This log records completed maintenance and review activity across the Zer0 Billionaires site. It is the evidence layer for the standards described on the Governance & Methodology page. Entries are added after each review cycle or material change. The log is append-only — entries are not edited or removed.
GL-010 — 2026-05-30 — Operational
Scope: Ghost CMS security update. Critical security advisory received from Ghost (TryGhost) covering multiple vulnerabilities in versions prior to 6.37.0.
Reviewer: Site operator
Findings: Ghost installation was running version 6.32.0. Multiple critical and high-severity advisories had been published in 2026: cache-poisoning XSS in frontend via x-ghost-preview header (GHSA-62q6-4hv4-vjrw, May 2026), SQL injection in Content API (GHSA-w52v-v783-gw97, Feb 2026), remote code execution via malicious themes (GHSA-cgc2-rcrh-qr5x, Mar 2026), incomplete CSRF protections (GHSA-9m84-wc28-w895, Mar 2026), XSS via portal preview links (GHSA-gv6q-2m97-882h, Jan 2026), staff token permission bypass (GHSA-9xg7-mwmp-xmjx, Jan 2026), and staff 2FA bypass (GHSA-5fp7-g646-ccf4, Jan 2026). The SQL injection in Content API was accessible to unauthenticated users.
Actions taken: Full database backup taken (ghostprod-backup-2026-05-30.sql.gz). All 10 published page HTML cards backed up to OneDrive. Ghost CLI updated from 1.29.2 to 1.29.3. Ghost updated from 6.32.0 to 6.43.1 via ghost update, patching all known advisories. File ownership corrected on metrics.json and zb-data.js (required by update pre-flight). Passwordless sudo rule added for deploy user on Ghost service commands (systemctl start/stop/restart/is-active). Site verified operational post-update.
Open items: Ghost admin password reset recommended. Credential rotation to be completed by site operator.
GL-009 — 2026-05-28 — Editorial
Scope: Release readiness standard adopted for public launch (target window July 2026).
Reviewer: Site operator
Findings: No formal release readiness standard existed. Review practices and claim labelling were established through the governance log and methodology page, but no committed bar defined what “launch-ready” means at claim, page, or project level.
Actions taken: Three-layer release readiness standard committed:
Zer0 Billionaires does not require every comparison to be beyond criticism. It requires every claim to be (a) sourced to a stated, accessible source of stated quality; (b) method-stated, with derivations shown or linked; (c) status-labelled as SOURCED, DERIVED, ESTIMATED, ILLUSTRATIVE, PROJECTED, or LIVE; (d) honest about uncertainty in a form the reader can see without leaving the page; and (e) proportionate to the evidence supporting it.
A page is release-ready when every claim meets the above, the page as a whole says something the underlying claims support, and any artefact extracted from the page (share card, screenshot, embed) remains fair when read alone.
The project is release-ready when every page meets that bar, every named-individual claim has cleared a higher evidentiary and legal threshold, sources and methodology are public and versioned, corrections are visible and timely, and the site meets accessibility standards appropriate to a civic publication.
Failure protocol: (1) fix it; (2) label and keep, only if the labelled version is still honest; (3) defer it from the launch version. When uncertain, the default is defer, not ship.
Detailed claim-level, page-level, and project-level checklists derived from this standard. Page registers defined: PIW (dramatic), Guardians (documentary), Do the Math (editorial-technical), So What? (advocacy), About (mission statement), Sources and Methods (reference), API Data (reference), Governance and Methodology (standards and accountability), Governance Log (accountability and development).
Open items: Claim-status taxonomy with visual treatment rules per label. Page-level review passes (weeks 2/3). Legal review for named-individual claims (contact pending). Corrections mechanism (not yet built). Accessibility audit (week 5).
GL-008 — 2026-05-25 — DATA-SYSTEM
Scope: Waste events governance pass. Evidence coverage, claim registry, and inspector alignment.
Reviewer: Site operator
Findings: Six active waste entries (twitter, bezos_venice, brin_dragonfly, zuckerberg_yacht, jet_co2, iran_war) lacked CLM entries in the claim registry and evidence objects in the PIW card. The waste event inspector incorrectly listed mar_a_lago, trump_golf, and ice_flights as draft; all three are active on the live site. The iran_war live counter carried no visible uncertainty signal despite being an analogical projection rather than a reported expenditure.
