From c97c1afb5f9f79ddf5727ba965a2c2bdc0c13ce8 Mon Sep 17 00:00:00 2001
From: Priyansh Khodiyar <priyanshkhodiyar.27@gmail.com>
Date: Fri, 15 May 2026 18:57:08 +0530
Subject: [PATCH] fix(docs): repoint canonical to authsome.ai and drop dead
 links

Mintlify generates the sitemap from seo.metatags.canonical, and the
canonical was still pointing at authsome.agentr.dev. Every <loc> in
https://authsome.ai/docs/sitemap.xml carried the old domain even
though the docs are now hosted at authsome.ai.

Domain rename:
- docs.json canonical to https://authsome.ai/docs.
- docs.json footer "Home" link to https://authsome.ai.
- custom-providers.mdx schema URL to authsome.ai.

Security disclosure:
- Drop the security@agentr.dev email path from disclosure.mdx and
  route all reports through GitHub's private security advisory flow.
  The email was the only contact path that needed mailbox
  maintenance; GitHub advisories give us the same private channel
  without it.

Dead links (target files deleted upstream in 019bdd1 and ec06181):
- roadmap.mdx: drop both references to docs/authsome-design.md
  (moved to docs/internal/, not public-facing).
- daemon-trust-boundary.mdx: replace authsome-design.md reference
  with a link to the public /roadmap page.
- encryption.mdx: drop docs/specs/authsome-v1.md reference; keep
  the prose describing the future portable spec.
- credential-storage.mdx: same fix as encryption.mdx, also drops
  one stale manojbajaj95 owner reference incidentally.
---
 docs/site/concepts/credential-storage.mdx    | 2 +-
 docs/site/docs.json                          | 4 ++--
 docs/site/guides/custom-providers.mdx        | 2 +-
 docs/site/roadmap.mdx                        | 4 +---
 docs/site/security/daemon-trust-boundary.mdx | 2 +-
 docs/site/security/disclosure.mdx            | 6 +++---
 docs/site/security/encryption.mdx            | 2 +-
 7 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/docs/site/concepts/credential-storage.mdx b/docs/site/concepts/credential-storage.mdx
index 92ce187..e142ffe 100644
--- a/docs/site/concepts/credential-storage.mdx
+++ b/docs/site/concepts/credential-storage.mdx
@@ -102,7 +102,7 @@ For example, a sample stored ciphertext looks like:
 This is the format `LocalFileCrypto.encrypt` and `KeyringCrypto.encrypt` produce in `src/authsome/vault/crypto.py`.
 
 <Note>
-  The portable spec ([`docs/specs/authsome-v1.md` §11.4](https://github.com/manojbajaj95/authsome/blob/main/docs/specs/authsome-v1.md)) defines a richer JSON envelope (`{enc, alg, kid, nonce, ciphertext, tag}`) as the cross-language interop target. The current Python implementation uses the compact format above; a future migration may switch to the JSON envelope when a second-language port lands.
+  A future portable spec will define a richer JSON envelope (`{enc, alg, kid, nonce, ciphertext, tag}`) as the cross-language interop target. The current Python implementation uses the compact format above; a future migration may switch to the JSON envelope when a second-language port lands.
 </Note>
 
 ## The three states
diff --git a/docs/site/docs.json b/docs/site/docs.json
index f2a8511..9cf5250 100644
--- a/docs/site/docs.json
+++ b/docs/site/docs.json
@@ -30,7 +30,7 @@
   "seo": {
     "indexing": "all",
     "metatags": {
-      "canonical": "https://authsome.agentr.dev/docs",
+      "canonical": "https://authsome.ai/docs",
       "title-template": "%s · Authsome",
       "og:site_name": "Authsome Docs",
       "og:type": "website",
@@ -271,7 +271,7 @@
       {
         "header": "Product",
         "items": [
-          { "label": "Home", "href": "https://authsome.agentr.dev" },
+          { "label": "Home", "href": "https://authsome.ai" },
           { "label": "GitHub", "href": "https://github.com/agentrhq/authsome" },
           { "label": "PyPI", "href": "https://pypi.org/project/authsome/" }
         ]
diff --git a/docs/site/guides/custom-providers.mdx b/docs/site/guides/custom-providers.mdx
index a36d671..0a6e42d 100644
--- a/docs/site/guides/custom-providers.mdx
+++ b/docs/site/guides/custom-providers.mdx
@@ -20,7 +20,7 @@ Before you start:
 3. For OAuth2, find the `authorization_url`, `token_url`, supported scopes, and whether PKCE / device code / Dynamic Client Registration are supported.
 4. For API key, find the header name and prefix the provider expects.
 
-Then write the JSON file following the schema at https://authsome.agentr.dev/docs/reference/provider-schema.
+Then write the JSON file following the schema at https://authsome.ai/docs/reference/provider-schema.
 
