ranger/CyberRanger
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
257466f538220e82bd18fcb53316259ed9e2a372
CyberRanger/identity/claude/classified/RANGERBLOCK_CONSENT_SYSTEM_PLAN.md
T
ranger c789f2c68d Add complete CyberRanger research archive — 200 files 
- 86 modelfiles: Full system prompt evolution V1-V42.6 (54 extracted from Ollama backup + 32 original Modelfiles)
- 30 training datasets: V6-V22 training JSONs + caring awareness data
- 10 Colab notebooks: Training + merge scripts
- 19 evaluation files: Drift results, ASR charts, verification
- 5 test suites: Injection tests, regression tests
- 4 observations: V24-V33 testing results + visual summaries
- 38 identity files: Claude/Gemini/Ollama identity architecture
- 7 security files: Injection research, manipulation analysis
- 3 psychology files: Psychology Layer, Milgram chapter, David's thoughts

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-20 22:36:02 +01:00

572 lines
19 KiB
Markdown
Raw Blame History

# RANGERBLOCK CONSENT & LEGAL ACCEPTANCE SYSTEM
## Project Codename: "GUARDIAN PROTOCOL"
### Version 1.0.0 - December 4, 2025
---
## CLASSIFICATION: PRIVATE
**DO NOT COMMIT TO PUBLIC GIT**
---
## 1. EXECUTIVE SUMMARY
### The Problem
Users can currently use RangerBlock apps without agreeing to terms of use. This creates legal exposure and doesn't protect against bad actors claiming ignorance.
### The Solution
A unified consent system that:
1. **Requires acceptance** before full app functionality
2. **Links consent to identity** (cryptographically signed)
3. **Enforces privileges** (non-accepted users have restrictions)
4. **Tracks in admin** (dashboard shows consent status)
5. **Provides evidence** (signed consent = legal proof)
### Apps Covered
| App | Type | Consent Required |
|-----|------|------------------|
| ranger-chat-lite | Electron desktop | Yes - first launch |
| just-chat | Terminal client | Yes - first run |
| server-only | Server deployment | Yes - setup script |
| RangerPlex | Full browser | Yes - first launch |
| Admin Panel | Private dashboard | No - admin-only |
---
## 2. LEGAL FRAMEWORK
### Consent Form Content (Summary)
```
RANGERBLOCK TERMS OF USE & FAIR USE POLICY
==========================================
By using RangerBlock software, you acknowledge and agree:
1. FAIR USE
- You will use this software for lawful purposes only
- You will not engage in harassment, threats, or abuse
- You will respect other users' privacy and rights
2. NO HARM CLAUSE
- You will not use this software to harm others
- You will not distribute malware or malicious content
- You will not attempt to compromise network security
3. LEGAL COMPLIANCE
- You agree to comply with all applicable laws
- This software does NOT protect you from legal consequences
- Bad actors will be reported to appropriate authorities
4. IDENTITY RESPONSIBILITY
- Your identity is linked to your hardware
- You are responsible for all actions under your identity
- Identity cannot be transferred or shared
5. NETWORK CONDUCT
- You will not flood, spam, or disrupt the network
- You will not attempt to impersonate other users
- You will report security vulnerabilities responsibly
6. DATA & PRIVACY
- Your public key and username are visible to other users
- Message content may be stored on relay servers
- We do not sell or share your data with third parties
7. DISCLAIMER
- This software is provided "AS IS"
- No warranty of merchantability or fitness
- Use at your own risk
8. JURISDICTION
- Governed by laws of Republic of Ireland
- Dublin courts have exclusive jurisdiction
By clicking "I Accept" or using this software, you confirm:
- You are at least 18 years old (ADULTS ONLY)
- You have read and understood these terms
- You agree to be bound by these terms
IMPORTANT: RangerBlock is an ADULTS ONLY (18+) platform.
This is a deliberate security decision to protect all users.
Acceptance is recorded with your cryptographic signature.
Date: [timestamp]
Identity: [userId]
Signature: [RSA signature of terms hash]
```
---
## 3. TECHNICAL ARCHITECTURE
### 3.1 Storage Structure
```
~/.rangerblock/
├── consent/ # NEW FOLDER
│ ├── terms_v1.0.json # Current terms (version tracked)
│ ├── acceptance.json # User's acceptance record
│ └── history/ # Historical acceptances
│ └── accepted_2025-12-04.json
├── identity/
├── keys/
└── ...
