diff --git a/NEXT_SESSION_STARTUP_2025-10-15_PRIVACY.md b/NEXT_SESSION_STARTUP_2025-10-15_PRIVACY.md
new file mode 100644
index 00000000..8c3eeb7d
--- /dev/null
+++ b/NEXT_SESSION_STARTUP_2025-10-15_PRIVACY.md
@@ -0,0 +1,195 @@
+# Optimal Session Startup: Privacy Analytics Implementation
+
+**Date Created:** 2025-10-15
+**Session Purpose:** Implement privacy-preserving analytics (Priority 1 - CRITICAL VALUES)
+**Previous Session:** SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md
+**Estimated Duration:** 1-2 days
+
+---
+
+## π RECOMMENDED STARTUP COMMAND
+
+```bash
+node scripts/session-init.js
+```
+
+**Then immediately review these files:**
+1. `SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md` (this session's accomplishments)
+2. `SESSION_HANDOFF_2025-10-14_ROADMAP_COPYRIGHT.md` (previous context)
+3. `docs/plans/integrated-implementation-roadmap-2025.md` (46% complete roadmap)
+
+---
+
+## π SESSION CONTEXT
+
+**Previous Session Accomplishments:**
+- β Fixed PWA install button (now shows helpful feedback + CSP compliant)
+- β Verified transparency dashboards (both working)
+- β Complete GitHub repository setup:
+ - CODE_OF_CONDUCT.md (Contributor Covenant v2.1)
+ - Issue templates (bug, feature, docs)
+ - GitHub Actions CI workflow (lint + test)
+
+**Git Status:**
+- 7 commits ahead of origin/main
+- New handoff document untracked: `SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md`
+- All other changes committed
+
+**Session Pressure Warning:**
+- Previous session ended at HIGH pressure (56.4%)
+- Fresh session recommended for optimal focus
+
+---
+
+## π― THIS SESSION'S PRIORITY
+
+### Priority 1: Privacy-Preserving Analytics Implementation
+
+**WHY CRITICAL:** Cannot do public launch without values alignment on privacy (Te Tiriti, CARE Principles)
+
+**TASKS:**
+
+1. **Research & Select Solution** (2-3 hours)
+ - Recommended: Plausible Analytics
+ - GDPR compliant by default
+ - No cookies
+ - Country-level geolocation only
+ - Open source
+ - Self-hosted or cloud options
+ - Alternatives to consider:
+ - Fathom Analytics
+ - Simple Analytics
+ - Umami (self-hosted)
+ - Decision criteria:
+ - β No cookies required
+ - β No personal data collection
+ - β Country-level geolocation only (not city/IP)
+ - β GDPR/CCPA compliant by default
+ - β Open source preferred
+ - β Easy integration (<1 day)
+ - β Reasonable cost (or self-hostable)
+
+2. **Install & Configure** (3-4 hours)
+ - Self-hosted vs cloud decision
+ - If self-hosted:
+ - Deploy on existing VPS (vps-93a693da.vps.ovh.net)
+ - Set up systemd service
+ - Configure nginx reverse proxy
+ - If cloud:
+ - Sign up for service
+ - Configure domain
+ - Get tracking script
+ - Integration:
+ - Add script tag to website
+ - Test tracking
+ - Verify no cookies set
+
+3. **Transparency Implementation** (2-3 hours)
+ - Add privacy policy section to footer
+ - Link to analytics dashboard (if public)
+ - Explain what we collect and why
+ - Document in `/privacy.html` or `/about.html`
+ - Make dashboard public if possible (values alignment)
+
+4. **Testing & Verification** (1-2 hours)
+ - Confirm no cookies set (browser dev tools)
+ - Verify data collection scope (check dashboard)
+ - Test on multiple browsers
+ - Check performance impact (<100ms)
+ - Verify GDPR compliance
+
+5. **Deployment** (1 hour)
+ - Deploy to production
+ - Test on live site
+ - Monitor for errors
+ - Update session handoff
+
+**ESTIMATED TOTAL TIME:** 1-2 days (9-14 hours)
+
+---
+
+## π FRAMEWORK REMINDERS
+
+**Before starting work:**
+
+1. β Run `node scripts/session-init.js` (already done at startup)
+2. β Run pressure check at 50k, 100k, 150k tokens
+3. β Use BoundaryEnforcer for values decisions:
+ - Privacy analytics selection IS a values decision
+ - User must approve final choice
+4. β Use CrossReferenceValidator before major changes
+5. β Use InstructionPersistenceClassifier for new directives
+
+**Values Decision Points:**
+- Analytics provider selection (user approval required)
+- What data to collect (user approval required)
+- Dashboard visibility (public vs private - user approval required)
+
+---
+
+## π KEY FILES & LOCATIONS
+
+**Configuration:**
+- MongoDB: Port 27017, database `tractatus_dev`
+- Application: Node.js/Express, port 9000
+- Production: vps-93a693da.vps.ovh.net (Ubuntu, systemd)
+
+**Documentation:**
+- Roadmap: `docs/plans/integrated-implementation-roadmap-2025.md`
+- Privacy page: `/public/privacy.html` (may need creation)
+- Footer template: `/public/js/components/footer.js`
+
+**Handoff Documents:**
+- This session: `SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md`
+- Previous: `SESSION_HANDOFF_2025-10-14_ROADMAP_COPYRIGHT.md`
+
+---
+
+## π¨ KNOWN CONSTRAINTS
+
+**Values Alignment:**
+- Te Tiriti o Waitangi commitment (MΔori data sovereignty)
+- CARE Principles (Collective benefit, Authority to control, Responsibility, Ethics)
+- No tracking of individuals without explicit consent
+- Transparency by default
+
+**Technical Constraints:**
+- Must work with existing tech stack (vanilla JS, Tailwind)
+- No breaking changes to existing functionality
+- Performance budget: <100ms overhead
+- CSP compliant (no inline scripts - inst_008)
+
+---
+
+## π SUCCESS CRITERIA
+
+This task is complete when:
+
+1. β Privacy-first analytics solution selected and approved by user
+2. β Analytics installed and operational (collecting data)
+3. β No cookies set (verified in browser)
+4. β Transparency statement added to website
+5. β Dashboard accessible (public or private as approved)
+6. β Performance impact verified (<100ms)
+7. β Deployed to production
+8. β Documented in session handoff
+
+---
+
+## π NEXT PRIORITIES (After This)
+
+**Priority 2:** Draft video walkthrough script (5-10 min)
+- Problem β Solution β Demos β Value proposition
+- For researchers needing quick overview
+
+**Priority 3:** Soft research outreach
+- After video and QA complete
+- Personalized emails to research organizations
+
+---
+
+**READY TO START!**
+
+Run the initialization command above, review handoff documents, then begin with analytics research.
+
+Good luck! π
diff --git a/SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md b/SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md
new file mode 100644
index 00000000..71af7bdb
--- /dev/null
+++ b/SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md
@@ -0,0 +1,317 @@
+# Session Handoff: GitHub Community Infrastructure + PWA Fixes
+
+**Date:** 2025-10-15
+**Session Type:** Bug fixes + Infrastructure + Planning
+**Duration:** ~2 hours
+**Framework Status:** All 6 services operational
+**Session Pressure:** HIGH (56.4% at closedown - recommend fresh session for next tasks)
+
+---
+
+## Session Summary
+
+This session accomplished two major objectives:
+1. β **Fixed non-responsive PWA install button** + eliminated CSP violations
+2. β **Complete GitHub repository setup** for project maturity signaling
+3. β **Verified transparency dashboards** (both working correctly)
+
+---
+
+## Major Accomplishments
+
+### 1. PWA Install Button UX Improvements β
+
+**Problem Investigated:**
+- User reported "create App to be placed on desktop/mobile" popup not responding when clicked
+- Root cause: `installApp()` function in `version-manager.js` silently failed when browser's `beforeinstallprompt` event hadn't fired
+
+**Solution Deployed (commit c5c3ae1):**
+- β Added `showInstallUnavailableMessage()` function with helpful user feedback
+- β Shows contextual messages:
+ - "Already Installed" if app is already installed
+ - "Browser Not Supported" with browser recommendations if prompt unavailable
+- β Auto-dismisses after 8 seconds
+- β **BONUS:** Fixed ALL CSP violations - removed 5 inline event handlers (`onclick=`)
+- β All buttons now use `addEventListener` (fully CSP compliant)
+
+**Files Changed:**
+- `public/js/version-manager.js` (+110 lines)
+
+**Deployed to Production:**
+- β Verified on https://agenticgovernance.digital (0 inline handlers remaining)
+
+---
+
+### 2. Transparency Dashboards Verification β
+
+**Status Check Results:**
+
+**Koha Transparency Dashboard** (`/koha/transparency.html`)
+- β API endpoint working: `/api/koha/transparency`
+- β Shows: $0 total received, 0 monthly supporters
+- β Chart.js visualizations rendering correctly
+- β Allocation breakdown (40% dev, 30% hosting, 20% research, 10% community)
+
+**Media Triage Transparency** (`/media-triage-transparency.html`)
+- β API endpoint working: `/api/media/triage-stats`
+- β Shows: 1 inquiry triaged, 100% human review, 0% auto-responses
+- β Urgency/sensitivity distributions functional
+- β BoundaryEnforcer metrics displayed
+
+**Conclusion:** Both dashboards fully operational - no action needed.
+
+---
+
+### 3. GitHub Community Infrastructure (Complete) β
+
+**Commit:** 7050c8d
+**Purpose:** Signal project maturity to researchers and potential contributors
+
+**Files Created:**
+
+**CODE_OF_CONDUCT.md** (48 lines)
+- Contributor Covenant v2.1 (industry standard)
+- Contact: `conduct@agenticgovernance.digital`
+- Downloaded from official source, customized for Tractatus
+- Standard enforcement guidelines (correction β warning β temp ban β perm ban)
+
+**Issue Templates** (`.github/ISSUE_TEMPLATE/`)
+1. **config.yml** - Disables blank issues, links to Discussions/Docs/Media
+2. **bug_report.yml** - Tractatus-specific:
+ - Dropdown for 6 framework components + website
+ - Environment details (OS, browser, Node.js version)
+ - Log output section (auto-formatted shell)
+3. **feature_request.yml** - Includes **Values Impact Assessment**:
+ - Critical for Tractatus governance model
+ - "Does this involve values decisions?" (Yes/No/Unsure)
+ - Use case description required
+4. **documentation.yml** - Documentation improvement tracking:
+ - Type: Technical/API/Tutorial/Conceptual/Case Study
+ - Issue type: Missing/Unclear/Incorrect/Outdated/Typo/Broken link
+ - Page/section reference
+
+**GitHub Actions CI Workflow** (`.github/workflows/ci.yml`)
+- **Triggers:** Push/PR to main/develop branches
+- **Jobs:**
+ 1. **Lint:** ESLint (zero warnings policy)
+ 2. **Test:** Jest on Node 18.x + 20.x (matrix)
+ - Codecov integration for coverage tracking
+ - Uploads coverage only on Node 20.x
+ 3. (Future: Framework integrity checks, security audit)
+
+**Total:** 6 files, 329 lines added
+
+---
+
+## Git Commits This Session
+
+```
+372e9d6 - docs: add session handoff from 2025-10-14 (roadmap + copyright fixes)
+7050c8d - feat: add GitHub community infrastructure for project maturity
+c5c3ae1 - fix: PWA install button UX improvements and CSP compliance
+```
+
+**Branch Status:** 7 commits ahead of origin/main (includes commits from previous session)
+
+---
+
+## Session Pressure Analysis
+
+**Final Pressure:** HIGH (56.4%)
+
+**Breakdown:**
+- Token Usage: 51.7% (105,499/200,000)
+- Conversation: 100% (message 46)
+- Task Complexity: 6.0%
+- Error Frequency: 0.0%
+
+**Recommendation:** π **SUGGEST_CONTEXT_REFRESH**
+- Very long conversation - attention may degrade
+- Next session should start fresh for optimal focus on Priority 1 (privacy analytics)
+
+**Errors Encountered:**
+- API Error 400: Content filter blocked Code of Conduct text generation
