docs(naming): adopt OS / Enhanced product-line framing + align with existing repos

Two product lines, named to make scope obvious to buyers:
- 🔒 SilverMetal OS — we ship the operating system or ROM
  (Linux, Pixel, Samsung-unlocked, Motorola-unlocked)
- 🛡️ SilverMetal Enhanced — we harden the OS the device already runs
  (Windows, macOS, iOS, generic Android)

Repo alignment:
- SilverVPN already exists as a SilverLABS product (server + MAUI client +
  Linux client + tunnel service). stack/vpn/ is now an integration pointer
  rather than a re-scaffold; per-platform READMEs reference it.
- SilverApple is deprecated; SilverMetal Enhanced — iOS supersedes it.
  Migration step added as roadmap milestone 3I.1.
- SilverDROID name clash explicitly noted as unrelated (it's the SilverSHELL
  AppStore Android client, not an Android ROM).
- SilverChat may overlap with SilverVPN.Client.Chat; alignment decision
  added as roadmap milestone 1.1.1.

Roadmap restructured: phases now track the OS/Enhanced split.
Platform matrix re-sectioned and decision flowchart updated.
README rewritten around the two-product-line framing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

stack/README.md

@@ -1,16 +1,16 @@
 # SilverLABS Application Stack
 
-The cross-platform spine of SilverMetal. These apps replace the cloud services your device normally talks to. Same brand, same account, same data on every platform.
+The cross-platform spine of SilverMetal. These apps replace the cloud services your device normally talks to. Same brand, same account, same data on every platform — whether the user picked a 🔒 SilverMetal OS flavour or a 🛡️ SilverMetal Enhanced flavour.
 
 ## Components
 
 | Component | Status | Purpose |
 |---|---|---|
 | [`browser/`](browser/) — **SilverBrowser** | v1 (Linux MVP) | De-Googled, telemetry-free browser |
-| [`vpn/`](vpn/) — **SilverVPN** | v1 (Linux MVP) | Always-on, no-logs VPN with our infrastructure |
+| [`vpn/`](vpn/) — **SilverVPN** | **Existing** — see [`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN). This directory tracks integration only | Always-on, no-logs VPN with our infrastructure |
 | [`sync/`](sync/) — **SilverSync** | v1 (Linux MVP) | Private replacement for iCloud/Google/OneDrive |
-| [`chat/`](chat/) — **SilverChat** | v1.1 | E2EE messenger |
-| [`duress/`](duress/) — **SilverDuress** | v1.1 | Duress password / panic-wipe / anti-coercion |
+| [`chat/`](chat/) — **SilverChat** | v1.1 — *may overlap with `SilverVPN.Client.Chat`; alignment decision pending* | E2EE messenger |
+| [`duress/`](duress/) — **SilverDuress** | v1.1 | Duress password / panic-wipe |
 | [`keys/`](keys/) — **SilverKeys** | v1.1 | Zero-knowledge password + 2FA manager |
 | [`shared/`](shared/) — common code | ongoing | Account SDK, crypto primitives, branding |
 
@@ -23,29 +23,29 @@ Users get a **SilverLABS account number** (Mullvad-style — random, no email, n
 Each app is built natively per platform — no Electron sprawl where avoidable:
 
 - **Linux**: native `.deb` + Flatpak
-- **Android**: native APK / AAB
+- **Android**: native APK / AAB (or MAUI where SilverVPN already provides it)
 - **Windows**: native MSI / EXE (signed)
 - **macOS**: universal binary `.pkg` (notarised)
 - **iOS**: App Store
 
-Where a single codebase (e.g., Tauri / Rust core) lets us hit multiple platforms with a thin native UI shell, we use it. We avoid Electron unless the cost of native is unjustifiable.
+Where a single codebase (e.g., MAUI as SilverVPN already does, or Tauri/Rust core for Browser/Sync/Keys) lets us hit multiple platforms with thin native UI shells, we use it. We avoid Electron unless the cost of native is unjustifiable.
 
 ## v1 ship order
 
+For SilverMetal OS — Linux v1:
+
 1. **SilverBrowser** — ungoogled-chromium-derived, our defaults, our update channel
-2. **SilverVPN** — WireGuard-based, our exit nodes, account-number signup
-3. **SilverSync** — Nextcloud-backed (server side), client-side encryption, native clients
+2. **SilverVPN** integration — existing product, integrated into our ISO with always-on defaults and kill-switch
+3. **SilverSync** — Nextcloud-backed (server side), client-side encryption, native Linux client
 
-These three ship with SilverMetal Linux v1.
-
-v1.1 adds Chat, Duress, Keys.
+These three ship with SilverMetal OS — Linux v1. v1.1 adds Chat, Duress, Keys.
 
 ## Server side
 
-The Stack server components live in separate repositories under `SilverLABS/`:
-- `silver-vpn-infra` — WireGuard exit-node infrastructure (Terraform / Ansible)
-- `silver-sync-server` — Nextcloud + Radicale + Baïkal stack
-- `silver-chat-homeserver` — Matrix Synapse / Dendrite
-- `silver-account` — account-number issuance + auth gateway
+Server components live in separate repositories:
+- `SilverLABS/SilverVPN` — already exists; includes server stack
+- `SilverLABS/silver-sync-server` *(to be created)* — Nextcloud + Radicale + Baïkal stack
+- `SilverLABS/silver-chat-homeserver` *(to be created OR may live under SilverVPN)* — depends on v1.1.1 alignment decision
+- `SilverLABS/silver-account` *(to be created)* — account-number issuance + auth gateway
 
 Self-hostable counterparts are documented for users who don't want to use SilverLABS infrastructure.

stack/vpn/README.md

@@ -1,40 +1,60 @@
-# SilverVPN
+# SilverVPN — Integration Pointer
 
-**Status**: v1 (Linux MVP) — planning
+> **The SilverVPN component already exists as a separate, in-production SilverLABS product.**
+> This directory does not re-implement it; it tracks the integration of the existing SilverVPN into SilverMetal OS images and Enhanced packages.
 
