chore: rename pulkitpareek18/ZeroAuth → zeroauth-dev in docs

CLAUDE.md

@@ -25,10 +25,10 @@ It does not contain product code. It is documentation, policy, and cross-cutting
 
 | Repo | URL | What links here |
 |---|---|---|
-| `pulkitpareek18/ZeroAuth` | <https://github.com/pulkitpareek18/ZeroAuth> | Its `CLAUDE.md`, `docs/threat_model.md`, `adr/` (all link to the canonical versions here) |
-| `pulkitpareek18/ZeroAuth-Verifier` | (planned, Week 2 — B02) | Its CLAUDE.md will link here |
-| `pulkitpareek18/ZeroAuth-IoT` | (planned, Week 3 — B03) | — |
-| `pulkitpareek18/ZeroAuth-Mobile-SDK` | (planned, Week 5 — B04) | — |
+| `zeroauth-dev/ZeroAuth` | <https://github.com/zeroauth-dev/ZeroAuth> | Its `CLAUDE.md`, `docs/threat_model.md`, `adr/` (all link to the canonical versions here) |
+| `zeroauth-dev/ZeroAuth-Verifier` | (planned, Week 2 — B02) | Its CLAUDE.md will link here |
+| `zeroauth-dev/ZeroAuth-IoT` | (planned, Week 3 — B03) | — |
+| `zeroauth-dev/ZeroAuth-Mobile-SDK` | (planned, Week 5 — B04) | — |
 
 ## What this repo contains
 
@@ -75,7 +75,7 @@ It does not contain product code. It is documentation, policy, and cross-cutting
 ## Conventions
 
 - **Format**: markdown only
-- **Cross-references**: relative paths to other files in this repo; for cross-repo references, name the repo and the path: `pulkitpareek18/ZeroAuth: /docs/api_contract.md`
+- **Cross-references**: relative paths to other files in this repo; for cross-repo references, name the repo and the path: `zeroauth-dev/ZeroAuth: /docs/api_contract.md`
 - **Versioning**: every shared policy doc has a `LAST_UPDATED` field at the bottom; `RELEASES.md` records which version of each shared doc was in force at each evidence-pack publication
 - **Reviews**: changes to anything in `/docs/shared/` require two reviewers (Pulkit + Amit). External DPO counsel review is required for DPDP-touching files **once counsel is engaged** — until then, the founders sign off jointly and the file carries a `PROVISIONAL` banner. Enforced via `CODEOWNERS`
 
@@ -89,7 +89,7 @@ It does not contain product code. It is documentation, policy, and cross-cutting
 
 4. **Use the `adr-writer` skill** for any new shared-policy ADR.
 
-5. **Use the `compliance-mapper` subagent** when adding or modifying any compliance mapping. (Skill not yet installed — see ADR-0004 in `pulkitpareek18/ZeroAuth`.)
+5. **Use the `compliance-mapper` subagent** when adding or modifying any compliance mapping. (Skill not yet installed — see ADR-0004 in `zeroauth-dev/ZeroAuth`.)
 
 6. **Use the `threat-model-update` skill** when modifying the canonical threat model.
 

README.md

@@ -2,7 +2,7 @@
 
 The cross-repo source of truth for ZeroAuth security policy, compliance mappings, the canonical threat model, ADR index, release coordination, and evidence-pack sources.
 
-**This repo does not contain product code.** Product code lives in [`pulkitpareek18/ZeroAuth`](https://github.com/pulkitpareek18/ZeroAuth) (and future sibling repos for the verifier, IoT firmware, and mobile SDK).
+**This repo does not contain product code.** Product code lives in [`zeroauth-dev/ZeroAuth`](https://github.com/zeroauth-dev/ZeroAuth) (and future sibling repos for the verifier, IoT firmware, and mobile SDK).
 
 ## What's in here
 
@@ -35,4 +35,4 @@ CI runs both gates on every PR; merge blocks if either fails.
 