+- API Error 500: Overloaded (Anthropic servers temporarily overloaded)
+- Workaround: Downloaded Contributor Covenant directly via `curl` instead
+
+---
+
+## Next Session Priorities (Ordered)
+
+### Priority 1: Privacy-Preserving Analytics Implementation (1-2 days) - CRITICAL VALUES
+
+**Why Critical:** Cannot do public launch without values alignment on privacy
+
+**Tasks:**
+1. Research/select privacy-first analytics solution
+ - **Recommended:** Plausible Analytics (GDPR compliant, no cookies, open source)
+ - Alternatives: Fathom, Simple Analytics, Umami
+ - Requirements:
+ - No cookies
+ - No personal data collection
+ - Country-level geolocation only (not city/IP)
+ - GDPR/CCPA compliant by default
+ - Open source preferred
+2. Install and configure chosen solution
+ - Self-hosted vs cloud decision
+ - Integration with website (script tag)
+3. Add transparency statement to website footer
+ - Link to privacy policy
+ - Explain what we collect and why
+ - Link to analytics dashboard (if public)
+4. Test and verify
+ - Confirm no cookies set
+ - Verify data collection scope
+ - Check performance impact
+
+**Estimated Time:** 1-2 days
+**Blockers:** None
+**Prerequisites:** None (can start immediately)
+
+---
+
+### Priority 2: Video Walkthrough Script (1 day)
+
+**Purpose:** Researchers need quick visual overview before deep engagement
+
+**Tasks:**
+1. Draft 5-10 minute script covering:
+ - **Problem** (60-90s): Current AI governance failures, pattern bias
+ - **Solution** (90-120s): Tractatus structural constraints overview
+ - **Demos** (180-240s): 27027 incident, BoundaryEnforcer, transparency dashboards
+ - **Value Proposition** (60-90s): Why researchers should care, collaboration opportunities
+2. Review script for:
+ - Measured tone (match leader.html positioning)
+ - Technical accuracy
+ - Clarity for multiple audiences
+ - Call to action
+3. Plan visuals/screen recordings needed
+
+**Estimated Time:** 1 day (script only, not production)
+**Blockers:** None
+**Prerequisites:** None
+
+---
+
+### Priority 3: Soft Research Outreach (After video + QA)
+
+**Not Yet Started** - depends on video completion and final QA testing
+
+**Tasks:**
+- Personalized emails to 5+ research organizations
+- Target: Center for AI Safety, AI Accountability Lab, Wharton, etc.
+- Include: demos, docs, video, deployment guide links
+
+---
+
+## Key Files & Locations
+
+**New This Session:**
+- `CODE_OF_CONDUCT.md` - Contributor Covenant v2.1
+- `.github/ISSUE_TEMPLATE/` - 4 templates (bug, feature, docs, config)
+- `.github/workflows/ci.yml` - Automated testing and linting
+- `public/js/version-manager.js` - PWA fixes (CSP compliant)
+
+**Handoff Documents:**
+- This file: `SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md`
+- Previous: `SESSION_HANDOFF_2025-10-14_ROADMAP_COPYRIGHT.md`
+
+**Production:**
+- Website: https://agenticgovernance.digital (PWA fixes deployed)
+- GitHub: https://github.com/AgenticGovernance/tractatus-framework
+- Server: vps-93a693da.vps.ovh.net (all services operational)
+
+---
+
+## Technical Status
+
+**Production Environment:**
+- β Website live and operational
+- β All 6 framework services running
+- β PWA install button fixed
+- β Transparency dashboards working
+- β GitHub community infrastructure in place
+
+**Framework Services:**
+- All 6 governance services operational
+- Test coverage: 223/223 tests passing
+- Performance overhead: <10ms
+- Context pressure monitoring: Active
+
+**GitHub Repository:**
+- β CODE_OF_CONDUCT.md
+- β Issue templates (bug, feature, docs)
+- β CI/CD workflow (lint + test)
+- β CONTRIBUTING.md (not yet created - optional)
+- β Pull request template (not yet created - optional)