-Always-on VPN with no logs, run on SilverLABS infrastructure. Mullvad-style account-number signup (no email, no name).
+## Where SilverVPN lives
 
-## v1 approach
+[`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN) — local checkout typically at `../SilverVPN/`.
 
-- **Protocol**: WireGuard. Period. (Battle-tested, tiny attack surface, performant.)
-- **Account**: random 16-digit account number; no email, no PII
-- **Payment**: separate channel (SilverDotPay / crypto / payment processor) with no link back to account number
-- **Exit nodes**: SilverLABS-operated initially; geographically diverse
-- **Kill-switch**: enforced at firewall layer (nftables on Linux, NetworkExtension content filters on Apple)
-- **DNS**: encrypted DNS through tunnel; no DNS leaks
-- **Per-device keys**: each device gets its own WireGuard key; revoke per-device
+The product includes:
+- `.NET 9` server stack: API, admin dashboard, web client, Docker images
+- `SilverVPN.Client.Maui` — cross-platform native client (Windows, macOS, Android, iOS)
+- `SilverVPN.Client.Linux` — dedicated Linux client
+- `SilverVPN.Client.Web` / `SilverVPN.Client.Web.Host` — browser-based client
+- `SilverVPN.TunnelService` / `SilverVPN.TunnelService.Linux` — tunnel daemon
+- `SilverVPN.Tunnel.Shared` — shared tunnel code
+- `libbox-bridge` — sing-box / sing-tun integration layer
+- Debian packaging (`build-deb.sh`, `debian/`)
+- OpenWrt support (`openwrt/`)
+- Production releases ongoing
 
-## Server-side
+## SilverMetal's responsibility
 
-Lives in `SilverLABS/silver-vpn-infra` (separate repo). This repo holds the **client** code only.
+This directory tracks **integration**, not development. Integration tasks per platform:
 
-## What we do not do
+### SilverMetal OS — Linux
+- [ ] Include `silvervpn` `.deb` (built from `../SilverVPN/build-deb.sh`) in `linux/packages/include.list`
+- [ ] Bundle `SilverVPN.TunnelService.Linux` as a default systemd service
+- [ ] Configure SilverVPN to be **always-on by default** with our exit nodes preconfigured
+- [ ] Verify nftables kill-switch coexists with the SilverVPN tunnel service
+- [ ] Validate DNS through tunnel (no leaks)
+- [ ] Auto-launch `SilverVPN.Client.Linux` on first login for account-number entry
 
-- We do not log connection metadata beyond what is operationally required (typically just real-time peer state, not retained)
-- We do not bundle ad-blocking — that's the browser's job, not the VPN's
-- We do not bundle tracker-blocking heuristics in the VPN — that risks false positives that break sites
-- We do not run a "free tier" with a different infrastructure — paid users and free users (if any) get the same server quality
+### SilverMetal OS — Pixel / Samsung / Motorola
+- [ ] Bundle SilverVPN MAUI client APK into ROM build (or system app)
+- [ ] Configure as default VPN provider via Android `VpnService`
+- [ ] Always-on VPN enforced at OS level (`Settings > VPN > Always-on`)
 
-## Per-platform clients
+### SilverMetal Enhanced — Windows
+- [ ] Bundle MAUI Windows client into hardening installer
+- [ ] Set up auto-start on boot
+- [ ] Kill-switch enforced via Windows Filtering Platform rules
 
-- **Linux**: GTK + native daemon (`silvervpn-daemon` running as systemd service)
-- **Android**: VpnService-based, native UI
-- **Windows**: WireGuard tunnel service + tray UI (signed)
-- **macOS**: NetworkExtension, signed and notarised
-- **iOS**: NetworkExtension via App Store
+### SilverMetal Enhanced — macOS
+- [ ] Bundle MAUI macOS client into setup `.pkg`
+- [ ] NetworkExtension content filter for kill-switch
 
-## Verification
+### SilverMetal Enhanced — iOS
+- [ ] SilverVPN App Store listing referenced in iOS setup guide
+- [ ] MDM profile pre-configures SilverVPN as default
 
-- Kill-switch test: disconnect upstream, verify zero packets leak
-- DNS-leak test: capture DNS during tunnel-up; all queries must traverse the tunnel
-- Reconnect test: WAN flap, verify reconnect without temporary leak
+### SilverMetal Enhanced — Android (generic)
+- [ ] SilverVPN MAUI APK referenced as required install in profile
+- [ ] Work-profile config sets it as system VPN
+
+## Coordination
+
+Changes that affect SilverMetal integration (e.g., `silvervpn` package layout, default endpoints, account-number CLI) should be flagged in this directory's CHANGELOG (to be created when first integration milestone starts) so the SilverMetal build pipeline can react.
+
+Cross-repo issues that touch both projects should be opened in whichever repo owns the change, with a back-reference in the other.