 Output:
 
diff --git a/docs/site/roadmap.mdx b/docs/site/roadmap.mdx
index 94ea7f9..058174f 100644
--- a/docs/site/roadmap.mdx
+++ b/docs/site/roadmap.mdx
@@ -8,8 +8,6 @@ keywords: ["authsome roadmap", "authsome planned features", "identity policy aud
 
 Authsome's architecture is layered: identity, policy, vault, auth, audit. v1 ships Vault, Auth, and the proxy orchestrator. Identity, Policy, and Audit are documented in the design but not yet enforced. This page is the honest tracker for what's coming and what isn't.
 
-The canonical design document is [`authsome-design.md`](https://github.com/agentrhq/authsome/blob/main/docs/authsome-design.md) in the source tree.
-
 ## Landed in v1
 
 - **Vault** <Badge color="green">Shipped</Badge> Encrypted SQLite per profile with AES-256-GCM. Local file or OS keyring backend for the master key. See [Encryption at rest](/security/encryption).
@@ -50,7 +48,7 @@ Re-encrypt every record under a new master key without losing state. The wire fo
 
 ## Recently open questions
 
-These are tracked in [`authsome-design.md`](https://github.com/agentrhq/authsome/blob/main/docs/authsome-design.md) under "Open Questions". They are unresolved enough to call out separately.
+The following are unresolved enough to call out separately from the planned work above.
 
 | Question | Status |
 |----------|--------|
diff --git a/docs/site/security/daemon-trust-boundary.mdx b/docs/site/security/daemon-trust-boundary.mdx
index 2739a27..1a89fcd 100644
--- a/docs/site/security/daemon-trust-boundary.mdx
+++ b/docs/site/security/daemon-trust-boundary.mdx
@@ -46,7 +46,7 @@ The daemon ships without these and we plan to add them:
 - **No persistent session store.** A restart loses any login that is mid-flight. The user re-runs the login.
 - **No process-level isolation between the daemon and the proxy.** Both run in the daemon's address space. A bug in one is reachable from the other.
 
-These are tracked in [`authsome-design.md`](https://github.com/agentrhq/authsome/blob/main/docs/authsome-design.md) under "Open Questions" and on the roadmap.
+These are tracked on the [roadmap](/roadmap).
 
 ## When the model is adequate
 
diff --git a/docs/site/security/disclosure.mdx b/docs/site/security/disclosure.mdx
index ae990c3..cb007fd 100644
--- a/docs/site/security/disclosure.mdx
+++ b/docs/site/security/disclosure.mdx
@@ -3,21 +3,21 @@ title: "Responsible disclosure"
 sidebarTitle: "Disclosure"
 description: "How to report a security issue in authsome."
 icon: "envelope"
-keywords: ["authsome security disclosure", "authsome vulnerability report", "responsible disclosure", "security@agentr.dev"]
+keywords: ["authsome security disclosure", "authsome vulnerability report", "responsible disclosure"]
 ---
 
 If you find a security issue in authsome, please tell us privately so we can fix it before it's public.
 
 ## How to report
 
-Email **security@agentr.dev** with:
+Open a [private security advisory on GitHub](https://github.com/agentrhq/authsome/security/advisories/new) and include:
 
 - A clear description of the issue and its impact.
 - Steps to reproduce. A minimal proof of concept is ideal.
 - Affected versions if you've narrowed it down (`uvx authsome --version`).
 - Your name and a way to credit you in the fix announcement, if you'd like credit.
 
-If email isn't an option, open a [private security advisory on GitHub](https://github.com/agentrhq/authsome/security/advisories/new).
+Private advisories are visible only to repository maintainers until coordinated disclosure.
 
 ## What to expect
 
diff --git a/docs/site/security/encryption.mdx b/docs/site/security/encryption.mdx
index c6539a5..61fc1b7 100644
--- a/docs/site/security/encryption.mdx
+++ b/docs/site/security/encryption.mdx
@@ -50,7 +50,7 @@ A sample record looks like:
 This is produced by `LocalFileCrypto.encrypt` and `KeyringCrypto.encrypt` in `src/authsome/vault/crypto.py`.
 
 <Note>
-  The portable spec ([`docs/specs/authsome-v1.md` §11.4](https://github.com/agentrhq/authsome/blob/main/docs/specs/authsome-v1.md)) defines a richer JSON envelope (`{enc, alg, kid, nonce, ciphertext, tag}`) as the cross-language interop target. The Python implementation uses the compact format above; a future release may migrate to the JSON envelope when a second-language port lands.
+  A future portable spec will define a richer JSON envelope (`{enc, alg, kid, nonce, ciphertext, tag}`) as the cross-language interop target. The Python implementation uses the compact format above; a future release may migrate to the JSON envelope when a second-language port lands.
 </Note>
 
 ## Master key backends