Skip to main content

max / makenotwork

Align docs with implemented behavior: appeals, refunds, scanning, custom domains - appeals.md: document the in-app appeal flow (was email-only; dashboard flow exists) - payments.md: note the in-app full-refund button (was "Stripe dashboard only") - content-scanning.md: correct the blanket "we fail closed" — core in-process checks fail closed; external reputation scanners are skipped when briefly unreachable, with a boot guard requiring >=1 live antivirus layer - migration.md: drop stale "(when supported)" on custom domains (feature is live) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Author: Max Johnson <me@maxj.phd> · 2026-06-08 22:14 UTC
Commit: 9b34e80d3927688d4d715ea84d8f4e3ce4e810b5
Parent: e67a794
4 files changed, +7 insertions, -7 deletions
M server/site-docs/public/guide/migration.md +1 -1
@@ -323,7 +323,7 @@ Because you cannot export your member list, the entire strategy is building an i
323 323 - Members will need to re-sign up on MNW. Use your exported email list to make the transition as smooth as possible.
324 324
325 325 **Phase 3: Redirect**
326 - - Point your custom domain to MNW (when supported).
326 + - Point your custom domain to MNW.
327 327 - Email your subscriber list with the new URL.
328 328 - Update all external links.
329 329
M server/site-docs/public/legal/appeals.md +2 -2
@@ -19,11 +19,11 @@ You can appeal:
19 19
20 20 ## How to Appeal
21 21
22 - Send an email to:
22 + Submit an appeal from your account dashboard, or send an email to:
23 23
24 24 **appeals@makenot.work**
25 25
26 - Include:
26 + Either way, include:
27 27
28 28 1. **Your username** or account email
29 29 2. **What action you're appealing** - What was removed or what restriction was applied
M server/site-docs/public/legal/payments.md +2 -2
@@ -54,13 +54,13 @@ You control payout timing from your [Stripe dashboard](https://dashboard.stripe.
54 54
55 55 ### Our Policy
56 56
57 - We don't process refunds on your behalf. You're the merchant, and refund decisions are yours.
57 + Refund decisions are yours; you're the merchant of record. You can issue a full refund directly from the sale in your MNW dashboard, or handle full and partial refunds from your Stripe dashboard.
58 58
59 59 ### How Fans Request Refunds
60 60
61 61 Fans should contact you directly. You can:
62 62
63 - - Issue a full or partial refund via your [Stripe dashboard](https://dashboard.stripe.com)
63 + - Issue a full refund from the sale in your MNW dashboard, or a full or partial refund via your [Stripe dashboard](https://dashboard.stripe.com)
64 64 - Offer alternative resolution (access fix, different content)
65 65 - Decline if the purchase was delivered as promised
66 66
M server/site-docs/public/tech/content-scanning.md +2 -2
@@ -8,7 +8,7 @@ Scanning catches known malware and structural red flags. It cannot prove a file
8 8
9 9 ## Malware checks
10 10
11 - Every uploaded file runs through all applicable layers. Any layer reporting a definite failure quarantines the file; any layer reporting an error (scanner unreachable, decode failure) holds the file for admin review rather than letting it through. Only files where every applicable layer passes are released to fans.
11 + Every uploaded file runs through all applicable layers. The core in-process checks (content type, structure, archive contents, YARA) always run; if any reports a failure or cannot complete, the file is quarantined or held for review. The external reputation scanners (antivirus, hash and URL lookups) are best-effort: a temporarily unreachable scanner is skipped rather than blocking your upload, though the platform will not start with no antivirus layer available. Files that fail a completed check are never released to fans.
12 12
13 13 1. **Content-type verification.** The declared file type is checked against the actual magic bytes. A `.mp3` that's really a Windows executable is rejected here.
14 14 2. **Structural analysis.** For executables and other parseable binaries, the file's structure is inspected for the patterns malware uses to evade naive scanners: suspicious section layouts, unusual entry points, oversized resources.
@@ -35,7 +35,7 @@ After scanning, a file lands in one of three states:
35 35
36 36 - **Clean.** Every applicable layer passed. The file is available to download.
37 37 - **Quarantined.** At least one layer reported a definite failure. The file is held; the creator is notified and can appeal. Fans never see quarantined files in their library.
38 - - **Held for review.** A scanner couldn't complete (network error, timeout). The file is held and an admin reviews it manually. Files don't slip through during outages; we fail closed.
38 + - **Held for review.** A core check couldn't complete (decode failure, timeout). The file is held and an admin reviews it manually. The core in-process checks fail closed; the external reputation scanners are skipped if briefly unreachable, and the platform will not start unless at least one antivirus layer is live.
39 39
40 40 The scan result (which layers ran, which passed, which failed) is recorded for every file. Creators can see the scan status for their own uploads in the dashboard.
41 41