Actions taken: CLM-032 through CLM-037 added to claim-registry.json with corresponding SRC-020 through SRC-025 source entries. Evidence objects added to all six entries in the PIW card. ESTIMATE pill introduced as a new UI treatment for iran_war, rendering alongside the existing DERIVED label to signal analogical projection. Inspector status corrected for mar_a_lago, trump_golf, and ice_flights (draft to active). CLM-032 through CLM-037 deployed to Sources and Methods page, appended after CLM-019.
Open items: Sources and Methods page is missing CLM-020 through CLM-031 (entries exist in claim registry but were never deployed to the page). Backlog item logged. Six influence and policy entries (leonard_leo, mellon_election, thiel_gawker, amazon_subsidies, tesla_subsidies, alphabet_subsidies) remain as registry placeholders only, not deployed, not in scope for this pass.
GL-007 — 2026-05-18 — DATA-SYSTEM
Scope: Value metric foundation hardening. Canonical registry, drift prevention, evidence recovery, controlled promotions, and bundle readiness across all six value bundles.
Reviewer: Site operator
Findings: metrics_registry.json was not consistently treated as the canonical source. Inspectors, PIW VALUE_PACKAGES, value consistency auditor, and foundation documentation were carrying overlapping copies of metric data, creating drift risk. Veterans bundle allocation was inconsistent across inspector files. Several bundle-used metrics remained in draft status despite having adequate evidence support. Active metrics had incomplete source URL coverage. Food Security, Healthcare, and Veterans bundles were close to release-ready; Housing, Education, and Environment each had specific named blockers.
Actions taken: metrics_registry.json confirmed as sole canonical source. All inspector and auditor files aligned to registry. Veterans bundle allocation resolved and propagated: VC-08 (0.40) / VC-10 (0.25) / VC-01 (0.20) / VC-09 (0.15). Source URL recovery pass completed: all 21 active metrics gained source URLs, 20 of 21 gained verified cost support. Seven metrics promoted from draft to active in a controlled pass: FS-12, HO-03, HO-04, VC-09, VC-10, HC-10, HC-11. Three further metrics prepared for promotion: VC-01, HC-01, HC-02. Three bundle blockers resolved: VC-08 (CBO HUD-VASH source recovered, inflation adjustment documented), EN-03 (NRCS source recovered), ED-03 (BLS source confirmed, wording locked as "teachers funded for a full school year"). FS-11 cost corrected to $733/year (WIC food-cost basis). Inspector draftOnly flags corrected for Health, Education, Food Security, and Environment bundles. Governance lessons formalised: inspectors are viewers only, not canonical sources; controlled promotion passes only; owner decisions treated as explicit blockers.
Open items: HO-01 (national illustrative HUD FMR framing, owner decision pending). HO-08 (LIHEAP national average unconfirmed, held draft). ED-08 (intensive tutoring wording tension, held draft). EN-12 (solar cost/wording tension, held draft). EN-03/EN-13 duplicate relationship, cleanup deferred. HC-SYS-03 (safety-net clinic funding source unconfirmed, blocked). ED-05 (College Board cost conflict, owner review needed). wind_turbine (source-review flagged).
GL-006 — 2026-04-29 — EDITORIAL
Scope: Full site audit conducted via live browser review. All published pages reviewed: The Price Is Wrong, Guardians of the Oligarchy, Do the Math, So What?, Governance and Methodology, Governance Log, Data Sources, Sources and Methods, Glossary.
Reviewer: Site operator
Findings: Governance and Methodology page contained stale “Dashboard” label (two instances) in the Purpose section. Sources and Methods CLM-013 verification note flagged three citation gaps as unresolved (water, education, housing). GL-005 open items (glossary taxonomy, cross-links) carried forward to this cycle.
Actions taken: Governance and Methodology page updated: “Dashboard” replaced with “site” in Purpose section and closing sentence (two instances). Sources and Methods CLM-013 updated: water citation resolved to World Bank/WSP Hutton 2016; education citation resolved to UNESCO GEM Report 2023; housing characterised as composite derived estimate with no single primary source; verification note replaced with resolved source notes; verified date updated to 2026-04-29. Author field added to Sources and Methods page (was missing). Oxfam 2026 source hyperlink added to Guardians media ownership section. Glossary taxonomy entries added for CC-Stage 7 terms. Data Sources scope note added.