 ## License
 
-This documentation is licensed under [Creative Commons Attribution 4.0 International (CC-BY-4.0)](LICENSE). Reuse it, fork it, audit it — credit ZeroAuth (pulkitpareek18/ZeroAuth).
+This documentation is licensed under [Creative Commons Attribution 4.0 International (CC-BY-4.0)](LICENSE). Reuse it, fork it, audit it — credit ZeroAuth (zeroauth-dev/ZeroAuth).

adr-index/ALL.md

@@ -13,10 +13,10 @@ This is the cross-repo index of every Architecture Decision Record. Each entry l
 
 | # | Title | Status | Repo | Path | Date |
 |---|---|---|---|---|---|
-| 0001 | CLAUDE.md as the project constitution + prompt-suite engineering discipline | Accepted | `pulkitpareek18/ZeroAuth` | [adr/0001-prompt-suite-engineering-discipline.md](https://github.com/pulkitpareek18/ZeroAuth/blob/main/adr/0001-prompt-suite-engineering-discipline.md) | 2026-05-12 |
-| 0002 | Dashboard stack — Vite, not Next.js | Accepted | `pulkitpareek18/ZeroAuth` | [adr/0002-dashboard-stack-vite-not-nextjs.md](https://github.com/pulkitpareek18/ZeroAuth/blob/main/adr/0002-dashboard-stack-vite-not-nextjs.md) | 2026-05-12 |
-| 0003 | Adopt Playwright for dashboard E2E | Accepted | `pulkitpareek18/ZeroAuth` | [adr/0003-adopt-playwright-for-e2e.md](https://github.com/pulkitpareek18/ZeroAuth/blob/main/adr/0003-adopt-playwright-for-e2e.md) | 2026-05-12 |
-| 0004 | Governance lives in a separate repo (B06 — split from API repo) | Accepted | `pulkitpareek18/ZeroAuth` | [adr/0004-governance-in-separate-repo.md](https://github.com/pulkitpareek18/ZeroAuth/blob/main/adr/0004-governance-in-separate-repo.md) | 2026-05-13 |
+| 0001 | CLAUDE.md as the project constitution + prompt-suite engineering discipline | Accepted | `zeroauth-dev/ZeroAuth` | [adr/0001-prompt-suite-engineering-discipline.md](https://github.com/zeroauth-dev/ZeroAuth/blob/main/adr/0001-prompt-suite-engineering-discipline.md) | 2026-05-12 |
+| 0002 | Dashboard stack — Vite, not Next.js | Accepted | `zeroauth-dev/ZeroAuth` | [adr/0002-dashboard-stack-vite-not-nextjs.md](https://github.com/zeroauth-dev/ZeroAuth/blob/main/adr/0002-dashboard-stack-vite-not-nextjs.md) | 2026-05-12 |
+| 0003 | Adopt Playwright for dashboard E2E | Accepted | `zeroauth-dev/ZeroAuth` | [adr/0003-adopt-playwright-for-e2e.md](https://github.com/zeroauth-dev/ZeroAuth/blob/main/adr/0003-adopt-playwright-for-e2e.md) | 2026-05-12 |
+| 0004 | Governance lives in a separate repo (B06 — split from API repo) | Accepted | `zeroauth-dev/ZeroAuth` | [adr/0004-governance-in-separate-repo.md](https://github.com/zeroauth-dev/ZeroAuth/blob/main/adr/0004-governance-in-separate-repo.md) | 2026-05-13 |
 
 ## Status legend
 

docs/compliance/irdai-mapping.md

@@ -20,7 +20,7 @@ IRDAI's outsourcing framework requires the insurer (the tenant) to ensure their
 | Incident response | Documented runbook, drilled, regulator notification within 6 hours of confirmation | See [`../shared/incident-response.md`](../shared/incident-response.md). | **Implemented — drill pending** |
 | Business continuity | Backup, recovery, DR plan | Postgres + Redis in Docker; daily backups to (TODO: off-host destination). DR: rebuild from CI artifacts + DB restore. RTO 4h, RPO 24h. | **Partial — off-host backup pending** |
 | Third-party risk management | Vendor due diligence on every dep | DP6 (every dep is an ADR) enforced via `dep-add` skill. `scripts/check-dep-trail.sh` audits the lockfile against `/adr/`. | **Implemented** |
-| Vulnerability management | Periodic scanning, timely patching | Dependabot enabled on `pulkitpareek18/ZeroAuth`. DW03 (weekly dep drift watcher) planned. | **Partial — DW03 pending** |
+| Vulnerability management | Periodic scanning, timely patching | Dependabot enabled on `zeroauth-dev/ZeroAuth`. DW03 (weekly dep drift watcher) planned. | **Partial — DW03 pending** |
 | Cyber drill | Periodic | Drill cadence in breach-notification.md §9 (semi-annual). First drill: 2026-08. | **Pending — first drill 2026-08** |
 | Vendor exit clause | Customer data returnable on contract end | Tenant can `GET /v1/audit?export=full` at any time. Account closure procedure: TODO. | **Partial** |
 

