hugooc · hugooc · May 27, 2026 · May 27, 2026
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -4,15 +4,15 @@ This file is auto-loaded by Claude Code when it opens `~/OpenKP/`. It's the on-r
 
 ## What OpenKP is
 
-A local MCP server that bridges Claude and Kaiser Permanente's patient portal. Single-user, runs on Hugo's Mac. All credentials and PHI stay on the machine. MIT licensed. No hosted service. See `DESIGN.md` §1-2 for the full "why."
+A local MCP server that bridges Claude and Kaiser Permanente's patient portal. Single-user, runs on Hugo's Mac (and also tested on Windows — see `docs/install/windows.md`). All credentials and PHI stay on the machine. Licensed under PolyForm Noncommercial 1.0.0 (see ADR-007). No hosted service. See `DESIGN.md` §1-2 for the full "why."
 
 ## v1 audience and distribution
 
 OpenKP v1 ships as an open-source GitHub project for **technically-curious KP members and patient-advocacy peers** — people who have Claude Code installed (or will install it) and can follow a Claude-Code-guided setup. We are deliberately not building a non-technical-user installer in v1. The `.dxt` + bundled-runtime + GUI-credential-entry work is parked at Phase 4.5 and only happens if real demand emerges.
 
 What this means for current work:
 
-- Keep the architecture unchanged. Local-first, MCP-over-stdio, Mac-first is fine.
+- Keep the architecture unchanged. Local-first, MCP-over-stdio. Mac is the primary tested platform, Windows runs the same code with a handful of platform-specific setup steps (`docs/install/windows.md`).
 - The README must read well for a curious human AND be structured enough for Claude Code to walk a user through install end-to-end.
 - Error messages should be clear, but they don't need to be tuned for non-technical users yet.
 - Lead positioning with the CAIHL frame: patient-directed AI on patient-owned data, not "AI reads my chart."
@@ -50,6 +50,10 @@ See `DESIGN.md` §1 (audience), §5 (Phase 4 / 4.5), §10 (distribution strategy
 
 **Website:** [openkp.org](https://openkp.org) live on Cloudflare Pages as of 2026-05-11 (commit `25a7259`, see session-20). Source under `site/` — static single-page, no build step, no framework. CAIHL framing in copy, MCP-client-agnostic at runtime. Codex drafted, two review passes, then deployed via wrangler direct upload. Future deploys from repo root: `wrangler pages deploy site --project-name=openkp --branch=main --commit-dirty=true`. Public repo is live, so you can also switch the Pages project to GitHub auto-deploy any time via the Cloudflare dashboard — no longer gated on anything.
 
+**Site refresh 2026-05-27:** the hero panel is now a 3-slide carousel (visit notes engagement, implants inventory, unresolved message threads) that auto-rotates every 5 seconds with dot navigation, per-slide topic tag, and accent-color shift per slide. Each topic tag leads with a tiny inline-SVG line icon (document for visit notes, device-plus-ECG-lead for implants, envelope for messages) that inherits the per-slide accent via `currentColor`; the icons are decorative (`aria-hidden`) so the tag text stays the accessible label. The tools section reads "24 MCP tools" with a `Care team, specialists, implanted devices` bullet for the new reads. The install card carries a short Windows-supported note linking to `docs/install/windows.md`. Implementation lives in `site/index.html` (HTML), `site/styles.css` (`.hero-carousel*`, `.slide-tag`, `.carousel-dot*`), and `site/script.js` (carousel rotation, pauses on hover/focus, respects `prefers-reduced-motion`).
+
+**Relicense 2026-05-27 (ADR-007):** OpenKP moved from MIT to **PolyForm Noncommercial 1.0.0**. The relicense reflects Hugo's intent that OpenKP serve patients and not be extracted commercially. Free for personal, research, educational, advocacy, nonprofit, and government use. Commercial use (paid SaaS, paid consulting, embedding in paid products) requires a separate license. `openkp/LICENSE` carries the canonical PolyForm text plus a `Required Notice: Copyright (c) 2026 Hugo Campos` line. Snapshots cloned under MIT before 2026-05-27 remain MIT for whoever has them — we can't claw back what's been licensed. Doc refs, `pyproject.toml`, and `site/index.html` final-CTA all updated. See `docs/adr/007-relicense-to-polyform-noncommercial.md`.
+
 ## Next session: start here
 
