# AssetShop — IPFS Upload Folder (deploy this)

This folder contains **only the public, customer-facing static sites** for AssetShop, organized so you can upload everything in (close to) one operation and then point each ENS name at its content.

It contains **no proprietary or internal material** — no backend, no source/build scripts, no business/financial documents, no runbook, no this-review. Those live elsewhere in the repository and are intentionally excluded here.

---

## What's in here (6 sites → 6 ENS names)

| Folder | ENS name (set contenthash for each) | What it is |
|--------|-------------------------------------|------------|
| `assetshop.eth/` | **assetshop.eth** | Umbrella entrance — the suite vision. ~264 KB |
| `enterprise.assetshop.eth/` | **enterprise.assetshop.eth** | Enterprise suite site. ~468 KB |
| `sco.enterprise.assetshop.eth/` | **sco.enterprise.assetshop.eth** | SCO product marketing site. ~780 KB |
| `trust.sco.enterprise.assetshop.eth/` | **trust.sco.enterprise.assetshop.eth** | Trust Center + policies + status page. ~904 KB |
| `demo.sco.enterprise.assetshop.eth/` | **demo.sco.enterprise.assetshop.eth** | Public SCO demo (self-contained, synthetic Meridian data). ~2.1 MB |
| `platform.sco.enterprise.assetshop.eth/` | **platform.sco.enterprise.assetshop.eth** | SCO platform app + the **suite hub** (`suite.html`) + all 15 domain-module preview surfaces. ~3.2 MB |

Each folder is a complete static site with its own `index.html`, icons, `og.png`, `manifest`, `robots.txt`, and `sitemap.xml`. The platform folder additionally contains `suite.html` (the suite hub) and the 15 module surfaces; the trust folder contains `policies/` and `status.html`.

---

## The one-operation upload

IPFS lets you add the whole parent folder once and get a content ID (CID) for the parent **and** for each subfolder in a single pass. You then set each ENS name's contenthash to its subfolder's CID.

**You run this** (requires a local IPFS node, or swap in a pinning service — see below):

```bash
# 1) Add the entire folder in one operation. Records each subfolder's CID.
ipfs add -r --cid-version=1 ipfs-upload/

# The output lists a hash for every file and folder. Note the line for each
# top-level site folder, e.g.:
#   added bafybei...AAAA ipfs-upload/assetshop.eth
#   added bafybei...BBBB ipfs-upload/enterprise.assetshop.eth
#   ... (one CID per site folder) ...
#   added bafybei...ROOT ipfs-upload          <- the parent CID
```

To pin so the content stays available (recommended — a local node alone is not durable), use a pinning service. Easiest single-folder path:

- **Pinata / Filebase / web3.storage / Fleek:** upload this `ipfs-upload/` folder via their web UI or CLI in one action; they return the parent CID and you can read each subfolder CID from the directory listing (`ipfs ls <parentCID>` or the service's file browser).

```bash
# Example (Pinata CLI): one upload, returns parent CID
pinata pin file ./ipfs-upload --name assetshop-deploy
# then list subfolder CIDs:
ipfs ls <PARENT_CID>
```

---

## Point each ENS name at its content

For each of the 6 names, set the **contenthash** record to `ipfs://<that-subfolder-CID>`.

Two ways — **you run / do this:**

**A. ENS Manager (no CLI):** at `app.ens.domains`, open each name → Records → set **Content Hash** to `ipfs://<CID>` → save (one on-chain transaction per name). Subdomains (`*.assetshop.eth`) must have a resolver set; if a subdomain doesn't resolve yet, create the subname under `assetshop.eth` and assign the public resolver first.

**B. CLI (e.g., ens-cli / viem script):**
```bash
# conceptual — one tx per name
ens set-contenthash assetshop.eth                      ipfs://<CID_assetshop>
ens set-contenthash enterprise.assetshop.eth           ipfs://<CID_enterprise>
ens set-contenthash sco.enterprise.assetshop.eth       ipfs://<CID_sco>
ens set-contenthash trust.sco.enterprise.assetshop.eth ipfs://<CID_trust>
ens set-contenthash demo.sco.enterprise.assetshop.eth  ipfs://<CID_demo>
ens set-contenthash platform.sco.enterprise.assetshop.eth ipfs://<CID_platform>
```

**Verify** after propagation (a few minutes): open `https://assetshop.eth.limo`, `https://enterprise.assetshop.eth.limo`, etc. The `.limo` gateway resolves ENS contenthash automatically.

---

## Important: what works standalone vs what needs the backend

- **Static sites work immediately from IPFS** with no backend: the umbrella, enterprise, SCO marketing, Trust Center policies, and the **public demo** (the demo runs client-side on synthetic Meridian data) all render fully once contenthash is set.
- **These features depend on the backend** (not yet deployed — Runbook Phase 3) and will not function until then:
  - the **platform** app's real sign-in, live tenant data, and API actions;
  - the Trust Center **status page's live fetch** (`status-app.js` calls a public status endpoint at `*-assetshop-prod.cloudfunctions.net`).
  Until the backend is live, treat the platform app as a UI preview and the status page's live numbers as pending.

---

## Customer-facing audit (passed) — see also EXECUTIVE_INVESTOR_REVIEW_AND_GAPS.md

A proprietary/internal-info scan was run across every file in this folder:

- **No** internal filesystem paths, **no** real secrets/keys, **no** build attribution leaks, **no** `Fortune 500 / F50 / Patent Pending`.
- AI-provider names (OpenAI/Anthropic/Claude/etc.) appear only in legitimate, customer-facing contexts: the **sub-processor list** (CORTEX is customer-elected and ships Q4 2026; "no AI provider processes Customer data via SCO as of the effective date"), standard **AI-crawler directives** in `robots.txt`, the **BYO-AI** provider selector in the demo, and the **AI-safety policy** (NIST AI RMF / EU AI Act / ISO 42001).
- The `sk_live_…` string in the demo is a **masked synthetic fingerprint** (no real key); `demo-password` is the **intentional public-demo credential**.
- The intentional IP-notice language ("Architecture and methodology are proprietary") and the "Web3 Ventures Enterprise" parent line in footers are **kept by design**.

**Minor open items to reconcile (your call, not blockers):**
1. The public status endpoint exposes the GCP project name `assetshop-prod` — public by design for a status page, and tied to the backend deploy; confirm the endpoint + CORS when Phase 3 lands.
2. **Resolved (v3.93):** contact emails consolidated to `AssetShopCo@gmail.com` across all customer-facing files (security.txt, status page, site CTAs). Revert to a custom-domain address if/when you register `assetshop.com`.

---

*Generated for the v3.92 suite-unification package. Folder verified: all 6 sites load with zero non-font console errors; module surfaces render all charts with no NaN.*