feat: introduce GBV v0.214 — first fully working reference implementation

.github/workflows/ci.yml

@@ -0,0 +1,58 @@
+name: CI
+
+on:
+  push:
+    branches: ["**"]
+  pull_request:
+
+jobs:
+  quality:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+      - name: Enable corepack
+        run: corepack enable
+      - name: Bootstrap
+        run: corepack pnpm bootstrap
+      - name: Lint
+        run: corepack pnpm lint
+      - name: Typecheck
+        run: corepack pnpm typecheck
+      - name: Test
+        run: corepack pnpm test
+
+  demo_verify:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+      - name: Enable corepack
+        run: corepack enable
+      - name: Bootstrap
+        run: corepack pnpm bootstrap
+      - name: Demo verify
+        run: corepack pnpm demo:verify
+
+  extension_smoke:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+      - name: Enable corepack
+        run: corepack enable
+      - name: Bootstrap
+        run: corepack pnpm bootstrap
+      - name: Install Playwright Chromium
+        run: corepack pnpm exec playwright install --with-deps chromium
+      - name: Extension smoke
+        run: xvfb-run -a corepack pnpm test:extension-smoke

.gitignore

@@ -0,0 +1,16 @@
+node_modules/
+.pnpm-store/
+apps/**/node_modules/
+apps/**/.next/
+apps/**/build/
+apps/**/dist/
+apps/extension/public/manifest.json
+packages/**/node_modules/
+packages/**/dist/
+packages/**/tsconfig.tsbuildinfo
+apps/**/tsconfig.tsbuildinfo
+*.log
+.DS_Store
+.tmp-extension-smoke-profile/
+playwright-report/
+test-results/

.prettierrc.json

@@ -0,0 +1,6 @@
+{
+  "semi": true,
+  "singleQuote": false,
+  "trailingComma": "all",
+  "printWidth": 100
+}

CHANGELOG.md

@@ -0,0 +1,43 @@
+# CHANGELOG
+
+## Unreleased
+
+### Added
+
+---
+
+## v0.214 — 2026-02-14
+
+### Added
+
+- `CODE_OF_CONDUCT.md` for community standards.
+- Structured extension verifier inspector UI with grouped protocol sections.
+- Expandable raw-response viewer showing verbatim server payload.
+- Extension runtime `GBV_PING` message for deterministic smoke checks.
+- Shared server logger with request IDs and stage timing.
+- Privacy-safe trace metadata in verifier responses (`requestId`, `timing`, `traceSummary`, `failedInvariantIds`).
+- Top-level `/docs` structure:
+  - `docs/architecture.md`
+  - `docs/protocol-overview.md`
+  - `docs/threat-model.md`
+  - `docs/demo-walkthrough.md`
+  - `docs/research/README.md`
+- `@gbv/core` unit tests for receipts, merkle proofs, and structure-bound nonces.
+- Playwright-based extension smoke script (`scripts/extension-smoke.ts`).
+- GitHub Actions CI workflow with quality, strict demo, and extension smoke jobs.
+- Release hardening report (`docs/release-hardening-report.md`).
+
+### Changed
+
+- `demo:verify` now performs strict assertions for baseline/adversarial outcomes.
+- Extension and server debug diagnostics gated by `GBV_DEBUG`.
+- `README.md` rewritten for onboarding-first OSS usage.
+- `SECURITY.md` moved to GitHub Security Advisories reporting.
+- Development and traceability docs consolidated under `/docs`.
+
+---
+
+## 1.0.0
+
+- GBV workspace architecture with server, synthetic client, extension, and shared core packages.
+- Config-driven GBV API routes and deterministic synthetic dataset outcomes.

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for
+moderation decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported through GitHub Security Advisories private reporting in this
+repository's **Security** tab. All complaints will be reviewed and investigated
+promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity).
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.
+
+[homepage]: https://www.contributor-covenant.org

CONTRIBUTING.md

@@ -0,0 +1,113 @@
+# CONTRIBUTING
+
+Thank you for your interest in contributing to the Glass Ballroom Verification (GBV) reference implementation.
+
+This repository is a **protocol reference and evaluation environment**, so contributions should prioritize correctness, reproducibility, and architectural clarity over feature expansion.
+
+---
+
+## Local Setup
+
+Prepare a development environment:
+
+```bash
+corepack prepare pnpm@10.4.1 --activate
+corepack pnpm bootstrap
+corepack pnpm dev
+```
+
+This will install workspace dependencies, build required artifacts, and start the local development environment.
+
+---
+
+## Required Checks Before Opening a Pull Request
+
+All contributions must pass the following checks:
+
+```bash
+corepack pnpm lint
+corepack pnpm typecheck
+corepack pnpm test
+corepack pnpm demo:verify
+```
+
+These ensure code quality, type safety, protocol stability, and expected verifier behavior.
+
+### Recommended Targeted Checks
+
+Depending on the area of change, contributors are encouraged to run:
+
+```bash
+corepack pnpm test:server
+corepack pnpm test:attack
+corepack pnpm build:extension
+```
+
+These help validate API behavior, adversarial regression coverage, and extension compatibility.
+
+---
+
+## Contribution Rules
+
+To preserve protocol correctness and evaluation integrity:
+
+- Maintain alignment with the GBV specification defined in **`gbv_v0.71.pdf`**.
+- Preserve the **blind verification property** — the server must not encode dataset validity labels.
+- Do not introduce authentication systems, external APIs, or secret-dependent flows.
+- Treat `gbv.config.ts` as the single source of runtime configuration.
+- Reuse shared protocol logic from `@gbv/core`; avoid duplicating verification behavior across components.
+- Prefer deterministic behavior over environment-dependent logic.
+
+Changes that alter protocol semantics should be clearly justified and documented.
+
+---
+
+## Documentation Expectations
+
+Documentation must be updated when behavior or structure changes.
+
+| File                   | When to Update                         |
+| ---------------------- | -------------------------------------- |
+| `README.md`            | Setup, demo workflow, or usage changes |
+| `docs/protocol-overview.md` | Specification-to-code mapping changes  |
+| `docs/architecture.md` | Structural or architectural decisions  |
+| `docs/threat-model.md` | Threat-model or adversarial assumption updates |
+| `docs/demo-walkthrough.md` | Demo workflow or inspection UX changes |
+| `CHANGELOG.md`         | User-visible or release-facing changes |
+
+Documentation updates are considered part of the contribution, not optional follow-up work.
+
+---
+
+## Pull Request Requirements
+
+Each pull request should include:
+
+- a concise summary of what changed
+- a **protocol impact note** (if applicable)
+- evidence of successful testing (commands run and outcomes)
+
+Example:
+
+```
+Ran:
+- pnpm lint
+- pnpm test
+- pnpm demo:verify
+
+Result:
+All checks passed. No protocol behavior changes.
+```
+
+---
+
+## Contribution Philosophy
+
+GBV is a protocol reference implementation, not a feature-driven application. Contributions should aim to:
+
+- improve correctness
+- strengthen reproducibility
+- clarify implementation intent
+- maintain architectural simplicity
+
+When in doubt, prefer smaller, well-scoped changes that preserve protocol transparency.