 Public release is done. Open code work is below.
@@ -106,7 +110,7 @@ header capture.
 - `DESIGN.md` — vision, principles, architecture, roadmap, tool inventory, safety patterns. Single source of truth.
 - `docs/release-checklist.md` — pre-public-release todos. All hard blockers now closed: README, LICENSE, PHI history rewrite (via fresh-repo strategy), and website are all done. Repo is public at github.com/hugooc/OpenKP.
 - **Recon journals live in the gitignored sidecar** at `private/documentation/recon/` (consolidated 2026-05-10 from `~/Desktop/OpenKP Documentation/`; the whole `private/` tree is gitignored). The last few are the most relevant context: session-20 (openkp.org site review + deploy + custom domain + repo-state reconciliation, 2026-05-11), session-19 (Codex audit + release hygiene + PHI rewrite + sidecar consolidation, 2026-05-10), session-18 (click-around recon, 2026-05-06), session-17 (PHI scrub + READMEs), session-16 (visit notes + AVS).
-- `docs/adr/README.md` — architectural decisions index. ADRs 001-006 live here.
+- `docs/adr/README.md` — architectural decisions index. ADRs 001-007 live here.
 - `docs/research/endpoints/` — per-endpoint request/response maps. Start with `profile.md`.
 
 ## Work pattern for a new read tool

diff --git a/DESIGN.md b/DESIGN.md
@@ -16,7 +16,7 @@ Kaiser's sanctioned FHIR patient API is read-only and capped to USCDI. That limi
 
 ### What OpenKP is
 
-A local MCP server that runs on the user's Mac, exposes patient-portal actions to Claude via the Model Context Protocol, and keeps all credentials and PHI on the user's machine.
+A local MCP server that runs on the user's machine (macOS and Windows are both tested, see `docs/install/windows.md`), exposes patient-portal actions to Claude via the Model Context Protocol, and keeps all credentials and PHI local.
 
 ### What OpenKP is not
 
@@ -45,7 +45,7 @@ These are the non-negotiables. Every design decision traces back to one of them.
 
 4. **Everything is auditable.** Every write action is logged locally with timestamp, inputs, and Kaiser's response. The user can always answer "what did my AI do in my record?"
 
-5. **Open source, MIT licensed.** Anyone can fork, inspect, modify, or redistribute. Unlike Open Record's source-available license, OpenKP imposes no commercial or redistribution restrictions.
+5. **Source-available, noncommercial license.** OpenKP ships under PolyForm Noncommercial 1.0.0. Anyone can fork, inspect, modify, redistribute, and use it for any noncommercial purpose — personal, research, educational, advocacy, nonprofit, government. Commercial use (paid SaaS, paid consulting, embedding in paid products) requires a separate license from the maintainer. Originally MIT-licensed at public launch in May 2026; relicensed via ADR-007 to align with the maintainer's intent that OpenKP serve patients rather than commercial extraction.
 
 6. **Stand on shoulders, don't copy code.** Open Record is our conceptual predecessor. We learn from its architecture, its tool surface, and its docs. We do not copy its code.
 
@@ -204,7 +204,7 @@ Each phase has an explicit exit criterion. We do not move to the next phase unti
 4. License surface, security disclosure path, code of conduct.
 5. Announcement to the CAIHL-adjacent community.
 
-**Out of scope for Phase 4:** bundled installer, `.dxt` packaging, signing/notarization, GUI credential entry, cross-platform builds beyond what currently works on the author's Mac. These move to Phase 4.5 if real demand emerges.
+**Out of scope for Phase 4:** bundled installer, `.dxt` packaging, signing/notarization, GUI credential entry, cross-platform packaging beyond the source-install path (which works today on macOS and Windows — see `docs/install/windows.md`). These move to Phase 4.5 if real demand emerges.
 
 **Exit criterion:** A KP member who knows what a terminal is, with Claude Code installed, can clone the repo and complete a successful end-to-end query of their own record (e.g., "summarize my last lipid panel") without needing to ask the author for help.
 