Open items: Cross-links between trust pages. DOWNLOAD CARD feature (Puppeteer server, separate brief).
GL-005 — 2026-04-24 — Editorial
Scope: Trust architecture review across all four credibility-layer pages (Governance, Data Sources, Sources & Methods, Glossary). Page roles, boundary definitions, and overlap between pages assessed against reader needs.
Reviewer: Site operator
Findings: Page roles were underdefined, creating overlap between Data Sources and Sources & Methods. No consistent claim type taxonomy existed. Evidence visibility on result cards was absent. Governance page described standards but provided no maintenance record.
Actions taken: Page roles formally defined and documented. Three-category claim taxonomy established (Sourced / Derived / Illustrative). Evidence panel architecture designed for result cards. Governance log established (this document). Public review cadence language drafted and locked.
Open items: Glossary taxonomy entries (CC-Stage 7). Cross-links between trust pages (CC-Stage 7).
GL-004 — 2026-04-24 — Data-system
Scope: Claim registry alignment. All active waste entries in the inline WASTE object audited against claim-registry.json. Sources & Methods page audited against registry.
Reviewer: Site operator
Findings: 16 active waste entries had no individual CLM records — covered only by a bulk entry (CLM-011). No Sources & Methods anchors existed for any wheel entry except CLM-014 (Mar-a-Lago, added CC-Stage 3). waste-events.json confirmed not wired to any live rendering code — inline WASTE object is the active data source.
Actions taken: CLM-015 through CLM-031 created in claim-registry.json. Corresponding SRC records written. Evidence objects added to all 17 active waste entries in the inline WASTE object. CLM-014 through CLM-031 anchors added to /sources-and-methods/. next_id_claim updated to CLM-032, next_id_source updated accordingly. last_updated set to 2026-04-23.
Open items: mar_a_lago remains status:draft — evidence infrastructure is complete, entry will be published once value equivalents are confirmed. waste-events.json schema reconciliation with inline WASTE object deferred to future session.
GL-003 — 2026-04-24 — Operational
Scope: Result card evidence panel — prototype build and production rollout (CC-Stages 1–3).
Reviewer: Site operator
Findings: No evidence visibility existed on result cards prior to this work. The inline WASTE object was confirmed as the active data source (not waste-events.json). Schema mismatch identified between waste-events.json and inline WASTE object — deferred.
Actions taken: Evidence object schema defined (7 fields: source_name, source_year, source_url, claim_type, sm_anchor, source_amount, value_basis). CLM-014 written to registry with SRC-006 (GAO GAO-19-178). Evidence panel built in card HTML and CSS — two-column layout, WASTE CLAIM / VALUE CLAIM role labels, claim type pills, methodology note, source attribution with live links. Prototype gate deployed, reviewed, and removed. mar_a_lago published to active spin pool. /sources-and-methods/#CLM-014 confirmed live.
Open items: None — stage complete.
GL-002 — 2026-04-23 — Data-system
Scope: MySQL deploy skill — credential and path gaps identified during CC-Stage 3.
Reviewer: Site operator
Findings: Deploy skill documented root/no-password credentials; live server uses ghost/572010. In-place DB edit pattern (Path C) was missing from the skill. Literal \n storage in Ghost DB noted but not documented.
Actions taken: Deploy skill amended — correct MySQL credentials documented, Path C (Node.js/mysql2 in-place DB edit) added, literal \n storage note added.
Open items: None.
GL-001 — 2026-02-24 — Editorial
Scope: Governance & Methodology page — Amendment 2 (Validation and Verification Framework).
Reviewer: Site operator
Findings: Internal validation and verification processes were undocumented. No public distinction existed between system-level data handling checks and scheduled internal cross-checking of derived calculations.
Actions taken: Amendment 2 added to Governance & Methodology page (v1.2). Validation defined as system-level checking of structure, field mapping, formatting, labels, timestamps, and display behaviour. Verification defined as scheduled internal cross-checking of derived calculations, source alignment, categorisation, and presentation logic. Monthly review cadence for cross-checks and anomaly review established.
Open items: None.