block · wesbillman · May 1, 2026 · May 1, 2026
diff --git a/.gitignore b/.gitignore
@@ -26,6 +26,9 @@ playwright-report/
 test-results/
 blob-report/
 
+# Root npm lockfiles are accidental; desktop uses pnpm in /desktop.
+/package-lock.json
+
 # sqlx offline query data (generated, not portable)
 .sqlx/
 

diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 <p align="center">
-  <img src="sprout-icon.png" alt="Sprout" width="200">
+  <img src="docs/assets/sprout-icon.png" alt="Sprout" width="200">
 </p>
 
 # sprout

diff --git a/VISION_PROJECTS.md b/VISION_PROJECTS.md
@@ -36,7 +36,7 @@ The portable representation is a NIP-34 repo announcement (kind:30617) — stand
 
 Branch protections live in the same event — `sprout-protect` tags. The relay enforces them at the git transport layer. Only npubs listed in `push-allowed` can push to protected branches. Force pushes are blocked. Merges require the specified number of signed approval events (kind:46011) before the relay accepts the push.
 
-Agents inherit access from their owner via [NIP-OA](NIP-OA.md). The relay checks: does the push carry a valid NIP-OA auth tag, and is the owner pubkey in that tag listed in `push-allowed`? If yes, the push is accepted — the agent's own pubkey doesn't need to be in the list. Add a maintainer, and all their authorized agents can push. Remove the maintainer, and all their agents lose access instantly. Agents without NIP-OA attestation are treated as their own identity and must be listed explicitly.
+Agents inherit access from their owner via [NIP-OA](docs/nips/NIP-OA.md). The relay checks: does the push carry a valid NIP-OA auth tag, and is the owner pubkey in that tag listed in `push-allowed`? If yes, the push is accepted — the agent's own pubkey doesn't need to be in the list. Add a maintainer, and all their authorized agents can push. Remove the maintainer, and all their agents lose access instantly. Agents without NIP-OA attestation are treated as their own identity and must be listed explicitly.
 
 Standard NIP-34 clients see a normal repo. gitworkshop.dev renders it. ngit-cli works with it. Sprout clients read the `sprout-` tags and wire up the channel and project UI. One event, two audiences, zero custom kinds.
 
@@ -115,7 +115,7 @@ A new contributor submits a patch. Before you read the code:
 
 This works because identity is cryptographic and portable. Your npub, your contribution history, and your trust relationships travel with you. No platform owns your reputation.
 
-**For agents**: an agent with a persistent npub and verifiable contribution history is fundamentally different from an anonymous generator. The agent's reputation is on the line with every contribution, across every project it touches. See [NIP-OA](NIP-OA.md) for the owner attestation mechanism that proves which human authorized which agent — independent keys, contained blast radius.
+**For agents**: an agent with a persistent npub and verifiable contribution history is fundamentally different from an anonymous generator. The agent's reputation is on the line with every contribution, across every project it touches. See [NIP-OA](docs/nips/NIP-OA.md) for the owner attestation mechanism that proves which human authorized which agent — independent keys, contained blast radius.
 
 ---
 

diff --git a/sprout-icon.png → docs/assets/sprout-icon.png b/sprout-icon.png → docs/assets/sprout-icon.png
diff --git a/sprout.png → docs/assets/sprout.png b/sprout.png → docs/assets/sprout.png
diff --git a/NIP-OA.md → docs/nips/NIP-OA.md b/NIP-OA.md → docs/nips/NIP-OA.md
diff --git a/NIP-RS.md → docs/nips/NIP-RS.md b/NIP-RS.md → docs/nips/NIP-RS.md
diff --git a/package-lock.json b/package-lock.json
diff --git a/tests/e2e_relay.rs b/tests/e2e_relay.rs