# 04 — Explicit Non-Goals
*FPMP v0.1.0 — Draft*

Stating what FPMP will not do is a deliverable, not an apology. Each non-goal includes the reasoning so reviewers can challenge it.

1. **Not a chatbot or assistant product.** FPMP is the memory substrate. The demo CLI/UI exists to prove inspectability, not to compete on conversational UX. Assistants are *consumers* of the protocol.

2. **No DRM on shared claims.** Once a delegate has read a claim, the protocol cannot make them forget it. We provide minimization, auditing, and mechanical revocation of *flow* — never claims of remote deletion. (Threat Model §4.)

3. **No global identity system.** Keys identify users and delegates. We do not build naming, discovery, social graph, or key-transparency infrastructure; users exchange keys out-of-band in v0. Federation with external identity systems is future, optional, and never required.

4. **No mandatory server, blockchain, or token.** The log is a local-first CRDT DAG. Relays are optional, dumb, and replaceable. No consensus is needed because there is exactly one authority per graph: the user. A blockchain would add cost and remove privacy for zero trust benefit here.

5. **No claim of regulatory compliance.** The architecture is *compatible* with GDPR-style rights (export, redaction, audit) by construction, but FPMP is a protocol, not legal advice, and we do not certify deployments.

6. **No multi-user shared graphs in v0.** Couples/families sharing a merged graph raise consent and authority questions (whose root key?) we refuse to rush. v0 models sharing strictly as capabilities between sovereign single-user graphs.

7. **No traffic-analysis resistance guarantees.** Content is end-to-end encrypted; metadata protection is best-effort (padding, batching). Mixnet integration is out of scope.

8. **No automated truth arbitration.** The protocol records claims, confidence, and refutations; it does not decide what is *true*. The user is the final epistemic authority over their own graph, including the authority to keep claims a model considers wrong.

9. **No real-time streaming ingestion or always-on inference in v0.** Reference adapters are batch/incremental. Continuous capture (mic, screen) is excluded from the reference implementation on both scope and ethics grounds; the wire format does not preclude it for others.

10. **No recovery service.** Key recovery is the user's responsibility via documented standard mechanisms. A vendor-operated recovery service would be a privileged party, contradicting tenet 1.

11. **No production-hardened cryptography engineering in the reference node.** We use audited primitives (Ed25519, XChaCha20-Poly1305, BLAKE3 — finalized in M2) via established libraries, but the v0 reference node is a protocol demonstrator, not a security-audited product. This is stated on every release.