@@ -463,7 +463,7 @@ The log is append-only. The user can review it at any time to see exactly what O
 See Section 5 roadmap phases 4, 4.5, and 5 for the full distribution plan. Summary:
 
 1. **Now (Phases 1-3):** Build the read and write tools to a credible MVP. Local install for the author and a small group of contributors.
-2. **Phase 4 (next public step):** GitHub release. README structured for both human readers and Claude Code as the install agent. Audience is technically-curious KP members. Mac-first is acceptable in v1 as long as it's called out clearly.
+2. **Phase 4 (next public step):** GitHub release. README structured for both human readers and Claude Code as the install agent. Audience is technically-curious KP members. macOS is the primary tested platform, with Windows now supported via a short addendum (`docs/install/windows.md`).
 3. **Phase 4.5 (only if demand justifies it):** `.dxt` installer, bundled runtime, GUI credential entry, signing and notarization, install video. Cross-platform if Windows demand emerges.
 4. **Phase 5 (maybe):** Chrome extension architecture if Playwright maintenance becomes painful.
 5. **Never:** hosted service. The legal and ethical costs outweigh any convenience gain.
@@ -474,7 +474,7 @@ See Section 5 roadmap phases 4, 4.5, and 5 for the full distribution plan. Summa
 
 Open Record, by Ryan Hughes at Fan Pier Labs, is the prior art and conceptual source for this project. OpenKP does not use any of Open Record's code. We are deliberately implementing from scratch because:
 
-1. Open Record's license is source-available and restricts commercial use and redistribution. OpenKP is MIT-licensed.
+1. Open Record's license is source-available and restricts commercial use and redistribution. OpenKP is licensed under PolyForm Noncommercial 1.0.0 (also source-available, also restricts commercial use, but defined in plain-English software-native terms instead of Open Record's bespoke clauses). See ADR-007.
 2. Open Record targets vanilla Epic MyChart. Kaiser is a different auth architecture (Ping OAuth in front of Epic). The 896-line MyChart login is not reusable.
 3. Open Record is a full web application with Postgres, user accounts, and a Gemini AI proxy. OpenKP is a single-user local tool. The web app scaffolding is overhead we don't need.
 
@@ -488,7 +488,7 @@ Open Record, by Ryan Hughes at Fan Pier Labs, is the prior art and conceptual so
 **What we do differently:**
 - Python instead of TypeScript/Bun (solo-builder velocity)
 - Single-user local instead of multi-tenant web app
-- MIT license instead of source-available
+- PolyForm Noncommercial 1.0.0 (also source-available, but plain-English software-native terms)
 - Safety patterns (confirm-before-act, audit log, dry-run) as first-class, not afterthoughts
 - CAIHL framing as the organizing purpose, not an incidental benefit
 
@@ -605,7 +605,7 @@ Open Record, by Ryan Hughes at Fan Pier Labs, is the prior art and conceptual so
 |---|---|---|
 | Python over TypeScript | TypeScript (matches Open Record) | Faster solo iteration; Playwright Python is mature; simpler packaging for `.dxt` |
 | Playwright over pure HTTP | Raw httpx + Ping OAuth library | Ping's JS-driven login and device fingerprinting make pure HTTP fragile; Playwright pays the reliability tax upfront |
-| MIT license | Source-available | We want this to be reusable by anyone, including researchers and other patient-advocacy projects |
+| PolyForm Noncommercial 1.0.0 | MIT (original v1), then revisited | Originally MIT at public launch (2026-05-11). Relicensed via ADR-007 on 2026-05-27 to PolyForm NC. Still source-available and freely reusable for individuals, researchers, advocates, nonprofits, and government, but no commercial extraction without a separate license. Aligns the legal terms with the maintainer's intent. |
 | Single-user local | Multi-tenant hosted | Privacy ethics and legal liability both favor local; also sidesteps HIPAA BAA complexity |
 | FastMCP over raw MCP SDK | Raw MCP SDK | Decorator syntax is cleaner; official Anthropic recommendation |
 | Keychain for credentials | Encrypted `.env` with master password | OS keychain is the system's existing answer to this problem; no need to reinvent |

diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 
 Website: [openkp.org](https://openkp.org)
 
