feat: 35-function MCP catalog with full references
New wiki page enumerating all 35 typed forensic functions with:
- Primary OS/artifact target for each
- MITRE ATT&CK technique mapping
- Published reference (SANS course / paper / vendor doc / open-source tool)
so reviewers can audit where the detection logic comes from
Sidebar updated to include the catalog.
a1027a3
feat: initial wiki — Home, About, Architecture-first, dart-mcp, FAQ, sidebar/footer
Long-form documentation that doesn't fit in the README:
- Home: overview + table of contents
- About the name: DART acronym + four-phase plan
- Architecture-first vs prompt-first: the central design claim
- dart-mcp: the typed surface, all 31 functions, bypass tests
- FAQ: judges, contributors, skeptics
- _Sidebar / _Footer: auto-shown navigation on every page
Other pages (Threat model, dart-agent / dart-corr / dart-audit / dart-playbook,
Running on SIFT/macOS, Live mode, Accuracy, case studies, roadmap, glossary,
comparison) are stubs in the sidebar — to be filled in as the project matures.
c8e3a90
feat: full wiki — Architecture / Operator / Threat model / Roadmap
Five pages, sidebar, written as long-form complement to the README:
Home landing + project status
_Sidebar navigation visible on every page
Architecture-deep-dive why the architecture is shaped this way
Operator-guide run dart-agent on a real SIFT case
Threat-model honest scope of the read-only MCP boundary
Roadmap phase 1-4, anti-roadmap (what we refuse)
Same voice as the README. No marketing language, no overclaim.
The threat model in particular is deliberately honest about what
the architecture does NOT defend against.
44e27b1