docs/shared/coding-standards.md

@@ -22,7 +22,7 @@ This file is the shared style baseline. Per-repo `CLAUDE.md` files may extend, n
 ## §3. Error handling
 
 - API handlers return `{ error: '<machine_code>', message: '<human readable>' }` with appropriate HTTP status.
-- The machine codes are enumerated in [`pulkitpareek18/ZeroAuth: docs/error_codes.md`](https://github.com/pulkitpareek18/ZeroAuth/blob/main/docs/error_codes.md). New error codes get added there before being thrown.
+- The machine codes are enumerated in [`zeroauth-dev/ZeroAuth: docs/error_codes.md`](https://github.com/zeroauth-dev/ZeroAuth/blob/main/docs/error_codes.md). New error codes get added there before being thrown.
 - Stack traces never leak to API responses. Winston JSON log captures them server-side only.
 - Never swallow errors silently. `catch (e) { /* nothing */ }` is a CI failure (lint rule).
 
@@ -66,7 +66,7 @@ This file is the shared style baseline. Per-repo `CLAUDE.md` files may extend, n
 
 ## §10. Dependencies
 
-Adding any direct dependency requires an ADR. Use the `dep-add` skill ([`pulkitpareek18/ZeroAuth: .claude/skills/dep-add/SKILL.md`](https://github.com/pulkitpareek18/ZeroAuth/blob/main/.claude/skills/dep-add/SKILL.md)). No exceptions.
+Adding any direct dependency requires an ADR. Use the `dep-add` skill ([`zeroauth-dev/ZeroAuth: .claude/skills/dep-add/SKILL.md`](https://github.com/zeroauth-dev/ZeroAuth/blob/main/.claude/skills/dep-add/SKILL.md)). No exceptions.
 
 ## §11. What we DO NOT do
 

docs/shared/incident-response.md

@@ -1,7 +1,7 @@
 # ZeroAuth Incident Response Runbook
 
 > **Last reviewed by:** Pulkit Pareek (technical), Amit Dua (governance) on 2026-05-13
-> **Status:** v1 — runbook is operational but **PROVISIONAL** at steps 6 (customer notification), 7 (regulator notification), 8 (postmortem disclosure) until external DPO counsel is engaged. Engagement target: before first pilot SOW signing (~2026-07-01). See ADR-0005 (open) in `pulkitpareek18/ZeroAuth`.
+> **Status:** v1 — runbook is operational but **PROVISIONAL** at steps 6 (customer notification), 7 (regulator notification), 8 (postmortem disclosure) until external DPO counsel is engaged. Engagement target: before first pilot SOW signing (~2026-07-01). See ADR-0005 (open) in `zeroauth-dev/ZeroAuth`.
 >
 > **Operating without counsel for an actual SEV-1 today is feasible but risky.** Specifically: no attorney-client privilege on the incident channel, no specialist who has run a DPBI submission before, no relationship to call at 2am. The founders accept this risk during the interim and treat counsel engagement as a hard blocker on first pilot SOW.
 

docs/shared/naming-conventions.md

@@ -7,13 +7,13 @@
 
 | Service | Repo name | Internal name | Hostname |
 |---|---|---|---|
-| Central API | `pulkitpareek18/ZeroAuth` | `zeroauth-api` | `api.zeroauth.dev` (planned; today: `zeroauth.dev/v1/*`) |
-| Verifier | `pulkitpareek18/ZeroAuth-Verifier` (planned) | `zeroauth-verifier` | internal-only, behind API |
-| IoT firmware | `pulkitpareek18/ZeroAuth-IoT` (planned) | `zeroauth-iot` | (runs on Orange Pi devices) |
-| Mobile SDK | `pulkitpareek18/ZeroAuth-Mobile-SDK` (planned) | `zeroauth-sdk` | n/a (library) |
-| Dashboard | currently inside `pulkitpareek18/ZeroAuth: dashboard/` | `zeroauth-dashboard` | `zeroauth.dev/dashboard/` |
-| Docs site | inside `pulkitpareek18/ZeroAuth: website/` | `zeroauth-docs` | `zeroauth.dev/docs/` |
-| Governance | `pulkitpareek18/ZeroAuth-Governance` *(this repo)* | `zeroauth-governance` | n/a (docs only) |
+| Central API | `zeroauth-dev/ZeroAuth` | `zeroauth-api` | `api.zeroauth.dev` (planned; today: `zeroauth.dev/v1/*`) |
+| Verifier | `zeroauth-dev/ZeroAuth-Verifier` (planned) | `zeroauth-verifier` | internal-only, behind API |
+| IoT firmware | `zeroauth-dev/ZeroAuth-IoT` (planned) | `zeroauth-iot` | (runs on Orange Pi devices) |
+| Mobile SDK | `zeroauth-dev/ZeroAuth-Mobile-SDK` (planned) | `zeroauth-sdk` | n/a (library) |
+| Dashboard | currently inside `zeroauth-dev/ZeroAuth: dashboard/` | `zeroauth-dashboard` | `zeroauth.dev/dashboard/` |
+| Docs site | inside `zeroauth-dev/ZeroAuth: website/` | `zeroauth-docs` | `zeroauth.dev/docs/` |
+| Governance | `zeroauth-dev/ZeroAuth-Governance` *(this repo)* | `zeroauth-governance` | n/a (docs only) |
 
 ## Environment variables
 

docs/shared/security-policy.md

@@ -1,13 +1,13 @@
 # ZeroAuth Shared Security Policy
 
 > **Last reviewed by:** Pulkit Pareek (technical), Amit Dua (governance) on 2026-05-13
-> **Status:** v1 — initial draft. Sections §3 (cryptographic primitives) breach windows, §5 (data residency), §6 (audit logging), and §7 (vulnerability disclosure) are marked **PROVISIONAL** pending external DPO counsel engagement (see ADR-0005 in `pulkitpareek18/ZeroAuth` — engagement target before first pilot SOW signing, ~2026-07-01). Until counsel is engaged, the DPO function is filled jointly by Pulkit + Amit; risks of operating without privileged communications are accepted by the founders.
+> **Status:** v1 — initial draft. Sections §3 (cryptographic primitives) breach windows, §5 (data residency), §6 (audit logging), and §7 (vulnerability disclosure) are marked **PROVISIONAL** pending external DPO counsel engagement (see ADR-0005 in `zeroauth-dev/ZeroAuth` — engagement target before first pilot SOW signing, ~2026-07-01). Until counsel is engaged, the DPO function is filled jointly by Pulkit + Amit; risks of operating without privileged communications are accepted by the founders.
 
 This is the security policy every ZeroAuth repo agrees to. Every product repo's `CLAUDE.md` MUST link to this file. When a product repo's local policy contradicts this file, this file wins; the product repo updates.
 
 ## §1. Scope
 
-This policy applies to every ZeroAuth artifact: the central API (`pulkitpareek18/ZeroAuth`), the verifier service (planned), the IoT terminal firmware (planned), the mobile SDK (planned), the dashboard (currently in API repo), the Solidity contracts (`contracts/`), the Circom circuit (`circuits/`), and the docs site.
+This policy applies to every ZeroAuth artifact: the central API (`zeroauth-dev/ZeroAuth`), the verifier service (planned), the IoT terminal firmware (planned), the mobile SDK (planned), the dashboard (currently in API repo), the Solidity contracts (`contracts/`), the Circom circuit (`circuits/`), and the docs site.
 
 It does NOT apply to:
 
@@ -34,7 +34,7 @@ It does NOT apply to:
 
 ## §4. Tenant isolation
 
-1. Every query that returns customer data MUST be scoped by `(tenant_id, environment)` in the WHERE clause. Enforced in middleware (`src/middleware/tenant-auth.ts` in `pulkitpareek18/ZeroAuth`), not in handlers.
+1. Every query that returns customer data MUST be scoped by `(tenant_id, environment)` in the WHERE clause. Enforced in middleware (`src/middleware/tenant-auth.ts` in `zeroauth-dev/ZeroAuth`), not in handlers.
 2. No admin endpoint reveals data from more than one tenant in a single response.
 3. Cross-tenant access requires explicit ADR + customer consent on file + 30-day audit-log review.
 
