04 / Commercial InterfacesInterfaces
Understand commercial Bitcode interfaces
Commercial interface docs cover GitHub, webhooks, storage, compute, connected delivery mechanisms, and why every admitted interface must read/write Exchange state under Protocol rules.
Use this page before MCP or ChatGPT App if you want the general interface contract first.
After reading
You can tell which surfaces are ingress, delivery, storage, compute, or proof support and why none of them own Bitcode state independently.
Commercial interfaces read and write Exchange state under Protocol rules
GitHub, webhooks, ChatGPT App, Bitcode MCP, storage, compute, and future partner surfaces can admit inputs or deliver outputs, but they must not become parallel product owners.
An interface is healthy when its write admission is explicit, its read result can be found in Exchange, and its boundary posture is visible in Terminal.
Why this matters
This prevents interface sprawl from diluting the Bitcode source-to-shares contract.
- Ingress surfaces attach source, Read, or destination context.
- Delivery surfaces provide Shippables backed by AssetPack evidence.
- Every interface must preserve proof, disclosure, and fail-closed boundaries.
GitHub and webhooks are connected-interface delivery and ingress surfaces
GitHub can bind repository supply and deliver the V26 Shippable as a pull request. Webhooks can schedule AssetPack automation and record ingress basis.
Neither GitHub nor webhooks own product canon. Their job is to feed or receive Bitcode-controlled state and leave evidence behind.
Why this matters
This keeps repository automation commercially useful without turning external provider behavior into unprovable product truth.
Compute and storage are hardened runtime surfaces
Compute-container execution, storage publication/retrieval, telemetry, and reconciliation must be visible when they affect proof, source, settlement, or disclosure posture.
Users do not read every runtime detail by default. They do read to know what is live, what is modeled, what is boundary-only, and what is blocked.
Why this matters
Runtime honesty is the difference between a trusted commercial interface and a black-box automation demo.
Public docs expose guidance and proof posture, not protected source
Public Bitcode docs derive from the active Protocol, package-owned catalogs, route contracts, and source-safe generated artifacts. They can explain usage, measurements, event ids, proof roots, docs links, runbook links, redaction posture, testnet rollout readiness, fee boundaries, and settlement posture.
They must not reveal protected source payloads, raw protected prompts, secret values, provider tokens, wallet private material, or unpaid AssetPack source. Source-bearing AssetPack contents cross to the reader only after settlement and rights transfer.
Why this matters
This keeps the public product understandable while preserving the boundary that makes Source Shares economically and operationally safe.
- Allowed: usage guidance, route links, state labels, source-safe measurements, proof roots, dashboard/runbook ids, redacted incident posture, testnet rollout readiness, LocalStagingTelemetryDocumentationRehearsal evidence, and fee/right boundaries.
- Interface docs may surface event ids, proof roots, docs links, runbook links, and redaction posture from TelemetryDocumentationInterfaceIntegration without revealing source-bearing payloads.
- Local and staging-testnet rehearsal docs may surface documentation discovery, telemetry event emission, dashboard/runbook lookup, docs QA, incident drill, source-safe proof-root review, and blocked value-bearing mainnet posture.
- Blocked: secrets, provider tokens, wallet private material, raw protected prompts, protected source payloads, and unpaid AssetPack source.
- Docs QA fails closed when public docs, internal docs, route docs, interface docs, generated artifacts, proof posture, or workflow checks drift.
- Deferred boundaries stay explicit: V35 documents Exchange and Conversations usage while deeper product depth remains future-canon work.