-notes) to mrdulasolutions/BOX@180f27268b083189883343cc2219321f20e24989. Schema changes land in BOX first; bumping the pin here is a separate reviewable PR.

Platform support

• macOS — supported in v0.0.1
• Windows — planned for v0.0.4
• Linux — no official Box Drive; community workarounds (WebDAV / rclone) not validated

Supply chain hygiene

5-layer enforcement (see SECURITY.md):

1. Local pre-commit hook
2. GitHub Actions CI (airgap + schema-sync gates)
3. SHA256 published per release (above)
4. Per-release audit log
5. Quarterly designated security reviewer (template at references/designated-security-reviewer-template.md)

GPG signing of release artifacts planned for v0.0.5.