From 010bd1181c57f984f2150d316ef29b484277a90c Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Sat, 20 Jun 2026 20:18:42 -0500
Subject: [PATCH] =?UTF-8?q?feat(framework):=20P0=20=E2=80=94=20MIT=20licen?=
 =?UTF-8?q?se=20+=20executable-leak=20sanitization?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

First phase of the framework constitution alpha. No behavior change for
configured installs.

- Add MIT LICENSE (root + framework bundle) + "license":"MIT" in manifests
- Drop private jarvis-brain credential fallback at 3 sites; default to
  $HOME/.config/mosaic/credentials.json (aligns with #551)
- prevent-memory-write.sh: soft-degrade OpenBrain nudge via ${OPENBRAIN_URL},
  removing hardcoded brain.woltje.com; still blocks the write

Refs #542, closes #569

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 LICENSE                                       | 21 +++++++++++++++++++
 package.json                                  |  3 ++-
 packages/mosaic/framework/LICENSE             | 21 +++++++++++++++++++
 .../framework/tools/_lib/credentials.sh       |  4 ++--
 .../framework/tools/git/detect-platform.sh    |  2 +-
 .../framework/tools/health/stack-health.sh    |  2 +-
 .../tools/qa/prevent-memory-write.sh          |  6 +++++-
 packages/mosaic/package.json                  |  3 ++-
 8 files changed, 55 insertions(+), 7 deletions(-)
 create mode 100644 LICENSE
 create mode 100644 packages/mosaic/framework/LICENSE

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..13fd182
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Mosaic Stack
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/package.json b/package.json
index ba446e4..fb75bde 100644
--- a/package.json
+++ b/package.json
@@ -23,5 +23,6 @@
     "turbo": "^2.0.0",
     "typescript": "^5.8.0",
     "vitest": "^2.0.0"
-  }
+  },
+  "license": "MIT"
 }
diff --git a/packages/mosaic/framework/LICENSE b/packages/mosaic/framework/LICENSE
new file mode 100644
index 0000000..13fd182
--- /dev/null
+++ b/packages/mosaic/framework/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Mosaic Stack
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/packages/mosaic/framework/tools/_lib/credentials.sh b/packages/mosaic/framework/tools/_lib/credentials.sh
index 5a26689..dd05972 100755
--- a/packages/mosaic/framework/tools/_lib/credentials.sh
+++ b/packages/mosaic/framework/tools/_lib/credentials.sh
@@ -17,10 +17,10 @@
 # Run `load_credentials --help` for details.
 
 if [[ -z "${MOSAIC_CREDENTIALS_FILE:-}" ]]; then
-  for _cand in "$HOME/.config/mosaic/credentials.json" "$HOME/src/jarvis-brain/credentials.json"; do
+  for _cand in "$HOME/.config/mosaic/credentials.json"; do
     if [[ -f "$_cand" ]]; then MOSAIC_CREDENTIALS_FILE="$_cand"; break; fi
   done
-  : "${MOSAIC_CREDENTIALS_FILE:=$HOME/src/jarvis-brain/credentials.json}"
+  : "${MOSAIC_CREDENTIALS_FILE:=$HOME/.config/mosaic/credentials.json}"
 fi
 
 _mosaic_require_jq() {
diff --git a/packages/mosaic/framework/tools/git/detect-platform.sh b/packages/mosaic/framework/tools/git/detect-platform.sh
index 1b32c02..69156e9 100755
--- a/packages/mosaic/framework/tools/git/detect-platform.sh
+++ b/packages/mosaic/framework/tools/git/detect-platform.sh
@@ -86,7 +86,7 @@ gitea_url_matches_host() {
 
 get_gitea_service_for_host() {
     local host="$1"
-    local cred_file="${MOSAIC_CREDENTIALS_FILE:-$HOME/src/jarvis-brain/credentials.json}"
+    local cred_file="${MOSAIC_CREDENTIALS_FILE:-$HOME/.config/mosaic/credentials.json}"
 
     case "$host" in
         git.mosaicstack.dev)
diff --git a/packages/mosaic/framework/tools/health/stack-health.sh b/packages/mosaic/framework/tools/health/stack-health.sh
index 2175ce1..f491f03 100755
--- a/packages/mosaic/framework/tools/health/stack-health.sh
+++ b/packages/mosaic/framework/tools/health/stack-health.sh
@@ -20,7 +20,7 @@ source "$MOSAIC_HOME/tools/_lib/credentials.sh"
 FORMAT="table"
 SINGLE_SERVICE=""
 QUIET=false
-CRED_FILE="${MOSAIC_CREDENTIALS_FILE:-$HOME/src/jarvis-brain/credentials.json}"
+CRED_FILE="${MOSAIC_CREDENTIALS_FILE:-$HOME/.config/mosaic/credentials.json}"
 
 while getopts "f:s:qh" opt; do
   case $opt in
diff --git a/packages/mosaic/framework/tools/qa/prevent-memory-write.sh b/packages/mosaic/framework/tools/qa/prevent-memory-write.sh
index eebf821..6e5dae3 100755
--- a/packages/mosaic/framework/tools/qa/prevent-memory-write.sh
+++ b/packages/mosaic/framework/tools/qa/prevent-memory-write.sh
@@ -26,7 +26,11 @@ FILE_PATH="${FILE_PATH/#\~/$HOME}"
 # Block writes to Claude Code auto-memory files
 if [[ "$FILE_PATH" =~ /.claude/projects/.+/memory/.*\.md$ ]]; then
   echo "BLOCKED: Do not write agent learnings to ~/.claude/projects/*/memory/ — this is a runtime-specific silo."
-  echo "Use OpenBrain instead: MCP 'capture' tool or REST POST https://brain.woltje.com/v1/thoughts"
+  if [[ -n "${OPENBRAIN_URL:-}" ]]; then
+    echo "Use OpenBrain instead: MCP 'capture' tool or REST POST ${OPENBRAIN_URL%/}/v1/thoughts"
+  else
+    echo "Use OpenBrain instead: the 'capture' MCP tool (set OPENBRAIN_URL for the REST endpoint)."
+  fi
   echo "File blocked: $FILE_PATH"
   exit 2
 fi
diff --git a/packages/mosaic/package.json b/packages/mosaic/package.json
index c5f85ea..18dfa5b 100644
--- a/packages/mosaic/package.json
+++ b/packages/mosaic/package.json
@@ -63,5 +63,6 @@
   "files": [
     "dist",
     "framework"
-  ]
+  ],
+  "license": "MIT"
 }