Skip to content

feat: trust & transparency artifacts — verifiable no-log mode + transparency report #205

Description

@redlemonbe

Context

A sovereign public resolver is trusted on verifiable artifacts, not claims. Runbound already has: open-source (AGPL-3.0), 2-AI security audits + a pending third-party human audit (#170), reproducible signed-release builds (#171, done), and a GDPR doc. The missing piece is an auditable privacy posture.

Goal

A verifiable, default privacy posture + a transparency mechanism, so "we don't log your queries" is something an operator can demonstrate rather than assert.

Scope

  • Audit the logging paths for PII: which paths can persist query names and client IPs.
  • A privacy: strict runtime mode: no per-query client-IP / qname persistence; only aggregate counters.
  • Document data handling end-to-end (extends docs/gdpr.md): what is and isn't kept, for how long.
  • A transparency-report format (aggregate stats, zero PII).
  • Optional: a signed attestation of query-log absence.

Status

The credibility layer. The "sovereign / nation-grade" label is earned from these artifacts and granted by others — never asserted by us (per the audit-doc wording conventions).

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions