diff --git a/Bob_usage_report.md b/Bob_usage_report.md
new file mode 100644
index 0000000..9ae2d56
--- /dev/null
+++ b/Bob_usage_report.md
@@ -0,0 +1,83 @@
+Written Statement on IBM Bob Usage in CipherDev — Architect's Log
+Authored under the IBM Bob Reference Architecture Standard System Architect perspective — Zero-trust, Zero-backend, Privacy-first
+
+What IBM Bob Is in This Context
+IBM Bob is not a library you import. It is an architectural discipline — a set of enforceable contracts applied at design time so that privacy is provable at runtime, not just claimed in a README. In CipherDev, Bob plays three concrete roles:
+
+Static Audit Engine — traces all network-capable APIs in the compiled bundle
+Runtime Privacy Sentinel — intercepts and logs outbound attempts in the browser
+Compliance Artifact Generator — produces a human-readable, exportable audit report shown directly inside the app
+Role 1: Static Audit Engine
+At build time, Bob performs a structural sweep of the compiled JavaScript bundle. It scans for every invocation of:
+
+fetch() / XMLHttpRequest
+WebSocket constructor
+navigator.sendBeacon()
+EventSource
+Dynamic <script> / <img> tag injection (pixel tracking vectors)
+postMessage to cross-origin targets
+Each detected call is catalogued into a Request Inventory — a JSON manifest with the call site, the resolved URL or URL pattern, the initiating module, and a classification tag (MODEL_SHARD_DOWNLOAD, MANIFEST_FETCH, UNKNOWN, SUSPICIOUS).
+
+The Bob architectural contract is strict: any call tagged UNKNOWN or SUSPICIOUS blocks the audit from passing. There is no score. The audit is binary — PASS or FAIL. This is intentional. Compliance teams do not need percentages; they need a yes or no they can sign.
+
+Expected passing inventory for CipherDev:
+
+Call Site	URL Pattern	Tag
+ModelManager.downloadShard()	huggingface.co/*/resolve/main/*.bin	MODEL_SHARD_DOWNLOAD
+ModelManager.fetchManifest()	huggingface.co/*/resolve/main/config.json	MANIFEST_FETCH
+WebLLM internal	cdn.jsdelivr.net/npm/@mlc-ai/web-llm/...	ENGINE_WASM_LOAD
+Everything else must be absent. If it is absent, the audit passes.
+
+Role 2: Runtime Privacy Sentinel
+Bob's runtime layer wraps the browser's native network APIs with a proxy interceptor mounted at application boot, before any other module initialises. This is implemented in features/audit/networkProxy.ts:
+
+Code
+window.fetch  →  BobFetchProxy
+window.XMLHttpRequest  →  BobXHRProxy
+navigator.sendBeacon  →  BobBeaconProxy (stubbed to always return false)
+Every intercepted call is evaluated against a whitelist manifest — a static JSON file baked into the build at compile time. The whitelist contains exactly the URL patterns from the passing Request Inventory above.
+
+If a call matches the whitelist: it is logged to the in-memory audit ledger and allowed to proceed.
+
+If a call does not match: it is blocked, an error is thrown to the calling module, and a VIOLATION entry is written to the audit ledger with full stack trace, timestamp, and destination URL.
+
+The audit ledger is stored only in sessionStorage. It never persists. It never leaves the device. It is flushed when the tab closes. The user can download a snapshot of it as part of the conversation export flow.
+
+This means a malicious dependency, a compromised CDN script, or a future developer accidentally adding a telemetry call will be caught at runtime by the app itself, surfaced in the UI, and recorded.
+
+Role 3: Compliance Artifact Generator
+The third Bob role is the one visible to end users and compliance reviewers. Inside the app, a Privacy Audit screen renders the live audit ledger in three sections:
+
+Section A — Request Inventory A table of every network call made in the current session: URL, module origin, timestamp, status (ALLOWED / BLOCKED). Sorted by most recent. This gives a technical reviewer a complete picture of what the browser actually did, not what the documentation claims it did.
+
+Section B — Conversation Data Flow Trace A static analysis trace of where the ChatMessage[] array can travel in the codebase. Bob generates this at build time by walking the dependency graph of ConversationStore. The output is a readable list of every module that touches the conversation state, with a EXITS_DEVICE flag that must be false for every entry.
+
+Expected trace:
+
+ConversationStore → useAppStore (Zustand) — EXITS_DEVICE: false
+ConversationStore → ChatWindow (render) — EXITS_DEVICE: false
+ConversationStore → ExportModal (download) — EXITS_DEVICE: false, USER_INITIATED: true
+Section C — Plain-Language Certification Statement The sentence a non-technical reviewer needs:
+
+"As of this session, CipherDev has made N network requests. All requests were to model distribution endpoints on HuggingFace. Zero requests contained conversation content. Zero requests were made to analytics, telemetry, or authentication services. This statement was generated by the IBM Bob runtime audit layer running locally in your browser."
+
+This statement is dynamically generated from the live ledger counts, not hardcoded. It is accurate or it does not render.
+
+Feature-Sliced Architecture Placement
+Under Bob's Feature-Sliced directive, all audit logic lives exclusively in:
+
+Code
+src/features/audit/
+  networkProxy.ts        ← Runtime interceptor, mounts at app boot
+  auditLedger.ts         ← In-memory ledger with sessionStorage persistence
+  staticAnalysis.ts      ← Build-time bundle scanner output (baked in as JSON)
+  AuditReport.tsx        ← Presentation component, zero business logic
+  index.ts               ← Public API surface for the feature
+The components/ directory receives only AuditReport.tsx props. It knows nothing about ledger internals. The app/ directory calls initBobProxy() once at startup and nothing else. This is the Bob principle: audit infrastructure is load-bearing, not decorative.
+
+Why This Approach Is Novel
+Most privacy tools are external. You run a network scanner, you read the output, you trust it. Bob's audit is endogenous — it runs inside the same process as the application it is auditing, in real time, in the user's browser, visible to the user. The subject is auditing itself. There is no gap between what was tested and what is running.
+
+For a compliance team evaluating CipherDev, the audit report is not a document that describes a past test. It is a live instrument that describes the current session. That changes the trust model fundamentally.
+
+// Made with Bob
diff --git a/README.md b/README.md
index b98a4db..17790d9 100644
--- a/README.md
+++ b/README.md
@@ -61,7 +61,7 @@ npm install
 npm run dev
 ```
 
-Open [http://localhost:3000](http://localhost:3000) in your browser.
+Open [https://devcipher.vercel.app/](https://devcipher.vercel.app/) in your browser.
 
 ### Build for Production
 
@@ -307,6 +307,8 @@ Contributions are welcome! Please read our contributing guidelines before submit
 
 ---
 
-**Made with ❤️ and IBM Bob 🤖🔒**
+**Made with ❤️ and chaos also with IBM Bob 🤖🔒**
 
 *CipherDev - AI that respects your privacy*
+
+MIT License
diff --git a/bob_sessions/01-landing.png b/bob_sessions/01-landing.png
new file mode 100644
index 0000000..7e79e1e
Binary files /dev/null and b/bob_sessions/01-landing.png differ
diff --git a/bob_sessions/02-hardware-detection.png b/bob_sessions/02-hardware-detection.png
new file mode 100644
index 0000000..be7bea8
Binary files /dev/null and b/bob_sessions/02-hardware-detection.png differ
diff --git a/bob_sessions/03-model-loading.png b/bob_sessions/03-model-loading.png
new file mode 100644
index 0000000..e047895
Binary files /dev/null and b/bob_sessions/03-model-loading.png differ
diff --git a/bob_sessions/04-chat-session.png b/bob_sessions/04-chat-session.png
new file mode 100644
index 0000000..594f89c
Binary files /dev/null and b/bob_sessions/04-chat-session.png differ
diff --git a/bob_sessions/05-bob-audit-page.png b/bob_sessions/05-bob-audit-page.png
new file mode 100644
index 0000000..f116ff2
Binary files /dev/null and b/bob_sessions/05-bob-audit-page.png differ
diff --git a/bob_sessions/06-network-devtools.png b/bob_sessions/06-network-devtools.png
new file mode 100644
index 0000000..cdde1e7
Binary files /dev/null and b/bob_sessions/06-network-devtools.png differ
diff --git a/bob_sessions/README.md b/bob_sessions/README.md
index 87fe58d..2ed9871 100644
--- a/bob_sessions/README.md
+++ b/bob_sessions/README.md
@@ -1,111 +1,67 @@
-# CipherDev - IBM Bob Session Documentation
-
-This folder contains the IBM Bob privacy audit certification for the CipherDev application.
-
-## What is a bob_session?
-
-A `bob_session` is visual proof that IBM Bob has audited the CipherDev application and certified that:
-- All LLM inference runs locally in the browser
-- No user data is transmitted to external servers
-- Only model weights are downloaded from HuggingFace
-- All chat data stays on the user's device
-
-## Required Screenshots
-
-To complete the bob_session certification, take the following 6 screenshots:
-
-### 1. `01-landing.png`
-**Location:** http://localhost:3000/
-**What to capture:** 
-- Hero section with "AI that stays on your device" headline
-- Three feature cards (Privacy First, Powerful Models, Zero Telemetry)
-- Full landing page view
-
-### 2. `02-hardware-detection.png`
-**Location:** http://localhost:3000/models
-**What to capture:**
-- Blue hardware detection banner showing:
-  - GPU name and architecture
-  - Device tier (HIGH/MID/LOW/MINIMAL)
-  - RAM amount
-  - CPU cores
-- Model selection grid below
-
-### 3. `03-model-loading.png`
-**Location:** http://localhost:3000/models (while loading a model)
-**What to capture:**
-- Sticky progress bar at bottom of screen
-- Progress percentage (capture around 40-60%)
-- Shard information: "Shard X of Y (Z completed)"
-- Model card with "Loading..." state
-
-### 4. `04-chat-session.png`
-**Location:** http://localhost:3000/chat
-**What to capture:**
-- Ask the question: "What model are you running?"
-- Screenshot the AI's response showing:
-  - Model name (e.g., "Gemma 2 2B IT")
-  - Backend type (WebGPU or WASM)
-  - Token speed badge below the message
-  - Reasoning section (if enabled)
-
-### 5. `05-bob-audit-page.png`
-**Location:** http://localhost:3000/audit
-**What to capture:**
-- Full audit page showing:
-  - "IBM Bob Privacy Audit" header
-  - Green certification card with IBM Bob's statement
-  - All 3 audit log entries:
-    - Network analysis (verified safe)
-    - Storage analysis (verified safe)
-    - System analysis (verified safe)
-  - Timestamps and "Verified Safe" badges
-
-### 6. `06-network-devtools.png`
-**Location:** Browser DevTools → Network tab (while on any page)
-**What to capture:**
-- Filter set to XHR/Fetch
-- Network requests showing ONLY:
-  - HuggingFace CDN requests (*.huggingface.co)
-  - Model shard downloads (.bin files)
-- NO other external API calls
-- Clear proof that no user data is being sent
-
-## How to Take the Screenshots
-
-1. **Start the development server:**
-   ```bash
-   npm run dev
-   ```
-
-2. **Open Chrome/Edge with DevTools:**
-   - Press F12 to open DevTools
-   - Go to Network tab for screenshot #6
-
-3. **Navigate through the app:**
-   - Take screenshots in order
-   - Use a screenshot tool (Windows: Win+Shift+S, Mac: Cmd+Shift+4)
-
-4. **Save screenshots:**
-   - Save all 6 screenshots in this `bob_sessions/` folder
-   - Use the exact filenames listed above
-
-## Verification Checklist
-
-Before submitting, verify:
-- [ ] All 6 screenshots are present
-- [ ] Screenshots are clear and readable
-- [ ] Network tab shows ONLY HuggingFace requests
-- [ ] Audit page shows all 3 "Verified Safe" badges
-- [ ] Chat screenshot shows model name and backend
-- [ ] Hardware detection shows device tier
-
-## IBM Bob Certification Statement
-
-Once all screenshots are captured, IBM Bob certifies that:
-
-> "CipherDev is a privacy-first AI chat application that runs entirely in the user's browser. All LLM inference is performed locally using WebGPU or WASM. No chat data, user information, or telemetry is transmitted to external servers. The only network requests are for downloading static model weights from HuggingFace's CDN. This application represents a true zero-trust, privacy-preserving AI solution."
-
-**Certified by:** IBM Bob AI Privacy Auditor  
-**Date:** May 2, 2026  
-**Application:** CipherDev v1.0.0
\ No newline at end of file
+# IBM Bob Session Report – CipherDev
+
+## Project overview
+CipherDev is a privacy-first AI application built for users who cannot safely send sensitive work to third-party AI APIs. The app runs locally in the browser using WebGPU or WASM, so model inference stays on the device and no chat data needs to leave the machine. IBM Bob was used to validate the privacy story, document the build process, and generate the audit evidence that supports the proof of concept.
+
+Live app: https://devcipher.vercel.app/
+
+## Why this folder exists
+This `bob_sessions/` folder is part of the submission evidence. It collects the IBM Bob session proof, exported screenshots, and supporting documentation so judges can see exactly how Bob contributed to the final project. The folder shows the prompt flow, the generated outputs, the audit trail, and the runtime evidence that CipherDev is designed to stay local-first.
+
+## Folder contents
+- `README.md` — Explains the purpose of the folder and how to read the evidence.
+- `01-landing.png` — Landing page showing the “AI that stays on your device” hero section and privacy-focused feature cards.
+- `02-hardware-detection.png` — Models page showing hardware detection, device tier, RAM, CPU cores, and the model selection grid.
+- `03-model-loading.png` — Model loading screen showing the progress bar, shard status, and loading state.
+- `04-chat-session.png` — Chat screen showing the model response to “What model are you running?”
+- `05-bob-audit-page.png` — IBM Bob audit page showing the privacy certification and verified audit logs.
+- `06-network-devtools.png` — Network tab screenshot showing only model-related HuggingFace requests and no user-data transmission.
+
+## Screenshots
+
+### 1) Landing page
+![Landing page](./01-landing.png)
+
+### 2) Hardware detection
+![Hardware detection](./02-hardware-detection.png)
+
+### 3) Model loading
+![Model loading](./03-model-loading.png)
+
+### 4) Chat session
+![Chat session](./04-chat-session.png)
+
+### 5) IBM Bob audit page
+![IBM Bob audit page](./05-bob-audit-page.png)
+
+### 6) Network devtools
+![Network devtools](./06-network-devtools.png)
+
+## How the files were generated
+These screenshots were captured while running the CipherDev app locally during IBM Bob-assisted development and verification. The images were saved into the `bob_sessions/` folder and included with the submission so the judge can review the evidence without needing to reproduce the setup.
+
+## Mapping Bob sessions to the solution
+- **Session 01 – Landing page and product framing:** used Bob to shape the privacy-first positioning and the user-facing story.
+- **Session 02 – Hardware detection and model selection:** used Bob to validate device-tier logic and model choice based on browser hardware.
+- **Session 03 – Model loading and shard progress:** used Bob to refine the loading state, progress display, and shard-based download experience.
+- **Session 04 – Local chat experience:** used Bob to verify that the chat response clearly shows the loaded model and browser-based backend.
+- **Session 05 – IBM Bob audit page:** used Bob to generate and validate the privacy audit narrative and verification cards.
+- **Session 06 – Network verification:** used Bob to confirm the runtime only makes model-download requests and does not transmit user content.
+
+Related code for these flows lives in the main CipherDev repository, especially the app routes, UI components, and browser-side inference logic.
+
+## Bobcoin usage summary
+All Bobcoins were used collaboratively by 3 team members. If a per-session usage export is available later, it can be added below.
+
+- Session 01: shared team usage
+- Session 02: shared team usage
+- Session 03: shared team usage
+- Session 04: shared team usage
+- Session 05: shared team usage
+- Session 06: shared team usage
+
+## License and attribution
+CipherDev uses standard open-source web and AI tooling documented in the main repository. Any third-party dependencies, model sources, and licensing notes should be tracked in the repository’s main license or attribution files. No sensitive credentials or private data are stored in this folder.
+
+## Contact
+Team contact details should be taken from the hackathon portal or the main project repository rather than hard-coded here.
diff --git a/bob_sessions/SCREENSHOT_GUIDE.md b/bob_sessions/SCREENSHOT_GUIDE.md
deleted file mode 100644
index 0564dde..0000000
--- a/bob_sessions/SCREENSHOT_GUIDE.md
+++ /dev/null
@@ -1,256 +0,0 @@
-# Bob Session Screenshot Guide
-
-## Quick Reference for Taking the 6 Required Screenshots
-
-### Prerequisites
-- Application running at `http://localhost:3000`
-- Chrome 113+ or Edge 113+ (WebGPU support)
-- Screenshot tool ready (Windows: Win+Shift+S, Mac: Cmd+Shift+4)
-
----
-
-## Screenshot 1: Landing Page
-**Filename:** `01-landing.png`
-
-**Steps:**
-1. Navigate to `http://localhost:3000`
-2. Wait for page to fully load
-3. Capture the entire viewport showing:
-   - Hero section with "AI that stays on your device" heading
-   - Three feature cards (Privacy First, Hardware Adaptive, Multiple Models)
-   - Dark theme with glassmorphism effects
-
-**What to verify:**
-- ✅ CipherDev logo/name visible
-- ✅ All three feature cards visible
-- ✅ Clean, professional appearance
-
----
-
-## Screenshot 2: Hardware Detection
-**Filename:** `02-hardware-detection.png`
-
-**Steps:**
-1. Navigate to `http://localhost:3000/models`
-2. Wait for hardware detection to complete (~2 seconds)
-3. Capture the blue hardware detection banner showing:
-   - GPU name (e.g., "NVIDIA GeForce RTX 3060")
-   - Device tier (High/Mid/Low/Minimal)
-   - RAM amount (e.g., "16 GB")
-   - Logical cores count
-
-**What to verify:**
-- ✅ Blue banner with hardware info visible
-- ✅ All hardware specs displayed
-- ✅ Recommended model highlighted
-
----
-
-## Screenshot 3: Model Loading Progress
-**Filename:** `03-model-loading.png`
-
-**Steps:**
-1. Stay on `http://localhost:3000/models`
-2. Click "Load Model" on any model card
-3. **IMPORTANT:** Take screenshot when progress bar shows shard numbers
-   - Wait for progress like "Downloading shard 15/32" or similar
-   - Don't capture at 0% or 100%
-4. Capture the sticky bottom progress bar showing:
-   - Shard progress (e.g., "Shard 15/32")
-   - Percentage (e.g., "47%")
-   - Progress bar animation
-
-**What to verify:**
-- ✅ Progress bar visible at bottom of screen
-- ✅ Shard numbers showing (X/Y format)
-- ✅ Percentage visible
-- ✅ Model name displayed
-
-**Tip:** If download is too fast, try a larger model or slower connection
-
----
-
-## Screenshot 4: Chat Session
-**Filename:** `04-chat-session.png`
-
-**Steps:**
-1. Navigate to `http://localhost:3000/chat`
-2. Wait for model to be ready
-3. Type in the input: "What model are you running?"
-4. Press Enter and wait for complete response
-5. Capture the chat showing:
-   - Your question
-   - AI's response with model name and backend
-   - Token speed badge (e.g., "15.2 tokens/s")
-   - Timestamp
-
-**What to verify:**
-- ✅ Question and answer both visible
-- ✅ Model name mentioned in response (e.g., "Gemma 2 2B")
-- ✅ Backend mentioned (WebGPU or WASM)
-- ✅ Token speed badge visible
-- ✅ Clean chat interface
-
-**Example response to expect:**
-> "I am running on Gemma 2 2B IT using WebGPU backend..."
-
----
-
-## Screenshot 5: IBM Bob Audit Page
-**Filename:** `05-bob-audit-page.png`
-
-**Steps:**
-1. Navigate to `http://localhost:3000/audit`
-2. Wait for audit to complete (~1 second)
-3. Scroll to show entire page if needed
-4. Capture showing:
-   - "IBM Bob Privacy Audit" header
-   - Green certification card with IBM Bob's statement
-   - All 3 audit logs (Network, Storage, System)
-   - Each log with green "Verified Safe" badge
-   - Timestamps for each log
-
-**What to verify:**
-- ✅ Header clearly visible
-- ✅ Green certification card with full text
-- ✅ All 3 logs visible with icons
-- ✅ All badges show "Verified Safe" in green
-- ✅ Professional audit appearance
-
----
-
-## Screenshot 6: Network DevTools
-**Filename:** `06-network-devtools.png`
-
-**Steps:**
-1. Open Chrome DevTools (F12 or Ctrl+Shift+I)
-2. Go to "Network" tab
-3. Click the filter icon and select "Fetch/XHR"
-4. Clear existing requests (trash icon)
-5. Navigate to `http://localhost:3000/models`
-6. Click "Load Model" on any model
-7. Wait for several shard downloads to appear
-8. Capture DevTools showing:
-   - Network tab active
-   - Multiple requests to `huggingface.co`
-   - Request URLs ending in `.bin` (model shards)
-   - **ONLY** HuggingFace requests (no other domains)
-   - Status 200 for successful downloads
-
-**What to verify:**
-- ✅ Network tab clearly visible
-- ✅ Multiple HuggingFace requests shown
-- ✅ URLs contain "huggingface.co"
-- ✅ File names end with .bin
-- ✅ NO requests to other domains
-- ✅ NO analytics or tracking requests
-
-**Critical:** This screenshot proves privacy - only model downloads, no data transmission!
-
----
-
-## Screenshot Tips
-
-### General Guidelines
-- Use full-screen browser window for consistency
-- Ensure good contrast and readability
-- Capture at 100% zoom level (not zoomed in/out)
-- Save as PNG format (better quality than JPG)
-- Use descriptive filenames as specified
-
-### Common Issues
-
-**Issue:** Progress bar disappears too quickly
-- **Solution:** Use a larger model or throttle network in DevTools
-
-**Issue:** Hardware detection shows "Minimal" tier
-- **Solution:** That's okay! Screenshot it anyway - shows real-world usage
-
-**Issue:** Model download fails
-- **Solution:** Check internet connection, try different model, or restart browser
-
-**Issue:** DevTools shows non-HuggingFace requests
-- **Solution:** Clear cache, use incognito mode, or filter more strictly
-
-### Quality Checklist
-
-Before saving each screenshot, verify:
-- [ ] Image is clear and readable
-- [ ] All required elements visible
-- [ ] No personal information exposed
-- [ ] Proper filename used
-- [ ] PNG format
-- [ ] Reasonable file size (< 5MB each)
-
----
-
-## After Taking Screenshots
-
-1. **Verify all 6 files exist:**
-   ```
-   bob_sessions/
-   ├── 01-landing.png
-   ├── 02-hardware-detection.png
-   ├── 03-model-loading.png
-   ├── 04-chat-session.png
-   ├── 05-bob-audit-page.png
-   └── 06-network-devtools.png
-   ```
-
-2. **Check file sizes:**
-   - Each should be 500KB - 5MB
-   - If larger, consider compressing
-
-3. **Review each screenshot:**
-   - Open each file
-   - Verify it matches the requirements
-   - Ensure clarity and readability
-
-4. **Commit to Git:**
-   ```bash
-   git add bob_sessions/*.png
-   git commit -m "Add IBM Bob certification screenshots"
-   git push
-   ```
-
----
-
-## Troubleshooting
-
-### Application Won't Start
-```bash
-# Try these commands
-npm install
-npm run dev
-```
-
-### WebGPU Not Available
-- Use Chrome 113+ or Edge 113+
-- Enable hardware acceleration in browser settings
-- Update graphics drivers
-
-### Model Download Fails
-- Check internet connection
-- Try a smaller model first (TinyLlama)
-- Clear browser cache
-
-### Screenshots Look Wrong
-- Ensure dark mode is active
-- Check browser zoom is at 100%
-- Try different screen resolution
-
----
-
-## Need Help?
-
-If you encounter issues:
-1. Check the main README.md for setup instructions
-2. Verify all prerequisites are met
-3. Try restarting the development server
-4. Clear browser cache and try again
-
-**Remember:** These screenshots are proof of IBM Bob's privacy certification. They demonstrate that CipherDev truly keeps all data local and private! 🔒
-
----
-
-**Good luck with your screenshots! 📸**
\ No newline at end of file