Policies¶
Open source¶
All BNI software is open source. Licensing by layer:
| Layer | License |
|---|---|
| Core libraries and frameworks | MIT or Apache 2.0 |
| Hosted SaaS platforms | AGPL |
| Enterprise add-ons (via BNI LLC) | Commercial |
Privacy¶
BNI software is designed with privacy as an architectural constraint, not a policy afterthought:
- No central servers holding user data by default
- No account required for end-user software
- Cryptographic identity (did:key) — users own their keys
- Location data: user opt-in, configurable precision, local-only by default
AI use policy¶
BNI developers use Claude Code (Anthropic) as a development assistant. Policy:
Claude Code may autonomously:
- Edit, create, and refactor code files
- Run read-only commands (
ls,find,grep,tsc --noEmit,npm test) - Install packages after stating intent
- Write to Obsidian vault documentation
Claude Code must ask before:
- Committing or pushing to git
- Destructive operations (reset, branch delete, drop DB)
- Creating PRs or GitHub issues
- Spending money (EAS builds, cloud deploys, paid APIs)
- Sharing or publishing anything externally
No secrets in git¶
All API keys, credentials, and environment-specific values live in .env.local files that are gitignored. Never commit secrets.
Accessibility¶
WCAG AA minimum on all UI. Large touch targets (44pt minimum). Screen reader support required before any feature ships.
Software engineering policies¶
External security and risk-management frameworks BNI references (OWASP Top 10, OWASP MASVS, OWASP ASVS, NIST SSDF, NIST AI RMF, NIST Privacy Framework) are covered on a dedicated page: Software Engineering Policies.