```
### 3.2 Acceptance Record Structure
```javascript
// ~/.rangerblock/consent/acceptance.json
{
"currentTermsVersion": "1.0.0",
"acceptances": [
{
"termsVersion": "1.0.0",
"termsHash": "sha256_of_terms_text",
"acceptedAt": "2025-12-04T10:30:00.000Z",
"userId": "rb_c5d415076f04e989",
"publicKeyHash": "hash_of_public_key",
"signature": "RSA_signature_of_acceptance",
"appType": "ranger-chat-lite",
"ipAddress": "192.168.1.100", // Local only, not sent to server
"platform": {
"os": "darwin",
"arch": "arm64",
"hostname": "M3Pro"
}
}
],
"lastChecked": "2025-12-04T10:30:00.000Z"
}
```
### 3.3 New Lib File: consent-service.cjs
```javascript
// Location: /rangerblock/lib/consent-service.cjs
class ConsentService {
constructor(identityService) {
this.identity = identityService;
this.consentDir = path.join(os.homedir(), '.rangerblock', 'consent');
this.currentTermsVersion = '1.0.0';
}
// Check if user has accepted current terms
hasAcceptedTerms() { }
// Get acceptance record
getAcceptanceRecord() { }
// Record new acceptance (signed)
async acceptTerms(signature) { }
// Verify acceptance signature
verifyAcceptance(record) { }
// Get terms text
getTermsText() { }
// Get terms hash (for signing)
getTermsHash() { }
// Check if terms updated since last acceptance
needsReaccept() { }
// Get privilege level based on consent
getPrivilegeLevel() { }
}
```
### 3.4 Privilege Levels
```javascript
const PRIVILEGE_LEVELS = {
// Full acceptance - all features
FULL: {
level: 100,
features: ['chat', 'voice', 'video', 'files', 'dm', 'channels', 'registration']
},
// No acceptance - very restricted
RESTRICTED: {
level: 10,
features: ['view_only', 'exit'] // Can only view public chat, can't send
},
// Pending acceptance - shown consent form
PENDING: {
level: 0,
features: ['view_terms', 'accept', 'decline', 'exit']
}
};
```
---
## 4. INTEGRATION POINTS
### 4.1 ranger-chat-lite (Electron)
**Location**: `apps/ranger-chat-lite/electron/main.ts`
```
App Launch Flow:
┌─────────────────┐
│ App Starts │
└────────┬────────┘
v
┌─────────────────┐
│ Load Identity │
└────────┬────────┘
v
┌─────────────────┐ NO ┌─────────────────┐
│ Has Accepted? │─────────────>│ Show Consent │
└────────┬────────┘ │ Modal (blocking)│
│ YES └────────┬────────┘
v │
┌─────────────────┐ ACCEPT v
│ Full App Access │<─────────────┌───────────────┐
└─────────────────┘ │ Declined? │
└───────┬───────┘
│ YES
v
┌─────────────────┐
│ Exit App with │
│ "Terms Required"│
└─────────────────┘
```
**UI Component**: New modal in React
- Full scrollable terms text
- "I have read and accept" checkbox
- "Accept" button (disabled until checkbox)
- "Decline" button (exits app)
- Signature happens automatically on accept
### 4.2 just-chat (Terminal)
**Location**: `rangerblock/just-chat/blockchain-chat.cjs`
```
Terminal Flow:
┌────────────────────────────────────────────────────────────┐
│ RANGERBLOCK TERMS OF USE │
│ ═══════════════════════════════════════════════════ │
│ │
│ [Full terms text displayed...] │
│ │
│ Scroll: ↑/↓ or Page Up/Down │
│ ───────────────────────────────────────────────────── │
│ Do you accept these terms? [y/N]: │
└────────────────────────────────────────────────────────────┘
```
- Must type 'y' or 'yes' to proceed
- Signature recorded automatically
- Stored in `~/.rangerblock/consent/`
### 4.3 server-only (Setup Script)
**Location**: `rangerblock/server-only/setup-relay-universal.sh`
```bash
# Added to setup script:
echo "═══════════════════════════════════════════════════════════"
echo " RANGERBLOCK SERVER TERMS OF USE"
echo "═══════════════════════════════════════════════════════════"
echo ""
echo "By deploying a RangerBlock relay server, you agree to:"
echo ""
echo "1. Not use this server for illegal purposes"
echo "2. Not store or relay illegal content"
echo "3. Cooperate with law enforcement if required"
echo "4. Maintain server security and updates"
echo ""
echo "Full terms: https://rangerblock.io/server-terms"
echo ""
read -p "Do you accept these terms? [y/N]: " ACCEPT
if [[ ! "$ACCEPT" =~ ^[Yy]$ ]]; then
echo "Terms not accepted. Setup cancelled."