-A patient-directed MCP server that bridges Claude and **Kaiser Permanente Northern California's** patient portal — letting you act on your own medical record, with your own credentials, on your own Mac.
+A patient-directed MCP server that bridges Claude and **Kaiser Permanente Northern California's** patient portal — letting you act on your own medical record, with your own credentials, on your own machine. Tested on macOS and Windows.
 
 ```
 You ─►  Claude Desktop ─►  OpenKP (local) ─►  kp.org
@@ -18,7 +18,7 @@ Kaiser's portal shows you plans, orders, and results. It doesn't show you how *y
 
 This is **critical AI health literacy** in practice — patient-directed AI on patient-owned data, surfacing what institutional systems are not built to make legible. Background: ["Critical AI Health Literacy as Liberation Technology"](https://nam.edu/perspectives/critical-ai-health-literacy-as-liberation-technology-a-new-skill-for-patient-empowerment) (NAM Perspectives) and [aipatients.org](https://aipatients.org).
 
-OpenKP exposes 17 read tools and 2 write tools covering appointments, labs, messages, medications, problems, allergies, demographics, visit notes, and after-visit summaries. Other questions it can handle:
+OpenKP exposes 19 read tools and 2 write tools covering appointments, labs, messages, medications, problems, allergies, demographics, visit notes, after-visit summaries, care team and recent providers, and implanted devices. Other questions it can handle:
 
 - *"How many appointments did I have last year, split by virtual vs in-person?"*
 - *"Which lab values have drifted in the last 18 months?"*
@@ -47,6 +47,8 @@ Install steps live in [`openkp/README.md`](openkp/README.md). It walks through v
 
 If you have Claude Code installed, the easiest path is to clone this repo and ask Claude Code to walk you through the install — `openkp/README.md` is structured for exactly that flow.
 
+**On Windows?** Same instructions, plus a couple of platform-specific setup steps. See [`docs/install/windows.md`](docs/install/windows.md) for the Visual C++ runtime requirement, the `greenlet` reinstall, and the Windows command translations.
+
 ## What's inside
 
 ```
@@ -55,6 +57,7 @@ OpenKP/
 ├── DESIGN.md                    ← vision, architecture, roadmap, principles
 ├── docs/
 │   ├── adr/                     ← architecture decision records (ADR-001 onward)
+│   ├── install/                 ← platform-specific install notes (windows.md)
 │   ├── research/endpoints/      ← per-endpoint Kaiser API maps
 │   └── release-checklist.md     ← pre-public-release todos
 ├── openkp/                      ← the Python package + tests + install README
@@ -72,11 +75,13 @@ The full list lives in `DESIGN.md` §2. The three that matter most:
 
 ## Status
 
-Phase 2 (read-only) is closed. Phase 3 (writes) is in progress. As of 2026-05-04: 22 MCP tools registered, 527 tests passing, run with `cd openkp && .venv/bin/pytest -q`. Per-tool status (live-verified, preview-only, deferred) is documented in `openkp/README.md`.
+Phase 2 (read-only) is closed. Phase 3 (writes) is in progress. As of 2026-05-26: 24 MCP tools registered, 567 tests passing on macOS, run with `cd openkp && .venv/bin/pytest -q`. Per-tool status (live-verified, preview-only, deferred) is documented in `openkp/README.md`. Windows is supported with the caveats in [`docs/install/windows.md`](docs/install/windows.md) — all but 4 platform-specific tests pass, and none of the failures affect any user-facing tool.
 
 ## License
 
-MIT. See [`openkp/LICENSE`](openkp/LICENSE).
+**PolyForm Noncommercial 1.0.0.** Free for personal, research, educational, advocacy, nonprofit, and government use. Commercial use (paid SaaS, paid consulting, embedding in paid products) requires a separate license from the maintainer. See [`openkp/LICENSE`](openkp/LICENSE) for the full text and [`docs/adr/007-relicense-to-polyform-noncommercial.md`](docs/adr/007-relicense-to-polyform-noncommercial.md) for the rationale.
+
+Snapshots cloned before the relicense remain under MIT for whoever has them — future commits land under PolyForm NC.
 
 ## Credits
 

diff --git a/docs/adr/001-build-fresh-vs-fork-open-record.md b/docs/adr/001-build-fresh-vs-fork-open-record.md
@@ -1,7 +1,7 @@
 # ADR-001: Build fresh, don't fork Open Record
 
 **Date:** 2026-04-22
-**Status:** Active
+**Status:** Active. The license-specific aspects of this decision (mentions of "MIT" below) are superseded by ADR-007, which relicenses OpenKP from MIT to PolyForm Noncommercial 1.0.0. The build-fresh decision itself is unchanged.
 **Authors:** Hugo Campos
 
 ## Context