+
+---
+
+## Known Issues & Blockers
+
+**None Critical** - System fully operational
+
+**Planning Notes:**
+1. Privacy analytics decision needed (Plausible vs alternatives)
+2. Video script requires clear narrative structure
+3. Research outreach timing depends on QA completion
+4. Te Reo MΔori consultation ongoing (separate track)
+
+---
+
+## Framework Pressure Status
+
+π **Context Pressure: HIGH (56.4%)** (last check: 105,499/200,000 tokens)
+
+- Token Usage: 51.7%
+- Conversation Length: 100.0% (message 46)
+- Task Complexity: 6.0%
+- Error Frequency: 0.0%
+- Recommendation: π Refresh context - start new session
+- Next Checkpoint: N/A (session ending)
+
+**Action Taken:** Clean session closedown, handoff document created
+
+---
+
+## Optimal Next Session Startup
+
+**RECOMMENDED STARTUP COMMAND:**
+```bash
+node scripts/session-init.js
+```
+
+This will:
+1. Initialize session state and framework
+2. Load instruction history (37 active instructions)
+3. Run baseline pressure check
+4. Verify all 6 framework components
+5. Report status
+
+**Then review:**
+- This handoff document: `SESSION_HANDOFF_2025-10-15_GITHUB_PWA.md`
+- Previous context: `SESSION_HANDOFF_2025-10-14_ROADMAP_COPYRIGHT.md`
+- `docs/plans/integrated-implementation-roadmap-2025.md` (46% complete)
+
+**Priority for next session:** Privacy-preserving analytics implementation (Task 2 from roadmap)
+
+---
+
+**Session End Time:** 2025-10-15 ~17:00 UTC
+**Next Session:** Start fresh with Priority 1 (privacy analytics)
+**Framework Status:** β All systems operational
+**Git Status:** β All changes committed (3 commits this session)
+**Background Processes:** β Stopped cleanly
+**Session Pressure:** π HIGH - recommend fresh start
+
+---
+
+**Document Control:**
+- Created: 2025-10-15
+- Session Type: Bug fixes + Infrastructure
+- Major Tasks: 3 (PWA fixes, transparency check, GitHub setup)
+- Git Commits: 3
+- Files Created: 7
+- Lines Added: ~439
+- Production Deployments: 1 (version-manager.js)
+- Status: β COMPLETE - Ready for fresh session
diff --git a/public/researcher.html b/public/researcher.html
index 4ca48850..f6d7e874 100644
--- a/public/researcher.html
+++ b/public/researcher.html
@@ -68,7 +68,7 @@
Development Context
- Tractatus was developed over six months (AprilβOctober 2025) in single-project context (this website). Observations derive from direct engagement with Claude Code (Anthropic's Sonnet 4.5 model) across approximately 500 development sessions. This is exploratory research, not controlled study.
+ Tractatus was developed over six months (AprilβOctober 2025) in progressive stages that evolved into a live demonstration of its capabilities in the form of a single-project context (https://agenticgovernance.digital). Observations derive from direct engagement with Claude Code (Anthropic's Sonnet 4.5 model) across approximately 500 development sessions. This is exploratory research, not controlled study.
@@ -120,11 +120,17 @@
Governance embedded in culture or process erodes over time as systems evolve. Architectural constraints create structural inertia that resists organisational drift. Making governance external to AI runtime creates "accountability infrastructure" that survives individual session variations.
-
@@ -162,11 +168,17 @@
This approach recognises that governance isn't solving values conflictsβit's ensuring they're addressed through appropriate deliberative process rather than AI imposing resolution.
Architectural principle: Services operate external to AI runtime with autonomous triggering. AI doesn't decide "should I check governance rules?"βarchitecture enforces checking by default. This addresses voluntary compliance problem inherent in prompt-based governance.