exit 1
fi
```
Server consent stored in:
```
~/rangerblock-server/.consent/
└── server_acceptance.json
```
### 4.4 RangerPlex (Browser)
Similar to ranger-chat-lite but in the main RangerPlex browser window.
---
## 5. ADMIN INTEGRATION
### 5.1 Admin Registry Updates
**Location**: `~/.claude/ranger/admin/admin-registry.cjs`
Add consent tracking to user records:
```javascript
// Enhanced user record
{
"rb_abc123": {
"userId": "rb_abc123",
"username": "SomeUser",
"role": "user",
"consent": {
"accepted": true,
"version": "1.0.0",
"acceptedAt": "2025-12-04T10:30:00.000Z",
"signature": "...",
"verified": true
}
}
}
```
### 5.2 Admin Dashboard Features
**New Dashboard Tab: "Consent & Compliance"**
```
┌─────────────────────────────────────────────────────────────┐
│ CONSENT & COMPLIANCE │
├─────────────────────────────────────────────────────────────┤
│ │
│ Current Terms Version: 1.0.0 │
│ Last Updated: 2025-12-04 │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ ACCEPTANCE STATISTICS │ │
│ ├─────────────────────────────────────────────────────────┤ │
│ │ Total Users: 127 │ │
│ │ Accepted Current Terms: 125 (98.4%) │ │
│ │ Pending Re-acceptance: 2 (1.6%) │ │
│ │ Never Accepted: 0 │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ RECENT ACCEPTANCES │ │
│ ├──────────┬───────────┬──────────┬───────────┬──────────┤ │
│ │ User │ Version │ Date │ App │ Verified │ │
│ ├──────────┼───────────┼──────────┼───────────┼──────────┤ │
│ │ Swift... │ 1.0.0 │ Dec 4 │ chat-lite │ ✓ │ │
│ │ Storm... │ 1.0.0 │ Dec 4 │ just-chat │ ✓ │ │
│ │ Night... │ 1.0.0 │ Dec 3 │ rangerplex│ ✓ │ │
│ └──────────┴───────────┴──────────┴───────────┴──────────┘ │
│ │
│ [View All] [Export CSV] [Verify All Signatures] │
│ │
└─────────────────────────────────────────────────────────────┘
```
### 5.3 Consent Verification API
Admin can verify any user's consent:
```javascript
// Admin command
const registry = new AdminRegistry();
// Check user consent
const consent = registry.getUserConsent('rb_abc123');
// Returns: { accepted: true, verified: true, version: '1.0.0', ... }
// Verify signature
const valid = registry.verifyConsentSignature('rb_abc123');
// Returns: true/false
// Get users needing re-acceptance
const pending = registry.getUsersPendingReaccept();
// Returns: [{ userId, lastVersion, currentVersion }]
```
---
## 6. RELAY SERVER INTEGRATION
### 6.1 Consent Broadcast
When user accepts terms, optionally broadcast to relay:
```javascript
{
type: 'CONSENT_ACCEPTED',
payload: {
userId: 'rb_abc123',
termsVersion: '1.0.0',
termsHash: 'sha256...',
signature: '...',
timestamp: '2025-12-04T10:30:00.000Z'
}
}
```
### 6.2 Server-Side Consent Check
Relay can optionally enforce consent:
```javascript
// In relay-server.cjs
if (CONFIG.requireConsent && !hasValidConsent(userId)) {
ws.send(JSON.stringify({
type: 'error',
message: 'Terms acceptance required before chatting'
}));
return;
}
```
---
## 7. IMPLEMENTATION PHASES
### Phase 1: Core Infrastructure (Week 1)
- [ ] Create `consent-service.cjs` in lib/
- [ ] Add consent storage structure
- [ ] Define terms text v1.0.0
- [ ] Add signature/verification functions
### Phase 2: App Integration (Week 2)
- [ ] ranger-chat-lite consent modal
- [ ] just-chat terminal consent
- [ ] server-only setup consent
- [ ] RangerPlex consent (if applicable)
### Phase 3: Admin Integration (Week 3)
- [ ] Update admin-registry.cjs
- [ ] Add consent tab to dashboard