@@ -57,7 +57,7 @@ Reports go to `security@zeroauth.dev`. Response within 72 hours. Coordinated dis
 
 ## §8. Dependencies
 
-Every new dependency is an ADR. Process is in [`pulkitpareek18/ZeroAuth: .claude/skills/dep-add/SKILL.md`](https://github.com/pulkitpareek18/ZeroAuth/blob/main/.claude/skills/dep-add/SKILL.md). No exceptions; the supply-chain risk is too high.
+Every new dependency is an ADR. Process is in [`zeroauth-dev/ZeroAuth: .claude/skills/dep-add/SKILL.md`](https://github.com/zeroauth-dev/ZeroAuth/blob/main/.claude/skills/dep-add/SKILL.md). No exceptions; the supply-chain risk is too high.
 
 ## §9. Network ingress
 
@@ -68,8 +68,8 @@ Every new dependency is an ADR. Process is in [`pulkitpareek18/ZeroAuth: .claude
 ## §10. Code review
 
 1. Every PR runs `lint + typecheck + test` in CI.
-2. PRs touching auth, crypto, audit, tenant boundaries, key handling, or network ingress MUST run the [`security-reviewer` subagent](https://github.com/pulkitpareek18/ZeroAuth/blob/main/.claude/agents/security-reviewer.md). Don't ask — just invoke.
-3. PRs touching `circuits/`, `contracts/`, `src/services/zkp.ts`, `src/services/identity.ts`, or anywhere a hash/commitment scheme is introduced MUST run the [`cryptographer-reviewer` subagent](https://github.com/pulkitpareek18/ZeroAuth/blob/main/.claude/agents/cryptographer-reviewer.md).
+2. PRs touching auth, crypto, audit, tenant boundaries, key handling, or network ingress MUST run the [`security-reviewer` subagent](https://github.com/zeroauth-dev/ZeroAuth/blob/main/.claude/agents/security-reviewer.md). Don't ask — just invoke.
+3. PRs touching `circuits/`, `contracts/`, `src/services/zkp.ts`, `src/services/identity.ts`, or anywhere a hash/commitment scheme is introduced MUST run the [`cryptographer-reviewer` subagent](https://github.com/zeroauth-dev/ZeroAuth/blob/main/.claude/agents/cryptographer-reviewer.md).
 
 ## §11. Language we forbid in writing
 

docs/threat-model/api.md

@@ -1,4 +1,4 @@
-# Threat model — API component (`pulkitpareek18/ZeroAuth`)
+# Threat model — API component (`zeroauth-dev/ZeroAuth`)
 
 > Extends [`canonical.md`](canonical.md). When this file and the canonical disagree, the canonical wins; update this file.
 > **Last reviewed by:** Pulkit Pareek on 2026-05-13
@@ -7,7 +7,7 @@ Most attacks in the canonical apply primarily to this component (the API is the
 
 ## A-01 — Cross-tenant data read
 
-**Mitigation in this repo:** `src/middleware/tenant-auth.ts` resolves the tenant from the API key on every request and sets `(req as any).tenantContext = { tenantId, environment }`. Every service-layer function in `src/services/platform.ts` takes those as parameters and embeds them in the SQL WHERE. Express middleware augmentation is planned (see [`pulkitpareek18/ZeroAuth: CLAUDE.md`](https://github.com/pulkitpareek18/ZeroAuth/blob/main/CLAUDE.md) — "until we ship Express module augmentation").
+**Mitigation in this repo:** `src/middleware/tenant-auth.ts` resolves the tenant from the API key on every request and sets `(req as any).tenantContext = { tenantId, environment }`. Every service-layer function in `src/services/platform.ts` takes those as parameters and embeds them in the SQL WHERE. Express middleware augmentation is planned (see [`zeroauth-dev/ZeroAuth: CLAUDE.md`](https://github.com/zeroauth-dev/ZeroAuth/blob/main/CLAUDE.md) — "until we ship Express module augmentation").
 
 **Test coverage:** `tests/central-api.test.ts` exercises the scoping at the router layer.