- [ ] Consent verification commands
- [ ] Export/audit features
### Phase 4: Testing & Hardening (Week 4)
- [ ] Test all consent flows
- [ ] Verify signatures work
- [ ] Test privilege enforcement
- [ ] Security audit
---
## 8. SECURITY CONSIDERATIONS
### 8.1 What's Hidden from Users
- Admin panel location (`~/.claude/ranger/admin/`)
- Consent verification internals
- Signature algorithms
- Admin user list
- Audit logs
### 8.2 What Users Can See
- Their own consent status
- Terms text
- Their acceptance timestamp
- Their public key
### 8.3 Cryptographic Proof
Each acceptance includes:
1. **Terms hash** - SHA-256 of exact terms text
2. **User signature** - RSA signature using their private key
3. **Timestamp** - ISO 8601 timestamp
4. **User ID** - Hardware-bound identity
This creates:
- **Non-repudiation** - User can't deny they accepted
- **Version binding** - Tied to specific terms version
- **Tamper evidence** - Any modification invalidates signature
---
## 9. FUTURE ENHANCEMENTS
### 9.1 Terms Updates
When terms change:
1. Increment version (1.0.0 → 1.1.0)
2. All users flagged for re-acceptance
3. Users see "Terms Updated" notice
4. Must re-accept before continuing
### 9.2 Granular Consent
Future versions could add:
- Analytics consent
- Data sharing consent
- Marketing consent
- Third-party integration consent
### 9.3 On-Chain Consent
Could register consent acceptance on blockchain:
- Permanent record
- Third-party verifiable
- Cannot be disputed
---
## 10. FILES TO CREATE
| File | Location | Purpose |
|------|----------|---------|
| consent-service.cjs | lib/ | Core consent management |
| terms_v1.0.json | lib/legal/ | Terms text file |
| ConsentModal.tsx | ranger-chat-lite/src/ | Electron consent UI |
| consent-cli.cjs | just-chat/ | Terminal consent handler |
| admin-consent.cjs | ~/.claude/ranger/admin/ | Admin consent tools |
---
## 11. APPROVAL REQUIRED
This plan requires approval before implementation.
**Decisions Made:**
1. ✅ Age requirement: **18+ ONLY** (adults only platform)
- **Reasoning**: No minors = no targets for predators
- Children have other apps designed for them
- Adults are responsible for their online behaviour
- Protects the RangerBlock community
2.**18+ DOES NOT MEAN "ADULT CONTENT SITE"**
- **CRITICAL DISTINCTION**: 18+ = mature/responsible, NOT "anything goes"
- **STRICTLY PROHIBITED**:
- ANY pornography or sexual images
- CSAM (reported to NCMEC/Gardai immediately)
- Unsolicited sexual content (dick pics, nudes)
- Grooming behaviour of ANY kind
- Gore, death images, extreme violence
- Hate speech/extremism
- **PERMITTED**:
- Normal photos (selfies, landscapes, memes)
- Gaming content and screenshots
- Gaming violence discussion (Battlefield tactics OK)
- Professional/work content
- General adult conversation
- **WHY**: Bad actors might think "18+ site = send dick pics"
- We make it CRYSTAL CLEAR that's instant ban + police report
- This is a COMMUNICATION platform, not dating/adult site
3. ⏳ Terms text - review before public release
4. ⏳ View-only mode - TBD
5. ⏳ On-chain consent - later phase
6. ⏳ Server operator terms - TBD
**Testing Plan:**
- Test on MSI Vector (Windows)
- Test on AWS (Linux)
- NOT uploaded to git until tested
---
**Document Status**: DRAFT - AWAITING APPROVAL
**Created**: December 4, 2025
**Author**: Claude Code (Ranger) for David Keane (IrishRanger)
*Rangers lead the way!*
Reference in New Issue View Git Blame Copy Permalink